Monday, October 28, 2013

Use a script to customize the snmp utility mib

Example of snmp utility mib via CLI
-----------------------

user@router> request snmp utility-mib set instance test object-type string object-value ABC
Utility mib result: successfully populated utility mib database

user@router> show snmp mib walk jnxUtil
jnxUtilStringValue.116.101.115.116 = ABC

user@router> request snmp utility-mib clear instance test object-type string
Utility mib result: successfully de-populated utility mib database


user@router> show snmp mib walk jnxUtil

------------

Now via script:
jnpr@Chef-RE0> op mib-util value "Hello World"

jnpr@Chef-RE0> show snmp mib walk jnxUtil
jnxUtilStringValue.116.101.115.116 = Hello World

Source Code:
------------







version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
ns ext = "http://xmlsoft.org/XSLT/namespace";

import "../import/junos.xsl";

var $arguments = <argument> {
    <name> "value";
    <description> "object value";
}
param $value;

match / {

        <op-script-results> {



                var $mibset-subs = <request-snmp-utility-mib-set> {

                    <object-type> "string";

                    <instance> "test";

                    <object-value> $value;

                }

                var $result=jcs:invoke($mibset-subs);

                }

}

Friday, October 25, 2013

Are the snmp index values for Mpls Tunnels persistent? And how to decode the index values.

A customer was reporting that the mplsTunnelDown SNMP Trap shows a tunnel index, but that the correlating mplsTunnelUp SNMP Trap shows a different tunnel index. We wanted to know if the indexes were persistent.


It looks like this can possibly happen if mpls has to rebuild the lsps (i.e. due to a crash), but not when there is a link flap.

user@PE-router-RE0# run show snmp mib walk mplsTunnelName.29702 
mplsTunnelName.29702.1.2870018049.2870018050 = router-to-MX-1

[edit]
user@PE-router-RE0# run restart routing 
Routing protocols process signalled but still running, waiting 8 seconds more
Routing protocols process started, pid 1707

[edit]
user@PE-router-RE0# run show snmp mib walk mplsTunnelName     |  Match router
mplsTunnelName.26096.1.2870018049.2870018050 = router-to-MX-1

[edit]
user@PE-router-RE0# run show snmp mib walk mplsTunnelName.29702    

[edit]
user@PE-router-RE0# run show snmp mib walk mplsTunnelName | match router 
mplsTunnelName.26096.1.2870018049.2870018050 = router-to-MX-1

When I flapped a link on the lsp, the tunnel index stayed the same. So something has to happen where rpd has to rebuild the lsps.

The second part is how can you decipher the snmp OID index value.

user@PE-router-RE0> show mpls lsp ingress name router-to-MX-1 
Ingress LSP: 6 sessions
To              From            State Rt P     ActivePath       LSPname
171.17.0.2      171.17.0.1      Up     0 *                      router-to-MX-1
Total 1 displayed, Up 1, Down 0

user@PE-router-RE0> show snmp mib get mplsTunnelName.26096.1.2870018049.2870018050    
mplsTunnelName.26096.1.2870018049.2870018050 = router-to-MX-1


2870018049 as an integer and convert to hex to get 0xAB110001.

Split it into 4 octets:
AB = 171
11 = 17
00 = 0
01 = 1

Which is 171.17.0.1 


Tuesday, October 22, 2013

Juniper PTP Interop between Cisco ASR 901 and Alcatel 7705 SR


I did an interop test of PTP between Juniper ACX as Boundary Clock Master and a Cisco ASR 901 and ALU 7705 SR.


GM ===== ACX2000 ====== Cisco ASR 901
                              ||
                               =========== ALU 7705 SR


It works!

---------------

Cisco Configuration - ASR 901

interface Loopback0
 ip address 192.168.112.200 255.255.255.255
!
interface GigabitEthernet0/0
 speed 1000
 duplex full
 no negotiation auto
 cdp enable
 service instance 1 ethernet
  encapsulation untagged
  bridge-domain 1
 !
!


interface Loopback0
 ip address 192.168.112.200 255.255.255.255

interface Vlan1
 ip address 192.168.112.2 255.255.255.252
!
router ospf 1
 router-id 99.99.99.99
 area 0.0.0.1 stub
 network 192.168.112.0 0.0.0.3 area 0.0.0.1
 network 192.168.112.200 0.0.0.0 area 0.0.0.1
!

ptp clock ordinary domain 17
 priority1 100
 priority2 101
 1pps-out 0 125 ms
 clock-port slave slave
  sync interval -7
  transport ipv4 unicast interface Lo0 negotiation
  clock source 192.168.112.1
!
end

asr901#show ptp clock running 



                      PTP Ordinary Clock [Domain 17]

         State          Ports          Pkts sent      Pkts rcvd      

         ACQUIRING      1              108406         208432    

                               PORT SUMMARY

Name               Tx Mode      Role         Transport    State        Sessions
slave              unicast      slave        Lo0          Slave        1

Cisco Restrictions
 The loopback address configured for PTP port can be used only for PTP functionality.
 The loopback address configured for PTP port does not respond to pings.
• A clock port once configured as master cannot change to slave dynamically, and vice versa.
 PTP boundary clock can be configured for only one domain.
asr901#show ptp clock dataset default


CLOCK [Ordinary Clock, domain 17]

  Two Step Flag: No
  Clock Identity: 0xFC:99:47:FF:FE:A6:3B:4D
  Number Of Ports: 1
  Priority1: 100
  Priority2: 101
  Domain Number: 17
  Slave Only: Yes
  Clock Quality:
    Class: 248
    Accuracy: Within 25us
    Offset (log variance): 22272

asr901#show ptp clock dataset parent domain

CLOCK [Ordinary Clock, domain 17]

  Parent Stats: No
  Observed Parent Offset (log variance): 0
  Observed Parent Clock Phase Change Rate: 0

  Grandmaster Clock:
    Identity: 0xF8:C0:1:FF:FE:8:C1:8E
    Priority1: 0
    Priority2: 0
    Clock Quality:
      Class: 52
      Accuracy: Unknown
      Offset (log variance): 11952

asr901# show ptp clock dataset default


CLOCK [Ordinary Clock, domain 17]

  Two Step Flag: No
  Clock Identity: 0xFC:99:47:FF:FE:A6:3B:4D
  Number Of Ports: 1
  Priority1: 100
  Priority2: 101
  Domain Number: 17
  Slave Only: Yes
  Clock Quality:
    Class: 248
    Accuracy: Within 25us
    Offset (log variance): 22272

 show ptp clock runn dom 17



                      PTP Ordinary Clock [Domain 17]

         State          Ports          Pkts sent      Pkts rcvd      

         PHASE_ALIGNED  1              131863         279178    

                               PORT SUMMARY

Name               Tx Mode      Role         Transport    State        Sessions

slave              unicast      slave        Lo0          Slave        1


                             SESSION INFORMATION

slave [Lo0] [Sessions 1]

 Peer addr          Pkts in    Pkts out   In Errs    Out Errs  

 192.168.112.1      130314     47461      0          0      

asr901#show platform ptp state
FLL State                     : 3 (Normal Loop)
FLL Status Duration           : 118 (sec)

Forward Flow Weight           : 0.0
Forward Flow Transient-Free   : 900 (900 sec Window)
Forward Flow Transient-Free   : 3600 (3600 sec Window)
Forward Flow Transactions Used: 199.0 (%)
Forward Flow Oper. Min TDEV   : 638.0 (nsec)
Forward Mafie                 : 0.0
Forward Flow Min Cluster Width: 433.0 (nsec)
Forward Flow Mode Width       : 1000.0 (nsec)

Reverse Flow Weight           : 100.0
Reverse Flow Transient-Free   : 900 (900 sec Window)
Reverse Flow Transient-Free   : 3600 (3600 sec Window)
Reverse Flow Transactions Used: 199.0 (%)
Reverse Flow Oper. Min TDEV   : 637.0 (nsec)
Reverse Mafie                 : 0.0
Reverse Flow Min Cluster Width: 433.0 (nsec)
Reverse Flow Mode Width       : 1000.0 (nsec)

Frequency Correction          : 33.290 (ppb)
Phase Correction              : 0.0 (ppb)

Output TDEV Estimate          : 637.0 (nsec)
Output MDEV Estimate          : 1.0 (ppb)

Residual Phase Error          : -14.64 (nsec)
Min. Roundtrip Delay          : 14.0 (nsec)

Sync Packet Rate*             : 64 (pkts/sec)
Delay Packet Rate*            : 66 (pkts/sec)

Forward IPDV % Below Threshold: 0.0
Forward Maximum IPDV          : 0.0 (usec)
Forward Interpacket Jitter    : 0.0 (usec)

Reverse IPDV % Below Threshold: 0.0
Reverse Maximum IPDV          : 0.0 (usec)
Reverse Interpacket Jitter    : 0.0 (usec)
Note: The maximum rates for Sync and Delay packets will be approximately 64 pps.

asr901#show platform ptp stats
Statistics for PTP clock 0
###############################
Number of ports : 1
Pkts Sent       : 143257
Pkts Rcvd       : 313459
Pkts Discarded  : 0
Statistics for PTP clock port 1
##################################
Pkts Sent        : 58854
Pkts Rcvd        : 164592
Pkts Discarded   : 0
Signals Rejected : 0
Statistics for peer 0
########################
IP addr   : 192.168.112.1
Pkts Sent : 58854
Pkts Rcvd : 164592

----------- 
ALU 7705

*A:7705>show# system sync-if-timing 

===============================================================================
System Interface Timing Operational Info
===============================================================================
System Status CSM A                : Master Locked
    Reference Input Mode           : Revertive
    Quality Level Selection        : Disabled

Reference Order                    : ref1 ref2 external

Reference Input 1   
    Admin Status                   : up
    Configured Quality Level       : none
    Rx Quality Level               : dnu
    Qualified For Use              : Yes
    Selected For Use               : Yes
    Source Port                    : None
    Source PTP Clock               : 1

Reference Input 2      
    Admin Status                   : down
    Configured Quality Level       : none
    Rx Quality Level               : unknown
    Qualified For Use              : No
        Not Qualified Due To       : disabled
    Selected For Use               : No
        Not Selected Due To        : disabled
    Source Port                    : None

External Reference Input   
    Admin Status                   : down
    Configured Quality Level       : stu
    Qualified For Use              : No
        Not Qualified Due To       : disabled
    Selected For Use               : No
        Not Selected Due To        : disabled
    Type                           : 2048Khz-G703
    Impedance                      : 50-Ohm

External Reference Output   
    Type                           : 2048Khz-G703
===============================================================================

System Name            : 7705-ci
System Type            : 7705 SAR-F
System Version         : B-5.0.R1

*A:7705>config>system# info 
----------------------------------------------
#--------------------------------------------------
echo "System Configuration"
#--------------------------------------------------
        name "7705"
        sync-if-timing
            ref-order ref1 ref2 external
            ref1
                source-ptp-clock 1
                no shutdown
            exit
            ref2
                shutdown
            exit
            external
                input-interface
                    shutdown
                exit
            exit
            revert
        exit
        snmp                          
        exit
        login-control
            idle-timeout disable
        exit
        ptp
            clock 1 create
                source-interface "to-ACX2K"
                clock-mda 1/2
                domain 17
                priority1 100
                priority2 101
                ptp-port 1
                    log-sync-interval -7
                    peer 1
                        description "To-ACX2K"
                        ip-address 192.168.113.1
                    exit
                    peer 2
                    exit
                    no shutdown
                exit
                no shutdown           
            exit
        exit
        time
            ntp
                server 172.17.27.46 
                no shutdown
            exit
            sntp
                shutdown
            exit
            zone PST 
        exit
        thresholds
            rmon
            exit
        exit


-------------- 
Juniper configuration
[edit]
user@ACX2000# show chassis 
fpc 0 {
    pic 0 {
        framing e1;
    }
}
synchronization {
    network-option option-1;
    esmc-transmit {
        interfaces all;
    }
}

user@ACX2000# show protocols ptp 
clock-mode boundary;
priority1 1;
priority2 2;
domain 17;
unicast-negotiation;
slave {
    convert-clock-class-to-quality-level;
    interface ge-0/2/0.0 {
        unicast-mode {
            transport ipv4;
            clock-source 200.200.3.2 local-ip-address 200.200.3.1;
        }
    }
}
master {
    interface ge-0/1/0.0 {
        unicast-mode {
            transport ipv4;             
            clock-client 192.168.112.200/32 local-ip-address 192.168.112.1;
        }
    }
    interface ge-0/1/1.0 {
        unicast-mode {
            transport ipv4;
            clock-client 192.168.113.2/32 local-ip-address 192.168.113.1;
        }
    }
}

[edit]
user@ACX2000# run show ptp port 
PTP port-data:
Local IP          : 192.168.112.1  Remote IP         : 192.168.112.200
Clock Stream      : 4              Clock Identity    : 84:18:88:ff:fe:c0:81:00  
Port State        : Master         Delay Req Interval: -6 
Announce Interval : 1              Announce Timeout  : 3  
Sync Interval     : -7             Delay Mechanism   : End-to-end
Port Number       : 5              Operating Mode    : Slave

Local IP          : 192.168.113.1  Remote IP         : 192.168.113.2
Clock Stream      : 5              Clock Identity    : 84:18:88:ff:fe:c0:81:00  
Port State        : Master         Delay Req Interval: -7 
Announce Interval : 1              Announce Timeout  : 3  
Sync Interval     : -7             Delay Mechanism   : End-to-end
Port Number       : 6              Operating Mode    : Slave



[edit]
user@ACX2000# run show ptp statistics 
Local Address    Remote Address     Role  Stream      Received  Transmitted
200.200.3.1      200.200.3.2       Slave       0      36819732     18332374
192.168.112.1    192.168.112.200  Master       4          8097     51867879
192.168.113.1    192.168.113.2    Master       5          7989     51865182

Saturday, October 19, 2013

Create your own command with op script. Show ldp statics from an mpls label.


My customer asked me whether JUNOS supports a function about ldp traffic statistics per mpls label. You can do show ldp statistics, but you have to know the prefix. I didn't find any command about the function and our firewall filter only supports label exp flag. Can we write some op script tho support it?
I created an op script that will do a reverse lookup of the prefix from the label. It combines the following commands:

show route x.x.x.x table inet.3
show ldp traffic-statistics

Basically it looks for the label that is in the inet.3 table and finds the associated route. It then looks for the ldp-traffic stats from the route.


See below on how it works:

user@router# show system                                         
host-name router;
scripts {
    op {
        file label-stats.slax;
    }
}

[edit]
user@router# run op label-stats label 300048                     
label 300048 prefix 202.0.0.0/24
202.0.0.0/24 Transit 114533658740 5726682937000 No.
202.0.0.0/24 Ingress 0 0 No.

[edit]
user@router# run show route 202.0.0.0/24 table inet.3            

inet.3: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

202.0.0.0/24       *[LDP/9] 22:28:18, metric 1
                    > to 10.2.3.3 via xe-3/0/0.0, Push 300048

[edit]
user@router# run show ldp traffic-statistics | find 202.0.0.0    
 202.0.0.0/24        Transit        114543762951      5727188147550    No   
                     Ingress                   0                  0    No   
 202.0.1.0/24        Transit           110333454         5516672700    No   
                     Ingress                   0                  0    No   
 202.0.2.0/24        Transit           110333454         5516672700    No   
                     Ingress                   0                  0    No   
 202.0.3.0/24        Transit           110333453         5516672650    No   
                     Ingress                   0                  0    No   

SOURCE CODE:
------------------------------------------------------------------------------------------
version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

import "../import/junos.xsl";
var $arguments = <argument> {
    <name> "label";
    <description> "mpls label";
}
param $label;
param $indent = "  TEXT";
param $newline = "\n";

match / {
    <op-script-results> {
        var $result = jcs:invoke("get-route-information");
        var $test = ($result);
        <output method = "text"> {
            
            for-each ($result/route-table) {
                if (table-name == "inet.3") {
                    var $content = .;
                    
                    for-each ($content/rt/rt-entry/nh) {
                        var $check = mpls-label;
                        
                        if (contains($check, $label)) {
                            var $route = normalize-space(../../rt-destination);
                            
                            expr "label " _ $label _ " prefix " _ $route _ "\n";
                            var $stats = jcs:invoke("get-ldp-traffic-statistics-information");
                            
                            for-each ($stats/ldp-traffic-statistics) {
                                var $compare = normalize-space(./ldp-prefix);
                                
                                if ($compare == $route) {
                                    expr normalize-space(.);
                                    expr ".\n";
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}

Thursday, October 17, 2013

Configuring PTP on an MX and a TCA 8500


So I'm configuring PTP (Precision Time Protocol).
I decided to create a cheat sheet/guide to help identify the important pieces.


Setup looks like this.

GPS
 |
 TCA 8500 === 100m ethernet  === EX 4200 === MX104 ========= MX80-P
                                                                 ||               ||
                                                                 ||               ||
                                                                 ||===== MX240 ========= ACX


The TCA is connected to a GPS antenna and is the grand master clock (GMC).  (Note: Clock Class for GPS is 6, TCA in freerun is 52)


The big Caveat of the TCA is the ethernet port that supports PTP is 100M only! WTF?!
Some of the problems are that some Juniper GE gear is not tri-rate. The problem is that you need a "P" supported mic/MPC/Router and most are not tri-rate. MX80 has to be MX80-P. MPC has to be MPC with a "-P" in it, etc.  All ACXes support PTP.

Hence the addition of the EX4200 in the setup.

Next is configuring the MX104. I actually have two Masters. The MX240 is a boundary clock and connected to the TCA and will provide a backup in case the connection between the MX104 and EX 4200 goes down.
 

user@router# show protocols ptp
clock-mode boundary;
priority1 1;
priority2 2;
domain 17;
unicast-negotiation;
slave {
    convert-clock-class-to-quality-level;
    interface ge-1/1/0.0 {
        unicast-mode {
            transport ipv4;
            clock-source 192.168.4.100 local-ip-address 192.168.4.101;
        }
    }
    interface xe-2/0/0.0 {
        unicast-mode {
            transport ipv4;
            clock-source 192.168.5.2 local-ip-address 192.168.5.1;
        }
    }
}
master {
    interface ge-1/0/0.0 {            
        unicast-mode {
            transport ipv4;
            clock-client 192.168.2.1/32 local-ip-address 192.168.2.2;
        }
    }
}


For this test we are using E1, not T1. So you need to change the signaling on the MX.


npr@router# show chassis
synchronization {
    network-option option-1;
    interfaces bits {
        signal-type e1;
        e1-options {
            framing g704;
        }
    }
    esmc-transmit {
        interfaces all;
    }
}


The TCA also needs to support E1. You have the ability to boot this in E1 or T1 mode.


TCA8K# show partition
Partition 1 : TCA8K-3.0.0-7-PTP-T1


Partition 2 : TCA8K-3.1.0-5-PTP-E1(Active)


TCA8K# reboot ?
reboot [1/2]


TCA8K# show ptp config
                          Mode : Grandmaster
                     Port Type : Grandmaster
                 Domain number : 17
                       Profile : Telecom Profile
                     Priority1 : 0
                     Priority2 : 0
                      Two step : no
   Log Mean Delay Req Interval : 64 packet/sec
    Log Mean Announce Interval : 1 packet/2sec
        Log Mean Sync Interval : 64 packets/sec
      Announce Receipt Timeout : 3


TCA8K# show ptp unicast-config
                Mode : Grandmaster
           Port Type : Grandmaster
IP                       MAC                        Mode                       Active        
192.168.4.101            64:87:88:25:55:4e          auto                       yes          


TCA8K# show gps

Receiver Description:     GPS
Receiver Status:          Good
Antenna Voltage:          5v
Cable Delay Compensation: 0 ns
Antenna Status:           GOOD
Position:                 37 24'29.6960'' N; 122 1'44.2603'' W;
Altitude:                 17.05 m
Satellite num:            11

Sat Number            Signal              Status
    18         10.600000AMU                Acquired
    25          2.800000AMU                Acquired
    16          5.800000AMU                Acquired
    29          9.400000AMU                Acquired
    21         10.600000AMU                Acquired
    26          8.400000AMU                Acquired
    22          5.800000AMU                Acquired
    15          7.600000AMU                Acquired
     5          8.400000AMU                Acquired
    26          5.200000AMU                Acquired
     8          7.600000AMU                Acquired



------------------
Next you need to make sure you are seeing the GMC clock id.


user@router# run show ptp clock
Clock Details:

Slot Number           : 1          
Default Data:
Two-step Clock        : FALSE                      Clock Identity : 64:87:88:ff:fe:25:5a:00
Total Ports on Device : 0                          Clock Class    : 52
Clock Accuracy        : 38                         Log Variance   : 15353
Clock Priority1       : 1                          Clock Priority2: 2
UTC Offset            : 35                         Leap59         : FALSE
Leap61                : FALSE                      Time Tracable  : FALSE
Frequency Tracable    : FALSE                      Time Source    : 0
Delay Req Sending Time: 0                          Steps Removed  : 1
Slave-only            : NA
Parent Data:
Parent Id             : f8:c0:01:ff:ff:08:c1:8e    
GMC Id                : f8:c0:01:ff:ff:08:c1:8e   GMC Class        : 6
GMC Accuracy          : 176                       GMC Variance     : 0  
GMC Priority1         : 0                         GMC Priority2    : 0
Global Data:
UTC Offset            : 35                        Leap-59          : FALSE
Leap-61               : FALSE                     Time tracable    : TRUE
Freq Traceable        : TRUE                      Time Scale       : TRUE
Time source           : 32
                     
Parent ID is the upstream Master's clock id. If there was a Boundary clock between the TCA and MX, then we would see a different Parent ID from the GMC ID.

We're seeing the GMC ID which is the TCA and that means we're good.

GMC Class is 6. This indicates it's connected to a GPS. Higher number is a lower quality clock.


In my setup I have two "slave" configs. This doesn't tell me which one is the active slave that I learned the GMC. They both say "active"!


user@router# run show ptp slave        

PTP Slave Interfaces Configured:


Slave Interface             Status  
ge-1/1/0.0                  Slave, Active      
xe-2/0/0.0                  Slave, Active      


Luckily the clock id seems to be derived from the mac address.


user@router# run show arp no-resolve | match f8:c0:01
f8:c0:01:08:c1:8e 192.168.4.100   ge-1/1/0.0           none


notice the GMC ID/Parent ID has some bytes inserted into the mac "ff:fe"


GMC Id                : f8:c0:01:ff:fe:08:c1:8e

Another way to look at it is to see the port level.

user@router> show ptp port
PTP port-data:
Local IP          : 192.168.4.101  Remote IP         : 192.168.4.100
Clock Stream      : 0              Clock Identity    : 64:87:88:ff:fe:25:5a:00
Port State        : Slave          Delay Req Interval: -6
Announce Interval : 1              Announce Timeout  : 3
Sync Interval     : -6             Delay Mechanism   : End-to-end
Port Number       : 1              Operating Mode    : Master


Local IP          : 192.168.2.2    Remote IP         : 192.168.2.1
Clock Stream      : 5              Clock Identity    : 64:87:88:ff:fe:25:5a:00
Port State        : Master         Delay Req Interval: -6
Announce Interval : 1              Announce Timeout  : 3
Sync Interval     : -7             Delay Mechanism   : End-to-end
Port Number       : 6              Operating Mode    : Slave


Local IP          : 192.168.5.2    Remote IP         : 192.168.5.1
Clock Stream      : 5              Clock Identity    : 64:87:88:ff:fe:25:5a:00
Port State        : Listening      Delay Req Interval: -6
Announce Interval : 1              Announce Timeout  : 3
Sync Interval     : -7             Delay Mechanism   : End-to-end
Port Number       : 3              Operating Mode    : Slave


If the port state is Listening, then the router is not receiving sync from this other port. When failover happens (ie link break), the router will converge to the new slave.

Phase alignment will once again try to reacquire.

user@router# run show ptp lock-status  
Lock Status:


Lock State    : 3 (ACQUIRING)
Phase offset  : 0.000000043 sec


Should take a few minutes

user@router# run show ptp lock-status  
Lock Status:


Lock State    : 5 (PHASE ALIGNED)
Phase offset  : -0.000000001 sec


On the TCA:


TCA8K# show network
eth0:
IP Address:               192.168.4.100
MASK:                     255.255.255.0
GateWay:                  10.161.39.254
IP Mode:                  static
DNS0:                  
DNS1:                  
MAC Addr:                 f8:c0:01:08:c1:8e
Domain:                   localhost
Speed:                    100 Mbps
Duplex:                   Full
Auto Negotiation          enabled
Status:                   up
VLAN:                     disable



Then when the MX is the Master for a downstream slave, you can see the clock-id is derived from the mac-address of the MX.


user@router# run show chassis mac-addresses
MAC address information:
  Public base address     64:87:88:25:52:00
  Public count            2032
  Private base address    64:87:88:25:59:f0
  Private count           16


Some troubleshooting commands:
 *) show ptp statistics detail
user@router# run show ptp statistics detail
Local Address    Remote Address     Role  Stream      Received  Transmitted
192.168.4.101    192.168.4.100     Slave       0      36778881     18319873
         Signalling    Announce        Sync       Delay       Error
   Rx:         3189       12033    18316138    18316449         184
   Tx:         3203           0           0    18316670           0

[Collect this show command three times, at the interval of 30 seconds each].

*) show ptp port detail
*) show chassis environment cb
*) show ptp slave detail

Wednesday, October 16, 2013

An Event script to change static routing based upon interface flaps


An Event script to change static routing based upon interface flaps

user@router# run show interfaces ge-0/1/3 terse 
Interface               Admin Link Proto    Local                 Remote
ge-0/1/3                up    up  
ge-0/1/3.0              up    up   inet     192.10.1.1/24   

[edit]
user@router# show routing-options 
static {
    route 50.0.0.0/24 next-hop 192.10.1.2;
}

[edit]


DISABLED THE PHYSICAL INTERFACE

[edit]
user@router# run show interfaces ge-0/1/3 terse    
Interface               Admin Link Proto    Local                 Remote
ge-0/1/3                up    down
ge-0/1/3.0              up    down inet     192.10.1.1/24   

CHECK the router to see if the static route is deactivated.

[edit]
user@router# show routing-options                  
static {
    inactive: route 50.0.0.0/24 next-hop 192.10.1.2;
}

[edit]
user@router# run show log messages   
Jul 17 11:19:53 router clear-log[27080]: logfile cleared
Jul 17 11:20:00  router rpd[1336]: EVENT <UpDown> ge-0/1/3.0 index 69 <Broadcast Multicast> address #0 0.5.85.d4.40.22
Jul 17 11:20:00  router rpd[1336]: EVENT UpDown ge-0/1/3.0 index 69 192.10.1.1/24 -> 192.10.1.255 <Broadcast Multicast Localup>
Jul 17 11:20:00  router mib2d[1362]: SNMP_TRAP_LINK_DOWN: ifIndex 133, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/1/3
Jul 17 11:20:00  router rpd[1336]: EVENT <UpDown> index 133 <Broadcast Multicast> address #0 0.5.85.d4.40.22
Jul 17 11:20:01  router file[27087]: UI_CFG_AUDIT_OTHER: User 'root' deactivate: [juniper-config routing-options static route 50.0.0.0/24]
Jul 17 11:20:03  router rpd: proceeding. -C
Jul 17 11:20:05  router rpd[1336]: RPD_TASK_REINIT: Reinitializing
Jul 17 11:20:05  router rpd[1336]: task_reconfigure reinitializing done
Jul 17 11:20:06  router cscript: removing static route
Jul 17 11:20:06  router cscript: Route-change[warning]: Disabling static route 50.0.0.0/24
Jul 17 11:20:06  router root: invoke-commands: Executed /tmp/evt_cmd_kzGMAH, output to /tmp/evt_op_K7nJxd in text format
Jul 17 11:20:06  router root: transfer-file: Transferred /tmp/evt_op_K7nJxd



REENABLED THE PHYSICAL INTERFACE

[edit]
user@router# run show interfaces ge-0/1/3 terse 
Interface               Admin Link Proto    Local                 Remote
ge-0/1/3                up    up  
ge-0/1/3.0              up    up   inet     192.10.1.1/24   

CHECK THE STATIC ROUTE
[edit]
user@router# show routing-options           
static {
    route 50.0.0.0/24 next-hop 192.10.1.2;
}

[edit]
user@router# run show log messages   

Jul 17 11:20:55  router rpd[1336]: EVENT <UpDown> ge-0/1/3.0 index 69 <Up Broadcast Multicast> address #0 0.5.85.d4.40.22
Jul 17 11:20:55  router rpd[1336]: EVENT UpDown ge-0/1/3.0 index 69 192.10.1.1/24 -> 192.10.1.255 <Up Broadcast Multicast>
Jul 17 11:20:55  router mib2d[1362]: SNMP_TRAP_LINK_UP: ifIndex 133, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/1/3
Jul 17 11:20:55  router mib2d[1362]: SNMP_TRAP_LINK_UP: ifIndex 159, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/1/3.0
Jul 17 11:20:55  router rpd[1336]: EVENT <UpDown> index 133 <Up Broadcast Multicast> address #0 0.5.85.d4.40.22
Jul 17 11:20:56  router file[27353]: UI_CFG_AUDIT_OTHER: User 'root' activate: [juniper-config routing-options static route 50.0.0.0/24]
Jul 17 11:20:58  router rpd: proceeding. -C
Jul 17 11:21:00  router rpd[1336]: RPD_TASK_REINIT: Reinitializing
Jul 17 11:21:00  router rpd[1336]: task_reconfigure reinitializing done
Jul 17 11:21:01  router cscript: Enabling static route 50.0.0.0/24
Jul 17 11:21:01  router cscript: Route-change[warning]: Enabling static route 50.0.0.0/24
Jul 17 11:21:01  router root: invoke-commands: Executed /tmp/evt_cmd_4j1XoH, output to /tmp/evt_op_NxKJIo in text format
Jul 17 11:21:01  router cscript: Enabling static route 50.0.0.0/24
Jul 17 11:21:01  router cscript: Route-change[warning]: Enabling static route 50.0.0.0/24
Jul 17 11:21:01  router root: transfer-file: Transferred /tmp/evt_op_NxKJIo
Jul 17 11:21:01  router root: invoke-commands: Executed /tmp/evt_cmd_QrBmxm, output to /tmp/evt_op_pP79Iy in text format
Jul 17 11:21:01  router root: transfer-file: Transferred /tmp/evt_op_pP79Iy

[edit]
user@router# show event-options 
policy track-interface-down {
    events snmp_trap_link_down;
    attributes-match {
        snmp_trap_link_down.interface-name matches ge-0/1/3;
    }
    then {
        event-script route-change.slax {
            arguments {
                action 1;
                prefix 50.0.0.0/24;
            }
            output-filename track-int;
            destination local;
            output-format text;
        }
    }
}
policy track-interface-up {
    events snmp_trap_link_up;
    attributes-match {
        snmp_trap_link_up.interface-name matches ge-0/1/3;
    }
    then {
        event-script route-change.slax {
            arguments {
                action 0;
                prefix 50.0.0.0/24;
            }
            output-filename track-int;
            destination local;
            output-format text;
        }
    }
}
destinations {
    local {
        archive-sites {
            /var/home/user/;
        }
    }
}

Source code: route-change.slax
----------

version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

import "../import/junos.xsl";
 var $arguments = {
    <argument> {
    <name> "action";
    <description> "0 to enable, 1 to disable";
    }
    <argument> {
        <name> "prefix";
        <description> "route prefix with mask, ie 10.0.0.0/24";
    }
}
param $action = 0;
param $prefix;

match / {
    /*
     * Open connection with mgd
     */
    var $con = jcs:open();

    if (not($con)) {
        call emit-error($message = "Not able to connect to local mgd");
    }

        if ($action = 1) {
            expr jcs:output("Disabling Route");
            var $check-int = jcs:invoke ("get-configuration");
            for-each ($check-int/routing-options/static/route) {        
                      if (name = $prefix) {
                      expr jcs:output(name);
                       /*
                        *   REMOVE route
                        */
                          var $disable = <configuration> {
                                           <routing-options> {
                                                <static> {  
                                           <route inactive="inactive"> {    
           
                                                          <name> $prefix;   
                                                            }
                                                    }
                                        }

                          }
                          call jcs:load-configuration($connection = $con, $configuration = $disable);
                          expr jcs:syslog("user.info","removing static route");
                          var $message = concat ("Disabling static route " , $prefix);
                          call emit-success($message);
                      }
            }
        }  
        if ($action = 0) {
            expr jcs:output("Enabling Route");
             /*
              *   ADD route
              */
            var $int = <configuration> {
                           <routing-options> {
                                      <static> {
                                            <route active="active"> {
                                               <name> $prefix;
                                      }
                                }
                       }
             }
         call jcs:load-configuration($connection = $con, $configuration = $int);
         expr jcs:syslog("user.info","Enabling static route " , $prefix);
         var $message = concat ("Enabling static route " , $prefix);
         /*
          * Emit messages
          */
          call emit-fail($message);

        }
     /*
      * Close the mgd connection
      */
      expr jcs:close($con);

}
template emit-fail ($message) {   
    expr jcs:syslog("user.info", "Route-change[warning]: ", $message);
}

template emit-success ($message) {
    expr jcs:syslog("user.info", "Route-change[warning]: ", $message);
}