Versions Compared

Old Version 2

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version Current

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...



what to trace?
configuration


Code Block
titleconfig
[edit security flow]
Netbox@SRX300-1-RL102# show
traceoptions {
    file selfpolicy size 1m;
    flag sessionbasic-datapath;
    packet-filter term1 {
        source-prefix 192.168.200.1/32;
        destination-prefix 192.168.200.2/32;
    }
    packet-filter term2 {
        source-prefix 192.168.200.2/32;
        destination-prefix 192.168.200.1/32;
    }
}


set security flow traceoptions file selfpolicy
set security flow traceoptions file size 1m
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter term1 source-prefix 192.168.200.1/32
set security flow traceoptions packet-filter term1 destination-prefix 192.168.200.2/32
set security flow traceoptions packet-filter term2 source-prefix 192.168.200.2/32
set security flow traceoptions packet-filter term2 destination-prefix 192.168.200.1/32


flag options


Code Block
titleflag option
Netbox@SRX300-1-RL102# set traceoptions flag ?
Possible completions:
  all                  All events
  basic-datapath       Basic packet flow
  fragmentation        Ip fragmentation and reassembly events
  high-availability    Flow high-availability information
  host-traffic         Flow host-traffic information
  multicast            Multicast flow information
  route                Route lookup information
  session              Session creation and deletion events
  session-scan         Session scan information
  tcp-basic            TCP packet flow
  tunnel               Tunnel information


show log


Code Block
titleshow log
[edit security flow]
Netbox@SRX300-1-RL102# run show log selfpolicy | last

Jul 30 11:58:11 11:58:11.574302:CID-0:RT:  flow got session.

Jul 30 11:58:11 11:58:11.574302:CID-0:RT:  flow session id 3655

Jul 30 11:58:11 11:58:11.574302:CID-0:RT: vector bits 0x8002 vector 0x68996258

Jul 30 11:58:11 11:58:11:59:14 SRX300-1-RL102 clear-log[81116]: logfile cleared.574302:CID-0:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0

Jul 30 11:58:11 11:58:11.574302:CID-0:RT:mbuf 0x611b2c80, exit nh 0x5c1302

Jul 30 11:5958:2411 11:5958:2411.681252574302:CID-0:RT:refresh nat 0x93bb4b0(9742) timeout to 75flow_process_pkt_exception: Freeing lpak 0x2088c48 associated with mbuf 0x611b2c80

Jul 30 11:5958:2411 11:5958:2411.693169574302:CID-0:RT:set nat 0x93bb4b0(9742) timeout const to 1

 ----- flow_process_pkt rc 0x0 (fp rc 0)


Jul 30 11:58:11 11:58:11.671703:CID-0:RT:<192.168.200.1/65261->192.168.200.2/22;6,0x0> matched filter term1:

Jul 30 11:59:2458:11 11:58:11.671703:CID-0:RT:packet [52] ipid = 34264, @0x5ee6439c

Jul 30 11:58:11 11:5958:2411.693169671703:CID-0:RT:---- setflow_nat_timeout 1 on session 9742process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x5ee64180, rtbl_idx = 8

Jul 30 11:5958:2411 11:5958:2411.693169671703:CID-0:RT:refresh nat 0x93bb4b0(9742) timeout to 1 flow process pak fast ifl 78 in_ifp ae0.0

Jul 30 11:5958:2411 11:5958:2411.693169671703:CID-0:RT:refresh nat 0x93bb4b0(9742) timeout to 75 ae0.0:192.168.200.1/65261->192.168.200.2/22, tcp, flag 10

Jul 30 11:5958:2411 11:5958:2411.693169671703:CID-0:RT:skipping refreshfind forflow: nontable refreshable0x6531298, sessionhash 0x93bb4b07389(9742)

0xffff), sa 192.168.200.1, da 192.168.200.2, sp 65261, dp 22, proto 6, tok 32777, conn-tag 0x00000000, vrf-grp-id 0

Jul 30 11:5958:2711 11:5958:2611.958128671703:CID-0:RT:Installing pending sess (19976) in agerFound: session id 0x156d. sess tok 32777

Jul 30 11:58:11 11:58:11.671703:CID-0:RT:  flow got session.

Jul 30 11:5958:2711 11:5958:2611.958128671703:CID-0:RT:First path alloc and instl pending session, natp=0x99826d0, id=19976  flow session id 5485

Jul 30 11:58:11 11:58:11.671703:CID-0:RT:  refreshing session

Jul 30 11:58:11 11:58:11.671703:CID-0:RT: vector bits 0x8002 vector 0x68996258

Jul 30 11:58:11 11:58:11.671703:CID-0:RT:pre-frag not needed: ipsize: 52, mtu: 9188, nsp2->pmtu: 9188

Jul 30 11:5958:2711 11:5958:2611.958128671703:CID-0:RT:updating pending sess (19976) in agerinsert usp tag for apps

Jul 30 11:58:11 11:58:11.671703:CID-0:RT:mbuf 0x5ee64180, exit nh 0xfffb0006

Jul 30 11:5958:2711 11:5958:2611.958128671703:CID-0:RT:first path session installation succeeded ----- flow_process_pkt rc 0x0 (fp rc 0)