dokucama

User Tools

Site Tools

Trace: networking
network_stuff:juniper:mx

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

network_stuff:juniper:mx [2020/06/08 17:19] jotasandokunetwork_stuff:juniper:mx [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 14: Line 14:
  
 Example eBGP config Example eBGP config
 +  set routing-options autonomous-system 65000
   set protocols bgp group PEER type external   set protocols bgp group PEER type external
   set protocols bgp group PEER local-address x.x.x.x   set protocols bgp group PEER local-address x.x.x.x
Line 49: Line 50:
  
 ---- ----
- +ANNOTATE JUNOS CONFIGURATION [[https://junosnotes.blogspot.com/2013/02/junos-annotate_19.html|External Link]] \\ 
-STATIC ROUTES  +\\
-Annotate+
 annotate route 192.193.0.0/16  /* CITI /16 Publicly assigned Prefix */ annotate route 192.193.0.0/16  /* CITI /16 Publicly assigned Prefix */
 \\ \\
Line 247: Line 247:
 Interesting diagnosis: "We found in our SecureMeeting that you have evidence of host path congestion as shown in ... and the peer flapping due to hold-time-expired is a classic symptom of host path congestion." Interesting diagnosis: "We found in our SecureMeeting that you have evidence of host path congestion as shown in ... and the peer flapping due to hold-time-expired is a classic symptom of host path congestion."
   show pfe statistics traffic | match "hardware input"   show pfe statistics traffic | match "hardware input"
 +  
 +  
 +
 +----
 +
 +MX UPGRADE ISSU:\\
 +[[https://www.juniper.net/documentation/en_US/junos/topics/task/installation/issu-upgrading.html]]
 +
 +  file copy ftp://myid@myhost.mydomain.net/jinstall64-14.1R4.10-domestic-signed.tgz /var/tmp/jinstall64-14.1R4.10-domestic-signed.tgz
 +  R0> request system software in-service-upgrade /var/tmp/jinstall64-14.1R4.10-domestic-signed.tgz reboot
 +  R1> request chassis routing-engine master acquire
 +  
 +If problems [[https://www.juniper.net/documentation/en_US/junos/topics/task/troubleshooting/issu-troubleshooting.html|External Link]]:\\
 +  request system software abort in-service-upgrade
 +  request chassis fpc (offline | online | restart) slot slot-number   # the MS-MIC MS-MS
 +
 +
  
 ---- ----
Line 263: Line 280:
  
   set cli timestamp   set cli timestamp
 +  request system storage cleanup dry-run # Verify space is enough for the upgrade. /var partition need to be ~1G available
   request support information | no-more   # have this in a file case thorough checks are needed   request support information | no-more   # have this in a file case thorough checks are needed
   show interfaces terse | except down | no-more     show interfaces terse | except down | no-more  
Line 268: Line 286:
   show arp no-resolve | no-more   show arp no-resolve | no-more
   show bridge mac-table | no-more   show bridge mac-table | no-more
-  show system alarms+  show bgp summary | no-more 
 +  show interfaces terse | no-more 
 +  show system alarms 
   # be sure there's an up-to-date backup of the config in rancid   # be sure there's an up-to-date backup of the config in rancid
   # check console access to the device   # check console access to the device
Line 323: Line 343:
   show chassis routing-enginen # both re will show (Master and Backup states)   show chassis routing-enginen # both re will show (Master and Backup states)
  
-  * 5.-**RE0 (ZERO)**+  * 5.-** IN  RE1 (ROUTING ENGINE ONE): still master **
  
   activate chassis redundancy graceful-switchover   activate chassis redundancy graceful-switchover
Line 330: Line 350:
   commit synchronize    commit synchronize 
  
-  * 6.- **RE1 (ONE)**+  * 6.- **RE0 (ROUTING ENGINE ZERO): still backup**
  
   show chassis routing-engine   # R0 (still backup) r0 Must be healthy!   show chassis routing-engine   # R0 (still backup) r0 Must be healthy!
Line 366: Line 386:
 IN EVENT OF FAILED UPGRADE: IN EVENT OF FAILED UPGRADE:
   request system snapshot recovery    request system snapshot recovery 
 +  OR
 +  request system software delete jinstall  ~To abort the installation as soon as this operation completes
 ---- ----
  
Line 427: Line 449:
   * Junos OS chooses the OSPF route, because of the default preference 10 for an internal OSPF route and 150 for an external OSPF route   * Junos OS chooses the OSPF route, because of the default preference 10 for an internal OSPF route and 150 for an external OSPF route
   * **In our case OSPF is less preferred than xBGP set protocols ospf external-preference 200**   * **In our case OSPF is less preferred than xBGP set protocols ospf external-preference 200**
 +  * IOS follows Rfc 1771 and eBGP routes are advertised to iBGP peers. Junos: Not by default (on purpose as rfc behaviour might clog ibgp and even traffic loops).In order to make Junos compliant (with rfc and IOS) we can do advertise inactive.
 +  *  Juniper created a compatibility knob for this situation, called advertise-inactive. When applied to an EBGP peering session, this knob results in the advertisement of the best BGP route that happens to be inactive because of IGP preference.
   * junos 'route preferences': **OSPF-IA 10** ; IS-IS-L1-int 15 ; IS-IS-L1-int 18 ; **OSPF-E 150** ; IS-IS-L1-ext 160 ; IS-IS-L1-ext 165 ; **BGP 170**   * junos 'route preferences': **OSPF-IA 10** ; IS-IS-L1-int 15 ; IS-IS-L1-int 18 ; **OSPF-E 150** ; IS-IS-L1-ext 160 ; IS-IS-L1-ext 165 ; **BGP 170**
   * To resolve the possible compatibility issues with ios:   * To resolve the possible compatibility issues with ios:
Line 540: Line 564:
      
 \\ \\
-__**FORWARDING CONSOLE TROUBLESHOOT**__\\+__**FORWARDING CONSOLE TROUBLESHOOT / DEBUGGING**__\\
 __PFE WALK (notes) - CONNECTION TO AFEB0__ __PFE WALK (notes) - CONNECTION TO AFEB0__
   - We identify/capture the packet in question (checking one by one the 'parcels' usually in hexadecimal, looking for a pattern)   - We identify/capture the packet in question (checking one by one the 'parcels' usually in hexadecimal, looking for a pattern)
Line 635: Line 659:
  
 IPSEC VPN (MS-MIC MS-MPC):\\ IPSEC VPN (MS-MIC MS-MPC):\\
-  * [[https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/settingupIPsec.htm]] +  * [[https://docs.cloud.mycompany2.com/en-us/iaas/Content/Network/Tasks/settingupIPsec.htm]] 
-  * [[https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Reference/junipermxCPE.htm]] +  * [[https://docs.cloud.mycompany2.com/en-us/iaas/Content/Network/Reference/junipermxCPE.htm]] 
-  * [[https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/connectivity-redundancy-guide.pdf]]+  * [[https://docs.cloud.mycompany2.com/en-us/iaas/Content/Resources/Assets/whitepapers/connectivity-redundancy-guide.pdf]]
   * [[https://www.juniper.net/documentation/en_US/junos/topics/example/ipsec-configuring-on-ms-mic.html]]   * [[https://www.juniper.net/documentation/en_US/junos/topics/example/ipsec-configuring-on-ms-mic.html]]
  
Line 649: Line 673:
   set firewall family inet filter vpn-filter term admin-services-esp then accept   set firewall family inet filter vpn-filter term admin-services-esp then accept
  
-TROUBLESHOOT:\\+TROUBLESHOOTING IPSEC:\\
   show services ipsec-vpn ipsec security-associations detail  # like 'sho crypto isakmp sa'   show services ipsec-vpn ipsec security-associations detail  # like 'sho crypto isakmp sa'
   show services ipsec-vpn ipsec statistics    show services ipsec-vpn ipsec statistics 
   show services ipsec-vpn ipsec security-associations ipsec_ss_ms_5_2_01 # # like 'sho crypto ipsec ' # like 'sho crypto ipsec sa'   show services ipsec-vpn ipsec security-associations ipsec_ss_ms_5_2_01 # # like 'sho crypto ipsec ' # like 'sho crypto ipsec sa'
 +
 +
 +----
 +
 +__TROUBLESHOOTING NETFLOW (troubleshooting jflow)__
 +\\
 +Jflow and Netflow are essentially [[https://community.juniper.net/communities/community-home/digestviewer/viewthread?MID=73286|identical]].
 +\\
 +cflowd (netflow from alcatel), netstream (netflow from huawei)
 +
 +  show services accounting flow inline-jflow fpc-slot 0
 +  show services accounting flow inline-jflow fpc-slot 3
 +  show services accounting flow inline-jflow fpc-slot 7
 +  From Shell
 +  start shell pfe network fpc0
 +  debug cos halp show ifds local-only
 +  debug cos halp all_stats non-zero
 +  exit
 +  start shell pfe network fpc3
 +  debug cos halp show ifds local-only
 +  debug cos halp all_stats non-zero
 +  exit
 +  start shell pfe network fpc7
 +  debug cos halp show ifds local-only
 +  debug cos halp all_stats non-zero
 +  exit
 +  From mspmand
 +  start shell
 +  vty -s mspmand fpc0
 +  plugin jflow show statistics
 +  quit
 +  vty -s mspmand fpc3
 +  plugin jflow show statistics
 +  quit 
 +  vty -s mspmand fpc7
 +  plugin jflow show statistics
 +  quit
 + 
      
network_stuff/juniper/mx.1591636788.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki