[j-nsp] JunOS temperature readings
Jimmy Stewpot
I am currently looking into an issue where we are getting temperature alerts on a variety of different JunOS devices within one of our facilities. Unfortunately when I go to track down the changes all the switches are running at under 40c which is within the thresholds yet we still get alerts.
jstewpot@JunOS Switch> show chassis temperature-thresholds
Fan speed Yellow alarm Red alarm
Item Normal High Normal Bad fan Normal Bad fan
FPC 0 CPU 60 70 80 70 95 85
FPC 0 EX-PFE1 60 70 80 70 95 85
FPC 0 EX-PFE2 60 70 80 70 95 85
FPC 0 EX-PFE3 60 70 80 70 95 85
FPC 0 GEPHY Front Left 60 70 80 70 95 85
FPC 0 GEPHY Front Middle 60 70 80 70 95 85
FPC 0 GEPHY Front Right 60 70 80 70 95 85
FPC 0 Uplink Conn 60 70 80 70 95 85
{master:0}
jstewpot@JunOS Switch> show chassis environment
Class Item Status Measurement
Power FPC 0 Power Supply 0 OK
FPC 0 Power Supply 1 OK
Temp FPC 0 CPU OK 38 degrees C / 100 degrees F
FPC 0 EX-PFE1 OK 39 degrees C / 102 degrees F
FPC 0 EX-PFE2 OK 50 degrees C / 122 degrees F
FPC 0 EX-PFE3 OK 45 degrees C / 113 degrees F
FPC 0 GEPHY Front Left OK 20 degrees C / 68 degrees F
FPC 0 GEPHY Front Middle OK 27 degrees C / 80 degrees F
FPC 0 GEPHY Front Right OK 29 degrees C / 84 degrees F
FPC 0 Uplink Conn OK 28 degrees C / 82 degrees F
Fans FPC 0 Fan 1 OK Spinning at normal speed
FPC 0 Fan 2 OK Spinning at normal speed
FPC 0 Fan 3 OK Spinning at normal speed
{master:0}
jstewpot@JunOS Switch> show chassis alarms
No alarms currently active
I am interested to know if anyone has anything similar? Also is it possible to set the thresholds?
Regards,
Jimmy Stewpot
_______________________________________________
juniper-nsp mailing list junip...@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Alex
Are you using SMARTS?
If yes please check the thresholds set in SMARTS itself, it may be too low.
I saw them set at 37 deg C which is "mild fever" in human terms but hardly
alarming for modern hardware.
If it not possible to set the temp thresholds in JUNOS.
Regards
Alex
Ibariouen Khalid
Can someone tell me what does "no nat vector means" exactelly :
GFW01(M)-> get counter statistics interface ethernet1/3
Hardware counters for interface ethernet1/3:
in bytes 201903417 | out bytes 2103176764 | early frame 0
in packets 2949387186 | out packets 2468188341 | late frame 0
in no buffer 0 | out no buffer 0 | re-xmt limit 0
in overrun 63 | out underrun 0 | drop vlan 0
address spoof 0 | in icmp 164486382 | no nat vector 1977
in some document No nat vector Indicates the number of packets dropped because the Network Address Translation (NAT) connection was unavailable for the gate.
But it's not clear for me ?
4 Public ip addresses are enought for 61973 sessions .
[X]
Stefan Fouant
If I recall correctly, that means that there aren't enough addresses in the
NAT pool available for connections at the time a given connection is made.
You might have 4 public addresses but do you have PAT enabled? Can you
describe your setup in more detail?
Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D
Kevin Oberman
> Date: Fri, 26 Mar 2010 22:36:39 +0100
> Sender: juniper-n...@puck.nether.net
>
> Hi all
> Can someone tell me what does "no nat vector means" exactelly :
>
>
> GFW01(M)-> get counter statistics interface ethernet1/3
> Hardware counters for interface ethernet1/3:
> in bytes 201903417 | out bytes 2103176764 | early frame 0
> in packets 2949387186 | out packets 2468188341 | late frame 0
> in no buffer 0 | out no buffer 0 | re-xmt limit 0
> in overrun 63 | out underrun 0 | drop vlan 0
> address spoof 0 | in icmp 164486382 | no nat vector 1977
>
>
> in some document No nat vector Indicates the number of packets dropped
> because the Network Address Translation (NAT) connection was
> unavailable for the gate.
>
>
> But it's not clear for me ? 4 Public ip addresses are enought for
> 61973 sessions .
I believe it may be a count of packets received for which the router has
no NAT translation. I believe that this is a packet that the router
has no NAT translation to send it to. E.g. A packet arrives from a
when no outgoing traffic has established a destination nor is there a
pre-configured destination, The router has no place to forward the
packet, do it is counted and dropped.
A wide assortment of common network scans would result in this event.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: obe...@es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Ibariouen Khalid
Hi stefan
Yes , I have PAT enabled .
This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer
Stefan Fouant
> From: Ibariouen Khalid [mailto:ibarioue...@ericsson.com]
> Sent: Sunday, March 28, 2010 2:56 AM
> To: Stefan Fouant; junip...@puck.nether.net
> Subject: RE: [j-nsp] NAT
>
>
> Yes , I have PAT enabled .
Interface-based PAT or policy-based? Have you modified the session timeouts
for any protocols you are allowing through?
Ibariouen Khalid
Hi
It's policy based;
No session timeouts is configured.
BR/
-----Original Message-----
From: Stefan Fouant [mailto:sfo...@shortestpathfirst.net]
Stefan Fouant
Just out of curiousity, how long had those statistics been running when you pulled them up (i.e. When was the last time you cleared stats or rebooted the box)? I would suggest clearing interface stats and letting it run for a few days to observe how much that counter increments, or just take a look at the delta between now and the last time you ran that command. Has it gone up much or at all?
Stefan Fouant
Sent from my Verizon Wireless BlackBerry
Ibariouen Khalid
Hi again
Yes it's untrust interface ;
I'm taking stats every morning and do clear stats;
This mean that during 24 hours I got around 1977 not nat vector. And it's confusing me
Stefan Fouant
> From: Ibariouen Khalid [mailto:ibarioue...@ericsson.com]
> Sent: Sunday, March 28, 2010 2:45 PM
> To: sfo...@shortestpathfirst.net; junip...@puck.nether.net
> Subject: RE: [j-nsp] NAT
>
>
> Yes it's untrust interface ;
> I'm taking stats every morning and do clear stats;
> This mean that during 24 hours I got around 1977 not nat vector. And
> it's confusing me
Do a 'get interface ethernet1/3 dip detail' and take a look at what your NAT
values are. Is the status listed as Free?
Also, I would suggest ratcheting down the timers for your more commonly used
protocols (if you've got NSM you can run a report on 'Top FW/VPN Rules' -
you might want to try to identify which rules are being used the most and
check the applications which are being allowed. Are the timeouts for those
applications set at the default? Have they been adjusted? I would suggest
lowering them as it sounds like you have sessions which are remaining open
and holding on to NAT/PAT allocations without releasing them.
Finally, do you have ALGs enabled? Take a look at 'get xlate' and try to
identify if there is an issue with failed allocations in an ALG.
Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D
_______________________________________________