[j-nsp] RE: Strange issue involving sampling

Peering Peering at xspedius.com
Thu Jan 19 10:08:45 EST 2006


Further notes on this...

1.  Customer has all Cisco routers (28xx) and switches (Catalyst 29xx
and 49xx) and a Checkpoint firewall.  His connection to us is 2xT1
MLPPP.
2.  He's using the same Cisco 2821 to connect to both us and Sprint and
he's running BGP with both.  Whenever he has issues connecting to secure
sites, if he shuts down his BGP session with us, he can reach the secure
sites again.
3.  The router he connects to at Sprint is a Cisco.

So, I'm kinda thinking it's another odd MLPPP Link-Services
non-compatibility issue that Juniper has and Cisco doesn't.  Don't get
me wrong, I'd never switch back to Cisco, I love my Junipers, but we
have had some weird issues with MLPPP and Juniper (we're on JUNOS 6.2,
and I've heard they fixed a lot of issues in the newer releases).  I'm
going to play around with MTU sizes too, but if anyone has any other
suggestions I'd be happy to hear them.

Diane Turley
Sr. Network Engineer
Xspedius Communications Co.
636-625-7178

>  -----Original Message-----
> From: 	Peering  
> Sent:	Wednesday, January 18, 2006 3:11 PM
> To:	'juniper-nsp at puck.nether.net'
> Subject:	Strange issue involving sampling
> 
> I sent this to NANOG first and they pointed me here.  Sorry for not
> lurking first :-)
> 
> I have this problem where a customer of mine has issues getting to
> secure websites (https sites like Charles Schwab's).  It doesn't
> happen all the time, maybe once a month or so.  We went to Juniper
> with the issue (we're using M-20s as our edge routers) and they
> couldn't figure it out, but one of our engineers found that the config
> pasted below (with proprietary info removed) fixed the problem.  The
> only problem is that even with this config, we have to restart the
> sampling daemon every month or so because the problem will come back.
> Understandably, the customer would prefer to have a more permanent
> solution.
> 
> Anyone have an idea why this one customer on my entire network would
> have this issue?  Supposedly the customer had Cisco come out and look
> at their network and they couldn't find any reason for it either.
> 
> routerx# show | compare rollback 0 
> [edit]
> -  forwarding-options {
> -      sampling {
> -          input {
> -              family inet {
> -                  rate 1;
> -              }
> -          }
> -          output {
> -              file filename customer.sample;
> -          }
> -      }
> -  }
> [edit firewall]
> -   filter customer {
> -       term 1 {
> -           then {
> -               sample;
> -               accept;
> -           }
> -       }
> -       term default {
> -           then accept;
> -       }           
> -   }
> 
> [edit interfaces ls-2/3/0 unit 3]
> routerx# show 
> description "Customer X";
> encapsulation multilink-ppp;
> ml-pic-compatible;
> family inet {
>     no-redirects;
>     filter {
>         input customer;
>         output customer;
>     }
>     address x.x.x.x/30;
> }
> 
> Diane Turley
> Sr. Network Engineer
> Xspedius Communications Co.
> 636-625-7178
> 


More information about the juniper-nsp mailing list