[j-nsp] Routing issues with SRX210

Darrell Root darrellroot at mac.com
Wed Oct 7 22:23:30 EDT 2009 

Tim Eberhard wrote:

>  Basically what happens is the ADSL connection seems to drop out;  
> yet I am still able to ping the ISP gateway address.
>
>  If I run "restart routing" on the SRX it fixes the problem, but the  
> problem comes back every week or so.


I ran into a problem which sounds somewhat similar with OSPF on a  
chassis SRX.  OSPF would form
a neighbor relationship fine, but every couple days we'd get an OSPF  
reset with "too many retransmissions".
Then OSPF would reform it's neighbor relationship and work again for  
another random period of time before
resetting again.

It turned out that we had not done this:

set security zones security-zone XXXX host-inbound-traffic protocols  
ospf

After realizing that we were surprised that the OSPF neighbor  
relationship formed at all.  But it did.  It was just
unstable.

What I think was happening was that we'd successfully connect outbound  
via ospf, and the stateful firewall
would allow the return traffic back.  But periodically the neighbor  
router would need to send us an update
and that wouldn't get counted as "return traffic".  So the firewall  
filter would reject it inbound.  Periodically
that would result in a "too many retransmissions" and a neighbor reset.

Assuming you have a similar cause, the trick is to figure out what  
host-inbound-traffic protocol/service
to allow to keep your adsl up.

Darrell Root


> Date: Tue, 06 Oct 2009 09:33:24 +1100
> From: "Michael Dale" <mdale at dalegroup.net>
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Routing issues with SRX210
> Message-ID: <20091005223324.43fc652a at mail.lttd.net>
> Content-Type: text/plain;	charset="us-ascii"
>
> Hi Tim,
>
> Thanks for the reply!
>
> I've had a look at the jsrpd logs and didn't see anything  
> interesting/odd. Is there anything else I can check?
>
> I'm pretty new to JunOS and the SRX range, I mostly use the ScreenOS  
> devices...
>
> I'm going to swap over to an external ADSL modem to see if the  
> problem still occurs.
>
> Thanks!
> Michael.
>  _____
>
> From: Tim Eberhard [mailto:xmin0s at gmail.com]
> To: Michael Dale [mailto:mdale at dalegroup.net]
> Cc: juniper-nsp at puck.nether.net
> Sent: Mon, 05 Oct 2009 23:41:10 +1100
> Subject: Re: [j-nsp] Routing issues with SRX210
>
> The first thing I would check is the logs. Do you see a rdp deamon  
> problem or anything along those lines?
>
>
> On Mon, Oct 5, 2009 at 2:21 AM, Michael Dale <mdale at dalegroup.net>  
> wrote:
>  Hi All,
>
>  I'm having some issues with my SRX210 running JunOS 9.6
>
>  I'm using an SSG 20 ADSL mini-pim (which could be my problem as it  
> isn't supported).
>
>  Basically what happens is the ADSL connection seems to drop out;  
> yet I am still able to ping the ISP gateway address.
>
>  If I run "restart routing" on the SRX it fixes the problem, but the  
> problem comes back every week or so.
>
>  The routing table looks okay and I can ping the ISP gateway from  
> devices behind the SRX but nothing else.
>
>  Does anyone have any ideas on how to track this problem down?
>
>  Thanks,
>  Michael.
>  _______________________________________________
>  juniper-nsp mailing list juniper-nsp at puck.nether.net
>  https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list