[j-nsp] ssh (cli?) differences in 6.4R2.

Carl Hayter hayter at usc.edu
Tue Nov 16 17:59:22 EST 2004


On Tue, Nov 16, 2004 at 12:59:58PM -0800, Eli Dart wrote:
> 
> In reply to Carl Hayter <hayter at usc.edu> :
> 
> > 
> > > ssh user at 6.4-router "edit ; set policy-options prefix-list FUBAR 1.2.3.4/=
> > 32=20
> > > ; commit"
> > 
> > You don't want to rely on this.  For certain combinations of filter
> > complexity, prefix-list length and frequency of updates JUNOS has
> > problems with some part of the filter compilation/download process
> > that will leave your router in a state where it is unable to
> > modify the filters.  The only way to regain the ability to change
> > the filter is to reload/failover.  So, if you do this, don't do it
> > often and cross your fingers before you hit Enter.
> 
> Hmmm....is this the memory leak in the PFE?  I thought that had been 
> fixed....

Indeed, the original problem manifested itself in the PFE resulting
in loss of forwarding.  I think it was a secondary interaction.
When they fixed that, the MTBF increased and the failure manifested
itself only in the filter update failure.

----
Carl Hayter

> 
> 		--eli
> 
> 
> > 
> > ----
> > Carl Hayter
> > 
> > On Tue, Nov 16, 2004 at 08:00:57AM +0100, Scott A. McIntyre wrote:
> > > Hello,
> > >=20
> > > After recently upgrading a M160 from 5.7 to 6.4R2 we've noticed a change =
> > in=20
> > > behaviour that we're not sure is associated with the process of upgrading=
> > ,=20
> > > or a configuration change in how SSH and the CLI behaves.
> > >=20
> > > The issue is that previously we could invoke CLI commands via a ssh=20
> > > session, chaining commands together with ";" to perform a series of=20
> > > actions.  For example:
> > >=20
> > > ssh user at 6.4-router "edit ; set policy-options prefix-list FUBAR 1.2.3.4/=
> > 32=20
> > > ; commit"
> > >=20
> > > However, with 6.4R2 any attempt to submit a command with the SSH login=20
> > > request is not sent to the JunOS cli but directly to the shell (apparentl=
> > y=20
> > > because sh -c is invoked by default):
> > >=20
> > > ssh scott at 6.4-router "id"
> > >=20
> > > uid=3D2007(scott) gid=3D20(staff) groups=3D20(staff), 0(wheel), 10(field)=
> > ,=20
> > > 11(floppy)
> > >=20
> > > Whilst we can invoke the cli by making the command to run "cli" we lose t=
> > he=20
> > > ability to chain commands together.
> > >=20
> > > On any other version of JunOS we have (5.7 -> 6.4R1):
> > >=20
> > > ssh scott at 5.7-router "id"
> > >=20
> > > error: unknown command: id
> > >=20
> > > (As it's at the CLI level).
> > >=20
> > > Note that this behaviour is only seen when you include a command to execu=
> > te=20
> > > with the SSH request; with no command you end up at the normal JunOS CLI=
> > =20
> > > prompt (not the shell).
> > >=20
> > > What is the right way to make this the default so that ssh sessions=20
> > > inclusive of commands to execute are done at the CLI level, and not sent=
> > =20
> > > through /bin/sh?
> > >=20
> > > Thanks,
> > >=20
> > > Scott A. McIntyre
> > > XS4ALL Internet B.V.
> > >=20
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > 
> > --2uQJ4X0rBgtQpAza
> > Content-Type: application/pgp-signature
> > Content-Disposition: inline
> > 
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.2 (SunOS)
> > 
> > iD8DBQFBmmT4jSUgp1gR7V8RAiH5AKCT8nkmgyVXvjLo3Q/YmyUzwVlzLQCfbjdT
> > 7D+ZsvuolY+MqLJjA2QlmFc=
> > =NSjl
> > -----END PGP SIGNATURE-----
> > 
> > --2uQJ4X0rBgtQpAza--
> > 
> > --===============0443775494==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> > 
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > 
> > --===============0443775494==--
> > 
> 
> 



> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20041116/9b26d8f9/attachment.bin


More information about the juniper-nsp mailing list