vSRX
Highlighted
vSRX

Source based routing on vSRX

‎02-28-2019 11:16 AM

I'm trying to get routing configured on an AWS vSRX which will be responsible for routing 4 different subnets (mgmt, untrust, trust, & dmz). Right now I'm having trouble getting the dmz (172.20.52.0/23) and trust (172.20.56.0/23) subnets to behave. Based on recommendations listed here Juniper vSRX AWS Documentation I've created 3 different routing-instances to handle the routing needs of the 3 subnets I care about (untrust, dmz, & trust). 

 

interfaces {
    ge-0/0/0 {
        description rtr-or-west2a-untrust-juniper;
        unit 0 {
            family inet {
                address 172.20.48.10/23;
            }
        }
    }
    ge-0/0/1 {
        description rtr-or-west2a-trust-juniper;
        unit 0 {
            family inet {
                address 172.20.56.10/23;
            }
        }
    }
    ge-0/0/2 {
        description rtr-or-west2a-dmz-juniper;
        unit 0 {
            family inet {
                address 172.20.52.10/23;
            }
        }
    }
}
routing-instances {
    aws-dmz {
        instance-type virtual-router;
        interface ge-0/0/2.0;
        routing-options {
            static {
                route 10.0.0.0/8 next-hop 172.20.52.1;
            }
        }
    }
    aws-trust {
        instance-type virtual-router;
        interface ge-0/0/1.0;
        routing-options {
            static {
                route 10.0.0.0/8 next-hop 172.20.56.1;
            }
        }
    }
    aws-untrust {
        instance-type virtual-router;
        interface ge-0/0/0.0;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 172.20.48.1;
            }
        }
    }
}

I figured I needed to do this because I would need to point my corporate static route of 10.0.0.0/8 to the appropriate router in AWS. My host on the dmz subnet (pointing to the dmz interface as it's default gateway) isn't able to ping my corporate resources. Is this the correct setup? Should I be throwing the dmz & trust interface in the same routing-instance and setting up some sort of policy based route so if a packet is coming from my dmz network? 

 

Perhaps the problem is something else??? I'm able to ping the dmz interface from my corporate network. I'm at a loss, can someone assist me here?

14 REPLIES 14
Highlighted
vSRX

Re: Source based routing on vSRX

‎02-28-2019 11:26 AM

Perhaps setup my routing-instances like this and setup some sort of policy based routing to cover the correct IP address for the dmz subnet to access my corporate resources.

 

aws-trust {
    instance-type virtual-router;
    interface ge-0/0/1.0;
    interface ge-0/0/2.0;
    routing-options {
        static {
            route 10.0.0.0/8 next-hop 172.20.56.1;
        }
    }
}
aws-untrust {
    instance-type virtual-router;
    interface ge-0/0/0.0;
    routing-options {
        static {
            route 0.0.0.0/0 next-hop 172.20.48.1;
        }
    }
}
Highlighted
vSRX

Re: Source based routing on vSRX

‎02-28-2019 03:04 PM

I'm not familiar with the AWS interface but those don't look like routing instances only creating separate subnets assigned to zones.

 

A virtual router routing instance creates a completely separate routing table as if a separate router were in use.  You seem to only really need a singel router with three interfaces each in their own zone.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
vSRX

Re: Source based routing on vSRX

‎02-28-2019 03:46 PM

I'm pretty sure the code at the bottom the first block of code is routing-instances. The recommendations from Juniper for a vSRX in AWS is to create a second routing-instance to isolate the management traffic on fxp0.0 from the revenue interfaces ge-0/0/0,1,2. I just expanded on that to create 2 more to further isolate the route tables for 0,1 & 2. I can bunch them all into their own instance but then my route statement of 10.0.0.0/8 is pointing to an IP (172.20.56.1) that only the trust subnet can contact. The traffic from my DMZ would need to be able to route their traffic destined for 10.0.0.0/8 to 172.20.52.1 and I don't know how to do that.

Highlighted
vSRX

Re: Source based routing on vSRX

‎03-01-2019 02:33 AM

Yes it is common to put the mgmt in a separate routing instance to keep mgmt traffic off the production network.

 

but your production subnets need to talk to each other so isolating them into separate routing domains creates communications problems for you.  We only use routing instances to isolate subnets from other subnets or interfaces on the same box.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
vSRX

Re: Source based routing on vSRX

‎03-01-2019 10:37 AM

As Steve mentioned, you probably don't need to separate your subnets into different routing-instances, as you can control traffic between interfaces with security policies. 

 

If you still feel the need to have them in separate routing instances (thus, different routing tables) you can use filter based forwarding, or tricks like static routes with next-table instead of next-hop, to send traffic from one routing-instance to the other, and will probably need to do some route sharing between the tables with maybe rib-groups.

 

It is possible to do things like that, but it can get complex. So, unless you really need that, why not just keep them in the same routing table and use security policies to control traffic between the interfaces?  

Yasmin Lara - Juniper Ambassador #QuadE - JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCIS-CLOUD, JNCDS-DC, JNCIA-DevOps
Highlighted
vSRX

Re: Source based routing on vSRX

‎03-01-2019 12:06 PM

OK, I've got all 3 of my revenue interfaces located in one separate routing-instance per the recommendations from Juniper

 

security {
    flow {
        traceoptions {
            file joshua-stage;
            flag all;
            packet-filter packet-filter1 {
                protocol icmp;
            }
        }
    }
    nat {
        source {
            rule-set trust-to-untrust {
                from zone [ dmz trust ];
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy default_allow {
                match {
                    source-address any;
                    destination-address any;
                    application junos-ping;
                }
                then {
                    permit;
                }
            }
        }
        from-zone dmz to-zone untrust {
            policy default_allow {
                match {
                    source-address any;
                    destination-address any;
                    application junos-ping;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone dmz {
            policy default_allow {
                match {
                    source-address any;
                    destination-address any;
                    application junos-ping;
                }
                then {
                    permit;
                }
            }
        }
        from-zone dmz to-zone trust {
            policy default_allow {
                match {
                    source-address any;
                    destination-address any;
                    application junos-ping;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone untrust {
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            ping;
                        }
                    }
                }
            }
        }
        security-zone trust {
            interfaces {
                ge-0/0/1.0 {
                    host-inbound-traffic {
                        system-services {
                            ping;
                        }
                    }
                }
            }
        }
        security-zone dmz {
            interfaces {
                ge-0/0/2.0 {
                    host-inbound-traffic {
                        system-services {
                            ping;
                        }
                    }
                }
            }
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 172.20.48.10/23;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 172.20.56.10/23;
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            family inet {
                address 172.20.52.10/23;
            }
        }
    }
}
routing-instances {
    aws {
        instance-type virtual-router;
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
        interface ge-0/0/2.0;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 172.20.48.1;
                route 10.0.0.0/8 next-hop 172.20.56.1;
            }
        }
    }
}

I'm still not seeing ICMP traffic sourced from my DMZ interface to my workstation on-prem. I see it when it's sourced from the trust interface but not DMZ. Not sure my next steps here.

Highlighted
vSRX

Re: Source based routing on vSRX

‎03-01-2019 12:54 PM

Can you ping it from the SRX using the address of the DMZ interface as source?

What zone is your workstation on?

What does the packet trace show you when you attend to ping from the DMZ (show log joshua-stage)?

Do you see a flow created in the session table (show security flow session)?  

Yasmin Lara - Juniper Ambassador #QuadE - JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCIS-CLOUD, JNCDS-DC, JNCIA-DevOps
Highlighted
vSRX

Re: Source based routing on vSRX

‎03-01-2019 02:27 PM

@ylara wrote:

Can you ping it from the SRX using the address of the DMZ interface as source?

What zone is your workstation on?

What does the packet trace show you when you attend to ping from the DMZ (show log joshua-stage)?

Do you see a flow created in the session table (show security flow session)?  


I cannot ping my workstation using the DMZ interface as a source. I can using the Trust interface as a source. 

 

Well that's a good question. My workstation should be on trust since the default route on the routing-instance is going out the AWS default router for the Trust interface. There isn't an interface in my trust zone that specifically references my on-prem networks. 

 

Here is my joshua-stage log file

Mar  1 22:19:02 22:19:02.179019:CID-0:RT:  route lookup: dest-ip 172.20.52.10 orig ifp .local..4 output_ifp .local..4  orig-zone 2 out-zone 2 need_clear_fto 0 vsd 0, route_flag: 0x8

Mar  1 22:19:02 22:19:02.179020:CID-0:RT:  route to 172.20.52.10

Mar  1 22:19:02 22:19:02.179021:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:02 22:19:02.179022:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:02 22:19:02.179024:CID-0:RT:no need update ha

Mar  1 22:19:02 22:19:02.179024:CID-0:RT:updating pending sess (39105) in ager

Mar  1 22:19:02 22:19:02.179025:CID-0:RT:first path session installation succeeded

Mar  1 22:19:02 22:19:02.179026:CID-0:RT:  flow got session.

Mar  1 22:19:02 22:19:02.179026:CID-0:RT:  flow session id 39105

Mar  1 22:19:02 22:19:02.179028:CID-0:RT: vector bits 0x200 vector 0x8cfcfa90

Mar  1 22:19:02 22:19:02.179030:CID-0:RT:mbuf 0x7cdae000, exit nh 0x100010

Mar  1 22:19:02 22:19:02.179031:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x7ffffeffd270 associated with mbuf 0x7cdae000

Mar  1 22:19:02 22:19:02.179032:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Mar  1 22:19:03 22:19:03.179626:CID-0:RT:<172.20.52.10/12->10.0.12.18/39466;1,0x0> matched filter packet-filter1:

Mar  1 22:19:03 22:19:03.179633:CID-0:RT:packet [84] ipid = 801, @0x15f983fce

Mar  1 22:19:03 22:19:03.179634:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 0, common flag 0x0, mbuf 0x7cdade00, rtbl_idx = 0

Mar  1 22:19:03 22:19:03.179637:CID-0:RT:flow process pak, mbuf 0x7cdade00, ifl 0, ctxt_type 0 inq type 5

Mar  1 22:19:03 22:19:03.179638:CID-0:RT: in_ifp <junos-host:.local..0>

Mar  1 22:19:03 22:19:03.179640:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 0x54f74e80

Mar  1 22:19:03 22:19:03.179641:CID-0:RT:host inq check inq_type 0x5

Mar  1 22:19:03 22:19:03.179642:CID-0:RT:Using out_ifp from pfe_tag with index 72

Mar  1 22:19:03 22:19:03.179645:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:03 22:19:03.179648:CID-0:RT:flow_rt_lkup: Found route entry 0x5a3e05c0,nh id 0x23d, out if 0x0

Mar  1 22:19:03 22:19:03.179650:CID-0:RT:flow_rt_lkup: get NH in local route
Mar  1 22:19:03 22:19:03.179652:CID-0:RT:flow_rt_lkup: nh word 0xfffb0006

Mar  1 22:19:03 22:19:03.179653:CID-0:RT: ipv4 from host, pfe tag vr id set 4

Mar  1 22:19:03 22:19:03.179653:CID-0:RT:Using vr id from pfe_tag with value= 4

Mar  1 22:19:03 22:19:03.179655:CID-0:RT:Changing lpak->in_ifp from:.local..0 -> to:.local..4

Mar  1 22:19:03 22:19:03.179656:CID-0:RT:Over-riding lpak->vsys with 0

Mar  1 22:19:03 22:19:03.179659:CID-0:RT:  .local..4:172.20.52.10->10.0.12.18, icmp, (8/0)

Mar  1 22:19:03 22:19:03.179661:CID-0:RT: find flow: table 0x28fb7580, hash 164847(0x7ffff), sa 172.20.52.10, da 10.0.12.18, sp 12, dp 39466, proto 1, tok 16386, conn-tag 0x00000000

Mar  1 22:19:03 22:19:03.179664:CID-0:RT:  no session found, start first path. in_tunnel - 0x0, from_cp_flag - 0

Mar  1 22:19:03 22:19:03.179668:CID-0:RT:  flow_first_create_session

Mar  1 22:19:03 22:19:03.179671:CID-0:RT:Save init hash spu id 0 to nsp and nsp2!

Mar  1 22:19:03 22:19:03.179673:CID-0:RT:(flow_first_create_session) usp_tagged set session as mng session

Mar  1 22:19:03 22:19:03.179673:CID-0:RT:Installing pending sess (39106) in ager

Mar  1 22:19:03 22:19:03.179674:CID-0:RT:First path alloc and instl pending session, natp=0x2c7a36c0, id=39106

Mar  1 22:19:03 22:19:03.179675:CID-0:RT:First path alloc and instl pending session, natp=0x2c7a36c0, id=39106

Mar  1 22:19:03 22:19:03.179676:CID-0:RT:  flow_first_in_dst_nat: in <.local..4>, out <ge-0/0/2.0> dst_adr 10.0.12.18, sp 12, dp 39466

Mar  1 22:19:03 22:19:03.179677:CID-0:RT:  chose interface .local..4 as incoming nat if.

Mar  1 22:19:03 22:19:03.179680:CID-0:RT:flow_first_rule_dst_xlate: packet 172.20.52.10->10.0.12.18 nsp2 0.0.0.0->10.0.12.18.

Mar  1 22:19:03 22:19:03.179682:CID-0:RT:[JSF] Do ingress interest check. regd ingress plugins(1)

Mar  1 22:19:03 22:19:03.179686:CID-0:RT:-jsf int check: plugin junos-apbr-main(9), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179686:CID-0:RT:[JSF][0]plugins(0x0) enabled for session = 39106  implicit mask(0x0), service request(0x0)

Mar  1 22:19:03 22:19:03.179687:CID-0:RT:-jsf : no plugin ingress interested for session 39106
Mar  1 22:19:03 22:19:03.179688:CID-0:RT:flow_first_routing: vr_id 4, call flow_route_lookup(): src_ip 172.20.52.10, x_dst_ip 10.0.12.18, in ifp .local..4, out ifp ge-0/0/2.0 sp 12, dp 39466, ip_proto 1, tos 0

Mar  1 22:19:03 22:19:03.179690:CID-0:RT:Doing DESTINATION addr route-lookup

Mar  1 22:19:03 22:19:03.179691:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:03 22:19:03.179692:CID-0:RT:flow_rt_lkup: Found route entry 0x5a434100,nh id 0x248, out if 0x47

Mar  1 22:19:03 22:19:03.179694:CID-0:RT:flow_rt_lkup: nh word 0x100010

Mar  1 22:19:03 22:19:03.179694:CID-0:RT:flow_ipv4_rt_lkup success 10.0.12.18, iifl 0x44, oifl 0x47

Mar  1 22:19:03 22:19:03.179698:CID-0:RT:Checking in-ifp from .local..4 to ge-0/0/2.0 for src: 172.20.52.10 in vr_id:4

Mar  1 22:19:03 22:19:03.179699:CID-0:RT:  routed (x_dst_ip 10.0.12.18) from junos-host (.local..4 in 0) to ge-0/0/1.0, Next-hop: 172.20.56.1

Mar  1 22:19:03 22:19:03.179701:CID-0:RT:flow_first_policy_search: policy search from zone junos-host-> zone trust (0x0,0xc9a2a,0x9a2a)

Mar  1 22:19:03 22:19:03.179704:CID-0:RT:Policy lkup: vsys 0 zone(2:junos-host) -> zone(8:trust) scope:0

Mar  1 22:19:03 22:19:03.179705:CID-0:RT:             172.20.52.10/2048 -> 10.0.12.18/43328 proto 1

Mar  1 22:19:03 22:19:03.179709:CID-0:RT:flow_first_policy_search: dynapp_none_policy: TRUE, is_final: 0x0, is_explicit: 0x0, policy_meta_data: 0x0

Mar  1 22:19:03 22:19:03.179710:CID-0:RT:  app 0, timeout 60s, curr ageout 60s

Mar  1 22:19:03 22:19:03.179711:CID-0:RT:  permitted by policy self-traffic-policy(1)

Mar  1 22:19:03 22:19:03.179712:CID-0:RT:  packet passed, Permitted by policy.

Mar  1 22:19:03 22:19:03.179714:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False

Mar  1 22:19:03 22:19:03.179715:CID-0:RT:flow_first_src_xlate:  incoming src port is : 3072.

Mar  1 22:19:03 22:19:03.179718:CID-0:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False, nat_eim: False.

Mar  1 22:19:03 22:19:03.179719:CID-0:RT:  dip id = 0/0, 172.20.52.10/12->172.20.52.10/12 protocol 0

Mar  1 22:19:03 22:19:03.179722:CID-0:RT:  choose interface ge-0/0/1.0(P2P) as outgoing phy if

Mar  1 22:19:03 22:19:03.179723:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/1.0, addr: 10.0.12.18, rtt_idx:4

Mar  1 22:19:03 22:19:03.179725:CID-0:RT:[JSF]Normal interest check. regd plugins 37, enabled impl mask 0x0

Mar  1 22:19:03 22:19:03.179727:CID-0:RT:-jsf int check: plugin junos-screen-adapter(2), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179729:CID-0:RT:get NULL sess plugin info 0x2c7a36c0

Mar  1 22:19:03 22:19:03.179729:CID-0:RT:-jsf int check: plugin junos-fwauth-adapter(3), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179731:CID-0:RT:-jsf int check: plugin junos-rtcom(5), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179733:CID-0:RT:get NULL sess plugin info 0x2c7a36c0

Mar  1 22:19:03 22:19:03.179734:CID-0:RT:-jsf int check: plugin junos-jdpi(6), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179735:CID-0:RT:-jsf int check: plugin junos-utm-uf-pkt(7), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179737:CID-0:RT:-jsf int check: plugin junos-dynapp(8), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179738:CID-0:RT:-jsf int check: plugin junos-appfw(10), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179740:CID-0:RT:-jsf int check: plugin junos-appqos(11), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179741:CID-0:RT:-jsf int check: plugin junos-secintel(12), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179743:CID-0:RT:-jsf int check: plugin junos-idp(13), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179745:CID-0:RT:-jsf int check: plugin junos-aamw(14), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179746:CID-0:RT:get NULL sess plugin info 0x2c7a36c0

Mar  1 22:19:03 22:19:03.179747:CID-0:RT:-jsf int check: plugin junos-userfw(15), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179749:CID-0:RT:-jsf int check: plugin junos-ssl-proxy(17), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179750:CID-0:RT:-jsf int check: plugin junos-fwauth-stream-adapter(19), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179751:CID-0:RT:-jsf int check: plugin junos-dynapp-stream(21), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179752:CID-0:RT:-jsf int check: plugin junos-appfw-stream(22), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179753:CID-0:RT:-jsf int check: plugin junos-idp-stream(23), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179754:CID-0:RT:-jsf int check: plugin junos-aamw-stream(24), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179755:CID-0:RT:get NULL sess plugin info 0x2c7a36c0

Mar  1 22:19:03 22:19:03.179756:CID-0:RT:get NULL sess plugin info 0x2c7a36c0

Mar  1 22:19:03 22:19:03.179757:CID-0:RT:-jsf int check: plugin junos-captive-portal(25), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179758:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3

Mar  1 22:19:03 22:19:03.179758:CID-0:RT:-jsf int check: plugin junos-test(26), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179761:CID-0:RT:get NULL sess plugin info 0x2c7a36c0

Mar  1 22:19:03 22:19:03.179761:CID-0:RT:-jsf int check: plugin junos-alg(27), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179762:CID-0:RT:-jsf int check: plugin junos-utm-uf-stream(28), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179763:CID-0:RT:get NULL sess plugin info 0x2c7a36c0

Mar  1 22:19:03 22:19:03.179765:CID-0:RT:-jsf int check: plugin junos-utm(29), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179766:CID-0:RT:get NULL sess plugin info 0x2c7a36c0

Mar  1 22:19:03 22:19:03.179767:CID-0:RT:-jsf int check: plugin junos-icap-redirect(30), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179768:CID-0:RT:-jsf int check: plugin junos-log(31), svc_req 0x0, impl mask 0x0. rc 0

Mar  1 22:19:03 22:19:03.179769:CID-0:RT:-jsf int check: plugin junos-rtcom-stream(32), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179781:CID-0:RT:-jsf int check: plugin junos-remote-access-gw(33), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179783:CID-0:RT:-jsf int check: plugin junos-gprs(36), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179785:CID-0:RT:-jsf int check: plugin junos-uac(37), svc_req 0x0, impl mask 0x0. rc 2

Mar  1 22:19:03 22:19:03.179787:CID-0:RT:-jsf int check: plugin junos-appqoe(45), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:03 22:19:03.179788:CID-0:RT:[JSF]Plugins(0x0, count 0) enabled for session = 39106, impli mask(0x0), post_nat cnt 0 svc req(0x2c7a3780)

Mar  1 22:19:03 22:19:03.179790:CID-0:RT:-jsf : no plugin interested for session 39106, free sess plugin info

Mar  1 22:19:03 22:19:03.179790:CID-0:RT:jsf pre int check result 0 0 0 0

Mar  1 22:19:03 22:19:03.179791:CID-0:RT:flow_first_service_lookup(): natp(0x2c7a36c0): app_id, 0(0).

Mar  1 22:19:03 22:19:03.179792:CID-0:RT:  service lookup identified service 0.

Mar  1 22:19:03 22:19:03.179792:CID-0:RT:  flow_first_final_check: in <.local..4>, out <ge-0/0/1.0>

Mar  1 22:19:03 22:19:03.179793:CID-0:RT:In flow_first_complete_session

Mar  1 22:19:03 22:19:03.179794:CID-0:RT:flow_first_complete_session, pak_ptr: 0x7ffffeffd270, nsp: 0x2c7a36c0, in_tunnel: 0x0

Mar  1 22:19:03 22:19:03.179795:CID-0:RT:before copy: nsp vec_list 0x0, nsp2 vec_list 0x200

Mar  1 22:19:03 22:19:03.179795:CID-0:RT:after copy: nsp vec_list 0x200, nsp2 vec_list 0x200

Mar  1 22:19:03 22:19:03.179796:CID-0:RT:construct v4 vector for nsp2 and nsp

Mar  1 22:19:03 22:19:03.179796:CID-0:RT:  existing vector list 0x200-0x8cfcfa90.

Mar  1 22:19:03 22:19:03.179797:CID-0:RT:vector index for nsp2: 200

Mar  1 22:19:03 22:19:03.179797:CID-0:RT:  existing vector list 0x200-0x8cfcfa90.

Mar  1 22:19:03 22:19:03.179798:CID-0:RT:vector index for nsp: 200

Mar  1 22:19:03 22:19:03.179798:CID-0:RT:  Session (id:39106) created for first pak 200

Mar  1 22:19:03 22:19:03.179799:CID-0:RT:first pak processing successful

Mar  1 22:19:03 22:19:03.179799:CID-0:RT:  flow_first_install_session======> 0x2c7a36c0

Mar  1 22:19:03 22:19:03.179800:CID-0:RT: nsp 0x2c7a36c0, nsp2 0x2c7a3780

Mar  1 22:19:03 22:19:03.179800:CID-0:RT:  make_nsp_ready_no_resolve()

Mar  1 22:19:03 22:19:03.179801:CID-0:RT:make_nsp_ready_no_resolve: Route Lookup for dest route.  Src_ip 10.0.12.18  Dst_ip 172.20.52.10  protocal 1  ifp .local..4, route_flag: 0x8

Mar  1 22:19:03 22:19:03.179804:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:03 22:19:03.179804:CID-0:RT:flow_rt_lkup: Found route entry 0x5a3e05c0,nh id 0x23d, out if 0x0

Mar  1 22:19:03 22:19:03.179805:CID-0:RT:flow_rt_lkup: get NH in local route
Mar  1 22:19:03 22:19:03.179806:CID-0:RT:flow_rt_lkup: nh word 0xfffb0006

Mar  1 22:19:03 22:19:03.179806:CID-0:RT:flow_ipv4_rt_lkup success 172.20.52.10, iifl 0x44, oifl 0x0

Mar  1 22:19:03 22:19:03.179808:CID-0:RT:  route lookup: dest-ip 172.20.52.10 orig ifp .local..4 output_ifp .local..4  orig-zone 2 out-zone 2 need_clear_fto 0 vsd 0, route_flag: 0x8

Mar  1 22:19:03 22:19:03.179809:CID-0:RT:  route to 172.20.52.10

Mar  1 22:19:03 22:19:03.179810:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:03 22:19:03.179811:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:03 22:19:03.179812:CID-0:RT:no need update ha

Mar  1 22:19:03 22:19:03.179813:CID-0:RT:updating pending sess (39106) in ager

Mar  1 22:19:03 22:19:03.179814:CID-0:RT:first path session installation succeeded

Mar  1 22:19:03 22:19:03.179814:CID-0:RT:  flow got session.

Mar  1 22:19:03 22:19:03.179815:CID-0:RT:  flow session id 39106

Mar  1 22:19:03 22:19:03.179816:CID-0:RT: vector bits 0x200 vector 0x8cfcfa90

Mar  1 22:19:03 22:19:03.179818:CID-0:RT:mbuf 0x7cdade00, exit nh 0x100010

Mar  1 22:19:03 22:19:03.179819:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x7ffffeffd270 associated with mbuf 0x7cdade00

Mar  1 22:19:03 22:19:03.179820:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Mar  1 22:19:04 22:19:04.180794:CID-0:RT:<172.20.52.10/13->10.0.12.18/39466;1,0x0> matched filter packet-filter1:

Mar  1 22:19:04 22:19:04.180809:CID-0:RT:packet [84] ipid = 843, @0x15f983bce

Mar  1 22:19:04 22:19:04.180811:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 0, common flag 0x0, mbuf 0x7cdadc00, rtbl_idx = 0

Mar  1 22:19:04 22:19:04.180813:CID-0:RT:flow process pak, mbuf 0x7cdadc00, ifl 0, ctxt_type 0 inq type 5

Mar  1 22:19:04 22:19:04.180814:CID-0:RT: in_ifp <junos-host:.local..0>

Mar  1 22:19:04 22:19:04.180815:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 0x54f74e80

Mar  1 22:19:04 22:19:04.180816:CID-0:RT:host inq check inq_type 0x5

Mar  1 22:19:04 22:19:04.180817:CID-0:RT:Using out_ifp from pfe_tag with index 72

Mar  1 22:19:04 22:19:04.180819:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:04 22:19:04.180822:CID-0:RT:flow_rt_lkup: Found route entry 0x5a3e05c0,nh id 0x23d, out if 0x0

Mar  1 22:19:04 22:19:04.180823:CID-0:RT:flow_rt_lkup: get NH in local route
Mar  1 22:19:04 22:19:04.180824:CID-0:RT:flow_rt_lkup: nh word 0xfffb0006

Mar  1 22:19:04 22:19:04.180825:CID-0:RT: ipv4 from host, pfe tag vr id set 4

Mar  1 22:19:04 22:19:04.180825:CID-0:RT:Using vr id from pfe_tag with value= 4

Mar  1 22:19:04 22:19:04.180827:CID-0:RT:Changing lpak->in_ifp from:.local..0 -> to:.local..4

Mar  1 22:19:04 22:19:04.180827:CID-0:RT:Over-riding lpak->vsys with 0

Mar  1 22:19:04 22:19:04.180830:CID-0:RT:  .local..4:172.20.52.10->10.0.12.18, icmp, (8/0)

Mar  1 22:19:04 22:19:04.180832:CID-0:RT: find flow: table 0x28fb7580, hash 165164(0x7ffff), sa 172.20.52.10, da 10.0.12.18, sp 13, dp 39466, proto 1, tok 16386, conn-tag 0x00000000

Mar  1 22:19:04 22:19:04.180835:CID-0:RT:  no session found, start first path. in_tunnel - 0x0, from_cp_flag - 0

Mar  1 22:19:04 22:19:04.180838:CID-0:RT:  flow_first_create_session

Mar  1 22:19:04 22:19:04.180841:CID-0:RT:Save init hash spu id 0 to nsp and nsp2!

Mar  1 22:19:04 22:19:04.180842:CID-0:RT:(flow_first_create_session) usp_tagged set session as mng session

Mar  1 22:19:04 22:19:04.180843:CID-0:RT:Installing pending sess (39107) in ager

Mar  1 22:19:04 22:19:04.180844:CID-0:RT:First path alloc and instl pending session, natp=0x2c7a39c0, id=39107

Mar  1 22:19:04 22:19:04.180845:CID-0:RT:First path alloc and instl pending session, natp=0x2c7a39c0, id=39107

Mar  1 22:19:04 22:19:04.180846:CID-0:RT:  flow_first_in_dst_nat: in <.local..4>, out <ge-0/0/2.0> dst_adr 10.0.12.18, sp 13, dp 39466

Mar  1 22:19:04 22:19:04.180847:CID-0:RT:  chose interface .local..4 as incoming nat if.

Mar  1 22:19:04 22:19:04.180850:CID-0:RT:flow_first_rule_dst_xlate: packet 172.20.52.10->10.0.12.18 nsp2 0.0.0.0->10.0.12.18.

Mar  1 22:19:04 22:19:04.180852:CID-0:RT:[JSF] Do ingress interest check. regd ingress plugins(1)

Mar  1 22:19:04 22:19:04.180855:CID-0:RT:-jsf int check: plugin junos-apbr-main(9), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180856:CID-0:RT:[JSF][0]plugins(0x0) enabled for session = 39107  implicit mask(0x0), service request(0x0)

Mar  1 22:19:04 22:19:04.180857:CID-0:RT:-jsf : no plugin ingress interested for session 39107
Mar  1 22:19:04 22:19:04.180857:CID-0:RT:flow_first_routing: vr_id 4, call flow_route_lookup(): src_ip 172.20.52.10, x_dst_ip 10.0.12.18, in ifp .local..4, out ifp ge-0/0/2.0 sp 13, dp 39466, ip_proto 1, tos 0

Mar  1 22:19:04 22:19:04.180859:CID-0:RT:Doing DESTINATION addr route-lookup

Mar  1 22:19:04 22:19:04.180860:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:04 22:19:04.180861:CID-0:RT:flow_rt_lkup: Found route entry 0x5a434100,nh id 0x248, out if 0x47

Mar  1 22:19:04 22:19:04.180863:CID-0:RT:flow_rt_lkup: nh word 0x100010

Mar  1 22:19:04 22:19:04.180864:CID-0:RT:flow_ipv4_rt_lkup success 10.0.12.18, iifl 0x44, oifl 0x47

Mar  1 22:19:04 22:19:04.180867:CID-0:RT:Checking in-ifp from .local..4 to ge-0/0/2.0 for src: 172.20.52.10 in vr_id:4

Mar  1 22:19:04 22:19:04.180868:CID-0:RT:  routed (x_dst_ip 10.0.12.18) from junos-host (.local..4 in 0) to ge-0/0/1.0, Next-hop: 172.20.56.1

Mar  1 22:19:04 22:19:04.180870:CID-0:RT:flow_first_policy_search: policy search from zone junos-host-> zone trust (0x0,0xd9a2a,0x9a2a)

Mar  1 22:19:04 22:19:04.180874:CID-0:RT:Policy lkup: vsys 0 zone(2:junos-host) -> zone(8:trust) scope:0

Mar  1 22:19:04 22:19:04.180874:CID-0:RT:             172.20.52.10/2048 -> 10.0.12.18/42144 proto 1

Mar  1 22:19:04 22:19:04.180878:CID-0:RT:flow_first_policy_search: dynapp_none_policy: TRUE, is_final: 0x0, is_explicit: 0x0, policy_meta_data: 0x0

Mar  1 22:19:04 22:19:04.180880:CID-0:RT:  app 0, timeout 60s, curr ageout 60s

Mar  1 22:19:04 22:19:04.180881:CID-0:RT:  permitted by policy self-traffic-policy(1)

Mar  1 22:19:04 22:19:04.180882:CID-0:RT:  packet passed, Permitted by policy.

Mar  1 22:19:04 22:19:04.180883:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False

Mar  1 22:19:04 22:19:04.180884:CID-0:RT:flow_first_src_xlate:  incoming src port is : 3328.

Mar  1 22:19:04 22:19:04.180887:CID-0:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False, nat_eim: False.

Mar  1 22:19:04 22:19:04.180888:CID-0:RT:  dip id = 0/0, 172.20.52.10/13->172.20.52.10/13 protocol 0

Mar  1 22:19:04 22:19:04.180891:CID-0:RT:  choose interface ge-0/0/1.0(P2P) as outgoing phy if

Mar  1 22:19:04 22:19:04.180892:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/1.0, addr: 10.0.12.18, rtt_idx:4

Mar  1 22:19:04 22:19:04.180894:CID-0:RT:[JSF]Normal interest check. regd plugins 37, enabled impl mask 0x0

Mar  1 22:19:04 22:19:04.180896:CID-0:RT:-jsf int check: plugin junos-screen-adapter(2), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180897:CID-0:RT:get NULL sess plugin info 0x2c7a39c0

Mar  1 22:19:04 22:19:04.180898:CID-0:RT:-jsf int check: plugin junos-fwauth-adapter(3), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180900:CID-0:RT:-jsf int check: plugin junos-rtcom(5), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180902:CID-0:RT:get NULL sess plugin info 0x2c7a39c0

Mar  1 22:19:04 22:19:04.180903:CID-0:RT:-jsf int check: plugin junos-jdpi(6), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180904:CID-0:RT:-jsf int check: plugin junos-utm-uf-pkt(7), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180906:CID-0:RT:-jsf int check: plugin junos-dynapp(8), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180907:CID-0:RT:-jsf int check: plugin junos-appfw(10), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180909:CID-0:RT:-jsf int check: plugin junos-appqos(11), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180911:CID-0:RT:-jsf int check: plugin junos-secintel(12), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180913:CID-0:RT:-jsf int check: plugin junos-idp(13), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180914:CID-0:RT:-jsf int check: plugin junos-aamw(14), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180915:CID-0:RT:get NULL sess plugin info 0x2c7a39c0

Mar  1 22:19:04 22:19:04.180916:CID-0:RT:-jsf int check: plugin junos-userfw(15), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180917:CID-0:RT:-jsf int check: plugin junos-ssl-proxy(17), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180919:CID-0:RT:-jsf int check: plugin junos-fwauth-stream-adapter(19), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180920:CID-0:RT:-jsf int check: plugin junos-dynapp-stream(21), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180921:CID-0:RT:-jsf int check: plugin junos-appfw-stream(22), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180922:CID-0:RT:-jsf int check: plugin junos-idp-stream(23), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180923:CID-0:RT:-jsf int check: plugin junos-aamw-stream(24), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180924:CID-0:RT:get NULL sess plugin info 0x2c7a39c0

Mar  1 22:19:04 22:19:04.180926:CID-0:RT:get NULL sess plugin info 0x2c7a39c0

Mar  1 22:19:04 22:19:04.180926:CID-0:RT:-jsf int check: plugin junos-captive-portal(25), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180927:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3

Mar  1 22:19:04 22:19:04.180928:CID-0:RT:-jsf int check: plugin junos-test(26), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180930:CID-0:RT:get NULL sess plugin info 0x2c7a39c0

Mar  1 22:19:04 22:19:04.180930:CID-0:RT:-jsf int check: plugin junos-alg(27), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180931:CID-0:RT:-jsf int check: plugin junos-utm-uf-stream(28), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180932:CID-0:RT:get NULL sess plugin info 0x2c7a39c0

Mar  1 22:19:04 22:19:04.180935:CID-0:RT:-jsf int check: plugin junos-utm(29), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180936:CID-0:RT:get NULL sess plugin info 0x2c7a39c0

Mar  1 22:19:04 22:19:04.180937:CID-0:RT:-jsf int check: plugin junos-icap-redirect(30), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180937:CID-0:RT:-jsf int check: plugin junos-log(31), svc_req 0x0, impl mask 0x0. rc 0

Mar  1 22:19:04 22:19:04.180938:CID-0:RT:-jsf int check: plugin junos-rtcom-stream(32), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180939:CID-0:RT:-jsf int check: plugin junos-remote-access-gw(33), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180941:CID-0:RT:-jsf int check: plugin junos-gprs(36), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180941:CID-0:RT:-jsf int check: plugin junos-uac(37), svc_req 0x0, impl mask 0x0. rc 2

Mar  1 22:19:04 22:19:04.180943:CID-0:RT:-jsf int check: plugin junos-appqoe(45), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:04 22:19:04.180944:CID-0:RT:[JSF]Plugins(0x0, count 0) enabled for session = 39107, impli mask(0x0), post_nat cnt 0 svc req(0x2c7a3a80)

Mar  1 22:19:04 22:19:04.180945:CID-0:RT:-jsf : no plugin interested for session 39107, free sess plugin info

Mar  1 22:19:04 22:19:04.180945:CID-0:RT:jsf pre int check result 0 0 0 0

Mar  1 22:19:04 22:19:04.180946:CID-0:RT:flow_first_service_lookup(): natp(0x2c7a39c0): app_id, 0(0).

Mar  1 22:19:04 22:19:04.180947:CID-0:RT:  service lookup identified service 0.

Mar  1 22:19:04 22:19:04.180947:CID-0:RT:  flow_first_final_check: in <.local..4>, out <ge-0/0/1.0>

Mar  1 22:19:04 22:19:04.180948:CID-0:RT:In flow_first_complete_session

Mar  1 22:19:04 22:19:04.180949:CID-0:RT:flow_first_complete_session, pak_ptr: 0x7ffffeffd270, nsp: 0x2c7a39c0, in_tunnel: 0x0

Mar  1 22:19:04 22:19:04.180950:CID-0:RT:before copy: nsp vec_list 0x0, nsp2 vec_list 0x200

Mar  1 22:19:04 22:19:04.180951:CID-0:RT:after copy: nsp vec_list 0x200, nsp2 vec_list 0x200

Mar  1 22:19:04 22:19:04.180951:CID-0:RT:construct v4 vector for nsp2 and nsp

Mar  1 22:19:04 22:19:04.180952:CID-0:RT:  existing vector list 0x200-0x8cfcfa90.

Mar  1 22:19:04 22:19:04.180952:CID-0:RT:vector index for nsp2: 200

Mar  1 22:19:04 22:19:04.180952:CID-0:RT:  existing vector list 0x200-0x8cfcfa90.

Mar  1 22:19:04 22:19:04.180953:CID-0:RT:vector index for nsp: 200

Mar  1 22:19:04 22:19:04.180953:CID-0:RT:  Session (id:39107) created for first pak 200

Mar  1 22:19:04 22:19:04.180954:CID-0:RT:first pak processing successful

Mar  1 22:19:04 22:19:04.180954:CID-0:RT:  flow_first_install_session======> 0x2c7a39c0

Mar  1 22:19:04 22:19:04.180955:CID-0:RT: nsp 0x2c7a39c0, nsp2 0x2c7a3a80

Mar  1 22:19:04 22:19:04.180956:CID-0:RT:  make_nsp_ready_no_resolve()

Mar  1 22:19:04 22:19:04.180956:CID-0:RT:make_nsp_ready_no_resolve: Route Lookup for dest route.  Src_ip 10.0.12.18  Dst_ip 172.20.52.10  protocal 1  ifp .local..4, route_flag: 0x8

Mar  1 22:19:04 22:19:04.180958:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:04 22:19:04.180959:CID-0:RT:flow_rt_lkup: Found route entry 0x5a3e05c0,nh id 0x23d, out if 0x0

Mar  1 22:19:04 22:19:04.180960:CID-0:RT:flow_rt_lkup: get NH in local route
Mar  1 22:19:04 22:19:04.180960:CID-0:RT:flow_rt_lkup: nh word 0xfffb0006

Mar  1 22:19:04 22:19:04.180961:CID-0:RT:flow_ipv4_rt_lkup success 172.20.52.10, iifl 0x44, oifl 0x0

Mar  1 22:19:04 22:19:04.180962:CID-0:RT:  route lookup: dest-ip 172.20.52.10 orig ifp .local..4 output_ifp .local..4  orig-zone 2 out-zone 2 need_clear_fto 0 vsd 0, route_flag: 0x8

Mar  1 22:19:04 22:19:04.180964:CID-0:RT:  route to 172.20.52.10

Mar  1 22:19:04 22:19:04.180965:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:04 22:19:04.180965:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:04 22:19:04.180967:CID-0:RT:no need update ha

Mar  1 22:19:04 22:19:04.180967:CID-0:RT:updating pending sess (39107) in ager

Mar  1 22:19:04 22:19:04.180968:CID-0:RT:first path session installation succeeded

Mar  1 22:19:04 22:19:04.180969:CID-0:RT:  flow got session.

Mar  1 22:19:04 22:19:04.180969:CID-0:RT:  flow session id 39107

Mar  1 22:19:04 22:19:04.180971:CID-0:RT: vector bits 0x200 vector 0x8cfcfa90

Mar  1 22:19:04 22:19:04.180973:CID-0:RT:mbuf 0x7cdadc00, exit nh 0x100010

Mar  1 22:19:04 22:19:04.180974:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x7ffffeffd270 associated with mbuf 0x7cdadc00

Mar  1 22:19:04 22:19:04.180975:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Mar  1 22:19:05 22:19:05.181924:CID-0:RT:<172.20.52.10/14->10.0.12.18/39466;1,0x0> matched filter packet-filter1:

Mar  1 22:19:05 22:19:05.181936:CID-0:RT:packet [84] ipid = 869, @0x15f9837ce

Mar  1 22:19:05 22:19:05.181939:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 0, common flag 0x0, mbuf 0x7cdada00, rtbl_idx = 0

Mar  1 22:19:05 22:19:05.181944:CID-0:RT:flow process pak, mbuf 0x7cdada00, ifl 0, ctxt_type 0 inq type 5

Mar  1 22:19:05 22:19:05.181947:CID-0:RT: in_ifp <junos-host:.local..0>

Mar  1 22:19:05 22:19:05.181949:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 0x54f74e80

Mar  1 22:19:05 22:19:05.181952:CID-0:RT:host inq check inq_type 0x5

Mar  1 22:19:05 22:19:05.181955:CID-0:RT:Using out_ifp from pfe_tag with index 72

Mar  1 22:19:05 22:19:05.181959:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:05 22:19:05.181964:CID-0:RT:flow_rt_lkup: Found route entry 0x5a3e05c0,nh id 0x23d, out if 0x0

Mar  1 22:19:05 22:19:05.181967:CID-0:RT:flow_rt_lkup: get NH in local route
Mar  1 22:19:05 22:19:05.181970:CID-0:RT:flow_rt_lkup: nh word 0xfffb0006

Mar  1 22:19:05 22:19:05.181972:CID-0:RT: ipv4 from host, pfe tag vr id set 4

Mar  1 22:19:05 22:19:05.181974:CID-0:RT:Using vr id from pfe_tag with value= 4

Mar  1 22:19:05 22:19:05.181977:CID-0:RT:Changing lpak->in_ifp from:.local..0 -> to:.local..4

Mar  1 22:19:05 22:19:05.181979:CID-0:RT:Over-riding lpak->vsys with 0

Mar  1 22:19:05 22:19:05.181984:CID-0:RT:  .local..4:172.20.52.10->10.0.12.18, icmp, (8/0)

Mar  1 22:19:05 22:19:05.182001:CID-0:RT: find flow: table 0x28fb7580, hash 149573(0x7ffff), sa 172.20.52.10, da 10.0.12.18, sp 14, dp 39466, proto 1, tok 16386, conn-tag 0x00000000

Mar  1 22:19:05 22:19:05.182005:CID-0:RT:  no session found, start first path. in_tunnel - 0x0, from_cp_flag - 0

Mar  1 22:19:05 22:19:05.182008:CID-0:RT:  flow_first_create_session

Mar  1 22:19:05 22:19:05.182011:CID-0:RT:Save init hash spu id 0 to nsp and nsp2!

Mar  1 22:19:05 22:19:05.182013:CID-0:RT:(flow_first_create_session) usp_tagged set session as mng session

Mar  1 22:19:05 22:19:05.182014:CID-0:RT:Installing pending sess (39108) in ager

Mar  1 22:19:05 22:19:05.182015:CID-0:RT:First path alloc and instl pending session, natp=0x2c7a3cc0, id=39108

Mar  1 22:19:05 22:19:05.182016:CID-0:RT:First path alloc and instl pending session, natp=0x2c7a3cc0, id=39108

Mar  1 22:19:05 22:19:05.182017:CID-0:RT:  flow_first_in_dst_nat: in <.local..4>, out <ge-0/0/2.0> dst_adr 10.0.12.18, sp 14, dp 39466

Mar  1 22:19:05 22:19:05.182019:CID-0:RT:  chose interface .local..4 as incoming nat if.

Mar  1 22:19:05 22:19:05.182022:CID-0:RT:flow_first_rule_dst_xlate: packet 172.20.52.10->10.0.12.18 nsp2 0.0.0.0->10.0.12.18.

Mar  1 22:19:05 22:19:05.182024:CID-0:RT:[JSF] Do ingress interest check. regd ingress plugins(1)

Mar  1 22:19:05 22:19:05.182027:CID-0:RT:-jsf int check: plugin junos-apbr-main(9), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182028:CID-0:RT:[JSF][0]plugins(0x0) enabled for session = 39108  implicit mask(0x0), service request(0x0)

Mar  1 22:19:05 22:19:05.182029:CID-0:RT:-jsf : no plugin ingress interested for session 39108
Mar  1 22:19:05 22:19:05.182029:CID-0:RT:flow_first_routing: vr_id 4, call flow_route_lookup(): src_ip 172.20.52.10, x_dst_ip 10.0.12.18, in ifp .local..4, out ifp ge-0/0/2.0 sp 14, dp 39466, ip_proto 1, tos 0

Mar  1 22:19:05 22:19:05.182031:CID-0:RT:Doing DESTINATION addr route-lookup

Mar  1 22:19:05 22:19:05.182032:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:05 22:19:05.182033:CID-0:RT:flow_rt_lkup: Found route entry 0x5a434100,nh id 0x248, out if 0x47

Mar  1 22:19:05 22:19:05.182035:CID-0:RT:flow_rt_lkup: nh word 0x100010

Mar  1 22:19:05 22:19:05.182035:CID-0:RT:flow_ipv4_rt_lkup success 10.0.12.18, iifl 0x44, oifl 0x47

Mar  1 22:19:05 22:19:05.182038:CID-0:RT:Checking in-ifp from .local..4 to ge-0/0/2.0 for src: 172.20.52.10 in vr_id:4

Mar  1 22:19:05 22:19:05.182039:CID-0:RT:  routed (x_dst_ip 10.0.12.18) from junos-host (.local..4 in 0) to ge-0/0/1.0, Next-hop: 172.20.56.1

Mar  1 22:19:05 22:19:05.182042:CID-0:RT:flow_first_policy_search: policy search from zone junos-host-> zone trust (0x0,0xe9a2a,0x9a2a)

Mar  1 22:19:05 22:19:05.182045:CID-0:RT:Policy lkup: vsys 0 zone(2:junos-host) -> zone(8:trust) scope:0

Mar  1 22:19:05 22:19:05.182046:CID-0:RT:             172.20.52.10/2048 -> 10.0.12.18/41114 proto 1

Mar  1 22:19:05 22:19:05.182050:CID-0:RT:flow_first_policy_search: dynapp_none_policy: TRUE, is_final: 0x0, is_explicit: 0x0, policy_meta_data: 0x0

Mar  1 22:19:05 22:19:05.182051:CID-0:RT:  app 0, timeout 60s, curr ageout 60s

Mar  1 22:19:05 22:19:05.182052:CID-0:RT:  permitted by policy self-traffic-policy(1)

Mar  1 22:19:05 22:19:05.182053:CID-0:RT:  packet passed, Permitted by policy.

Mar  1 22:19:05 22:19:05.182054:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False

Mar  1 22:19:05 22:19:05.182055:CID-0:RT:flow_first_src_xlate:  incoming src port is : 3584.

Mar  1 22:19:05 22:19:05.182058:CID-0:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False, nat_eim: False.

Mar  1 22:19:05 22:19:05.182059:CID-0:RT:  dip id = 0/0, 172.20.52.10/14->172.20.52.10/14 protocol 0

Mar  1 22:19:05 22:19:05.182061:CID-0:RT:  choose interface ge-0/0/1.0(P2P) as outgoing phy if

Mar  1 22:19:05 22:19:05.182062:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/1.0, addr: 10.0.12.18, rtt_idx:4

Mar  1 22:19:05 22:19:05.182064:CID-0:RT:[JSF]Normal interest check. regd plugins 37, enabled impl mask 0x0

Mar  1 22:19:05 22:19:05.182066:CID-0:RT:-jsf int check: plugin junos-screen-adapter(2), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182068:CID-0:RT:get NULL sess plugin info 0x2c7a3cc0

Mar  1 22:19:05 22:19:05.182068:CID-0:RT:-jsf int check: plugin junos-fwauth-adapter(3), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182070:CID-0:RT:-jsf int check: plugin junos-rtcom(5), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182072:CID-0:RT:get NULL sess plugin info 0x2c7a3cc0

Mar  1 22:19:05 22:19:05.182073:CID-0:RT:-jsf int check: plugin junos-jdpi(6), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182074:CID-0:RT:-jsf int check: plugin junos-utm-uf-pkt(7), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182076:CID-0:RT:-jsf int check: plugin junos-dynapp(8), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182077:CID-0:RT:-jsf int check: plugin junos-appfw(10), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182079:CID-0:RT:-jsf int check: plugin junos-appqos(11), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182080:CID-0:RT:-jsf int check: plugin junos-secintel(12), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182082:CID-0:RT:-jsf int check: plugin junos-idp(13), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182084:CID-0:RT:-jsf int check: plugin junos-aamw(14), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182085:CID-0:RT:get NULL sess plugin info 0x2c7a3cc0

Mar  1 22:19:05 22:19:05.182086:CID-0:RT:-jsf int check: plugin junos-userfw(15), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182087:CID-0:RT:-jsf int check: plugin junos-ssl-proxy(17), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182089:CID-0:RT:-jsf int check: plugin junos-fwauth-stream-adapter(19), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182090:CID-0:RT:-jsf int check: plugin junos-dynapp-stream(21), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182091:CID-0:RT:-jsf int check: plugin junos-appfw-stream(22), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182092:CID-0:RT:-jsf int check: plugin junos-idp-stream(23), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182093:CID-0:RT:-jsf int check: plugin junos-aamw-stream(24), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182094:CID-0:RT:get NULL sess plugin info 0x2c7a3cc0

Mar  1 22:19:05 22:19:05.182095:CID-0:RT:get NULL sess plugin info 0x2c7a3cc0

Mar  1 22:19:05 22:19:05.182096:CID-0:RT:-jsf int check: plugin junos-captive-portal(25), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182096:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3

Mar  1 22:19:05 22:19:05.182097:CID-0:RT:-jsf int check: plugin junos-test(26), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182100:CID-0:RT:get NULL sess plugin info 0x2c7a3cc0

Mar  1 22:19:05 22:19:05.182100:CID-0:RT:-jsf int check: plugin junos-alg(27), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182101:CID-0:RT:-jsf int check: plugin junos-utm-uf-stream(28), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182102:CID-0:RT:get NULL sess plugin info 0x2c7a3cc0

Mar  1 22:19:05 22:19:05.182104:CID-0:RT:-jsf int check: plugin junos-utm(29), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182105:CID-0:RT:get NULL sess plugin info 0x2c7a3cc0

Mar  1 22:19:05 22:19:05.182106:CID-0:RT:-jsf int check: plugin junos-icap-redirect(30), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182107:CID-0:RT:-jsf int check: plugin junos-log(31), svc_req 0x0, impl mask 0x0. rc 0

Mar  1 22:19:05 22:19:05.182108:CID-0:RT:-jsf int check: plugin junos-rtcom-stream(32), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182109:CID-0:RT:-jsf int check: plugin junos-remote-access-gw(33), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182110:CID-0:RT:-jsf int check: plugin junos-gprs(36), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182110:CID-0:RT:-jsf int check: plugin junos-uac(37), svc_req 0x0, impl mask 0x0. rc 2

Mar  1 22:19:05 22:19:05.182112:CID-0:RT:-jsf int check: plugin junos-appqoe(45), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:05 22:19:05.182113:CID-0:RT:[JSF]Plugins(0x0, count 0) enabled for session = 39108, impli mask(0x0), post_nat cnt 0 svc req(0x2c7a3d80)

Mar  1 22:19:05 22:19:05.182114:CID-0:RT:-jsf : no plugin interested for session 39108, free sess plugin info

Mar  1 22:19:05 22:19:05.182114:CID-0:RT:jsf pre int check result 0 0 0 0

Mar  1 22:19:05 22:19:05.182115:CID-0:RT:flow_first_service_lookup(): natp(0x2c7a3cc0): app_id, 0(0).

Mar  1 22:19:05 22:19:05.182116:CID-0:RT:  service lookup identified service 0.

Mar  1 22:19:05 22:19:05.182116:CID-0:RT:  flow_first_final_check: in <.local..4>, out <ge-0/0/1.0>

Mar  1 22:19:05 22:19:05.182117:CID-0:RT:In flow_first_complete_session

Mar  1 22:19:05 22:19:05.182118:CID-0:RT:flow_first_complete_session, pak_ptr: 0x7ffffeffd270, nsp: 0x2c7a3cc0, in_tunnel: 0x0

Mar  1 22:19:05 22:19:05.182119:CID-0:RT:before copy: nsp vec_list 0x0, nsp2 vec_list 0x200

Mar  1 22:19:05 22:19:05.182119:CID-0:RT:after copy: nsp vec_list 0x200, nsp2 vec_list 0x200

Mar  1 22:19:05 22:19:05.182120:CID-0:RT:construct v4 vector for nsp2 and nsp

Mar  1 22:19:05 22:19:05.182120:CID-0:RT:  existing vector list 0x200-0x8cfcfa90.

Mar  1 22:19:05 22:19:05.182121:CID-0:RT:vector index for nsp2: 200

Mar  1 22:19:05 22:19:05.182121:CID-0:RT:  existing vector list 0x200-0x8cfcfa90.

Mar  1 22:19:05 22:19:05.182121:CID-0:RT:vector index for nsp: 200

Mar  1 22:19:05 22:19:05.182122:CID-0:RT:  Session (id:39108) created for first pak 200

Mar  1 22:19:05 22:19:05.182122:CID-0:RT:first pak processing successful

Mar  1 22:19:05 22:19:05.182123:CID-0:RT:  flow_first_install_session======> 0x2c7a3cc0

Mar  1 22:19:05 22:19:05.182123:CID-0:RT: nsp 0x2c7a3cc0, nsp2 0x2c7a3d80

Mar  1 22:19:05 22:19:05.182124:CID-0:RT:  make_nsp_ready_no_resolve()

Mar  1 22:19:05 22:19:05.182125:CID-0:RT:make_nsp_ready_no_resolve: Route Lookup for dest route.  Src_ip 10.0.12.18  Dst_ip 172.20.52.10  protocal 1  ifp .local..4, route_flag: 0x8

Mar  1 22:19:05 22:19:05.182127:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:05 22:19:05.182128:CID-0:RT:flow_rt_lkup: Found route entry 0x5a3e05c0,nh id 0x23d, out if 0x0

Mar  1 22:19:05 22:19:05.182128:CID-0:RT:flow_rt_lkup: get NH in local route
Mar  1 22:19:05 22:19:05.182129:CID-0:RT:flow_rt_lkup: nh word 0xfffb0006

Mar  1 22:19:05 22:19:05.182129:CID-0:RT:flow_ipv4_rt_lkup success 172.20.52.10, iifl 0x44, oifl 0x0

Mar  1 22:19:05 22:19:05.182131:CID-0:RT:  route lookup: dest-ip 172.20.52.10 orig ifp .local..4 output_ifp .local..4  orig-zone 2 out-zone 2 need_clear_fto 0 vsd 0, route_flag: 0x8

Mar  1 22:19:05 22:19:05.182132:CID-0:RT:  route to 172.20.52.10

Mar  1 22:19:05 22:19:05.182133:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:05 22:19:05.182134:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:05 22:19:05.182135:CID-0:RT:no need update ha

Mar  1 22:19:05 22:19:05.182136:CID-0:RT:updating pending sess (39108) in ager

Mar  1 22:19:05 22:19:05.182136:CID-0:RT:first path session installation succeeded

Mar  1 22:19:05 22:19:05.182137:CID-0:RT:  flow got session.

Mar  1 22:19:05 22:19:05.182138:CID-0:RT:  flow session id 39108

Mar  1 22:19:05 22:19:05.182139:CID-0:RT: vector bits 0x200 vector 0x8cfcfa90

Mar  1 22:19:05 22:19:05.182141:CID-0:RT:mbuf 0x7cdada00, exit nh 0x100010

Mar  1 22:19:05 22:19:05.182142:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x7ffffeffd270 associated with mbuf 0x7cdada00

Mar  1 22:19:05 22:19:05.182143:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Mar  1 22:19:06 22:19:06.182570:CID-0:RT:<172.20.52.10/15->10.0.12.18/39466;1,0x0> matched filter packet-filter1:

Mar  1 22:19:06 22:19:06.182574:CID-0:RT:packet [84] ipid = 900, @0x15f9833ce

Mar  1 22:19:06 22:19:06.182576:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 0, common flag 0x0, mbuf 0x7cdad800, rtbl_idx = 0

Mar  1 22:19:06 22:19:06.182578:CID-0:RT:flow process pak, mbuf 0x7cdad800, ifl 0, ctxt_type 0 inq type 5

Mar  1 22:19:06 22:19:06.182579:CID-0:RT: in_ifp <junos-host:.local..0>

Mar  1 22:19:06 22:19:06.182579:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 0x54f74e80

Mar  1 22:19:06 22:19:06.182580:CID-0:RT:host inq check inq_type 0x5

Mar  1 22:19:06 22:19:06.182581:CID-0:RT:Using out_ifp from pfe_tag with index 72

Mar  1 22:19:06 22:19:06.182583:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:06 22:19:06.182587:CID-0:RT:flow_rt_lkup: Found route entry 0x5a3e05c0,nh id 0x23d, out if 0x0

Mar  1 22:19:06 22:19:06.182588:CID-0:RT:flow_rt_lkup: get NH in local route
Mar  1 22:19:06 22:19:06.182589:CID-0:RT:flow_rt_lkup: nh word 0xfffb0006

Mar  1 22:19:06 22:19:06.182589:CID-0:RT: ipv4 from host, pfe tag vr id set 4

Mar  1 22:19:06 22:19:06.182590:CID-0:RT:Using vr id from pfe_tag with value= 4

Mar  1 22:19:06 22:19:06.182591:CID-0:RT:Changing lpak->in_ifp from:.local..0 -> to:.local..4

Mar  1 22:19:06 22:19:06.182592:CID-0:RT:Over-riding lpak->vsys with 0

Mar  1 22:19:06 22:19:06.182595:CID-0:RT:  .local..4:172.20.52.10->10.0.12.18, icmp, (8/0)

Mar  1 22:19:06 22:19:06.182597:CID-0:RT: find flow: table 0x28fb7580, hash 151366(0x7ffff), sa 172.20.52.10, da 10.0.12.18, sp 15, dp 39466, proto 1, tok 16386, conn-tag 0x00000000

Mar  1 22:19:06 22:19:06.182600:CID-0:RT:  no session found, start first path. in_tunnel - 0x0, from_cp_flag - 0

Mar  1 22:19:06 22:19:06.182603:CID-0:RT:  flow_first_create_session

Mar  1 22:19:06 22:19:06.182606:CID-0:RT:Save init hash spu id 0 to nsp and nsp2!

Mar  1 22:19:06 22:19:06.182607:CID-0:RT:(flow_first_create_session) usp_tagged set session as mng session

Mar  1 22:19:06 22:19:06.182608:CID-0:RT:Installing pending sess (39109) in ager

Mar  1 22:19:06 22:19:06.182609:CID-0:RT:First path alloc and instl pending session, natp=0x2c7a3fc0, id=39109

Mar  1 22:19:06 22:19:06.182610:CID-0:RT:First path alloc and instl pending session, natp=0x2c7a3fc0, id=39109

Mar  1 22:19:06 22:19:06.182611:CID-0:RT:  flow_first_in_dst_nat: in <.local..4>, out <ge-0/0/2.0> dst_adr 10.0.12.18, sp 15, dp 39466

Mar  1 22:19:06 22:19:06.182612:CID-0:RT:  chose interface .local..4 as incoming nat if.

Mar  1 22:19:06 22:19:06.182615:CID-0:RT:flow_first_rule_dst_xlate: packet 172.20.52.10->10.0.12.18 nsp2 0.0.0.0->10.0.12.18.

Mar  1 22:19:06 22:19:06.182617:CID-0:RT:[JSF] Do ingress interest check. regd ingress plugins(1)

Mar  1 22:19:06 22:19:06.182620:CID-0:RT:-jsf int check: plugin junos-apbr-main(9), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182621:CID-0:RT:[JSF][0]plugins(0x0) enabled for session = 39109  implicit mask(0x0), service request(0x0)

Mar  1 22:19:06 22:19:06.182621:CID-0:RT:-jsf : no plugin ingress interested for session 39109
Mar  1 22:19:06 22:19:06.182622:CID-0:RT:flow_first_routing: vr_id 4, call flow_route_lookup(): src_ip 172.20.52.10, x_dst_ip 10.0.12.18, in ifp .local..4, out ifp ge-0/0/2.0 sp 15, dp 39466, ip_proto 1, tos 0

Mar  1 22:19:06 22:19:06.182624:CID-0:RT:Doing DESTINATION addr route-lookup

Mar  1 22:19:06 22:19:06.182625:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:06 22:19:06.182626:CID-0:RT:flow_rt_lkup: Found route entry 0x5a434100,nh id 0x248, out if 0x47

Mar  1 22:19:06 22:19:06.182628:CID-0:RT:flow_rt_lkup: nh word 0x100010

Mar  1 22:19:06 22:19:06.182628:CID-0:RT:flow_ipv4_rt_lkup success 10.0.12.18, iifl 0x44, oifl 0x47

Mar  1 22:19:06 22:19:06.182631:CID-0:RT:Checking in-ifp from .local..4 to ge-0/0/2.0 for src: 172.20.52.10 in vr_id:4

Mar  1 22:19:06 22:19:06.182633:CID-0:RT:  routed (x_dst_ip 10.0.12.18) from junos-host (.local..4 in 0) to ge-0/0/1.0, Next-hop: 172.20.56.1

Mar  1 22:19:06 22:19:06.182635:CID-0:RT:flow_first_policy_search: policy search from zone junos-host-> zone trust (0x0,0xf9a2a,0x9a2a)

Mar  1 22:19:06 22:19:06.182638:CID-0:RT:Policy lkup: vsys 0 zone(2:junos-host) -> zone(8:trust) scope:0

Mar  1 22:19:06 22:19:06.182639:CID-0:RT:             172.20.52.10/2048 -> 10.0.12.18/40438 proto 1

Mar  1 22:19:06 22:19:06.182643:CID-0:RT:flow_first_policy_search: dynapp_none_policy: TRUE, is_final: 0x0, is_explicit: 0x0, policy_meta_data: 0x0

Mar  1 22:19:06 22:19:06.182644:CID-0:RT:  app 0, timeout 60s, curr ageout 60s

Mar  1 22:19:06 22:19:06.182645:CID-0:RT:  permitted by policy self-traffic-policy(1)

Mar  1 22:19:06 22:19:06.182646:CID-0:RT:  packet passed, Permitted by policy.

Mar  1 22:19:06 22:19:06.182647:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False

Mar  1 22:19:06 22:19:06.182648:CID-0:RT:flow_first_src_xlate:  incoming src port is : 3840.

Mar  1 22:19:06 22:19:06.182652:CID-0:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False, nat_eim: False.

Mar  1 22:19:06 22:19:06.182652:CID-0:RT:  dip id = 0/0, 172.20.52.10/15->172.20.52.10/15 protocol 0

Mar  1 22:19:06 22:19:06.182655:CID-0:RT:  choose interface ge-0/0/1.0(P2P) as outgoing phy if

Mar  1 22:19:06 22:19:06.182656:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/1.0, addr: 10.0.12.18, rtt_idx:4

Mar  1 22:19:06 22:19:06.182658:CID-0:RT:[JSF]Normal interest check. regd plugins 37, enabled impl mask 0x0

Mar  1 22:19:06 22:19:06.182660:CID-0:RT:-jsf int check: plugin junos-screen-adapter(2), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182661:CID-0:RT:get NULL sess plugin info 0x2c7a3fc0

Mar  1 22:19:06 22:19:06.182663:CID-0:RT:-jsf int check: plugin junos-fwauth-adapter(3), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182664:CID-0:RT:-jsf int check: plugin junos-rtcom(5), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182666:CID-0:RT:get NULL sess plugin info 0x2c7a3fc0

Mar  1 22:19:06 22:19:06.182667:CID-0:RT:-jsf int check: plugin junos-jdpi(6), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182669:CID-0:RT:-jsf int check: plugin junos-utm-uf-pkt(7), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182671:CID-0:RT:-jsf int check: plugin junos-dynapp(8), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182672:CID-0:RT:-jsf int check: plugin junos-appfw(10), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182673:CID-0:RT:-jsf int check: plugin junos-appqos(11), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182675:CID-0:RT:-jsf int check: plugin junos-secintel(12), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182677:CID-0:RT:-jsf int check: plugin junos-idp(13), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182679:CID-0:RT:-jsf int check: plugin junos-aamw(14), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182680:CID-0:RT:get NULL sess plugin info 0x2c7a3fc0

Mar  1 22:19:06 22:19:06.182681:CID-0:RT:-jsf int check: plugin junos-userfw(15), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182683:CID-0:RT:-jsf int check: plugin junos-ssl-proxy(17), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182684:CID-0:RT:-jsf int check: plugin junos-fwauth-stream-adapter(19), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182685:CID-0:RT:-jsf int check: plugin junos-dynapp-stream(21), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182686:CID-0:RT:-jsf int check: plugin junos-appfw-stream(22), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182687:CID-0:RT:-jsf int check: plugin junos-idp-stream(23), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182688:CID-0:RT:-jsf int check: plugin junos-aamw-stream(24), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182689:CID-0:RT:get NULL sess plugin info 0x2c7a3fc0

Mar  1 22:19:06 22:19:06.182690:CID-0:RT:get NULL sess plugin info 0x2c7a3fc0

Mar  1 22:19:06 22:19:06.182691:CID-0:RT:-jsf int check: plugin junos-captive-portal(25), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182692:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3

Mar  1 22:19:06 22:19:06.182693:CID-0:RT:-jsf int check: plugin junos-test(26), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182695:CID-0:RT:get NULL sess plugin info 0x2c7a3fc0

Mar  1 22:19:06 22:19:06.182695:CID-0:RT:-jsf int check: plugin junos-alg(27), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182696:CID-0:RT:-jsf int check: plugin junos-utm-uf-stream(28), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182697:CID-0:RT:get NULL sess plugin info 0x2c7a3fc0

Mar  1 22:19:06 22:19:06.182699:CID-0:RT:-jsf int check: plugin junos-utm(29), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182700:CID-0:RT:get NULL sess plugin info 0x2c7a3fc0

Mar  1 22:19:06 22:19:06.182701:CID-0:RT:-jsf int check: plugin junos-icap-redirect(30), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182702:CID-0:RT:-jsf int check: plugin junos-log(31), svc_req 0x0, impl mask 0x0. rc 0

Mar  1 22:19:06 22:19:06.182703:CID-0:RT:-jsf int check: plugin junos-rtcom-stream(32), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182704:CID-0:RT:-jsf int check: plugin junos-remote-access-gw(33), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182705:CID-0:RT:-jsf int check: plugin junos-gprs(36), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182706:CID-0:RT:-jsf int check: plugin junos-uac(37), svc_req 0x0, impl mask 0x0. rc 2

Mar  1 22:19:06 22:19:06.182708:CID-0:RT:-jsf int check: plugin junos-appqoe(45), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:06 22:19:06.182708:CID-0:RT:[JSF]Plugins(0x0, count 0) enabled for session = 39109, impli mask(0x0), post_nat cnt 0 svc req(0x2c7a4080)

Mar  1 22:19:06 22:19:06.182709:CID-0:RT:-jsf : no plugin interested for session 39109, free sess plugin info

Mar  1 22:19:06 22:19:06.182710:CID-0:RT:jsf pre int check result 0 0 0 0

Mar  1 22:19:06 22:19:06.182710:CID-0:RT:flow_first_service_lookup(): natp(0x2c7a3fc0): app_id, 0(0).

Mar  1 22:19:06 22:19:06.182711:CID-0:RT:  service lookup identified service 0.

Mar  1 22:19:06 22:19:06.182711:CID-0:RT:  flow_first_final_check: in <.local..4>, out <ge-0/0/1.0>

Mar  1 22:19:06 22:19:06.182712:CID-0:RT:In flow_first_complete_session

Mar  1 22:19:06 22:19:06.182713:CID-0:RT:flow_first_complete_session, pak_ptr: 0x7ffffeffd270, nsp: 0x2c7a3fc0, in_tunnel: 0x0

Mar  1 22:19:06 22:19:06.182714:CID-0:RT:before copy: nsp vec_list 0x0, nsp2 vec_list 0x200

Mar  1 22:19:06 22:19:06.182715:CID-0:RT:after copy: nsp vec_list 0x200, nsp2 vec_list 0x200

Mar  1 22:19:06 22:19:06.182715:CID-0:RT:construct v4 vector for nsp2 and nsp

Mar  1 22:19:06 22:19:06.182716:CID-0:RT:  existing vector list 0x200-0x8cfcfa90.

Mar  1 22:19:06 22:19:06.182716:CID-0:RT:vector index for nsp2: 200

Mar  1 22:19:06 22:19:06.182716:CID-0:RT:  existing vector list 0x200-0x8cfcfa90.

Mar  1 22:19:06 22:19:06.182717:CID-0:RT:vector index for nsp: 200

Mar  1 22:19:06 22:19:06.182717:CID-0:RT:  Session (id:39109) created for first pak 200

Mar  1 22:19:06 22:19:06.182718:CID-0:RT:first pak processing successful

Mar  1 22:19:06 22:19:06.182718:CID-0:RT:  flow_first_install_session======> 0x2c7a3fc0

Mar  1 22:19:06 22:19:06.182719:CID-0:RT: nsp 0x2c7a3fc0, nsp2 0x2c7a4080

Mar  1 22:19:06 22:19:06.182719:CID-0:RT:  make_nsp_ready_no_resolve()

Mar  1 22:19:06 22:19:06.182720:CID-0:RT:make_nsp_ready_no_resolve: Route Lookup for dest route.  Src_ip 10.0.12.18  Dst_ip 172.20.52.10  protocal 1  ifp .local..4, route_flag: 0x8

Mar  1 22:19:06 22:19:06.182722:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:06 22:19:06.182723:CID-0:RT:flow_rt_lkup: Found route entry 0x5a3e05c0,nh id 0x23d, out if 0x0

Mar  1 22:19:06 22:19:06.182724:CID-0:RT:flow_rt_lkup: get NH in local route
Mar  1 22:19:06 22:19:06.182724:CID-0:RT:flow_rt_lkup: nh word 0xfffb0006

Mar  1 22:19:06 22:19:06.182725:CID-0:RT:flow_ipv4_rt_lkup success 172.20.52.10, iifl 0x44, oifl 0x0

Mar  1 22:19:06 22:19:06.182726:CID-0:RT:  route lookup: dest-ip 172.20.52.10 orig ifp .local..4 output_ifp .local..4  orig-zone 2 out-zone 2 need_clear_fto 0 vsd 0, route_flag: 0x8

Mar  1 22:19:06 22:19:06.182728:CID-0:RT:  route to 172.20.52.10

Mar  1 22:19:06 22:19:06.182729:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:06 22:19:06.182729:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:06 22:19:06.182731:CID-0:RT:no need update ha

Mar  1 22:19:06 22:19:06.182731:CID-0:RT:updating pending sess (39109) in ager

Mar  1 22:19:06 22:19:06.182732:CID-0:RT:first path session installation succeeded

Mar  1 22:19:06 22:19:06.182733:CID-0:RT:  flow got session.

Mar  1 22:19:06 22:19:06.182733:CID-0:RT:  flow session id 39109

Mar  1 22:19:06 22:19:06.182735:CID-0:RT: vector bits 0x200 vector 0x8cfcfa90

Mar  1 22:19:06 22:19:06.182737:CID-0:RT:mbuf 0x7cdad800, exit nh 0x100010

Mar  1 22:19:06 22:19:06.182738:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x7ffffeffd270 associated with mbuf 0x7cdad800

Mar  1 22:19:06 22:19:06.182739:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Mar  1 22:19:07 22:19:07.183147:CID-0:RT:<172.20.52.10/16->10.0.12.18/39466;1,0x0> matched filter packet-filter1:

Mar  1 22:19:07 22:19:07.183154:CID-0:RT:packet [84] ipid = 939, @0x15f982fce

Mar  1 22:19:07 22:19:07.183155:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 0, common flag 0x0, mbuf 0x7cdad600, rtbl_idx = 0

Mar  1 22:19:07 22:19:07.183158:CID-0:RT:flow process pak, mbuf 0x7cdad600, ifl 0, ctxt_type 0 inq type 5

Mar  1 22:19:07 22:19:07.183159:CID-0:RT: in_ifp <junos-host:.local..0>

Mar  1 22:19:07 22:19:07.183160:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 0x54f74e80

Mar  1 22:19:07 22:19:07.183162:CID-0:RT:host inq check inq_type 0x5

Mar  1 22:19:07 22:19:07.183163:CID-0:RT:Using out_ifp from pfe_tag with index 72

Mar  1 22:19:07 22:19:07.183166:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:07 22:19:07.183169:CID-0:RT:flow_rt_lkup: Found route entry 0x5a3e05c0,nh id 0x23d, out if 0x0

Mar  1 22:19:07 22:19:07.183171:CID-0:RT:flow_rt_lkup: get NH in local route
Mar  1 22:19:07 22:19:07.183172:CID-0:RT:flow_rt_lkup: nh word 0xfffb0006

Mar  1 22:19:07 22:19:07.183173:CID-0:RT: ipv4 from host, pfe tag vr id set 4

Mar  1 22:19:07 22:19:07.183174:CID-0:RT:Using vr id from pfe_tag with value= 4

Mar  1 22:19:07 22:19:07.183175:CID-0:RT:Changing lpak->in_ifp from:.local..0 -> to:.local..4

Mar  1 22:19:07 22:19:07.183176:CID-0:RT:Over-riding lpak->vsys with 0

Mar  1 22:19:07 22:19:07.183179:CID-0:RT:  .local..4:172.20.52.10->10.0.12.18, icmp, (8/0)

Mar  1 22:19:07 22:19:07.183182:CID-0:RT: find flow: table 0x28fb7580, hash 168443(0x7ffff), sa 172.20.52.10, da 10.0.12.18, sp 16, dp 39466, proto 1, tok 16386, conn-tag 0x00000000

Mar  1 22:19:07 22:19:07.183185:CID-0:RT:  no session found, start first path. in_tunnel - 0x0, from_cp_flag - 0

Mar  1 22:19:07 22:19:07.183188:CID-0:RT:  flow_first_create_session

Mar  1 22:19:07 22:19:07.183191:CID-0:RT:Save init hash spu id 0 to nsp and nsp2!

Mar  1 22:19:07 22:19:07.183193:CID-0:RT:(flow_first_create_session) usp_tagged set session as mng session

Mar  1 22:19:07 22:19:07.183193:CID-0:RT:Installing pending sess (39110) in ager

Mar  1 22:19:07 22:19:07.183194:CID-0:RT:First path alloc and instl pending session, natp=0x2c7a42c0, id=39110

Mar  1 22:19:07 22:19:07.183195:CID-0:RT:First path alloc and instl pending session, natp=0x2c7a42c0, id=39110

Mar  1 22:19:07 22:19:07.183196:CID-0:RT:  flow_first_in_dst_nat: in <.local..4>, out <ge-0/0/2.0> dst_adr 10.0.12.18, sp 16, dp 39466

Mar  1 22:19:07 22:19:07.183197:CID-0:RT:  chose interface .local..4 as incoming nat if.

Mar  1 22:19:07 22:19:07.183200:CID-0:RT:flow_first_rule_dst_xlate: packet 172.20.52.10->10.0.12.18 nsp2 0.0.0.0->10.0.12.18.

Mar  1 22:19:07 22:19:07.183203:CID-0:RT:[JSF] Do ingress interest check. regd ingress plugins(1)

Mar  1 22:19:07 22:19:07.183206:CID-0:RT:-jsf int check: plugin junos-apbr-main(9), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183207:CID-0:RT:[JSF][0]plugins(0x0) enabled for session = 39110  implicit mask(0x0), service request(0x0)

Mar  1 22:19:07 22:19:07.183208:CID-0:RT:-jsf : no plugin ingress interested for session 39110
Mar  1 22:19:07 22:19:07.183208:CID-0:RT:flow_first_routing: vr_id 4, call flow_route_lookup(): src_ip 172.20.52.10, x_dst_ip 10.0.12.18, in ifp .local..4, out ifp ge-0/0/2.0 sp 16, dp 39466, ip_proto 1, tos 0

Mar  1 22:19:07 22:19:07.183211:CID-0:RT:Doing DESTINATION addr route-lookup

Mar  1 22:19:07 22:19:07.183212:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:07 22:19:07.183213:CID-0:RT:flow_rt_lkup: Found route entry 0x5a434100,nh id 0x248, out if 0x47

Mar  1 22:19:07 22:19:07.183215:CID-0:RT:flow_rt_lkup: nh word 0x100010

Mar  1 22:19:07 22:19:07.183215:CID-0:RT:flow_ipv4_rt_lkup success 10.0.12.18, iifl 0x44, oifl 0x47

Mar  1 22:19:07 22:19:07.183218:CID-0:RT:Checking in-ifp from .local..4 to ge-0/0/2.0 for src: 172.20.52.10 in vr_id:4

Mar  1 22:19:07 22:19:07.183220:CID-0:RT:  routed (x_dst_ip 10.0.12.18) from junos-host (.local..4 in 0) to ge-0/0/1.0, Next-hop: 172.20.56.1

Mar  1 22:19:07 22:19:07.183222:CID-0:RT:flow_first_policy_search: policy search from zone junos-host-> zone trust (0x0,0x109a2a,0x9a2a)

Mar  1 22:19:07 22:19:07.183225:CID-0:RT:Policy lkup: vsys 0 zone(2:junos-host) -> zone(8:trust) scope:0

Mar  1 22:19:07 22:19:07.183226:CID-0:RT:             172.20.52.10/2048 -> 10.0.12.18/39799 proto 1

Mar  1 22:19:07 22:19:07.183230:CID-0:RT:flow_first_policy_search: dynapp_none_policy: TRUE, is_final: 0x0, is_explicit: 0x0, policy_meta_data: 0x0

Mar  1 22:19:07 22:19:07.183231:CID-0:RT:  app 0, timeout 60s, curr ageout 60s

Mar  1 22:19:07 22:19:07.183232:CID-0:RT:  permitted by policy self-traffic-policy(1)

Mar  1 22:19:07 22:19:07.183232:CID-0:RT:  packet passed, Permitted by policy.

Mar  1 22:19:07 22:19:07.183234:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False

Mar  1 22:19:07 22:19:07.183235:CID-0:RT:flow_first_src_xlate:  incoming src port is : 4096.

Mar  1 22:19:07 22:19:07.183239:CID-0:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False, nat_eim: False.

Mar  1 22:19:07 22:19:07.183239:CID-0:RT:  dip id = 0/0, 172.20.52.10/16->172.20.52.10/16 protocol 0

Mar  1 22:19:07 22:19:07.183242:CID-0:RT:  choose interface ge-0/0/1.0(P2P) as outgoing phy if

Mar  1 22:19:07 22:19:07.183244:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/1.0, addr: 10.0.12.18, rtt_idx:4

Mar  1 22:19:07 22:19:07.183245:CID-0:RT:[JSF]Normal interest check. regd plugins 37, enabled impl mask 0x0

Mar  1 22:19:07 22:19:07.183247:CID-0:RT:-jsf int check: plugin junos-screen-adapter(2), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183249:CID-0:RT:get NULL sess plugin info 0x2c7a42c0

Mar  1 22:19:07 22:19:07.183250:CID-0:RT:-jsf int check: plugin junos-fwauth-adapter(3), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183251:CID-0:RT:-jsf int check: plugin junos-rtcom(5), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183254:CID-0:RT:get NULL sess plugin info 0x2c7a42c0

Mar  1 22:19:07 22:19:07.183255:CID-0:RT:-jsf int check: plugin junos-jdpi(6), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183256:CID-0:RT:-jsf int check: plugin junos-utm-uf-pkt(7), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183258:CID-0:RT:-jsf int check: plugin junos-dynapp(8), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183259:CID-0:RT:-jsf int check: plugin junos-appfw(10), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183261:CID-0:RT:-jsf int check: plugin junos-appqos(11), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183262:CID-0:RT:-jsf int check: plugin junos-secintel(12), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183265:CID-0:RT:-jsf int check: plugin junos-idp(13), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183266:CID-0:RT:-jsf int check: plugin junos-aamw(14), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183267:CID-0:RT:get NULL sess plugin info 0x2c7a42c0

Mar  1 22:19:07 22:19:07.183268:CID-0:RT:-jsf int check: plugin junos-userfw(15), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183270:CID-0:RT:-jsf int check: plugin junos-ssl-proxy(17), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183271:CID-0:RT:-jsf int check: plugin junos-fwauth-stream-adapter(19), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183272:CID-0:RT:-jsf int check: plugin junos-dynapp-stream(21), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183273:CID-0:RT:-jsf int check: plugin junos-appfw-stream(22), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183274:CID-0:RT:-jsf int check: plugin junos-idp-stream(23), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183276:CID-0:RT:-jsf int check: plugin junos-aamw-stream(24), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183276:CID-0:RT:get NULL sess plugin info 0x2c7a42c0

Mar  1 22:19:07 22:19:07.183278:CID-0:RT:get NULL sess plugin info 0x2c7a42c0

Mar  1 22:19:07 22:19:07.183278:CID-0:RT:-jsf int check: plugin junos-captive-portal(25), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183279:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3

Mar  1 22:19:07 22:19:07.183280:CID-0:RT:-jsf int check: plugin junos-test(26), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183282:CID-0:RT:get NULL sess plugin info 0x2c7a42c0

Mar  1 22:19:07 22:19:07.183283:CID-0:RT:-jsf int check: plugin junos-alg(27), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183284:CID-0:RT:-jsf int check: plugin junos-utm-uf-stream(28), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183285:CID-0:RT:get NULL sess plugin info 0x2c7a42c0

Mar  1 22:19:07 22:19:07.183287:CID-0:RT:-jsf int check: plugin junos-utm(29), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183288:CID-0:RT:get NULL sess plugin info 0x2c7a42c0

Mar  1 22:19:07 22:19:07.183289:CID-0:RT:-jsf int check: plugin junos-icap-redirect(30), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183289:CID-0:RT:-jsf int check: plugin junos-log(31), svc_req 0x0, impl mask 0x0. rc 0

Mar  1 22:19:07 22:19:07.183291:CID-0:RT:-jsf int check: plugin junos-rtcom-stream(32), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183292:CID-0:RT:-jsf int check: plugin junos-remote-access-gw(33), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183293:CID-0:RT:-jsf int check: plugin junos-gprs(36), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183293:CID-0:RT:-jsf int check: plugin junos-uac(37), svc_req 0x0, impl mask 0x0. rc 2

Mar  1 22:19:07 22:19:07.183296:CID-0:RT:-jsf int check: plugin junos-appqoe(45), svc_req 0x0, impl mask 0x0. rc 4

Mar  1 22:19:07 22:19:07.183296:CID-0:RT:[JSF]Plugins(0x0, count 0) enabled for session = 39110, impli mask(0x0), post_nat cnt 0 svc req(0x2c7a4380)

Mar  1 22:19:07 22:19:07.183297:CID-0:RT:-jsf : no plugin interested for session 39110, free sess plugin info

Mar  1 22:19:07 22:19:07.183298:CID-0:RT:jsf pre int check result 0 0 0 0

Mar  1 22:19:07 22:19:07.183298:CID-0:RT:flow_first_service_lookup(): natp(0x2c7a42c0): app_id, 0(0).

Mar  1 22:19:07 22:19:07.183299:CID-0:RT:  service lookup identified service 0.

Mar  1 22:19:07 22:19:07.183300:CID-0:RT:  flow_first_final_check: in <.local..4>, out <ge-0/0/1.0>

Mar  1 22:19:07 22:19:07.183300:CID-0:RT:In flow_first_complete_session

Mar  1 22:19:07 22:19:07.183301:CID-0:RT:flow_first_complete_session, pak_ptr: 0x7ffffeffd270, nsp: 0x2c7a42c0, in_tunnel: 0x0

Mar  1 22:19:07 22:19:07.183302:CID-0:RT:before copy: nsp vec_list 0x0, nsp2 vec_list 0x200

Mar  1 22:19:07 22:19:07.183303:CID-0:RT:after copy: nsp vec_list 0x200, nsp2 vec_list 0x200

Mar  1 22:19:07 22:19:07.183303:CID-0:RT:construct v4 vector for nsp2 and nsp

Mar  1 22:19:07 22:19:07.183304:CID-0:RT:  existing vector list 0x200-0x8cfcfa90.

Mar  1 22:19:07 22:19:07.183304:CID-0:RT:vector index for nsp2: 200

Mar  1 22:19:07 22:19:07.183305:CID-0:RT:  existing vector list 0x200-0x8cfcfa90.

Mar  1 22:19:07 22:19:07.183305:CID-0:RT:vector index for nsp: 200

Mar  1 22:19:07 22:19:07.183305:CID-0:RT:  Session (id:39110) created for first pak 200

Mar  1 22:19:07 22:19:07.183306:CID-0:RT:first pak processing successful

Mar  1 22:19:07 22:19:07.183307:CID-0:RT:  flow_first_install_session======> 0x2c7a42c0

Mar  1 22:19:07 22:19:07.183307:CID-0:RT: nsp 0x2c7a42c0, nsp2 0x2c7a4380

Mar  1 22:19:07 22:19:07.183308:CID-0:RT:  make_nsp_ready_no_resolve()

Mar  1 22:19:07 22:19:07.183308:CID-0:RT:make_nsp_ready_no_resolve: Route Lookup for dest route.  Src_ip 10.0.12.18  Dst_ip 172.20.52.10  protocal 1  ifp .local..4, route_flag: 0x8

Mar  1 22:19:07 22:19:07.183311:CID-0:RT:flow_rt_lkup in VR-id: 4

Mar  1 22:19:07 22:19:07.183311:CID-0:RT:flow_rt_lkup: Found route entry 0x5a3e05c0,nh id 0x23d, out if 0x0

Mar  1 22:19:07 22:19:07.183312:CID-0:RT:flow_rt_lkup: get NH in local route
Mar  1 22:19:07 22:19:07.183312:CID-0:RT:flow_rt_lkup: nh word 0xfffb0006

Mar  1 22:19:07 22:19:07.183313:CID-0:RT:flow_ipv4_rt_lkup success 172.20.52.10, iifl 0x44, oifl 0x0

Mar  1 22:19:07 22:19:07.183315:CID-0:RT:  route lookup: dest-ip 172.20.52.10 orig ifp .local..4 output_ifp .local..4  orig-zone 2 out-zone 2 need_clear_fto 0 vsd 0, route_flag: 0x8

Mar  1 22:19:07 22:19:07.183316:CID-0:RT:  route to 172.20.52.10

Mar  1 22:19:07 22:19:07.183317:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:07 22:19:07.183318:CID-0:RT:nsp_set_pmtu

Mar  1 22:19:07 22:19:07.183319:CID-0:RT:no need update ha

Mar  1 22:19:07 22:19:07.183320:CID-0:RT:updating pending sess (39110) in ager

Mar  1 22:19:07 22:19:07.183321:CID-0:RT:first path session installation succeeded

Mar  1 22:19:07 22:19:07.183321:CID-0:RT:  flow got session.

Mar  1 22:19:07 22:19:07.183322:CID-0:RT:  flow session id 39110

Mar  1 22:19:07 22:19:07.183323:CID-0:RT: vector bits 0x200 vector 0x8cfcfa90

Mar  1 22:19:07 22:19:07.183325:CID-0:RT:mbuf 0x7cdad600, exit nh 0x100010

Mar  1 22:19:07 22:19:07.183326:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x7ffffeffd270 associated with mbuf 0x7cdad600

Mar  1 22:19:07 22:19:07.183327:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Mar  1 22:19:13 22:19:13.622068:CID-0:RT:CLI flow status command recvd, subtype =1

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.622141:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.722153:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.822592:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.822606:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.822612:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.822705:CID-0:RT:flow_send_session_info_reply_common: sent reply message count: 1, size: 2776

Mar  1 22:19:13 22:19:13.822708:CID-0:RT:flow_send_session_info_reply_common: sent end of reply message size: 192

Mar  1 22:19:50 22:19:50.734696:CID-0:RT:phase1 ageout called for session id 39084, state: 3

Mar  1 22:19:50 22:19:50.734701:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:50 22:19:50.734702:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:50 22:19:50.734703:CID-0:RT:jsf sess close notify

Mar  1 22:19:50 22:19:50.734704:CID-0:RT:flow_ipv4_del_flow: sess 39084, in hash 32

Mar  1 22:19:50 22:19:50.734706:CID-0:RT:flow_ipv4_del_flow: sess 39084, in hash 32

Mar  1 22:19:50 22:19:50.734708:CID-0:RT:phase1 ageout called for session id 39086, state: 3

Mar  1 22:19:50 22:19:50.734709:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:50 22:19:50.734709:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:50 22:19:50.734710:CID-0:RT:jsf sess close notify

Mar  1 22:19:50 22:19:50.734710:CID-0:RT:flow_ipv4_del_flow: sess 39086, in hash 32

Mar  1 22:19:50 22:19:50.734711:CID-0:RT:flow_ipv4_del_flow: sess 39086, in hash 32

Mar  1 22:19:52 22:19:52.736172:CID-0:RT:phase1 ageout called for session id 39088, state: 3

Mar  1 22:19:52 22:19:52.736177:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:52 22:19:52.736178:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:52 22:19:52.736178:CID-0:RT:jsf sess close notify

Mar  1 22:19:52 22:19:52.736179:CID-0:RT:flow_ipv4_del_flow: sess 39088, in hash 32

Mar  1 22:19:52 22:19:52.736180:CID-0:RT:flow_ipv4_del_flow: sess 39088, in hash 32

Mar  1 22:19:52 22:19:52.736181:CID-0:RT:phase1 ageout called for session id 39093, state: 3

Mar  1 22:19:52 22:19:52.736182:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:52 22:19:52.736182:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:52 22:19:52.736183:CID-0:RT:jsf sess close notify

Mar  1 22:19:52 22:19:52.736183:CID-0:RT:flow_ipv4_del_flow: sess 39093, in hash 32

Mar  1 22:19:52 22:19:52.736183:CID-0:RT:flow_ipv4_del_flow: sess 39093, in hash 32

Mar  1 22:19:52 22:19:52.736184:CID-0:RT:phase2 ageout called for session id 39084

Mar  1 22:19:52 22:19:52.736185:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:19:52 22:19:52.736187:CID-0:RT:ageout 68,172.20.52.10/0->10.0.12.18/10906,1, (0/0)

Mar  1 22:19:52 22:19:52.736192:CID-0:RT:free sess dip id :0/0

Mar  1 22:19:52 22:19:52.736195:CID-0:RT:ageout done for session id 39084

Mar  1 22:19:52 22:19:52.736196:CID-0:RT:phase2 ageout called for session id 39086

Mar  1 22:19:52 22:19:52.736196:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:19:52 22:19:52.736197:CID-0:RT:ageout 68,172.20.52.10/256->10.0.12.18/10906,1, (0/0)

Mar  1 22:19:52 22:19:52.736198:CID-0:RT:free sess dip id :0/0

Mar  1 22:19:52 22:19:52.736199:CID-0:RT:ageout done for session id 39086

Mar  1 22:19:54 22:19:54.739266:CID-0:RT:phase1 ageout called for session id 39094, state: 3

Mar  1 22:19:54 22:19:54.739272:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:54 22:19:54.739273:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:54 22:19:54.739273:CID-0:RT:jsf sess close notify

Mar  1 22:19:54 22:19:54.739274:CID-0:RT:flow_ipv4_del_flow: sess 39094, in hash 32

Mar  1 22:19:54 22:19:54.739276:CID-0:RT:flow_ipv4_del_flow: sess 39094, in hash 32

Mar  1 22:19:54 22:19:54.739278:CID-0:RT:phase1 ageout called for session id 39095, state: 3

Mar  1 22:19:54 22:19:54.739279:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:54 22:19:54.739279:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:54 22:19:54.739280:CID-0:RT:jsf sess close notify

Mar  1 22:19:54 22:19:54.739280:CID-0:RT:flow_ipv4_del_flow: sess 39095, in hash 32

Mar  1 22:19:54 22:19:54.739281:CID-0:RT:flow_ipv4_del_flow: sess 39095, in hash 32

Mar  1 22:19:54 22:19:54.739282:CID-0:RT:phase2 ageout called for session id 39088

Mar  1 22:19:54 22:19:54.739282:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:19:54 22:19:54.739286:CID-0:RT:ageout 68,172.20.52.10/512->10.0.12.18/10906,1, (0/0)

Mar  1 22:19:54 22:19:54.739291:CID-0:RT:free sess dip id :0/0

Mar  1 22:19:54 22:19:54.739295:CID-0:RT:ageout done for session id 39088

Mar  1 22:19:54 22:19:54.739295:CID-0:RT:phase2 ageout called for session id 39093

Mar  1 22:19:54 22:19:54.739296:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:19:54 22:19:54.739296:CID-0:RT:ageout 68,172.20.52.10/768->10.0.12.18/10906,1, (0/0)

Mar  1 22:19:54 22:19:54.739298:CID-0:RT:free sess dip id :0/0

Mar  1 22:19:54 22:19:54.739298:CID-0:RT:ageout done for session id 39093

Mar  1 22:19:56 22:19:56.738491:CID-0:RT:phase1 ageout called for session id 39096, state: 3

Mar  1 22:19:56 22:19:56.738496:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:56 22:19:56.738497:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:56 22:19:56.738498:CID-0:RT:jsf sess close notify

Mar  1 22:19:56 22:19:56.738498:CID-0:RT:flow_ipv4_del_flow: sess 39096, in hash 32

Mar  1 22:19:56 22:19:56.738500:CID-0:RT:flow_ipv4_del_flow: sess 39096, in hash 32

Mar  1 22:19:56 22:19:56.738502:CID-0:RT:phase1 ageout called for session id 39101, state: 3

Mar  1 22:19:56 22:19:56.738503:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:56 22:19:56.738503:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:56 22:19:56.738504:CID-0:RT:jsf sess close notify

Mar  1 22:19:56 22:19:56.738504:CID-0:RT:flow_ipv4_del_flow: sess 39101, in hash 32

Mar  1 22:19:56 22:19:56.738505:CID-0:RT:flow_ipv4_del_flow: sess 39101, in hash 32

Mar  1 22:19:56 22:19:56.738506:CID-0:RT:phase2 ageout called for session id 39094

Mar  1 22:19:56 22:19:56.738507:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:19:56 22:19:56.738510:CID-0:RT:ageout 68,172.20.52.10/1024->10.0.12.18/10906,1, (0/0)

Mar  1 22:19:56 22:19:56.738516:CID-0:RT:free sess dip id :0/0

Mar  1 22:19:56 22:19:56.738520:CID-0:RT:ageout done for session id 39094

Mar  1 22:19:56 22:19:56.738520:CID-0:RT:phase2 ageout called for session id 39095

Mar  1 22:19:56 22:19:56.738521:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:19:56 22:19:56.738521:CID-0:RT:ageout 68,172.20.52.10/1280->10.0.12.18/10906,1, (0/0)

Mar  1 22:19:56 22:19:56.738523:CID-0:RT:free sess dip id :0/0

Mar  1 22:19:56 22:19:56.738524:CID-0:RT:ageout done for session id 39095

Mar  1 22:19:58 22:19:58.737351:CID-0:RT:phase1 ageout called for session id 39102, state: 3

Mar  1 22:19:58 22:19:58.737356:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:58 22:19:58.737357:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:58 22:19:58.737358:CID-0:RT:jsf sess close notify

Mar  1 22:19:58 22:19:58.737359:CID-0:RT:flow_ipv4_del_flow: sess 39102, in hash 32

Mar  1 22:19:58 22:19:58.737360:CID-0:RT:flow_ipv4_del_flow: sess 39102, in hash 32

Mar  1 22:19:58 22:19:58.737362:CID-0:RT:phase1 ageout called for session id 39103, state: 3

Mar  1 22:19:58 22:19:58.737364:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:58 22:19:58.737364:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:19:58 22:19:58.737364:CID-0:RT:jsf sess close notify

Mar  1 22:19:58 22:19:58.737365:CID-0:RT:flow_ipv4_del_flow: sess 39103, in hash 32

Mar  1 22:19:58 22:19:58.737366:CID-0:RT:flow_ipv4_del_flow: sess 39103, in hash 32

Mar  1 22:19:58 22:19:58.737367:CID-0:RT:phase2 ageout called for session id 39096

Mar  1 22:19:58 22:19:58.737367:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:19:58 22:19:58.737371:CID-0:RT:ageout 68,172.20.52.10/1536->10.0.12.18/10906,1, (0/0)

Mar  1 22:19:58 22:19:58.737377:CID-0:RT:free sess dip id :0/0

Mar  1 22:19:58 22:19:58.737381:CID-0:RT:ageout done for session id 39096

Mar  1 22:19:59 22:19:58.737382:CID-0:RT:phase2 ageout called for session id 39101

Mar  1 22:19:59 22:19:58.737383:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:19:59 22:19:58.737384:CID-0:RT:ageout 68,172.20.52.10/1792->10.0.12.18/10906,1, (0/0)

Mar  1 22:19:59 22:19:58.737386:CID-0:RT:free sess dip id :0/0

Mar  1 22:19:59 22:19:58.737387:CID-0:RT:ageout done for session id 39101

Mar  1 22:20:00 22:20:00.736952:CID-0:RT:phase1 ageout called for session id 39104, state: 3

Mar  1 22:20:00 22:20:00.736957:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:00 22:20:00.736958:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:00 22:20:00.736959:CID-0:RT:jsf sess close notify

Mar  1 22:20:00 22:20:00.736960:CID-0:RT:flow_ipv4_del_flow: sess 39104, in hash 32

Mar  1 22:20:00 22:20:00.736961:CID-0:RT:flow_ipv4_del_flow: sess 39104, in hash 32

Mar  1 22:20:00 22:20:00.736963:CID-0:RT:phase1 ageout called for session id 39105, state: 3

Mar  1 22:20:00 22:20:00.736964:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:00 22:20:00.736965:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:00 22:20:00.736965:CID-0:RT:jsf sess close notify

Mar  1 22:20:00 22:20:00.736966:CID-0:RT:flow_ipv4_del_flow: sess 39105, in hash 32

Mar  1 22:20:00 22:20:00.736967:CID-0:RT:flow_ipv4_del_flow: sess 39105, in hash 32

Mar  1 22:20:00 22:20:00.736968:CID-0:RT:phase2 ageout called for session id 39102

Mar  1 22:20:00 22:20:00.736968:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:20:00 22:20:00.736972:CID-0:RT:ageout 68,172.20.52.10/2048->10.0.12.18/10906,1, (0/0)

Mar  1 22:20:00 22:20:00.736976:CID-0:RT:free sess dip id :0/0

Mar  1 22:20:00 22:20:00.736980:CID-0:RT:ageout done for session id 39102

Mar  1 22:20:00 22:20:00.736981:CID-0:RT:phase2 ageout called for session id 39103

Mar  1 22:20:00 22:20:00.736981:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:20:00 22:20:00.736982:CID-0:RT:ageout 68,172.20.52.10/2304->10.0.12.18/10906,1, (0/0)

Mar  1 22:20:00 22:20:00.736983:CID-0:RT:free sess dip id :0/0

Mar  1 22:20:00 22:20:00.736984:CID-0:RT:ageout done for session id 39103

Mar  1 22:20:02 22:20:02.738703:CID-0:RT:phase1 ageout called for session id 39106, state: 3

Mar  1 22:20:02 22:20:02.738707:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:02 22:20:02.738708:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:02 22:20:02.738708:CID-0:RT:jsf sess close notify

Mar  1 22:20:02 22:20:02.738709:CID-0:RT:flow_ipv4_del_flow: sess 39106, in hash 32

Mar  1 22:20:02 22:20:02.738710:CID-0:RT:flow_ipv4_del_flow: sess 39106, in hash 32

Mar  1 22:20:02 22:20:02.738712:CID-0:RT:phase1 ageout called for session id 39107, state: 3

Mar  1 22:20:02 22:20:02.738712:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:02 22:20:02.738713:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:02 22:20:02.738713:CID-0:RT:jsf sess close notify

Mar  1 22:20:02 22:20:02.738713:CID-0:RT:flow_ipv4_del_flow: sess 39107, in hash 32

Mar  1 22:20:02 22:20:02.738714:CID-0:RT:flow_ipv4_del_flow: sess 39107, in hash 32

Mar  1 22:20:02 22:20:02.738715:CID-0:RT:phase2 ageout called for session id 39104

Mar  1 22:20:02 22:20:02.738715:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:20:02 22:20:02.738718:CID-0:RT:ageout 68,172.20.52.10/2560->10.0.12.18/10906,1, (0/0)

Mar  1 22:20:02 22:20:02.738723:CID-0:RT:free sess dip id :0/0

Mar  1 22:20:02 22:20:02.738726:CID-0:RT:ageout done for session id 39104

Mar  1 22:20:02 22:20:02.738727:CID-0:RT:phase2 ageout called for session id 39105

Mar  1 22:20:02 22:20:02.738727:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:20:02 22:20:02.738728:CID-0:RT:ageout 68,172.20.52.10/2816->10.0.12.18/10906,1, (0/0)

Mar  1 22:20:02 22:20:02.738729:CID-0:RT:free sess dip id :0/0

Mar  1 22:20:02 22:20:02.738730:CID-0:RT:ageout done for session id 39105

Mar  1 22:20:04 22:20:04.738815:CID-0:RT:phase1 ageout called for session id 39108, state: 3

Mar  1 22:20:04 22:20:04.738821:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:04 22:20:04.738822:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:04 22:20:04.738823:CID-0:RT:jsf sess close notify

Mar  1 22:20:04 22:20:04.738824:CID-0:RT:flow_ipv4_del_flow: sess 39108, in hash 32

Mar  1 22:20:04 22:20:04.738825:CID-0:RT:flow_ipv4_del_flow: sess 39108, in hash 32

Mar  1 22:20:04 22:20:04.738828:CID-0:RT:phase1 ageout called for session id 39109, state: 3

Mar  1 22:20:04 22:20:04.738829:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:04 22:20:04.738829:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:04 22:20:04.738830:CID-0:RT:jsf sess close notify

Mar  1 22:20:04 22:20:04.738830:CID-0:RT:flow_ipv4_del_flow: sess 39109, in hash 32

Mar  1 22:20:04 22:20:04.738831:CID-0:RT:flow_ipv4_del_flow: sess 39109, in hash 32

Mar  1 22:20:04 22:20:04.738832:CID-0:RT:phase2 ageout called for session id 39106

Mar  1 22:20:04 22:20:04.738832:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:20:04 22:20:04.738836:CID-0:RT:ageout 68,172.20.52.10/3072->10.0.12.18/10906,1, (0/0)

Mar  1 22:20:04 22:20:04.738841:CID-0:RT:free sess dip id :0/0

Mar  1 22:20:04 22:20:04.738844:CID-0:RT:ageout done for session id 39106

Mar  1 22:20:04 22:20:04.738845:CID-0:RT:phase2 ageout called for session id 39107

Mar  1 22:20:04 22:20:04.738845:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:20:04 22:20:04.738846:CID-0:RT:ageout 68,172.20.52.10/3328->10.0.12.18/10906,1, (0/0)

Mar  1 22:20:04 22:20:04.738847:CID-0:RT:free sess dip id :0/0

Mar  1 22:20:04 22:20:04.738848:CID-0:RT:ageout done for session id 39107

Mar  1 22:20:06 22:20:06.736877:CID-0:RT:phase1 ageout called for session id 39110, state: 3

Mar  1 22:20:06 22:20:06.736886:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:06 22:20:06.736888:CID-0:RT:  flow_spu_update_np_session: FLOW STUB

Mar  1 22:20:06 22:20:06.736890:CID-0:RT:jsf sess close notify

Mar  1 22:20:06 22:20:06.736892:CID-0:RT:flow_ipv4_del_flow: sess 39110, in hash 32

Mar  1 22:20:06 22:20:06.736894:CID-0:RT:flow_ipv4_del_flow: sess 39110, in hash 32

Mar  1 22:20:06 22:20:06.736898:CID-0:RT:phase2 ageout called for session id 39108

Mar  1 22:20:06 22:20:06.736900:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:20:06 22:20:06.736908:CID-0:RT:ageout 68,172.20.52.10/3584->10.0.12.18/10906,1, (0/0)

Mar  1 22:20:06 22:20:06.736930:CID-0:RT:free sess dip id :0/0

Mar  1 22:20:06 22:20:06.736934:CID-0:RT:ageout done for session id 39108

Mar  1 22:20:06 22:20:06.736935:CID-0:RT:phase2 ageout called for session id 39109

Mar  1 22:20:06 22:20:06.736936:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:20:06 22:20:06.736937:CID-0:RT:ageout 68,172.20.52.10/3840->10.0.12.18/10906,1, (0/0)

Mar  1 22:20:06 22:20:06.736940:CID-0:RT:free sess dip id :0/0

Mar  1 22:20:06 22:20:06.736941:CID-0:RT:ageout done for session id 39109

Mar  1 22:20:08 22:20:08.736431:CID-0:RT:phase2 ageout called for session id 39110

Mar  1 22:20:08 22:20:08.736433:CID-0:RT:cp_present 0, state 4, marked_ageout 0

Mar  1 22:20:08 22:20:08.736436:CID-0:RT:ageout 68,172.20.52.10/4096->10.0.12.18/10906,1, (0/0)

Mar  1 22:20:08 22:20:08.736440:CID-0:RT:free sess dip id :0/0

Mar  1 22:20:08 22:20:08.736445:CID-0:RT:ageout done for session id 39110

 

Here is my show security flow session

 

Session ID: 39084, Policy name: self-traffic-policy/1, Timeout: 38, Valid
  In: 172.20.52.10/0 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/0;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39086, Policy name: self-traffic-policy/1, Timeout: 38, Valid
  In: 172.20.52.10/1 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/1;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39088, Policy name: self-traffic-policy/1, Timeout: 40, Valid
  In: 172.20.52.10/2 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/2;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39093, Policy name: self-traffic-policy/1, Timeout: 40, Valid
  In: 172.20.52.10/3 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/3;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39094, Policy name: self-traffic-policy/1, Timeout: 42, Valid
  In: 172.20.52.10/4 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/4;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39095, Policy name: self-traffic-policy/1, Timeout: 42, Valid
  In: 172.20.52.10/5 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/5;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39096, Policy name: self-traffic-policy/1, Timeout: 44, Valid
  In: 172.20.52.10/6 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/6;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39101, Policy name: self-traffic-policy/1, Timeout: 44, Valid
  In: 172.20.52.10/7 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/7;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39102, Policy name: self-traffic-policy/1, Timeout: 46, Valid
  In: 172.20.52.10/8 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/8;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39103, Policy name: self-traffic-policy/1, Timeout: 46, Valid
  In: 172.20.52.10/9 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/9;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39104, Policy name: self-traffic-policy/1, Timeout: 48, Valid
  In: 172.20.52.10/10 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/10;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39105, Policy name: self-traffic-policy/1, Timeout: 48, Valid
  In: 172.20.52.10/11 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/11;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39106, Policy name: self-traffic-policy/1, Timeout: 50, Valid
  In: 172.20.52.10/12 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/12;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39107, Policy name: self-traffic-policy/1, Timeout: 50, Valid
  In: 172.20.52.10/13 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/13;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39108, Policy name: self-traffic-policy/1, Timeout: 52, Valid
  In: 172.20.52.10/14 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/14;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39109, Policy name: self-traffic-policy/1, Timeout: 52, Valid
  In: 172.20.52.10/15 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/15;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,

Session ID: 39110, Policy name: self-traffic-policy/1, Timeout: 54, Valid
  In: 172.20.52.10/16 --> 10.0.12.18/39466;icmp, Conn Tag: 0x0, If: .local..4, Pkts: 1, Bytes: 84,
  Out: 10.0.12.18/39466 --> 172.20.52.10/16;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 0, Bytes: 0,
Total sessions: 17
Highlighted
vSRX

Re: Source based routing on vSRX

‎03-02-2019 02:57 PM

I think you have a routing issue. I don't know who 10.0.12.18 is and where it is,  but this is what I am seeing with your configuration and from the packet trace and show security flow session. The route lookup is telling your srx to go out of ge-0/0/1 (zone trust) when you ping 10.0.12.18. 
The srx decides what policy to use, and how to do source nat, AFTER the route lookup, which determines what is the outbound interface and zone. 

 

Yasmin Lara - Juniper Ambassador #QuadE - JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCIS-CLOUD, JNCDS-DC, JNCIA-DevOps
Highlighted
vSRX
Solution
Accepted by topic author joshuamichaelsanders
‎03-04-2019 09:45 AM

Re: Source based routing on vSRX

‎03-02-2019 02:58 PM

ZONE and ROUTES.png

Yasmin Lara - Juniper Ambassador #QuadE - JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCIS-CLOUD, JNCDS-DC, JNCIA-DevOps
Highlighted
vSRX

Re: Source based routing on vSRX

‎03-03-2019 04:50 AM

Also not that when the source or destination of traffic is the SRX itself the zone is junos-host and it does not appear as transit traffic processing.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
vSRX

Re: Source based routing on vSRX

[ Edited ]
‎03-04-2019 08:25 AM

@ylara wrote:

I think you have a routing issue. I don't know who 10.0.12.18 is and where it is,  but this is what I am seeing with your configuration and from the packet trace and show security flow session.


 

10.0.12.18 should be located off the trust interface/zone. That is my corporate on-prem that is connected via AWS VPN. That is the correct routing and where the packets should be going. 


Highlighted
vSRX

Re: Source based routing on vSRX

‎03-04-2019 09:44 AM

Your post gave me the inspiration I needed. I setup a 1:1 NAT from DMZ to Trust and traffic started flowing as expected. Appreciate the help. 

Highlighted
vSRX

Re: Source based routing on vSRX

‎03-10-2019 06:04 PM

Glad to hear ! :-) 

Yasmin Lara - Juniper Ambassador #QuadE - JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCIS-CLOUD, JNCDS-DC, JNCIA-DevOps
Feedback