Management
Reply
pkm
Visitor
pkm
Posts: 2
Registered: ‎10-02-2008
0
Accepted Solution

NSM2008.1r1 unset my routing!

Hi!

I upgrade my NSM (RH 4), first from 2007.2 to 2007.3r4 and then from 2007.3r4 to 2008.1r1. When I finish, I upgrade schema on my NSM2008.1r1. Everything works grate, but when I try start "Summarize Delta Config" I see big problem.

NSM try on all my firewall (42 device: ns5gt, ssg5, ssg20, ssg320, ssg520) unset second routing to the same destination.

For example, first device (A) have 2 network connection to internet(a and b),second device (B) have one netork connection(a) to internet. I have two VPN connection between this device:

- [VPN1] from device (A) connection (a) to device (B) connection (a)

- [VPN2] from device (A) connection (b) to device (B) connection (a)

Second VPN is simply backup VPN.

On device (A) I have two routin: 

- to [VPN1] with metric 1 - use tunnel.1 interface 

- to [VPN2] with metric 5 - use tunnel.2 interface

On device (B) I have two routing too:

- to [VPN1] with metric 1 - use tunnel.1 interface

- to [VPN2] with metric 5 - use tunnel.2 interface

Everything worked grate (2 year?) but when i update NSM to 2008.1r1 NSM on "Summarize Delta Config" try unset my routing to [VPN2]!

This loks like that:

_____

Config on Device but not on NSM:

   set nsm server primary 192.168.1.12 src-interface bgroup0

   set vrouter trust-vr route 192.168.0.0 255.255.0.0 interface tunnel.2 gateway 172.16.2.1 preference 20 metric 5

 

Config on NSM but not on Device:

 

Config on both Device and NSM but reordered:

 

Config to be send to Device on next Update Device:

   unset vrouter trust-vr route 192.168.0.0 255.255.0.0 interface tunnel.2 gateway 172.16.2.1

 

CA Certyficate to be removed from Device:

 

CRL to be removed from Device: 

 ______

 

This is strange because "Config on Device but not on NSM" show:

set vrouter trust-vr route 192.168.0.0 255.255.0.0 interface tunnel.2 gateway 172.16.2.1 preference 20 metric 5

and this is not true, I have this route on NSM!

 

That situation is on all my device (42 device)!  Device have firmware 5.3, 5.4, 6.0 and 6.1.

 

I try import device - nothing, try remove device from NSM and add again - nothing, try upgrade device firmware - nothing, try change rights back to root (change in setperm.sh user "nsm" to user "root" and execute the script) - nothing, remove route and add again - nothing. 

I don't have any new idea, please help!

 

[root@nsm2007 ~]# /usr/netscreen/DevSvr/bin/devSvr.sh status
Retrieving status...
devSvrDbSvr (pid 3334).............................ON
devSvrManager (pid 3543)...........................ON
devSvrLogWalker (pid 3704).........................ON
devSvrDataCollector (pid 3868).....................ON
devSvrDirectiveHandler (pid 4050)..................ON
devSvrProfilerMgr (pid 4242).......................ON
devSvrStatusMonitor (pid 4396).....................ON
[root@nsm2007 ~]#
[root@nsm2007 ~]# /usr/netscreen/GuiSvr/bin/guiSvr.sh status
Retrieving status...
guiSvrManager (pid 2221)...........................ON
guiSvrMasterController (pid 2507)..................ON
guiSvrDirectiveHandler (pid 2667)..................ON
guiSvrLicenseManager (pid 2815)....................ON
guiSvrStatusMonitor (pid 2947).....................ON
guiSvrWebProxy (pid 3189)..........................ON

 

[root@nsm2007 ~]# ps -aux
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  2248  560 ?        S    14:57   0:00 init [2]
root         2  0.0  0.0     0    0 ?        S    14:57   0:00 [migration/0]
root         3  0.0  0.0     0    0 ?        SN   14:57   0:00 [ksoftirqd/0]
root         4  0.0  0.0     0    0 ?        S    14:57   0:00 [migration/1]
root         5  0.0  0.0     0    0 ?        SN   14:57   0:00 [ksoftirqd/1]
root         6  0.0  0.0     0    0 ?        S<   14:57   0:00 [events/0]
root         7  0.0  0.0     0    0 ?        S<   14:57   0:00 [events/1]
root         8  0.0  0.0     0    0 ?        S<   14:57   0:00 [khelper]
root         9  0.0  0.0     0    0 ?        S<   14:57   0:00 [kacpid]
root        29  0.0  0.0     0    0 ?        S<   14:57   0:00 [kblockd/0]
root        30  0.0  0.0     0    0 ?        S<   14:57   0:00 [kblockd/1]
root        40  0.0  0.0     0    0 ?        S    14:57   0:00 [pdflush]
root        41  0.0  0.0     0    0 ?        S    14:57   0:00 [pdflush]
root        43  0.0  0.0     0    0 ?        S<   14:57   0:00 [aio/0]
root        44  0.0  0.0     0    0 ?        S<   14:57   0:00 [aio/1]
root        31  0.0  0.0     0    0 ?        S    14:57   0:00 [khubd]
root        42  0.0  0.0     0    0 ?        S    14:57   0:00 [kswapd0]
root       118  0.0  0.0     0    0 ?        S    14:57   0:00 [kseriod]
root       189  0.0  0.0     0    0 ?        S<   14:57   0:00 [ata/0]
root       190  0.0  0.0     0    0 ?        S<   14:57   0:00 [ata/1]
root       194  0.0  0.0     0    0 ?        S    14:57   0:00 [scsi_eh_0]
root       195  0.0  0.0     0    0 ?        S    14:57   0:00 [scsi_eh_1]
root       219  0.0  0.0     0    0 ?        S    14:57   0:00 [kjournald]
root      1096  0.0  0.0  3136  448 ?        S<s  14:57   0:00 udevd
root      1162  0.0  0.0     0    0 ?        S<   14:57   0:00 [hda_codec/0]
root      1163  0.0  0.0     0    0 ?        S<   14:57   0:00 [hda_codec/1]
root      1524  0.0  0.0     0    0 ?        S<   14:57   0:00 [kauditd]
root      1585  0.0  0.0     0    0 ?        S<   14:58   0:00 [kmirrord]
root      1586  0.0  0.0     0    0 ?        S<   14:58   0:00 [kmir_mon]
root      1607  0.0  0.0     0    0 ?        S    14:58   0:00 [kjournald]
root      1608  0.0  0.0     0    0 ?        S    14:58   0:00 [kjournald]
root      1609  0.0  0.0     0    0 ?        S    14:58   0:00 [kjournald]
root      1610  0.0  0.0     0    0 ?        S    14:58   0:00 [kjournald]
root      1611  0.0  0.0     0    0 ?        S    14:58   0:00 [kjournald]
root      2053  0.0  0.0  3508  632 ?        Ss   14:58   0:00 syslogd -m 0
root      2057  0.0  0.0  2028  468 ?        Ss   14:58   0:00 klogd -x
root      2109  0.0  0.1 10024 3956 ?        S    14:58   0:00 /usr/X11R6/bin/Xvfb -pn :991.0
root      2221  1.9 21.3 962368 551168 ?     Sl   14:58   5:01 /usr/netscreen/GuiSvr/bin/.guiSvrManager
root      2507  0.0  1.0 1156688 26216 ?     Sl   14:58   0:00 /usr/netscreen/GuiSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
root      2667  0.2  5.8 1237800 151120 ?    Sl   14:58   0:45 /usr/netscreen/GuiSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
root      2815  0.0  0.7 277276 18192 ?      Sl   14:58   0:00 /usr/netscreen/GuiSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
root      2947  0.4  0.1  9032 5060 ?        Sl   14:58   1:13 /usr/netscreen/GuiSvr/bin/.guiSvrStatusMonitor
root      3189  0.0  1.9 233428 50172 ?      Sl   14:58   0:04 /usr/netscreen/GuiSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
nsm       3334  0.0  0.1 17552 2600 ?        S    14:58   0:00 /usr/bin/postmaster
nsm       3420  0.0  0.1 17684 3696 ?        S    14:58   0:00 postgres: writer process
nsm       3421  0.0  0.0  9004 2020 ?        S    14:58   0:00 postgres: stats buffer process
nsm       3422  0.0  0.0  8172 2044 ?        S    14:58   0:00 postgres: stats collector process
root      3543  0.4  0.5 26304 15056 ?       Sl   14:58   1:08 /usr/netscreen/DevSvr/bin/.devSvrManager
root      3704  0.7  0.4 25612 12880 ?       Sl   14:58   1:59 /usr/netscreen/DevSvr/bin/.devSvrLogWalker
root      3868  0.0  1.8 1839688 48992 ?     Sl   14:58   0:05 /usr/netscreen/DevSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
root      4050  0.3  6.9 1382600 181024 ?    Sl   14:58   1:00 /usr/netscreen/DevSvr/lib/jre/bin/java -DNSROOT=/usr/netscreen
root      4242  0.0  0.2 22824 6660 ?        Sl   14:59   0:00 /usr/netscreen/DevSvr/bin/.devSvrProfilerMgr
nsm       4292  0.0  0.1 18352 5036 ?        S    14:59   0:00 postgres: nsm profilerDb 127.0.0.1(32809) idle
root      4396  0.1  0.2  9032 5192 ?        Sl   14:59   0:18 /usr/netscreen/DevSvr/bin/.devSvrStatusMonitor
nsm       4404  0.0  0.1 17956 3268 ?        S    14:59   0:00 postgres: nsm profilerDb 127.0.0.1(32817) idle
nsm       4407  0.0  0.1 17956 3268 ?        S    14:59   0:00 postgres: nsm profilerDb 127.0.0.1(32818) idle
nsm       4830  0.0  0.0  3900 1348 ?        S    14:59   0:00 /bin/sh /usr/netscreen/HaSvr/bin/.highAvailSvr
root      6247  0.0  0.0  5824 1712 ?        Ss   14:59   0:00 /usr/sbin/sshd
root      6256  0.0  0.0  5788 1120 ?        Ss   14:59   0:00 crond
root      6273  0.0  0.0  1992  404 tty1     Ss+  14:59   0:00 /sbin/mingetty tty1
root      6282  0.0  0.0  1512  404 tty2     Ss+  14:59   0:00 /sbin/mingetty tty2
root      6283  0.0  0.0  2324  404 tty3     Ss+  14:59   0:00 /sbin/mingetty tty3
root      6284  0.0  0.0  2976  404 tty4     Ss+  14:59   0:00 /sbin/mingetty tty4
root      6285  0.0  0.0  2408  404 tty5     Ss+  14:59   0:00 /sbin/mingetty tty5
root      6286  0.0  0.0  3080  404 tty6     Ss+  14:59   0:00 /sbin/mingetty tty6
root     26380  0.0  0.0  7040 2244 ?        Ss   19:17   0:00 sshd: gnome [priv]
gnome    26400  0.0  0.0  7040 2292 ?        S    19:17   0:00 sshd: gnome@pts/0
gnome    26401  0.0  0.0  4600 1372 pts/0    Ss   19:17   0:00 -bash
root     26427  0.0  0.0  5672 1228 pts/0    S    19:17   0:00 su -
root     26440  0.0  0.0  5072 1452 pts/0    S    19:17   0:00 -bash
nsm      26955  0.0  0.0  2600  456 ?        S    19:18   0:00 sleep 60
root     27343  0.0  0.0  3724  752 pts/0    R+   19:19   0:00 ps -aux

 

Regards,

pkm.

Trusted Expert
AndyC
Posts: 441
Registered: ‎07-08-2008
0

Re: NSM2008.1r1 unset my routing!

Hi,

 

I would open a JTAC case as it might be a bug.

 

Regards

 

Andy

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
pkm
Visitor
pkm
Posts: 2
Registered: ‎10-02-2008
0

Re: NSM2008.1r1 unset my routing!

Hi.

Yes, this is bug of 2008.1r1 version.

To resolve this problem install NSM2008.1r1c2.

 

Regards,

pkm

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.