[j-nsp] SRX deployment / issues
Tim Eberhard
xmin0s at gmail.com
Tue Mar 23 09:27:53 EDT 2010
I know there was/is an issue on the older code versions of sessions being
built with the incorrect time out (if I recall correctly it was 48 hours).
It's easy to see though all one would have to do is look at a type of
session that you know would have a short duration time (such as ICMP or UDP)
and if you see a extremely large number then you've got an issue.
In the past on the netscreen platform I've seen various issues with the
NATAGER process (the process responsible for session table clean up) but so
far at least in my experience I haven't ran into an like that on the SRX
platform.
-Tim Eberhard
On Tue, Mar 23, 2010 at 7:21 AM, Fahad Khan <fahad.khan at gmail.com> wrote:
> Seems to be looking some thing wrong with session table??
>
> any one faced same thing with SRX650??
>
> regards,
> Muhammad Fahad Khan
> JNCIP - M/T # 834
> IT Specialist
> Global Technology Services, IBM
> fahad at pk.ibm.com
> +92-321-2370510
> +92-301-8247638
> Skype: fahad-ibm
> http://www.linkedin.com/in/muhammadfahadkhan
> http://fahad-internetworker.blogspot.com
> http://www.visualcv.com/g46ptnd
>
>
> On Tue, Mar 23, 2010 at 5:10 PM, Michael Dale <mdale at dalegroup.net> wrote:
>
> > I've had some serious issues with both my SRX 210 and 2x240s.
> >
> > The SRX210 I have here at home was having all kinds of issues
> reconnecting
> > if there was an ADSL drop. A restart routing command would fix this. This
> > issue seems to have been mostly fixed in 10.0R2 and 10.1R1.
> >
> > The pair of SRX240s on the other hand are still having issues. I recently
> > setup a cluster with 10.1R1 which was all working fine in the lab, but
> after
> > 10 ours of production all traffic simply stopped. I've logged into the
> > devices via the console and cannot find any errors. No idea what is going
> on
> > here. Not to mention the issues with ethernet switching and clustering...
> >
> > Oh and no support for packet based traffic in clusters, so no IPv6 at
> all.
> >
> > The older SSG line will have to keep me going until juniper fix some of
> > these issues!
> >
> > Michael.
> >
> > ----- Original Message -----
> > From: Hoogen [mailto:hoogen82 at gmail.com]
> > To:
> > juniper-nsp at puck.nether.net
> > Sent: Tue, 23 Mar 2010 04:05:46 +1100
> > Subject:
> > [j-nsp] SRX deployment / issues
> >
> >
> > > I think the EX thread was really good and the feedback was awesome. I
> > would
> > > like hear about similar experiences while deploying SRX Series
> gateways,
> > I
> > > am assuming I would hear a lot on the branch boxes SRX 210,240,650 I
> > would
> > > also love to hear feedback on SRX 3000/5000 if people have been using
> it
> > in
> > > their setup, problems that their facing, improvements and general
> > deployment
> > > scenario that have been used.
> > >
> > > -Hoogen
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list