[j-nsp] CGNat PBA - MX104 w/MS-MIC

Alexander Arseniev arseniev at btinternet.com
Thu May 26 15:09:34 EDT 2016


Hello,
Sending MS-MPC syslogs to more than 1 destination server DIRECTLY FROM 
NPU ("service-set <> syslog host" stanza) is not supported APART from 
JFLOWv9 NAT syslogs.
You could send MS-MPC syslogs initially to RE and then RE will replicate 
to more than 1 destination server. With PBA, and relatively small NAT 
pool, it is not going to be much of a load.
An example config below (from memory):
set service-set SS1 syslog host local severity info facility-override local2
set service-set SS1 syslog host local class nat-logs
set system syslog host BLAH1 external info
set system syslog host BLAH2 external info
set system syslog host BLAH3 external info
HTH
Thx
Alex

On 26/05/2016 19:33, Aaron wrote:
> I've been using 14.2R2.8
>
> Speaking of buggy, I wonder if this is what you were referring to...
>
> For a few weeks I've been running like this... (syslog statements shown
> below)... and the result has been that I've seen the following nat msgs...
>
> NAT PORT BLOCK ALLOC
> NAT PORT BLOCK RELEASE
>
> ...arriving at syslog servers at 172.22.14.54, 172.22.14.247,
> log01.mydomain.com
>
> Even though, the cgnat syslog stanza does NOT allow more than one syslog
> server to be config'd, I STILL was rcv'ing those NAT syslog traps to ALL 3
> servers....
>
> Now, I rebooted this MX104 today, and suddenly, now it will only sends nat
> specific syslog traps to that one server config'd in the cgnat service-set
> syslog stanza.
>
> So actually I'm thinking it's behaving more like it should now than it did
> previously.
>
> I'm going to upgrade junos to 14.2R6 as Mark mentioned previously... or
> perhaps newer.
>
> agould at eng-lab-mx104-cgn# set services service-set cgn-sset syslog host
> 172.22.14.55 class nat-logs
>
> [edit]
> agould at eng-lab-mx104-cgn# commit
> [edit services]
>    'service-set cgn-sset'
>      Only one syslog host may be configured
> error: configuration check-out failed
>
> agould at eng-lab-mx104-cgn# show | display set | grep syslog
>
> set system syslog user * any emergency
>
> set system syslog host 172.22.14.54 any any
>
> set system syslog host 172.22.14.247 any any
>
> set system syslog host log01.mydomain.com any any
>
> set system syslog file messages any notice
>
> set system syslog file messages authorization info
>
> set system syslog file interactive-commands interactive-commands any
>
> set system syslog source-address 10.101.12.243
>
> set services service-set cgn-sset syslog host 172.22.14.54 class nat-logs
>
> set services service-set cgn-sset syslog host 172.22.14.54 source-address
> 10.101.12.243
>
>
>
> -----Original Message-----
> From: Mark Tinka [mailto:mark.tinka at seacom.mu]
> Sent: Monday, April 25, 2016 9:10 PM
> To: Aaron <aaron1 at gvtc.com>; 'Nitzan Tzelniker'
> <nitzan.tzelniker at gmail.com>; dlockuan at gmail.com; 'Alexander Arseniev'
> <arseniev at btinternet.com>; 'juniper-nsp List' <juniper-nsp at puck.nether.net>
> Subject: Re: [j-nsp] CGNat PBA - MX104 w/MS-MIC
>
>
>
> On 25/Apr/16 23:10, Aaron wrote:
>
>> You guys are awesome. PBA is working !  thanks a bunch. I upgraded to
>> 14.2.R2 like you suggested and it's good now.
> Quite a number of bugs in 14.2R2.
>
> Would rather deploy 14.2R6, which is out now.
>
> Mark.
>



More information about the juniper-nsp mailing list