[j-nsp] "restart interface-control" ?

Nemo Semret nemo at invisiblehand.net
Sat Dec 4 23:26:35 EST 2004 

Hello all,

I have an M10 which was been running smoothly with 6.0R2.4 for 18 months.

Recently it's been refusing to "take" any itnerface config changes, even 
after theyt have been succesfully committed to the config.
Specifically, I can edit any part of the interfaces config and commit it 
fine -- like changing interface address and adding subinterfaces. The 
changes are there in
'show configuration'
but do not show up in
'show interfaces'
and do not physically take effect ( new addresses for example are not 
pingable or removed address still are, even though they are not in the 
config anymore).

This is not the case with other config changes, e.g. policy-options, 
routing, firewall config changes all work fine.

I've tried to 'restart interface-control gracefully' as well as 'soft'
I've also tried the same with 'restart firewall' and it fails.

 > restart firewall
Firewall daemon signalled but still running, waiting 8 seconds more
Firewall daemon still running, sending another terminate signal
Firewall daemon still running, sending another terminate signal
Firewall daemon still running, sending another terminate signal
Firewall daemon still running, sending another terminate signal
Firewall daemon still running, sending another terminate signal
Firewall daemon pid 2314 failed to terminate
warning: restart of process failed

This only occurs with firewall and interface-control. botth processes 
are stuck in STATE = 'ipfw':

  2314 root       -20   0  1660K   864K ipfw   309:00  0.00%  0.00% dfwd
  2328 root       -20   0   196M 39516K ipfw   241:50  0.00%  0.00% dcd


Any ideas on how to get them "unstuck"?  (See ps below for logs)

The only thing I have not tried "restart interface-control" without 
gracefully or soft, since docs do not indicate, as far as I can tell, 
what effect it will have on traffic flowing through the router. Is that 
safe?

Thanks,

	-nemo-


P.S.  Background on the problem:

Right at the end of 'show log intf' there is:

----------------
Nov 15 12:06:54 New phase is CONFIG
Nov 15 12:06:54 FILTER Field PROGRAM (1) Changed, conf 0x830c840 kern 0x0
Nov 15 12:06:54 FILTER Field PROGRAM (1) Changed, conf 0x830c840 kern 0x0
Nov 15 12:06:54 Queueing CHANGE:
Nov 15 12:06:54  Filter index 16000, len 516, offset 0
Nov 15 12:06:54  Hash ea 09 91 1f f4 61 cc 0c ec ff 85 36 fc dc 96 25
Nov 15 12:06:54 dcd_ih_sort_config_queue: Sorting the config queue 830c804
Nov 15 12:06:54 WRITE sync len 556, type FIREWALL (14), seq 252390, op 
CHANGE, id 0
Nov 15 12:06:54  Filter index 16000, len 516, offset 516
Nov 15 12:06:55  Hash ea 09 91 1f f4 61 cc 0c ec ff 85 36 fc dc 96 25
----------------

Looking further up, normally this is followed by something like

------------------
New phase is IDLE
Going idle, 3 sync writes, 1 sync reads, 0 ifstate msgs, 0 ifstate 
reads, 0 rtb msgs, 0 rtb reads, 1256 usec
-----------------------

BUt that last time it was not. It seems to have gotten stuck in "CONFIG" 
phase and since won't accept any config changes.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: nemo.vcf
Type: text/x-vcard
Size: 232 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20041204/d91dd812/nemo.vcf

More information about the juniper-nsp mailing list