Category: srx

SRX cluster ip-monitoring

In an SRX chassis cluster setup, in addition to interface monitoring you can also use IP monitoring to monitor the health of your upstream path. I have a simple topology to explain how ip monitoring works. In this setup node0 and node1 are part of an srx chassis cluster. reth0.0 interface is part of the
Read More »

MPLS/RSVP configuration & troubleshooting #3

This is the 3rd post of my MPLS/RSVP series. In the first and second, I set up an MPLS cloud with some sort of redundancy. In this post, I will enable traffic engineering support on OSPF in order to use CSPF and fast reroute feature. To explain fast reroute I need the topology again; In
Read More »

Stream logging problems in SRX

There are two types of logging mechanism in SRX: event and stream. Event logging isn’t recommended for sending traffic logs as it can cause high CPU in the routing engine. If you enable stream logging, you should also pay attention to several things on branch SRX; 1)  Traffic log can’t be forwarded via fxp0 interface
Read More »

Cache DNS server in SRX

Starting from 12.1X44-D10, an SRX box can also run as a cache only DNS server or dns proxy if we are to adhere to what is called in the documentation. It has also view support i.e you can direct DNS queries to specific DNS servers based on the source address.   In this topology, I
Read More »

Packet mode and host-inbound traffic

Did you know that if you enable packet-mode in traffic interface of an SRX box, host inbound traffic isn’t allowed anymore? Device can still process transit traffic but inbound traffic won’t work. For example, apply a filter like below to an interface and try to SSH to IP 98.1.1.1, you shouldn’t be allowed. #show interfaces
Read More »

IP Multicast in SRX Packet mode

I have been playing with a multicast setup in SRX packet mode for a few days. I am not very familiar with multicast and reading multicast documents don’t really help me much as long as I don’t set  up a lab in which I can do a real life example. Below is my topology I used
Read More »

SRX Inventory

For troubleshooting purposes I find the file /var/log/inventory quite useful. You know why? If you haven’t displayed this file so far, go and run the command >show log inventory Jan  1 00:16:44 CHASSISD release 10.4R4.5 built by builder on 2011-05-06 06:19:27 UTC Jan 1 00:16:44 FPC - part number 750-111111, serial number ATXXXXXXX With this
Read More »

SRX routing engine low memory

If your SRX device has 1GB memory and you are using IDP and/or Antivirus then you may play with the memory allocation a bit with a new feature introduced in 11.4. As I always do, I will show it by an example; Here is my srx100 memory utilization; root@srx100-1> show chassis routing-engine Routing Engine status:
Read More »

Security logging is disabled

If you configure logging on SRX as below [edit] user@srx100-1# show security log mode stream; format sd-syslog; source-address 192.168.3.1; stream syslogsrv1 { severity info; format sd-syslog; host { 192.168.103.20; port 514; } } and issue the command user@srx100-1> show security log Security logging is disabled Don’t panic! this command doesn’t tell you that your data
Read More »