3troubleshootingjunos
.pdf
Not
Troubleshooting JUNOS Platforms
The JUNOS Software CLI
The JUNOS Software command-line interface (CLI) is the primary mechanism for troubleshooting and op rational analysis. Using the CLI, it is easy to determine hardware, software, protocol, and general operational status. The following are some key CLI features:
|
• |
Support for piped output to functions like count or match for all |
|
|
commands and in all modes (configuration or operational mode); |
for |
Reproduction |
|
• |
The ability to restart software processes and take hardware online or |
|
|
offline; |
|
• |
The ability to control redundant hardware; and |
|
• |
Various network utilities like ping and traceroute, and the ability to |
|
|
monitor local traffic in a manner similar to tcpdump. |
|
Troubleshooting Tool Kit for JUNOS Platforms • Chapter 3–15
Troubleshooting JUNOS Platforms
|
|
|
Reproduction |
|
|
|
|
|
|
||
|
|
Key Operational Mode Commands |
|||
|
|
Depending on the type of probl m with which you are dealing, numerous JUNOS |
|||
|
|
Software CLI commands might xist that can assist you in problem determination. The |
|||
|
|
slide calls outs the main classes of operational mode commands that prove |
|||
|
|
pa ticula ly useful in most troubleshooting situations: |
|||
|
|
• |
The various show chassis commands are well suited to assisting you |
||
|
|
|
in pe forming operational and fault analysis of hardware-related issues; |
||
|
|
• |
The family of show system commands are useful in detecting |
||
|
|
|
c nfiguration and operational status of system protocols and users; |
||
|
|
• |
The show interfaces commands are useful when your focus is on |
||
|
forphysical or link-level operational analysis, and when you suspect |
||||
Not |
|
interface hardware-related faults. |
|||
• |
The show route commands are invaluable when testing the control |
||||
|
plane to determine what routes are present, from where the router |
||||
|
learned of them, and where they direct matching traffic; |
||||
• |
The monitor interface command provides detailed, real-time |
||||
|
snapshots of the traffic patterns, error counts, and alarm status for the |
||||
|
monitored interface; and |
||||
• |
The monitor traffic command makes tcpdump protocol analysis |
||||
|
|
|
capabilities for local traffic available to the user. |
||
Continued on next page.
Chapter 3–16 • Troubleshooting Tool Kit for JUNOS Platforms
Troubleshooting JUNOS Platforms
Enhanced Features Are Always Available
As noted previously, the CLI supports piped output to value-added features that make potentially arduous tasks, such as counting or comparing, really easy. Having these features supported in all modes, and for all commands, is a real plus!
|
for |
Reproduction |
Not |
|
|
|
|
Troubleshooting Tool Kit for JUNOS Platforms • Chapter 3–17
Troubleshooting JUNOS Platforms
You can restart most JUNOS Software processes from the CLI. This capability leverages the modular nature of JUNOS Software and avoids the need for a system reboot when a particular ocess encounters a problem.
Restarting SoftwareReproduProc ss s ction
forWhen restarting a process, the default behavior is a soft kill, or graceful shutdown, in Not which the process receives a signal that it should terminate but is given time to clean
Processes that a e not listed in the CLI output, such as the init process (which is the meta-p ocess that controls the starting of all other processes), require that you escape to a shell to restart them. It is also necessary to escape to a shell to pass the
pr cess a signal such as a kill -1 (SIGHUP). The kill -1 signal forces that pr cess to reread its configuration file but does not terminate the process.
up its state first. In contrast, a hard kill is equivalent to issuing a kill -9 pid, in hat it terminates the process immediately.
The init process restarts any process that has failed, so after killing a process, a new instance of that process starts. However, if a process fails repeatedly in rapid succession, the init process disables it to prevent thrashing. Once init disables a process, you must reboot, or force init to reread its configuration before it allows that process to restart. Issuing a commit with the hidden full switch passes the init process a SIGHUP that causes it to restart all configured processes, regardless of previous thrashing behavior. However, if the process still thrashes, init disables it.
Chapter 3–18 • Troubleshooting Tool Kit for JUNOS Platforms
Troubleshooting JUNOS Platforms
BouncingReproductiona Com on nt of r d
Currently, the routing protocol process (rpd) is responsible for handling all routing protocol functions. If you tect a problem in the OSPF protocol, for example, then a restart routing command might resolve the issue. The problem is that
foresta ting routing affects all routing protocols, which include BGP, IS-IS, RIP, and so th.
When the goal is to minimize overall disruption (which it always is), you might consider the technique shown on the slide, which involves deactivating a particular protocol, rather then restarting all routing functionality. The downside to this approach is that c nfiguration privileges are necessary.
Not
The example on the slide shows the operation bouncing BGP by deactivating the bgp stanza and issuing a commit. During the process, the OSPF protocol remains untouched and continues to operate as before. After the commit and a
rollback 1, the user issued another commit that restored the bgp stanza to its previous (active) state. The BGP protocol now initializes, just as if you had restarted the rpd process. Rather than using the rollback function, you can also issue an activate protocol bgp command from the [edit] hierarchy, followed by a commit to achieve the same results.
Troubleshooting Tool Kit for JUNOS Platforms • Chapter 3–19
Troubleshooting JUNOS Platforms
Not
Reproduction |
|
|
||
|
||||
Performing a Full Commit |
|
|
|
|
JUNOS Software optimiz |
s the proc |
ss of committing a candidate configuration so it |
||
does not disrupt proc ss |
s wh th |
ir portion of the configuration has not changed. |
||
While a great idea to be sure, the situation is rare in which a particular process fails to wake up with a commit, and as a result, the modified configuration does not go into
foreffect.
By including the hidden full switch, when issuing a commit, you force all processes to e ead their configuration, which ensures the honoring of changes. A commit
ull also signals the init process with a kill -1 (SIGHUP) that forces it to reread its c n igurati n.
Shaking It Up
Because a full commit places a processing strain on a router with a complex configuration, you should only perform a full commit when conditions warrant.
Chapter 3–20 • Troubleshooting Tool Kit for JUNOS Platforms
Troubleshooting JUNOS Platforms
HardwareReproductionR start
The slide shows how you can use the JUNOS Software CLI to take a Compact
Forwarding Engine Board (CFEB) (in some models), Flexible PIC Concentrator (FPC), or
PIC offline and online. In some cases, you can clear problems by bouncing a piece of
forha dwa e, which means taking the device offline and then bringing it back online again.
The c mmands shown the slide have the same effect as if you depressed the CFEB ffline button on the physical router to bring it offline.
Not
Troubleshooting Tool Kit for JUNOS Platforms • Chapter 3–21
Troubleshooting JUNOS Platforms
Hardware Mast rship
On platforms that support hardware redundancy, the determination of a component’s status as either mast or standby is a function of software defaults and explicit configuration. The slide shows that you can use the CLI to determine mastership status and to effect a change in status of a redundant component.
|
Although many ha dware faults and some software faults trigger a mastership change |
|
|
aut |
matically (when so configured), instances exist in which a marginal failure does |
|
n t |
Reproduction |
|
esult in the affected components relinquishing their mastership role. In cases |
|
|
such as this ne, or when you must perform routine maintenance on a redundant |
|
|
c mp nent, y u might want to force a change in mastership by using the CLI. Note |
|
|
hat depending upon what is being switched—Routing Engine (RE) versus system |
|
|
Control Board—and the specific configuration (such as graceful restart enabled), |
|
forswitching mastership status might result in a disruption to packet forwarding. |
||
Not |
Login to Other RE |
|
On systems equipped with redundant REs, you can establish a login to the other RE |
||
using an internal communications path. In most cases, you should ensure that the |
||
software replicates configuration changes made on the active RE to the configuration |
||
file used by the backup RE. When you issue a commit synchronize command, the software uses the same internal path used for RE-to-RE logins to synchronize the configuration file to the backup REs.
Chapter 3–22 • Troubleshooting Tool Kit for JUNOS Platforms
Not
Troubleshooting JUNOS Platforms
|
Reproduction |
|
|
||
|
|
||||
Network Utiliti |
s and A lications: Part 1 |
||||
As you might |
xp |
ct, JUNOS Software supports standard network utilities like ping and |
|||
traceroute. As shown the slide (for the case of ping) these utilities support a rich |
|||||
set of optional switches that can prove especially useful when troubleshooting. The |
|||||
following are some of the key switches: |
|||||
for |
• |
atm: Generates special Asynchronous Transfer Mode (ATM) pings that |
|||
|
use Operation, Administration, and Maintenance (OAM) cells. |
||||
• |
count: Limits the number of ping attempts. |
||||
• |
do-not-fragment: Useful in diagnosing MTU-related problems by |
||||
|
preventing the fragmentation of large packets. |
||||
• |
pattern: By altering the payload of ping packets, you can detect error |
||||
|
conditions that are triggered by data patterns. |
||||
|
• |
record-route: Allows you to trace the set of egress interfaces the |
|||
|
|
packet encounters. Note that this process differs from traceroute, which |
|||
|
|
displays the set of ingress interfaces. |
|||
|
• |
routing-instance: Use this switch to provide routing instance and |
|||
|
|
virtual private network (VPN) context for a ping (or similar) command. By |
|||
default, a command is issued in the context of the main routing instance unless you use this switch.
Continued on next page.
Troubleshooting Tool Kit for JUNOS Platforms • Chapter 3–23
Troubleshooting JUNOS Platforms
Network Utilities and Applications: Part 1 (contd.)
•size: By altering the size of packets, you can detect MTU-related and capacity-related problems.
•
•
Not |
for |
|
source: This switch lets you control the source address placed in the resulting packet. This capability can help diagnose routing problems
because you can make the packet appear to come from any address ownedReproductionby the device (spoofing is not permitted).
tos: This switch lets you alter the type-of-service (ToS) bits in the packet when testing a class-of-service (CoS) issue.
Chapter 3–24 • Troubleshooting Tool Kit for JUNOS Platforms