[j-nsp] NetScreen/Juniper problem

Chris Roberts croberts at bongle.co.uk
Wed Mar 29 06:29:00 EST 2006 

Sorry to reply to self, but further to this we've just tried to register
this on the Netscreen site which isn't accepting the serial number we give
it. We can't raise a fault with Juniper until we can register it... We can't
register because of a fault on the website. We've mailed
support at juniper.net, is there anyone from J reading that could contact me so
we can get this registered and go through the normal channels to raise a
ticket please?

Cheers,
Chris.

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Chris Roberts
> Sent: 28 March 2006 13:44
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] NetScreen/Juniper problem
> 
> Apologies for anyone also on nn at qorbit for this cross-posting, I figured
> I'd
> post this here now aswell.
> 
> We're trying to get multicast working on a Juniper/NetScreen 25 running
> ScreenOS 5.3.0r1.0.
> 
> We have PIM-SM successfully established, and the upstream Cisco route is
> forwarding traffic for the particular multicast group to the NetScreen
> ethernet3 (Untrust zone/trust-vr) interface. This interface does not seem
> to
> be recognizing/registering the multicast data traffic:
> Hardware 64-bit counters for interface ethernet3:
> in bytes                 772953924749 |  out bytes
> 1554508676111
> in ucast                   2205056934 |  out ucast
> 3381480232
> in mcast                            0 |  out mcast
> 0
> in bcast                            0 |  out bcast
> 0
> 
> When we debug flow all, with an ffilter setup for our source, we see the
> following:
> ****** 5250133.0: <Untrust/ethernet3> packet received [1356]******
>   ipid = 0(0000), @c7d44110
>   packet passed sanity check.
>   ethernet3:132.185.236.60/32783->233.122.227.201/5554,17<Root>
>   existing session found. sess token 6
>   flow got session.
>   flow session id 25564
>   POLL_DROP_PAK: vlist 0x14337c4, 0x14336e8
>   super fast vector 3
> ****** 5250133.0: <Untrust/ethernet3> packet received [1356]******
>   ipid = 0(0000), @c7d45110
>   packet passed sanity check.
>   ethernet3:132.185.236.60/32783->233.122.227.201/5554,17<Root>
>   existing session found. sess token 6
>   flow got session.
>   flow session id 25564
>   POLL_DROP_PAK: vlist 0x14337c4, 0x14336e8
> ****** 5250133.0: <Untrust/ethernet3> packet received [1356]******
>   ipid = 0(0000), @c7d45910
>   packet passed sanity check.
>   ethernet3:132.185.236.60/32783->233.122.227.201/5554,17<Root>
>   existing session found. sess token 6
>   flow got session.
>   flow session id 25564
>   POLL_DROP_PAK: vlist 0x14337c4, 0x14336e8
> 
> This leads me to believe we may be dropping this traffic at the NetScreen?
> Would could this be? We have the following multicast routes for this
> group:
> (*, 233.122.227.201)  RP 217.154.130.100 02:00:38/-         Flags: LF
>   Zone            : Untrust
>   Upstream        : ethernet3           State          : Joined
>   RPF Neighbor    : 217.154.52.38       Expires        : 00:00:23
>   Downstream      :
>   ethernet1    02:00:38/-         Join         233.122.227.201  FC
> 
> (132.185.236.60/27, 233.122.227.201)   02:00:37/00:02:54  Flags: TLF
>   Zone            : Untrust
>   Upstream        : ethernet3           State          : Joined
>   RPF Neighbor    : 217.154.52.38       Expires        : 00:00:24
>   Downstream      :
>   ethernet1    02:00:37/-         Join         233.122.227.201
> 132.185.236.60 FC
> 
> Which leads me to believe all is okay. Yet no multicast traffic appearing
> on
> ethernet1.
> 
> I'm pretty sure this must be a bug, can anyone else shed any light, or
> give
> me any ideas on what else I could check? We have at times seen a few
> packets
> from this stream passed, but it has been random and sporadic and only a
> few
> packets.
> 
> Cheers,
> Chris.
> 
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.3.2/293 - Release Date: 26/03/2006
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 
> 
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.3.2/293 - Release Date: 26/03/2006
> 
> 
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.3.2/293 - Release Date: 26/03/2006
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.3.3/295 - Release Date: 28/03/2006

More information about the juniper-nsp mailing list