[j-nsp] SRX240H Cluster & SNMP

Eric Van Tol eric at atlantech.net
Mon Aug 20 15:22:03 EDT 2012 

Hi Wayne,
Answers inline.

> I doubt it matters, but I'm polling the devices through their
> loopback
> interfaces.  I also filter out some of the interfaces and filter
> duplicates:

I do the same thing.  Just for the Hell of it, I tried to poll through the fxp0 port, but the same thing happens.

> Does it seem to happen the most when there are lots of queries going
> through?  

The issue is really just trying add the device to my NMS.  The NMS sends out Get requests for all the interfaces to add them into its database.  I have no problems doing this for a 3600 cluster or really any other Juniper devices.  

> Any signs of trouble on your control or fabric interfaces?

Not that I can tell.  No errors or drops.

> Has JTAC already had you enable tracing for SNMP?

They made me get a capture of the queries, which I sent to them, but because the SRX was sending get-response packets back, that seemed to indicate to the JTAC engineer that there was no problem.  What he didn't do was actually look at the responses where the SRX is sending 'noSuchObject' back for valid interface objects.  Performing a 'show snmp mib walk <oid>' for one of the OIDs for which a 'noSuchObject' was sent elicits an incredibly slow response time from the CLI with an eventual output of the information contained within that OID.

Maybe I'll try 11.2R6 and see if that version works.  The SRX3600 cluster is running 11.2R7.4 and I'm not seeing the same problems.  It's specifically related to the SRX240, from what I can tell, as both the production cluster and the lab cluster exhibit the same behavior.

-evt

> :w
> 
> 
> 
> On Mon, Aug 20, 2012 at 8:51 AM, Eric Van Tol <eric at atlantech.net>
> wrote:
> > All,
> > Is there a version above 11.2 where SNMP works properly in a
> cluster?  Seems that when running various versions (11.2R7.4 and
> 11.4R4.4, so far) on a 240H cluster, SNMP doesn't work properly and
> starts spitting out 'noSuchObject' errors on perfectly valid queries
> like when querying the interfaces MIB.  I should also mention that
> the OIDs it seems to have a problem with are primarily ones that have
> to do with the backup chassis in redundancy-group 0 (ge-5/0/0 through
> ge-5/0/15).  JTAC has thus far been unsuccessful at assisting me.
> >
> > I have downgraded to 10.4R10.7 on a non-production cluster and it's
> working successfully, but I really want to take advantage of the
> global address book.  I can certainly live without it, but it does
> make things much easier.
> >
> > Thanks in advance,
> > evt
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list