dokucama

User Tools

Site Tools

Trace: networking
network_stuff:juniper:ex

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

network_stuff:juniper:ex [2020/10/12 10:32] jotasandokunetwork_stuff:juniper:ex [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 4: Line 4:
  
 \\ \\
-\\+\\TFXPC0(vty)# show filter hw groups
 For the mastership selection, remember higher wins [[https://www.juniper.net/documentation/en_US/junos/topics/concept/virtual-chassis-ex4200-master-switch-election.html|External Link]].  the members that are not selected as master or backup function as linecard members of the Virtual Chassis configuration. A switch with a mastership priority of 0 is always in the linecard role. The default value for mastership priority is 128. Normally we assign master and backup the Same Priority. For the mastership selection, remember higher wins [[https://www.juniper.net/documentation/en_US/junos/topics/concept/virtual-chassis-ex4200-master-switch-election.html|External Link]].  the members that are not selected as master or backup function as linecard members of the Virtual Chassis configuration. A switch with a mastership priority of 0 is always in the linecard role. The default value for mastership priority is 128. Normally we assign master and backup the Same Priority.
 \\ \\
Line 24: Line 24:
  
 ---- ----
-AGGREGATED INTERFACES 802.3ad+AGGREGATED INTERFACES 802.3ad (LAG)
  
 To assign interface to an aggegate: To assign interface to an aggegate:
Line 196: Line 196:
      
  
-UPGRADE COMMAND for mixed VC+UPGRADE COMMAND for mixed VC
   request system software nonstop-upgrade set [/var/tmp/package-name.tgz /var/tmp/package-name.tgz] force-host # MIXED virtual    request system software nonstop-upgrade set [/var/tmp/package-name.tgz /var/tmp/package-name.tgz] force-host # MIXED virtual 
-  chassis +  chassis # this will start the whole processno manual reboot 
-  Then reboot orif we want to rollback 'request system software rollback' +UPGRADE COMMAND for NON-MIXED VC:\\ 
-UPGRADE COMMAND for NON-MIXED VC: +To see what hapens during the nssu see this [[https://www.juniper.net/documentation/en_US/junos/topics/concept/nssu-qfx-series.html|External Link]] 
-    request system software nonstop-upgrade  /var/tmp/package-name.tgz force-host +    request system software nonstop-upgrade  /var/tmp/package-name.tgz force-host   this will start the whole process, no manual reboot
-    Then reboot or, if we want to rollback 'request system software rollback'+
 AFTER:  AFTER: 
  
Line 284: Line 284:
   request virtual-chassis vc-port set interface vcp-0 member 1 disable  # << example. disabled the VCP on the member 1 and member 0 and then console onto member 1   request virtual-chassis vc-port set interface vcp-0 member 1 disable  # << example. disabled the VCP on the member 1 and member 0 and then console onto member 1
  
-  request system software add /tmp/jinstall-ex-4200-13.2X51-D35.3-domestic-signed.tgz reboot validate reboot  # before check servers are fine. From console in the the isolated fpc, trigger the upgrade.+  request system software add /tmp/jinstall-ex-4200-13.2X51-D35.3-domestic-signed.tgz reboot validate reboot force-host # before check servers are fine. From console in the the isolated fpc, trigger the upgrade.
   # Then reboot or, if we want to rollback 'request system software rollback'   # Then reboot or, if we want to rollback 'request system software rollback'
  
 \\ \\
-** TODO **+TSHOOT ISSUES AFTER UPGRADE: 
 + 
 +- If error like : "warning: Database header sequence numbers mismatch for file \n '/var/run/db/juniper.data'. If a package has just been" the apply the commands below (provided by jtac). More info [[https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1426341|here]]: 
 + 
 +  rm -rf /var/db/scripts/translation/openconfig-* 
 +  mgd -I 
 + 
  
  
Line 342: Line 349:
  
   * Test ftp/netapp:\\   * Test ftp/netapp:\\
-  Go: https://filer01-mgt.dc.grapeshot.co.uk/sysmgr/SysMgr.html#+  Go: https://filer01-mgt.dc.mycompany1.co.uk/sysmgr/SysMgr.html#
   ssh ftp01 and write in mount   ssh ftp01 and write in mount
  
   * Check internet reachability from any cc 1:1 outbound   * Check internet reachability from any cc 1:1 outbound
-  [root@cc05.dc.grapeshot.co.uk ~]# ping google.com+  [root@cc05.dc.mycompany1.co.uk ~]# ping google.com
   * Check reachability from internet to internal hosts 1:1 inbound    * Check reachability from internet to internal hosts 1:1 inbound 
-  telnet clarify.grapeshot.co.uk 443 # this is in asci pool+  telnet clarify.mycompany1.co.uk 443 # this is in asci pool
   * check crawling : **curl ipecho.net/plain**   * check crawling : **curl ipecho.net/plain**
 TO check that nat44 is happening in eacg different CC TO check that nat44 is happening in eacg different CC
Line 369: Line 376:
  
   * Check napt-44   * Check napt-44
-  [root@titan26.dc.grapeshot.co.uk ~]# telnet google.com 80+  [root@titan26.dc.mycompany1.co.uk ~]# telnet google.com 80
   (fw)# sh nat translated 89.145.95.2 detail # there should be transalated hits   (fw)# sh nat translated 89.145.95.2 detail # there should be transalated hits
   # testing the below translation     # testing the below translation  
Line 384: Line 391:
   set protocols rstp interface xe-0/0/13.0 mode point-to-point    set protocols rstp interface xe-0/0/13.0 mode point-to-point 
   set protocols rstp interface ge-0/0/3.0 mode edge   set protocols rstp interface ge-0/0/3.0 mode edge
 +
 +To **quickly** add rstp to a port:
 +  del interfaces et-0/0/26 
 +  set protocols rstp interface et-0/0/26
 +  set interfaces et-0/0/26.0 family ethernet-switching
  
 ---- ----
Line 465: Line 477:
                                                                               vcp-255/0/26                                                                               vcp-255/0/26
                                                                             vcp-255/0/27                                                                             vcp-255/0/27
 +
 +
 +----
 +NEW MIXED VIRTUAL CHASSIS FROM EXISTING EX4200 (ADD EX4550):\\
 +Any of the members can be Master in this kind of mixed VC, in this case we will have the 4200 keeping their master role.\\
 +[[https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/virtual-chassis-ex4200-ex4500-cli.html]]
 +\\
 +In the EX4550:\\
 +
 +  * Do not connect the VC cables yet
 +  * Power ON the new EX4550 and enable CON
 +  * Zeroize the devices to avoid issues
 +  * Note down the RE serial numbers (chassis_s-n).
 +
 +  set system root-authentication plain-text-password # then the usual root password
 +  set system host-name sw-Xyy
 +
 +  * Connect them to mgmt to the laptop and upgarde the firmware in the new members. to 15.1R7.9
 +  * Verify the PIC mode setting:
 +
 +  show chassis pic-mode # If the PIC mode was not set to Virtual Chassis mod, set the PIC mode to Virtual Chassis mode:
 +  request chassis pic-mode virtual-chassis
 +
 +  * Reboot each future member
 +  * shut them down
 +  * Interconnect the VC cables for the 4 members, daisy chain.
 +
 +In the EX4200:\\
 +
 +  set virtual-chassis preprovisioned
 +  del virtual-chassis no-split-detection
 +  set virtual-chassis member 0 role routing-engine
 +  set virtual-chassis member 0 serial-number BP0208369580
 +  set virtual-chassis member 1 role routing-engine
 +  set virtual-chassis member 1 serial-number BP0211193901
 +  set virtual-chassis member 2 role line-card
 +  set virtual-chassis member 2 serial-number XXXXXXXXXXXX # new SNs
 +  set virtual-chassis member 3 role line-card
 +  set virtual-chassis member 3 serial-number XXXXXXXXXXXX
 +  
 +Power ON the new EX4200, now connected to the VC lot
 +
 +  show virtual-chassis # Verify VC is healthy, output similar to this
 +    Preprovisioned Virtual Chassis
 +  Virtual Chassis ID: 5ca4.23ce.6939
 +  Virtual Chassis Mode: Mixed
 +                                                  Mstr           Mixed Route Neighbor List
 +  Member ID  Status   Serial No    Model          prio  Role      Mode  Mode ID  Interface
 +  0 (FPC 0)  Prsnt    XXXXXXXXXXXX ex4200-48t     129   Backup        VC    vcp-0      
 +                                                                              vcp-1      
 +  1 (FPC 1)  Prsnt    XXXXXXXXXXXX ex4200-48t     129   Master*      Y  VC    vcp-0      
 +                                                                              vcp-1      
 +  2 (FPC 2)  Prsnt    XXXXXXXXXXXX ex4550-32f         Linecard      VC    vcp-255/2/0
 +                                                                              vcp-255/2/1
 +                                                                              vcp-255/2/3
 +  3 (FPC 3)  Prsnt    XXXXXXXXXXXX ex4550-32f         Linecard      VC    vcp-255/2/0
 +                                                                              vcp-255/2/2
 +                                                                              vcp-255/2/3
 +  show virtual-chassis vc-port
 +
  
 ---- ----
Line 576: Line 648:
  
  
-----+---
  
-__**FORWARDING CONSOLE TROUBLESHOOT**__\\ +__**PFE TROUBLESHOOTING / DEBUGGING "VTY" **__\\ 
-INTERNAL FRAME PATH"VTY"\\+**INTERNAL FRAME PATH**:\\
 Check this session: {{ :network_stuff:juniper:vty_fpc.txt |}} ; [[https://packetpushers.net/junos-useful-show-commands-capture-data-verification-troubleshooting-part-2/]]\\ Check this session: {{ :network_stuff:juniper:vty_fpc.txt |}} ; [[https://packetpushers.net/junos-useful-show-commands-capture-data-verification-troubleshooting-part-2/]]\\
   run start shell           run start shell        
Line 590: Line 662:
   request pfe execute command "show nhdb type unicast" target fpc3 | match xe   request pfe execute command "show nhdb type unicast" target fpc3 | match xe
      
-CPU USAGE: Don't use sh chassis routing engine (deceiving as everything under 'CPU utilization' is time, not load based (eg kernel 15 means kernel has been doing things 15% of the last 10 seconds)\\+**PFE TROUBLESHOOTING / CPU USAGE**: Don't use sh chassis routing engine (deceiving as everything under 'CPU utilization' is time, not load based (eg kernel 15 means kernel has been doing things 15% of the last 10 seconds)\\
 Do **this** instead: Do **this** instead:
   show system processes extensive | except 0.0 | refresh 1   show system processes extensive | except 0.0 | refresh 1
 +  start shell
 +  vty fpc0
 +  show syslog messages
 +  show threads
 +  show threads cpu
 +  show threads verbose
    
 \\ \\
-CAPTURE PACKETS DESTINED TO THE ROUTING ENGINE:\\+** PFE TROUBLESHOOTING/ CAPTURE PACKETS DESTINED TO RE:**\\
 To capture packets going to the routing engine:  To capture packets going to the routing engine: 
   rtsockmon -t    # If it shows a lot of add/delete routes there might be an issue with exception traffic   rtsockmon -t    # If it shows a lot of add/delete routes there might be an issue with exception traffic
-rtsockmon : to view the actual route replication process \\+  rtsockmon : to view the actual route replication process \\
 \\ \\
 +
 +** PFE TROUBLESHOOTING / MC-LAG**
 +
 +For the full troubleshooting check here {{ :network_stuff:juniper:pfe-tshoot-mclag.odt |}}
 +
 +  request pfe execute target fpc0 command "set dcbcm bcmshell \"l3 l3table show\"" | grep "Entry|185.89.206.27" 
 +  Entry VRF IP address       Mac Address           INTF MOD PORT    CLASS HIT    H/W Index
 +  99    1    185.89.206.27    00:00:00:00:00:00  100154    0    0         0 y      141712
 +  # internal interface for .27 destination is 100154
 +  request pfe execute target fpc0 command "set dcbcm bcmshell \"l3 egress show 100154\""     
 +  HW (unit 0)
 +  Entry  Mac                 Vlan INTF PORT MOD MPLS_LABEL ToCpu Drop RefCount L3MC
 +  100154  00:10:e0:bd:8e:0e    7    4     6t          -1   no   no    1   no
 +  # no drop. Uses internal vlan 7
 +  request pfe execute target fpc0 command "show bridge-dom"   
 +  SENT: Ukern command: show bridge-dom
 +  Bridging Domain                          BD-Index RTT-Index  BD-Type   BD-Hw-Token
 +  server-hosting+1                                6        4   Regular            7
 +  [..]
 +  # for vlan 7
 +  request pfe execute target fpc0 command "set dcbcm bcmshell \"vlan show\"" | grep "Vlan 7" 
 +  vlan 7 ports xe6-xe13,xe16-xe24,xe28,xe32,xe36 (0x0000000000000000000000000000000000000000000000000000002223fe7f80), untagged xe6-xe13,xe16-xe23 
 +  # to show all ifd
 +  request pfe execute target fpc0 command "show dcbcm ifd all"                                  
 +   ifd name     global-dev  local-dev   port-num   port-name
 +   xe-0/0/16                      0         17      xe16
 +   xe-0/0/17                      0         18      xe17
 +  [...]
 +  # this is cef information
 +  show route forwarding-table destination 185.89.206.27
 +  Routing table: default.inet
 +  Internet:
 +  Enabled protocols: Bridging, 
 +  Destination        Type RtRef Next hop           Type Index    NhRef Netif
 +  185.89.206.27/32   dest     0 0:10:e0:bd:8e:   ucst     1805     1 ae5.0
 +  # this bounces the port physically (completely):
 +  request pfe execute target fpc0 command "set cmqfx xcvr remove/insert pic 0 port 17"
 +  # mclag filter creation seems to fail
 +  show log messages | last 20 
 +  Jun 15 14:24:12  csw1-coresite-la1 mib2d[2203]: SNMP_TRAP_LINK_UP: ifIndex 569, ifAdminStatus up(1), ifOper
 +  request pfe execute target fpc0 command "show filter hw all drop non_zero_only 0
 +  # THIS SHOWS THE FILTERS IN ACTION:
 +  F   9 U:  0 Pi: 0 G:33 E:   9216 A:IDR stat (id 7243 val 0x0000000000006A75) P:7FFFFD3F I7: protect-RE (IRACL)
 +  F  71 U:  0 Pi: 0 G:17 E:    127 H:0 A:CCD stat (id  127 val 0x000000000000004F) P:00000001 I5: CPU Code  69 -ipv6_linklocal
 +  F 131 U:  0 Pi: 0 G:17 E:    170 H:0 A:CCD stat (id  170 val 0x00000000002EB5DB) P:7FFFFFFB I5: COSQ 16 -ipv6-ns-na
 +  F 131 U:  0 Pi: 0 G:17 E:    172 H:0 A:CCD stat (id  172 val 0x000000000014014E) P:7FFFFFFB I5: COSQ 16 -ipv6-ns-na
 +
 +
 +
 INVESTIGATE QUEUE DEPTH FOR ARPs:\\ INVESTIGATE QUEUE DEPTH FOR ARPs:\\
 on 12.3R12.4 ARP is assigned to DSAIdx 5 and it goes to queue 2a which has 300pps bandwidth:\\ on 12.3R12.4 ARP is assigned to DSAIdx 5 and it goes to queue 2a which has 300pps bandwidth:\\
Line 663: Line 790:
     * D45 << RELEASE     * D45 << RELEASE
  
 +  * JSA: Juniper Security Advisories 
network_stuff/juniper/ex.1602498778.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki