Hi all,
Just to update, i'm try to dhcp request from inter-vrf at same DC and result also same. Cannot get dhcp ip. I'm already route leak between two VRF but the client still cannot get result. Any thing need to add such as hidden knob?
Appreciate any feedback
Hi,
If that device is SRX and u can see it on SD. If the device it non-srx then u can see it on NMS such as Solarwind and etc.
Thanks
Hi
If you are looking for data plane traffic then with JunOS you can use the sflow feature with a third party collector to identify the traffic. I dont think we have a CLI command to check the utilization with respect to the source and destination IP.
Hope this helps
Hi Arix,
This pretty much depends on the Junos device (hardware) you're using.
As mentioned, if it's SRX you can see that on Security Director, if it's a MX or PTX you could use JFlow or SCU/DCU (https://www.juniper.net/documentation/en_US/junos/topics/concept/source-class-usage-options-junos-nm.html), if it's QFX you can use SFlow...
br.,
Eduardo Haro
Hi,
When you say:
My requirement is:
192.168.0.1/24 to ISP1
172.16.0.1/24 to ISP2
Do you mean that you want to receive traffic for 192.168.0.1/24 via ISP1 and receive traffic to 172.16.0.1/24 via ISP2?
If your ISP accept the usage of MED, you could use this attribute. Other way, would be to announce a most specific route (let's say /23) to the ISP that you would like to receive this traffic and the least specific one (in your case /24) to the other ISP.
br.,
Eduardo Haro
Hi Arix,
One good starting point is checking the memory utilization of the FPC's, basically using show system resource-monitor fpc or summary.
Here are the links:
Of course, as mentioned, throubleshooting can be very complicated, so a JTAC case could help a lot.
br.,
Eduardo Haro
Hi Arix,
If you can share some information reagrding the issue ; I can share some specific commands for troubleshooting them.
Here is what you can begin with.
<Subscriber Authentication>
show network-access aaa statistics authentication
show network-access aaa radius-servers brief
show network-access aaa radius-servers detail
[Configure authd traceoption : they are very chatty so huge files will be created]
| set system processes general-authentication-service traceoptions file filename |
| set system processes general-authentication-service traceoptions file size 500m |
| set system processes general-authentication-service traceoptions flag all |
| set system processes general-authentication-service traceoptions file files 5 |
<DHCP>
show dhcp server statistics
show dhcp server binding summary
show dhcp server binding <address>
show subscribers summary
show subscribers
[Traceoptions are very chatty for DHCP too]
| set system processes dhcp-service traceoptions file filename |
| set system processes dhcp-service traceoptions file size 500m |
| set system processes dhcp-service traceoptions file files 5 |
| set system processes dhcp-service traceoptions flag all |
NAT
show services inline nat statistics
show services inline nat pool
Hope this helps !!
Please accept this as a solution if it answers your question so others can benefit from your post.
+++++++++++++++++++++++++++++++++++++++++++++
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
+++++++++++++++++++++++++++++++++++++++++++++
Hi all,
Thanks for responses.... You guys are asking about the issues....Here the persisting issues that I am stucked.No idea where to start?
authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124280423 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124280535 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124281359 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124281418 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124281626 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124281738 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124281892 authd[58075]: Failed to create a prefix entry in pool IPv6_Assigned_Pool_2 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124282520 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124283099 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124283784 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124284207 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124284459 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124284686 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124284964 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124285168 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124285279 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS authd[58075]: Failed to create a prefix entry in pool IPv6_Assigned_Pool_2 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124285733 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124285889 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124286058 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124286179 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124286426 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124286482 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124286537 jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124286597 authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS authd[58075]: Failed to create an address entry in pool Pub_POOL_for_CUSTOMERS jdhcpd: DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 2503:a6a0:1a00:2f5:: as it is already used by 124287042
Thx
A
Hi all,
I am trying to digest about below config..........Some concerns occurs......
Why there is only one Pyhsical interface that attached to the AE30 below. What reason could be? We know that AE interface should be consisted of multiple Physical interfaces for some good reasons -redundancy or increasing bandwith etc. Secondly what purpose of many unit(s) on AE30? If Pysical interface (xe-2/0/2) is down, doesn't mean all Unit(s) down? Where is the redundancy? Do you know where I come from?
show configuration interfaces ae30 | display set
set interfaces ae30 description Bandwidth_Saler_WTGR-40G-Main_Connection
set interfaces ae30 flexible-vlan-tagging
set interfaces ae30 mtu 9192
set interfaces ae30 encapsulation flexible-ethernet-services
set interfaces ae30 aggregated-ether-options minimum-links 1
set interfaces ae30 aggregated-ether-options lacp active
set interfaces ae30 aggregated-ether-options lacp periodic fast
set interfaces ae30 unit 3000 description vNNI_00
set interfaces ae30 unit 3000 encapsulation vlan-bridge
set interfaces ae30 unit 3000 vlan-id 3000
set interfaces ae30 unit 3000 family ethernet-switching vlan members Vxxxxx01_VLAN3000
set interfaces ae30 unit 3001 description vNNI_01
set interfaces ae30 unit 3001 encapsulation vlan-bridge
set interfaces ae30 unit 3001 vlan-id 3001
set interfaces ae30 unit 3001 family ethernet-switching vlan members Vxxxxx02_VLAN3001
set interfaces ae30 unit 3002 description vNNI_02
set interfaces ae30 unit 3002 encapsulation vlan-bridge
set interfaces ae30 unit 3002 vlan-id 3002
set interfaces ae30 unit 3002 family ethernet-switching vlan members Vxxxxx03_VLAN3002
set interfaces ae30 unit 3003 description vNNI_03
set interfaces ae30 unit 3003 encapsulation vlan-bridge
set interfaces ae30 unit 3003 vlan-id 3003
set interfaces ae30 unit 3003 family ethernet-switching vlan members Vxxxxx04_VLAN3003
set interfaces ae30 unit 3004 description vNNI_04
set interfaces ae30 unit 3004 encapsulation vlan-bridge
set interfaces ae30 unit 3004 vlan-id 3004
set interfaces ae30 unit 3004 family ethernet-switching vlan members VVxxxxx05_VLAN3004
set interfaces ae30 unit 3005 description vNNI_05
set interfaces ae30 unit 3005 encapsulation vlan-bridge
set interfaces ae30 unit 3005 vlan-id 3005
set interfaces ae30 unit 3005 family ethernet-switching vlan members Vxxxxx06_VLAN3005
set interfaces ae30 unit 3006 description vNNI_06
set interfaces ae30 unit 3006 encapsulation vlan-bridge
set interfaces ae30 unit 3006 vlan-id 3006
set interfaces ae30 unit 3006 family ethernet-switching vlan members Vxxxxx07_-VLAN3006
set interfaces ae30 unit 3007 description vNNI_07
set interfaces ae30 unit 3007 encapsulation vlan-bridge
set interfaces ae30 unit 3007 vlan-id 3007
set interfaces ae30 unit 3007 family ethernet-switching vlan members Vxxxxx08_VLAN3007
set interfaces ae30 unit 3008 description vNNI_08
set interfaces ae30 unit 3008 encapsulation vlan-bridge
set interfaces ae30 unit 3008 vlan-id 3008
set interfaces ae30 unit 3008 family ethernet-switching vlan members VVxxxxx09_VLAN3008
set interfaces ae30 unit 3009 description vNNI_09
set interfaces ae30 unit 3009 encapsulation vlan-bridge
set interfaces ae30 unit 3009 vlan-id 3009
set interfaces ae30 unit 3009 family ethernet-switching vlan members VVxxxxx10_VLAN3009> show lacp interfaces ae30
Aggregated interface: ae30
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
xe-2/0/2 Actor No No Yes Yes Yes Yes Fast Active
xe-2/0/2 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol: Receive State Transmit State Mux State
xe-2/0/2 Current Fast periodic Collecting distributingTh
Ar.
Hi Airx,
Ideally, AE would be configured with multiple child interfaces in order to add to its effective functioning. Having said that, it is still okay to have a single interface in LAG. Personally, I would configure something like that for configuration testing/compatibility testing purposes.
In the configuration, I see the several units on AE30 are configured for different VLANS ( you can see a unique VLAN-id number for each unit).
In this scenario, having our physical interface down will bring our AE bundle down. At least one LAG Child interface should be Active (Up/Up) to bring an Aggregate interface UP, by default. Also, the minimum links configured for AE30 are 1 and since there is only one link configured in AE30, the aggregated interface goes down.
Taking a look at the config, there does not appear to be any redundancy to me. Probably one can include multiple links. This would ensure that the AE is still up even if one physical interface goes down. ( because minimum links configured is 1 )
Pasting below a very good document about LAG. You can give it a read!https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-interface-logical.html
Please mark this as an "Accepted Solution" if it solves all your queries. Kudos would be much appreciated too 
Hi Bmanvita
Thanks for reply...
I further checked AE30 related config at the same Junos device consists of 2 identical MX(s) in Virtual Chassis. There is an AE40 and its configuration is exactly the same as what we are seeing on AE30. Only difference is AE40's Physical interface is different than AE30's. So in this case, there are only two Physical interfaces on the mx Chassis and each Physical interface is member of different AE interfaces(in this case AE30, AE40). This is more reliable, isn't it?
And also I like to ask how to check whether or not these (AE30, AE40) are doing balancing if there is? And what is encapsulation vlan-bridge meant?
Thx
A
Hi all,
What is the best practise on system time on each devices running Junos that located at the different states, different regions, different location...Each states and regions and locations etc have different local time. In this case all Junos devices should be in the same system time or each following their own local time?
Thx
A
Hi Arix,
ae30 and ae40 are two totally diffrent interfaces, they will only perform load balancing of the traffic for which the destination is rechable via both interfaces and you have load balancing enabled.
vlan-bridge—Use Ethernet VLAN bridge encapsulation on Ethernet interfaces that have IEEE 802.1Q tagging, flexible-ethernet-services, and bridging enabled and that must accept packets carrying TPID 0x8100 or a user-defined TPID.
More information can be found in below page >>
Hi.
I understand that the LS Request message is required for OSPF database synchronization during the creation of an OSPF adjacency between two routers. However, once both databases are synchronized and the adjacency is FULL, is there any scenario where an LS Request message can be seen over the FULL adjacency?
Thanks.
Hi Tima ,
good day !
Maybe you could try filter based forwarding
that looks good for your environment
example configuration below :
Regards ,
Sharanya
Hi Arix
For the system time it is always a better option to keep the time format as UTC to avoid all the conversions with locations and different time zones. If all the devices irrespective of their location are set to UTC time then it will be easy to synch through NTP server and for different troubleshooting and administrative functions. However if and when required it can be converted to the local time zone.
Hope this helps
Hi
The link state request message is sent just after the Database Description exchange. Once the requested link state are exchanged and the adjanceny is full then only link state update (LS update) and link state acknowledge (LS ack) is exchanged whenver there is change in the ospf domain. I dont think there is any scenario where LS request is seen after the adjacency is full.
Check out the RFC
https://www.freesoft.org/CIE/RFC/1583/106.htm
Hi,
wrt "If all the devices irrespective of their location are set to UTC time then it will be easy to synch through NTP server ..."
- the system clock will always be on UTC
- NTP will always sync UTC
so whichever timezone you configure the UI and logs to use it doesn't effect NTP or the other way around: If "all the devices irrespective of their location are set to UTC ... for ... (Ulf: easier) troubleshooting and administrative functions" doesn't convince you to use UTC but you want to stick with geographical local timzones per device then you don't need to worry about NTP (it'll just work like always).
Regards
Ulf
Hi Arix,
Having two aggregated interfaces in itself will not make it a reliable configuration as compared to our previous discussion. You will have to check your configuration to ensure load balancing has been enabled or not.
For load balancing on aggregated interfaces, the following document is very helpful. You might want to refer to this -
Flexible Ethernet services is a type of encapsulation that enables a physical interface to support different types of Ethernet encapsulations at the logical interface level. Flexible Ethernet services encapsulation can be configured to support the service provided and the enterprise style configuration. When you encapsulate an interface by using flexible Ethernet services, you can configure a logical interface unit other than 0 with family ethernet-switching. You can also configure other logical interfaces on that same interface with different types of Ethernet encapsulations. This enables logical interfaces that are bound to a VLAN ID to coexist with logical interfaces configured with family ethernet-switching. For example, if you configure PVLAN on the same physical interface on which you are configuring Q-in-Q tunneling, you can use flexible ethernet services to support the enterprise style of configuration for PVLAN, using family ethernet-switching, along with vlan-bridge.
Hello Sharanya,
instead of using FBF, i may use:
'set routing-instances B routing-options static route X.X.X.0/24 next-table A.inet.0'
which looks easier, then applying filters on interfaces and keeping them up-to-date
I was looking for some solution, which would work the same way static route does, but dynamically ))
Regards,
Tima K