SRX Services Gateway
SRX Services Gateway

RPM probe timed out in external network

‎08-18-2018 08:08 PM

Dear all,

 

I have RPM probe timed out in external interface. My SRX firewall has external probe and internal probe.
External probe is via external interface and internal probe is via IPSec tunnel. External probe failed but
internal probe was successful. I could ping 111.111.111.111 via my external IP address, 222.222.222.222 in CLI.

The IPSec tunnel was created between 111.111.111.111 and 222.222.222.222.

 

I couldn't search any information for similar case in the forum or in the internet.

Please see if you could help. Thanks.

 

George

 

Log:

Owner: AU-TS, Test: EXT-ICMP-TEST
Target address: 111.111.111.111, Source address: 222.222.222.222, Probe type: icmp-ping-timestamp, Test size: 15 probes
Probe results:
Request timed out, Sun Aug 19 10:44:04 2018
Results over current test:
Probes sent: 14, Probes received: 0, Loss percentage: 100
Results over last test:
Probes sent: 15, Probes received: 0, Loss percentage: 100
Results over all tests:
Probes sent: 179549, Probes received: 0, Loss percentage: 100

Owner: AU-TS, Test: INT-ICMP-TEST
Target address: 192.168.111.111, Source address: 192.168.222.222, Probe type: icmp-ping-timestamp, Test size: 15 probes
Probe results:
Response received, Sun Aug 19 10:43:33 2018, No hardware timestamps
Rtt: 152137 usec, Round trip interarrival jitter: 199 usec
Results over current test:
Probes sent: 15, Probes received: 15, Loss percentage: 0
Measurement: Round trip time
Samples: 15, Minimum: 151110 usec, Maximum: 159230 usec, Average: 155381 usec, Peak to peak: 8120 usec, Stddev: 2555 usec, Sum: 2330711 usec
Results over last test:
Probes sent: 15, Probes received: 15, Loss percentage: 0
Test completed on Sun Aug 19 10:43:33 2018
Measurement: Round trip time
Samples: 15, Minimum: 151110 usec, Maximum: 159230 usec, Average: 155381 usec, Peak to peak: 8120 usec, Stddev: 2555 usec, Sum: 2330711 usec
Results over all tests:
Probes sent: 182475, Probes received: 182124, Loss percentage: 0
Measurement: Round trip time
Samples: 182124, Minimum: 148003 usec, Maximum: 1630298 usec, Average: 164834 usec, Peak to peak: 1482295 usec, Stddev: 38313 usec, Sum: 30020162302 usec
Measurement: Positive round trip jitter
Samples: 4554, Minimum: 0 usec, Maximum: 143708 usec, Average: 396 usec, Peak to peak: 143708 usec, Stddev: 3394 usec, Sum: 1802263 usec
Measurement: Negative round trip jitter
Samples: 4652, Minimum: 1 usec, Maximum: 171095 usec, Average: 410 usec, Peak to peak: 171094 usec, Stddev: 4159 usec, Sum: 1905371 usec

 

 

>show log messages|match AU-TS

Aug 19 10:48:03 NODE1 rmopd[1590]: RMOPD_HW_TIMESTAMP_INVALID: Hardware timestamps in probe were invalid; owner: AU-TS, test: INT-ICMP-TEST
Aug 19 10:48:08 NODE1 rmopd[1590]: RMOPD_HW_TIMESTAMP_INVALID: Hardware timestamps in probe were invalid; owner: AU-TS, test: INT-ICMP-TEST
Aug 19 10:48:13 NODE1 rmopd[1590]: RMOPD_HW_TIMESTAMP_INVALID: Hardware timestamps in probe were invalid; owner: AU-TS, test: INT-ICMP-TEST
Aug 19 10:48:18 NODE1 rmopd[1590]: RMOPD_HW_TIMESTAMP_INVALID: Hardware timestamps in probe were invalid; owner: AU-TS, test: INT-ICMP-TEST
Aug 19 10:48:23 NODE1 rmopd[1590]: RMOPD_HW_TIMESTAMP_INVALID: Hardware timestamps in probe were invalid; owner: AU-TS, test: INT-ICMP-TEST
Aug 19 10:48:28 NODE1 rmopd[1590]: RMOPD_HW_TIMESTAMP_INVALID: Hardware timestamps in probe were invalid; owner: AU-TS, test: INT-ICMP-TEST
Aug 19 10:48:33 NODE1 rmopd[1590]: RMOPD_HW_TIMESTAMP_INVALID: Hardware timestamps in probe were invalid; owner: AU-TS, test: INT-ICMP-TEST

> show configuration |display set|match AU-TS |match rpm
set services rpm probe AU-TS test EXT-ICMP-TEST probe-type icmp-ping-timestamp
set services rpm probe AU-TS test EXT-ICMP-TEST target address 111.111.111.111
set services rpm probe AU-TS test EXT-ICMP-TEST probe-count 15
set services rpm probe AU-TS test EXT-ICMP-TEST probe-interval 5
set services rpm probe AU-TS test EXT-ICMP-TEST test-interval 230
set services rpm probe AU-TS test EXT-ICMP-TEST source-address 222.222.222.222
set services rpm probe AU-TS test EXT-ICMP-TEST hardware-timestamp
set services rpm probe AU-TS test INT-ICMP-TEST probe-type icmp-ping-timestamp
set services rpm probe AU-TS test INT-ICMP-TEST target address 192.168.111.111
set services rpm probe AU-TS test INT-ICMP-TEST probe-count 15
set services rpm probe AU-TS test INT-ICMP-TEST probe-interval 5
set services rpm probe AU-TS test INT-ICMP-TEST test-interval 230
set services rpm probe AU-TS test INT-ICMP-TEST source-address 192.168.222.222
set services rpm probe AU-TS test INT-ICMP-TEST hardware-timestamp

> show version
node0:
--------------------------------------------------------------------------
Hostname: NODE0
Model: srx240h

node1:
--------------------------------------------------------------------------
Hostname: NODE1
Model: srx240h
JUNOS Software Release [12.1X46-D65.4]

 

> show ntp status
status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg,
version="ntpd 4.2.0-a Fri Dec 30 02:50:47 UTC 2016 (1)",
processor="octeon", system="JUNOS12.1X46-D65.4", leap=00, stratum=3,
precision=-17, rootdelay=176.134, rootdispersion=362.192, peer=1621,
refid=192.168.0.5,
reftime=df235a3d.08c6e789 Sun, Aug 19 2018 10:53:49.034, poll=10,
clock=df235ac4.fc64b6fd Sun, Aug 19 2018 10:56:04.985, state=4,
offset=2.776, frequency=-0.388, jitter=119.131, stability=0.072

{primary:node1}
> show ntp associations
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.0.4 118.143.17.82 2 - 553 1024 377 171.965 0.599 1.323
*192.168.0.5 118.143.17.82 2 - 143 1024 377 171.190 2.776 22.740

 

> show system uptime
node0:
--------------------------------------------------------------------------
Current time: 2018-08-19 10:54:55 HKT
System booted: 2018-07-08 04:04:42 HKT (6w0d 06:50 ago)
Last configured: 2018-08-18 23:23:54 HKT (11:31:01 ago) by root
10:54AM up 42 days, 6:50, 0 users, load averages: 0.05, 0.06, 0.07

node1:
--------------------------------------------------------------------------
Current time: 2018-08-19 10:58:24 HKT
System booted: 2018-07-08 04:00:51 HKT (6w0d 06:57 ago)
Protocols started: 2018-07-08 04:06:03 HKT (6w0d 06:52 ago)
Last configured: 2018-08-18 23:27:36 HKT (11:30:48 ago) by georgechung
10:58AM up 42 days, 6:58, 3 users, load averages: 0.46, 0.34, 0.31

{primary:node1}

 

The primary's node time is in sync with NTP server.

2 REPLIES 2
SRX Services Gateway

Re: RPM probe timed out in external network

‎08-18-2018 10:20 PM

Hello,

 

It is strange the ping from external IP to external IP is successful from CLI. But probe fails.

 

When CLI ping is stopped and only probe pings are going on, enable 'flow trace' as well as 'packet capture' to check if the probes are indeed sent out of the SRX or not.

 

If they are sent out but no response received, check the difference between probe pings (packet size, IP header) and ICMP pings from CLI.

 

Regards,

 

Rushi

Highlighted
SRX Services Gateway

Re: RPM probe timed out in external network

‎08-20-2018 04:55 AM

Dear Rushi,

 

Thanks for your tips on troubleshooting it.
I captured the packets and found that icmp timestamp request/reply packets coming to my network were filtered.

I am confirming the issue with my network provider. I believe it should be the root cause. Thanks.

 

George