Operational Monitoring and Maintenance SRX
21
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 4-1 Operational Monitoring and Maintenance
-
Upload
ruben-felipe-munguia -
Category
Documents
-
view
222 -
download
0
description
Curso completo Srx
Transcript of Operational Monitoring and Maintenance SRX
Operational Monitoring and Maintenance4-*
Visual Indicators summarize platform status
Front Panel LEDs
If the LED is lit red, an alarm is present.
Not Applicable—If ALM LED is unlit, no alarm is present.
SYS (System)
If the SYS LED is lit steadily green, JUNOS software is loaded on the switch.
If the SYS LED is blinking green, the switch is booting JUNOS software.
MST (Master)
If the MST LED is lit steadily green, the switch is the master of the Virtual Chassis configuration. (This LED is always lit steadily on EX 3200 models).
*
LED 1 indicates link activity
LED 2 indicates admin status, duplex mode, PoE, and link speed
LED 2 is toggled using the LCD menu
LED 2
LED 1
EX-series LCD Menu
The LCD menu provides a quick method of checking chassis alarms and system status
Default idle mode shows system status
LCD switches to alarm mode automatically when alarms occur
Enter Button (Yes)
Menu Button (No)
View the Dashboard tab:
Monitoring System-Level Operation (2 of 3)
System monitoring is also available under Monitor > System View > System Information
CPU Monitoring
Using the CLI, issue show system commands:
user@switch> show system ?
audit Show file system MD5 hash and permissions
boot-messages Show boot time messages
buffers Show buffer statistics
commit Show pending commit requests (if any) and commit history
configuration Show configuration information
initialsetup Show initialsetup information
reboot Show any pending halt or reboot requests
rollback Show rolled back configuration
...
*
Monitoring the Chassis
Monitor the chassis status using the Monitor > System View > Chassis Information J-Web page
Or use CLI show chassis commands:
user@switch> show chassis ?
fpc Show Flexible PIC Concentrator status
hardware Show installed hardware components
lcd Show LCD display
pic Show Physical Interface Card state, type, and uptime
routing-engine Show Routing Engine status
temperature-thresholds Show chassis temperature threshold settings
*
Use Ctrl+c to stop the CLI ping and traceroute
Alternatively, access the Ping Host and Traceroute tools under the J-Web Troubleshoot tab
user@switch> ping 10.210.14.173
PING 10.210.14.173 (10.210.14.173): 56 data bytes
64 bytes from 10.210.14.173: icmp_seq=0 ttl=64 time=0.345 ms
64 bytes from 10.210.14.173: icmp_seq=1 ttl=64 time=0.292 ms
^C
round-trip min/avg/max/stddev = 0.218/0.281/0.345/0.046 ms
traceroute to 10.210.14.173 (10.210.14.173), 30 hops max, 40 byte pkts
1 10.210.14.173 (10.210.14.173) 2.872 ms 0.203 ms 0.150 ms
*
Network Utilities: Part 2
Use the CLI monitor traffic command to decode packets, or access the packet capture utility under the J-Web Troubleshoot tab
Displays traffic only originating or terminating on the switch
Use the interface interface-name option to capture local traffic from a specific interface
The best way to perform analysis of Layer 2 header information in JUNOS software is using the layer2-headers option
Use the no-resolve knob to avoid DNS reverse-lookup delays
Use matching option to filter packets
Packet capture can be saved for packet analysis (hidden write-file and read-file options)
user@switch> monitor traffic interface ge-0/0/0 layer2-headers no-resolve
*
user@switch> monitor traffic interface ge-0/0/2 layer2-headers no-resolve
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
06:19:35.121217 In 0:1b:c0:5e:53:a2 > 0:19:e2:50:3f:e3, ethertype IPv4 (0x0800), length 98: 10.100.200.1 > 10.100.200.2: ICMP echo request, id 5153, seq 222, length 64
06:19:35.121269 Out 0:19:e2:50:3f:e3 > 0:1b:c0:5e:53:a2, ethertype IPv4 (0x0800), length 98: 10.100.200.2 > 10.100.200.1: ICMP echo reply, id 5153, seq 222, length 64
^C
Use the detail or extensive option for complete decode
Ctrl+c key sequence exits listening mode
*
Access Telnet, SSH, and FTP client commands from the CLI
user@switch> telnet ?
Possible completions:
8bit Use 8-bit data path
bypass-routing Bypass routing table, use specified interface
inet Force telnet to IPv4 destination
inet6 Force telnet to IPv6 destination
interface Name of interface for outgoing traffic
logical-router Name of logical router
no-resolve Don't attempt to print addresses symbolically
port Port number or service name on remote host
routing-instance Name of routing instance for telnet session
source Source address to use in telnet connection
user@switch> telnet 127.0.0.1
Software packaging:
Packages are signed using the Secure Hash Algorithm 1 (SHA-1) and hashed with Message-Digest 5 (MD5) cryptographic hashing to ensure file integrity
JUNOS software executes signed binaries only
No removable media packages
*
JUNOS software packages for EX-series switches are named as follows:
jinstall-ex-m.nZnumber-region.tgz
A: Alpha
B: Beta
R: Release
I: Internal
number is the release number; might include the build number for that release
region is either domestic or export
Currently, only domestic images are available
Example: jinstall-ex-9.1R2.10-domestic.tgz
Or use the CLI request system software add command
Keep locally stored packages in /var/tmp for easy cleanup
Watch for problems relating to low storage space
File system
cleanup is
Upgrade Example (1 of 2)
Use the J-Web Maintain > Software > Install Package page to install a package from a remote host
An FTP-based URL is shown in this example:
A reboot is required to activate new software
*
Upgrade Example (2 of 2)
You are presented with status indications as the upgrade process executes
Watch for any error messages during the upgrade
*
/: The root file system—located on the boot device
/config: The location for the active configuration (juniper.conf.gz), the first 3 rollbacks, and the rescue configuration
/config/db/config: Location of rollback indexes 4–49
/var: User directories, log files, and temporary storage
/var/home: Nonroot user home directories
/var/log: Location of system log (and trace) files
/var/tmp: Location of various temporary files, such as core dumps, and the recommended storage area for JUNOS software packages
NOTE: The /var directory is cleaned out upon upgrades!
*
Use the J-Web Maintain > Files page to free space
Or use the CLI file delete command
Cleanup wizard
Manual cleanup
Steps:
loader> boot –s
Enter recovery mode:
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery
Set root password
Commit the change!
Visual Indicators summarize platform status
Front Panel LEDs
If the LED is lit red, an alarm is present.
Not Applicable—If ALM LED is unlit, no alarm is present.
SYS (System)
If the SYS LED is lit steadily green, JUNOS software is loaded on the switch.
If the SYS LED is blinking green, the switch is booting JUNOS software.
MST (Master)
If the MST LED is lit steadily green, the switch is the master of the Virtual Chassis configuration. (This LED is always lit steadily on EX 3200 models).
*
LED 1 indicates link activity
LED 2 indicates admin status, duplex mode, PoE, and link speed
LED 2 is toggled using the LCD menu
LED 2
LED 1
EX-series LCD Menu
The LCD menu provides a quick method of checking chassis alarms and system status
Default idle mode shows system status
LCD switches to alarm mode automatically when alarms occur
Enter Button (Yes)
Menu Button (No)
View the Dashboard tab:
Monitoring System-Level Operation (2 of 3)
System monitoring is also available under Monitor > System View > System Information
CPU Monitoring
Using the CLI, issue show system commands:
user@switch> show system ?
audit Show file system MD5 hash and permissions
boot-messages Show boot time messages
buffers Show buffer statistics
commit Show pending commit requests (if any) and commit history
configuration Show configuration information
initialsetup Show initialsetup information
reboot Show any pending halt or reboot requests
rollback Show rolled back configuration
...
*
Monitoring the Chassis
Monitor the chassis status using the Monitor > System View > Chassis Information J-Web page
Or use CLI show chassis commands:
user@switch> show chassis ?
fpc Show Flexible PIC Concentrator status
hardware Show installed hardware components
lcd Show LCD display
pic Show Physical Interface Card state, type, and uptime
routing-engine Show Routing Engine status
temperature-thresholds Show chassis temperature threshold settings
*
Use Ctrl+c to stop the CLI ping and traceroute
Alternatively, access the Ping Host and Traceroute tools under the J-Web Troubleshoot tab
user@switch> ping 10.210.14.173
PING 10.210.14.173 (10.210.14.173): 56 data bytes
64 bytes from 10.210.14.173: icmp_seq=0 ttl=64 time=0.345 ms
64 bytes from 10.210.14.173: icmp_seq=1 ttl=64 time=0.292 ms
^C
round-trip min/avg/max/stddev = 0.218/0.281/0.345/0.046 ms
traceroute to 10.210.14.173 (10.210.14.173), 30 hops max, 40 byte pkts
1 10.210.14.173 (10.210.14.173) 2.872 ms 0.203 ms 0.150 ms
*
Network Utilities: Part 2
Use the CLI monitor traffic command to decode packets, or access the packet capture utility under the J-Web Troubleshoot tab
Displays traffic only originating or terminating on the switch
Use the interface interface-name option to capture local traffic from a specific interface
The best way to perform analysis of Layer 2 header information in JUNOS software is using the layer2-headers option
Use the no-resolve knob to avoid DNS reverse-lookup delays
Use matching option to filter packets
Packet capture can be saved for packet analysis (hidden write-file and read-file options)
user@switch> monitor traffic interface ge-0/0/0 layer2-headers no-resolve
*
user@switch> monitor traffic interface ge-0/0/2 layer2-headers no-resolve
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
06:19:35.121217 In 0:1b:c0:5e:53:a2 > 0:19:e2:50:3f:e3, ethertype IPv4 (0x0800), length 98: 10.100.200.1 > 10.100.200.2: ICMP echo request, id 5153, seq 222, length 64
06:19:35.121269 Out 0:19:e2:50:3f:e3 > 0:1b:c0:5e:53:a2, ethertype IPv4 (0x0800), length 98: 10.100.200.2 > 10.100.200.1: ICMP echo reply, id 5153, seq 222, length 64
^C
Use the detail or extensive option for complete decode
Ctrl+c key sequence exits listening mode
*
Access Telnet, SSH, and FTP client commands from the CLI
user@switch> telnet ?
Possible completions:
8bit Use 8-bit data path
bypass-routing Bypass routing table, use specified interface
inet Force telnet to IPv4 destination
inet6 Force telnet to IPv6 destination
interface Name of interface for outgoing traffic
logical-router Name of logical router
no-resolve Don't attempt to print addresses symbolically
port Port number or service name on remote host
routing-instance Name of routing instance for telnet session
source Source address to use in telnet connection
user@switch> telnet 127.0.0.1
Software packaging:
Packages are signed using the Secure Hash Algorithm 1 (SHA-1) and hashed with Message-Digest 5 (MD5) cryptographic hashing to ensure file integrity
JUNOS software executes signed binaries only
No removable media packages
*
JUNOS software packages for EX-series switches are named as follows:
jinstall-ex-m.nZnumber-region.tgz
A: Alpha
B: Beta
R: Release
I: Internal
number is the release number; might include the build number for that release
region is either domestic or export
Currently, only domestic images are available
Example: jinstall-ex-9.1R2.10-domestic.tgz
Or use the CLI request system software add command
Keep locally stored packages in /var/tmp for easy cleanup
Watch for problems relating to low storage space
File system
cleanup is
Upgrade Example (1 of 2)
Use the J-Web Maintain > Software > Install Package page to install a package from a remote host
An FTP-based URL is shown in this example:
A reboot is required to activate new software
*
Upgrade Example (2 of 2)
You are presented with status indications as the upgrade process executes
Watch for any error messages during the upgrade
*
/: The root file system—located on the boot device
/config: The location for the active configuration (juniper.conf.gz), the first 3 rollbacks, and the rescue configuration
/config/db/config: Location of rollback indexes 4–49
/var: User directories, log files, and temporary storage
/var/home: Nonroot user home directories
/var/log: Location of system log (and trace) files
/var/tmp: Location of various temporary files, such as core dumps, and the recommended storage area for JUNOS software packages
NOTE: The /var directory is cleaned out upon upgrades!
*
Use the J-Web Maintain > Files page to free space
Or use the CLI file delete command
Cleanup wizard
Manual cleanup
Steps:
loader> boot –s
Enter recovery mode:
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery
Set root password
Commit the change!
