[j-nsp] R: Re: SRX monitor-interface question

dim0sal dim0sal at hotmail.com
Wed Dec 18 00:39:40 EST 2013


I currently would like to have both traffic logs and local resource logs (systems syslog, routing syslog, snmp, etc) in the device we re able to reach.
We did management inband hence we re able to reach only through RG1.

Any idea?

Tks



Sent with Mobile 

-------- Messaggio originale --------
Da: Fahad Khan <fahad.khan at gmail.com> 
Data:  
A: R S <dim0sal at hotmail.com> 
Cc: Asad Raza <asadgardezi at gmail.com>,juniper-nsp at puck.nether.net 
Oggetto: Re: [j-nsp] SRX monitor-interface question 
 
SRX (High end) by default keeps logs on data plane and they have to be forwarded to any external syslog 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16506

however from Junos 10 perhaps you can copy them from data plane to control plane if you want to see them on console.

Muhammad Fahad Khan
JNCIE-M # 756
Lead Network and Security Consultant - IBM 
+92-301-8247638
Skype: fahad-ibm
http://pk.linkedin.com/in/muhammadfahadkhan


On Fri, Dec 13, 2013 at 7:28 PM, R S <dim0sal at hotmail.com> wrote:
The only part missing will remain local control plane resources (ie logs, snmp, etc) that remain on RG0 secondary.

Am I right ? 

Date: Fri, 13 Dec 2013 14:58:46 +0300

Subject: Re: [j-nsp] SRX monitor-interface question
From: asadgardezi at gmail.com
To: dim0sal at hotmail.com
CC: fahad.khan at gmail.com; juniper-nsp at puck.nether.net

Reffer data plane on following:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16224

Asad



On Friday, December 13, 2013, R S wrote:
how can I config syslog/traffic log directly from data plane ?
some config example ?

tks

Date: Fri, 13 Dec 2013 14:51:58 +0300
Subject: Re: [j-nsp] SRX monitor-interface question
From: asadgardezi at gmail.com
To: dim0sal at hotmail.com
CC: fahad.khan at gmail.com; juniper-nsp at puck.nether.net

Its not recommended to use control plane for traffic logs, you can configure sex to forward traffic logs directly from data plane

RG0 aka control plane controls your rotuing engine, routing protocols and chassis. Failing it over will cause your routing daemon to restart , routing protocols to reconverge and so on...

Asad

On Friday, December 13, 2013, R S wrote:
And what about syslog or firewall traffic logging flows on the RG1 Active node if RG0 remain active on the Passive ?

Date: Fri, 13 Dec 2013 16:34:53 +0500
Subject: Re: [j-nsp] SRX monitor-interface question
From: fahad.khan at gmail.com
To: dim0sal at hotmail.com
CC: juniper-nsp at puck.nether.net

RG0 only contains Control Plane or REs.
In SRX failover, its not necessary to failover RG0 when there is a failover in RG1 due to a link failure. So we only do interface-monitor in RG1, RG2 ... not in RG0. RG0 already run in A/P mode.


It can be possible that SRX B is Primary in RG0 while Secondary in RG1 (means SRX A is Primary in RG 1)
Muhammad Fahad Khan
JNCIE-M # 756
Lead Network and Security Consultant - IBM

+92-301-8247638
Skype: fahad-ibm
http://pk.linkedin.com/in/muhammadfahadkhan


On Fri, Dec 13, 2013 at 2:07 PM, R S <dim0sal at hotmail.com> wrote:





Hi



In an SRX5800 cluster

A/P deployment, does anybody recommend to monitor-interface also on RG0 or not

?



PRO ? CONS ?







We did it but

unfortunately during an SPU crash the RG0 didn’t switch properly and JTAC told us it’s

not recommended monitor-interface under RG0 in same corner case…







Any experience to share

is useful







Tks





_______________________________________________

juniper-nsp mailing list juniper-nsp at puck.nether.net

https://puck.nether.net/mailman/listinfo/juniper-nsp



_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list