[{"content":"","date":"28 November 2024","externalUrl":null,"permalink":"/posts/","section":"All Posts","summary":"","title":"All Posts","type":"posts"},{"content":"","date":"28 November 2024","externalUrl":null,"permalink":"/","section":"Denis Nolan","summary":"","title":"Denis Nolan","type":"page"},{"content":"","date":"26 September 2022","externalUrl":null,"permalink":"/tags/juniper/","section":"Tags","summary":"","title":"Juniper","type":"tags"},{"content":"I\u0026rsquo;ve come across this mostly with SRX units where the device is running on a backup image. This generally happens if the unit suffers a power cut.\nMessage # *********************************************************************** ** ** ** WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE ** ** ** ** It is possible that the primary copy of JUNOS failed to boot up ** ** properly, and so this device has booted from the backup copy. ** ** ** ** Please re-install JUNOS to recover the primary copy in case ** ** it has been corrupted and if auto-snapshot feature is not ** ** enabled. ** ** ** *********************************************************************** Steps # show system alarms 1 alarms currently active Alarm time Class Description 2022-03-07 09:05:08 GMT Minor Host 0 Boot from backup root show chassis alarms 1 alarms currently active Alarm time Class Description 2022-03-07 09:05:08 GMT Minor Host 0 Boot from backup root show system storage partitions Boot Media: internal (da0) Active Partition: da0s1a Backup Partition: da0s2a Currently booted from: backup (da0s2a) Partitions information: Partition Size Mountpoint s1a 2.4G altroot s2a 2.4G / s3e 185M /config s3f 2.1G /var s4a 224M recovery s4e 15M Note above stating Currently booted from: backup (da0s2a). This is the backup partition the unit has currently booted from. We\u0026rsquo;ll need to rectify this.\nshow system snapshot media internal show system snapshot media internal Information for snapshot on internal (/dev/da0s1a) (primary) Creation date: Mar 7 09:05:02 2022 JUNOS version on snapshot: junos : 15.1X49-D70.3-domestic Information for snapshot on internal (/dev/da0s2a) (backup) Creation date: Mar 7 09:01:56 2022 JUNOS version on snapshot: junos : 15.1X49-D70.3-domestic request system snapshot slice alternate This step may take a few moments to complete as advised:\ndnolan@xxxxx-srx\u0026gt; request system snapshot slice alternate Formatting alternate root (/dev/da0s1a)... Copying \u0026#39;/dev/da0s2a\u0026#39; to \u0026#39;/dev/da0s1a\u0026#39; .. (this may take a few minutes) The following filesystems were archived: / request system reboot request system reboot Reboot the system ? [yes,no] (no) yes Shutdown NOW! [pid 76674] dnolan@xxxxx-srx\u0026gt;\u0026gt; *** FINAL System shutdown message from remote@xxxxx-srx\u0026gt; *** System going down IMMEDIATELY Unit should come live again on primary image after some time. Once live again check the system is correctly on primary partition.\nshow system storage partitions Boot Media: internal (da0) Active Partition: da0s1a Backup Partition: da0s2a Currently booted from: active (da0s1a) Partitions information: Partition Size Mountpoint s1a 2.4G / s2a 2.4G altroot s3e 185M /config s3f 2.1G /var s4a 224M recovery s4e 15M Finally check alarms have cleared:\ndnolan@xxxxx-srx\u0026gt; show system alarms No alarms currently active dnolan@xxxxx-srx\u0026gt; show chassis alarms No alarms currently active All done.\n","date":"26 September 2022","externalUrl":null,"permalink":"/posts/2022/junos-running-on-backup-image/","section":"All Posts","summary":"","title":"Junos Running on Backup Image","type":"posts"},{"content":"","date":"26 September 2022","externalUrl":null,"permalink":"/tags/srx/","section":"Tags","summary":"","title":"Srx","type":"tags"},{"content":"","date":"26 September 2022","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"","date":"26 September 2022","externalUrl":null,"permalink":"/tags/tasks/","section":"Tags","summary":"","title":"Tasks","type":"tags"},{"content":"","date":"26 September 2022","externalUrl":null,"permalink":"/tags/troubleshooting/","section":"Tags","summary":"","title":"Troubleshooting","type":"tags"},{"content":"Limiting bandwidth per IPv4 address on a Juniper SRX. I\u0026rsquo;ve not done this for IPv6 as of yet. In this example there is a /29 subnet with two addresses requiring bandwidth limits.\nWe\u0026rsquo;ll be configuring the following examples:\n172.16.0.2 = 100Mbps symmetrical 172.16.0.3 = 25Mbps symmetrical Interfaces:\nWAN = ge-0/0/0 DMZ = ge-0/0/1 Configure queues and schedules # Think of the queues as segregated laneways with speed limits. We\u0026rsquo;re configuring up a queue number and naming it after the speed we\u0026rsquo;re going to set. This is just a reference name. The SRX already has some queue numbers as default, so we wont interfere with them. We\u0026rsquo;ll choose some free queues. Queues 6 and 7\nset class-of-service forwarding-class queue 6 bandwidth-25mbps set class-of-service forwarding-class queue 7 bandwidth-100mbps Now lets set a scheduler to shape the traffic:\nset class-of-service schedulers 25mbps shaping rate 25m set class-of-service schedulers 100mbps shaping rate 100m Create a scheduler map (named bandwidth-limit) to link the queue and the scheduler together: # set class-of-service scheduler-maps bandwidth-limit forwarding-class bandwidth-25mbps scheduler 25mbps set class-of-service scheduler-maps bandwidth-limit forwarding-class bandwidth-100mbps scheduler 100mbps Now that we have set a shaping rate and mapped that to each queue, we need to apply this to an interface as an available option. At this stage no limits are ready to be applied.\nset class of service interfaces ge-0/0/0 scheduler-map bandwidth-limit set class of service interfaces ge-0/0/1 scheduler-map bandwidth-limit Create your prefix list of hosts as per example: # set policy-options prefix-list pl-ipv4-100mbps-host 172.16.0.2 set policy-options prefix-list pl-ipv4-25mbps-host 172.16.0.3 Now create the firewall filters to cook this all together:\nInbound filter (ingress to SRX from customer) # set firewall family inet filter bandwidth-input term t1 from source-prefix-list pl-ipv4-100mbps-host set firewall family inet filter bandwidth-input term t1 then forwarding-class bandwidth-100mpbs set firewall family inet filter bandwidth-input term t1 then count input-100mpbs set firewall family inet filter bandwidth-input term t1 then accept set firewall family inet filter bandwidth-input term t2 from source-prefix-list pl-ipv4-25mbps-host set firewall family inet filter bandwidth-input term t2 then forwarding-class bandwidth-25mbps set firewall family inet filter bandwidth-input term t2 then count input-25mpbs set firewall family inet filter bandwidth-input term t2 then accept Outbound filter (egress from SRX to customer) # set firewall family inet filter bandwidth-output term t1 from destination-prefix-list pl-ipv4-100mbps-host set firewall family inet filter bandwidth-output term t1 then forwarding-class bandwidth-100mpbs set firewall family inet filter bandwidth-output term t1 then count input-100mpbs set firewall family inet filter bandwidth-output term t1 then accept set firewall family inet filter bandwidth-output term t2 from destination-prefix-list pl-ipv4-25mbps-host set firewall family inet filter bandwidth-output term t2 then forwarding-class bandwidth-25mbps set firewall family inet filter bandwidth-output term t2 then count input-25mpbs set firewall family inet filter bandwidth-output term t2 then accept (count aids in furture troubleshooting and confirming if the queues are being utilised)\nFinally since all that has been configured, the filters can be applied on the interface facing the customer, ge-0/0/1 in our example. This can also be in irb interface.\nset interfaces ge-0/0/1 unit 0 family inet filter input bandwidth-input set interfaces ge-0/0/1 unit 0 family inet filter output bandwidth-output Confirming class-of service # show interfaces ge-0/0/1 extensive \u0026hellip; will show incrementing packets in the correct queue if packets are sourced from either example IP.\nTagged interfaces? # Set interfaces for scheduling: set interfaces ge-0/0/0 per-unit-scheduler set interfaces ge-0/0/1 per-unit-scheduler Configure scheduler-map under interface unit within class-of service: set class of service interfaces ge-0/0/0 unit 10 scheduler-map bandwidth-limit set class of service interfaces ge-0/0/1 unit 10 scheduler-map bandwidth-limit That\u0026rsquo;s it.. commit your config (or commit confirmed 5 if you want to quickly test).\n","date":"27 August 2021","externalUrl":null,"permalink":"/posts/2021/traffic-shaping-per-ipv4-juniper-srx/","section":"All Posts","summary":"","title":"Traffic shaping per IPv4 address on Juniper SRX","type":"posts"},{"content":"","date":"27 August 2021","externalUrl":null,"permalink":"/tags/traffic-shaping/","section":"Tags","summary":"","title":"Traffic-Shaping","type":"tags"},{"content":" Hopefully this is the first of many on this blogging platform\n","date":"19 December 2020","externalUrl":null,"permalink":"/posts/2020/first-of-many-hopefully/","section":"All Posts","summary":"","title":"First of Many Hopefully","type":"posts"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"}]