Differences

This shows you the differences between two versions of the page.

--- network_stuff:juniper:ex [2021/02/15 12:41] – jotasandoku
+++ network_stuff:juniper:ex [2023/11/02 14:38] (current) – external edit 127.0.0.1
@@ Line 24: / Line 24: @@
 ----
-AGGREGATED INTERFACES 802.3ad
+AGGREGATED INTERFACES 802.3ad (LAG)
 To assign interface to an aggegate:
@@ Line 199: / Line 199: @@
   request system software nonstop-upgrade set [/var/tmp/package-name.tgz /var/tmp/package-name.tgz] force-host # MIXED virtual
-  chassis
+  chassis # this will start the whole process, no manual reboot
-  # Then reboot or, if we want to rollback 'request system software rollback'
 UPGRADE COMMAND for NON-MIXED VC:\\
 To see what hapens during the nssu see this [[https://www.juniper.net/documentation/en_US/junos/topics/concept/nssu-qfx-series.html|External Link]]
-    request system software nonstop-upgrade  /var/tmp/package-name.tgz force-host
+    request system software nonstop-upgrade  /var/tmp/package-name.tgz force-host   # this will start the whole process, no manual reboot
-    # Then reboot or, if we want to rollback 'request system software rollback'
 AFTER:
@@ Line 286: / Line 284: @@
   request virtual-chassis vc-port set interface vcp-0 member 1 disable  # << example. disabled the VCP on the member 1 and member 0 and then console onto member 1
-  request system software add /tmp/jinstall-ex-4200-13.2X51-D35.3-domestic-signed.tgz reboot validate reboot  # before check servers are fine. From console in the the isolated fpc, trigger the upgrade.
+  request system software add /tmp/jinstall-ex-4200-13.2X51-D35.3-domestic-signed.tgz reboot validate reboot force-host # before check servers are fine. From console in the the isolated fpc, trigger the upgrade.
   # Then reboot or, if we want to rollback 'request system software rollback'
 \\
-** TODO **
+TSHOOT ISSUES AFTER UPGRADE:
+- If error like : "warning: Database header sequence numbers mismatch for file \n '/var/run/db/juniper.data'. If a package has just been" the apply the commands below (provided by jtac). More info [[https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1426341|here]]:
+  rm -rf /var/db/scripts/translation/openconfig-*
+  mgd -I
@@ Line 344: / Line 349: @@
   * Test ftp/netapp:\\
-  Go: https://filer01-mgt.dc.grapeshot.co.uk/sysmgr/SysMgr.html#
+  Go: https://filer01-mgt.dc.mycompany1.co.uk/sysmgr/SysMgr.html#
   ssh ftp01 and write in mount
   * Check internet reachability from any cc 1:1 outbound
-  [root@cc05.dc.grapeshot.co.uk ~]# ping google.com
+  [root@cc05.dc.mycompany1.co.uk ~]# ping google.com
   * Check reachability from internet to internal hosts 1:1 inbound
-  telnet clarify.grapeshot.co.uk 443 # this is in asci pool
+  telnet clarify.mycompany1.co.uk 443 # this is in asci pool
   * check crawling : **curl ipecho.net/plain**
 TO check that nat44 is happening in eacg different CC
@@ Line 371: / Line 376: @@
   * Check napt-44
-  [root@titan26.dc.grapeshot.co.uk ~]# telnet google.com 80
+  [root@titan26.dc.mycompany1.co.uk ~]# telnet google.com 80
   (fw)# sh nat translated 89.145.95.2 detail # there should be transalated hits
   # testing the below translation
@@ Line 386: / Line 391: @@
   set protocols rstp interface xe-0/0/13.0 mode point-to-point
   set protocols rstp interface ge-0/0/3.0 mode edge
+To **quickly** add rstp to a port:
+  del interfaces et-0/0/26
+  set protocols rstp interface et-0/0/26
+  set interfaces et-0/0/26.0 family ethernet-switching
 ----
@@ Line 638: / Line 648: @@
-----
+---
-__**FORWARDING CONSOLE TROUBLESHOOT / DEBUGGING**__\\
+__**PFE TROUBLESHOOTING / DEBUGGING "VTY" **__\\
-INTERNAL FRAME PATH"VTY"\\
+**INTERNAL FRAME PATH**:\\
 Check this session: {{ :network_stuff:juniper:vty_fpc.txt |}} ; [[https://packetpushers.net/junos-useful-show-commands-capture-data-verification-troubleshooting-part-2/]]\\
   run start shell
@@ Line 652: / Line 662: @@
   request pfe execute command "show nhdb type unicast" target fpc3 | match xe
-CPU USAGE: Don't use sh chassis routing engine (deceiving as everything under 'CPU utilization' is time, not load based (eg kernel 15 means kernel has been doing things 15% of the last 10 seconds)\\
+**PFE TROUBLESHOOTING / CPU USAGE**: Don't use sh chassis routing engine (deceiving as everything under 'CPU utilization' is time, not load based (eg kernel 15 means kernel has been doing things 15% of the last 10 seconds)\\
 Do **this** instead:
   show system processes extensive | except 0.0 | refresh 1
+  start shell
+  vty fpc0
+  show syslog messages
+  show threads
+  show threads cpu
+  show threads verbose
 \\
-CAPTURE PACKETS DESTINED TO THE ROUTING ENGINE:\\
+** PFE TROUBLESHOOTING/ CAPTURE PACKETS DESTINED TO RE:**\\
 To capture packets going to the routing engine:
   rtsockmon -t    # If it shows a lot of add/delete routes there might be an issue with exception traffic
-rtsockmon : to view the actual route replication process \\
+  rtsockmon : to view the actual route replication process \\
 \\
+** PFE TROUBLESHOOTING / MC-LAG**
+For the full troubleshooting check here {{ :network_stuff:juniper:pfe-tshoot-mclag.odt |}}
+  request pfe execute target fpc0 command "set dcbcm bcmshell \"l3 l3table show\"" | grep "Entry|185.89.206.27"
+  Entry VRF IP address       Mac Address           INTF MOD PORT    CLASS HIT    H/W Index
+    1    185.89.206.27    00:00:00:00:00:00  100154    0    0         0 y      141712
+  # internal interface for .27 destination is 100154
+  request pfe execute target fpc0 command "set dcbcm bcmshell \"l3 egress show 100154\""
+  HW (unit 0)
+  Entry  Mac                 Vlan INTF PORT MOD MPLS_LABEL ToCpu Drop RefCount L3MC
+  00:10:e0:bd:8e:0e    7    4     6t   0        -1   no   no    1   no
+  # no drop. Uses internal vlan 7
+  request pfe execute target fpc0 command "show bridge-dom"
+  SENT: Ukern command: show bridge-dom
+  Bridging Domain                          BD-Index RTT-Index  BD-Type   BD-Hw-Token
+  server-hosting+1                                6        4   Regular            7
+  [..]
+  # for vlan 7
+  request pfe execute target fpc0 command "set dcbcm bcmshell \"vlan show\"" | grep "Vlan 7"
+  vlan 7	ports xe6-xe13,xe16-xe24,xe28,xe32,xe36 (0x0000000000000000000000000000000000000000000000000000002223fe7f80), untagged xe6-xe13,xe16-xe23
+  # to show all ifd
+  request pfe execute target fpc0 command "show dcbcm ifd all"
+   ifd name     global-dev  local-dev   port-num   port-name
+   xe-0/0/16             0          0         17      xe16
+   xe-0/0/17             0          0         18      xe17
+  [...]
+  # this is cef information
+  show route forwarding-table destination 185.89.206.27
+  Routing table: default.inet
+  Internet:
+  Enabled protocols: Bridging,
+  Destination        Type RtRef Next hop           Type Index    NhRef Netif
+.89.206.27/32   dest     0 0:10:e0:bd:8e:e    ucst     1805     1 ae5.0
+  # this bounces the port physically (completely):
+  request pfe execute target fpc0 command "set cmqfx xcvr remove/insert pic 0 port 17"
+  # mclag filter creation seems to fail
+  show log messages | last 20
+  Jun 15 14:24:12  csw1-coresite-la1 mib2d[2203]: SNMP_TRAP_LINK_UP: ifIndex 569, ifAdminStatus up(1), ifOper
+  request pfe execute target fpc0 command "show filter hw all drop non_zero_only 0
+  # THIS SHOWS THE FILTERS IN ACTION:
+  F   9 U:  0 Pi: 0 G:33 E:   9216 A:IDR stat (id 7243 val 0x0000000000006A75) P:7FFFFD3F I7: protect-RE (IRACL)
+  F  71 U:  0 Pi: 0 G:17 E:    127 H:0 A:CCD stat (id  127 val 0x000000000000004F) P:00000001 I5: CPU Code  69 -ipv6_linklocal
+  F 131 U:  0 Pi: 0 G:17 E:    170 H:0 A:CCD stat (id  170 val 0x00000000002EB5DB) P:7FFFFFFB I5: COSQ 16 -ipv6-ns-na
+  F 131 U:  0 Pi: 0 G:17 E:    172 H:0 A:CCD stat (id  172 val 0x000000000014014E) P:7FFFFFFB I5: COSQ 16 -ipv6-ns-na
 INVESTIGATE QUEUE DEPTH FOR ARPs:\\
 on 12.3R12.4 ARP is assigned to DSAIdx 5 and it goes to queue 2a which has 300pps bandwidth:\\
@@ Line 725: / Line 790: @@
     * D45 << RELEASE
+  * JSA: Juniper Security Advisories

dokucama

User Tools

Site Tools

Differences

Page Tools