[j-nsp] SRX3600 weirdness

Eugeniu Patrascu eugen at imacandi.net
Wed May 1 07:43:46 EDT 2013


First option would be to check to see if the IMAP client is using the
IMAP IDLE command. If so, you might want to disable this option. Or
configure the SRX to never timeout this connections (not sure if
possible).

Second option would be a check to see what screening options you have
from untrust (guess it's the name of the external zone) and trust
(guess is the name of the internal zone) and also check to see what
screening options you had behind your trust and your zone where you
hosted the server for the two weeks where no issues were reported.
that might give you a clue. also look for default option values even
if they don't show up in config.

Third option would be to try and create a new zone and only put your
server in that zone (if possible) and see if the problem manifests
itself or not.

If in one zone it works ok and in another zone it fails, then I would
blame the SRX.

HTH,
Eugeniu

On Sun, Apr 28, 2013 at 12:55 AM, James S. Smith <JSmith at windmobile.ca> wrote:
> I’ve been able to make some more sense of the problem.  After clarifying a few things with the database admins, the issue isn’t sending mail.  It’s some ticketing system that receives email approves, so it’s constantly checking an Exchange mailbox.  That’s where the IMAP traffic comes in.
>
> After enabling the flow trace and waiting for it to have another problem, I was able to see some “SPU invalid session” messages.  These seem to be the only indication of a problem so far.    These seem to occur on and off throughout the day, but there were a lot of them right around the time the problem was reported.  Can’t seem to find much on the Net about these messages, at least in regards to regular TCP flows.  There seems to be a lot about SIP or SCCP, but we’re dealing with IMAP and there are no ALGs turned on for this.
>
> Apr 27 03:39:20 03:39:20.637759:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 000862cb
> Apr 27 03:39:20 03:39:20.851451:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 000abca5
> Apr 27 03:43:06 03:43:06.450593:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 03:45:01 03:45:01.818440:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 000c4901
> Apr 27 03:46:39 03:46:39.882481:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 03:46:40 03:46:39.1220955:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id 00000000
> Apr 27 03:58:51 03:58:51.634500:CID-02:FPC-07:PIC-00:THREAD_ID-17:RT:SPU invalid session id 00000000
> Apr 27 03:58:52 03:58:51.1490052:CID-01:FPC-07:PIC-00:THREAD_ID-24:RT:SPU invalid session id 00000000
> Apr 27 04:00:01 04:00:00.1789529:CID-01:FPC-07:PIC-00:THREAD_ID-25:RT:SPU invalid session id 000eae37
> Apr 27 04:00:01 04:00:01.919422:CID-01:FPC-08:PIC-00:THREAD_ID-08:RT:SPU invalid session id 00000000
> Apr 27 04:00:01 04:00:01.921294:CID-01:FPC-08:PIC-00:THREAD_ID-26:RT:SPU invalid session id 00000000
> Apr 27 04:00:02 04:00:01.951891:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:00:02 04:00:01.962888:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:00:02 04:00:01.1258835:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:00:02 04:00:01.1270033:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:00:02 04:00:01.1240584:CID-01:FPC-08:PIC-00:THREAD_ID-27:RT:SPU invalid session id 00000000
> Apr 27 04:00:02 04:00:01.1241914:CID-01:FPC-08:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:00:02 04:00:02.738873:CID-02:FPC-08:PIC-00:THREAD_ID-08:RT:SPU invalid session id 00000000
> Apr 27 04:00:03 04:00:02.1101047:CID-01:FPC-08:PIC-00:THREAD_ID-26:RT:SPU invalid session id 00000000
> Apr 27 04:00:03 04:00:03.090182:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id 00000000
> Apr 27 04:00:03 04:00:02.1425147:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:00:03 04:00:02.1415919:CID-02:FPC-07:PIC-00:THREAD_ID-27:RT:SPU invalid session id 00000000
> Apr 27 04:00:04 04:00:04.382013:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id 00000000
> Apr 27 04:00:04 04:00:03.1467427:CID-02:FPC-07:PIC-00:THREAD_ID-21:RT:SPU invalid session id 00000000
> Apr 27 04:00:04 04:00:04.528723:CID-02:FPC-08:PIC-00:THREAD_ID-08:RT:SPU invalid session id 00000000
> Apr 27 04:00:04 04:00:04.624377:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id 00000000
> Apr 27 04:00:04 04:00:04.449077:CID-02:FPC-08:PIC-00:THREAD_ID-29:RT:SPU invalid session id 00000000
> Apr 27 04:00:04 04:00:04.646082:CID-02:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:00:04 04:00:04.645183:CID-02:FPC-08:PIC-00:THREAD_ID-08:RT:SPU invalid session id 00000000
> Apr 27 04:00:04 04:00:04.794865:CID-02:FPC-07:PIC-00:THREAD_ID-26:RT:SPU invalid session id 00000000
> Apr 27 04:00:05 04:00:04.881259:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id 00000000
> Apr 27 04:00:05 04:00:04.1210223:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:00:05 04:00:04.1514824:CID-02:FPC-07:PIC-00:THREAD_ID-21:RT:SPU invalid session id 00000000
> Apr 27 04:00:05 04:00:04.1501037:CID-02:FPC-07:PIC-00:THREAD_ID-24:RT:SPU invalid session id 00000000
> Apr 27 04:00:05 04:00:04.1598687:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:00:05 04:00:05.738205:CID-02:FPC-08:PIC-00:THREAD_ID-29:RT:SPU invalid session id 00000000
> Apr 27 04:00:06 04:00:05.914206:CID-02:FPC-08:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:00:06 04:00:05.1313025:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:00:06 04:00:06.818371:CID-02:FPC-08:PIC-00:THREAD_ID-23:RT:SPU invalid session id 00000000
> Apr 27 04:00:07 04:00:06.1080460:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:00:08 04:00:08.676086:CID-02:FPC-08:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:00:09 04:00:09.904179:CID-01:FPC-07:PIC-00:THREAD_ID-20:RT:SPU invalid session id 00000000
> Apr 27 04:01:23 04:01:22.951306:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:01:23 04:01:22.935716:CID-01:FPC-08:PIC-00:THREAD_ID-08:RT:SPU invalid session id 00000000
> Apr 27 04:01:23 04:01:22.934350:CID-01:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id 00000000
> Apr 27 04:01:50 04:01:49.1070848:CID-01:FPC-08:PIC-00:THREAD_ID-28:RT:SPU invalid session id 00000000
> Apr 27 04:01:50 04:01:49.1073855:CID-01:FPC-08:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:01:50 04:01:49.1148774:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:07:45 04:07:45.813401:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:08:44 04:08:43.1069033:CID-01:FPC-07:PIC-00:THREAD_ID-20:RT:SPU invalid session id 00000000
> Apr 27 04:08:51 04:08:50.1522899:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:08:59 04:08:58.1080096:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:09:05 04:09:04.894843:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:09:22 04:09:21.945562:CID-01:FPC-07:PIC-00:THREAD_ID-17:RT:SPU invalid session id 000b7470
> Apr 27 04:09:23 04:09:22.1227830:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 000e9fa3
> Apr 27 04:09:26 04:09:25.1096996:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 000bc5e7
> Apr 27 04:09:26 04:09:26.701508:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 0008dd93
> Apr 27 04:10:41 04:10:40.1611542:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:24:20 04:24:20.594875:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 000fa35f
> Apr 27 04:39:20 04:39:20.757752:CID-01:FPC-07:PIC-00:THREAD_ID-21:RT:SPU invalid session id 000cff0f
> Apr 27 04:44:36 04:44:36.254600:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:46:52 04:46:52.075800:CID-01:FPC-07:PIC-00:THREAD_ID-20:RT:SPU invalid session id 00000000
> Apr 27 04:46:52 04:46:52.075479:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:46:52 04:46:52.075498:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:46:52 04:46:52.075507:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:46:52 04:46:51.1070227:CID-02:FPC-07:PIC-00:THREAD_ID-28:RT:SPU invalid session id 00000000
> Apr 27 04:46:52 04:46:51.1070211:CID-02:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 00000000
> Apr 27 04:46:52 04:46:51.1069895:CID-02:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:46:52 04:46:51.1069915:CID-02:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
> Apr 27 04:46:52 04:46:51.1069925:CID-02:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id 00000000
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list