SRX

Hi everyone, The SRX650 firewall submits a Group configuration, including NAT, Policy, and routing. The firewall discovers the switch and the interface lacp down. Nov 9 15:44:21 2016 XXXX1 mib2d[1574]: SNMP_TRAP_LINK_DOWN: ifIndex 532, ifAdminStatus up(1), ifOperStatus down(2), ifName reth1 Physical interface: reth1, Enabled, Physical link is Up ……………… Last flapped : 2016-11-09 15:44:14 CST (01:40:23 ago) Nov 9 15:44:14.496 : primary->secondary-hold, reason: Monitor failed: IF Nov 9 15:44:15.507 : secondary-hold->secondary, reason: Ready to become secondary Nov 9 15:43:01 2016 XXXXXX mgd[30624]: %INTERACT-5-UI_COMMIT: User 'ucs5aphc' requested 'commit' operation (comment: none) Nov 9 15:44:10 2016 XXXXXX mgd[30624]: %INTERACT-5-UI_COMMIT_CONFIRMED_REMINDER: 'commit confirmed' must be confirmed within 5 minutes Nov 9 15:44:13 2016 XXXXXX /kernel: %KERN-5-KERN_LACP_INTF_STATE_CHANGE: lacp_update_state_userspace: cifd ge-1/0/4 - ATTACHED state - acting as standby link Nov 9 15:44:13 2016 XXXXXX lacpd[1552]: %DAEMON-5-LACPD_TIMEOUT: ge-1/0/4: lacp current while timer expired current Receive State: CURRENT Nov 9 15:44:14 LACP: ge-1/0/1 is LACP down Nov 9 15:44:14 jsrpd_ifd_msg_handler: Interface ge-1/0/1 is up Nov 9 15:44:14 LACP: ge-1/0/1 oper_state=0x8f reth_db[1].lacp_mode=2 Nov 9 15:44:14 LACP: ge-1/0/1 is LACP down Nov 9 15:44:14 ge-1/0/1 interface monitored by RG-1 changed state from Up to Down Nov 9 15:44:14 intf failed, computed-weight -257 Nov 9 15:44:14 Current threshold for rg-1 is -257. Setting priority to 0. Failures: interface-monitoring Why submit a configuration, lacp Down. Have you ever met this situation? thank you very much.

Hello ,

 

This seems like the LACP flapped which made the corresponding interface down in the perticular node which caused the Interface monitoring down and thereby failover of the RG group .

Now we need to investigate more on why the LACP flapped , if we failed to receive an LACP PDU's from connected device of was there any Physical link flap .

For the RCA I hope  we need to investigate by checking the logs from the devices .

 

If the LACP interfaces are down , please check if the LACP keepalives are been exchanged properly between the connected devices .

Try re-starting the LACP services to see if that helps .

Hi, Prior to this, the interface is normal, Through the command "show interfaces extensive | match flapp", only the Eth1 interface flapp is found. The other physical interfaces are Up. The network is the production environment, submit a configuration, causing lacp Down. This is a non-normal phenomenon.

Hello ,

 

Can you share the LACP config from SRX end .  It may be possible that you have some LACP fast setting and while pushing the configuration the RE CPU might have spiked hight and caused the LACP PDUs to miss and caused the flapp ( as you said the physical interfaces where UP )  . This is just an assumption . This can be confirmed only after a detailed analysis of logs from SRX . So if you are looking for an RCA , I hope its goot to open a JTAC ticket to investigate further on this .

HI， The configuration does contain fast. reth1 { per-unit-scheduler; vlan-tagging; redundant-ether-options { redundancy-group 1; lacp { active; periodic fast; } } Thank you for your support, thank you.