[j-nsp] SRX monitor-interface question

Asad Raza asadgardezi at gmail.com
Fri Dec 13 06:58:46 EST 2013


Reffer data plane on following:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16224

Asad



On Friday, December 13, 2013, R S wrote:

> how can I config syslog/traffic log directly from data plane ?
> some config example ?
>
> tks
>
> ------------------------------
> Date: Fri, 13 Dec 2013 14:51:58 +0300
> Subject: Re: [j-nsp] SRX monitor-interface question
> From: asadgardezi at gmail.com <javascript:_e({}, 'cvml',
> 'asadgardezi at gmail.com');>
> To: dim0sal at hotmail.com <javascript:_e({}, 'cvml',
> 'dim0sal at hotmail.com');>
> CC: fahad.khan at gmail.com <javascript:_e({}, 'cvml',
> 'fahad.khan at gmail.com');>; juniper-nsp at puck.nether.net <javascript:_e({},
> 'cvml', 'juniper-nsp at puck.nether.net');>
>
> Its not recommended to use control plane for traffic logs, you can
> configure sex to forward traffic logs directly from data plane
>
> RG0 aka control plane controls your rotuing engine, routing protocols and
> chassis. Failing it over will cause your routing daemon to restart ,
> routing protocols to reconverge and so on...
>
> Asad
>
> On Friday, December 13, 2013, R S wrote:
>
> And what about syslog or firewall traffic logging flows on the RG1 Active
> node if RG0 remain active on the Passive ?
>
> Date: Fri, 13 Dec 2013 16:34:53 +0500
> Subject: Re: [j-nsp] SRX monitor-interface question
> From: fahad.khan at gmail.com
> To: dim0sal at hotmail.com
> CC: juniper-nsp at puck.nether.net
>
> RG0 only contains Control Plane or REs.
> In SRX failover, its not necessary to failover RG0 when there is a
> failover in RG1 due to a link failure. So we only do interface-monitor in
> RG1, RG2 ... not in RG0. RG0 already run in A/P mode.
>
>
> It can be possible that SRX B is Primary in RG0 while Secondary in RG1
> (means SRX A is Primary in RG 1)
> Muhammad Fahad Khan
> JNCIE-M # 756
> Lead Network and Security Consultant - IBM
>
> +92-301-8247638
> Skype: fahad-ibm
> http://pk.linkedin.com/in/muhammadfahadkhan
>
>
> On Fri, Dec 13, 2013 at 2:07 PM, R S <dim0sal at hotmail.com> wrote:
>
>
>
>
>
> Hi
>
>
>
> In an SRX5800 cluster
>
> A/P deployment, does anybody recommend to monitor-interface also on RG0 or
> not
>
> ?
>
>
>
> PRO ? CONS ?
>
>
>
>
>
>
>
> We did it but
>
> unfortunately during an SPU crash the RG0 didn’t switch properly and JTAC
> told us it’s
>
> not recommended monitor-interface under RG0 in same corner case…
>
>
>
>
>
>
>
> Any experience to share
>
> is useful
>
>
>
>
>
>
>
> Tks
>
>
>
>
>
> _______________________________________________
>
> juniper-nsp mailing list juniper-nsp at puck.nether.net
>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>


More information about the juniper-nsp mailing list