Troubleshoot Junos

From Personal Wiki
Jump to navigation Jump to search

Packet capture

If no interface is specified, or loopback or irb(by default switch when interface is not set) is set, than control traffic is captured 

monitor traffic layer2-headers detail size 1500 no-resolve write-file /var/tmp/capture.pcap

High CPU

High CPU of VC member can be cause by flapping ports/VLANs or frequent network change. Do a packet capture of control traffic, flapping ports can be seen in syslog or SNMP Linux type of process utilization 

start shell
top

Process utilization on Junos or on specific member, when no member, RE process utilization is shown 

show system processes extensive
show system processes extensive member 2

Utilization 

show chassis fpc
show chassis routing-engine

SRX Policy

Check what interface is chosen for route
sh route 192.168.10.254

Check interface Zone:
sh interface reth0.10

Trace each FW
Check Kibana for similar permited traffic and also which rules drops this traffic
Better is to do a match policy on each FW to see, but also for similar traffic

show security match-policies
show security match-policies global

Find in Junos Space by destination IP similar rule or by same source IP and edit existing rule. You can find which zone policy according to previous findings with sh route and sh interface
Retrieved from "https://wiki.senetos.com/index.php?title=Troubleshoot_Junos&oldid=355"