Successfully reported this slideshow.

JUNOS - Monitoring and Troubleshooting

4,281 views

Published on

JUNOS - Device Monitoring and Troubleshooting

Published in: Technology
  • Would it be possible to get .ppt format of this great deck! tboshardy@gmail.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

JUNOS - Monitoring and Troubleshooting

  1. 1.  Thomas Stuart – President / CTO Zenith Networks  tstuart@zenithnetworks.com Copyright 2012 (c) www.zenithnetworks.com 2
  2. 2. Partner of Juniper Networks  HQ Philadelphia, PA  25 Years Network Integration Services  10 Years Education Services  LAN / WAN Configuration and Design  Routing, Switching and Security  IPv6 Practice  JNCIA, JNCIS-ENT, JNCI-ENT   www.zenithnetworks.com Copyright 2012 (c) www.zenithnetworks.com 3
  3. 3. Founded 1996 HQ Sunnyvale, CA Employees 9,400 + 46 countries Award: 2012 & 2013 World‟s Most Ethical Company Connect Everything…. Empower Everyone! Routing, Switching, Security www.juniper.net Copyright 2012 (c) www.zenithnetworks.com 4
  4. 4. Access to view the Slides……  http://www.zenithnetworks.com/education Copyright 2012 (c) www.zenithnetworks.com 5
  5. 5. Copyright 2012 (c) www.zenithnetworks.com 6
  6. 6. Copyright 2012 (c) www.zenithnetworks.com 7
  7. 7. Command Line Help root> show chassis ? Possible completions: alarms environment firmware fpc hardware lcd led location mac-addresses pic routing-engine temperature-thresholds Show alarm status Show component status and temperature, cooling system speeds Show firmware and operating system version for components Show Flexible PIC Concentrator status Show installed hardware components Show LCD display Show LED status Show physical location of chassis Show media access control addresses Show Physical Interface Card state, type, and uptime Show Routing Engine status Show chassis temperature threshold settings Copyright 2012 (c) www.zenithnetworks.com 8
  8. 8. root> show chassis alarms 1 alarms currently active Alarm time 2013-02-26 10:54:39 UTC Class Major Description Management Ethernet Link Down Copyright 2012 (c) www.zenithnetworks.com 9
  9. 9. root> show chassis environment Class Item Power FPC 0 Power Supply 0 FPC 0 Power Supply 1 Temp FPC 0 CPU FPC 0 EX-PFE1 FPC 0 EX-PFE2 FPC 0 GEPHY Front Left FPC 0 GEPHY Front Right FPC 0 Uplink Conn Fans FPC 0 Fan 1 FPC 0 Fan 2 FPC 0 Fan 3 Status OK Absent OK OK OK OK OK OK OK OK OK Measurement 36 degrees C / 96 degrees F 48 degrees C / 118 degrees F 48 degrees C / 118 degrees F 29 degrees C / 84 degrees F 30 degrees C / 86 degrees F 32 degrees C / 89 degrees F Spinning at normal speed Spinning at normal speed Spinning at normal speed ( Status: OK…. Absent…. Testing…. Failed ) Copyright 2012 (c) www.zenithnetworks.com 10
  10. 10. root> show chassis hardware detail Hardware inventory: Item Version Part number Chassis Routing Engine 0 REV 06 750-033065 Routing Engine 0 FPC 0 REV 06 750-033065 CPU BUILTIN PIC 0 BUILTIN BRD REV 16 711-021264 Power Supply 0 REV 04 740-020957 Fan Tray Serial number Description BM0210466816 EX4200-24T BM0210466816 EX4200-24T, 8 POE BM0210466816 EX4200-24T, 8 POE BM0210466816 EX4200-24T, 8 POE BUILTIN FPC CPU BUILTIN 24x 10/100/1000 Base-T AK0210464159 EX4200-24T, 8 POE AT0510396849 PS 320W AC Fan Tray Copyright 2012 (c) www.zenithnetworks.com 11
  11. 11. root> show chassis routing-engine Routing Engine status: Slot 0: Current state Election priority Temperature CPU temperature DRAM Memory utilization CPU utilization: User Background Kernel Interrupt Idle Model Serial ID Start time Uptime Last reboot reason Load averages: Master Master (default) 35 degrees C / 95 degrees F 35 degrees C / 95 degrees F 1024 MB 28 percent 4 percent 0 percent 0 percent 0 percent 96 percent EX4200-24T, 8 POE BM0210466816 2013-02-26 10:53:11 UTC 1 hour, 8 minutes, 41 seconds Router rebooted after a normal shutdown. 1 minute 5 minute 15 minute 0.04 0.01 0.00 Copyright 2012 (c) www.zenithnetworks.com 12
  12. 12. root> show chassis pic pic-slot 0 fpc-slot 0 FPC slot 0, PIC slot 0 information: Type 24x 10/100/1000 Base-T Builtin State Online Uptime 1 hour, 12 minutes, 40 seconds (fpc 0) Switch 0 (pic 0) interfaces 0-23 Copyright 2012 (c) www.zenithnetworks.com 13
  13. 13. root> request system halt warning: This command will halt all the members. If planning to halt only one member use the member option Halt the system ? [yes,no] (no) root> request system reboot Reboot the system ? [yes,no] (no) Copyright 2012 (c) www.zenithnetworks.com 14
  14. 14. root@phillies> show version detail fpc0: -------------------------------------------------------------------------Hostname: phillies Model: ex4200-24t JUNOS Base OS boot [10.3R1.9] JUNOS Base OS Software Suite [10.3R1.9] JUNOS Kernel Software Suite [10.3R1.9] JUNOS Crypto Software Suite [10.3R1.9] JUNOS Online Documentation [10.3R1.9] JUNOS Enterprise Software Suite [10.3R1.9] JUNOS Packet Forwarding Engine Enterprise Software Suite [10.3R1.9] JUNOS Routing Software Suite [10.3R1.9] JUNOS Web Management [10.3R1.9] KERNEL 10.3R1.9 #0 built by builder on 2010-08-13 12:43:56 UTC Copyright 2012 (c) www.zenithnetworks.com 15
  15. 15. root@flyers> show interfaces ge-0/0/0 ? Possible completions: <[Enter]> Execute this command brief Display brief output descriptions Display interface description strings detail Display detailed output extensive Display extensive output media Display media information routing-instance Name of routing instance snmp-index SNMP index of interface statistics Display statistics and detailed output terse Display terse output | Pipe through a command Copyright 2012 (c) www.zenithnetworks.com 16
  16. 16. terse root@flyers> show interfaces ge-0/0/0 Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.0 up up inet 172.16.20.1/24 brief root@flyers> show interfaces ge-0/0/0 Physical interface: ge-0/0/0, Enabled, Physical link is Up Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None Logical interface ge-0/0/0.0 Flags: SNMP-Traps 0x0 Encapsulation: ENET2 inet 172.16.20.1/24 Copyright 2012 (c) www.zenithnetworks.com 17
  17. 17. root@flyers> show interfaces ge-0/0/0 detail ( 1 of 3 ) Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 130, SNMP ifIndex: 504, Generation: 133 Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 28:c0:da:2a:2f:c0, Hardware address: 28:c0:da:2a:2f:c0 Last flapped : 2013-02-26 12:21:11 UTC (00:09:25 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 8220 0 bps Output bytes : 20706 0 bps Input packets: 70 0 pps Output packets: 167 0 pps Copyright 2012 (c) www.zenithnetworks.com 18
  18. 18. root@flyers> show interfaces ge-0/0/0 detail Physical interface: ge-0/0/0, Enabled, Physical link is Up Egress queues: 8 supported, 4 in use Queue counters: Queued packets Transmitted packets 0 best-effort 0 28 1 assured-forw 0 0 5 expedited-fo 0 0 7 network-cont 0 139 Active alarms : None Active defects : None ( 2 of 3 ) Dropped packets 0 0 0 0 Logical interface ge-0/0/0.0 (Index 68) (SNMP ifIndex 505) (Generation 133) Flags: SNMP-Traps 0x0 Encapsulation: ENET2 Bandwidth: 0 Traffic statistics: Input bytes : 11392 Output bytes : 31631 Input packets: 87 Output packets: 227 Local statistics: Input bytes : 5420 Output bytes : 25595 Input packets: 28 Output packets: 167 Copyright 2012 (c) www.zenithnetworks.com 19
  19. 19. root@flyers> show interfaces ge-0/0/0 detail ( 3 of 3 ) Protocol inet, Generation: 173, Route table: 0 Flags: None Addresses, Flags: Is-Preferred Is-Primary Destination: 172.16.20/24, Local: 172.16.20.1, Broadcast: 172.16.20.255, Generation: 135 Copyright 2012 (c) www.zenithnetworks.com 20
  20. 20. root@flyers> show interfaces ge-0/0/0 detail Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 130, SNMP ifIndex: 504, Generation: 133 Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 28:c0:da:2a:2f:c0, Hardware address: 28:c0:da:2a:2f:c0 Last flapped : 2013-02-26 12:21:11 UTC (00:23:12 ago) Statistics last cleared: Never Traffic statistics: Input bytes : Output bytes : Input packets: Output packets: 14808 27007 99 195 0 bps 0 bps 0 pps 0 pps Copyright 2012 (c) www.zenithnetworks.com 21
  21. 21. root@flyers> clear interfaces statistics ge-0/0/0 Copyright 2012 (c) www.zenithnetworks.com 22
  22. 22. root@flyers> show interfaces ge-0/0/0 detail Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 130, SNMP ifIndex: 504, Generation: 133 Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 28:c0:da:2a:2f:c0, Hardware address: 28:c0:da:2a:2f:c0 Last flapped : 2013-02-26 12:21:11 UTC (00:23:44 ago) Statistics last cleared: 2013-02-26 12:44:52 UTC (00:00:03 ago) Traffic statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps Copyright 2012 (c) www.zenithnetworks.com 23
  23. 23. root@flyers> show interfaces ge-0/0/0 | find address Current address: 28:c0:da:2a:2f:c0, Hardware address: 28:c0:da:2a:2f:c0 Last flapped : 2013-02-26 12:21:11 UTC (00:33:51 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : None Active defects : None Logical interface ge-0/0/0.0 (Index 68) (SNMP ifIndex 505) Flags: SNMP-Traps 0x0 Encapsulation: ENET2 Bandwidth: 0 Input packets : 40 Output packets: 41 Protocol inet Flags: None Addresses, Flags: Is-Preferred Is-Primary Destination: 172.16.20/24, Local: 172.16.20.1, Broadcast: 172.16.20.255 Copyright 2012 (c) www.zenithnetworks.com 24
  24. 24. root@flyers> monitor interface ge-0/0/0 Seconds: 188 Time: 14:31:05 Delay: 0/0/20 Interface: ge-0/0/0, Enabled, Link is Up Encapsulation: Ethernet, Speed: 1000mbps Traffic statistics: Input bytes: 65730 (816 bps) Output bytes: 65601 (816 bps) Input packets: 374 (1 pps) Output packets: 376 (1 pps) Error statistics: Input errors: 0 Input drops: 0 Input framing errors: 0 Policed discards: 0 L3 incompletes: 0 L2 channel errors: 0 L2 mismatch timeouts: 0 Carrier transition Current delta [17412] [17400] [163] [163] [0] [0] [0] [0] [0] [0] [0] Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i' Copyright 2012 (c) www.zenithnetworks.com 25
  25. 25. Monitoring Switch Control Traffic Packet capture feature when you need to capture and analyze switch control traffic destined for or originating from the switch Routing Engine. CLI Command: root@flyers> monitor Possible completions: <[Enter]> absolute-sequence brief count detail extensive interface layer2-headers matching no-domain-names no-promiscuous no-resolve no-timestamp print-ascii print-hex resolve-timeout size | traffic ? Execute this command Display absolute TCP sequence numbers Display brief output Number of packets to receive (0..1000000 packets) Display detailed output Display extensive output Name of interface Display link-level header on each dump line Expression for headers of receive packets to match Don't display domain portion of hostnames Don't put interface into promiscuous mode Don't attempt to print addresses symbolically Don't print timestamp on each dump line Display packets in ASCII when displaying in hexadecimal format Display packets in hexadecimal format Period of time to wait for each name resolution (seconds) Amount of each packet to receive (bytes) Pipe through a command Copyright 2012 (c) www.zenithnetworks.com 26
  26. 26. root@flyers> monitor traffic detail ( icmp ping traffic ) Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay. Address resolution timeout is 4s. Listening on ge-0/0/0, capture size 1514 bytes Reverse lookup for 172.16.20.2 failed (check DNS reachability). Other reverse lookup failures will not be reported. Use <no-resolve> to avoid reverse lookups on IP addresses. 14:54:44.859316 In IP (tos 0x0, ttl 64, id 57428, offset 0, flags [none], proto: ICMP (1), length: 84) 172.16.20.2 > 172.16.20.1: ICMP echo request, id 1178, seq 1576, length 64 14:54:44.859355 Out IP (tos 0x0, ttl 64, id 56483, offset 0, flags [none], proto: ICMP (1), length: 84) 172.16.20.1 > 172.16.20.2: ICMP echo reply, id 1178, seq 1576, length 64 Copyright 2012 (c) www.zenithnetworks.com 27
  27. 27. root@flyers> monitor traffic detail ( ospf traffic ) 15:08:30.891544 In IP (tos 0xc0, ttl 1, id 18878, offset 0, flags [none], proto: OSPF (89), length: 68) 172.16.20.2 > 224.0.0.5: OSPFv2, Hello, length 48 Router-ID 172.16.20.2, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128 Designated Router 172.16.20.2, Backup Designated Router 172.16.20.1 Neighbor List: 172.16.20.1 Copyright 2012 (c) www.zenithnetworks.com 28
  28. 28. Interface Monitoring: 1. Copy packets to local interface for monitoring 2. Packets entering or exiting an interface (up tp 256 interfaces) VLAN Monitoring: 1. Copy packets to a analyzer VLAN for remote monitoring 2. Packets entering VLAN (up to 256 vlan‟s) Policy: 1. Policy-Based (firewall filter define traffic to be mirrored) Copyright 2012 (c) www.zenithnetworks.com 29
  29. 29. Local Port Mirroring of Server Traffic set interfaces ge-0/0/10 unit 0 family ethernet-switching set interfaces ge-0/0/20 unit 0 family ethernet-switching set ethernet-switching-options analyzer monitor-traffic input ingress interface ge-0/0/10.0 set ethernet-switching-options analyzer monitor-traffic output interface ge-0/0/20.0 Copyright 2012 (c) www.zenithnetworks.com 30
  30. 30. Local Port Mirroring of Server Traffic {master:0}[edit ethernet-switching-options] root@flyers# show analyzer monitor-traffic { input { ingress { interface ge-0/0/10.0; } } output { interface { ge-0/0/20.0; } } } Copyright 2012 (c) www.zenithnetworks.com 31
  31. 31. Local Port Mirroring of Server Traffic root@flyers# run show analyzer Analyzer name : monitor-traffic Output interface : ge-0/0/20.0 ( sniffer ) Mirror ratio :1 Loss priority : Low Ingress monitored interfaces : ge-0/0/10.0 ( device being monitored ) Copyright 2012 (c) www.zenithnetworks.com 32
  32. 32. root@phillies> file list /var/log /var/log: authd_sdb.log autodlog chassisd cosd default-log-messages dfwc eccd ext/ flowc/ ggsn/ interactive-commands messages Copyright 2012 (c) www.zenithnetworks.com 33
  33. 33. root@flyers> show log interactive-commands Feb 26 14:45:01 flyers newsyslog[4105]: logfile turned over due to size>128K Feb 26 15:06:14 flyers mgd[1165]: UI_CMDLINE_READ_LINE: User 'root', command 'configure ' Feb 26 15:06:14 flyers mgd[1165]: UI_DBASE_LOGIN_EVENT: User 'root' entering configuration mode Feb 26 15:06:17 flyers mgd[1165]: UI_CMDLINE_READ_LINE: User 'root', command 'edit protocols ospf ' Feb 26 15:06:30 flyers mgd[1165]: UI_CMDLINE_READ_LINE: User 'root', command 'set area 0.0.0.0 interface ge-0/0/0.0 „ Feb 26 15:06:32 flyers mgd[1165]: UI_CMDLINE_READ_LINE: User 'root', command 'top „ Feb 26 15:06:33 flyers mgd[1165]: UI_CMDLINE_READ_LINE: User 'root', command 'commit ' Copyright 2012 (c) www.zenithnetworks.com 34
  34. 34. root@flyers> show log messages Feb 26 16:15:00 flyers newsyslog[878]: logfile turned over due to size>128K Feb 26 18:01:21 flyers mib2d[826]: SNMP_TRAP_LINK_DOWN: ifIndex 524, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/10 Feb 26 19:54:15 flyers login: LOGIN_FAILED: Login failed for user root from host Feb 26 19:54:15 flyers login: LOGIN_FAILED_LIMIT: Specified number of login failures (0) for user 'root' reached from '„ Feb 26 19:54:23 flyers login: LOGIN_PAM_AUTHENTICATION_ERROR: PAM authentication error for user root Copyright 2012 (c) www.zenithnetworks.com 35
  35. 35. root@phillies> show log chassisd Aug 13 14:02:13 CHASSISD release 10.3R1.9 built by builder on 2010-08-13 12:50:53 UTC Aug 13 14:02:13 trace flags 7f00 trace file /var/log/chassisd size 3000000 cnt 5 no-remote-trace 0 Aug 13 14:02:13 Default: getrlimit - RLIMIT_DATA, cur: 134217728 (128 MB), max: 134217728 (128 MB) Aug 13 14:02:13 model is 41 Aug 13 14:02:13 rtsock_init synchronous socket Aug 13 14:02:13 Fru Type 3 has a parent type Aug 13 14:02:13 send: clear all Fan 0 alarms Aug 13 14:02:13 adding message to chasssis manager queue, entries = 1 Aug 13 14:02:13 send: clear all Fan 1 alarms Copyright 2012 (c) www.zenithnetworks.com 36
  36. 36. root@flyers> show system core-dumps fpc0: -------------------------------------------------------------------------/var/crash/*core*: No such file or directory /var/tmp/*core*: No such file or directory /var/crash/kernel.*: No such file or directory /tftpboot/corefiles/*core*: No such file or directory Copyright 2012 (c) www.zenithnetworks.com 37
  37. 37. root@phillies> request support information root@phillies> show system uptime no-forwarding Current time: 2013-02-26 18:17:22 UTC System booted: 2013-02-26 13:07:39 UTC (05:09:43 ago) Protocols started: 2013-02-26 13:08:52 UTC (05:08:30 ago) Last configured: 2013-02-26 12:13:17 UTC (06:04:05 ago) by root 6:17PM up 5:10, 1 user, load averages: 0.01, 0.07, 0.03 root@phillies> show version detail no-forwarding Hostname: phillies Model: ex4200-24t JUNOS Base OS boot [10.3R1.9] JUNOS Base OS Software Suite [10.3R1.9] JUNOS Kernel Software Suite [10.3R1.9] JUNOS Crypto Software Suite [10.3R1.9] Copyright 2012 (c) www.zenithnetworks.com 38
  38. 38. root@phillies> request support information | save support-info Wrote 4852 lines of output to 'support-info' Copyright 2012 (c) www.zenithnetworks.com 39
  39. 39. root@flyers> show system processes summary last pid: 891; load averages: 0.05, 0.03, 0.08 up 0+00:25:52 22:47:45 103 processes: 2 running, 81 sleeping, 20 waiting Mem: 161M Active, 19M Inact, 89M Wired, 68M Cache, 110M Buf, 645M Free Swap: PID USERNAME THR PRI NICE SIZE 11 root 1 171 52 0K RES STATE TIME WCPU COMMAND 16K RUN 22:35 96.68% idle Copyright 2012 (c) www.zenithnetworks.com 40
  40. 40. root@flyers> show system processes PID 0 1 2 3 4 5 6 7 8 TIME 0:00.00 0:00.33 0:00.13 0:00.49 0:00.44 0:00.00 0:00.00 0:00.00 0:01.86 TT ?? ?? ?? ?? ?? ?? ?? ?? ?? STAT WLs ILs DL DL DL DL DL DL DL COMMAND [swapper] /packages/mnt/jbase/sbin/init -[g_event] [g_up] [g_down] [thread taskq] [kqueue taskq] [pagedaemon] [pagezero] Copyright 2012 (c) www.zenithnetworks.com 41
  41. 41. root@flyers> restart ? Possible completions: autoinstallation chassis-control class-of-service database-replication dhcp dhcp-service dot1x-protocol ethernet-connectivity-fault-management ethernet-link-fault-management ethernet-switching event-processing firewall Autoinstallation process Chassis control process Class-of-service process Database Replication process Dynamic Host Configuration Protocol process Dynamic Host Configuration Protocol process Port based Network Access Control Connectivity fault management process Ethernet OAM Link-Fault-Management process Ethernet Switching Process Event processing process Firewall process Copyright 2012 (c) www.zenithnetworks.com 42
  42. 42. root@flyers> show system users 11:44PM up 1:22, 1 user, load averages: 0.04, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE WHAT bob u0 - root@flyers> request 10:26PM - cli system logout user bob root@flyers> request message user bob message "please logout of the system“ root@flyers> request message all message "system going down... logout now" Copyright 2012 (c) www.zenithnetworks.com 43
  43. 43. Allow a Network Management Server to poll (query) our network devices (routers/switches…) Copyright 2012 (c) www.zenithnetworks.com 44
  44. 44. {master:0}[edit snmp] root@phillies# set contact Your-Name root@phillies# set description 3rd-Fl-IDF root@phillies# set location Main-building-West-Wing root@phillies# set community mypassword root@phillies# set client-list 1.1.1.1 snmp { description 3rd-Fl-IDF; location Main-building-West-Wing; contact Your-Name; client-list 1.1.1.1; community mypassword; Copyright 2012 (c) www.zenithnetworks.com 45
  45. 45. root@flyers# set snmp trap-options source-address 1.1.1.1 root@flyers# set snmp trap-group test-group categories link root@flyers# set snmp trap-group test-group categories chassis configuration root@flyers# set snmp trap-group test-group targets 2.2.2.2 root@flyers# set snmp trap-group test-group destination-port 5050 root@flyers# set snmp trap-group test-group version all Copyright 2012 (c) www.zenithnetworks.com 46
  46. 46. root@flyers# show trap-options { source-address 1.1.1.1; } trap-group test-group { version all; destination-port 5050; categories { chassis; link; configuration; } targets { 2.2.2.2; } } Copyright 2012 (c) www.zenithnetworks.com 47
  47. 47. The ability of a device to log all of only filtered system events, HW or SW to either a local system file, a remote syslog server or both. Events include… interface transitions, sw process transitions, configuration activity and user login. Facility: Source of the message. Severity: Seriousness of the event. File list /var/log Copyright 2012 (c) www.zenithnetworks.com 48
  48. 48. any All facilities + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups > archive Archive file information authorization Authorization system change-log Configuration change log conflict-log Configuration conflict log daemon Various system processes dfc Dynamic flow capture explicit-priority Include priority and facility in messages external Local external applications firewall Firewall filtering system ftp FTP process interactive-commands Commands executed by the UI kernel Kernel match Regular expression for lines to be logged ntp NTP process pfe Packet Forwarding Engine security Security related > structured-data user Log system message in structured format User processes Copyright 2012 (c) www.zenithnetworks.com 49
  49. 49. alert Conditions that should be corrected immediately any All levels critical Critical conditions emergency Panic conditions error Error conditions info Informational messages none No messages notice Conditions that should be handled specially warning Warning messages =================================================================================== debug 7 info 6 notice 5 warning 4 error 3 critical 2 alert 1 emergency 0 Copyright 2012 (c) www.zenithnetworks.com 50
  50. 50. debug info notice warning error critical alert emergency 1. 2. 3. 4. 7 6 5 4 3 2 1 0 The lower the #, the more serious the event! The system will log messages at specific “severity” level AND at ALL more serious levels! IF we log at level “warning”, we not only log warning, but also log 3, 2, 1 and 0 levels. If we wish to NOT log a specific level, then we use the “facility” and “none” option. Copyright 2012 (c) www.zenithnetworks.com 51
  51. 51. Log…. ANY and ALL….. To file “messages”…… save “any” faciltity (source of message) regarding “any” severity. root@phillies# set system syslog file messages any any (facility – severity) Log…. A new file…. Specific facility…. And Severity of Critical and Higher…. To file “newfile”…….. save “kernel” facility (source of message) regarding “critical” severity. root@phillies# set system syslog file newfile kernel critical (facility – severity) Copyright 2012 (c) www.zenithnetworks.com 52
  52. 52. root@phillies# set system syslog file kernel-critical kernel critical root@phillies# set system syslog file authorization-info authorization info {master:0}[edit system syslog] root@phillies# show file kernel-critical { kernel critical; ( facility / seriousness ) } file authorization-info { authorization info; ( facility / seriousness ) } Copyright 2012 (c) www.zenithnetworks.com 53
  53. 53. root@flyers# set system syslog file messages any warning ( facility / seriousness ) root@flyers# set system syslog file messages authorization none ( turn-off ) {master:0}[edit system syslog] root@flyers# show file messages { any warning; (facility / seriousness) authorization none; (turn-off authorization facility) } Copyright 2012 (c) www.zenithnetworks.com 54
  54. 54. Redirecting syslog output to terminal…. root@phillies> monitor start messages *** messages *** Feb 27 06:31:52 phillies mgd[878]: UI_DBASE_LOGIN_EVENT: User 'root' entering configuration mode root@phillies> Feb 27 06:32:19 phillies mgd[878]: UI_DBASE_LOGOUT_EVENT: User 'root' exiting configuration mode root@phillies> monitor stop messages Copyright 2012 (c) www.zenithnetworks.com 55
  55. 55. root@flyers> show log messages Feb 26 16:15:00 flyers newsyslog[878]: logfile turned over due to size>128K Feb 26 18:01:21 flyers mib2d[826]: SNMP_TRAP_LINK_DOWN: ifIndex 524, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/10 Feb 26 18:01:21 flyers mib2d[826]: SNMP_TRAP_LINK_DOWN: ifIndex 600, ifAdminStatus up(1), ifOperStatus down(2), ifName vlan.0 root@phillies> file copy root@phillies> clear log /var/log/messages /var/log/messages-bkup messages Copyright 2012 (c) www.zenithnetworks.com 56
  56. 56. root> show log messages | match Feb 28 17:28:36 vcp-0.32768, Feb 28 17:28:36 Feb 28 17:28:36 Feb 28 17:28:36 Feb 28 17:28:36 Feb 28 17:28:36 vcp-1.32768, Feb 28 17:28:36 Feb 28 17:28:36 Feb 28 17:28:36 Feb 28 17:28:36 Feb 28 17:28:36 vccp vccp[784]: VCCPD_PROTOCOL_ADJDOWN: Lost adjacency to 28c0.da2e.93c1 on vccp[784]: ifl vcp-0.32768 set down, ifl flags 0, flags 0 vccp[784]: interface vcp-0 went down vccp[784]: Member 2, interface vcp-1.32768 went down vccp[784]: Member 0, interface vcp-0.32768 went down vccp[784]: VCCPD_PROTOCOL_ADJDOWN: Lost adjacency to 28c0.da2a.2000 on vccp[784]: ifl vcp-1.32768 set down, ifl flags 0, flags 0 vccp[784]: interface vcp-1 went down vccp[784]: Member 0, interface vcp-1.32768 went down vccp[784]: TASK_SIGNAL_TERMINATE: first termination signal received vccp[784]: vccpd_rawsock_send: sendmsg failed on ifl_idx 0, reason - 50 Copyright 2012 (c) www.zenithnetworks.com 57
  57. 57. root> show log messages | match vccp | save /var/log/vccp Wrote 31 lines of output to '/var/log/vccp„ root> show log vccp Feb 28 17:28:36 vcp-0.32768, Feb 28 17:28:36 Feb 28 17:28:36 Feb 28 17:28:36 Feb 28 17:28:36 Feb 28 17:28:36 vcp-1.32768, Feb 28 17:28:36 Feb 28 17:28:36 vccp[784]: VCCPD_PROTOCOL_ADJDOWN: Lost adjacency to 28c0.da2e.93c1 on vccp[784]: ifl vcp-0.32768 set down, ifl flags 0, flags 0 vccp[784]: interface vcp-0 went down vccp[784]: Member 2, interface vcp-1.32768 went down vccp[784]: Member 0, interface vcp-0.32768 went down vccp[784]: VCCPD_PROTOCOL_ADJDOWN: Lost adjacency to 28c0.da2a.2000 on vccp[784]: ifl vcp-1.32768 set down, ifl flags 0, flags 0 vccp[784]: interface vcp-1 went down Copyright 2012 (c) www.zenithnetworks.com 58
  58. 58. Copyright 2012 (c) www.zenithnetworks.com 59
  59. 59. root@flyers> show Address 172.16.20.2 ospf neighbor Interface ge-0/0/0.0 State Full ID 172.16.20.2 Pri Dead 128 37 root@phillies> show Address 172.16.20.1 Interface ge-0/0/0.0 State Full Copyright 2012 (c) www.zenithnetworks.com ospf neighbor ID Pri Dead 172.16.20.1 128 36 60
  60. 60. root@phillies> show ospf neighbor detail interface ge-0/0/0.0 Address Interface State ID Pri Dead 172.16.20.1 ge-0/0/0.0 Full 172.16.20.1 128 38 Area 0.0.0.0, opt 0x42, DR 172.16.20.2, BDR 172.16.20.1 Up 03:22:11, adjacent 03:21:27 Copyright 2012 (c) www.zenithnetworks.com 61
  61. 61. root@flyers> show Interface ge-0/0/0.0 ospf interface State BDR Area 0.0.0.0 DR ID 172.16.20.2 root@phillies> show Area 0.0.0.0 Nbrs 1 ospf interface Interface ge-0/0/0.0 BDR ID 172.16.20.1 State DR DR ID 172.16.20.2 BDR ID 172.16.20.1 Copyright 2012 (c) www.zenithnetworks.com Nbrs 1 62
  62. 62. root@flyers> show ospf interface ge-0/0/0.0 detail Interface State Area DR ID BDR ID Nbrs ge-0/0/0.0 BDR 0.0.0.0 172.16.20.2 172.16.20.1 1 Type: LAN, Address: 172.16.20.1, Mask: 255.255.255.0, MTU: 1500, Cost: 1 DR addr: 172.16.20.2, BDR addr: 172.16.20.1, Priority: 128 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 5, Not Stub Auth type: None Protection type: None Topology default (ID 0) -> Cost: 0 Copyright 2012 (c) www.zenithnetworks.com 63
  63. 63. root@phillies> show ospf interface ge-0/0/0.0 detail Interface State Area DR ID BDR ID Nbrs ge-0/0/0.0 DR 0.0.0.0 172.16.20.2 172.16.20.1 1 Type: LAN, Address: 172.16.20.2, Mask: 255.255.255.0, MTU: 1500, Cost: 1 DR addr: 172.16.20.2, BDR addr: 172.16.20.1, Priority: 128 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 5, Not Stub Auth type: None Protection type: None Topology default (ID 0) -> Cost: 0 Copyright 2012 (c) www.zenithnetworks.com 64
  64. 64. root@phillies> show ospf overview Instance: master Router ID: 172.16.20.2 Route table index: 0 LSA refresh time: 50 minutes Area: 0.0.0.0 Stub type: Not Stub Authentication Type: None Area border routers: 1, AS boundary routers: 0 Neighbors Up (in full state): 1 Topology: default (ID 0) Prefix export count: 0 Full SPF runs: 7 SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3 Backup SPF: Not Needed Copyright 2012 (c) www.zenithnetworks.com 65
  65. 65. root@phillies> show route inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.16.5.0/24 *[OSPF/10] 06:08:44, metric 2 > to 172.16.20.1 via ge-0/0/0.0 172.16.20.0/24 *[Direct/0] 07:15:05 > via ge-0/0/0.0 172.16.20.2/32 *[Local/0] 07:15:08 Local via ge-0/0/0.0 224.0.0.2/32 *[PIM/0] 07:15:13 MultiRecv 224.0.0.5/32 *[OSPF/10] 07:15:13, metric 1 MultiRecv 224.0.0.13/32 *[PIM/0] 07:15:13 MultiRecv Copyright 2012 (c) www.zenithnetworks.com 66
  66. 66. root@phillies> show route protocol ospf inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.16.5.0/24 *[OSPF/10] 06:15:04, metric 2 > to 172.16.20.1 via ge-0/0/0.0 224.0.0.5/32 *[OSPF/10] 07:21:33, metric 1 MultiRecv Copyright 2012 (c) www.zenithnetworks.com 67
  67. 67. root@phillies> show ospf database OSPF database, Area 0.0.0.0 Type ID Router 172.16.5.1 Router *172.16.20.2 Network *172.16.20.2 Summary 172.16.5.0 Adv Rtr 172.16.5.1 172.16.20.2 172.16.20.2 172.16.5.1 Seq 0x80000013 0x80000016 0x80000010 0x8000000e Age 755 1195 1844 912 Opt 0x22 0x22 0x22 0x22 Cksum Len 0x896c 36 0x6f63 36 0x5d92 32 0x1a9 28 Copyright 2012 (c) www.zenithnetworks.com 68
  68. 68. root@phillies> show ospf database detail OSPF database, Area 0.0.0.0 Type ID Router 172.16.5.1 Adv Rtr 172.16.5.1 Seq Age Opt Cksum Len 0x80000013 934 0x22 0x896c 36 bits 0x1, link count 1 (sourced by abr “veb” bits) id 172.16.20.2, data 172.16.20.1, Type Transit (2) Topology count: 0, Default metric: 1 Topology default (ID 0) Type: Transit, Node ID: 172.16.20.2 Metric: 1, Bidirectional Router *172.16.20.2 172.16.20.2 0x80000016 1374 0x22 0x6f63 36 bits 0x0, link count 1 id 172.16.20.2, data 172.16.20.2, Type Transit (2) Topology count: 0, Default metric: 1 Topology default (ID 0) Type: Transit, Node ID: 172.16.20.2 Metric: 1, Bidirectional Copyright 2012 (c) www.zenithnetworks.com 69
  69. 69. root@phillies> show ospf database detail Network *172.16.20.2 172.16.20.2 mask 255.255.255.0 attached router 172.16.20.2 attached router 172.16.5.1 Topology default (ID 0) Type: Transit, Node ID: 172.16.5.1 Metric: 0, Bidirectional Type: Transit, Node ID: 172.16.20.2 Metric: 0, Bidirectional 0x80000010 2023 0x22 0x5d92 32 Summary 172.16.5.0 172.16.5.1 mask 255.255.255.0 Topology default (ID 0) -> Metric: 1 0x8000000e 1091 0x22 0x1a9 28 Copyright 2012 (c) www.zenithnetworks.com 70
  70. 70. 1. 2. 3. Kill area 5 physical connection…. ( kill the 172.16.5.0 network ). On the “Phillies” router, user the “monitor start messages” command. Essentially, this network failure will cause ospf to converge and hence run spf calculations. root@phillies> monitor start messages *** messages *** Feb 27 06:55:29 phillies rpd[827]: RPD_OSPF_NBRDOWN: OSPF neighbor 172.16.20.1 (realm ospf-v2 ge-0/0/0.0 area 0.0.0.0) state changed from Full to Init due to 1WayRcvd (event reason: neighbor is in one-way mode) Copyright 2012 (c) www.zenithnetworks.com 71
  71. 71. root@phillies> show ospf overview Instance: master Router ID: 172.16.20.2 Route table index: 0 LSA refresh time: 50 minutes Area: 0.0.0.0 Stub type: Not Stub Authentication Type: None Area border routers: 1, AS boundary routers: 0 Neighbors Up (in full state): 1 Topology: default (ID 0) Prefix export count: 0 Full SPF runs: 9 SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3 Backup SPF: Not Needed Copyright 2012 (c) www.zenithnetworks.com 72
  72. 72. root@phillies# run Address 172.16.20.1 show ospf neighbor Interface ge-0/0/0.0 State Full ID 172.16.5.1 Pri Dead 128 31 Copyright 2012 (c) www.zenithnetworks.com 73
  73. 73. root@phillies# set traceoptions flag ? Possible completions: all database-description error event flooding general graceful-restart hello lsa-ack lsa-analysis lsa-request lsa-update normal nsr-synchronization packets Trace everything Trace database description packets Trace errored packets Trace OSPF state machine events Trace LSA flooding Trace general events Trace graceful restart Trace hello packets Trace LSA acknowledgment packets Trace LSA analysis Trace LSA request packets Trace LSA update packets Trace normal events Trace NSR synchronization events Trace all OSPF packets Copyright 2012 (c) www.zenithnetworks.com 74
  74. 74. {master:0}[edit protocols ospf] root@phillies# set traceoptions file ospf-events root@phillies# set traceoptions flag event root@phillies# set traceoptions flag error show traceoptions { file ospf-events; flag error; flag event; } root@phillies# Copyright 2012 (c) www.zenithnetworks.com 75
  75. 75. {master:0}[edit protocols ospf area 0.0.0.0] root@flyers# set interface ge-0/0/0.0 hello-interval 5 root@phillies> monitor start ospf-events (redirect to screen) *** ospf-events *** Feb 27 07:26:32.458816 OSPF packet ignored: hello interval mismatch 5 from 172.16.20.1 on intf ge-0/0/0.0 area 0.0.0.0 Feb 27 07:26:42.518840 RPD_OSPF_NBRDOWN: OSPF neighbor 172.16.20.1 (realm ospf-v2 ge0/0/0.0 area 0.0.0.0) state changed from Full to Down due to InActiveTimer (event reason: neighbor was inactive and declared dead) Feb 27 07:26:42.519369 Interface ge-0/0/0.0 area 0.0.0.0 event NeighborChange Feb 27 07:26:42.519849 OSPF neighbor 172.16.5.1 (IFL 68, area 0.0.0.0, rtbl idx 0) timeout Feb 27 07:26:42.522184 OSPF neighbor 172.16.20.1 (IFL 68, area 0.0.0.0, rtbl idx 0) deleted Feb 27 07:26:42.522327 OSPF programmed periodic xmit from 172.16.20.2 to 224.0.0.5 (IFL 68, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0) interval 10 Copyright 2012 (c) www.zenithnetworks.com 76
  76. 76. root@flyers# set interface ge-0/0/0.0 hello-interval 10 Feb 27 07:35:45.406817 OSPF programmed periodic xmit from 172.16.20.2 to 224.0.0.5 (IFL 68, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0) interval 10 0 Feb 27 07:35:45.414186 RPD_OSPF_NBRUP: OSPF neighbor 172.16.20.1 (realm ospf-v2 ge-0/0/0.0 area 0.0.0.0) state changed from Init to ExStart due to 2WayRcvd (event reason: neighbor detected this router) Feb 27 07:35:45.414431 Interface ge-0/0/0.0 area 0.0.0.0 event NeighborChange Feb 27 07:35:45.417124 OSPF programmed periodic xmit from 172.16.20.2 to 224.0.0.5 (IFL 68, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0) interval 10 0 Feb 27 07:35:45.490562 RPD_OSPF_NBRUP: OSPF neighbor 172.16.20.1 (realm ospf-v2 ge-0/0/0.0 area 0.0.0.0) state changed from Loading to Full due to LoadDone (event reason: OSPF loading completed) Copyright 2012 (c) www.zenithnetworks.com 77
  77. 77. BGP: 1. 2. EBGP ( AS 65530 - AS 65500 ) 172.16.20.0/24 Copyright 2012 (c) www.zenithnetworks.com 78
  78. 78. root@flyers> show bgp neighbor Peer: 172.16.20.2+179 AS 65500 Local: 172.16.20.1+62542 AS 65530 Type: External State: Established Flags: <ImportEval Sync> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Options: <Preference PeerAS Refresh> Holdtime: 90 Preference: 170 Number of flaps: 0 Peer ID: 172.16.20.2 Local ID: 172.16.5.1 Active Holdtime: 90 Keepalive Interval: 30 Peer index: 0 BFD: disabled, down Local Interface: ge-0/0/0.0 Copyright 2012 (c) www.zenithnetworks.com 79
  79. 79. root@phillies> show bgp neighbor Peer: 172.16.20.1+62542 AS 65530 Local: 172.16.20.2+179 AS 65500 Type: External State: Established Flags: <ImportEval Sync> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Options: <Preference PeerAS Refresh> Holdtime: 90 Preference: 170 Number of flaps: 0 Peer ID: 172.16.5.1 Local ID: 172.16.20.2 Active Holdtime: 90 Keepalive Interval: 30 Peer index: 0 BFD: disabled, down Local Interface: ge-0/0/0.0 Copyright 2012 (c) www.zenithnetworks.com 80
  80. 80. Send Routes (outbound) Copyright 2012 (c) www.zenithnetworks.com 81
  81. 81. root@flyers> show route receive-protocol bgp 172.16.20.2 (before import) root@flyers>show route protocol bgp (after import) Copyright 2012 (c) www.zenithnetworks.com 82
  82. 82. root@phillies> show route advertising-protocol bgp 172.16.20.1 (after export) root@phillies>show route protocol bgp (before export) Copyright 2012 (c) www.zenithnetworks.com 83
  83. 83. root@flyers> show route protocol bgp (before export / after import) inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.168.1.0/24 *[BGP/170] 08:13:37, localpref 100 RIB-Local Routing-Table Flyers AS path: 65500 I > to 172.16.20.2 via ge-0/0/0.0 Copyright 2012 (c) www.zenithnetworks.com 84
  84. 84. root@flyers> show route receive-protocol bgp 172.16.20.2 inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path 192.168.1.0/24 172.16.20.2 65500 I Flyers Copyright 2012 (c) www.zenithnetworks.com 85
  85. 85. root@flyers> show route receive-protocol bgp 172.16.20.2 root@flyers>show route protocol bgp Copyright 2012 (c) www.zenithnetworks.com 86
  86. 86. root@phillies> show route advertising-protocol bgp 172.16.20.1 inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 1 hidden) Prefix 192.168.1.0/24 Nexthop Self MED Lclpref AS path I Copyright 2012 (c) www.zenithnetworks.com 87
  87. 87. root@phillies> show route advertising-protocol bgp 172.16.20.1 (after export) root@phillies>show route protocol bgp (before export) Copyright 2012 (c) www.zenithnetworks.com 88
  88. 88. root@flyers> show route protocol bgp detail inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) 192.168.1.0/24 (1 entry, 1 announced) *BGP Preference: 170/-101 Next hop type: Router, Next hop index: 1326 Next-hop reference count: 2 Source: 172.16.20.2 Next hop: 172.16.20.2 via ge-0/0/0.0, selected State: <Active Ext> Local AS: 65530 Peer AS: 65500 Age: 7:50:36 Task: BGP_65500.172.16.20.2+62603 Announcement bits (1): 0-KRT AS path: 65500 I Accepted Localpref: 100 Router ID: 192.168.1.1 Copyright 2012 (c) www.zenithnetworks.com 89
  89. 89. root@phillies> show bgp group Group Type: External Name: To-ISP-Flyers Index: 0 Export: [ send-my-prefix ] Holdtime: 0 Total peers: 1 Established: 1 172.16.20.1+179 inet.0: 0/0/0/0 Local AS: 65500 Flags: <Export Eval> Groups: 1 Peers: 1 External: 1 Internal: 0 Down peers: 0 Flaps: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 0 0 0 0 0 0 Copyright 2012 (c) www.zenithnetworks.com 90
  90. 90. root@flyers> show route receive-protocol bgp 172.16.20.2 (before import policy is applied…. RIB-In) inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 192.168.1.0/24 172.16.20.2 65500 I * 192.168.2.0/24 172.16.20.2 65500 I Copyright 2012 (c) www.zenithnetworks.com 91
  91. 91. root@flyers> show route receive-protocol bgp 172.16.20.2 detail ( before policy is applied and detailed information ) inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) * 192.168.1.0/24 (1 entry, 1 announced) Accepted Nexthop: 172.16.20.2 AS path: 65500 I Communities: 65500:500 * 192.168.2.0/24 (1 entry, 1 announced) Accepted Nexthop: 172.16.20.2 AS path: 65500 I Communities: 65500:500 Copyright 2012 (c) www.zenithnetworks.com 92
  92. 92. root@flyers> show route receive-protocol bgp 172.16.20.2 (before policy applied and when blocking, route hidden command option ) inet.0: 8 destinations, 8 routes (7 active, 0 holddown, Prefix * 192.168.1.0/24 Nexthop 172.16.20.2 MED is hidden…. JUNOS will show route as hidden…. Use 1 hidden) Lclpref AS path 65500 I Copyright 2012 (c) www.zenithnetworks.com 93
  93. 93. root@flyers> show route receive-protocol bgp 172.16.20.2 hidden (to see hidden route due to policy) (before bgp import policy processing RIB-In) inet.0: 8 destinations, 8 routes (7 active, 0 holddown, 1 Prefix Nexthop 192.168.2.0/24 172.16.20.2 MED hidden) Lclpref AS path 65500 I Copyright 2012 (c) www.zenithnetworks.com 94
  94. 94. root@flyers> show route protocol bgp (rib-local….. after import-policy processing) inet.0: 8 destinations, 8 routes (7 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 192.168.1.0/24 *[BGP/170] 01:24:50, localpref 100 AS path: 65500 I > to 172.16.20.2 via ge-0/0/0.0 Copyright 2012 (c) www.zenithnetworks.com 95
  95. 95. root@phillies> show route advertising-protocol bgp 172.16.20.1 detail inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 1 hidden) * 192.168.1.0/24 (2 entries, 1 announced) BGP group To-ISP-Flyers type External Nexthop: Self AS path: [65500] I Communities: 65500:500 * 192.168.2.0/24 (1 entry, 1 announced) BGP group To-ISP-Flyers type External Nexthop: Self AS path: [65500] I Communities: 65500:500 Copyright 2012 (c) www.zenithnetworks.com 96
  96. 96. root@flyers> show route receive-protocol bgp 172.16.20.2 (no route blocking… and communities are set on phillies… before import-policy processing) inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 192.168.1.0/24 172.16.20.2 65500 I 192.168.2.0/24 172.16.20.2 65500 I Copyright 2012 (c) www.zenithnetworks.com 97
  97. 97. route receive-protocol bgp 172.16.20.2 detail • root@flyers> show • (now we see community info) • inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) * 192.168.1.0/24 (1 entry, 1 announced) Accepted Nexthop: 172.16.20.2 AS path: 65500 I Communities: 65500:500 • • • • • • • • • • * 192.168.2.0/24 (1 entry, 1 announced) Accepted Nexthop: 172.16.20.2 AS path: 65500 I Communities: 65500:500 Copyright 2012 (c) www.zenithnetworks.com 98
  98. 98. root@flyers> show route receive-protocol bgp 172.16.20.2 detail ( before IMPORT policy is applied ) inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) * 192.168.1.0/24 (1 entry, 1 announced) Accepted Nexthop: 172.16.20.2 AS path: 65500 I Communities: 65500:500 * 192.168.2.0/24 (1 entry, 1 announced) Accepted Nexthop: 172.16.20.2 AS path: 65500 I Communities: 65500:500 Copyright 2012 (c) www.zenithnetworks.com 99
  99. 99. root@flyers> show route protocol bgp detail ( community is present for 1.0 ) inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) 192.168.1.0/24 (1 entry, 1 announced) *BGP Preference: 170/-101 Next hop type: Router, Next hop index: 1326 Next-hop reference count: 4 Source: 172.16.20.2 Next hop: 172.16.20.2 via ge-0/0/0.0, selected State: <Active Ext> Local AS: 65530 Peer AS: 65500 Age: 1:51:22 Task: BGP_65500.172.16.20.2+62603 Announcement bits (1): 0-KRT AS path: 65500 I Communities: 65500:500 Accepted Localpref: 100 Router ID: 192.168.1.1 Copyright 2012 (c) www.zenithnetworks.com 10 0
  100. 100. root@flyers> show route protocol bgp detail (community is non-existent for 2.0 ) 192.168.2.0/24 (1 entry, 1 announced) *BGP Preference: 170/-101 Next hop type: Router, Next hop index: 1326 Next-hop reference count: 4 Source: 172.16.20.2 Next hop: 172.16.20.2 via ge-0/0/0.0, selected State: <Active Ext> Local AS: 65530 Peer AS: 65500 Age: 1:51:22 Task: BGP_65500.172.16.20.2+62603 Announcement bits (1): 0-KRT AS path: 65500 I Accepted Localpref: 100 Router ID: 192.168.1.1 Copyright 2012 (c) www.zenithnetworks.com 10 1
  101. 101. Copyright 2012 (c) www.zenithnetworks.com 10 2
  102. 102. [edit virtual-chassis] root# show preprovisioned; member 0 { role routing-engine; serial-number BM0210466816; } member 1 { role routing-engine; serial-number BM0210463478; } member 2 { role line-card; serial-number BM0210466754; } Copyright 2012 (c) www.zenithnetworks.com 10 3
  103. 103. root> show virtual-chassis Preprovisioned Virtual Chassis Virtual Chassis ID: 31d5.c5f9.4578 Member ID 0 (FPC 0) Status Prsnt Serial No BM0210466816 Mastership Neighbor List Model priority Role ID Interface ex4200-24t 129 Master* 1 vcp-0 2 vcp-1 1 (FPC 1) Prsnt BM0210463478 ex4200-24t 129 Backup 2 0 2 (FPC 2) Prsnt BM0210466754 ex4200-24t Linecard 0 vcp-0 1 vcp-1 0 Copyright 2012 (c) www.zenithnetworks.com vcp-0 vcp-1 10 4
  104. 104. root> show version ( or show version all ) ( or show version member 2 ) fpc0: -------------------------------------------------------------------------Model: ex4200-24t JUNOS Base OS boot [10.3R1.9] JUNOS Base OS Software Suite [10.3R1.9] JUNOS Kernel Software Suite [10.3R1.9] JUNOS Crypto Software Suite [10.3R1.9] JUNOS Online Documentation [10.3R1.9] JUNOS Enterprise Software Suite [10.3R1.9] JUNOS Packet Forwarding Engine Enterprise Software Suite [10.3R1.9] JUNOS Routing Software Suite [10.3R1.9] JUNOS Web Management [10.3R1.9] Copyright 2012 (c) www.zenithnetworks.com 10 5
  105. 105. fpc1: -------------------------------------------------------------------------Model: ex4200-24t JUNOS Base OS boot [10.3R1.9] JUNOS Base OS Software Suite [10.3R1.9] JUNOS Kernel Software Suite [10.3R1.9] JUNOS Crypto Software Suite [10.3R1.9] JUNOS Online Documentation [10.3R1.9] JUNOS Enterprise Software Suite [10.3R1.9] JUNOS Packet Forwarding Engine Enterprise Software Suite [10.3R1.9] JUNOS Routing Software Suite [10.3R1.9] JUNOS Web Management [10.3R1.9] Copyright 2012 (c) www.zenithnetworks.com 10 6
  106. 106. fpc2: -------------------------------------------------------------------------Model: ex4200-24t JUNOS Base OS boot [10.3R1.9] JUNOS Base OS Software Suite [10.3R1.9] JUNOS Kernel Software Suite [10.3R1.9] JUNOS Crypto Software Suite [10.3R1.9] JUNOS Online Documentation [10.3R1.9] JUNOS Enterprise Software Suite [10.3R1.9] JUNOS Packet Forwarding Engine Enterprise Software Suite [10.3R1.9] JUNOS Routing Software Suite [10.3R1.9] JUNOS Web Management [10.3R1.9] Copyright 2012 (c) www.zenithnetworks.com 10 7
  107. 107. root> request system reboot ? Possible completions: <[Enter]> Execute this command all-members Reboot all virtual chassis members at Time at which to perform the operation in Number of minutes to delay before operation local Reboot local virtual chassis member media Boot media for next boot member Reboot specific virtual chassis member (0..9) message Message to display to all users slice Partition on boot media to boot from | Pipe through a command Copyright 2012 (c) www.zenithnetworks.com 10 8
  108. 108. root> show interfaces terse Interface Admin ge-0/0/0 up ge-0/0/0.0 up ge-0/0/1 up ge-0/0/1.0 up …….. …….. ge-1/0/0 up ge-1/0/1 up ge-1/0/2 up …… …… ge-2/0/0 up ge-2/0/1 up ge-2/0/2 up Link down down down down down down down Proto Local Remote eth-switch eth-switch 0 1 down down down 2 Copyright 2012 (c) www.zenithnetworks.com 10 9
  109. 109. root> show interfaces terse | ge-2/0/0 ge-2/0/1 ge-2/0/2 ge-2/0/3 ge-2/0/4 ge-2/0/5 ge-2/0/6 ge-2/0/7 ge-2/0/8 up up up up up up up up up match ge-2 down down down down down down down down down 2 Copyright 2012 (c) www.zenithnetworks.com 11 0
  110. 110. root> show interfaces ge-0/0/0 extensive | find errors Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 Output errors: Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 Copyright 2012 (c) www.zenithnetworks.com 11 1
  111. 111. root> show interfaces | save /var/log/interfaces Wrote 1615 lines of output to '/var/log/interfaces„ root> file list /var/log /var/log: authd_sdb.log chassisd cosd interactive-commands interactive-commands.0.gz interfaces Copyright 2012 (c) www.zenithnetworks.com 11 2
  112. 112. root> show log /var/log/interfaces Physical interface: ge-0/0/0, Enabled, Physical link is Down Interface index: 130, SNMP ifIndex: 504 Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Current address: 28:c0:da:2a:2f:c0, Hardware address: 28:c0:da:2a:2f:c0 Last flapped : Never Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK Copyright 2012 (c) www.zenithnetworks.com 11 3
  113. 113. root> show virtual-chassis ? Possible completions: <[Enter]> active-topology device-topology fast-failover login protocol status vc-path vc-port | Execute this command Virtual chassis active topology PFE device topology Fast failover status Show virtual chassis protocol information Virtual chassis information Show virtual-chassis packet path Virtual chassis port information Pipe through a command Copyright 2012 (c) www.zenithnetworks.com 11 4
  114. 114. root> show virtual-chassis vc-port ? Possible completions: <[Enter]> all-members local member statistics | Execute this command Show virtual chassis ports on all virtual chassis members Show virtual chassis ports on local virtual chassis member Show virtual chassis ports on specific virtual chassis member Show virtual chassis port statistics Pipe through a command Copyright 2012 (c) www.zenithnetworks.com 11 5
  115. 115. root> show virtual-chassis vc-port all-members fpc0: -------------------------------------------------------------------------Interface Type or Trunk Status ID Speed (mbps) Neighbor 128Gbps Backplane ID Interface PIC / Port vcp-0 Dedicated 2 Up 32000 1 vcp-1 vcp-1 Dedicated 1 Up 32000 2 vcp-0 fpc1: -------------------------------------------------------------------------Interface Type or Trunk Status Neighbor (mbps) ID Speed ID Interface PIC / Port vcp-0 Dedicated 2 Up 32000 2 vcp-1 vcp-1 Dedicated 1 Up 32000 0 vcp-0 fpc2: -------------------------------------------------------------------------Interface Type or Trunk Status Neighbor (mbps) ID Speed ID Interface PIC / Port vcp-0 Dedicated 2 Up 32000 0 vcp-1 vcp-1 Dedicated 1 Up 32000 1 vcp-0 Copyright 2012 (c) www.zenithnetworks.com 11 6
  116. 116. root> show virtual-chassis vc-port statistics ? Possible completions: <[Enter]> <interface-name> vcp-0 vcp-1 all-members brief detail extensive local member | Execute this command Name of virtual chassis port Show virtual chassis ports statistics on all virtual chassis members Display brief output (default) Display detailed output Display extensive output Show virtual chassis ports statistics on local virtual chassis member Show virtual chassis ports statistics on specific virtual chassis member Pipe through a command Copyright 2012 (c) www.zenithnetworks.com 11 7
  117. 117. root> show virtual-chassis vc-port statistics vcp-0 member 2 fpc2: -------------------------------------------------------------------------Interface Input Octets/Packets Output Octets/Packets vcp-0 9125591 / 56412 9531594 / 56437  VCCP packets are being TX / RX Copyright 2012 (c) www.zenithnetworks.com 11 8
  118. 118. root> show virtual-chassis protocol adjacency fpc0: -------------------------------------------------------------------------Interface System State Hold (secs) internal-0/27 28c0.da2a.2fc1 Up 65535 ( packet forwarding engine 1 ) internal-1/24 28c0.da2a.2fc0 Up 65535 ( packet forwarding engine 2 ) vcp-0.32768 28c0.da2e.93c1 Up 57 ( vcp port ) vcp-1.32768 28c0.da2a.2000 Up 58 ( vcp port ) fpc1: -------------------------------------------------------------------------Interface System State Hold (secs) internal-0/27 28c0.da2e.93c1 Up 65535 ( packet forwarding engine 1 ) internal-1/24 28c0.da2e.93c0 Up 65535 ( packet forwarding engine 2 ) vcp-0.32768 28c0.da2a.2001 Up 58 ( vcp port ) vcp-1.32768 28c0.da2a.2fc0 Up 58 ( vcp port ) fpc2: -------------------------------------------------------------------------Interface System State Hold (secs) internal-0/27 28c0.da2a.2001 Up 65535 ( packet forwarding engine 1 ) internal-1/24 28c0.da2a.2000 Up 65535 ( packet forwarding engine 2 ) vcp-0.32768 28c0.da2a.2fc1 Up 58 ( vcp port ) vcp-1.32768 28c0.da2e.93c0 Up 58 ( vcp port ) Copyright 2012 (c) www.zenithnetworks.com 11 9
  119. 119. root> show virtual-chassis protocol database member 1 fpc1: -------------------------------------------------------------------------LSP ID Sequence Checksum Lifetime 28c0.da2a.2000.00-00 0xafc 0xc08f 116 28c0.da2a.2001.00-00 0xafa 0xea08 116 28c0.da2a.2fc0.00-00 0xaf6 0x5bd4 116 28c0.da2a.2fc1.00-00 0xafa 0x6f45 115 28c0.da2e.93c0.00-00 0xaf9 0x4f84 116 28c0.da2e.93c1.00-00 0xaff 0x4580 117 6 LSPs ( VC has a total of 6 PFE‟s… across 3 ex4200-24 ) Copyright 2012 (c) www.zenithnetworks.com 12 0
  120. 120. show virtual-chassis vc-path source-interface ge-0/0/0 destination-interface ge-2/0/0 vc-path from ge-0/0/0 Hop Member 0 0 1 2 2 2 to ge-2/0/0 PFE-Device Interface 1 ( my local pfe ) ge-0/0/0 ( source ) 6 ( swt #2 vcp port pfe ) vcp-1 (conn in between mem 0 and mem 2) 7 ( swt #2 local pfe ) ge-2/0/0 ( destination ) Copyright 2012 (c) www.zenithnetworks.com 12 1
  121. 121. www.zenithnetworks.com Thomas Stuart tstuart@zenithnetworks.com www.juniper.net extjumpstart-junos@juniper.net Copyright 2012 (c) www.zenithnetworks.com 12 2
  122. 122. Troubleshooting Certification Courses!!! Junos Troubleshooting in the NOC (JTNOC) Advanced Junos Service Provider Troubleshooting (AJSPT) Advanced Junos Enterprise Switching Troubleshooting (AJEXT) Advanced Junos Enterprise Security Troubleshooting (AJEST) Copyright 2012 (c) www.zenithnetworks.com 12 3
  123. 123. Access to view the Slides……  http://www.zenithnetworks.com/education Copyright 2012 (c) www.zenithnetworks.com 12 4

×