[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

SDX 6.4.x Network Guide > Using JUNOS Routing Platforms in the SDX Network > Troubleshooting SDX Problems on JUNOS Routing Platforms

Troubleshooting SDX Problems on JUNOS Routing Platforms

To troubleshoot SDX problems on the JUNOS routing platform, review the log files for the SAE and the log files generated by the SDX software process on the router.

Troubleshooting Problems with the SDX Software Process

If the log files indicate that the SDX software process is not responding:

  1. Look at the status of the process on the JUNOS routing platform.
    2. root@ui1>show system services service-deployment 

    Connected to 172.17.20.151 port 3333 since 2004-02-06 14:50:31 PST

    Keepalive settings: Interval 15 seconds

    Keepalives sent: 100, Last sent: 6 seconds ago

    Notifications sent: 0

    Last update from peer: 00:00:06 ago
  2. If you see the message "error: the service-deployment subsystem is not running," reenable the SDX software process (see Disabling Interactions Between the SAE and JUNOS Routing Platforms).
  3. If the process is already enabled, review the configurations of the router and the SAE in the directory, and fix any problems.
  4. Restart the SDX software process on the router.
    5. root@ui1>restart service-deployment

The SAE synchronizes with the SDX software process and deletes unnecessary data from the router.

Troubleshooting Problems with Interfaces

If the log files indicate a problem with a specific interface or its associated firewall rules:

  1. Use SAE Web Admin to look at the configuration of the policies associated with the interfaces (see SDX Monitoring and Troubleshooting Guide, Chapter 6, Monitoring and Managing SAE Data).

If you find any errors, fix the configuration in the directory, and proceed to Step 4. Otherwise, proceed to Step 2.

  1. Review the configuration of interfaces on the JUNOS routing platform.
  1. Access the State page in SAE Web Admin, and click the Interfaces option.
  2. In this page, list all the interfaces or search for a particular interface.
  3. When the page displays the interfaces that match your search, click the link to the interface.
    4.
  4. Display the corresponding interfaces on the JUNOS routing platform.
    5. root@olive1# show groups sdx interfaces 

    <fe-0/0/0> {

        unit <0> {

            family inet {

                filter {

                    input SDX_PRIVATE_ID0000000000001092282;

                    output SDX_PRIVATE_ID0000000000001223352;

                }

            }

        }

    }

If you find any errors, fix the configuration in the directory, and proceed to Step 4. Otherwise, proceed to Step 3.

  1. Remove the configuration for this interface from the JUNOS routing platform.
  1. Disable the SDX software process.
    2. root@ui1#set system processes service-deployment disable

    root@ui1#commit
  2. Delete the interfaces from the router.
    3. delete groups sdx interfaces <interfaceName> <interfaceIdentifier>

    root@ui1#commit

For example, to delete the interface with identifier fe-0/0/0 unit 0, enter:

root@ui1#delete groups sdx interfaces <fe-0/0/0> unit <0>

root@ui1#commit
  1. Reenable the SDX software process.
    2. root@ui1#delete system processes service-deployment disable

    root@ui1#commit
  1. Restart the SDX software process on the router.
    2. root@ui1>restart service-deployment

The SAE reconfigures the interface that you deleted.

  1. Review the log files again.

If the action you took did not fix the problem, return to the last step you performed, and proceed with this troubleshooting procedure. If you have performed all the tasks in the troubleshooting procedure and the problem persists, delete all SDX data on the JUNOS routing platform (see Deleting All SDX Data on JUNOS Routing Platforms).

Troubleshooting Problems with Services

If the log files indicate a problem with a specific service or its associated firewall rules:

  1. Use SAE Web Admin to review the configuration of the service or firewall rule in the directory (see SDX Monitoring and Troubleshooting Guide, Chapter 6, Monitoring and Managing SAE Data).

If you find any errors, fix the configuration in the directory, and proceed to Step 4. Otherwise, proceed to Step 2.

  1. Review the configuration of the policies and substitutions associated with the service or firewall rule in the directory,

If you find any errors, fix the configuration in the directory and proceed to Step 5. Otherwise, proceed to Step 3.

  1. Review the configuration of the service on the JUNOS routing platform.
  1. Access the State page in SAE Web Admin.
  2. List all subscribers for the JUNOS routing platform, or search for a specific subscriber that uses this service.

The page displays a list of the subscribers that you matched your search.

  1. Click the link to the subscriber who is using this service.

The page displays sessions and profiles for this subscriber.

  1. Scroll to an active service session for this service, and observe the ProvisioningSet field of that session.
    2.
  2. Locate an identifier that is associated with the service that is causing the problem.

For example, in the above display, the identifier SDX_PRIVATE_ID0000000000002075317 is associated with a Network Address Translation (NAT) rule.

  1. Review the corresponding configuration on the JUNOS routing platform.
    2. root@olive1# show groups sdx services nat rule SDX_PRIVATE_ID0000000

000002075317 

    match-direction input;

    term SDX_PRIVATE_TERM {

        from {

            source-address {

                0.0.0.0/0;

            }

            destination-address {

                0.0.0.0/0;

            }

        }

        then {

            translated {

                source-pool SDX_PRIVATE_ID0000000000002009780;

                translation-type source dynamic;

            }

        }

    }

If you find any errors, fix the configuration in the directory and proceed to Step 5. Otherwise, proceed to Step 4.

  1. Remove the configuration for this service from the JUNOS routing platform.
  1. Disable the SDX software process.
    2. root@ui1#set system processes service-deployment disable

    root@ui1#commit
  2. Delete the service on the JUNOS routing platform.
    3. delete groups sdx services <serviceName> <filterID>

    root@ui1#commit

For example, to delete a firewall filter of the service called firewall with filterID SDX_PRIVATE_ID0000000000001223352, enter:

delete groups sdx services firewall filter 
SDX_PRIVATE_ID0000000000001223352

root@ui1#commit

  1. Reenable the SDX software process.
    2. root@ui1#delete system processes service-deployment disable

    root@ui1#commit
  1. Restart the SDX software process on the JUNOS routing platform.
    2. root@ui1>restart service-deployment

The SAE reconfigures the service that you deleted on the JUNOS routing platform.

  1. Review the log files again.

If the action you took did not fix the problem, return to the last step you performed, and proceed with this troubleshooting procedure. If you have performed all the tasks in the troubleshooting procedure and the problem persists, delete all SDX data on the JUNOS routing platform (see Deleting All SDX Data on JUNOS Routing Platforms).

Deleting All SDX Data on JUNOS Routing Platforms

If deleting parts of the SDX data on a JUNOS routing platform fails to solve problems, delete all the SDX data and restart the SDX software process. To do so:

  1. Delete all SDX interfaces and services. 
    2. delete groups sdx

    root@ui1#commit
  2. If you are running SDX software releases 5.0 through 6.1, you should also delete interface sessions. (After release 6.2, session data is no longer stored on the router, it is stored on the SAE host using the session store feature.) 
    3. delete groups sdx-sessions

    root@ui1#commit
  3. Restart the SDX software process on the router.
    4. root@ui1>restart service-deployment

The SAE reconfigures all the interfaces and services that you deleted from the router.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]