Network Management and Monitoring on the

Network Management and Monitoring on the QFX
Series
Release
13.2
Published: 2014-05-06
Copyright © 2014, Juniper Networks, Inc.
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
Network Management and Monitoring on the QFX Series
13.2
Copyright © 2014, Juniper Networks, Inc.
All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the
year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks
software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at
http://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions of
that EULA.
ii
Copyright © 2014, Juniper Networks, Inc.
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Using the Examples in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Merging a Full Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Merging a Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv
Part 1
Overview
Chapter 1
Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Understanding Device and Network Management Features . . . . . . . . . . . . . . . . . . 3
Understanding Network Management Implementation on the QFabric
System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Understanding Telnet on the QFabric System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Understanding Tracing and Logging Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 2
Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Overview of QFX5100 Switch Automation Enhancements . . . . . . . . . . . . . . . . . . . 11
Features of the QFX5100 Switch Automation Enhancements . . . . . . . . . . . . . 11
Overview of Python with QFX5100 Switch Automation Enhancements . . . . . . . . 12
Understanding Automation Scripts Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
How Commit Scripts Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Commit Script Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Commit Script Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Commit Scripts and the Junos OS Commit Model . . . . . . . . . . . . . . . . . . . . . . 16
Standard Commit Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Commit Model with Commit Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Avoiding Potential Conflicts When Using Multiple Commit Scripts . . . . . . . . . . . . 19
Overview of Generating Persistent or Transient Configuration Changes . . . . . . . . 20
Differences Between Persistent and Transient Changes . . . . . . . . . . . . . . . . . 21
Interaction of Configuration Changes and Configuration Groups . . . . . . . . . . 24
Tag Elements and Templates for Generating Changes . . . . . . . . . . . . . . . . . . 24
Required Boilerplate for Commit Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
How Op Scripts Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Required Boilerplate for Op Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Copyright © 2014, Juniper Networks, Inc.
iii
Network Management and Monitoring on the QFX Series
Chapter 3
Junos Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Understanding Junos Space Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Chapter 4
Network Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Network Analytics Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Analytics Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Network Analytics Enhancements Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Summary of CLI Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Understanding Network Analytics Configuration and Status . . . . . . . . . . . . . . . . 40
Understanding Network Analytics Streaming Data . . . . . . . . . . . . . . . . . . . . . . . . 42
Understanding Enhanced Network Analytics Streaming Data . . . . . . . . . . . . . . . 44
Google Protocol Buffer (GPB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
JavaScript Object Notation (JSON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Comma-separated Values (CSV) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Tab-separated Values (TSV) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Queue Statistics Output for JSON, CSV, and TSV . . . . . . . . . . . . . . . . . . . . . . 48
Traffic Statistics Output for JSON, CSV, and TSV . . . . . . . . . . . . . . . . . . . . . . 48
Understanding Enhanced Analytics Local File Output . . . . . . . . . . . . . . . . . . . . . . 49
Prototype File for the Google Protocol Buffer Stream Format . . . . . . . . . . . . . . . . 51
Chapter 5
sFlow Techology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Understanding How to Use sFlow Technology for Network Monitoring on a
Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Sampling Mechanism and Architecture of sFlow Technology on
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Adaptive Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
sFlow Agent Address Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
sFlow Limitations on Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Chapter 6
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Understanding the Implementation of SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Understanding the Implementation of SNMP on the QFabric System . . . . . . . . . 62
Fabric Chassis MIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Utility MIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
SNMPv3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Minimum SNMPv3 Configuration on a Device Running Junos OS . . . . . . . . . . . . . 70
Understanding RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
RMON Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Alarm Thresholds and Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
RMON MIB Event, Alarm, Log, and History Control Tables . . . . . . . . . . . . . . . . . . . 73
Understanding Health Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
SNMP MIBs Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual
Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
MIBs Supported on QFabric Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
iv
Copyright © 2014, Juniper Networks, Inc.
Table of Contents
SNMP Traps Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
SNMP Traps Supported on QFX Series Standalone Switches and QFX Series
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
SNMPv1 Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
SNMPv2 Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
SNMP Traps Supported on QFabric Systems . . . . . . . . . . . . . . . . . . . . . . . . 100
MIB Objects for the QFX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
QFX Series Standalone Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
QFabric Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
QFabric System QFX3100 Director Device . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
QFabric System QFX3008-I Interconnect Device . . . . . . . . . . . . . . . . . . . . . 105
QFabric System QFX3600-I Interconnect Device . . . . . . . . . . . . . . . . . . . . . 105
QFabric System Node Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Chapter 7
System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Overview of Junos OS System Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Overview of Single-Chassis System Logging Configuration . . . . . . . . . . . . . . . . . 107
Understanding the Implementation of System Log Messages on the QFabric
System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Part 2
Installation
Chapter 8
Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Installing Junos OS Software with QFX5100 Switch Automation
Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Part 3
Configuration
Chapter 9
Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Examples: Configuring System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Examples: Assigning an Alternative Facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Example: Configuring System Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Example: Monitoring Network Traffic Using sFlow Technology . . . . . . . . . . . . . . 126
Example: Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Example: Configuring Network Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Example: Configuring Enhanced Network Analytics Features . . . . . . . . . . . . . . . 138
Chapter 10
Configuration Tasks for Network Management . . . . . . . . . . . . . . . . . . . . . . . 149
Configuring Console and Auxiliary Port Properties . . . . . . . . . . . . . . . . . . . . . . . . 149
Configuring SSH Service for Remote Access to the Router or Switch . . . . . . . . . 150
Configuring the Root Login Through SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Configuring the SSH Protocol Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Configuring the Client Alive Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Configuring Telnet Service for Remote Access to a Switch . . . . . . . . . . . . . . . . . . 152
Chapter 11
Configuration Tasks for Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Invoking the Python Interpreter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Controlling the Execution of Commit Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Enabling Commit Scripts to Execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Removing Commit Scripts from the Configuration . . . . . . . . . . . . . . . . . . . . 155
Deactivating Commit Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Copyright © 2014, Juniper Networks, Inc.
v
Network Management and Monitoring on the QFX Series
Activating Inactive Commit Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Chapter 12
Configuration Tasks for Network Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Configuring Queue Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Configuring Traffic Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Configuring a Local File for Network Analytics Data . . . . . . . . . . . . . . . . . . . . . . . 160
Configuring a Remote Collector for Streaming Analytics Data . . . . . . . . . . . . . . . 161
Chapter 13
Configuration Tasks for sFlow Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Configuring sFlow Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Chapter 14
Configuration Tasks for SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Configuring the SNMP Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Configuring SNMP Trap Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Adding a Group of Clients to an SNMP Community . . . . . . . . . . . . . . . . . . . . . . . . 171
Configuring the Interfaces on Which SNMP Requests Can Be Accepted . . . . . . . 172
Configuring MIB Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Configuring RMON Alarms and Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Configuring an Event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Configuring an Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Configuring Health Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Creating SNMPv3 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Configuring Access Privileges for a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Assigning a Security Name to a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Configuring SNMPv3 Traps on a Device Running Junos OS . . . . . . . . . . . . . . . . . 180
Configuring SNMP Informs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Chapter 15
Configuration Tasks for System Log Messages . . . . . . . . . . . . . . . . . . . . . . . 183
Junos OS Minimum System Logging Configuration . . . . . . . . . . . . . . . . . . . . . . . . 183
Junos OS System Log Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . 184
Adding a Text String to System Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Directing System Log Messages to a Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Directing System Log Messages to a Remote Machine . . . . . . . . . . . . . . . . . . . . 186
Directing System Log Messages to a User Terminal . . . . . . . . . . . . . . . . . . . . . . . 187
Directing System Log Messages to the Console . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Disabling the System Logging of a Facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Displaying a Log File from a Single-Chassis System . . . . . . . . . . . . . . . . . . . . . . . 189
Including Priority Information in System Log Messages . . . . . . . . . . . . . . . . . . . . 190
Including the Year or Millisecond in Timestamps . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Logging Messages in Structured-Data Format . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Interpreting Messages Generated in Structured-Data Format . . . . . . . . . . . . . . . 193
Interpreting Messages Generated in Standard Format . . . . . . . . . . . . . . . . . . . . . 196
Specifying Log File Size, Number, and Archiving Properties . . . . . . . . . . . . . . . . . 197
Specifying the Facility and Severity of Messages to Include in the Log . . . . . . . . 198
Junos OS System Logging Facilities and Message Severity Levels . . . . . . . . . . . . 199
System Log Default Facilities for Messages Directed to a Remote
Destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Junos OS System Log Alternate Facilities for Remote Logging . . . . . . . . . . . . . . 201
vi
Copyright © 2014, Juniper Networks, Inc.
Table of Contents
Changing the Alternative Facility Name for Remote System Log Messages . . . . 202
Using Regular Expressions to Refine the Set of Logged Messages . . . . . . . . . . . 204
Chapter 16
Configuration Statements for Network Management . . . . . . . . . . . . . . . . . 207
connection-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
destination-override . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
no-remote-trace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
protocol-version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Chapter 17
Configuration Statements for Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
allow-transients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
apply-macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
checksum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
commit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
direct-access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
file (Commit Scripts) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
file (Op Scripts) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
no-allow-url . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
op . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
optional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
refresh (Commit Scripts) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
refresh (Op Scripts) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
refresh-from (Commit Scripts) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
refresh-from (Op Scripts) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
source (Commit Scripts) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
source (Op Scripts) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Chapter 18
Configuration Statements for Network Analytics . . . . . . . . . . . . . . . . . . . . . 235
address (Analytics Collector) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
collector (Analytics) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
depth-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
export-profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
file (Analytics) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
interface (Export Profiles) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
interfaces (Analytics Resource) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
interfaces (Analytics) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
latency-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
local (Analytics Collector) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
queue-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
resource (Analytics) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
resource-profiles (Analytics) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
streaming-servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Copyright © 2014, Juniper Networks, Inc.
vii
Network Management and Monitoring on the QFX Series
system (Analytics Resource) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
system (Export Profiles) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
traceoptions (Analytics) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
traffic-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Chapter 19
Configuration Statements for sFlow Technology . . . . . . . . . . . . . . . . . . . . . 263
agent-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
collector (sFlow Technology) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
interfaces (sFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
polling-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
sample-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
sflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
source-ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
traceoptions (sFlow Technology) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
udp-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Chapter 20
Configuration Statements for SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
access (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
address (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
address-mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
agent-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
alarm (SNMP RMON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
authentication-md5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
authentication-none . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
authentication-password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
authentication-sha . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
bucket-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
client-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
client-list-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
commit-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
community (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
community (RMON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
community-name (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
description (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
description (RMON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
destination-port (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
falling-event-index (RMON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
falling-threshold (Health Monitor) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
falling-threshold (RMON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
falling-threshold-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
filter-duplicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
filter-interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
group (Associating a Security Name) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
group (Configuring Access Privileges) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
viii
Copyright © 2014, Juniper Networks, Inc.
Table of Contents
health-monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
interface (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
interface (RMON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
interval (Health Monitor) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
interval (RMON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
local-engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
message-processing-model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
nonvolatile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
notify-filter (Applying to the Management Target) . . . . . . . . . . . . . . . . . . . . . . . 307
notify-filter (Configuring the Profile Name) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
notify-view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
oid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
oid (SNMPv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
port (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
privacy-3des . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
privacy-aes128 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
privacy-des . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
privacy-none . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
privacy-password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
read-view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
remote-engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
request-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
retry-count (SNMPv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
rising-event-index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
rising-threshold (Health Monitor) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
rising-threshold (RMON) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
rmon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
sample-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
security-level (Defining Access Privileges) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
security-level (Generating SNMP Notifications) . . . . . . . . . . . . . . . . . . . . . . . . . 326
security-model (Access Privileges) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
security-model (Group) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
security-model (SNMP Notifications) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
security-name (Community String) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
security-name (Security Group) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
security-name (SNMP Notifications) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
security-to-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
snmp-community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
source-address (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
startup-alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
syslog-subtag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
tag (Configuring Notification Targets) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Copyright © 2014, Juniper Networks, Inc.
ix
Network Management and Monitoring on the QFX Series
tag (Configuring the SNMP Community) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
tag-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
target-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
target-parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
targets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
traceoptions (SNMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
trap-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
trap-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
type (RMON Notification) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
type (SNMPv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
usm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
v3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
vacm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
view (Configuring a MIB View) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
view (Associating MIB View with a Community) . . . . . . . . . . . . . . . . . . . . . . . . . 359
write-view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Chapter 21
Configuration Statements for System Log Messages . . . . . . . . . . . . . . . . . 361
archive (All System Log Files) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
archive (Individual System Log File) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
archive (QFabric System) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
console (System Logging) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
explicit-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
facility-override . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
file (QFabric System) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
file (System Logging) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
host (System) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
log-prefix (System) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
match . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
size (System) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
structured-data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
syslog (System) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
syslog (QFabric System) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
time-format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
user (System Logging) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
x
Copyright © 2014, Juniper Networks, Inc.
Table of Contents
Part 4
Administration
Chapter 22
Monitoring Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Displaying a Log File from a Single-Chassis System . . . . . . . . . . . . . . . . . . . . . . 383
Monitoring Traffic Through the Router or Switch . . . . . . . . . . . . . . . . . . . . . . . . . 384
Displaying Real-Time Statistics About All Interfaces on the Router or
Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Displaying Real-Time Statistics About an Interface on the Router or
Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Monitoring RMON MIB Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Monitoring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Monitoring System Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Pinging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Tracing SNMP Activity on a Device Running Junos OS . . . . . . . . . . . . . . . . . . . . . 391
Configuring the Number and Size of SNMP Log Files . . . . . . . . . . . . . . . . . . 392
Configuring Access to the Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Configuring a Regular Expression for Lines to Be Logged . . . . . . . . . . . . . . . 392
Configuring the Trace Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Using the Enterprise-Specific Utility MIB to Enhance SNMP Coverage . . . . . . . . 394
Displaying Commit Script Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Chapter 23
Commands for General Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
monitor traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Chapter 24
Commands for Network Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
monitor start (Analytics) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
show analytics collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
show analytics configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
show analytics queue-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
show analytics status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
show analytics streaming-servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
show analytics traffic-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Chapter 25
Commands for sFlow Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
clear sflow collector statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
show sflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
show sflow collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
show sflow interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Chapter 26
Commands for SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
clear snmp history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
clear snmp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
request snmp spoof-trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
request snmp utility-mib clear instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
request snmp utility-mib set instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
show snmp health-monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
show snmp inform-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
show snmp mib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
show snmp rmon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
show snmp rmon history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Copyright © 2014, Juniper Networks, Inc.
xi
Network Management and Monitoring on the QFX Series
show snmp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
show snmp v3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Chapter 27
Commands for Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
show log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Part 5
Troubleshooting
Chapter 28
Troubleshooting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Understanding Troubleshooting Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Troubleshooting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
QFX5100 Switch with Automation Enhancements Frequently Asked
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
Who Should You Contact If You Have Problems with Loading, Installing or
Updating Libraries? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
Who Should You Contact If You Have Problems with Puppet for Junos
OS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
Who Should You Contact If You Have Problems with Chef for Junos
OS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
What Happens to the User Partition If You Downgrade a QFX5100 Switch
That Is Running the jinstall-qfx-5-flex-x.tgz Software Bundle to a QFX
Switch That Is Running a Different QFX5100 Software Bundle? . . . . . 488
How Do You Recover Junos OS Binaries That You Have Deleted? . . . . . . . . 488
How Do You Recover from a System Crash? . . . . . . . . . . . . . . . . . . . . . . . . . 488
How Can You Verify That a QFX5100 Switch Is Running a
jinstall-qfx-5-flex-x.tgz Software Bundle? . . . . . . . . . . . . . . . . . . . . . . 488
Chapter 29
Troubleshooting Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Recovering from a Failed Software Installation . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Loading a Previous Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
Reverting to the Default Factory Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Reverting to the Rescue Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Recovering the Root Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Troubleshooting a Deprecated Network Analytics Configuration . . . . . . . . . . . . 495
xii
Copyright © 2014, Juniper Networks, Inc.
List of Figures
Part 1
Overview
Chapter 2
Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Figure 1: Commit Script Input and Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Figure 2: Standard Commit Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Figure 3: Commit Model with Commit Scripts Added . . . . . . . . . . . . . . . . . . . . . . . 18
Figure 4: Configuration Evaluation by Multiple Commit Scripts . . . . . . . . . . . . . . . 20
Figure 5: Op Script Input and Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Chapter 6
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Figure 6: SNMP Communication Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Figure 7: Setting Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Part 3
Configuration
Chapter 9
Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Figure 8: sFlow Technology Monitoring System . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Chapter 14
Configuration Tasks for SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Figure 9: Inform Request and Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Copyright © 2014, Juniper Networks, Inc.
xiii
Network Management and Monitoring on the QFX Series
xiv
Copyright © 2014, Juniper Networks, Inc.
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Part 1
Overview
Chapter 1
Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Table 3: Device and Network Management Features on the QFX Series . . . . . . . . . 3
Chapter 2
Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Table 4: Differences Between Persistent and Transient Changes . . . . . . . . . . . . . 22
Chapter 4
Network Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Table 5: Network Analytics CLI Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Table 6: Configuration and Status Output in Junos OS Release 13.2X51-D10 and
13.2X50-D15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Table 7: Streamed Queue Statistics Data Output Fields . . . . . . . . . . . . . . . . . . . . 42
Table 8: Streamed Traffic Statistics Data Output Fields . . . . . . . . . . . . . . . . . . . . 43
Table 9: GPB Stream Format Message Header Information . . . . . . . . . . . . . . . . . 45
Table 10: Streamed Queue Statistics Data Output Fields . . . . . . . . . . . . . . . . . . . 48
Table 11: Streamed Traffic Statistics Data Output Fields . . . . . . . . . . . . . . . . . . . . 48
Table 12: Output Fields for Queue Statistics in Local Analytics File . . . . . . . . . . . . 50
Table 13: Output Fields for Traffic Statistics in Local Analytics File . . . . . . . . . . . . 50
Chapter 6
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Table 14: Fabric Chassis MIB Tables and Objects . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Table 15: Fabric Chassis MIB SNMPv2 Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Table 16: RMON Event Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Table 17: RMON Alarm Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Table 18: jnxRmon Alarm Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Table 19: RMON History Control Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Table 20: Monitored Object Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Table 21: Standard MIBs Supported on QFX Series Standalone Switches and
QFX Series Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Table 22: Juniper Networks Enterprise-Specific MIBs Supported on QFX Series
Standalone Switches and QFX Series Virtual Chassis . . . . . . . . . . . . . . . . . . 82
Table 23: Standard MIBs Supported on QFabric Systems . . . . . . . . . . . . . . . . . . . 86
Table 24: Juniper Networks Enterprise-Specific MIBs Supported on QFabric
Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Table 25: Standard SNMP Version 1 Traps Supported on QFX Series Standalone
Switches and QFX Series Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Copyright © 2014, Juniper Networks, Inc.
xv
Network Management and Monitoring on the QFX Series
Table 26: Enterprise-Specific SNMPv1 Traps Supported on QFX Series
Standalone Switches and QFX Series Virtual Chassis . . . . . . . . . . . . . . . . . . 95
Table 27: Standard SNMPv2 Traps Supported on QFX Series Standalone
Switches and QFX Series Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Table 28: Enterprise-Specific SNMPv2 Traps Supported on QFX Series
Standalone Switches and QFX Series Virtual Chassis . . . . . . . . . . . . . . . . . . 99
Table 29: Standard SNMPv2 Traps Supported on QFabric Systems . . . . . . . . . . 101
Table 30: Enterprise-Specific SNMPv2 Traps Supported on QFabric Systems . . 102
Part 3
Configuration
Chapter 15
Configuration Tasks for System Log Messages . . . . . . . . . . . . . . . . . . . . . . . 183
Table 31: Minimum Configuration Statements for System Logging . . . . . . . . . . . 184
Table 32: Fields in Structured-Data Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Table 33: Facility and Severity Codes in the priority-code Field . . . . . . . . . . . . . . 195
Table 34: Fields in Standard-Format Messages . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Table 35: Junos OS System Logging Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Table 36: System Log Message Severity Levels . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Table 37: Default Facilities for Messages Directed to a Remote Destination . . . 200
Table 38: Facilities for the facility-override Statement . . . . . . . . . . . . . . . . . . . . . 201
Table 39: Regular Expression Operators for the match Statement . . . . . . . . . . . 204
Part 4
Administration
Chapter 22
Monitoring Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Table 40: Output Control Keys for the monitor interface Command . . . . . . . . . 386
Table 41: SNMP Tracing Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Table 42: Commit Script Configuration and Operational Mode Commands . . . 396
Chapter 23
Commands for General Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Table 43: Match Conditions for the monitor traffic Command . . . . . . . . . . . . . . 402
Table 44: Logical Operators for the monitor traffic Command . . . . . . . . . . . . . . 403
Table 45: Arithmetic and Relational Operators for the monitor traffic
Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Chapter 24
Commands for Network Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Table 46: monitor start Command Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . 416
Table 47: show analytics collector Command Output Fields . . . . . . . . . . . . . . . . 419
Table 48: show analytics configuration Command Output Fields (Junos OS
Release 13.2X51-D15 and Later) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Table 49: show analytics configuration Command Output Fields (Junos OS
Release 13.2X51-D10 and earlier) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Table 50: show analytics queue-statistics Command Output Fields . . . . . . . . . 425
Table 51: show analytics status Command Output Fields . . . . . . . . . . . . . . . . . . 427
Table 52: show analytics streaming-servers Command Output Fields . . . . . . . . 431
Table 53: show analytics traffic-statistics Command Output Fields . . . . . . . . . . 433
Chapter 25
Commands for sFlow Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Table 54: show sflow Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Table 55: show sflow collector Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Table 56: show sflow interface Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
xvi
Copyright © 2014, Juniper Networks, Inc.
List of Tables
Chapter 26
Commands for SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
Table 57: show snmp health-monitor Output Fields . . . . . . . . . . . . . . . . . . . . . . 455
Table 58: show snmp inform-statistics Output Fields . . . . . . . . . . . . . . . . . . . . . 460
Table 59: show snmp mib Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Table 60: show snmp rmon Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
Table 61: show snmp statistics Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
Table 62: show snmp v3 Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Part 5
Troubleshooting
Chapter 28
Troubleshooting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Table 63: Troubleshooting Resources on the QFX Series . . . . . . . . . . . . . . . . . . . 483
Table 64: Troubleshooting on the QFX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
Copyright © 2014, Juniper Networks, Inc.
xvii
Network Management and Monitoring on the QFX Series
xviii
Copyright © 2014, Juniper Networks, Inc.
About the Documentation
•
Documentation and Release Notes on page xix
•
Supported Platforms on page xix
•
Using the Examples in This Manual on page xix
•
Documentation Conventions on page xxi
•
Documentation Feedback on page xxiii
•
Requesting Technical Support on page xxiii
Documentation and Release Notes
®
To obtain the most current version of all Juniper Networks technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at http://www.juniper.net/books.
Supported Platforms
For the features described in this document, the following platforms are supported:
•
QFX Series standalone switches
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the load merge or the load
merge relative command. These commands cause the software to merge the incoming
configuration into the current candidate configuration. The example does not become
active until you commit the candidate configuration.
If the example configuration contains the top level of the hierarchy (or multiple
hierarchies), the example is a full example. In this case, use the load merge command.
Copyright © 2014, Juniper Networks, Inc.
xix
Network Management and Monitoring on the QFX Series
If the example configuration does not start at the top level of the hierarchy, the example
is a snippet. In this case, use the load merge relative command. These procedures are
described in the following sections.
Merging a Full Example
To merge a full example, follow these steps:
1.
From the HTML or PDF version of the manual, copy a configuration example into a
text file, save the file with a name, and copy the file to a directory on your routing
platform.
For example, copy the following configuration to a file and name the file ex-script.conf.
Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2. Merge the contents of the file into your routing platform configuration by issuing the
load merge configuration mode command:
[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete
Merging a Snippet
To merge a snippet, follow these steps:
1.
From the HTML or PDF version of the manual, copy a configuration snippet into a text
file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file
ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory
on your routing platform.
commit {
file ex-script-snippet.xsl; }
2. Move to the hierarchy level that is relevant for this snippet by issuing the following
configuration mode command:
xx
Copyright © 2014, Juniper Networks, Inc.
About the Documentation
[edit]
user@host# edit system scripts
[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing the
load merge relative configuration mode command:
[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete
For more information about the load command, see the CLI User Guide.
Documentation Conventions
Table 1 on page xxi defines notice icons used in this guide.
Table 1: Notice Icons
Icon
Meaning
Description
Informational note
Indicates important features or instructions.
Caution
Indicates a situation that might result in loss of data or hardware damage.
Warning
Alerts you to the risk of personal injury or death.
Laser warning
Alerts you to the risk of personal injury from a laser.
Tip
Indicates helpful information.
Best practice
Alerts you to a recommended use or implementation.
Table 2 on page xxi defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
Convention
Description
Examples
Bold text like this
Represents text that you type.
To enter configuration mode, type the
configure command:
user@host> configure
Copyright © 2014, Juniper Networks, Inc.
xxi
Network Management and Monitoring on the QFX Series
Table 2: Text and Syntax Conventions (continued)
Convention
Description
Examples
Fixed-width text like this
Represents output that appears on the
terminal screen.
user@host> show chassis alarms
•
Introduces or emphasizes important
new terms.
•
•
Identifies guide names.
A policy term is a named structure
that defines match conditions and
actions.
•
Identifies RFC and Internet draft titles.
•
Junos OS CLI User Guide
•
RFC 1997, BGP Communities Attribute
Italic text like this
Italic text like this
No alarms currently active
Represents variables (options for which
you substitute a value) in commands or
configuration statements.
Configure the machine’s domain name:
Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy levels;
or labels on routing platform
components.
•
To configure a stub area, include the
stub statement at the [edit protocols
ospf area area-id] hierarchy level.
•
The console port is labeled CONSOLE.
< > (angle brackets)
Encloses optional keywords or variables.
stub <default-metric metric>;
| (pipe symbol)
Indicates a choice between the mutually
exclusive keywords or variables on either
side of the symbol. The set of choices is
often enclosed in parentheses for clarity.
broadcast | multicast
# (pound sign)
Indicates a comment specified on the
same line as the configuration statement
to which it applies.
rsvp { # Required for dynamic MPLS only
[ ] (square brackets)
Encloses a variable for which you can
substitute one or more values.
community name members [
community-ids ]
Indention and braces ( { } )
Identifies a level in the configuration
hierarchy.
; (semicolon)
Identifies a leaf statement at a
configuration hierarchy level.
Text like this
[edit]
root@# set system domain-name
domain-name
(string1 | string2 | string3)
[edit]
routing-options {
static {
route default {
nexthop address;
retain;
}
}
}
GUI Conventions
Bold text like this
xxii
Represents graphical user interface (GUI)
items you click or select.
•
In the Logical Interfaces box, select
All Interfaces.
•
To cancel the configuration, click
Cancel.
Copyright © 2014, Juniper Networks, Inc.
About the Documentation
Table 2: Text and Syntax Conventions (continued)
Convention
Description
Examples
> (bold right angle bracket)
Separates levels in a hierarchy of menu
selections.
In the configuration editor hierarchy,
select Protocols>Ospf.
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can send your comments to
techpubs-comments@juniper.net, or fill out the documentation feedback form at
https://www.juniper.net/cgi-bin/docbugreport/. If you are using e-mail, be sure to include
the following information with your comments:
•
Document or topic name
•
URL or page number
•
Software release version (if applicable)
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
or are covered under warranty, and need post-sales technical support, you can access
our tools and resources online or open a case with JTAC.
•
JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
•
Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/.
•
JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
•
Find CSC offerings: http://www.juniper.net/customers/support/
•
Search for known bugs: http://www2.juniper.net/kb/
•
Find product documentation: http://www.juniper.net/techpubs/
•
Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
•
Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
Copyright © 2014, Juniper Networks, Inc.
xxiii
Network Management and Monitoring on the QFX Series
•
Search technical bulletins for relevant hardware and software notifications:
http://kb.juniper.net/InfoCenter/
•
Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
•
Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Case with JTAC
You can open a case with JTAC on the Web or by telephone.
•
Use the Case Management tool in the CSC at http://www.juniper.net/cm/.
•
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
http://www.juniper.net/support/requesting-support.html.
xxiv
Copyright © 2014, Juniper Networks, Inc.
PART 1
Overview
•
Network Management on page 3
•
Automation on page 11
•
Junos Space on page 31
•
Network Analytics on page 33
•
sFlow Techology on page 53
•
SNMP on page 59
•
System Logging on page 107
Copyright © 2014, Juniper Networks, Inc.
1
Network Management and Monitoring on the QFX Series
2
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 1
Network Management
•
Understanding Device and Network Management Features on page 3
•
Understanding Network Management Implementation on the QFabric
System on page 6
•
Understanding Telnet on the QFabric System on page 7
•
Understanding Tracing and Logging Operations on page 7
Understanding Device and Network Management Features
After you install a QFX Series product in your network, you need to manage the device.
The QFX Series products support features that you use to manage the device within the
network, including the management of configuration, system performance, fault
monitoring, and remote access.
Table 3 on page 3 lists the device and network management features on the QFX Series.
Table 3: Device and Network Management Features on the QFX Series
Feature
Typical Uses
Documentation
AI-Scripts and Advanced Insight Manager
(AIM)—Automatically detect and monitor
faults on the switch, and depending on the
configuration on the AIM application, send
notifications of potential problems, and
submit problem reports to Juniper Support
Systems.
Fault management
Advanced Insight Scripts (AI-Scripts)
Release Notes
Alarms and LEDs on the switch—Show status
of hardware components and indicate
warning or error conditions.
Fault management
Chassis Alarm Messages on a QFX3500
Device
Firewall filters—Control the packets that are
sent to and from the network, balance
network traffic, and optimize performance.
Performance management
•
Routing Policy Feature Guide for Routing
Devices
•
Overview of Firewall Filters
Copyright © 2014, Juniper Networks, Inc.
3
Network Management and Monitoring on the QFX Series
Table 3: Device and Network Management Features on the QFX Series (continued)
4
Feature
Typical Uses
Documentation
In-band management—Enables connection
to the switch using the same interfaces
through which customer traffic flows.
Communication between the switch and a
remote console is typically enabled using
SSH and Telnet services. SSH provides
secure encrypted communications, whereas
Telnet provides unencrypted, and therefore
less secure, access to the switch.
Remote access management
•
Configuring SSH Service for Remote
Access to the Router or Switch on
page 150
•
Configuring Telnet Service for Remote
Access to a Router or Switch
Juniper Networks Junos OS automation
scripts—Configuration and operations
automation tools provided by Junos OS.
These tools include commit scripts, operation
scripts, event scripts, and event policies.
Commit scripts enforce custom configuration
rules, whereas operation scripts, event
policies, and event scripts automate network
troubleshooting and management.
•
Configuration management
•
Performance management
•
Fault management
Junos OS command-line interface (CLI)—
CLI configuration statements that enable you
to configure the switch based on your
networking requirements, such as security,
service, and performance.
•
Configuration management
•
Performance management
•
User access management
•
Remote access management
Junos Space software—Multipurpose
GUI-based network management system
that includes a base platform, the Network
Application Platform, and other optional
applications such as Ethernet Design, Service
Now, Service Insight, and Virtual Control.
•
Configuration management
•
Performance management
•
Junos XML API—XML representation of Junos
OS configuration statements and operational
mode commands. Junos XML configuration
tag elements are the content to which the
Junos XML protocol operations apply. Junos
XML operational tag elements are equivalent
in function to operational mode commands
in the CLI, which you can use to retrieve
status information for a device. The Junos
XML API also includes tag elements that are
the counterpart to Junos CLI configuration
statements.
Junos OS Automation Library
CLI User Guide
•
Understanding Junos Space Support on
page 31
Fault management
•
Junos Space Network Application
Platform User Guide
•
Configuration management
•
•
Performance management
Junos XML API Configuration Developer
Reference
•
Fault management
•
Junos XML API Operational Developer
Reference
Copyright © 2014, Juniper Networks, Inc.
Chapter 1: Network Management
Table 3: Device and Network Management Features on the QFX Series (continued)
Feature
Typical Uses
Documentation
NETCONF XML management
protocol—XML-based management protocol
that client applications use to request and
change configuration information on routing,
switching, and security platforms running
Junos OS. The NETCONF XML management
protocol defines basic operations that are
equivalent to Junos OS CLI configuration
mode commands. Client applications use
the protocol operations to display, edit, and
commit configuration statements (among
other operations), just as administrators use
CLI configuration mode commands such as
show, set, and commit to perform those
operations.
•
Configuration management
•
Performance management
NETCONF XML Management Protocol
Developer Guide
•
Fault management
Operational mode commands—May be used
to do the following:
•
Performance management
•
Fault management
•
Monitor switch performance. For example,
the show chassis routing-engine command
shows the CPU utilization of the Routing
Engine. High CPU utilization of the Routing
Engine can affect performance of the
switch.
•
View current activity and status of the
device or network. For example, you can
use the ping command to monitor and
diagnose connectivity problems, and the
traceroute command to locate points of
failure on the network.
Out-of-band management—Enables
connection to the switch through a
management interface. Out-of-band
management is supported on two dedicated
management Ethernet interfaces as well as
on the console and auxiliary ports. The
management Ethernet interfaces connect
directly to the Routing Engine. No transit
traffic is allowed through the interfaces,
separating customer and management traffic
and ensuring that congestion or failures in
the transit network do not affect the
management of the switch.
Remote access management
SNMP Configuration Management
MIB—Provides notification for configuration
changes in the form of SNMP traps. Each trap
contains the time at which the configuration
change was committed, the name of the user
who made the change, and the method by
which the change was made. A history of the
last 32 configuration changes is kept in
jnxCmChgEventTable.
Configuration management
Copyright © 2014, Juniper Networks, Inc.
CLI Explorer
•
Connecting a QFX3500 Device to a
Network for Out-of-Band Management
•
Connecting a QFX Series Device to a
Management Console
•
Configuring Console and Auxiliary Port
Properties on page 149
SNMP MIBs and Traps Reference
5
Network Management and Monitoring on the QFX Series
Table 3: Device and Network Management Features on the QFX Series (continued)
Feature
Typical Uses
Documentation
SNMP MIBs and traps—Enable the
monitoring of network devices from a central
location. Use SNMP requests such as get and
walk to monitor and view system activity.
Fault management
•
SNMP MIBs and Traps Reference
•
Understanding the Implementation of
SNMP on page 59
The QFX3500 switch supports SNMP Version
1 (v1), v2, and v3, and both standard and
Juniper Networks enterprise-specific MIBs
and traps.
System log messages—Log details of system
and user events, including errors. You can
specify the severity and type of system log
messages you wish to view or save, and
configure the output to be sent to local or
remote hosts.
•
Fault management
•
Junos OS System Log Messages Reference
•
User access management
•
Overview of Junos OS System Log
Messages on page 107
•
Overview of Single-Chassis System
Logging Configuration on page 107
Understanding Network Management Implementation on the QFabric System
This topic describes network management features on the QFabric system that are
implemented differently than on other devices running Junos OS.
The following network management features are supported on the QFabric system:
Related
Documentation
6
•
System log messages—The QFabric system monitors events that occur on its
component devices, distributes system log messages about those events to all external
system log message servers (hosts) that are configured, and archives the messages.
Component devices include Node devices, Interconnect devices, Director devices, and
the Virtual Chassis. You configure system log messages at the [edit system syslog]
hierarchy level. Use the show log filename operational mode command to view
messages.
•
Simple Network Management Protocol (SNMP) Version 1 (v1) and v2c—SNMP
monitors network devices from a central location. The SNMP implementation on the
QFabric system supports the basic SNMP architecture of Junos OS with some
limitations, including a reduced set of MIB objects, read-only access for SNMP
communities, and limited support for SNMP requests. You configure SNMP at the [edit
snmp] hierarchy level. Only the show snmp statistics operational mode command is
supported, but you can issue SNMP requests using external SNMP client applications.
•
Advanced Insight Solutions (AIS)—AIS provides tools and processes to automate
the delivery of support services for the QFabric system. AIS components include
Advanced Insight Scripts (AI-Scripts) and Advanced Insight Manager (AIM). You install
AI-Scripts using the request system scripts add operational mode command. However,
the jais-activate-scripts.slax file used during installation is preconfigured for the QFabric
system and cannot be changed.
•
Advanced Insight Scripts (AI-Scripts) Release Notes
Copyright © 2014, Juniper Networks, Inc.
Chapter 1: Network Management
•
Understanding Device and Network Management Features on page 3
•
Overview of Junos OS System Log Messages on page 107
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
SNMP MIBs Support on page 76
Understanding Telnet on the QFabric System
This topic describes the support for the Telnet protocol on QFabric systems.
Telnet service is available for devices running Junos OS, including QFX Series devices.
However, on QFabric systems, Telnet support is limited and the following conditions
apply:
Related
Documentation
•
You can telnet from a QFabric system to external devices that are connected to the
QFabric system by way of the network Node group. To connect to these external
devices, issue the telnet command from the QFabric default partition CLI.
•
You cannot use the Telnet protocol to connect from the QFabric system default partition
CLI to individual components. To access system components, you must issue the
request component login command instead.
•
request component login
•
telnet
Understanding Tracing and Logging Operations
Tracing and logging operations enable you to track events that occur in the switch—both
normal operations and error conditions—and to track the packets that are generated by
or passed through the switch. The results of tracing and logging operations are placed
in files in the /var/log directory on the switch.
The Junos OS supports remote tracing for the following processes:
•
chassisd—Chassis-control process
•
eventd—Event-processing process
•
cosd—Class-of-service process
You configure remote tracing by using the tracing statement at the [edit system] hierarchy
level.
NOTE: The tracing statement is not supported on the QFX3000 QFabric
system.
Copyright © 2014, Juniper Networks, Inc.
7
Network Management and Monitoring on the QFX Series
If you enabled remote tracing but wish to disable it for specific processes on the switch,
use the no-remote-trace statement at the [edit process-name traceoptions] hierarchy
level. This feature does not alter local tracing functionality in any way, and logging files
are stored on the switch.
Logging operations use a system logging mechanism similar to the UNIX syslogd utility
to record systemwide, high-level operations, such as interfaces going up or down and
users logging in to or out of the switch. You configure these operations by using the syslog
statement at the [edit system] hierarchy level and by using the options statement at the
[edit ethernet-switching-options] hierarchy level.
Tracing operations record more detailed information about the operations of the switch,
including packet forwarding and routing information. To configure tracing operations,
use the traceoptions statement.
NOTE: The traceoptions statement is not supported on the QFX3000 QFabric
system.
You can define tracing operations in different portions of the switch configuration:
8
•
SNMP agent activity tracing operations—Define tracing of the activities of SNMP agents
on the switch. You configure SNMP agent activity tracing operations at the [edit snmp]
hierarchy level.
•
Global switching tracing operations—Define tracing for all switching operations. You
configure global switching tracing operations at the [edit ethernet-switching-options]
hierarchy level of the configuration.
•
Protocol-specific tracing operations—Define tracing for a specific routing protocol. You
configure protocol-specific tracing operations in the [edit protocols] hierarchy when
configuring the individual routing protocol. Protocol-specific tracing operations override
any equivalent operations that you specify in the global traceoptions statement. If
there are no equivalent operations, they supplement the global tracing options. If you
do not specify any protocol-specific tracing, the routing protocol inherits all the global
tracing operations.
•
Tracing operations within individual routing protocol entities—Some protocols allow
you to define more granular tracing operations. For example, in Border Gateway Protocol
(BGP), you can configure peer-specific tracing operations. These operations override
any equivalent BGP-wide operations or, if there are no equivalents, supplement them.
If you do not specify any peer-specific tracing operations, the peers inherit, first, all the
BGP-wide tracing operations and, second, the global tracing operations.
•
Interface tracing operations—Define tracing for individual interfaces and for the interface
process itself. You define interface tracing operations at the [edit interfaces] hierarchy
level of the configuration.
•
Remote tracing—To enable system-wide remote tracing, configure the
destination-override syslog host statement at the [edit system tracing] hierarchy level.
This specifies the remote host running the system log process (syslogd), which collects
Copyright © 2014, Juniper Networks, Inc.
Chapter 1: Network Management
the traces. Traces are written to files on the remote host in accordance with the syslogd
configuration in /etc/syslog.conf. By default, remote tracing is not configured.
To override the system-wide remote tracing configuration for a particular process,
include the no-remote-trace statement at the [edit process-name traceoptions] hierarchy.
When no-remote-trace is enabled, the process does local tracing.
To collect traces, use the local0 facility as the selector in the /etc/syslog.conf file on
the remote host. To separate traces from various processes into different files, include
the process name or trace-file name (if it is specified at the [edit process-name
traceoptions file] hierarchy level) in the Program field in the /etc/syslog.conf file. If your
system log server supports parsing hostname and program name, then you can separate
traces from the various processes.
NOTE: During a commit check, warnings about the traceoptions configuration
(for example, mismatch in trace file sizes or number of trace files) are not
displayed on the console. However, these warnings are logged in the system
log messages when the new configuration is committed.
Related
Documentation
•
Overview of Junos OS System Log Messages on page 107
Copyright © 2014, Juniper Networks, Inc.
9
Network Management and Monitoring on the QFX Series
10
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 2
Automation
•
Overview of QFX5100 Switch Automation Enhancements on page 11
•
Overview of Python with QFX5100 Switch Automation Enhancements on page 12
•
Understanding Automation Scripts Support on page 13
•
How Commit Scripts Work on page 14
•
Avoiding Potential Conflicts When Using Multiple Commit Scripts on page 19
•
Overview of Generating Persistent or Transient Configuration Changes on page 20
•
Required Boilerplate for Commit Scripts on page 25
•
How Op Scripts Work on page 26
•
Required Boilerplate for Op Scripts on page 27
Overview of QFX5100 Switch Automation Enhancements
The QFX5100 switch automation enhancements introduced in Junos OS Release
13.2X51-D15 are designed to support the increasing needs of large data centers for more
automation and programmability.
•
Features of the QFX5100 Switch Automation Enhancements on page 11
Features of the QFX5100 Switch Automation Enhancements
To use the QFX5100 switch automation enhancements, you must install the
jinstall-qfx-5-flex-x.tgz software bundle. This software bundle is identical to the other
QFX5100 switch software bundle except that Veriexec is disabled, which enables you
to run unsigned programs, such as programs that you develop with Python, Chef, and
Puppet. The QFX5100 switch automation enhancements include the following features:
•
The factory default configuration is a Layer 3 configuration. (The standard default
factory configuration is Layer 2.)
•
Safeguards ensure that you cannot overwrite essential Junos OS files, including system
log notifications.
•
Zero Touch Provisioning (ZTP) allows you to provision new switches in your network
automatically, without manual intervention. See Understanding Zero Touch Provisioning.
•
The installation automatically sets up and reserves a 1-gigabit user partition on your
system. You can use this partition to store your binaries and additional packages.
Copyright © 2014, Juniper Networks, Inc.
11
Network Management and Monitoring on the QFX Series
•
The user partition is not overwritten when you upgrade or downgrade the software to
a QFX5100 switch Junos OS image that does not contain the automation
enhancements.
NOTE: If you make changes to the user partition while performing a unified
in-service software upgrade (unified ISSU), the changes might be lost.
•
The Python interpreter is included by default.
•
•
You can invoke Python directly from the shell. See “Invoking the Python Interpreter”
on page 153.
Chef for Junos OS and Puppet for Junos OS automation tools for provisioning and
managing computer networking and storage resources are included.
•
For further information on Chef, see Chef for Junos Getting Started Guide.
•
For further information on Puppet, see Puppet for Junos OS Documentation.
NOTE: For full compatibility, you must use only Chef for Junos OS and
Puppet for Junos OS rather than the standard FreeBSD versions of Chef
and Puppet software.
CAUTION: Download additional third party packages at your own risk.
Related
Documentation
•
Installing Junos OS Software with QFX5100 Switch Automation Enhancements on
page 113
•
Invoking the Python Interpreter on page 153
•
QFX5100 Switch with Automation Enhancements Frequently Asked Questions on
page 487
Overview of Python with QFX5100 Switch Automation Enhancements
Python is a programming language that lets you work more quickly and integrate your
systems more effectively. The Python interpreter is included within the Junos operating
system (Junos OS) jinstall-qfx-5-flex-x.tgz software bundle.
Python is also suitable as an extension language for customizable applications. For
information on using Python, refer to your Python documentation.
Related
Documentation
12
•
Installing Junos OS Software with QFX5100 Switch Automation Enhancements on
page 113
•
Invoking the Python Interpreter on page 153
Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Automation
•
QFX5100 Switch with Automation Enhancements Frequently Asked Questions on
page 487
Understanding Automation Scripts Support
This document describes the support for the Junos OS automation scripts on the QFabric
system Director devices.
Junos OS automation consists of a suite of tools used to automate operational and
configuration tasks on network devices running Junos OS. The automation tools, which
leverage the native XML capabilities of the Junos OS, include commit scripts, operation
(op) scripts, event policies and event scripts, and macros.
NOTE: Event policies and event scripts are not supported on the QFabric
system at this time.
The QFabric system supports Junos OS automation scripts that are written in Stylesheet
Language Alternative Syntax (SLAX) version 1.0.
Commit scripts automate the commit process and enforce custom configuration rules.
You can use commit scripts to generate specific errors and warnings, and customize
configurations and configuration templates. When a candidate configuration is committed,
it is inspected by each active commit script. If a configuration violates your custom rules
and the scripts generate an error, the commit fails. If the commit is successful, any
configuration changes (both transient and permanent) are incorporated into the active
configuration before it is passed to the Director software, which distributes the
configuration to all applicable QFabric system components, including Node devices and
Node servers.
Op scripts automate operational and troubleshooting tasks. Op scripts can be executed
manually from the Junos OS CLI or NETCONF XML management protocol, or they can
be called from another script.
The QFabric system supports the following automation script features:
•
Commit scripts and op scripts are supported.
•
Scripts written in SLAX version 1 are supported.
•
Scripts are configured and deployed from the Director group. Since there is more than
one Director device in a Director group, scripts must be deployed by each Director
device or deployed in the shared media space.
•
Scripts are stored in the shared media at this location:
/pbdata/mgd_shared/partition-ip/var/db/scripts. Under this directory, commit scripts
are stored in the commit subdirectory, and op scripts are stored in the op subdirectory.
•
Scripts are not stored in flash memory.
Copyright © 2014, Juniper Networks, Inc.
13
Network Management and Monitoring on the QFX Series
Related
Documentation
•
How Commit Scripts Work on page 14
•
How Op Scripts Work on page 26
•
Required Boilerplate for Commit Scripts on page 25
•
Required Boilerplate for Op Scripts on page 27
•
Controlling the Execution of Commit Scripts on page 153
How Commit Scripts Work
You enable commit scripts by listing the names of one or more commit script files at the
[edit system scripts commit] hierarchy level. These scripts contain instructions that
enforce custom configuration rules. Commit scripts are invoked during the commit process
before the standard Junos OS validity checks are performed.
When you perform a commit operation, Junos OS executes each script in turn, passing
the information in the candidate configuration to the scripts. The script inspects the
configuration, performs the necessary tests and validations, and generates a set of
instructions for performing certain actions. These actions include generating error, warning,
and system log messages. If errors are generated, the commit operation fails and the
candidate configuration remains unchanged. This is the same behavior that occurs with
standard commit errors.
Commit scripts can also generate changes to the system configuration. Because the
changes are loaded before the standard validation checks are performed, they are
validated for correct syntax, just like statements already present in the configuration
before the script is applied. If the syntax is correct, the configuration is activated and
becomes the active, operational device configuration.
Figure 1 on page 14 shows the flow of commit script input and output.
Figure 1: Commit Script Input and Output
Commit scripts cannot make configuration changes to protected statements or within
protected hierarchies. If a commit script attempts to modify or delete a protected
statement or hierarchy, Junos OS issues a warning that the change cannot be made.
Failure to modify a protected configuration element does not halt the commit script or
the commit process.
14
Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Automation
The following sections discuss several important concepts related to the commit script
input and output:
•
Commit Script Input on page 15
•
Commit Script Output on page 15
•
Commit Scripts and the Junos OS Commit Model on page 16
Commit Script Input
The input for a commit script is the postinheritance candidate configuration in Junos XML
API format. The term postinheritance means that all configuration group values have
been inherited by their targets in the candidate configuration and the inactive portions
of the configuration have been removed. For more information about configuration groups,
see the CLI User Guide.
When you issue the commit command, Junos OS automatically generates the candidate
configuration in XML format and reads it into the management (mgd) process, at which
time the input is evaluated by any commit scripts.
To display the XML format of the postinheritance configuration, issue the show | display
commit-scripts view command:
[edit]
user@host# show | display commit-scripts view
To display all configuration groups data, including script-generated changes to the groups,
issue the show groups | display commit-scripts command:
[edit]
user@host# show groups | display commit-scripts
To save the commit script input to a file, add the save command to the command line:
[edit]
user@host# show | display commit-scripts view | save filename.xml
By default, the file is placed in your home directory on the switch, router, or security device.
Commit Script Output
To specify the desired commit script output—including warning, error, and system log
messages, persistent changes, and transient changes—the script can contain tags that
appear in any order, in any number. The tags for specifying output are as follows:
•
<xnm:warning>—Generates a warning message
•
<xnm:error>—Generates an error message.
•
<syslog><message>—Generates a system log message.
•
<change>—Generates a persistent change to the configuration.
•
<transient-change>—Generates a transient change to the configuration.
•
<xsl:call-template name="jcs:emit-change">
<xsl:with-param name="content">—Generates a persistent change relative to the
current context node as defined by an XPath expression.
Copyright © 2014, Juniper Networks, Inc.
15
Network Management and Monitoring on the QFX Series
•
<xsl:call-template name="jcs:emit-change">
<xsl:with-param name="tag" select="'transient-change'"/>
<xsl:with-param name="content">—Generates a transient change relative to the
current context node as defined by an XPath expression.
•
<xsl:call-template name="jcs:emit-change">
<xsl:with-param name="message">
<xsl:text>—Generates a warning message in conjunction with a configuration
change. You can use this set of tags to generate a notification that the configuration
has been changed.
Junos OS processes this output and performs the appropriate actions. Errors and warnings
are passed back to the Junos OS CLI or to a Junos XML protocol client application. The
presence of an error automatically causes the commit operation to fail. Persistent and
transient changes are loaded into the appropriate configuration database.
To test the output of error, warning, and system log messages from commit scripts, issue
the commit check | display xml command:
[edit]
user@host# commit check | display xml
To display a detailed trace of commit script processing, issue the commit check | display
detail command:
[edit]
user@host# commit check | display detail
NOTE: System log messages do not appear in the trace output, so you cannot
use the commit check operation to test script-generated system log
messages. Furthermore, system log messages are written to the system log
during a commit operation, but not during a commit check operation.
Related
Documentation
•
Example: Protecting the Junos OS Configuration from Modification or Deletion.
•
jcs:emit-change Template
Commit Scripts and the Junos OS Commit Model
Junos OS uses a commit model to update the device's configuration. This model allows
you to make a series of changes to a candidate configuration without affecting the
operation of the device. When the changes are complete, you can commit the
configuration. The commit operation saves the candidate configuration changes into the
current configuration.
When you commit a set of changes in the candidate configuration, two methods are
used to forward these changes to the current configuration:
16
•
Standard commit model—Used when no commit scripts are active on the device.
•
Commit script model—Incorporates commit scripts into the commit model.
Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Automation
Standard Commit Model
In the standard commit model, the management (mgd) process validates the candidate
configuration based on standard Junos validation rules. If the configuration file is valid,
it becomes the current active configuration. Figure 2 on page 17 and the accompanying
discussion explain how the standard commit model works:
Figure 2: Standard Commit Model
In the standard commit model, the software performs the following steps:
1.
When the candidate configuration is committed, it is copied to become the checkout
configuration.
2. The mgd process validates the checkout configuration.
3. If no error occurs, the checkout configuration is copied as the current active
configuration.
Commit Model with Commit Scripts
When commit scripts are added to the standard commit model, the process becomes
more complex. The mgd process first passes an XML-formatted checkout configuration
to a script driver, which handles the verification of the checkout configuration by the
commit scripts. When verification is complete, the script driver returns an XML action file
to the mgd process. The mgd process follows the instructions in the action file to update
the candidate and checkout configurations, issue messages to the CLI, and write
information to the system log as required. After processing the action file, the mgd process
performs the standard Junos OS validation. Figure 3 on page 18 and the accompanying
discussion explain this process.
Copyright © 2014, Juniper Networks, Inc.
17
Network Management and Monitoring on the QFX Series
Figure 3: Commit Model with Commit Scripts Added
In the commit script model, Junos OS performs the following steps:
1.
When the candidate configuration is committed, the mgd process sends the
XML-formatted candidate configuration to the script driver.
2. Each enabled commit script is invoked against the candidate configuration, and each
script can generate a set of actions for the mgd process to perform. The actions are
collected in an XML action file.
3. The mgd process performs the following actions in response to <error>, <warning>,
and <syslog> tag elements in the action file:
•
<error>—The mgd process halts the commit process (that is, the commit operation
fails), returns an error message to the CLI or Junos XML protocol client, and takes
no further action.
•
<warning>—The mgd process forwards the message to the CLI or the Junos XML
protocol client.
•
<syslog>—The mgd process forwards the message to the system log process.
4. If the action file includes any <change> tag elements, the mgd process loads the
requested changes into the candidate configuration.
5. The candidate configuration is copied to become the checkout configuration.
6. If the action file includes any <transient-change> tag elements, the mgd process loads
the requested changes into the checkout configuration.
7. The mgd process validates the checkout configuration.
8. If there are no validation errors, the checkout configuration is copied to become the
current active configuration.
18
Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Automation
NOTE: Commit scripts cannot make configuration changes to protected
statements or within protected hierarchies. If a commit script attempts to
modify or delete a protected statement or hierarchy, Junos OS issues a
warning that the change cannot be made. Failure to modify a protected
configuration element does not halt the commit script or the commit process.
Changes that are made to the candidate configuration during the commit operation are
not evaluated by the custom rules during that commit operation. However, persistent
changes are maintained in the candidate configuration and are evaluated by the custom
rules during subsequent commit operations. For more information about how commit
scripts change the candidate configuration, see “Avoiding Potential Conflicts When Using
Multiple Commit Scripts” on page 19.
Transient changes are never evaluated by the custom rules in commit scripts, because
they are made to the checkout configuration only after the commit scripts have evaluated
the candidate configuration and the candidate is copied to become the checkout
configuration. To remove a transient change from the configuration, remove, disable, or
deactivate the commit script (as discussed in Controlling Execution of Commit Scripts
During Commit Operations), or comment out the code that generates the transient change.
For more information about differences between persistent and transient changes, see
“Overview of Generating Persistent or Transient Configuration Changes” on page 20.
Related
Documentation
•
Avoiding Potential Conflicts When Using Multiple Commit Scripts on page 19
Avoiding Potential Conflicts When Using Multiple Commit Scripts
When you use multiple commit scripts, each script evaluates the original candidate
configuration file. Changes made by one script are not evaluated by the other scripts.
This means that conflicts between scripts might not be resolved when the scripts are
first applied to the configuration. The commit scripts are executed in the order they are
listed at the [edit system scripts commit] hierarchy level, as illustrated in
Figure 4 on page 20.
Copyright © 2014, Juniper Networks, Inc.
19
Network Management and Monitoring on the QFX Series
Figure 4: Configuration Evaluation by Multiple Commit Scripts
As an example of a conflict between commit scripts, suppose that commit script A.xsl
is created to ensure that the device uses the domain name server with IP address
192.168.0.255. Later, the DNS server’s address is changed to 192.168.255.255 and a second
script, B.xsl, is added to check that the device uses the DNS server with that address.
However, script A.xsl is not removed or disabled.
Because each commit script evaluates the original candidate configuration, the final
result of executing both scripts A.xsl and B.xsl depends on which DNS server address is
configured in the original candidate configuration. If the now outdated address of
192.168.0.255 is configured, script B.xsl changes it to 192.168.255.255. However, if the
correct address of 192.168.255.255 is configured, script A.xsl changes it to the incorrect
value 192.168.0.255.
As another example of a potential conflict between commit scripts, suppose that a
commit script protects a hierarchy using the protect attribute. If a second commit script
attempts to modify or delete the hierarchy or the statements within the hierarchy, Junos
OS issues a warning during the commit process and prevents the configuration change.
Exercise care to ensure that you do not introduce conflicts between scripts like those
described in the examples. As a method of checking for conflicts with persistent changes,
you can issue two separate commit commands.
Related
Documentation
•
How Commit Scripts Work on page 14
Overview of Generating Persistent or Transient Configuration Changes
Junos OS commit scripts enforce custom configuration rules. When a candidate
configuration includes statements that you have decided must not be included in your
configuration, or when the candidate configuration omits statements that you have
20
Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Automation
decided are required, commit scripts can automatically change the configuration and
thereby correct the problem.
•
Differences Between Persistent and Transient Changes on page 21
•
Interaction of Configuration Changes and Configuration Groups on page 24
•
Tag Elements and Templates for Generating Changes on page 24
Differences Between Persistent and Transient Changes
Configuration changes made by commit scripts can be persistent or transient.
A persistent change remains in the candidate configuration and affects routing operations
until you explicitly delete it, even if you subsequently remove or disable the commit script
that generated the change and reissue the commit command. In other words, removing
the commit script does not cause a persistent change to be removed from the
configuration.
A transient change, in contrast, is made in the checkout configuration but not in the
candidate configuration. The checkout configuration is the configuration database that
is inspected for standard Junos OS syntax just before it is copied to become the active
configuration on the device. If you subsequently remove or disable the commit script
that made the change and reissue the commit command, the change is no longer made
to the checkout configuration and so does not affect the active configuration. In other
words, removing the commit script effectively removes a transient change from the
configuration.
A common use for transient changes is to eliminate the need to repeatedly configure
and display well-known policies, thus allowing these policies to be enforced implicitly.
For example, if MPLS must be enabled on every interface with an International
Organization for Standardization (ISO) protocol enabled, the change can be transient,
so that the repetitive or redundant configuration data need not be carried or displayed
in the candidate configuration. Furthermore, transient changes allow you to write script
instructions that apply the change only if a set of conditions is met.
Persistent and transient changes are loaded into the configuration in the same manner
that the load replace configuration mode command loads an incoming configuration.
When generating a persistent or transient change, adding the replace="replace" attribute
to a configuration element produces the same behavior as a replace: tag in a load replace
operation.
By default, Junos OS merges the incoming configuration and the candidate configuration.
New statements and hierarchies are added, and conflicting statements are overridden.
When generating a persistent or transient change, if you add the replace="replace"
attribute to a configuration element, Junos OS replaces the existing configuration element
with the incoming configuration element. If the replace="replace" attribute is added to
a configuration element, but there is no existing element of the same name in the current
configuration, the incoming configuration element is added into the configuration.
Elements that do not have the replace attribute are merged into the configuration.
Persistent and transient changes are loaded before the standard Junos validation checks
are performed. This means any configuration changes introduced by a commit script are
Copyright © 2014, Juniper Networks, Inc.
21
Network Management and Monitoring on the QFX Series
validated for correct syntax. If the syntax is correct, the new configuration becomes the
active, operational device configuration.
Protected elements in the configuration hierarchy cannot be modified or deleted by either
a persistent or a transient change. If a commit script attempts to modify or delete a
protected statement or hierarchy, Junos OS issues a warning that the change cannot be
made, and proceeds with the commit.
Persistent and transient changes have several important differences, as described in
Table 4 on page 22.
Table 4: Differences Between Persistent and Transient Changes
Persistent Changes
Transient Changes
A persistent change is represented in a commit script by the
<change> tag.
A transient change is represented in a commit script by the
<transient-change> tag.
Another way to represent a persistent change is with the
content parameter inside a call to the jcs:emit-change template.
Another way to represent a transient change is to use the
content parameter and the tag transient parameter inside a
call to the jcs:emit-change template.
The jcs:emit-change template is a helper template contained
in the junos.xsl import file.
You can use persistent changes to perform any Junos XML
protocol operation, such as activate, deactivate, delete, insert
(reorder), comment (annotate), and replace sections of the
configuration.
Like persistent changes, you can use transient changes to
perform any Junos XML protocol operation. However, some
Junos XML protocol operations do not make sense to use with
transient changes, such as generating comments and inactive
settings.
Persistent changes are always loaded during the commit
process if no errors are generated by any commit scripts or by
the standard Junos OS validity check.
For transient changes to be loaded, you must include the
allow-transients statement at the [edit system scripts commit]
hierarchy level. If you enable a commit script that generates
transient changes and you do not include the allow-transients
statement in the configuration, the CLI generates an error
message and the commit operation fails.
Like persistent changes, transient changes must pass the
standard Junos OS validity check.
You cannot use a commit script to generate the
allow-transients statement at the [edit system scripts commit]
hierarchy level. Rather, you must include this statement
directly by using the CLI.
22
Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Automation
Table 4: Differences Between Persistent and Transient Changes (continued)
Persistent Changes
Transient Changes
Persistent changes work like the load replace configuration
mode command, and the change is added to the candidate
configuration.
Transient changes work like the load replace configuration
mode command, and the change is added to the checkout
configuration.
When generating a persistent change, if you add the
replace="replace" attribute to a configuration element, Junos
OS replaces the existing element in the candidate configuration
with the incoming configuration element. If there is no existing
element of the same name in the candidate configuration, the
incoming configuration element is added into the configuration.
Elements that do not have the replace attribute are merged
into the configuration.
When generating a transient change, if you add the
replace="replace" attribute to a configuration element, Junos
OS replaces the existing element in the checkout configuration
with the incoming configuration element. If there is no existing
element of the same name in the checkout configuration, the
incoming configuration element is added into the
configuration. Elements that do not have the replace attribute
are merged into the configuration.
Transient changes are not copied to the candidate
configuration. For this reason, transient changes are not saved
in the configuration if the associated commit script is deleted
or deactivated.
After a persistent change is committed, the software treats it
like a change you make by directly editing and committing the
candidate configuration.
Each time a transient change is committed, the software
updates the checkout configuration database. After the
transient changes pass the standard Junos OS validity checks,
the changes are propagated to the device components.
After the persistent changes are copied to the candidate
configuration, they are copied to the checkout configuration.
If the changes pass the standard Junos OS validity checks, the
changes are propagated to the switch, router, or security device
components.
After committing a script that causes a persistent change to
be generated, you can view the persistent change by issuing
the show configuration mode command:
After committing a script that causes a transient change to
be generated, you can view the transient change by issuing
the show | display commit-scripts configuration mode
command:
user@host# show
This command displays persistent changes only, not transient
changes.
Persistent changes must conform to your custom configuration
design rules as dictated by commit scripts.
This does not become apparent until after a second commit
operation because persistent changes are not evaluated by
commit script rules on the current commit operation. The
subsequent commit operation fails if the persistent changes
do not conform to the rules imposed by the commit scripts
configured during the first commit operation.
A persistent change remains in the configuration even if you
delete, disable, or deactivate the commit script instructions
that generated the change.
Copyright © 2014, Juniper Networks, Inc.
user@host# show | display commit-scripts
This command displays both persistent and transient changes.
Transient changes are never tested by and do not need to
conform to your custom rules. This is caused by the order of
operations in the Junos OS commit model, which is explained
in detail in “Commit Scripts and the Junos OS Commit Model”
on page 16.
If you delete, disable, or deactivate the commit script
instructions that generate a transient change, the change is
removed from the configuration after the next commit
operation. In short, if the associated instructions or the entire
commit script is removed, the transient change is also
removed.
23
Network Management and Monitoring on the QFX Series
Table 4: Differences Between Persistent and Transient Changes (continued)
Persistent Changes
Transient Changes
As with direct CLI configuration, you can remove a persistent
change by rolling back to a previous configuration that did not
include the change and issuing the commit command. However,
if you do not disable or deactivate the associated commit
script, and the problem that originally caused the change to
be generated still exists, the change is automatically
regenerated when you issue another commit command.
You cannot remove a transient change by rolling back to a
previous configuration.
You can alter persistent changes directly by editing the
configuration using the CLI.
You cannot directly alter or delete a transient change by using
the Junos OS CLI, because the change is not in the candidate
configuration.
To alter the contents of a transient change, you must alter
the statements in the commit script that generates the
transient change.
Interaction of Configuration Changes and Configuration Groups
Any configuration change you can make by directly editing the configuration using the
Junos OS command-line interface (CLI) can also be generated by a commit script as a
persistent or transient change. This includes values specified at a specific hierarchy level
or in configuration groups. As with direct CLI configuration, values specified in the target
override values inherited from a configuration group. The target is the statement to which
you apply a configuration group by including the apply-groups statement.
If you define persistent or transient changes as belonging to a configuration group, the
configuration groups are applied in the order you specify in the apply-groups statements,
which you can include at any hierarchy level except the top level. You can also disable
inheritance of a configuration group by including the apply-groups-except statement at
any hierarchy level except the top level.
CAUTION: Each commit script inspects the postinheritance view of the
configuration. If a candidate configuration contains a configuration group,
be careful when using a commit script to change the related target
configuration, because doing so might alter the intended inheritance from
the configuration group.
Also be careful when using a commit script to change a configuration group,
because the configuration group might be generated by an application that
performs a load replace operation on the group during each commit operation.
For more information about configuration groups, see the CLI User Guide.
Tag Elements and Templates for Generating Changes
To generate changes, you can use the jcs:emit-change template, which implicitly includes
<change> and <transient-change> XML elements; or you can explicitly include <change>
24
Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Automation
and <transient-change> XML elements. Using the jcs:emit-change template allows you
to set the hierarchical context of the change once rather than multiple times.
The <change> and <transient-change> elements are similar to the <load-configuration>
operation defined by the Junos XML management protocol. The possible contents of the
<change> and <transient-change> elements are the same as the contents of the
<configuration> tag element used in the Junos XML protocol operation
<load-configuration>. For complete details about the <load-configuration> element, see
the Junos XML Management Protocol Developer Guide.
Required Boilerplate for Commit Scripts
When you write commit scripts, you use Extensible Stylesheet Language Transformations
(XSLT) or Stylesheet Language Alternative Syntax (SLAX) tools provided with Junos
OS. These tools include basic boilerplate that you must include in all commit scripts,
optional extension functions that accomplish scripting tasks more easily, and named
templates that make commit scripts easier to read and write, which you import from a
file called junos.xsl. For more information about the extension functions and templates,
see Junos Script Automation: Understanding Extension Functions in the jcs and slax
Namespaces and Junos Script Automation: Named Templates in the jcs Namespace
Overview.
Commit scripts are based on Junos XML and Junos XML protocol tag elements. Like all
XML elements, angle brackets enclose the name of a Junos XML or Junos XML protocol
tag element in its opening and closing tags. This is an XML convention, and the brackets
are a required part of the complete tag element name. They are not to be confused with
the angle brackets used in the documentation to indicate optional parts of Junos OS CLI
command strings.
You must include either XSLT or SLAX boilerplate as the starting point for all commit
scripts that you create. The XSLT boilerplate follows:
XSLT Boilerplate for
Commit Scripts
1 <?xml version="1.0" standalone="yes"?>
2 <xsl:stylesheet version="1.0"
3
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
4
xmlns:junos="http://xml.juniper.net/junos/*/junos"
5
xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm"
6
xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0">
7
<xsl:import href="../import/junos.xsl"/>
8
<xsl:template match="configuration">
<!-- ... Insert your code here ... -->
9
</xsl:template>
10 </xsl:stylesheet>
Line 1 is the Extensible Markup Language (XML) processing instruction (PI). This PI
specifies that the code is written in XML using version 1.0. The XML PI, if present, must
be the first noncomment token in the script file.
1 <?xml version="1.0"?>
Copyright © 2014, Juniper Networks, Inc.
25
Network Management and Monitoring on the QFX Series
Lines 2 through 6 set the style sheet element and the associated namespaces. Line 2
sets the style sheet version as 1.0. Lines 3 through 6 list all the namespace mappings
commonly used in commit scripts. Not all of these prefixes are used in this example, but
it is not an error to list namespace mappings that are not referenced. Listing all namespace
mappings prevents errors if the mappings are used in later versions of the script.
2 <xsl:stylesheet version="1.0"
3
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
4
xmlns:junos="http://xml.juniper.net/junos/*/junos"
5
xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm"
6
xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0">
Line 7 is an XSLT import statement. It loads the templates and variables from the file
referenced as ../import/junos.xsl, which ships as part of the Junos OS. The junos.xsl file
contains a set of named templates you can call in your scripts. These named templates
are discussed in Junos Script Automation: Named Templates in the jcs Namespace Overview
and Junos Named Templates in the jcs Namespace Summary.
7
<xsl:import href="../import/junos.xsl"/>
Line 8 defines a template that matches the <configuration> element, which is the node
selected by the <xsl:template match="/"> template, contained in the junos.xsl import
file. The <xsl:template match="configuration"> element allows you to exclude the
/configuration/ root element from all XML Path Language (XPath) expressions in the
script and begin XPath expressions with the top Junos OS hierarchy level. For more
information, see XPath Overview.
8
<xsl:template match="configuration">
Add your code between Lines 8 and 9.
Line 9 closes the template.
9
</xsl:template>
Line 10 closes the style sheet and the commit script.
10 </xsl:stylesheet>
SLAX Boilerplate for
Commit Scripts
The corresponding SLAX boilerplate is as follows:
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
match configuration {
/*
* Insert your code here
*/
}
How Op Scripts Work
Op scripts execute Junos OS operational commands and inspect the resulting output.
After inspection, op scripts can automatically correct errors within the device running
Junos OS based on this output.
26
Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Automation
You add op scripts to device operations by listing the filenames of one or more op script
files within the [edit system scripts op] hierarchy level. These files must be added to the
appropriate op script file directory. For more information about op script file directories,
see Storing Scripts in Flash Memory. Once added to the device, op scripts are invoked
from the command line, using the op filename command.
You can use op scripts to generate changes to the device configuration by including the
<load-configuration> tag element. Because the changes are loaded before the standard
validation checks are performed, they are validated for correct syntax, just like statements
already present in the configuration before the script is applied. If the syntax is correct,
the configuration is activated and becomes the active, operational device configuration.
Figure 5 on page 27 shows a high-level view of the flow of op script input and output.
Figure 5: Op Script Input and Output
Required Boilerplate for Op Scripts
When you write operation (op) scripts, you use Extensible Stylesheet Language
Transformations (XSLT) or Stylesheet Language Alternative Syntax (SLAX) tools provided
with Junos OS. These tools include basic boilerplate that you must include in all op scripts,
optional extension functions that accomplish scripting tasks more easily, and named
templates that make scripts easier to read and write, which you import from a file called
junos.xsl. For more information about the extension functions and templates, see Junos
Script Automation: Understanding Extension Functions in the jcs and slax Namespaces
and Junos Script Automation: Named Templates in the jcs Namespace Overview.
Op scripts are based on Junos XML and Junos XML protocol tag elements. Like all XML
elements, angle brackets enclose the name of a Junos XML or Junos XML protocol tag
element in its opening and closing tags. This is an XML convention, and the brackets are
a required part of the complete tag element name. They are not to be confused with the
angle brackets used in the documentation to indicate optional parts of Junos OS CLI
command strings.
You must include either XSLT or SLAX boilerplate as the starting point for all op scripts
that you create. The XSLT boilerplate follows:
XSLT Boilerplate for
Op Scripts
1 <?xml version="1.0" standalone="yes"?>
2 <xsl:stylesheet version="1.0"
3
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
4
xmlns:junos="http://xml.juniper.net/junos/*/junos"
5
xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm"
6
xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0">
7
<xsl:import href="../import/junos.xsl"/>
Copyright © 2014, Juniper Networks, Inc.
27
Network Management and Monitoring on the QFX Series
8
9
<xsl:template match="/">
<op-script-results>
<!-- ... insert your code here ... -->
10
</op-script-results>
11
</xsl:template>
<!-- ... insert additional template definitions here ... -->
12 </xsl:stylesheet>
Line 1 is the Extensible Markup Language (XML) processing instruction (PI), which marks
this file as XML and specifies the version of XML as 1.0. The XML PI, if present, must be
the first non-comment token in the script file.
1 <?xml version="1.0"?>
Line 2 opens the style sheet and specifies the XSLT version as 1.0.
2 <xsl:stylesheet version="1.0"
Lines 3 through 6 list all the namespace mappings commonly used in operation scripts.
Not all of these prefixes are used in this example, but it is not an error to list namespace
mappings that are not referenced. Listing all namespace mappings prevents errors if the
mappings are used in later versions of the script.
3
4
5
6
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:junos="http://xml.juniper.net/junos/*/junos"
xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm"
xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0">
Line 7 is an XSLT import statement. It loads the templates and variables from the file
referenced as ../import/junos.xsl, which ships as part of Junos OS (in the file
/usr/libdata/cscript/import/junos.xsl). The junos.xsl file contains a set of named templates
you can call in your scripts. These named templates are discussed in Junos Script
Automation: Named Templates in the jcs Namespace Overview and Junos Named Templates
in the jcs Namespace Summary.
7
<xsl:import href="../import/junos.xsl"/>
Line 8 defines a template that matches the </> element. The <xsl:template match="/">
element is the root element and represents the top level of the XML hierarchy. All XML
Path Language (XPath) expressions in the script must start at the top level. This allows
the script to access all possible Junos XML and Junos XML protocol remote procedure
calls (RPCs). For more information, see XPath Overview.
8
<xsl:template match="/">
After the <xsl:template match="/"> tag element, the <op-script-results> and
</op-script-results> container tags must be the top-level child tags, as shown in Lines
9 and 10.
9
10
<op-script-results>
<!-- ... insert your code here ... -->
</op-script-results>
Line 11 closes the template.
11
</xsl:template>
Between Line 11 and Line 12, you can define additional XSLT templates that are called
from within the <xsl:template match="/"> template.
28
Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Automation
Line 12 closes the style sheet and the op script.
12 </xsl:stylesheet>
SLAX Boilerplate for
Op Scripts
The corresponding SLAX boilerplate is as follows:
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
match / {
<op-script-results> {
/*
* Insert your code here
*/
}
}
Copyright © 2014, Juniper Networks, Inc.
29
Network Management and Monitoring on the QFX Series
30
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 3
Junos Space
•
Understanding Junos Space Support on page 31
Understanding Junos Space Support
The Juniper Networks Junos Space application, running on a JA1500 appliance or a Junos
Space Virtual Appliance, is a comprehensive platform for building and deploying
applications for collaboration, productivity, and network infrastructure and operations
management. Junos Space provides a runtime environment implemented as a fabric of
virtual and physical appliances.
The Junos Space Network Management Platform software comprises various applications
for network management and configuration, including:
•
Junos Space Administration—Provides management of Junos Space fabric, databases,
licenses, applications, authentication servers, tags, permission labels, DMI schemas,
and troubleshooting.
•
Network Director—Provides unified management of supported Juniper Networks devices
in your network. By providing full network life cycle management, Network Director
simplifies the discovery, configuration, visualization, monitoring, and administration of
large networks.
•
Service Automation—Provides an end-to-end solution designed to streamline
operations and enable proactive network management for Junos OS devices. The
solution consists of Advanced Insight Scripts (AI-Scripts), Junos Space Service Now
and Service Insight applications, and Juniper Support Systems (JSS).
NOTE: Do not install Junos Space and AI-Scripts on the control plane
network EX4200 switches or EX4200 Virtual Chassis in a QFX3000 QFabric
system
Before you can use Junos Space Network Director to manage the QFX Series device, you
must ensure that the configuration on the device meets the requirements for all managed
devices. For example:
Copyright © 2014, Juniper Networks, Inc.
31
Network Management and Monitoring on the QFX Series
•
The device configuration has a static management IP address that is reachable from
the Junos Space server.
•
There is a user with full administrative privileges for Junos Space administration.
•
SNMP is enabled (only if you plan on using SNMP as part of the device discovery).
•
In Junos Space, set up a default device management interface (DMI) schema for the
QFX Series device.
For more information about Network Director requirements, see the Network Director
Quick Start Guide at:
http://www.juniper.net/techpubs/en_US/network-director1.5/information-products/
pathway-pages/index.html
For more information about Junos Space, go to:
http://www.juniper.net/techpubs/en_US/release-independent/junos-space/index.html
Related
Documentation
32
•
Configuring SNMP on page 165
•
Configuring SSH Service for Remote Access to the Router or Switch on page 150
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 4
Network Analytics
•
Network Analytics Overview on page 33
•
Understanding Network Analytics Configuration and Status on page 40
•
Understanding Network Analytics Streaming Data on page 42
•
Understanding Enhanced Network Analytics Streaming Data on page 44
•
Understanding Enhanced Analytics Local File Output on page 49
•
Prototype File for the Google Protocol Buffer Stream Format on page 51
Network Analytics Overview
The network analytics feature provides visibility into the performance and behavior of
the data center infrastructure. This feature collects data from the switch, analyzes the
data using sophisticated algorithms, and captures the results in reports. Network
administrators can use the reports to help troubleshoot problems, make decisions, and
adjust resources as needed. The analytics manager (analyticsm) in the Packet Forwarding
Engine collects traffic and queue statistics, and the analytics daemon (analyticsd) in the
Routing Engine analyzes the data and generates reports. You can enable network analytics
by configuring microburst monitoring and high-frequency traffic statistics monitoring.
NOTE: In Junos OS Release 13.2X51-D15, the network analytics feature has
been enhanced, and extensive changes have been made to the CLI statements
and hierarchies. If you upgrade to Junos OS Release 13.2X51-D15, network
analytics configurations committed in previous releases will appear on your
device, but the feature is disabled. To enable this feature, you must reconfigure
it using the new CLI statements and hierarchies.
For more information, see:
•
Analytics Feature Overview on page 34
•
Network Analytics Enhancements Overview on page 34
•
Summary of CLI Changes on page 36
Copyright © 2014, Juniper Networks, Inc.
33
Network Management and Monitoring on the QFX Series
Analytics Feature Overview
You enable network analytics by configuring queue (microburst) monitoring and
high-frequency traffic statistics monitoring.You use microburst monitoring to look at
traffic queue conditions in the network. A microburst occurrence indicates to the Packet
Forwarding Engine that a user-specified queue depth or latency threshold is reached.
The queue depth is the buffer (in bytes) containing the data, and latency is the time (in
nanoseconds or microseconds) the data stays in the queue.
You can configure queue monitoring based on either queue depth or latency (but not
both), and configure the frequency (polling interval) at which the Packet Forwarding
Engine checks for microbursts and sends the data to the Routing Engine for processing.
You may configure queue monitoring globally for all physical interfaces on the system,
or for a specific interface on the switch. However, the specified queue monitoring interval
applies either to all interfaces, or none; you cannot configure the interval for each interface.
You use high-frequency traffic statistics monitoring to collect traffic statistics at specified
polling intervals. Similar to the queue monitoring interval, the traffic monitoring interval
applies either to all interfaces, or none; you cannot configure the interval for each interface.
Both traffic and queue monitoring are disabled by default. You must configure each type
of monitoring using the CLI. In each case, the configuration for an interface always takes
precedence over the global configuration.
NOTE: You can configure traffic and queue monitoring for physical interfaces
only; logical interfaces and Virtual Chassis port (VCP) interfaces are not
supported.
The analyticsd daemon in the Routing Engine generates local log files containing queue
and traffic statistics records. You can specify the log filename and size, and the number
of log files. If you do not configure a filename, the data is not saved.
You can display the local log file or specify a server to receive the streaming data
containing the queue and traffic statistics.
For each port, information for the last 10 records of traffic statistics and 100 records of
queue statistics is cached. You may view this information by using the show analytics
commands.
To store traceoptions data, you configure the traceoptions statement at the [edit services
analytics] hierarchy level.
Network Analytics Enhancements Overview
Beginning in Junos OS Release 13.2X51-D15, the network analytics feature provides the
following enhancements:
34
Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Network Analytics
•
Resources—Consist of interfaces and system. The interfaces resource allows you to
configure an interface name and an associated resource profile name for each interface.
With the system resource, you can configure the polling intervals for queue monitoring
and traffic monitoring, and an associated resource profile for the system.
•
Resource profile—A template that contains the configurations for queue and traffic
monitoring, such as depth threshold and latency threshold values, and whether each
type of monitoring is enabled or disabled. Once a resource profile is configured, you
apply it to a system or interfaces resource.
•
Collector—A server for collecting queue and traffic monitoring statistics, and can be a
local or remote server. You can configure a local server to store monitoring statistics
in a log file, or a remote server to receive streamed statistics data.
•
Export profile—You must configure an export profile if you wish to send streaming data
to a remote collector. In the export profile, you define the category of streamed data
(system-wide or interface-specific) to determine stream type the collector will receive.
You can specify both system and interface stream categories. System data includes
system information and status of queue and traffic monitoring. Interface-specific data
includes interface information, queue and traffic statistics, and link, queue, and traffic
status.
•
Google Protocol Buffer (GBP) stream format—A new streaming format for monitoring
statistics data that is sent to a remote collector in a single AnRecord message. This
stream format provides nine types of information, including:
•
•
System information—General system information, including boot time, model
information, serial number, number of ports, and so on.
•
System queue status—Queue status for the system in general.
•
System traffic status—Traffic status for the system in general.
•
Interface information—Includes SNMP index, slot, port, and other information.
•
Queue statistics for interfaces—Queue statistics for specific interfaces.
•
Traffic statistics for interfaces—Traffic statistics for specific interfaces.
•
Link status for interfaces—Includes link speed, state, and so on.
•
Queue status for interfaces—Queue status for specific interfaces.
•
Traffic status for interfaces—Traffic status for specific interfaces.
The analytics.proto file—Provides a template for the GBP stream format. This file can
be used for writing your analytics server application. To download the file, go to:
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/proto-files/analytics-proto.txt
•
Use of threshold values—The Analytics Manager (analyticsm) will generate a queue
statistics record when the lower queue depth or latency threshold value is exceeded.
•
User Datagram Protocol (UDP)—Additional transport protocol you can configure, in
addition to Transmission Control Protocol (TCP), for the remote streaming server port.
•
Single file for local logging—Replaces the separate log files for queue and traffic
statistics.
Copyright © 2014, Juniper Networks, Inc.
35
Network Management and Monitoring on the QFX Series
•
Change in latency measurement—Configuration and reporting of latency values have
changed from microseconds to nanoseconds.
•
Change in reporting of the collection time in UTC format—Statistics collection time is
reported in microseconds instead of milliseconds.
•
New operational mode command show analytics collector—Replaces the show analytics
streaming-server command.
•
Changes in command output format—Include the following changes:
•
Addition of unicast, multicast, and broadcast packet counters in queue and traffic
statistics.
•
Reversal of the sequence of statistics information in the output. The most recent
record is displayed at the beginning, and the oldest record at the end of the output.
•
Removal of traffic or queue monitoring status information from the global portion
of the show analytics configuration and show analytics status command output if
there is no global configuration.
•
Addition of n/a to the interface-specific portion of the show analytics configuration
and show analytics status command output if a parameter is not configured (for
example, depth threshold or latency threshold).
Summary of CLI Changes
Beginning in Junos OS Release 13.2X51-D15, enhancements to the network analytics
feature result in changes in the CLI when you configure the feature. See Table 5 on page 36
for a summary of CLI changes.
Table 5: Network Analytics CLI Changes
Task
Configuring global queue
and traffic monitoring
polling interval
36
CLI for Junos OS Release 13.2X50-D15 and
13.2X51-D10
CLI for Junos OS Release 13.2X51-D15 and
later
[edit services analytics]
[edit services analytics]
traffic-statistics {
interval interval;
}
queue-statistics {
interval interval;
}
resource {
system {
polling-interval {
queue-monitoring interval;
traffic-monitoring interval;
}
}
}
Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Network Analytics
Table 5: Network Analytics CLI Changes (continued)
CLI for Junos OS Release 13.2X50-D15 and
13.2X51-D10
CLI for Junos OS Release 13.2X51-D15 and
later
Configuring local files for
traffic and queue statistics
reporting
[edit services analytics]
[edit services analytics]
traffic-statistics {
file filename;
size size;
files number;
}
queue-statistics {
file filename;
size size;
files number;
}
collector {
local {
file filename {
files number;
size size;
}
}
}
Enabling queue statistics
and traffic monitoring, and
specifying the depth
threshold for all interfaces
(globally)
[edit services analytics]
Task
interfaces {
all {
queue-statistics;
traffic-statistics;
depth-threshold {
high number;
low number;
}
}
}
Requires defining a resource profile and
applying it to the system:
1.
To define a resource profile:
[edit services analytics]
resource-profiles {
profile-name{
queue-monitoring;
traffic-monitoring;
depth-threshold {
high number;
low number;
}
}
}
2. To apply a profile to the system:
[edit services analytics]
resource {
system {
resource-profile profile-name;
}
}
Copyright © 2014, Juniper Networks, Inc.
37
Network Management and Monitoring on the QFX Series
Table 5: Network Analytics CLI Changes (continued)
Task
Enabling queue statistics
and traffic monitoring, and
specifying the latency
threshold for one interface
CLI for Junos OS Release 13.2X50-D15 and
13.2X51-D10
CLI for Junos OS Release 13.2X51-D15 and
later
[edit services analytics]
Requires defining a resource profile and
applying it to the interface:
interfaces {
interface{
queue-statistics;
traffic-statistics;
latency-threshold
high number;
low number;
}
}
1.
To define a resource profile:
[edit services analytics]
resource-profiles {
profile-name{
queue-monitoring;
traffic-monitoring;
latency-threshold {
high number;
low number;
}
}
}
2. To apply a profile to the interface:
[edit services analytics]
resource {
interfaces {
interface-name {
resource-profile profile-name;
}
}
}
Configuring the streaming
data format (JSON, CSV,
or TSV) to send to a
remote server
NOTE: Junos OS Release
13.2X51-D15 adds support
for the GPB stream format
and configuration of the
transport protocols (TCP
or UDP).
[edit services analytics]
streaming-servers {
address ip-address {
port number {
stream-format format;
}
}
}
Requires defining the stream format in an export
profile and applying the profile to the collector.
1.
To configure the stream format:
[edit services analytics]
export-profiles {
profile-name {
stream-format format;
}
}
2. To apply an export profile to the collector:
[edit services analytics]
collector {
address ip-address {
port number {
transport protocol {
export-profile profile-name;
}
}
}
}
38
Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Network Analytics
Table 5: Network Analytics CLI Changes (continued)
Task
Configuring the streaming
message types (queue or
traffic statistics) to send to
a remote server
CLI for Junos OS Release 13.2X50-D15 and
13.2X51-D10
CLI for Junos OS Release 13.2X51-D15 and
later
[edit services analytics]
Requires defining an export profile and applying
it to the collector:
streaming-servers {
address ip-address {
port number {
stream-type type;
stream-type type;
}
}
}
1.
To define an export profile:
[edit services analytics]
export-profiles {
profile-name {
interface {
information;
statistics {
queue;
traffic;
}
status {
link;
queue;
traffic;
}
}
system {
information;
status {
queue;
traffic;
}
}
}
}
2. To apply an export profile to the collector:
[edit services analytics]
collector {
address ip-address {
port number {
export-profile profile-name;
}
}
}
Copyright © 2014, Juniper Networks, Inc.
39
Network Management and Monitoring on the QFX Series
Table 5: Network Analytics CLI Changes (continued)
Task
Configuring the transport
protocol for sending
streaming data to an
external server
CLI for Junos OS Release 13.2X50-D15 and
13.2X51-D10
CLI for Junos OS Release 13.2X51-D15 and
later
No configuration is available. Only the TCP
protocol is supported.
Configuration is available. Both TCP and UDP
protocols are supported, and can be configured
for the same port.
[edit services analytics]
collector {
address ip-address {
port number1 {
transport tcp;
transport udp;
}
port number2 {
transport udp;
}
}
}
Show information about
remote streaming server or
collector
Related
Documentation
Issue the show analytics streaming-sever
command.
•
Issue the show analytics collector command.
analytics on page 237
Understanding Network Analytics Configuration and Status
The network analytics feature provides visibility into the performance and behavior of
the data center infrastructure. You can enable network analytics by configuring traffic
and queue statistics monitoring.
NOTE: This topic describes the configuration and status output from Junos
OS Release 13.2X50-D15 and 13.2X51-D10 only.
If you had enabled traffic or queue monitoring, you can issue the show analytics
configuration and show analytics status commands to view the global interface
configuration and status and that of specific interfaces. The output that is displayed
depends on your configuration at the global interface and specific interface levels. For
example:
40
•
A global interface configuration (for all interfaces) to disable monitoring supersedes
the configuration to enable it on an interface.
•
The interface configuration to enable or disable monitoring supersedes the global
interface configuration, unless monitoring had been disabled globally for all interfaces.
•
If there is no configuration, whether for all interfaces or a specific interface, monitoring
is disabled by default (see Table 6 on page 41).
Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Network Analytics
Table 6 on page 41 describes the correlation between the user configuration and the
settings that are displayed.
Table 6: Configuration and Status Output in Junos OS Release 13.2X51-D10 and 13.2X50-D15
Global or System Settings
Specific Interface Settings
User Configuration
Configuration
Status
Configuration
Status
No global or specific interface configuration. This is
the default setting.
Auto
Auto
Auto
Disabled
No global interface configuration but the specific
interface monitoring is disabled.
Auto
Auto
Disabled
Disabled
No global interface configuration but the specific
interface monitoring is enabled.
Auto
Auto
Enabled
Enabled
Monitoring is disabled globally and there is no
interface configuration.
Disabled
Disabled
Auto
Disabled
Monitoring is disabled at both the global and specific
interface levels.
Disabled
Disabled
Disabled
Disabled
Monitoring is disabled at the global interface level
but is enabled at the specific interface level. The
global interface Disabled setting supersedes the
Enabled setting for a specific interface.
Disabled
Disabled
Enabled
Disabled
Monitoring is enabled for all interfaces but there is
no configuration for the specific interface .
Enabled
Enabled
Auto
Enabled
Monitoring is enabled at both the global and specific
interface levels.
Enabled
Enabled
Enabled
Enabled
Monitoring is enabled for all interfaces but is disabled
for the specific interface.
Enabled
Enabled
Disabled
Disabled
Related
Documentation
•
Network Analytics Overview on page 33
•
analytics on page 237
•
queue-statistics on page 252
•
traffic-statistics on page 260
•
show analytics configuration on page 421
•
show analytics status on page 427
Copyright © 2014, Juniper Networks, Inc.
41
Network Management and Monitoring on the QFX Series
Understanding Network Analytics Streaming Data
This topic describes the network analytics queue and traffic statistics that are streamed
to remote servers.
You can configure one or more remote servers to receive streamed data containing queue
and traffic statistics. The format of the streamed data can be Javascript Object Notation
(JSON), Comma-separated Values (CSV), or Tab-separated Values (TSV).
NOTE: The output shown in this topic applies to Junos OS Release 13.2X51-D10
only. The time is displayed in the Unix epoch format (also known as Unix time
or POSIX time).
The following examples show the streamed queue statistics data output in different
formats.
•
JSON format:
{"record-type":"queue-stats","time":1383453988263,"router-id":"qfx5100-switch",
"port":"xe-0/0/18","latency":0,"queue-depth":208}
•
CSV format:
q,1383454067604,qfx5100-switch,xe-0/0/18,0,208
•
TSV format:
q
208
585870192561703872
2
qfx5100-switch
xe-0/0/18
(null)
Table 7 on page 42 describes the output fields for streamed queue statistics data in the
order they appear.
Table 7: Streamed Queue Statistics Data Output Fields
Field
Description
record-type
Type of statistics. Displayed as:
•
queue-stats (JSON format)
•
q (CSV or TSV format)
time
Time (in Unix epoch format) at which the statistics were captured.
router-id
ID of the network analytics host device.
port
Name of the physical port configured for network analytics.
latency
Traffic queue latency in milliseconds.
queue depth
Depth of the traffic queue in bytes.
42
Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Network Analytics
The following examples show the streamed traffic statistics data output in different
formats.
•
JSON format:
{"record-type":"traffic-stats","time":1383453986763,"router-id":"qfx5100-switch",
"port":"xe-0/0/16","rxpkt":26524223621,"rxpps":8399588,"rxbyte":3395100629632,
"rxbps":423997832,"rxdrop":0,"rxerr":0,"txpkt":795746503,"txpps":0,"txbyte":101855533467,
"txbps":0,"txdrop":0,"txerr":0}
•
CSV format:
t,1383454072924,qfx5100-switch,xe-0/0/19,1274299748,82950,163110341556,85603312,0,0,
27254178291,8300088,3488534810679,600002408,27268587050,3490379142400
•
TSV format:
t
1383454139025
qfx5100-switch xe-0/0/19
1279874033
82022
163823850036
84801488
0
0
27811618258
8199630
3559887126455
919998736
27827356915
3561901685120
Table 8 on page 43 describes the output fields for streamed traffic statistics data in the
order they appear.
Table 8: Streamed Traffic Statistics Data Output Fields
Field
Description
record-type
Type of statistics. Displayed as:
•
traffic-stats (JSON format)
•
t (CSV or TSV format)
time
Time (in Unix epoch format) at which the statistics were captured.
router-id
ID of the network analytics host device.
port
Name of the physical port configured for network analytics.
rxpkt
Total packets received.
rxpps
Total packets received per second.
rxbyte
Total bytes received.
rxbps
Total bytes received per second.
rxdrop
Total incoming packets dropped.
rxerr
Total packets with errors.
txpkt
Total packets transmitted.
txpps
Total packets transmitted per second.
txbyte
Total bytes transmitted.
Copyright © 2014, Juniper Networks, Inc.
43
Network Management and Monitoring on the QFX Series
Table 8: Streamed Traffic Statistics Data Output Fields (continued)
Field
Description
txbps
Total bytes transmitted per second.
txdrop
Total transmitted bytes dropped.
txerr
Total transmitted packets with errors (dropped).
Related
Documentation
•
Network Analytics Overview on page 33
•
show analytics streaming-servers on page 431
•
streaming-servers on page 255
Understanding Enhanced Network Analytics Streaming Data
Network analytics monitoring data can be streamed to remote servers called collectors.
You can configure one or more collectors to receive streamed data containing queue
and traffic statistics. This topic describes the streamed data output.
NOTE: This topic applies to Junos OS Release 13.2X51-D15 or later.
Starting in Junos OS Release 13.2X51-D15, network analytics supports the following
streaming data formats and output:
•
Google Protocol Buffer (GPB) on page 44
•
JavaScript Object Notation (JSON) on page 47
•
Comma-separated Values (CSV) on page 47
•
Tab-separated Values (TSV) on page 47
•
Queue Statistics Output for JSON, CSV, and TSV on page 48
•
Traffic Statistics Output for JSON, CSV, and TSV on page 48
Google Protocol Buffer (GPB)
Support for the Google Protocol Buffer (GPB) streaming format has been added in Junos
OS Release 13.2X51-D15. This streaming format provides:
44
•
Support for nine types of messages, based on resource type (system-wide or
interface-specific).
•
Sends messages in a hierarchical format.
•
You can generate other stream format messages (JSON, CSV, TSV) from GPB
formatted messages.
•
Includes a 8-byte message header. See Table 9 on page 45 for more information.
Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Network Analytics
Table 9 on page 45 describes the GPB stream format message header.
Table 9: GPB Stream Format Message Header Information
Byte Position
Field
0 to 3
Length of message
4
Message version
5 to 7
Reserved for future use
The following GPB prototype file (analytics.proto) provides details about the streamed
data:
package analytics;
// Traffic statistics related info
message TrafficStatus {
optional uint32
status
optional uint32
poll_interval
}
// Queue statistics related info
message QueueStatus {
optional uint32
status
optional uint32
poll_interval
optional uint64
lt_high
optional uint64
lt_low
optional uint64
dt_high
optional uint64
dt_low
}
= 1;
= 2;
=
=
=
=
=
=
1;
2;
3;
4;
5;
6;
message LinkStatus {
optional uint64
optional uint32
optional uint32
optional bool
optional bool
}
speed
=
duplex
=
mtu
=
state
=
auto_negotiation=
1;
2;
3;
4;
5;
message InterfaceInfo {
optional uint32
optional uint32
optional uint32
optional uint32
optional uint32
optional uint32
optional uint32
}
snmp_index
index
slot
port
media_type
capability
porttype
=
=
=
=
=
=
=
1;
2;
3;
4;
5;
6;
7;
message InterfaceStatus {
optional LinkStatus
optional QueueStatus
optional TrafficStatus
}
link
queue_status
traffic_status
= 1;
= 2;
= 3;
timestamp
= 1;
message QueueStats {
optional uint64
Copyright © 2014, Juniper Networks, Inc.
45
Network Management and Monitoring on the QFX Series
optional uint64
optional uint64
queue_depth
latency
= 2;
= 3;
message TrafficStats {
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
optional uint64
}
timestamp
rxpkt
rxucpkt
rxmcpkt
rxbcpkt
rxpps
rxbyte
rxbps
rxcrcerr
rxdroppkt
txpkt
txucpkt
txmcpkt
txbcpkt
txpps
txbyte
txbps
txcrcerr
txdroppkt
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
message InterfaceStats {
optional TrafficStats
optional QueueStats
}
traffic_stats
queue_stats
= 1;
= 2;
name
deleted
information
stats
status
=
=
=
=
=
1;
2;
3;
4;
5;
message SystemInfo {
optional uint64
optional string
optional string
optional uint32
optional string
repeated string
}
boot_time
model_info
serial_no
max_ports
collector
interface_list
=
=
=
=
=
=
1;
2;
3;
4;
5;
6;
message SystemStatus {
optional QueueStatus
optional TrafficStatus
}
queue_status
traffic_status
= 1;
= 2;
name
deleted
information
status
=
=
=
=
}
//Interface message
message Interface {
required string
optional bool
optional InterfaceInfo
optional InterfaceStats
optional InterfaceStatus
}
//System message
message System {
required string
optional bool
optional SystemInfo
optional SystemStatus
}
46
1;
2;
3;
4;
5;
6;
7;
8;
9;
10;
11;
12;
13;
14;
15;
16;
17;
18;
19;
1;
2;
3;
4;
Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Network Analytics
message AnRecord {
optional uint64
optional System
repeated Interface
}
timestamp
system
interface
= 1;
= 2;
= 3;
JavaScript Object Notation (JSON)
The JavaScript Object Notation (JSON) streaming format supports the following data:
•
Queue statistics data. For example:
{"record-type":"queue-stats","time":1383453988263,"router-id":"qfx5100-switch",
"port":"xe-0/0/18","latency":0,"queue-depth":208}
See Table 7 on page 42 for more information about queue statistics output fields.
•
Traffic statistics. For example:
{"record-type":"traffic-stats","time":1383453986763,"router-id":"qfx5100-switch",
"port":"xe-0/0/16","rxpkt":26524223621,"rxpps":8399588,"rxbyte":3395100629632,
"rxbps":423997832,"rxdrop":0,"rxerr":0,"txpkt":795746503,"txpps":0,"txbyte":101855533467,
"txbps":0,"txdrop":0,"txerr":0}
See Table 8 on page 43 for more information about traffic statistics output fields.
Comma-separated Values (CSV)
The Comma-separated Values (CSV) streaming format supports the following data:
•
Queue statistics. For example:
q,1383454067604,qfx5100-switch,xe-0/0/18,0,208
See Table 7 on page 42 for more information about queue statistics output fields.
•
Traffic statistics. For example:
t,1383454072924,qfx5100-switch,xe-0/0/19,1274299748,82950,163110341556,85603312,0,0,
27254178291,8300088,3488534810679,600002408,27268587050,3490379142400
See Table 8 on page 43 for more information about traffic statistics output fields.
Tab-separated Values (TSV)
The Tab-separated Values (TSV) streaming format supports the following data:
•
Queue statistics. For example:
q
208
585870192561703872
2
qfx5100-switch
xe-0/0/18
(null)
See Table 7 on page 42 for more information about queue statistics output fields.
•
Traffic statistics. For example:
t
1383454139025
qfx5100-switch xe-0/0/19
1279874033
82022
163823850036
84801488
0
0
27811618258
8199630
3559887126455
919998736
27827356915
3561901685120
See Table 8 on page 43 for more information about traffic statistics output fields.
Copyright © 2014, Juniper Networks, Inc.
47
Network Management and Monitoring on the QFX Series
Queue Statistics Output for JSON, CSV, and TSV
Table 7 on page 42 describes the output fields for streamed queue statistics data in the
order they appear.
Table 10: Streamed Queue Statistics Data Output Fields
Field
Description
record-type
Type of statistics. Displayed as:
•
queue-stats (JSON format)
•
q (CSV or TSV format)
time
Time (in Unix epoch format) at which the statistics were captured.
router-id
ID of the network analytics host device.
port
Name of the physical port configured for network analytics.
latency
Traffic queue latency in milliseconds.
queue depth
Depth of the traffic queue in bytes.
Traffic Statistics Output for JSON, CSV, and TSV
Table 8 on page 43 describes the output fields for streamed traffic statistics data in the
order they appear.
Table 11: Streamed Traffic Statistics Data Output Fields
Field
Description
record-type
Type of statistics. Displayed as:
•
traffic-stats (JSON format)
•
t (CSV or TSV format)
time
Time (in Unix epoch format) at which the statistics were captured.
router-id
ID of the network analytics host device.
port
Name of the physical port configured for network analytics.
rxpkt
Total packets received.
rxpps
Total packets received per second.
rxbyte
Total bytes received.
rxbps
Total bytes received per second.
48
Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Network Analytics
Table 11: Streamed Traffic Statistics Data Output Fields (continued)
Field
Description
rxdrop
Total incoming packets dropped.
rxerr
Total packets with errors.
txpkt
Total packets transmitted.
txpps
Total packets transmitted per second.
txbyte
Total bytes transmitted.
txbps
Total bytes transmitted per second.
txdrop
Total transmitted bytes dropped.
txerr
Total transmitted packets with errors (dropped).
Related
Documentation
•
Network Analytics Overview on page 33
•
Prototype File for the Google Protocol Buffer Stream Format on page 51
•
address (Analytics Collector) on page 236
•
collector (Analytics) on page 241
•
show analytics collector on page 419
Understanding Enhanced Analytics Local File Output
The network analytics feature provides visibility into the performance and behavior of
the data center infrastructure. You enable network analytics by configuring queue or
traffic statistics monitoring, or both. In addition, you can configure a local file for storing
the traffic and queue statistics records.
NOTE: This topic describes the local file output in Junos OS Release
13.2X51-D15 and later. For information about local file output from earlier
releases, see the monitor start (Analytics) topic.
Beginning in Junos OS Release 13.2X51-D15, the traffic and queue monitoring statistics
can be stored locally in a single file. The following example shows the output from the
monitor start command.
root@qfx5100-33> monitor start an
root@qfx5100-33>
*** an ***
q,1393947567698432,qfx5100-33,xe-0/0/19,1098572,1373216
q,1393947568702418,qfx5100-33,xe-0/0/19,1094912,1368640
q,1393947569703415,qfx5100-33,xe-0/0/19,1103065,1378832
Copyright © 2014, Juniper Networks, Inc.
49
Network Management and Monitoring on the QFX Series
t,1393947569874528,qfx5100-33,xe-0/0/16,12603371884,12603371884,0,0,
8426023,1613231610488,8628248712,0,3,5916761,5916761,0,0,0,757345408,0,0,0
t,1393947569874528,qfx5100-33,xe-0/0/18,12601953614,12601953614,0,0,
8446737,1613050071660,8649421552,0,5,131761619,131761619,0,0,84468,
16865487232,86495888,0,0
t,1393947569874528,qfx5100-33,xe-0/0/19,126009250,126009250,0,0,84469,
16129184128,86496392,0,0,12584980342,12584980342,0,0,8446866,1610877487744,
8649588432,12593703960,0
q,1393947575698402,qfx5100-33,xe-0/0/19,1102233,1377792
q,1393947576701398,qfx5100-33,xe-0/0/19,1107724,1384656
See Table 12 on page 50 for queue statistics output, and Table 13 on page 50 for traffic
statistics output. The fields in the tables are listed in the order they appear in the output
example.
Table 12: Output Fields for Queue Statistics in Local Analytics File
Field
Description
Example in Output
Record type
Type of statistics (queue or traffic monitoring)
q
Time (microseconds)
Unix epoch (or Unix time) in microseconds at which the
statistics were captured.
1393947567698432
Router ID
ID of the network analytics host device.
qfx5100-33
Port
Name of the physical port configured for network analytics.
xe-0/0/19
Latency (nanoseconds)
Traffic queue latency in nanoseconds.
1098572
Queue depth (bytes)
Depth of the traffic queue in bytes.
1373216
Table 13: Output Fields for Traffic Statistics in Local Analytics File
Field
Description
Example in Output
Record type
Type of statistics (queue or traffic monitoring)
t
Time (microseconds)
Unix epoch (or Unix time) in microseconds at which the statistics
were captured.
1393947569874528
Router ID
ID of the network analytics host device.
qfx5100-33
Port
Name of the physical port configured for network analytics.
xe-0/0/16
rxpkt
Total packets received.
12603371884
rxucpkt
Total unicast packets received.
12603371884
rxmcpkt
Total multicast packets received.
0
rxbcpkt
Total broadcast packets received.
0
50
Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Network Analytics
Table 13: Output Fields for Traffic Statistics in Local Analytics File (continued)
Field
Description
Example in Output
rxpps
Total packets received per second.
8426023
rxbyte
Total octets received.
1613231610488
rxbps
Total bytes received per second.
8628248712
rxdroppkt
Total incoming packets dropped.
0
rxcrcerr
CRC/Align errors received.
3
txpkt
Total packets transmitted.
5916761
txucpkt
Total unicast packets transmitted.
5916761
txmcpkt
Total multicast packets transmitted.
0
txbcpkt
Total broadcast packets transmitted.
0
txpps
Total packets transmitted per second.
0
txbyte
Total octets transmitted.
757345408
txbps
Bytes per second transmitted.
0
txdroppkt
Total transmitted packets dropped.
0
txcrcerr
CRC/Align errors transmitted.
0
Related
Documentation
•
Network Analytics Overview on page 33
•
analytics on page 237
Prototype File for the Google Protocol Buffer Stream Format
The Google Protocol Buffer (GBP) stream format is used for streaming monitoring
statistics data to a remote collector in a single AnRecord message.
The analytics.proto file provides a template for the GBP stream format. This file can be
used for writing your analytics server application.
To download the GPB prototype file, go to:
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/proto-files/analytics-proto.txt
Related
Documentation
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
51
Network Management and Monitoring on the QFX Series
•
52
export-profiles on page 243
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 5
sFlow Techology
•
Understanding How to Use sFlow Technology for Network Monitoring on a
Switch on page 53
Understanding How to Use sFlow Technology for Network Monitoring on a Switch
The sFlow technology is a monitoring technology for high-speed switched or routed
networks. sFlow monitoring technology randomly samples network packets and sends
the samples to a monitoring station called a collector. You can configure sFlow technology
on a Juniper Networks switch to continuously monitor traffic at wire speed on all interfaces
simultaneously.
This topic describes:
•
Sampling Mechanism and Architecture of sFlow Technology on Switches on page 53
•
Adaptive Sampling on page 55
•
sFlow Agent Address Assignment on page 56
•
sFlow Limitations on Switches on page 56
Sampling Mechanism and Architecture of sFlow Technology on Switches
sFlow technology uses the following two sampling mechanisms:
•
Packet-based sampling—Samples one packet out of a specified number of packets
from an interface enabled for sFlow technology. Only the first 128 bytes of each packet
are sent to the collector. Data collected include the Ethernet, IP, and TCP headers,
along with other application-level headers (if present). Although this type of sampling
might not capture infrequent packet flows, the majority of flows are reported over time,
allowing the collector to generate a reasonably accurate representation of network
activity. To configure packet-based sampling, you must specify a sample rate.
•
Time-based sampling—Samples interface statistics at a specified interval from an
interface enabled for sFlow technology. Statistics such as Ethernet interface errors
are captured. To configure time-based sampling, you must specify a polling interval.
The sampling information is used to create a network traffic visibility picture. The Juniper
Networks Junos operating system (Junos OS) fully supports the sFlow standard described
in RFC 3176, InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and
Routed Networks (see http://faqs.org/rfcs/rfc3176.html).
Copyright © 2014, Juniper Networks, Inc.
53
Network Management and Monitoring on the QFX Series
NOTE: sFlow technology on the switches samples only raw packet headers.
A raw Ethernet packet is the complete Layer 2 network frame.
An sFlow monitoring system consists of an sFlow agent embedded in the switch and a
centralized collector. The sFlow agent’s two main activities are random sampling and
statistics gathering. It combines interface counters and flow samples and sends them
across the network to the sFlow collector as UDP datagrams, directing those datagrams
to the IP address and UDP destination port of the collector. Each datagram contains the
following information:
•
The IP address of the sFlow agent
•
The number of samples
•
The interface through which the packets entered the agent
•
The interface through which the packets exited the agent
•
The source and destination interface for the packets
•
The source and destination VLAN for the packets
EX Series switches, QFX Series switches, and the QFabric systems adopt the distributed
sFlow architecture. The sFlow agent has two separate sampling entities that are
associated with each Packet Forwarding Engine in case of switches and nodes in case
of a QFabric system. These sampling entities are known as subagents. Each subagent
has a unique ID that is used by the collector to identify the data source. A subagent has
its own independent state and forwards its own sample messages to the sFlow agent.
The sFlow agent is responsible for packaging the samples into datagrams and sending
them to the sFlow collector. Because sampling is distributed across subagents, the
protocol overhead associated with sFlow technology is significantly reduced at the
collector.
NOTE: On the QFabric system, an sFlow collector must be reachable through
the data network. Because each Node device has all routes stored in the
default routing instance, the collector IP address should be included in the
default routing instance to ensure the collector’s reachability from the Node
device.
NOTE: You cannot configure sFlow monitoring on a link aggregation group
(LAG), but you can configure it individually on a LAG member interface.
Infrequent sampling flows might not be reported in the sFlow information, but over time
the majority of flows are reported. Based on a configured sampling rate N, 1 out of N
packets is captured and sent to the collector. This type of sampling does not provide a
100 percent accurate result in the analysis, but it does provide a result with quantifiable
54
Copyright © 2014, Juniper Networks, Inc.
Chapter 5: sFlow Techology
accuracy. A user-configured polling interval defines how often the sFlow data for a specific
interface are sent to the collector, but an sFlow agent can also schedule polling.
NOTE: We recommend that you configure the same sample rate for all the
ports in a line card. If you configure different sample rates, the lowest value
is used for all ports on the line card..
NOTE: If the mastership assignment changes in a Virtual Chassis setup,
sFlow technology continues to function.
Adaptive Sampling
To ensure sampling accuracy and efficiency, EX Series switches and QFX Series devices
use adaptive sFlow sampling. Adaptive sampling monitors the overall incoming traffic
rate on the device and provides feedback to the interfaces to dynamically adapt their
sampling rate to traffic conditions. The sFlow agent reads the statistics on the interfaces
every few seconds (12 seconds for EX Series switches and 5 seconds for QFX Series
devices) and identifies five interfaces with the highest number of samples.
On a Flexible PIC Concentrator (FPC), when the CPU processing limit is reached because
of sflow sample processing, a binary backoff algorithm is initiated. This reduces the
sampling load, arriving through the top five sample-producing interfaces on that FPC by
half. The backoff algorithm achieves this by doubling the sampling rate on these five
earmarked interfaces. This process is repeated until the CPU-load due to sflow on the
given FPC comes down to an acceptable level.
On a QFabric system, sFlow technology monitors the interfaces on each node device as
a group, and implements the binary backoff algorithm based on the traffic on that group
of interfaces.
NOTE: On the QFX Series standalone switches, if you configure sFlow
technology monitoring on multiple interfaces and with a high sampling rate,
we recommend that you specify a collector that is on the data network instead
of on the management network. Having a high volume of sFlow technology
monitoring traffic on the management network might interfere with other
management interface traffic.
Using adaptive sampling prevents overloading of the CPU and keeps the device operating
at its optimum level even when there is a change in traffic patterns on the interfaces.
The reduced sampling rate is used until the device is rebooted or when a new sampling
rate is configured.
Copyright © 2014, Juniper Networks, Inc.
55
Network Management and Monitoring on the QFX Series
NOTE: sFlow technology on EX Series switches does not support graceful
restart. When a graceful restart occurs, the adaptive sampling rate is set to
the user-configured sampling rate.
sFlow Agent Address Assignment
The sFlow collector uses the sFlow agent’s IP address to determine the source of the
sFlow data. You can configure the IP address of the sFlow agent to ensure that the agent
ID of the sFlow agent remains constant. If you do not specify the IP address to be assigned
to the agent, an IP address is automatically assigned to the agent based on the following
order of priority of interfaces configured on the device:
EX Series Devices
QFX Series Devices
1.
1.
Virtual Management Ethernet (VME) interface
2. Management Ethernet interface
Management Ethernet interface me0 IP address
2. Any Layer 3 interface if the me0 IP address is not available
If a particular interface is not configured, the IP address of the next interface in the priority
list is used as the IP address for the agent. Once an IP address is assigned to the agent,
the agent ID is not modified until the sFlow service is restarted. At least one interface has
to be configured for an IP address to be assigned to the agent. When the agent’s IP
address is assigned automatically, the IP address is dynamic and changes when the
switch reboots.
On the QFabric system, the following default values are used if the optional parameters
are not configured:
•
Agent ID is the management IP address of the default partition.
•
Source IP is the management IP address of the default partition.
In addition, the QFabric system subagent ID (which is included in the sFlow datagrams)
is the ID of the node group from which the datagram is sent to the collector.
sFlow data can be used to provide network traffic visibility information. You can explicitly
configure the source IP address to be assigned to the sFlow datagrams. If you do not
explicitly configure the IP address, the IP address of any of the configured Layer 3 network
interfaces is used as the source IP address. If a Layer 3 IP address is not configured, then
the agent IP address is used as the source IP address.
sFlow Limitations on Switches
On the QFX Series, limitations of sFlow traffic sampling include the following:
56
•
sFlow sampling on ingress interfaces does not capture CPU-bound traffic.
•
sFlow sampling on egress interfaces does not support broadcast and multicast packets.
•
Egress samples do not contain modifications made to the packet in the egress pipeline.
Copyright © 2014, Juniper Networks, Inc.
Chapter 5: sFlow Techology
•
If a packet is discarded because of a firewall filter, the reason code for discarding the
packet is not sent to the collector.
•
The out-priority field for a VLAN is always set to 0 (zero) on ingress and egress samples.
•
On QFX5100 standalone switches and the QFX Series Virtual Chassis (including mixed
QFX Series Virtual Chassis), egress firewall filters are not applied to sFlow sampling
packets. On these platforms, the software architecture is different from that on other
QFX Series devices—sFlow packets are sent by the Routing Engine (not the line card
on the host) and do not transit the switch. Egress firewall filters affect data packets
that are transiting a switch, but do not affect packets sent by the Routing Engine. As
a result, sFlow sampling packets are always sent to the sFlow collector.
EX9200 switches support configuration of only one sampling rate (inclusive of ingress
and egress rates) on an FPC. To support compatibility with the sflow configuration of
other Juniper Networks products, EX9200 switches still accept multiple rate configuration
on different interfaces of the same FPC. However, the switch programs the lowest rate
as the sampling rate for all the interfaces of that FPC. The sFlow show command (show
sflow interfaces) displays the configured rate and the actual (effective) rate. However,
different rates on different FPCs is still supported on EX9200 switches.
Related
Documentation
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
•
Example: Configuring sFlow Technology to Monitor Network Traffic on EX Series Switches
•
Configuring sFlow Technology on page 163
•
Configuring sFlow Technology for Network Monitoring (CLI Procedure)
•
Monitoring Interface Status and Traffic
Copyright © 2014, Juniper Networks, Inc.
57
Network Management and Monitoring on the QFX Series
58
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 6
SNMP
•
Understanding the Implementation of SNMP on page 59
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
Fabric Chassis MIB on page 64
•
Utility MIB on page 68
•
SNMPv3 Overview on page 69
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
•
Understanding RMON on page 71
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Understanding Health Monitoring on page 75
•
SNMP MIBs Support on page 76
•
SNMP Traps Support on page 92
•
MIB Objects for the QFX Series on page 104
Understanding the Implementation of SNMP
The QFX Series products support the Simple Network Management Protocol (SNMP)
that is implemented in the Junos OS software.
NOTE: By default, SNMP is not enabled on devices running Junos OS. For
information on enabling SNMP on a device running Junos OS, see “Configuring
SNMP” on page 165.
A typical SNMP implementation includes the following components:
•
Network management system (NMS)—The NMS is a combination of hardware and
software that is used to monitor and administer a network. Software running on the
NMS includes the SNMP manager, which collects information about network
connectivity, activity, and events by polling the managed devices.
•
Managed device—A managed device (also called a network element) is any device
managed by the NMS. Routers and switches are common examples of managed
devices. The SNMP agent is the SNMP process that resides on the managed device
and communicates with the NMS.
Copyright © 2014, Juniper Networks, Inc.
59
Network Management and Monitoring on the QFX Series
•
SNMP agent—The SNMP agent exchanges network management information with
SNMP manager software running on an NMS, or host. The agent responds to requests
for information and actions from the manager. The agent also controls access to the
agent’s MIB, the collection of objects that can be viewed or changed by the SNMP
manager.
SNMP data is stored in a highly structured, hierarchical format known as a management
information base (MIB). The MIB structure is based on a tree structure, which defines a
grouping of objects into related sets. Each object in the MIB is associated with an object
identifier (OID), which names the object. The “leaf” in the tree structure is the actual
managed object instance, which represents a resource, event, or activity that occurs in
your network device. The SNMP implementation in Junos OS uses both standard
(developed by IETF and documented in RFCs) and Juniper Networks enterprise-specific
MIBs.
Communication between the agent and the manager occurs in one of the following
forms:
•
Get, GetBulk, and GetNext requests—The manager requests information from the agent;
the agent returns the information in a Get response message.
•
Set requests—The manager changes the value of a MIB object controlled by the agent;
the agent indicates status in a Set response message.
•
Traps notification—The agent sends traps to notify the manager of significant events
that occur on the network device.
The processes maintaining the SNMP management data include:
•
A master SNMP agent (known as SNMP process, or snmpd) that resides on the
managed device and is managed by the NMS or host.
•
Various subagents that reside on different modules of Junos OS, such as the Routing
Engine, and are managed by the master SNMP agent.
•
Junos OS processes that share data with the subagents when polled for SNMP data
(for example, interface-related MIBs).
When an NMS polls the master agent for data, the master agent immediately shares the
data with the NMS if the requested data is available from the master agent or one of the
subagents. However, if the requested data is not maintained by the master agent or
subagents, the subagent polls the Junos OS kernel or the process that maintains that
data. The Junos OS kernel may need to get the data from the Packet Forwarding Engine.
On receiving the required data, the subagent passes the response back on to the master
agent, which in turn passes it on to the NMS.
Figure 6 on page 61 shows the communication flow among the NMS, SNMP master agent
(snmpd), SNMP subagents, Junos OS kernel, and Packet Forwarding Engine.
60
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Figure 6: SNMP Communication Flow
When a significant event, most often an error or a failure, occurs on a network device,
the SNMP agent sends notifications to the SNMP manager. SNMP notifications can be
sent as traps (unconfirmed notifications) or inform requests (confirmed notifications).
Junos OS supports trap queuing to ensure that traps are not lost because of temporary
unavailability of routes. Two types of queues, destination queues and a throttle queue,
are formed to ensure delivery of traps and control the trap traffic. On QFX Series products,
the maximum size of trap queues (throttle queue plus destination queue) is 40,960
traps. The maximum size of any one queue is 20,480 traps.
Junos OS forms a destination queue when a trap to a particular destination is returned
because the host is not reachable, and it adds the subsequent traps to the same
destination to the queue. Junos OS checks for availability of routes every 30 seconds,
and sends the traps from the destination queue in a round-robin fashion.
If the trap delivery fails, the trap is added back to the queue, and the delivery attempt
counter and the next delivery attempt timer for the queue are reset. Subsequent attempts
occur at progressive intervals of 1 minute, 2 minutes, 4 minutes, and 8 minutes. The
maximum delay between the attempts is 8 minutes, and the maximum number of
attempts is ten. After ten unsuccessful attempts, the destination queue and all the traps
in the queue are deleted.
Junos OS also has a throttle mechanism to control the number of traps (throttle threshold)
sent during a particular time period (throttle interval). The throttle mechanism ensures
consistency in trap traffic, especially when large numbers of traps are generated because
of interface status changes. The throttle interval period begins when the first trap arrives
at the throttle. All traps within the trap threshold are processed, and the traps beyond
the threshold limit are queued. The default throttle threshold is 500 traps, and the throttle
interval default is 5 seconds.
NOTE: You cannot configure trap queueing in Junos OS. You cannot view
information about trap queues except for what is provided in the system logs.
Related
Documentation
•
Configuring SNMP on page 165
•
SNMP MIBs Support on page 76
Copyright © 2014, Juniper Networks, Inc.
61
Network Management and Monitoring on the QFX Series
•
SNMP Traps Support on page 92
Understanding the Implementation of SNMP on the QFabric System
SNMP monitors network devices from a central location. The QFabric system supports
the basic SNMP architecture of Junos OS, but its implementation of SNMP differs from
that of other devices running Junos OS. This topic provides an overview of the SNMP
implementation on the QFabric system.
As in other SNMP systems, the SNMP manager resides on the network management
system (NMS) of the network to which the QFabric system belongs. The SNMP agent
resides in the QFabric Director software and is responsible for receiving and distributing
all traps as well as responding to all the queries of the SNMP manager. For example,
traps that are generated by a Node device are sent to the SNMP agent in the Director
software, which in turn processes and sends them to the target IP addresses that are
defined in the SNMP configuration.
NOTE: In its SNMP implementation, the QFabric system acts as an SNMP
proxy server, and requires more time to process SNMP requests than a typical
Junos OS device does. The default timeout setting on most SNMP client
applications is 3 seconds, which is not enough time for the QFabric system
to respond to SNMP requests, so the results of your mibwalk command may
be incomplete. For this reason, we recommend that you change the SNMP
timeout setting to 5 seconds or longer for the QFabric system to complete
the responses to your requests.
Support for SNMP on the QFabric system includes:
•
Support for the SNMP Version 1 (v1) and v2.
NOTE: Only SNMPv2 traps are supported on the QFabric system.
•
62
Support for the following standard MIBs:
•
RFC 1155, Structure and Identification of Management Information for TCP/IP-based
Internets
•
RFC 1157, A Simple Network Management Protocol (SNMP)
•
RFC 1212, Concise MIB Definitions
•
RFC 1213, Management Information Base for Network Management of TCP/IP-Based
Internets: MIB-II (partial support, including the system group and interfaces group)
•
RFC 1215, A Convention for Defining Traps for use with the SNMP
•
RFC 1901, Introduction to Community-based SNMPv2
•
RFC 1905, Protocol Operations for Version 2 of the Simple Network Management
Protocol (SNMPv2)
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
•
RFC 1907, Management Information Base for Version 2 of the Simple Network
Management Protocol (SNMPv2)
•
RFC 2011, SNMPv2 Management Information Base for the Internet Protocol Using
SMIv2
•
RFC 2012, SNMPv2 Management Information Base for the Transmission Control
Protocol Using SMIv2
•
RFC 2013, SNMPv2 Management Information Base for the User Datagram Protocol
Using SMIv2
•
RFC 2233, The Interfaces Group MIB Using SMIv2
•
RFC 2571, An Architecture for Describing SNMP Management Frameworks (read-only
access) (excluding SNMPv3)
•
RFC 2572, Message Processing and Dispatching for the Simple Network Management
Protocol (SNMP) (read-only access) (excluding SNMPv3)
•
RFC 2576, Coexistence between Version 1, Version 2, and Version 3 of the
Internet-standard Network Management Framework (excluding SNMPv3)
•
RFC 2578, Structure of Management Information Version 2 (SMIv2)
•
RFC 2579, Textual Conventions for SMIv2
•
RFC 2580, Conformance Statements for SMIv2
•
RFC 2665, Definitions of Managed Objects for the Ethernet-like Interface Types
•
RFC 2863, The Interfaces Group MIB
•
RFC 3410, Introduction and Applicability Statements for Internet Standard Management
Framework (excluding SNMPv3)
•
RFC 3411, An Architecture for Describing Simple Network Management Protocol (SNMP)
Management Framework (excluding SNMPv3)
•
RFC 3412, Message Processing and Dispatching for the Simple Network Management
Protocol (SNMP) (excluding SNMPv3)
•
RFC 3413, Simple Network Management Protocol (SNMP) Applications (excluding
SNMPv3)
•
RFC 3416, Version 2 of the Protocol Operations for the Simple Network Management
Protocol (SNMP)
•
RFC 3417, Transport Mappings for the Simple Network Management Protocol (SNMP)
•
RFC 3418, Management Information Base (MIB) for the Simple Network Management
Protocol (SNMP)
•
RFC 3584, Coexistence between Version 1, Version 2, and Version 3 of the
Internet-standard Network Management Framework (excluding SNMPv3)
•
RFC 4188, Definitions of Managed Objects for Bridges
•
RFC 4293, Management Information Base for the Internet Protocol (IP)
•
RFC 4363b, Q-Bridge VLAN MIB
Copyright © 2014, Juniper Networks, Inc.
63
Network Management and Monitoring on the QFX Series
•
Related
Documentation
Support for the following Juniper Networks enterprise-specific MIBs:
•
Chassis MIB (mib-jnx-chassis.txt)
•
Class-of-Service MIB (mib-jnx-cos.txt)
•
Configuration Management MIB (mib-jnx-cfgmgmt.txt)
•
Fabric Chassis MIB (mib-jnx-fabric-chassis.txt)
•
Interface MIB Extensions (mib-jnx-if-extensions.txt)
•
Power Supply Unit MIB (mib-jnx-power-supply-unit.txt)
•
QFabric MIB (mib-jnx-qf-smi.txt)
•
Utility MIB (mib-jnx-util.txt)
•
Support for operational mode commands—Limited to the show snmp statistics
command. You may issue other SNMP requests, including get, get next, and walk
requests, by using external SNMP client applications.
•
SNMP MIBs Support on page 76
•
SNMP Traps Support on page 92
Fabric Chassis MIB
The Juniper Networks enterprise-specific SNMP Fabric Chassis MIB
(mib-jnx-fabric-chassis) provides hardware information about the QFabric system and
its component devices in a single MIB. The Fabric Chassis MIB is based on the Juniper
Networks enterprise-specific Chassis MIB that provides information for individual devices.
Unlike the Chassis MIB, the Fabric Chassis MIB represents the QFabric system component
devices as part of the QFabric system. Only the information from the Fabric Chassis MIB
(and not from individual Chassis MIBs) is available to SNMP management clients of the
QFabric system.
The Fabric Chassis MIB uses the basic information structure of the Chassis MIB, but adds
another level of indexing that provides detailed information about QFabric system devices.
Each physical device in a QFabric system (such as a Node device or an Interconnect
device) is represented with its hardware components, including the power supply, fans,
and front and rear cards.
As in other SNMP systems, the SNMP manager resides on the network management
system (NMS) of the network to which the QFabric system belongs. The SNMP agent
(snmpd) resides in the QFabric system Director software and is responsible for receiving
and distributing all traps as well as responding to all queries from the SNMP manager.
In addition, there is an SNMP subagent running in the Routing Engine of each Node group
and Interconnect device. The SNMP subagent manages the information about the
component device, and that information is communicated to the SNMP agent in the
Director software as needed. Traps that are generated by a Node device are sent to the
SNMP agent in the Director software, which in turn processes and sends them to the
target IP addresses that are defined in the SNMP configuration.
64
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 14 on page 65 describes the tables and objects in the Fabric Chassis MIB.
Table 14: Fabric Chassis MIB Tables and Objects
Table or Object Name
Root OID
Description
Tables with Counterparts in the Chassis MIB
jnxFabricContainersTable
jnxFabricContentsTable
jnxFabricFilledTable
1.3.6.1.4.1.2636.3.42.2.2.2
1.3.6.1.4.1.2636.3.42.2.2.3
1.3.6.1.4.1.2636.3.42.2.2.4
Provides information about different types of containers in
QFabric system devices.
•
Containers for Interconnect devices include fan trays,
power supply units, control boards, and so on.
•
Containers for Node devices include fan trays, power
supply units, Flexible PIC Concentrator (FPC), PICs, and
so on.
•
Containers for the Director devices include CPU, memory,
fan trays, power supply units, and hard disks. The
containers have a non-hierarchical or flat structure, and
components in them are organized as siblings to each
other.
Contains contents that are present across all devices
represented in the jnxFabricDeviceTable object. This table
includes all field replaceable units (FRUs) and non-FRUs
for QFabric system devices.
•
Contents in the Interconnect devices include fan trays and
control boards.
•
Contents in the Node devices include fan trays and power
supply units.
•
Contents in the Director devices include CPUs, memory,
fan trays, power supply units, and hard disks, but do not
include network interface cards (NICs).
Shows the status of containers in QFabric devices. The
jnxFabricFilledState object represents the state of the
component: (1) unknown, (2) empty, or (3) filled.
NOTE: The jnxFabricFilledTable object does not contain
information about the Director group.
jnxFabricOperatingTable
1.3.6.1.4.1.2636.3.42.2.2.5
Represents different operating parameters for the contents
that are populated in the jnxFabricContentsTable object.
•
Contents in each Node device and Interconnect device
include fan trays, power supply units, FPC, PIC, and
Routing Engine.
•
Contents in the Director device include CPUs, memory,
fan trays, power supply units, and hard disks, but do not
include network interface cards (NICs).
The jnxFabricOperatingState object provides the state of
the device: (1) unknown, (2) running, (3) ready, (4) reset,
(5) runningAtFullSpeed (for fans only), (6) down, (6) off
(for power supply units), or (7) standby.
Copyright © 2014, Juniper Networks, Inc.
65
Network Management and Monitoring on the QFX Series
Table 14: Fabric Chassis MIB Tables and Objects (continued)
Table or Object Name
Root OID
Description
jnxFabricRedundancyTable
1.3.6.1.4.1.2636.3.42.2.2.6
Represents the redundancy information that is available at
different subsystem levels across the QFabric system.
Information about the Routing Engines in Node devices is
included, but there are no corresponding entries for
Interconnect devices in this table. The
jnxFabricRedundancyState object indicates the state of the
subsystem: (1) unknown, (2) master, (3) backup, or (4)
disabled.
NOTE: Information about redundant Director devices, virtual
machines (VMs) within Director groups, and Virtual Chassis
devices is not available at this time.
jnxFabricFruTable
1.3.6.1.4.1.2636.3.42.2.2.7
Contains all FRUs for the QFabric system in the
jnxFabricDeviceTable table. The FRUs are listed regardless
of whether or not they are installed or online. The
jnxFabricFruState object represents the state of the FRU,
including online, offline, or empty, and so on. This table also
contains information about each FRU, such as name, type,
temperature, time last powered on, and time last powered
off.
NOTE: The jnxFabricFruTable table does not include
network interface cards (NICs) on Director devices.
Table Specific to the Fabric Chassis MIB
jnxFabricDeviceTable
1.3.6.1.4.1.2636.3.42.2.2.1
Contains information about all devices in the QFabric system.
This table organizes scalar variables represented in the
Chassis MIB into a table format for the QFabric system
component devices. Columns in this table include device
information such as model, device alias, and serial number.
The jnxFabricDeviceIndex identifies each QFabric system
device (Node device, Interconnect device, and Director
device).
NOTE: At this time, information about the Virtual Chassis
is not available.
NOTE: The following objects are not supported:
•
jnxFabricDeviceEntryRevision
•
jnxFabricDeviceEntryFirmwareRevision
•
jnxFabricDeviceEntryKernelMemoryUsedPercent
Scalar Variables
66
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 14: Fabric Chassis MIB Tables and Objects (continued)
Table or Object Name
Root OID
Description
The following scalar variables
are supported:
1.3.6.1.4.1.2636.3.42.2.1
Describe the QFabric system as a whole.
NOTE: The jnxFabricFirmwareRevision scalar variable is not
supported at this time.
•
jnxFabricClass
•
jnxFabricDescr
•
jnxFabricSerialNo
•
jnxFabricRevision
•
jnxFabricLastInstalled
•
jnxFabricContentsLastChange
•
jnxFabricFilledLastChange
Table 15 on page 67 describes the SNMPv2 traps that are defined in the Fabric Chassis
MIB.
NOTE: Only SNMPv2 traps are supported on the QFabric system.
Table 15: Fabric Chassis MIB SNMPv2 Traps
Trap Group and Name
Root OID
Description
jnxFabricChassisTraps group—Includes the following
traps:
1.3.6.1.4.1.2636.4.19
Indicates an alarm condition.
•
jnxFabricPowerSupplyFailure
•
jnxFabricFanFailure
•
jnxFabricOverTemperature
•
jnxFabricRedundancySwitchover
•
jnxFabricFruRemoval
•
jnxFabricFruInsertion
•
jnxFabricFruPowerOff
•
jnxFabricFruPowerOn
•
jnxFabricFruFailed
•
jnxFabricFruOffline
•
jnxFabricFruOnline
•
jnxFabricFruCheck
•
jnxFabricFEBSwitchover
•
jnxFabricHardDiskFailed
•
jnxFabricHardDiskMissing
•
jnxFabricBootFromBackup
Copyright © 2014, Juniper Networks, Inc.
NOTE: Hardware events on the
Director group are detected by
scanning. As a result, a trap may not
be generated until up to 30 seconds
after the event has occurred.
NOTE: The software does not
distinguish between the fan removal
and fan failure events on the Director
group. In each case, both the
jnxFabricFanFailure and
jnxFabricFruFailed traps are
generated.
NOTE: The software does not
distinguish between the fan insertion
and fan OK events on the Director
group. In each case, both the
jnxFabricFanOK and jnxFabricFruOK
traps are generated.
67
Network Management and Monitoring on the QFX Series
Table 15: Fabric Chassis MIB SNMPv2 Traps (continued)
Trap Group and Name
Root OID
Description
jnxFabricChassisOKTraps group—Includes the following
traps:
1.3.6.1.4.1.2636.4.20
Indicates an alarm cleared condition.
•
jnxFabricPowerSupplyOK
•
jnxFabricFanOK
•
jnxFabricTemperatureOK
•
jnxFabricFruOK
For more information, see the Fabric Chassis MIB at:
http://www.juniper.net/techpubs/en_US/junos13.1/topics/reference/mibs/mib-jnx-fabric-chassis.txt
Related
Documentation
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
Chassis MIBs
Utility MIB
The Juniper Networks enterprise-specific Utility MIB, whose object ID is {jnxUtilMibRoot 1},
defines objects for counters, integers, and strings. The Utility MIB contains one table for
each of the following five data types:
•
32-bit counters
•
64-bit counters
•
Signed integers
•
Unsigned integers
•
Octet strings
Each data type has an arbitrary ASCII name, which is defined when the data is populated,
and a timestamp that shows the last time when the data instance was modified. For a
downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/ reference/mibs/mib-jnx-util.txt .
For information about the enterprise-specific Utility MIB objects, see the following topics:
Related
Documentation
68
•
jnxUtilCounter32Table
•
jnxUtilCounter64Table
•
jnxUtilIntegerTable
•
jnxUtilUintTable
•
jnxUtilStringTable
•
Juniper Networks Enterprise-Specific MIBs
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
•
Juniper Networks Enterprise-Specific MIBs
•
Standard SNMP MIBs Supported by Junos OS
•
Understanding the Implementation of SNMP on the QFabric System on page 62
SNMPv3 Overview
The QFX3500 switch supports SNMP version 3 (SNMPv3). SNMPv3 enhances the
functionality of SNMPv1 and SNMPv2c by supporting user authentication and data
encryption. SNMPv3 uses the user-based security model (USM) to provide security for
SNMP messages, and the view-based access control model (VACM) for user access
control.
SNMPv3 features include:
Related
Documentation
•
With USM, the SNMP messages between the SNMP manager and the agent can have
the message source authenticated and the data integrity checked. USM reduces
messaging delays and message replays by enforcing timeout limits and by checking
for duplicate message request IDs.
•
VACM complements USM by providing user access control for SNMP queries to the
agent. You define access privileges that you wish to extend to a group of one or more
users. Access privileges are determined by the security model parameters (usm, v1, or
v2) and security level parameters (authentication, privacy, or none). For each security
level, you must associate one MIB view for the group. Associating a MIB view with a
group grants the read, write, or notify permission to a set of MIB objects for the group.
•
You configure security parameters for each user, including the username, authentication
type and authentication password, and privacy type and privacy password. The
username given to each user is in a format that is dependent on the security model
configured for that user.
•
To ensure messaging security, another type of username, called the security name, is
included in the messaging data that is sent between the local SNMP server and the
destination SNMP server. Each user name is mapped to a security name, but the security
name is in a format that is independent of the security model.
•
Trap entries in SNMPv3 are created by configuring the notify, notify filter, target address,
and target parameters. The notify statement specifies the type of notification (trap)
and contains a single tag that defines a set of target addresses to receive a trap. The
notify filter defines access to a collection of trap object identifiers (OIDs). The target
address defines the address of an SNMP management application and other attributes
used in sending notifications. Target parameters define the message processing and
security parameters used in sending notifications to a particular target.
•
Assigning a Security Name to a Group on page 179
•
Configuring Access Privileges for a Group on page 178
•
Configuring SNMP Informs on page 181
•
Creating SNMPv3 Users on page 176
Copyright © 2014, Juniper Networks, Inc.
69
Network Management and Monitoring on the QFX Series
Minimum SNMPv3 Configuration on a Device Running Junos OS
To configure the minimum requirements for SNMPv3, include the following statements
at the [edit snmp v3] and [edit snmp] hierarchy levels:
NOTE: You must configure at least one view (notify, read, or write) at the
[edit snmp view-name] hierarchy level.
[edit snmp]
view view-name {
oid object-identifier (include | exclude);
}
[edit snmp v3]
notify name {
tag tag-name;
}
notify-filter profile-name {
oid object-identifier (include | exclude);
}
snmp-community community-index {
security-name security-name;
}
target-address target-address-name {
address address;
target-parameters target-parameters-name;
}
target-parameters target-parameters-name {
notify-filter profile-name;
parameters {
message-processing-model (v1 | v2c | v3);
security-level (authentication | none | privacy);
security-model (usm | v1 | v2c);
security-name security-name;
}
}
usm {
local-engine {
user username {
}
}
}
vacm {
access {
group group-name {
(default-context-prefix | context-prefix context-prefix){
security-model (any | usm | v1 | v2c) {
security-level (authentication | none | privacy) {
notify-view view-name;
read-view view-name;
write-view view-name;
}
}
70
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
}
}
}
security-to-group {
security-model (usm | v1 | v2c) {
security-name security-name {
group group-name;
}
}
}
}
Related
Documentation
•
Creating SNMPv3 Users on page 176
•
Configuring MIB Views on page 172
•
Defining Access Privileges for an SNMP Group
•
Configuring SNMPv3 Traps on a Device Running Junos OS on page 180
•
Configuring SNMP Informs on page 181
•
Complete SNMPv3 Configuration Statements
•
Example: SNMPv3 Configuration
Understanding RMON
•
RMON Overview on page 71
•
Alarm Thresholds and Events on page 72
RMON Overview
The Junos OS supports the Remote Network Monitoring (RMON) MIB (RFC 2819), which
allows a management device to monitor the values of MIB objects, or variables, against
configured thresholds. When the value of a variable crosses a threshold, an alarm and
its corresponding event are generated. The event can be logged and can generate an
SNMP trap.
An operational support system (OSS) or a fault-monitoring system can be used to
automatically monitor events that track many different metrics, including performance,
availability, faults, and environmental data. For example, an administrator might want
to know when the internal temperature of a chassis has risen above a configured threshold,
which might indicate that a chassis fan tray is faulty, the chassis air flow is impeded, or
the facility cooling system in the vicinity of the chassis is not operating normally.
The RMON MIB also defines tables that store various statistics for Ethernet interfaces,
including the etherStatsTable and the etherHistoryTable. The etherStatsTable contains
cumulative real-time statistics for Ethernet interfaces, such as the number of unicast,
multicast, and broadcast packets received on an interface. The etherHistoryTable
maintains a historical sample of statistics for Ethernet interfaces. The control of the
etherHistoryTable, including the interfaces to track and the sampling interval, is defined
by the RMON historyControlTable.
Copyright © 2014, Juniper Networks, Inc.
71
Network Management and Monitoring on the QFX Series
To enable RMON alarms, you perform the following steps:
1.
Configure SNMP, including trap groups. You configure SNMP at the [edit snmp]
hierarchy level.
2. Configure rising and falling events in the eventTable, including the event types and
trap groups. You can also configure events using the CLI at the [edit snmp rmon event]
hierarchy level.
3. Configure alarms in the alarmTable, including the variables to monitor, rising and falling
thresholds, the sampling types and intervals, and the corresponding events to generate
when alarms occur. You can also configure alarms using the CLI at the [edit snmp
rmon alarm] hierarchy level.
Extensions to the alarmTable are defined in the Juniper Networks enterprise-specific
MIB jnxRmon (mib-jnx-rmon.txt).
Alarm Thresholds and Events
By setting a rising and a falling threshold for a monitored variable, you can be alerted
whenever the value of the variable falls outside the allowable operational range (see
Figure 7 on page 72).
Figure 7: Setting Thresholds
Events are only generated when the alarm threshold is first crossed in any one direction
rather than after each sample interval. For example, if a rising threshold alarm, along
with its corresponding event, is raised, no more threshold crossing events occur until a
corresponding falling alarm occurs. This considerably reduces the quantity of events that
are produced by the system, making it easier for operations staff to react when events
do occur.
Before you configure remote monitoring, you should identify what variables need to be
monitored and their allowable operational range. This requires some period of baselining
to determine the allowable operational ranges. An initial baseline period of at least
72
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
3 months is not unusual when you first identify the operational ranges and define
thresholds, but baseline monitoring should continue over the life span of each monitored
variable.
Related
Documentation
•
Configuring RMON Alarms and Events on page 173
•
Juniper Networks Enterprise-Specific MIBs
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
RMON MIB Event, Alarm, Log, and History Control Tables
The Junos OS supports the Remote Network Monitoring (RMON) MIB (RFC 2819), which
allows a management device to monitor the values of MIB objects, or variables, against
configured thresholds. When the value of a variable crosses a threshold, an alarm and
its corresponding event are generated. The event can be logged and can generate an
SNMP trap.
Table 16 on page 73 provides each field in the RMON eventTable, the description of the
field, and the corresponding Junos OS statement that you can use to configure the field.
The Junos OS statements reside at the [edit snmp rmon] hierarchy level.
Table 16: RMON Event Table
Field
Description
Statement [edit snmp
rmon]
eventDescription
Text description of this event.
description
eventType
Type of event (for example, log, trap, or log and trap).
type
eventCommunity
Trap group to which to send this event, as defined in the Junos OS
configuration. (This is not the same as the SNMP community.)
community
eventOwner
Entity (for example, manager) that created this event.
—
eventStatus
Status of this row (for example, valid, invalid, or createRequest).
—
Table 17 on page 73 provides each field in the RMON alarmTable, the description of the
field, and the corresponding Junos OS statement that you can use to configure the field.
The Junos OS statements reside at the [edit snmp rmon] hierarchy level.
Table 17: RMON Alarm Table
Field
Description
Statement [edit snmp
rmon]
alarmStatus
Status of this row (for example, valid, invalid, or createRequest)
—
alarmInterval
Sampling period (in seconds) of the monitored variable
interval
alarmVariable
Object identifier (OID) and instance of the variable to be monitored
—
Copyright © 2014, Juniper Networks, Inc.
73
Network Management and Monitoring on the QFX Series
Table 17: RMON Alarm Table (continued)
Field
Description
Statement [edit snmp
rmon]
alarmValue
Actual value of the sampled variable
—
alarmSampleType
Sample type (absolute or delta changes)
sample-type
alarmStartupAlarm
Initial alarm (rising, falling, or either)
startup-alarm
alarmRisingThreshold
Rising threshold against which to compare the value
rising-threshold
alarmFallingThreshold
Falling threshold against which to compare the value
falling-threshold
alarmRisingEventIndex
Index (row) of the rising event in the event table
rising-event-index
alarmFallingEventIndex
Index (row) of the falling event in the event table
falling-event-index
Table 18 on page 74 provides each field in the jnxRmon jnxRmonAlarmTable, which is
an extension to the RMON alarmTable. You can troubleshoot the RMON agent, rmopd,
that runs on a switch by inspecting the contents of the jnxRmonAlarmTable object.
Table 18: jnxRmon Alarm Table
Field
Description
jnxRmonAlarmGetFailCnt
Number of times the internal Get request for the variable failed
jnxRmonAlarmGetFailTime
Value of the sysUpTime object when the last failure occurred
jnxRmonAlarmGetFailReason
Reason why the Get request failed
jnxRmonAlarmGetOkTime
Value of the sysUpTime object when the variable moved out of
failure state
jnxRmonAlarmState
Status of this alarm entry
Table 19 on page 74 provides each field in the RMON historyControlTable, the description
of the field, and the corresponding Junos OS statement that you can use to configure
the field. The Junos OS statements reside at the [edit snmp rmon history] hierarchy level.
The historyControlTable controls the RMON etherHistoryTable.
Table 19: RMON History Control Table
Statement [edit snmp
rmon history]
Field
Description
historyControlDataSource
Identifies the source of the data for which historical data was
collected.
74
interface
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 19: RMON History Control Table (continued)
Statement [edit snmp
rmon history]
Field
Description
historyControlBucketsRequested
Requested number of discrete time intervals over which data is to
be saved.
bucket-size
historyControlBucketsGranted
Number of discrete sampling intervals over which data is to be
saved.
—
historyControlInterval
Interval, in seconds, over which the data is sampled for each bucket.
interval
historyControlOwner
Entity that configured this entry.
owner
historyControlStatus
Status of this entry.
—
Related
Documentation
•
Configuring RMON Alarms and Events on page 173
•
Juniper Networks Enterprise-Specific MIBs
•
Understanding RMON on page 71
Understanding Health Monitoring
Health monitoring is an SNMP feature that extends the RMON alarm infrastructure to
provide monitoring for a predefined set of objects (such as file system usage, CPU usage,
and memory usage), and for Junos OS processes.
You enable the health monitor feature using the health-monitor statement at the
[edit snmp] hierarchy level. You can also configure health monitor parameters such as
a falling threshold, rising threshold, and interval. If the value of a monitored object exceeds
the rising or falling threshold, an alarm is triggered and an event may be logged.
The falling threshold is the lower threshold for the monitored object instance. The rising
threshold is the upper threshold for the monitored object instance. Each threshold is
expressed as a percentage of the maximum possible value. The interval represents the
period of time, in seconds, over which the object instance is sampled and compared with
the rising and falling thresholds.
Events are only generated when a threshold is first crossed in any one direction, rather
than after each sample interval. For example, if a rising threshold alarm, along with its
corresponding event, is raised, no more threshold crossing events occur until a
corresponding falling alarm occurs.
System log entries for health monitor events have a corresponding HEALTHMONITOR
tag and not a generic SNMPD_RMON_EVENTLOG tag. However, the health monitor sends
generic RMON risingThreshold and fallingThreshold traps. You can use the show snmp
health-monitor operational command to view information about health monitor alarms
and logs.
Copyright © 2014, Juniper Networks, Inc.
75
Network Management and Monitoring on the QFX Series
When you configure the health monitor, monitoring information for certain object instances
is available, as shown in Table 20 on page 76.
Table 20: Monitored Object Instances
Object
Description
jnxHrStoragePercentUsed.1
Monitors the /dev/ad0s1a: file system on the switch. This is the root file system
mounted on /.
jnxHrStoragePercentUsed.2
Monitors the /dev/ad0s1e: file system on the switch. This is the configuration file
system mounted on /config.
jnxOperatingCPU (RE0)
Monitors CPU usage by the Routing Engine (RE0).
jnxOperatingBuffer (RE0)
Monitors the amount of memory available on the Routing Engine (RE0).
sysApplElmtRunCPU
Monitors the CPU usage for each Junos OS process (also called daemon). Multiple
instances of the same process are monitored and indexed separately.
sysApplElmtRunMemory
Monitors the memory usage for each Junos OS process. Multiple instances of the
same process are monitored and indexed separately.
Related
Documentation
•
Configuring Health Monitoring on page 176
•
falling-threshold (Health Monitor) on page 293
•
interval (Health Monitor) on page 301
•
rising-threshold (Health Monitor) on page 321
•
show snmp health-monitor on page 455
SNMP MIBs Support
The QFX Series standalone switches, QFX Series Virtual Chassis, and QFabric systems
support standard MIBs and Juniper Networks enterprise-specific MIBs.
For more information, see:
•
MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual
Chassis on page 76
•
MIBs Supported on QFabric Systems on page 85
MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual Chassis
The QFX Series standalone switches and QFX Series Virtual Chassis support both standard
MIBs and Juniper Networks enterprise-specific MIBs. For more information, see:
76
•
Table 21 on page 77 for standard MIBs.
•
Table 22 on page 82 for Juniper Networks enterprise-specific MIBs.
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 21: Standard MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual
Chassis
RFC
Additional Information
IEEE 802.1ab section 12.1, Link Layer Discovery
Protocol (LLDP) MIB
Supported tables and objects:
IEEE 802.3ad, Aggregation of Multiple Link
Segments
•
lldpRemManAddrOID
•
lldpLocManAddrOID
•
lldpReinitDelay
•
lldpNotificationInterval
•
lldpStatsRxPortFramesDiscardedTotal
•
lldpStatsRxPortFramesError
•
lldpStatsRxPortTLVsDiscardedTotal
•
lldpStatsRxPortTLVsUnrecognizedTotal
•
lldpStatsRxPortAgeoutsTotal
The following tables and objects are supported:
•
dot3adAggPortTable, dot3adAggPortListTable, dot3adAggTable, and
dot3adAggPortStatsTable
•
dot3adAggPortDebugTable (only dot3adAggPortDebugRxState,
dot3adAggPortDebugMuxState,
dot3adAggPortDebugActorSyncTransitionCount,
dot3adAggPortDebugPartnerSyncTransitionCount,
dot3adAggPortDebugActorChangeCount, and
dot3adAggPortDebugPartnerChangeCount)
•
dot3adTablesLastChanged
RFC 1155, Structure and Identification of
Management Information for TCP/IP-based
Internets
—
RFC 1157, A Simple Network Management
Protocol (SNMP)
—
RFC 1212, Concise MIB Definitions
—
RFC 1213, Management Information Base for
Network Management of TCP/IP-Based
Internets: MIB-II
The following areas are supported:
Copyright © 2014, Juniper Networks, Inc.
•
MIB II and its SNMP version 2 derivatives, including:
•
Statistics counters
•
IP, except for ipRouteTable, which has been replaced by ipCidrRouteTable
(RFC 2096, IP Forwarding Table MIB)
•
ipAddrTable
•
SNMP management
•
Interface management
•
SNMPv1 Get, GetNext requests, and SNMPv2 GetBulk request
•
Junos OS-specific secured access list
•
Master configuration keywords
•
Reconfigurations upon SIGHUP
77
Network Management and Monitoring on the QFX Series
Table 21: Standard MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual
Chassis (continued)
RFC
Additional Information
RFC 1215, A Convention for Defining Traps for
use with the SNMP
Support is limited to MIB II SNMP version 1 traps and version 2 notifications.
RFC 1286, Definitions of Managed Objects for
Bridges
—
RFC 1657, Definitions of Managed Objects for
the Fourth Version of the Border Gateway
Protocol (BGP-4) using SMIv2
—
RFC 1850, OSPF Version 2 Management
Information Base
The following table, objects, and traps are not supported:
•
Host Table
•
ospfOriginateNewLsas and ospfRxNewLsas objects
•
ospfOriginateLSA, ospfLsdbOverflow, and ospfLsdbApproachingOverflow
traps
RFC 1901, Introduction to Community-based
SNMPv2
—
RFC 1905, Protocol Operations for Version 2
of the Simple Network Management Protocol
(SNMPv2)
—
RFC 1907, Management Information Base for
Version 2 of the Simple Network Management
Protocol (SNMPv2)
—
RFC 2011, SNMPv2 Management Information
Base for the Internet Protocol Using SMIv2
—
RFC 2012, SNMPv2 Management Information
Base for the Transmission Control Protocol
Using SMIv2
—
RFC 2013, SNMPv2 Management Information
Base for the User Datagram Protocol Using
SMIv2
—
RFC 2233, The Interfaces Group MIB Using
SMIv2
NOTE: RFC 2233 has been replaced by RFC 2863. However, Junos OS supports
both RFC 2233 and RFC 2863.
RFC 2287, Definitions of System-Level
Managed Objects for Applications
The following objects are supported:
78
•
sysApplInstallPkgTable
•
sysApplInstallElmtTable
•
sysApplElmtRunTable
•
sysApplMapTable
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 21: Standard MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual
Chassis (continued)
RFC
Additional Information
RFC 2570, Introduction to Version 3 of the
Internet-standard Network Management
Framework
—
RFC 2571, An Architecture for Describing SNMP
Management Frameworks (read-only access)
NOTE: RFC 2571 has been replaced by RFC 3411. However, Junos OS supports
both RFC 2571 and RFC 3411.
RFC 2572, Message Processing and
Dispatching for the Simple Network
Management Protocol (SNMP) (read-only
access)
NOTE: RFC 2572 has been replaced by RFC 3412. However, Junos OS supports
both RFC 2572 and RFC 3412.
RFC 2576, Coexistence between Version 1,
Version 2, and Version 3 of the
Internet-standard Network Management
Framework
NOTE: RFC 2576 has been replaced by RFC 3584. However, Junos OS supports
both RFC 2576 and RFC 3584.
RFC 2578, Structure of Management
Information Version 2 (SMIv2)
—
RFC 2579, Textual Conventions for SMIv2
—
RFC 2580, Conformance Statements for
SMIv2
—
RFC 2665, Definitions of Managed Objects for
the Ethernet-like Interface Types
—
RFC 2787, Definitions of Managed Objects for
the Virtual Router Redundancy Protocol
Support does not include row creation, the Set operation, and the
vrrpStatsPacketLengthErrors object.
RFC 2790, Host Resources MIB
Support is limited to the following objects:
RFC 2819, Remote Network Monitoring
Management Information Base
•
Only hrStorageTable. The file systems /, /config, /var, and /tmp always
return the same index number. When SNMP restarts, the index numbers for
the remaining file systems might change.
•
Only the objects of the hrSystem and hrSWInstalled groups.
The following objects are supported:
•
etherStatsTable (for Ethernet interfaces only), alarmTable, eventTable, and
logTable.
•
historyControlTable and etherHistoryTable (except the etherHistoryUtilization
object).
RFC 2863, The Interfaces Group MIB
NOTE: RFC 2233 has been replaced by RFC 2863. However, Junos OS supports
both RFC 2233 and RFC 2863.
RFC 2932, IPv4 Multicast Routing MIB
—
Copyright © 2014, Juniper Networks, Inc.
79
Network Management and Monitoring on the QFX Series
Table 21: Standard MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual
Chassis (continued)
RFC
Additional Information
RFC 2933, Internet Group Management
Protocol (IGMP) MIB
—
RFC 2934, Protocol Independent Multicast
MIB for IPv4
In Junos OS, RFC 2934 is implemented based on a draft version, pimmib.mib, of
the now standard RFC.
RFC 3410, Introduction and Applicability
Statements for Internet Standard
Management Framework
—
RFC 3411, An Architecture for Describing
Simple Network Management Protocol
(SNMP) Management Frameworks
NOTE: RFC 3411 replaces RFC 2571. However, Junos OS supports both RFC 3411
and RFC 2571.
RFC 3412, Message Processing and
Dispatching for the Simple Network
Management Protocol (SNMP)
NOTE: RFC 3412 replaces RFC 2572. However, Junos OS supports both RFC
3412 and RFC 2572.
RFC 3413, Simple Network Management
Protocol (SNMP) Applications
All MIBs are supported except for the Proxy MIB.
RFC 3414, User-based Security Model (USM)
for version 3 of the Simple Network
Management Protocol (SNMPv3)
—
RFC 3415, View-based Access Control Model
(VACM) for the Simple Network Management
Protocol (SNMP)
—
RFC 3416, Version 2 of the Protocol Operations
for the Simple Network Management Protocol
(SNMP)
NOTE: RFC 3416 replaces RFC 1905, which was supported in earlier versions of
Junos OS.
RFC 3417, Transport Mappings for the Simple
Network Management Protocol (SNMP)
—
RFC 3418, Management Information Base
(MIB) for the Simple Network Management
Protocol (SNMP)
NOTE: RFC 3418 replaces RFC 1907, which was supported in earlier versions of
Junos OS.
RFC 3584, Coexistence between Version 1,
Version 2, and Version 3 of the
Internet-standard Network Management
Framework
—
RFC 3826, The Advanced Encryption Standard
(AES) Cipher Algorithm in the SNMP
User-based Security Model
—
80
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 21: Standard MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual
Chassis (continued)
RFC
Additional Information
RFC 4188, Definitions of Managed Objects for
Bridges
The QFX3500 and QFX3600 switches support 802.1D STP (1998) and the
following subtrees and objects only:
•
dot1dTp subtree—dot1dTpFdbAddress, dot1dTpFdbPort, and
dot1dTpFdbStatus objects from the dot1dTpFdbTable table.
•
dot1dBase subtree—dot1dBasePort and dot1dBasePortIfIndex objects from
the dot1dBasePortTable table.
NOTE: On QFX3500 and QFX3600 switches, the dot1dTpFdbTable table is
populated only with MAC addresses learned on the default VLAN. To see the
MAC addresses of all VLANs, specify the dot1qTpFdbTable table (RFC 4363b,
Q-Bridge VLAN MIB) when you issue the show snmp mib walk command.
RFC 4293, Management Information Base for
the Internet Protocol (IP)
Supports the ipAddrTable table only.
RFC 4318, Definitions of Managed Objects for
Bridges with Rapid Spanning Tree Protocol
Supports 802.1w and 802.1t extensions for RSTP.
RFC 4363b, Q-Bridge VLAN MIB
NOTE: On QFX3500 and QFX3600 switches, the dot1dTpFdbTable table (RFC
4188, Definitions of Managed Objects for Bridges) is populated only with MAC
addresses learned on the default VLAN. To see the MAC addresses of all VLANs,
specify the dot1qTpFdbTable table (in this MIB) when you issue the show snmp
mib walk command.
RFC 4444, IS-IS MIB
—
Internet Assigned Numbers Authority,
IANAiftype Textual Convention MIB
(referenced by RFC 2233)
See http://www.iana.org/assignments/ianaiftype-mib .
Internet draft
draft-reeder-snmpv3-usm-3desede-00.txt,
Extension to the User-Based Security Model
(USM) to Support Triple-DES EDE in ‘Outside’
CBC Mode
—
Internet draft
draft-ietf-idmr-igmp-mib-13.txt, Internet
Group Management Protocol (IGMP) MIB
—
ESO Consortium MIB
NOTE: The ESO Consortium MIB has been replaced by RFC 3826. See
http://www.snmp.com/eso/ .
Copyright © 2014, Juniper Networks, Inc.
81
Network Management and Monitoring on the QFX Series
Table 22: Juniper Networks Enterprise-Specific MIBs Supported on QFX Series Standalone
Switches and QFX Series Virtual Chassis
MIB
Description
Alarm MIB (mib-jnx-chassis-alarm)
Provides support for alarms from the switch.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-chassis-alarm.txt .
For more information, see Alarm MIB.
Analyzer MIB (mib-jnx-analyzer)
Contains analyzer and remote analyzer data related to port mirroring.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-analyzer.txt .
For more information, see Analyzer MIB.
Chassis MIB (mib-jnx-chassis)
Provides support for environmental monitoring (power supply state, board voltages, fans,
temperatures, and airflow) and inventory support for the chassis, Flexible PIC
Concentrators (FPCs), and PICs.
NOTE: The jnxLEDTable table has been deprecated.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-chassis.txt .
For more information, see Chassis MIBs.
Chassis Definitions for Router
Model MIB (mib-jnx-chas-defines)
Contains the object identifiers (OIDs) that are used by the Chassis MIB to identify routing
and switching platforms and chassis components. The Chassis MIB provides information
that changes often, whereas the Chassis Definitions for Router Model MIB provides
information that changes less often.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-chas-defines.txt .
For more information, see Chassis MIBs.
Class-of-Service MIB (mib-jnx-cos)
Provides support for monitoring interface output queue statistics per interface and per
forwarding class.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-cos.txt .
For more information, see Class-of-Service MIB.
82
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 22: Juniper Networks Enterprise-Specific MIBs Supported on QFX Series Standalone
Switches and QFX Series Virtual Chassis (continued)
MIB
Description
Configuration Management MIB
(mib-jnx-cfgmgmt)
Provides notification for configuration changes and rescue configuration changes in the
form of SNMP traps. Each trap contains the time at which the configuration change was
committed, the name of the user who made the change, and the method by which the
change was made.
A history of the last 32 configuration changes is kept in jnxCmChgEventTable.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-cfgmgmt.txt .
For more information, see Configuration Management MIB.
Ethernet MAC MIB (mib-jnx-mac)
Monitors media access control (MAC) statistics on Gigabit Ethernet intelligent queuing
(IQ) interfaces. It collects MAC statistics; for example, inoctets, inframes, outoctets, and
outframes on each source MAC address and virtual LAN (VLAN) ID for each Ethernet port.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-mac.txt .
For more information, see Ethernet MAC MIB.
Event MIB (mib-jnx-event)
Defines a generic trap that can be generated using an operations script or event policy.
This MIB provides the ability to specify a system log string and raise a trap if that system
log string is found.
In Junos OS release 13.2X51-D10 or later, if you configured an event policy to raise a trap
when a new SNMP trap target is added, the SNMPD_TRAP_TARGET_ADD_NOTICE trap
is generated with information about the new target.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-event.txt .
For more information, see Event MIB.
Firewall MIB (mib-jnx-firewall)
Provides support for monitoring firewall filter counters.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-firewall.txt .
For more information, see Firewall MIB.
Copyright © 2014, Juniper Networks, Inc.
83
Network Management and Monitoring on the QFX Series
Table 22: Juniper Networks Enterprise-Specific MIBs Supported on QFX Series Standalone
Switches and QFX Series Virtual Chassis (continued)
MIB
Description
Host Resources MIB
(mib-jnx-hostresources)
Extends the hrStorageTable object, providing a measure of the usage of each file system
on the switch as a percentage. Previously, the objects in the hrStorageTable measured
the usage in allocation units—hrStorageUsed and hrStorageAllocationUnits—only. Using
the percentage measurement, you can more easily monitor and apply thresholds on usage.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-hostresources.txt .
For more information, see Host Resources MIB.
Interface MIB (Extensions)
(mib-jnx-if-extensions)
Extends the standard ifTable (RFC 2863) with additional statistics and Juniper Networks
enterprise-specific chassis information in the ifJnxTable and ifChassisTable tables.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-if-extensions.txt .
For more information, see Interface MIB.
MPLS MIB (mib-jnx-mpls)
Provides MPLS information and defines MPLS notifications.
NOTE: This MIB is not supported on the QFX5100 switch.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/
topics/reference/mibs/mib-jnx-mpls.txt
For more information, see MPLS MIB.
MPLS LDP MIB (mib-jnx-mpls-ldp)
Contains object definitions as described in RFC 3815, Definitions of Managed Objects for
the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP).
NOTE: This MIB is not supported on the QFX5100 switch.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/
topics/reference/mibs/mib-jnx-mpls-ldp.txt
For more information, see MPLS LDP MIB.
Ping MIB (mib-jnx-ping)
Extends the standard Ping MIB control table (RFC 2925). Items in this MIB are created
when entries are created in pingCtlTable of the Ping MIB. Each item is indexed exactly as
it is in the Ping MIB.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-ping.txt .
For more information, see PING MIB.
84
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 22: Juniper Networks Enterprise-Specific MIBs Supported on QFX Series Standalone
Switches and QFX Series Virtual Chassis (continued)
MIB
Description
RMON Events and Alarms MIB
(mib-jnx-rmon)
Supports Junos OS extensions to the standard Remote Monitoring (RMON) Events and
Alarms MIB (RFC 2819). The extension augments the alarmTable object with additional
information about each alarm. Two additional traps are also defined to indicate when
problems are encountered with an alarm.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-rmon.txt .
For more information, see RMON Events and Alarms MIB.
Structure of Management
Information MIB (mib-jnx-smi)
Explains how the Juniper Networks enterprise-specific MIBs are structured.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-smi.txt .
For more information, see Structure of Management Information MIB.
System Log MIB (mib-jnx-syslog)
Enables notification of an SNMP trap-based application when an important system log
message occurs.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-syslog.txt .
For more information, see System Log MIB.
Utility MIB (mib-jnx-util)
Provides you with SNMP MIB container objects of the following types: 32-bit counters,
64-bit counters, signed integers, unsigned integers, and octet strings. You can use these
objects to store data that can be retrieved using other SNMP operations.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-util.txt .
For more information, see “Utility MIB” on page 68 and “Using the Enterprise-Specific
Utility MIB to Enhance SNMP Coverage” on page 394.
VLAN MIB (mib-jnx-vlan)
Contains information about prestandard IEEE 802.10 VLANs and their association with
LAN emulation clients.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-vlan.txt .
For more information, see VLAN MIB.
MIBs Supported on QFabric Systems
The QFabric systems support both standard MIBs and Juniper Networks enterprise-specific
MIBs. For more information, see:
Copyright © 2014, Juniper Networks, Inc.
85
Network Management and Monitoring on the QFX Series
•
Table 23 on page 86 for standard MIBs.
•
Table 24 on page 89 for Juniper Networks enterprise-specific MIBs.
Table 23: Standard MIBs Supported on QFabric Systems
RFC
Additional Information
RFC 1155, Structure and Identification of
Management Information for TCP/IP-based
Internets
—
RFC 1157, A Simple Network Management
Protocol (SNMP)
—
RFC 1212, Concise MIB Definitions
—
RFC 1213, Management Information Base for
Network Management of TCP/IP-Based
Internets: MIB-II
The following areas are supported:
•
MIB II and its SNMP version 2 derivatives, including:
•
Statistics counters
•
IP, except for ipRouteTable, which has been replaced by ipCidrRouteTable
(RFC 2096, IP Forwarding Table MIB)
•
ipAddrTable
•
SNMP management
•
Interface management
•
SNMPv1 Get, GetNext requests, and version 2 GetBulk request
•
Junos OS-specific secured access list
•
Master configuration keywords
•
Reconfigurations upon SIGHUP
RFC 1215, A Convention for Defining Traps for
use with the SNMP
Support is limited to MIB II SNMP version 1 traps and version 2 notifications.
RFC 1286, Definitions of Managed Objects for
Bridges
—
RFC 1901, Introduction to Community-based
SNMPv2
—
RFC 1905, Protocol Operations for Version 2
of the Simple Network Management Protocol
(SNMPv2)
—
RFC 1907, Management Information Base for
Version 2 of the Simple Network Management
Protocol (SNMPv2)
—
RFC 2011, SNMPv2 Management Information
Base for the Internet Protocol Using SMIv2
NOTE: On the QFabric system, for the SNMP mibwalk request to work, you must
configure the IP address of at least one interface besides the management
Ethernet interfaces (me0 and me1) in the Director group.
86
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 23: Standard MIBs Supported on QFabric Systems (continued)
RFC
Additional Information
RFC 2012, SNMPv2 Management Information
Base for the Transmission Control Protocol
Using SMIv2
—
RFC 2013, SNMPv2 Management Information
Base for the User Datagram Protocol Using
SMIv2
—
RFC 2233, The Interfaces Group MIB Using
SMIv2
NOTE: RFC 2233 has been replaced by RFC 2863. However, Junos OS supports
both RFC 2233 and RFC 2863.
NOTE: The QFabric system supports the following objects only: ifNumber,
ifTable, and ifxTable.
RFC 2571, An Architecture for Describing SNMP
Management Frameworks (read-only access)
NOTE: RFC 2571 has been replaced by RFC 3411. However, Junos OS supports
both RFC 2571 and RFC 3411.
RFC 2572, Message Processing and
Dispatching for the Simple Network
Management Protocol (SNMP) (read-only
access)
NOTE: RFC 2572 has been replaced by RFC 3412. However, Junos OS supports
both RFC 2572 and RFC 3412.
RFC 2576, Coexistence between Version 1,
Version 2, and Version 3 of the
Internet-standard Network Management
Framework
NOTE: RFC 2576 has been replaced by RFC 3584. However, Junos OS supports
both RFC 2576 and RFC 3584.
RFC 2578, Structure of Management
Information Version 2 (SMIv2)
—
RFC 2579, Textual Conventions for SMIv2
—
RFC 2580, Conformance Statements for
SMIv2
—
RFC 2665, Definitions of Managed Objects for
the Ethernet-like Interface Types
The QFabric system supports the following tables only:
•
dot3StatsTable—There is one row with statistics for each Ethernet-like
interface in the QFabric system. The dot3StatsIndex is an interface index that
is unique across the system.
•
dot3ControlTable—There is one row in this table for each Ethernet-like
interface in the QFabric system that implements the MAC control sublayer.
OIDs supported are dot3ControlFunctionsSupported and
dot3ControlInUnknownOpcode.
•
dot3PauseTable—There is one row in this table for each Ethernet-like interface
in the QFabric system that supports the MAC control PAUSE function. OIDS
supported are dot3PauseAdminMode, dot3PauseOperMode,
dot3InPauseFrames, and dot3OutPauseFrames.
NOTE: Scalar variables are not supported on the QFabric system.
Copyright © 2014, Juniper Networks, Inc.
87
Network Management and Monitoring on the QFX Series
Table 23: Standard MIBs Supported on QFabric Systems (continued)
RFC
Additional Information
RFC 2863, The Interfaces Group MIB
NOTE: RFC 2233 has been replaced by RFC 2863. However, Junos OS supports
both RFC 2233 and RFC 2863.
NOTE: The QFabric system supports the following objects only: ifNumber,
ifTable, and ifxTable.
RFC 2933, Internet Group Management
Protocol (IGMP) MIB
—
RFC 3410, Introduction and Applicability
Statements for Internet Standard
Management Framework
—
RFC 3411, An Architecture for Describing
Simple Network Management Protocol
(SNMP) Management Frameworks
NOTE: RFC 3411 replaces RFC 2571. However, Junos OS supports both RFC 3411
and RFC 2571.
RFC 3412, Message Processing and
Dispatching for the Simple Network
Management Protocol (SNMP)
NOTE: RFC 3412 replaces RFC 2572. However, Junos OS supports both RFC
3412 and RFC 2572.
RFC 3416, Version 2 of the Protocol Operations
for the Simple Network Management Protocol
(SNMP)
NOTE: RFC 3416 replaces RFC 1905, which was supported in earlier versions of
Junos OS.
RFC 3417, Transport Mappings for the Simple
Network Management Protocol (SNMP)
—
RFC 3418, Management Information Base
(MIB) for the Simple Network Management
Protocol (SNMP)
NOTE: RFC 3418 replaces RFC 1907, which was supported in earlier versions of
Junos OS.
RFC 3584, Coexistence between Version 1,
Version 2, and Version 3 of the
Internet-standard Network Management
Framework
—
RFC 4188, Definitions of Managed Objects for
Bridges
The QFabric system support is limited to the following objects:
88
•
Under the dot1dBase OID, the dot1dBasePortTable table supports only the
first two columns in the table: dot1dBasePort and dot1dBasePortIfIndex.
•
The system does not implement the optional traps supporting
dot1dNotifications (dot1dBridge 0).
•
Under the dot1dStp OID, supports only the dot1dStpPortTable table. Does
not support the scalar variables under dot1dStp.
•
The system does not support scalar variables under dot1dTp, but under that,
the dot1dTpFdbTable table is supported (dot1dBridge 4).
•
For OIDS with tables support only, scalar values that are returned by the SNMP
agent may not be meaningful and are therefore not recommended for use.
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 23: Standard MIBs Supported on QFabric Systems (continued)
RFC
Additional Information
RFC 4293, Management Information Base for
the Internet Protocol (IP)
Supports the ipAddrTable table only.
On the QFabric system, supported objects in the ipAddrTable table include:
ipAdEntAddr, ipAdEntIfIndex, ipAdEntNetMask, ipAdEntBcastAddr, and
ipAdEntReasmMaxSize.
NOTE: On the QFabric system, for the SNMP mibwalk request to work, you must
configure the IP address of at least one interface besides the management
Ethernet interfaces (me0 and me1) in the Director group.
RFC 4363b, Q-Bridge VLAN MIB
The QFabric system supports the following tables only:
•
dot1qTpFdbTable
•
dot1qVlanStaticTable
•
dot1qPortVlanTable
•
dot1qFdbTable
Table 24: Juniper Networks Enterprise-Specific MIBs Supported on QFabric Systems
MIB
Description
Analyzer MIB (mib-jnx-analyzer)
Contains analyzer and remote analyzer data related to port mirroring.
The QFabric system supports:
•
Analyzer table—jnxAnalyzerName, jnxMirroringRatio, jnxLossPriority.
•
Analyzer input table—jnxAnalyzerInputValue, jnxAnalyzerInputOption,
jnxAnalyzerInputType.
•
Analyzer output table—jnx AnalyzerOutputValue, jnxAnalyzerOutputType.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-analyzer.txt .
For more information, see Analyzer MIB.
Chassis MIB (mib-jnx-chassis)
Copyright © 2014, Juniper Networks, Inc.
NOTE: The Chassis MIB has been deprecated for the QFabric system. We recommend
that you use the Fabric Chassis MIB (mib-jnx-fabric-chassis) for information about the
QFabric system.
89
Network Management and Monitoring on the QFX Series
Table 24: Juniper Networks Enterprise-Specific MIBs Supported on QFabric Systems (continued)
MIB
Description
Class-of-Service MIB (mib-jnx-cos)
Provides support for monitoring interface output queue statistics per interface and per
forwarding class.
The QFabric system supports the following tables and objects:
•
Jnxcosifstatflagtable—jnxCosIfstatFlags and jnxCosIfIndex.
•
Jnxcosqstattable—jnxCosQstatTxedPkts, jnxCosQstatTxedPktRate,
jnxCosQstatTxedBytes, and jnxCosQstatTxedByteRate.
•
Jnxcosfcidtable—jnxCosFcIdToFcName.
•
Jnxcosfctable—jnxCosFcQueueNr.
The QFabric system does not support any traps for this MIB.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-cos.txt .
For more information, see Class-of-Service MIB.
Configuration Management MIB
(mib-jnx-cfgmgmt)
Provides notification for configuration changes and rescue configuration changes in the
form of SNMP traps. Each trap contains the time at which the configuration change was
committed, the name of the user who made the change, and the method by which the
change was made.
A history of the last 32 configuration changes is kept in jnxCmChgEventTable.
NOTE: On the QFabric system, these conditions apply:
•
All scalar variables under the jnxCmCfgChg table are supported.
•
Supported scalar OIDs are jnxCmCfgChgLatestIndex, jnxCmCfgChgLatestTime,
jnxCmCfgChgLatestDate, jnxCmCfgChgLatestSource, jnxCmCfgChgLatestUser, and
jnxCmCfgChgMaxEventEntries.
•
Scalar variables under the jnxCmRescueChg table are not supported.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-cfgmgmt.txt .
For more information, see Configuration Management MIB.
Fabric Chassis MIB
(mib-jnx-fabric-chassis)
Provides hardware information about the QFabric system and its component devices.
This MIB is based on the Juniper Networks enterprise-specific Chassis MIB but adds another
level of indexing that provides information for QFabric system component devices.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/
reference/mibs/mib-jnx-fabric-chassis.txt .
For more information, see “Fabric Chassis MIB” on page 64.
90
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 24: Juniper Networks Enterprise-Specific MIBs Supported on QFabric Systems (continued)
MIB
Description
Host Resources MIB
(mib-jnx-hostresources)
Extends the hrStorageTable object, providing a measure of the usage of each file system
on the switch as a percentage. Previously, the objects in the hrStorageTable measured
the usage in allocation units—hrStorageUsed and hrStorageAllocationUnits—only. Using
the percentage measurement, you can more easily monitor and apply thresholds on usage.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-hostresources.txt .
For more information, see Host Resources MIB.
Interface MIB (Extensions)
(mib-jnx-if-extensions)
Extends the standard ifTable (RFC 2863) with additional statistics and Juniper Networks
enterprise-specific chassis information in the ifJnxTable and ifChassisTable tables.
NOTE: On the QFabric system, scalar variables are not supported.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-if-extensions.txt .
For more information, see Interface MIB.
Power Supply Unit MIB
(mib-jnx-power-supply-unit)
Provides support for environmental monitoring of the power supply unit for the Interconnect
device of the QFabric system.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-power-supply-unit.txt .
For more information, see Power Supply Unit MIB.
NOTE: On the QFabric system, scalar variables for the jnxPsuObjects 1 object ID in the
jnxPsuScalars table are not supported.
QFabric MIB (jnx-qf-smi)
Explains how the Juniper Networks enterprise-specific QFabric MIBs are structured. Defines
the MIB objects that are reported by the QFabric system and the contents of the traps
that can be issued by the QFabric system.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-qf-smi.txt .
Utility MIB (mib-jnx-util)
Provides you with SNMP MIB container objects of the following types: 32-bit counters,
64-bit counters, signed integers, unsigned integers, and octet strings. You can use these
objects to store data that can be retrieved using other SNMP operations.
For a downloadable version of this MIB, see
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/
mibs/mib-jnx-util.txt .
For more information, see “Utility MIB” on page 68 and “Using the Enterprise-Specific
Utility MIB to Enhance SNMP Coverage” on page 394.
Copyright © 2014, Juniper Networks, Inc.
91
Network Management and Monitoring on the QFX Series
Related
Documentation
•
SNMP MIBs and Traps Reference
•
Understanding the Implementation of SNMP on page 59
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
SNMP Traps Support on page 92
SNMP Traps Support
The QFX Series standalone switches, QFX Series Virtual Chassis, and QFabric systems
support standard SNMP traps and Juniper Networks enterprise-specific traps.
For more information, see:
•
SNMP Traps Supported on QFX Series Standalone Switches and QFX Series Virtual
Chassis on page 92
•
SNMP Traps Supported on QFabric Systems on page 100
SNMP Traps Supported on QFX Series Standalone Switches and QFX Series Virtual Chassis
QFX Series standalone switches and QFX Series Virtual Chassis support SNMPv1 and v2
traps. For more information, see:
•
SNMPv1 Traps on page 92
•
SNMPv2 Traps on page 96
SNMPv1 Traps
QFX Series standalone switches and QFX Series Virtual Chassis support both standard
SNMPv1 traps and Juniper Networks enterprise-specific SNMPv1 traps. See:
•
Table 25 on page 92 for standard SNMPv1 traps.
•
Table 26 on page 95 for enterprise-specific SNMPv1 traps.
The traps are organized first by trap category and then by trap name. The system logging
severity levels are listed for those traps that have them. Traps that do not have
corresponding system logging severity levels are marked with an en dash (–).
Table 25: Standard SNMP Version 1 Traps Supported on QFX Series Standalone Switches
and QFX Series Virtual Chassis
Defined in
Trap Name
Enterprise ID
Generic
Trap
Number
linkDown
1.3.6.1.4.1.2636
2
Specific
Trap
Number
System
Logging
Severity
Level
0
Warning
Syslog Tag
Link Notifications
RFC 1215,
Conventions for
Defining Traps for
92
SNMP_ TRAP_
LINK_DOWN
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 25: Standard SNMP Version 1 Traps Supported on QFX Series Standalone Switches
and QFX Series Virtual Chassis (continued)
Specific
Trap
Number
System
Logging
Severity
Level
Defined in
Trap Name
Enterprise ID
Generic
Trap
Number
Use with the
SNMP
linkUp
1.3.6.1.4.1.2636
3
0
Info
SNMP_TRAP_
LINK_UP
pingProbeFailed
1.3.6.1.2.1.80.0
6
1
Info
SNMP_TRAP _PING_
PROBE_ FAILED
pingTestFailed
1.3.6.1.2.1.80.0
6
2
Info
SNMP_TRAP_
PING_TEST _FAILED
pingTestCompleted
1.3.6.1.2.1.80.0
6
3
Info
SNMP_TRAP_
PING_TEST_
COMPLETED
traceRoutePathChange
1.3.6.1.2.1.81.0
6
1
Info
SNMP_TRAP_
TRACE_ROUTE_
PATH_CHANGE
traceRouteTestFailed
1.3.6.1.2.1.81.0
6
2
Info
SNMP_TRAP_
TRACE_ROUTE_
TEST_FAILED
traceRouteTestCompleted
1.3.6.1.2.1.81.0
6
3
Info
SNMP_TRAP_
TRACE_ROUTE_
TEST_COMPLETED
fallingAlarm
1.3.6.1.2.1.16
6
2
–
–
risingAlarm
1.3.6.1.2.1.16
6
1
–
–
bgpEstablished
1.3.6.1.2.1.15.7
6
1
–
–
bgpBackwardTransition
1.3.6.1.2.1.15.7
6
2
–
–
Syslog Tag
Remote Operations Notifications
RFC 2925,
Definitions of
Managed Objects
for Remote Ping,
Traceroute, and
Lookup
Operations
RMON Alarms
RFC 2819a, RMON
MIB
Routing Notifications
BGP 4 MIB
Copyright © 2014, Juniper Networks, Inc.
93
Network Management and Monitoring on the QFX Series
Table 25: Standard SNMP Version 1 Traps Supported on QFX Series Standalone Switches
and QFX Series Virtual Chassis (continued)
Specific
Trap
Number
System
Logging
Severity
Level
Syslog Tag
Defined in
Trap Name
Enterprise ID
Generic
Trap
Number
OSPF TRAP MIB
ospfVirtIfStateChange
1.3.6.1.2.1.14.16.2
6
1
–
–
ospfNbrStateChange
1.3.6.1.2.1.14.16.2
6
2
–
–
ospfVirtNbrStateChange
1.3.6.1.2.1.14.16.2
6
3
–
–
ospfIfConfigError
1.3.6.1.2.1.14.16.2
6
4
–
–
ospfVirtIfConfigError
1.3.6.1.2.1.14.16.2
6
5
–
–
ospfIfAuthFailure
1.3.6.1.2.1.14.16.2
6
6
–
–
ospfVirtIfAuthFailure
1.3.6.1.2.1.14.16.2
6
7
–
–
ospfIfRxBadPacket
1.3.6.1.2.1.14.16.2
6
8
–
–
ospfVirtIfRxBadPacket
1.3.6.1.2.1.14.16.2
6
9
–
–
ospfTxRetransmit
1.3.6.1.2.1.14.16.2
6
10
–
–
ospfVirtIfTxRetransmit
1.3.6.1.2.1.14.16.2
6
11
–
–
ospfMaxAgeLsa
1.3.6.1.2.1.14.16.2
6
13
–
–
ospfIfStateChange
1.3.6.1.2.1.14.16.2
6
16
–
–
authenticationFailure
1.3.6.1.4.1.2636
4
0
Notice
SNMPD_ TRAP_
GEN_FAILURE
coldStart
1.3.6.1.4.1.2636
0
0
Critical
SNMPD_TRAP_
COLD_START
warmStart
1.3.6.1.4.1.2636
1
0
Error
SNMPD_TRAP_
WARM_START
vrrpTrapNewMaster
1.3.6.1.2.1.68
6
1
Warning
VRRPD_NEW
MASTER_TRAP
vrrpTrapAuthFailure
1.3.6.1.2.1.68
6
2
Warning
VRRPD_AUTH_
FAILURE_TRAP
Startup Notifications
RFC 1215,
Conventions for
Defining Traps for
Use with the
SNMP
VRRP Notifications
RFC 2787,
Definitions of
Managed Objects
for the Virtual
Router
Redundancy
Protocol
94
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 26: Enterprise-Specific SNMPv1 Traps Supported on QFX Series Standalone Switches and
QFX Series Virtual Chassis
Defined in
Enterprise ID
Generic
Trap
Number
Specific
Trap
Number
System
Logging
Severity
Level
jnxPowerSupplyFailure
1.3.6.1.4.1.2636.4.1
6
1
Warning
CHASSISD_
SNMP_ TRAP
jnxFanFailure
1.3.6.1.4.1.2636.4.1
6
2
Critical
CHASSISD_
SNMP_ TRAP
jnxOverTemperature
1.3.6.1.4.1.2636.4.1
6
3
Alert
CHASSISD_
SNMP_ TRAP
jnxFruRemoval
1.3.6.1.4.1.2636.4.1
6
5
Notice
CHASSISD_
SNMP_ TRAP
jnxFruInsertion
1.3.6.1.4.1.2636.4.1
6
6
Notice
CHASSISD_
SNMP_ TRAP
jnxFruPowerOff
1.3.6.1.4.1.2636.4.1
6
7
Notice
CHASSISD_
SNMP_ TRAP
jnxFruPowerOn
1.3.6.1.4.1.2636.4.1
6
8
Notice
CHASSISD_
SNMP_ TRAP
jnxFruFailed
1.3.6.1.4.1.2636.4.1
6
9
Warning
CHASSISD_
SNMP_ TRAP
jnxFruOffline
1.3.6.1.4.1.2636.4.1
6
10
Notice
CHASSISD_
SNMP_ TRAP
jnxFruOnline
1.3.6.1.4.1.2636.4.1
6
11
Notice
CHASSISD_
SNMP_ TRAP
jnxFruCheck
1.3.6.1.4.1.2636.4.1
6
12
Warning
CHASSISD_
SNMP_ TRAP
jnxPowerSupplyOk
1.3.6.1.4.1.2636.4.2
6
1
Critical
CHASSISD_
SNMP_ TRAP
jnxFanOK
1.3.6.1.4.1.2636.4.2
6
2
Critical
CHASSISD_
SNMP_ TRAP
jnxTemperatureOK
1.3.6.1.4.1.2636.4.2
6
3
Alert
CHASSISD_
SNMP_ TRAP
Trap Name
System Log Tag
Chassis Notifications (Alarm Conditions)
Chassis MIB
(jnx-chassis. mib)
Configuration Notifications
Copyright © 2014, Juniper Networks, Inc.
95
Network Management and Monitoring on the QFX Series
Table 26: Enterprise-Specific SNMPv1 Traps Supported on QFX Series Standalone Switches and
QFX Series Virtual Chassis (continued)
Specific
Trap
Number
System
Logging
Severity
Level
System Log Tag
Defined in
Trap Name
Enterprise ID
Generic
Trap
Number
Configuration
Management MIB
(jnx- configmgmt.
mib)
jnxCmCfgChange
1.3.6.1.4.1.2636.4.5
6
1
–
–
jnxCmRescueChange
1.3.6.1.4.1.2636.4.5
6
2
–
–
jnxPingRttThresholdExceeded
1.3.6.1.4.1.2636.4.9
6
1
–
–
jnxPingRttStdDevThreshold
Exceeded
1.3.6.1.4.1.2636.4.9
6
2
–
–
jnxPingRttJitterThreshold
Exceeded
1.3.6.1.4.1.2636.4.9
6
3
–
–
jnxPingEgressThreshold
Exceeded
1.3.6.1.4.1.2636.4.9
6
4
–
–
jnxPingEgressStdDev
ThresholdExceeded
1.3.6.1.4.1.2636.4.9
6
5
–
–
jnxPingEgressJitterThreshold
Exceeded
1.3.6.1.4.1.2636.4.9
6
6
–
–
jnxPingIngressThreshold
Exceeded
1.3.6.1.4.1.2636.4.9
6
7
–
–
jnxPingIngressStddevThreshold
Exceeded
1.3.6.1.4.1.2636.4.9
6
8
–
–
jnxPingIngressJitterThreshold
Exceeded
1.3.6.1.4.1.2636.4.9
6
9
–
–
jnxRmonAlarmGetFailure
1.3.6.1.4.1.2636.4.3
6
1
–
–
jnxRmonGetOk
1.3.6.1.4.1.2636.4.3
6
2
–
–
Remote Operations
Ping MIB
(jnx-ping.mib)
RMON Alarms
RMON MIB
(jnx-rmon. mib)
SNMPv2 Traps
96
•
Table 27 on page 97 lists the standard SNMP traps
•
Table 28 on page 99 lists the Juniper Networks enterprise-specific traps
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 27: Standard SNMPv2 Traps Supported on QFX Series Standalone Switches and
QFX Series Virtual Chassis
Defined in
Trap Name
SNMP Trap OID
System
Logging
Severity
Level
linkDown
1.3.6.1.6.3.1.1.5.3
Warning
SNMP_TRAP_
LINK_DOWN
linkUp
1.3.6.1.6.3.1.1.5.4
Info
SNMP_TRAP_ LINK_UP
pingProbeFailed
1.3.6.1.2.1.80.0.1
Info
SNMP_TRAP_
PING_PROBE_ FAILED
pingTestFailed
1.3.6.1.2.1.80.0.2
Info
SNMP_TRAP_PING_
TEST_FAILED
pingTestCompleted
1.3.6.1.2.1.80.0.3
Info
SNMP_TRAP_PING_
TEST_COMPLETED
traceRoutePathChange
1.3.6.1.2.1.81.0.1
Info
SNMP_TRAP_TRACE_
ROUTE_PATH_
CHANGE
traceRouteTestFailed
1.3.6.1.2.1.81.0.2
Info
SNMP_TRAP_TRACE_
ROUTE_TEST_FAILED
traceRouteTestCompleted
1.3.6.1.2.1.81.0.3
Info
SNMP_TRAP_TRACE_
ROUTE_TEST_
COMPLETED
fallingAlarm
1.3.6.1.2.1.16.0.1
–
–
risingAlarm
1.3.6.1.2.1.16.0.2
–
–
bgpEstablished
1.3.6.1.2.1.15.7.1
–
–
bgpBackwardTransition
1.3.6.1.2.1.15.7.2
–
–
Syslog Tag
Link Notifications
RFC 2863, The Interfaces
Group MIB
Remote Operations Notifications
RFC 2925, Definitions of
Managed Objects for
Remote Ping, Traceroute,
and Lookup Operations
RMON Alarms
RFC 2819a, RMON MIB
Routing Notifications
BGP 4 MIB
Copyright © 2014, Juniper Networks, Inc.
97
Network Management and Monitoring on the QFX Series
Table 27: Standard SNMPv2 Traps Supported on QFX Series Standalone Switches and
QFX Series Virtual Chassis (continued)
Defined in
Trap Name
SNMP Trap OID
System
Logging
Severity
Level
OSPF Trap MIB
ospfVirtIfStateChange
1.3.6.1.2.1.14.16.2.1
–
–
ospfNbrStateChange
1.3.6.1.2.1.14.16.2.2
–
–
ospfVirtNbrStateChange
1.3.6.1.2.1.14.16.2.3
–
–
ospfIfConfigError
1.3.6.1.2.1.14.16.2.4
–
–
ospfVirtIfConfigError
1.3.6.1.2.1.14.16.2.5
–
–
ospfIfAuthFailure
1.3.6.1.2.1.14.16.2.6
–
–
ospfVirtIfAuthFailure
1.3.6.1.2.1.14.16.2.7
–
–
ospfIfRxBadPacket
1.3.6.1.2.1.14.16.2.8
–
–
ospfVirtIfRxBadPacket
1.3.6.1.2.1.14.16.2.9
–
–
ospfTxRetransmit
1.3.6.1.2.1.14.16.2.10
–
–
ospfVirtIfTxRetransmit
1.3.6.1.2.1.14.16.2.11
–
–
ospfMaxAgeLsa
1.3.6.1.2.1.14.16.2.13
–
–
ospfIfStateChange
1.3.6.1.2.1.14.16.2.16
–
–
coldStart
1.3.6.1.6.3.1.1.5.1
Critical
SNMPD_TRAP_
COLD_START
warmStart
1.3.6.1.6.3.1.1.5.2
Error
SNMPD_TRAP_
WARM_START
authenticationFailure
1.3.6.1.6.3.1.1.5.5
Notice
SNMPD_TRAP_
GEN_FAILURE
vrrpTrapNewMaster
1.3.6.1.2.1.68.0.1
Warning
VRRPD_ NEWMASTER_
TRAP
vrrpTrapAuthFailure
1.3.6.1.2.1.68.0.2
Warning
VRRPD_AUTH_
FAILURE_ TRAP
Syslog Tag
Startup Notifications
RFC 1907, Management
Information Base for
Version 2 of the Simple
Network Management
Protocol (SNMPv2)
VRRP Notifications
RFC 2787, Definitions of
Managed Objects for the
Virtual Router Redundancy
Protocol
98
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 28: Enterprise-Specific SNMPv2 Traps Supported on QFX Series Standalone Switches
and QFX Series Virtual Chassis
Source MIB
SNMP Trap OID
System
Logging
Severity
Level
jnxPowerSupplyFailure
1.3.6.1.4.1.2636.4.1.1
Alert
CHASSISD_ SNMP_
TRAP
jnxFanFailure
1.3.6.1.4.1.2636.4.1.2
Critical
CHASSISD_ SNMP_
TRAP
jnxOverTemperature
1.3.6.1.4.1.2636.4.1.3
Critical
CHASSISD_ SNMP_
TRAP
jnxFruRemoval
1.3.6.1.4.1.2636.4.1.5
Notice
CHASSISD_ SNMP_
TRAP
jnxFruInsertion
1.3.6.1.4.1.2636.4.1.6
Notice
CHASSISD_ SNMP_
TRAP
jnxFruPowerOff
1.3.6.1.4.1.2636.4.1.7
Notice
CHASSISD_ SNMP_
TRAP
jnxFruPowerOn
1.3.6.1.4.1.2636.4.1.8
Notice
CHASSISD_ SNMP_
TRAP
jnxFruFailed
1.3.6.1.4.1.2636.4.1.9
Warning
CHASSISD_ SNMP_
TRAP
jnxFruOffline
1.3.6.1.4.1.2636.4.1.10
Notice
CHASSISD_ SNMP_
TRAP
jnxFruOnline
1.3.6.1.4.1.2636.4.1.11
Notice
CHASSISD_ SNMP_
TRAP
jnxFruCheck
1.3.6.1.4.1.2636.4.1.12
Notice
CHASSISD_ SNMP_
TRAP
jnxPowerSupplyOK
1.3.6.1.4.1.2636.4.2.1
Critical
CHASSISD_ SNMP_
TRAP
jnxFanOK
1.3.6.1.4.1.2636.4.2.2
Critical
CHASSISD_ SNMP_
TRAP
jnxTemperatureOK
1.3.6.1.4.1.2636.4.2.3
Alert
CHASSISD_ SNMP_
TRAP
Trap Name
System Log Tag
Chassis (Alarm Conditions) Notifications
Chassis MIB
(mib-jnx-chassis)
Configuration Notifications
Copyright © 2014, Juniper Networks, Inc.
99
Network Management and Monitoring on the QFX Series
Table 28: Enterprise-Specific SNMPv2 Traps Supported on QFX Series Standalone Switches
and QFX Series Virtual Chassis (continued)
Source MIB
Trap Name
SNMP Trap OID
System
Logging
Severity
Level
Configuration
Management MIB
(mib-jnx-cfgmgmt)
jnxCmCfgChange
1.3.6.1.4.1.2636.4.5.0.1
–
–
jnxCmRescueChange
1.3.6.1.4.1.2636.4.5.0.2
–
–
jnxPingRttThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.1
–
–
jnxPingRttStdDevThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.2
–
–
jnxPingRttJitterThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.3
–
–
jnxPingEgressThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.4
–
–
jnxPingEgressStdDevThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.5
–
–
jnxPingEgressJitterThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.6
–
–
jnxPingIngressThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.7
–
–
jnxPingIngressStddevThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.8
–
–
jnxPingIngressJitterThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.9
–
–
jnxRmonAlarmGetFailure
1.3.6.1.4.1.2636.4. 3.0.1
–
–
jnxRmonGetOk
1.3.6.1.4.1.2636.4. 3.0.2
–
–
System Log Tag
Remote Operations Notifications
Ping MIB
(mib-jnx-ping)
RMON Alarms
RMON MIB
(mib-jnx-rmon)
SNMP Traps Supported on QFabric Systems
QFabric systems support standard SNMPv2 traps and Juniper Networks enterprise-specific
SNMPv2 traps.
100
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
NOTE: QFabric systems do not support SNMPv1 traps.
For more information, see:
•
Table 29 on page 101 for standard SNMPv2 traps
•
Table 30 on page 102 for Juniper Networks enterprise-specific SNMPv2 traps
Table 29: Standard SNMPv2 Traps Supported on QFabric Systems
Defined in
Trap Name
SNMP Trap OID
System
Logging
Severity
Level
linkDown
1.3.6.1.6.3.1.1.5.3
Warning
SNMP_TRAP_
LINK_DOWN
linkUp
1.3.6.1.6.3.1.1.5.4
Info
SNMP_TRAP_ LINK_UP
coldStart
1.3.6.1.6.3.1.1.5.1
Critical
SNMPD_TRAP_
COLD_START
warmStart
1.3.6.1.6.3.1.1.5.2
Error
SNMPD_TRAP_
WARM_START
authenticationFailure
1.3.6.1.6.3.1.1.5.5
Notice
SNMPD_TRAP_
GEN_FAILURE
Syslog Tag
Link Notifications
RFC 2863, The Interfaces
Group MIB
Startup Notifications
RFC 1907, Management
Information Base for
Version 2 of the Simple
Network Management
Protocol (SNMPv2)
Copyright © 2014, Juniper Networks, Inc.
101
Network Management and Monitoring on the QFX Series
Table 30: Enterprise-Specific SNMPv2 Traps Supported on QFabric Systems
Source MIB
Trap Name
SNMP Trap OID
Fabric Chassis MIB
(mib-jnx-fabricchassis)
Fabric Chassis (Alarm Conditions) Notifications
System
Logging
Severity
Level
System Log Tag
jnxFabricPowerSupplyFailure
1.3.6.1.4.1.2636.4.19.1
Warning
–
jnxFabricFanFailure
1.3.6.1.4.1.2636.4.19.2
Critical
–
jnxFabricOverTemperature
1.3.6.1.4.1.2636.4.19.3
Alert
–
jnxFabricRedundancySwitchover
1.3.6.1.4.1.2636.4.19.4
Notice
–
jnxFabricFruRemoval
1.3.6.1.4.1.2636.4.19.5
Notice
–
jnxFabricFruInsertion
1.3.6.1.4.1.2636.4.19.6
Notice
–
jnxFabricFruPowerOff
1.3.6.1.4.1.2636.4.19.7
Notice
–
jnxFabricFruPowerOn
1.3.6.1.4.1.2636.4.19.8
Notice
–
jnxFabricFruFailed
1.3.6.1.4.1.2636.4.19.9
Warning
–
jnxFabricFruOffline
1.3.6.1.4.1.2636.4.19.10
Notice
–
jnxFabricFruOnline
1.3.6.1.4.1.2636.4.19.11
Notice
–
jnxFabricFruCheck
1.3.6.1.4.1.2636.4.19.12
Warning
–
jnxFabricFEBSwitchover
1.3.6.1.4.1.2636.4.19.13
Warning
–
jnxFabricHardDiskFailed
1.3.6.1.4.1.2636.4.19.14
Warning
–
jnxFabricHardDiskMissing
1.3.6.1.4.1.2636.4.19.15
Warning
–
jnxFabricBootFromBackup
1.3.6.1.4.1.2636.4.19.16
Warning
–
Fabric Chassis (Alarm Cleared Conditions) Notifications
102
jnxFabricPowerSupplyOK
1.3.6.1.4.1.2636.4.20.1
Critical
–
jnxFabricFanOK
1.3.6.1.4.1.2636.4.20.2
Critical
–
jnxFabricTemperatureOK
1.3.6.1.4.1.2636.4.20.3
Alert
–
jnxFabricFruOK
1.3.6.1.4.1.2636.4.20.4
–
–
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
Table 30: Enterprise-Specific SNMPv2 Traps Supported on QFabric Systems (continued)
SNMP Trap OID
System
Logging
Severity
Level
System Log Tag
jnxQFabricDownloadIssued
1.3.6.1.4.1.2636.3.42.1.0.1
–
–
jnxQFabricDownloadFailed
1.3.6.1.4.1.2636.3.42.1.0.2
–
–
jnxQFabricDownloadSucceeded
1.3.6.1.4.1.2636.3.42.1.0.3
–
–
jnxQFabricUpgradeIssued
1.3.6.1.4.1.2636.3.42.1.0.4
–
–
jnxQFabricUpgradeFailed
1.3.6.1.4.1.2636.3.42.1.0.5
–
–
jnxQFabricUpgradeSucceeded
1.3.6.1.4.1.2636.3.42.1.0.6
–
–
jnxCmCfgChange
1.3.6.1.4.1.2636.4.5.0.1
–
–
jnxCmRescueChange
1.3.6.1.4.1.2636.4.5.0.2
–
–
jnxPingRttThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.1
–
–
jnxPingRttStdDevThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.2
–
–
jnxPingRttJitterThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.3
–
–
jnxPingEgressThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.4
–
–
jnxPingEgressStdDevThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.5
–
–
jnxPingEgressJitterThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.6
–
–
jnxPingIngressThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.7
–
–
jnxPingIngressStddevThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.8
–
–
jnxPingIngressJitterThreshold
Exceeded
1.3.6.1.4.1.2636.4.9.0.9
–
–
Source MIB
Trap Name
QFabric MIB
(mib-jnx-qf-smi)
QFabric MIB Notifications
Configuration Notifications
Configuration
Management MIB
(mib-jnx-cfgmgmt)
Remote Operations Notifications
Ping MIB
(mib-jnx-ping)
Copyright © 2014, Juniper Networks, Inc.
103
Network Management and Monitoring on the QFX Series
Related
Documentation
•
SNMP MIBs and Traps Reference
•
Understanding the Implementation of SNMP on page 59
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
SNMP MIBs Support on page 76
MIB Objects for the QFX Series
This topic lists the Juniper Networks enterprise-specific SNMP Chassis MIB definition
objects for the QFX Series:
•
QFX Series Standalone Switches on page 104
•
QFabric Systems on page 104
•
QFabric System QFX3100 Director Device on page 105
•
QFabric System QFX3008-I Interconnect Device on page 105
•
QFabric System QFX3600-I Interconnect Device on page 105
•
QFabric System Node Devices on page 106
QFX Series Standalone Switches
jnxProductLineQFXSwitch
OBJECT IDENTIFIER ::= {
jnxProductNameQFXSwitch
OBJECT IDENTIFIER ::=
jnxProductModelQFXSwitch
OBJECT IDENTIFIER ::=
jnxProductVariationQFXSwitch OBJECT IDENTIFIER ::=
jnxProductQFX3500s
OBJECT IDENTIFIER ::=
jnxProductQFX360016QS
OBJECT IDENTIFIER ::=
jnxProductQFX350048T4QS
OBJECT IDENTIFIER ::=
jnxProductQFX510024Q
OBJECT IDENTIFIER ::=
jnxProductQFX510048S6Q
OBJECT IDENTIFIER ::=
jnxProductLine
82 }
{ jnxProductName
82 }
{ jnxProductModel
82 }
{ jnxProductVariation 82 }
{ jnxProductVariationQFXSwitch
{ jnxProductVariationQFXSwitch
{ jnxProductVariationQFXSwitch
{ jnxProductVariationQFXSwitch
{ jnxProductVariationQFXSwitch
jnxChassisQFXSwitch
OBJECT IDENTIFIER ::= { jnxChassis
jnxSlotQFXSwitch
jnxQFXSwitchSlotFPC
jnxQFXSwitchSlotHM
jnxQFXSwitchSlotPower
jnxQFXSwitchSlotFan
jnxQFXSwitchSlotFPB
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
::=
::=
::=
::=
::=
::=
{
{
{
{
{
{
jnxSlot
jnxSlotQFXSwitch
jnxSlotQFXSwitch
jnxSlotQFXSwitch
jnxSlotQFXSwitch
jnxSlotQFXSwitch
1
2
3
4
5
}
}
}
}
}
82 }
82 }
}
}
}
}
}
1
2
3
4
5
jnxMediaCardSpaceQFXSwitch
OBJECT IDENTIFIER ::= { jnxMediaCardSpace
82 }
jnxQFXSwitchMediaCardSpacePIC OBJECT IDENTIFIER ::= { jnxMediaCardSpaceQFXSwitch 1 }
QFabric Systems
jnxProductLineQFX3000
OBJECT IDENTIFIER ::= { jnxProductLine 84 }
jnxProductNameQFX3000
OBJECT IDENTIFIER ::= { jnxProductName 84 }
jnxProductModelQFX3000
OBJECT IDENTIFIER ::= { jnxProductModel 84 }
jnxProductVariationQFX3000
OBJECT IDENTIFIER ::= { jnxProductVariation 84 }
jnxProductQFX3000-G
OBJECT IDENTIFIER ::= { jnxProductVariationQFX3000 1 }
jnxProductQFX3000-M
OBJECT IDENTIFIER ::= { jnxProductVariationQFX3000 2 }
jnxChassisQFX3000
OBJECT IDENTIFIER ::= { jnxChassis
84 }
104
Copyright © 2014, Juniper Networks, Inc.
Chapter 6: SNMP
QFabric System QFX3100 Director Device
jnxProductLineQFX3100 OBJECT IDENTIFIER ::= { jnxProductLine
100 }
jnxProductNameQFX3100 OBJECT IDENTIFIER ::= { jnxProductName
100 }
jnxProductModelQFX3100 OBJECT IDENTIFIER ::= { jnxProductModel
100 }
jnxProductVariationQFX3100 OBJECT IDENTIFIER ::= { jnxProductVariation 100 }
jnxChassisQFX3100
OBJECT IDENTIFIER ::= { jnxChassis
100 }
jnxSlotQFX3100
jnxQFX3100SlotCPU
jnxQFX3100SlotMemory
jnxQFX3100SlotPower
jnxQFX3100SlotFan
jnxQFX3100SlotHardDisk
jnxQFX3100SlotNIC
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
::=
::=
::=
::=
::=
::=
::=
{
{
{
{
{
{
{
jnxSlot
jnxSlotQFX3100
jnxSlotQFX3100
jnxSlotQFX3100
jnxSlotQFX3100
jnxSlotQFX3100
jnxSlotQFX3100
100 }
1
2
3
4
5
6
}
}
}
}
}
}
QFabric System QFX3008-I Interconnect Device
jnxProductLineQFXInterconnect OBJECT IDENTIFIER ::= { jnxProductLine
60 }
jnxProductNameQFXInterconnect OBJECT IDENTIFIER ::= { jnxProductName
60 }
jnxProductModelQFXInterconnect OBJECT IDENTIFIER ::= { jnxProductModel
60 }
jnxProductVariationQFXInterconnect OBJECT IDENTIFIER ::= { jnxProductVariation 60 }
jnxProductQFX3008
OBJECT IDENTIFIER ::= { jnxProductVariationQFXInterconnect 1 }
jnxProductQFXC083008
OBJECT IDENTIFIER ::= { jnxProductVariationQFXInterconnect 2 }
jnxProductQFX3008I
OBJECT IDENTIFIER ::= { jnxProductVariationQFXInterconnect 3 }
jnxChassisQFXInterconnect
OBJECT IDENTIFIER ::= { jnxChassis
jnxSlotQFXInterconnect
jnxQFXInterconnectSlotFPC
jnxQFXInterconnectSlotHM
jnxQFXInterconnectSlotPower
jnxQFXInterconnectSlotFan
jnxQFXInterconnectSlotCBD
jnxQFXInterconnectSlotFPB
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
::=
::=
::=
::=
::=
::=
::=
{
{
{
{
{
{
{
60 }
jnxSlot
60 }
jnxSlotQFXInterconnect
1 }
jnxSlotQFXInterconnect
2 }
jnxSlotQFXInterconnect
3 }
jnxSlotQFXInterconnect
4 }
jnxSlotQFXInterconnect
5 }
jnxSlotQFXInterconnect
6 }
jnxMediaCardSpaceQFXInterconnect
OBJECT IDENTIFIER ::= { jnxMediaCardSpace
60 }
jnxQFXInterconnectMediaCardSpacePIC OBJECT IDENTIFIER ::= { jnxMediaCardSpaceQFXInterconnect 1 }
jnxMidplaneQFXInterconnect
OBJECT IDENTIFIER ::= { jnxBackplane
60 }
QFabric System QFX3600-I Interconnect Device
jnxProductLineQFXMInterconnect OBJECT IDENTIFIER ::= { jnxProductLine
91 }
jnxProductNameQFXMInterconnect OBJECT IDENTIFIER ::= { jnxProductName
91 }
jnxProductModelQFXMInterconnect OBJECT IDENTIFIER ::= { jnxProductModel
91 }
jnxProductVariationQFXMInterconnect OBJECT IDENTIFIER ::= { jnxProductVariation 91 }
jnxProductQFX3600I
OBJECT IDENTIFIER ::= { jnxProductVariationQFXMInterconnect 1 }
jnxChassisQFXMInterconnect
OBJECT IDENTIFIER ::= { jnxChassis
jnxSlotQFXMInterconnect
jnxQFXMInterconnectSlotFPC
jnxQFXMInterconnectSlotHM
jnxQFXMInterconnectSlotPower
jnxQFXMInterconnectSlotFan
jnxQFXMInterconnectSlotFPB
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
Copyright © 2014, Juniper Networks, Inc.
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
::=
::=
::=
::=
::=
::=
{
{
{
{
{
{
91 }
jnxSlot
91 }
jnxSlotQFXMInterconnect
jnxSlotQFXMInterconnect
jnxSlotQFXMInterconnect
jnxSlotQFXMInterconnect
jnxSlotQFXMInterconnect
1
2
3
4
5
}
}
}
}
}
105
Network Management and Monitoring on the QFX Series
jnxMediaCardSpaceQFXMInterconnect
OBJECT IDENTIFIER ::= { jnxMediaCardSpace
91 }
jnxQFXMInterconnectMediaCardSpacePIC OBJECT IDENTIFIER ::= { jnxMediaCardSpaceQFXMInterconnect 1 }
QFabric System Node Devices
jnxProductLineQFXNode
OBJECT IDENTIFIER ::= {
jnxProductNameQFXNode
OBJECT IDENTIFIER ::=
jnxProductModelQFXNode
OBJECT IDENTIFIER ::=
jnxProductVariationQFXNode OBJECT IDENTIFIER ::=
jnxProductQFX3500
OBJECT IDENTIFIER ::=
jnxProductQFX360016Q
OBJECT IDENTIFIER ::=
jnxProductLine
61 }
{ jnxProductName
61 }
{ jnxProductModel
61 }
{ jnxProductVariation 61 }
{ jnxProductVariationQFXNode 1 }
{ jnxProductVariationQFXNode 3 }
jnxChassisQFXNode
OBJECT IDENTIFIER ::= { jnxChassis
jnxSlotQFXNode
jnxQFXNodeSlotFPC
jnxQFXNodeSlotHM
jnxQFXNodeSlotPower
jnxQFXNodeSlotFan
jnxQFXNodeSlotFPB
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
OBJECT
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
IDENTIFIER
::=
::=
::=
::=
::=
::=
{
{
{
{
{
{
jnxSlot
jnxSlotQFXNode
jnxSlotQFXNode
jnxSlotQFXNode
jnxSlotQFXNode
jnxSlotQFXNode
61 }
61 }
1
2
3
4
5
}
}
}
}
}
jnxMediaCardSpaceQFXNode
OBJECT IDENTIFIER ::= { jnxMediaCardSpace
61 }
jnxQFXNodeMediaCardSpacePIC OBJECT IDENTIFIER ::= { jnxMediaCardSpaceQFXNode 1 }
Related
Documentation
106
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
Fabric Chassis MIB on page 64
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 7
System Logging
•
Overview of Junos OS System Log Messages on page 107
•
Overview of Single-Chassis System Logging Configuration on page 107
•
Understanding the Implementation of System Log Messages on the QFabric
System on page 109
Overview of Junos OS System Log Messages
The Junos OS, running on the QFX Series, generates system log messages (also called
syslog messages) to record events that occur on the switch, including the following:
•
Routine operations, such as a user login into the configuration database.
•
Failure and error conditions, such as failure to access a configuration file.
•
Emergency or critical conditions, such as power-down of the switch due to excessive
temperature.
Each system log message identifies the Junos OS process that generated the message
and briefly describes the operation or error that occurred. For detailed information about
specific system log messages, see the Junos OS System Log Messages Reference.
Related
Documentation
•
Junos OS System Log Configuration Statements on page 184
•
Junos OS Minimum System Logging Configuration on page 183
Overview of Single-Chassis System Logging Configuration
The Junos OS system logging utility on the QFX Series is similar to the UNIX syslogd utility.
This topic describes how to configure system logging for a single-chassis system that
runs the Junos OS.
Each system log message belongs to a facility, which groups together related messages.
Each message is also preassigned a severity level, which indicates how seriously the
triggering event affects router functions. You always specify the facility and severity of
the messages to include in the log. For more information, see “Specifying the Facility and
Severity of Messages to Include in the Log” on page 198.
Copyright © 2014, Juniper Networks, Inc.
107
Network Management and Monitoring on the QFX Series
You direct messages to one or more destinations by including the appropriate statement
at the [edit system syslog] hierarchy level:
•
To a named file in a local file system, by including the file statement. See “Directing
System Log Messages to a Log File” on page 186.
•
To the terminal session of one or more specific users (or all users) when they are logged
in to the switch, by including the user statement. See “Directing System Log Messages
to a User Terminal” on page 187.
•
To the switch console, by including the console statement. See “Directing System Log
Messages to the Console” on page 188.
•
To a remote machine that is running the syslogd utility, by including the host statement.
See “Directing System Log Messages to a Remote Machine” on page 186.
By default, messages are logged in a standard format, which is based on a UNIX system
log format; for detailed information about message formatting, see the Junos OS System
Log Messages Reference. You can alter the content and format of logged messages in
the following ways:
108
•
You can log messages to a file in structured-data format instead of the standard Junos
OS format. Structured-data format provides more information without adding
significant length, and makes it easier for automated applications to extract information
from the message. For more information, see “Logging Messages in Structured-Data
Format” on page 192.
•
A message’s facility and severity level are together referred to as its priority. By default,
the standard Junos OS format for messages does not include priority information
(structured-data format includes a priority code by default). To include priority
information in standard-format messages directed to a file or a remote destination,
include the explicit-priority statement. For more information, see “Including Priority
Information in System Log Messages” on page 190.
•
By default, the standard Junos OS format for messages specifies the month, date,
hour, minute, and second when the message was logged. You can modify the timestamp
on standard-format system log messages to include the year, the millisecond, or both.
(Structured-data format specifies the year and millisecond by default.) For more
information, see “Including the Year or Millisecond in Timestamps” on page 191.
•
When directing messages to a remote machine, you can specify the IP address that is
reported in messages as their source. You can also configure features that make it
easier to separate messages generated by Junos OS or messages generated on
particular switches. For more information, see “Directing System Log Messages to a
Remote Machine” on page 186.
•
The predefined facilities group together related messages, but you can also use regular
expressions to specify more exactly which messages from a facility are logged to a
file, a user terminal, or a remote destination. For more information, see “Using Regular
Expressions to Refine the Set of Logged Messages” on page 204.
Copyright © 2014, Juniper Networks, Inc.
Chapter 7: System Logging
NOTE: During a commit check, warnings about the traceoptions configuration
(for example, mismatch in trace file sizes or number of trace files) are not
displayed on the console. However, these warnings are logged in the system
log messages when the new configuration is committed.
Related
Documentation
•
Examples: Configuring System Logging on page 121
•
Specifying the Facility and Severity of Messages to Include in the Log on page 198
•
Junos OS System Logging Facilities and Message Severity Levels on page 199
•
Directing System Log Messages to a Log File on page 186
•
Directing System Log Messages to a Remote Machine on page 186
•
Directing System Log Messages to a User Terminal on page 187
•
Directing System Log Messages to the Console on page 188
Understanding the Implementation of System Log Messages on the QFabric System
This topic provides an overview of system log (syslog) messages as implemented on the
QFabric system.
The QFabric system monitors events that occur on its component devices and distributes
system log messages about those events to all external system log message servers
(hosts) that are configured. Component devices may include Node devices, Interconnect
devices, Director devices, and the Virtual Chassis. Messages are stored for viewing only
in the QFabric system database. To view the messages, issue the show log command.
You configure system log messages by using the host and file statements at the [edit
system syslog] hierarchy level. Use the show log filename operational mode command
to view the messages.
NOTE: On the QFabric system, a syslog file named messages with a size of
100 MB is configured by default. If you do not configure a filename, you can
use the default filename messages with the show log filename command.
All messages with a severity level of notice or higher are logged. Messages
with a facility level of interactive-commands on Node devices are not logged.
The QFabric system supports the following system log message features:
•
The file filename and host hostname statements at the [edit system syslog] hierarchy
level are supported. Other statements at that hierarchy level are not supported.
•
You can specify the maximum amount of data that is displayed when you issue the
show log filename command by configuring the file filename archive maximum-file-size
statement.
Copyright © 2014, Juniper Networks, Inc.
109
Network Management and Monitoring on the QFX Series
•
You can specify that one or more system log message servers receive messages, which
are sent to each server that is configured.
•
If you configured an alias for a device or interface, the alias is displayed in the message
for the device or interface.
•
The level of detail that is included in a message depends on the facility and severity
levels that are configured. Messages include the highest level of detail available for
the configured facility and severity levels.
•
The unit of time is is measured and displayed in seconds, and not milliseconds. If you
attempt to configure the time-format option in milliseconds, the log output displays
000.
Starting in Junos OS Release 13.1, the QFabric system supports these additional syslog
features:
•
You can filter the output of the show log filename operational mode command by
device type and device ID or device alias when you specify the device-type (device-id |
device-alias) optional parameters. Device types include director-device,
infrastructure-device, interconnect-device, and node-device.
•
You can specify the syslog structured data output format when you configure the
structured-data statement at the [edit system syslog file filename] and [edit system
syslog host hostname] hierarchy levels.
NOTE: Information displayed in the structured data output for system logs
originating from the Director software may not be complete.
•
You can filter the types of logs that the Director group collects from a component
device when you configure the filter all facility severity or filter all match
“regular-expression” statements at the [edit system syslog] hierarchy level.
Unsupported syslog features include:
Related
Documentation
110
•
File access to syslog messages
•
Monitoring of syslog messages
•
Example: Configuring System Log Messages on page 124
•
syslog (QFabric System) on page 378
Copyright © 2014, Juniper Networks, Inc.
PART 2
Installation
•
Automation on page 113
Copyright © 2014, Juniper Networks, Inc.
111
Network Management and Monitoring on the QFX Series
112
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 8
Automation
•
Installing Junos OS Software with QFX5100 Switch Automation
Enhancements on page 113
Installing Junos OS Software with QFX5100 Switch Automation Enhancements
Junos operating system (Junos OS) with QFX5100 switch automation enhancements is
a full-featured version of Junos OS with Veriexec disabled, which can only be installed
on QFX5100 switches.
NOTE: You must install the jinstall-qfx-5-flex-x.tgz software bundle in order
to use the automation enhancements.
Before you install software, download the Junos OS jinstall-qfx-5-flex-x.tgz software
bundle. For information on downloading and accessing the files, see Upgrading Software
on QFX3500, QFX3600, and QFX5100 Switches.
BEST PRACTICE: Before you install the software, back up any critical files in
/var/home. For more information regarding how to back up critical files,
contact Customer Support at http://www.juniper.net/support.
Copyright © 2014, Juniper Networks, Inc.
113
Network Management and Monitoring on the QFX Series
Install the software:
1.
Execute the request system software add command with the validate option:
•
If the installation package resides locally on the switch, execute the request system
software add validate pathname source reboot command, using the following
format:
user@switch> request system software add validate /var/tmp/jinstall-qfx-5-flex-x.tgz
reboot
•
If the installation package resides remotely, execute the request system software
add validate pathname source reboot command, using the following format:
user@switch> request system software add validate
ftp://ftpserver/directory/jinstall-qfx-5-flex-x.tgz reboot
2. After the reboot has finished, verify that the new version of software has been properly
installed by executing the show version command.
user@switch> show version
root@qfx5100-24q-et013> show version
fpc0:
-------------------------------------------------------------------------Hostname: qfx5100-24q-et013
Model: qfx5100-24q-2p
JUNOS Base OS Software Suite [13.2X51-D20]
JUNOS Base OS boot [13.2X51-D20]
JUNOS Crypto Software Suite [13.2X51-D20]
JUNOS Online Documentation [13.2X51-D20]
JUNOS Kernel Software Suite [13.2X51-D20]
JUNOS Packet Forwarding Engine Support (qfx-x86-32) [13.2X51-D20]
JUNOS Routing Software Suite [13.2X51-D20]
JUNOS Enterprise Software Suite [13.2X51-D20]
JUNOS py-base-i386 [13.2X51-D20]
Puppet on Junos [2.7.19_1.junos.i386]
Ruby Interpreter [11.10.4_1.junos.i386]
Chef [11.10.4_1.junos.i386]
junos-ez-stdlib [11.10.4_1.junos.i386]
JUNOS Host Software [13.2X51-D20]
JUNOS for Automation Enhancement
NOTE: If you are upgrading a QFX5100 switch from standard Junos OS to
use QFX5100 switch automation enhancements and you are not loading the
new factory default configuration, you need to use the following procedure.
To upgrade an existing QFX5100 switch from standard Junos to use QFX5100
switch automation enhancements:
1.
Edit your existing Junos OS QFX5100 configuration to include the following
configuration statements:
[edit]
user@switch# set system extensions providers juniper license-type juniper
deployment-scope commercial
user@switch# set system extensions providers chef license-type juniper
deployment-scope commercial
114
Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Automation
NOTE: The factory default configuration of the QFX5100 switch
jinstall-qfx-5-flex-x.tgz software bundle is a Layer 3 configuration, whereas
the factory default configuration for QFX5100 switch software bundles is a
Layer 2 configuration. Therefore, if you are running the jinstall-qfx-5-flex-x.tgz
software bundle on a QFX5100 switch and you use the load factory-default
command, the resulting factory default configuration is set up for Layer 3
interfaces.
This is the factory default configuration for QFX5100 switch jinstall-qfx-5-flex-x.tgz
software bundle:
user@switch> show configuration
system syslog user * any emergency
system syslog file messages any notice
system syslog file messages authorization info
system syslog file interactive-commands interactive-commands any
system extensions providers juniper license-type juniper deployment-scope
commercial
system extensions providers chef license-type juniper deployment-scope commercial
system commit factory-settings reset-virtual-chassis-configuration
system commit factory-settings reset-chassis-lcd-menu
system processes app-engine-virtual-machine-management-service traceoptions level
notice
system processes app-engine-virtual-machine-management-service traceoptions flag
all
interfaces et-0/0/0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/0:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/0:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/0:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/0:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/1:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/1:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/1:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/1:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/2:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/2:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/2:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/2:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/3:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/3:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/3:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/3:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/4 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/4:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/4:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/4:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/4:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/5 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/5:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/5:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/5:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/5:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/6 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
Copyright © 2014, Juniper Networks, Inc.
115
Network Management and Monitoring on the QFX Series
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
116
xe-0/0/6:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/6:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/6:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/6:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/7 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/7:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/7:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/7:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/7:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/8 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/8:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/8:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/8:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/8:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/9 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/9:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/9:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/9:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/9:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/10 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/10:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/10:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/10:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/10:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/11 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/11:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/11:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/11:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/11:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/12 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/12:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/12:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/12:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/12:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/13 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/13:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/13:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/13:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/13:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/14 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/14:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/14:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/14:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/14:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/15 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/15:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/15:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/15:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/15:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/16 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/16:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/16:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/16:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/16:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/17 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/17:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/17:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/17:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/17:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
et-0/0/18 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
xe-0/0/18:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Automation
interfaces xe-0/0/18:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/18:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/18:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/19 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/19:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/19:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/19:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/19:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/20 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/20:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/20:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/20:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/20:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/21 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/21:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/21:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/21:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/21:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/22 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/22:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/22:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/22:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/22:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/0/23 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/23:0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/23:1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/23:2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces xe-0/0/23:3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/1/0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/1/1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/1/2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/1/3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/2/0 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/2/1 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/2/2 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
interfaces et-0/2/3 unit 0 family inet dhcp vendor-id Juniper-qfx5100-24q-2p
forwarding-options storm-control-profiles default all
protocols lldp interface all
protocols lldp-med interface all
protocols igmp-snooping vlan default
vlans default vlan-id 1
Related
Documentation
•
Overview of QFX5100 Switch Automation Enhancements on page 11
•
QFX5100 Switch with Automation Enhancements Frequently Asked Questions on
page 487
Copyright © 2014, Juniper Networks, Inc.
117
Network Management and Monitoring on the QFX Series
118
Copyright © 2014, Juniper Networks, Inc.
PART 3
Configuration
•
Configuration Examples on page 121
•
Configuration Tasks for Network Management on page 149
•
Configuration Tasks for Automation on page 153
•
Configuration Tasks for Network Analytics on page 157
•
Configuration Tasks for sFlow Technology on page 163
•
Configuration Tasks for SNMP on page 165
•
Configuration Tasks for System Log Messages on page 183
•
Configuration Statements for Network Management on page 207
•
Configuration Statements for Automation on page 215
•
Configuration Statements for Network Analytics on page 235
•
Configuration Statements for sFlow Technology on page 263
•
Configuration Statements for SNMP on page 271
•
Configuration Statements for System Log Messages on page 361
Copyright © 2014, Juniper Networks, Inc.
119
Network Management and Monitoring on the QFX Series
120
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 9
Configuration Examples
•
Examples: Configuring System Logging on page 121
•
Examples: Assigning an Alternative Facility on page 123
•
Example: Configuring System Log Messages on page 124
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
•
Example: Configuring SNMP on page 130
•
Example: Configuring Network Analytics on page 133
•
Example: Configuring Enhanced Network Analytics Features on page 138
Examples: Configuring System Logging
The system log provides an excellent way of tracking all management activity on the
switch by recording events such as user authentication, access authorization, and
command execution. Logged command executions include commands entered by users
at the CLI prompt or by client applications such as the Junos XML protocol or NETCONF
XML client. Because system log files contain information about commands executed on
the switch and the user who executed the commands, checking system log files for failed
authentication events can help identify attempts to hack in to the switch. You can also
analyze network activity by correlating executed commands with events and changes
that occurred on the network at a particular time.
System log files are stored locally on the switch in the default /var/log directory.
The following example shows how to configure system log messages to record all
commands entered by users and all authentication or authorization attempts. Logged
commands include those entered by users at the CLI prompt and by client applications.
Authentication and authorization attempts include events that are saved in the file named
cli-commands and those that are sent to the terminal of a user who is logged in.
[edit system]
syslog {
file cli-commands {
interactive-commands info;
authorization info;
}
user * {
interactive-commands info;
authorization info;
Copyright © 2014, Juniper Networks, Inc.
121
Network Management and Monitoring on the QFX Series
}
}
The following example shows how to log all alarms state changes to the file
/var/log/alarms:
[edit system]
syslog {
file alarms {
kernel warning;
}
}
The following example shows how to configure the handling of messages of various
types, as described in the comments. Information is logged to two files, to the terminal
of user alex, to a remote machine, and to the console:
[edit system]
syslog {
/* write all security-related messages to file /var/log/security */
file security {
authorization info;
interactive-commands info;
}
/* write messages about potential problems to file /var/log/messages: */
/* messages from &ldquo;authorization&rdquo; facility at level &ldquo;notice&rdquo;
and above, */
/* messages from all other facilities at level &ldquo;warning&rdquo; and above */
file messages {
authorization notice;
any warning;
}
/* write all messages at level &ldquo;critical&rdquo; and above to terminal of user
&ldquo;alex&rdquo; if */
/* that user is logged in */
user alex {
any critical;
}
/* write all messages from the &ldquo;daemon&rdquo; facility at level &ldquo;info&rdquo;
and above, and */
/* messages from all other facilities at level &ldquo;warning&rdquo; and above, to the
*/
/* machine monitor.mycompany.com */
host monitor.mycompany.com {
daemon info;
any warning;
}
/* write all messages at level &ldquo;error&rdquo; and above to the system console */
console {
any error;
}
}
The following example shows how to configure the handling of messages generated
when users issue Junos OS CLI commands, by specifying the interactive-commands
facility at the info, notice, and warning severity levels:
122
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
[edit system]
file user-actions {
interactive-commands info;
}
user philip {
interactive-commands notice;
}
console {
interactive-commands warning;
}
}
The following list describes the security levels used in the example:
•
info—Logs a message when users issue any command at the CLI operational or
configuration mode prompt. The example writes the messages to the file
/var/log/user-actions.
•
notice—Logs a message when users issue the configuration mode command commit.
The example writes the messages to the terminal of user philip.
•
warning—Logs a message when users issue a command that restarts a software
process. The example writes the messages to the console.
Related
Documentation
•
Overview of Single-Chassis System Logging Configuration on page 107
Examples: Assigning an Alternative Facility
This topic contains examples of configuring system log messages to use an alternative
facility for logging.
The following example shows how to log all messages generated on the switch at the
error level or higher to the local0 facility on the remote host called
monitor.mycompany.com:
[edit system syslog]
host monitor.mycompany.com {
any error;
facility-override local0;
}
The following example contains two sets of statements that show how to configure
switches located in California and in New York to send messages to a single remote host
called central-logger.mycompany.com. The messages from California are assigned to
alternative facility local0 and the messages from New York are assigned to alternative
facility local2.
•
The following statements configure the California switch to aggregate messages in
the local0 facility:
[edit system syslog]
host central-logger.mycompany.com {
change-log info;
facility-override local0;
Copyright © 2014, Juniper Networks, Inc.
123
Network Management and Monitoring on the QFX Series
}
•
The following statements configure the New York switch to aggregate messages in
the local2 facility:
[edit system syslog]
host central-logger.mycompany.com {
change-log info;
facility-override local2;
}
On the remote host named central-logger you can subsequently configure the system
logging utility to write messages from the local0 facility to one file (for example,
california-config) and the messages from the local2 facility to another file (for example,
new-york-config).
Related
Documentation
•
Junos OS System Log Alternate Facilities for Remote Logging on page 201
Example: Configuring System Log Messages
The QFabric system monitors events that occur on its component devices and distributes
system log messages about those events to all external system log message servers
(hosts) that are configured. Component devices may include Node devices, Interconnect
devices, Director devices, and the Virtual Chassis. Messages are stored for viewing only
in the QFabric system database. To view the messages, issue the show log command.
This example describes how to configure system log messages on the QFabric system.
•
Requirements on page 124
•
Overview on page 124
•
Configuration on page 125
Requirements
This example uses the following hardware and software components:
•
Junos OS Release 12.2
•
QFabric system
•
External servers that can be configured as system log message hosts
Overview
Component devices that generate system log message events may include Node devices,
Interconnect devices, Director devices, and the control plane switches. The following
configuration example includes these components in the QFabric system:
124
•
Director software running on the Director group
•
Control plane switches
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
•
Interconnect device
•
Multiple Node devices
Configuration
CLI Quick
Configuration
To quickly configure this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level.
set system syslog host 10.1.1.12 any error
set system syslog file qflogs
set system syslog file qflogs structured-data brief
set system syslog file qflogs archive size 1g
Step-by-Step
Procedure
The following example requires that you navigate various levels in the configuration
hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration
Mode in the CLI User Guide.
To configure system messages from the QFabric Director device:
1.
Specify a host, any facility, and the error severity level.
[edit system syslog]
user@switch# set host 10.1.1.12 any error
NOTE: You can configure more than one system log message server
(host). The QFabric system sends the messages to each server
configured.
2.
(Optional) Specify a filename to capture log messages.
NOTE: On the QFabric system, a syslog file named messages is
configured implicitly with facility and severity levels of any any and a file
size of 100 MBs. Therefore, you cannot specify the filename messages
in your configuration, and automatic command completion does not
work for that filename.
[edit system syslog]
user@switch# set file qflogs structured-data brief
user@switch# set file qflogs
3.
(Optional) Configure the maximum size of your system log message archive file.
This example specifies an archive size of 1 GB.
[edit system syslog]
user@switch# set file qflogs archive size 1g
Copyright © 2014, Juniper Networks, Inc.
125
Network Management and Monitoring on the QFX Series
Results
From configuration mode, confirm your configuration by entering the show system
command. If the output does not display the intended configuration, repeat the
instructions in this example to correct the configuration.
[edit]
user@switch# show system
syslog {
file qflogs {
}
host 10.1.1.12 {
any error;
}
}
If you are done configuring the device, enter commit from configuration mode.
Related
Documentation
•
Understanding the Implementation of System Log Messages on the QFabric System
on page 109
•
syslog (QFabric System) on page 378
•
show log on page 478
Example: Monitoring Network Traffic Using sFlow Technology
The sFlow technology is a monitoring technology for high-speed switched or routed
networks. sFlow monitoring technology collects samples of network packets and sends
them in a UDP datagram to a monitoring station called a collector. You can configure
sFlow technology on a QFX Series device to monitor traffic continuously at wire speed
on all interfaces simultaneously. You must enable sFlow monitoring on each interface
individually; you cannot globally enable sFlow monitoring on all interfaces with a single
configuration statement. Junos OS fully supports the sFlow technology standard described
in RFC 3176, InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and
Routed Networks.
This example describes how to configure and use sFlow monitoring on a QFX3500 switch
in standalone mode.
•
Requirements on page 126
•
Overview on page 127
•
Configuration on page 127
•
Verification on page 129
Requirements
This example uses the following hardware and software components:
126
•
Junos OS Release 11.3 or later
•
One QFX3500 switch
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
Overview
An sFlow monitoring system consists of an sFlow agent embedded in the device and a
centralized collector on the network. The two main activities of the sFlow agent are
random sampling and statistics gathering. The sFlow agent combines interface counters
and flow samples and sends them to the IP address and UDP destination port of the
sFlow collector in UDP datagrams.
Figure 8 on page 127 depicts the basic elements of an sFlow system.
Figure 8: sFlow Technology Monitoring System
Configuration
CLI Quick
Configuration
To quickly configure sFlow technology, copy the following commands and paste them
into the terminal window of the switch:
[edit protocols sflow]
set collector 10.204.32.46 udp-port 5600
set interfaces xe-0/0/1.0
set polling-interval 20
set sample-rate 1000
Copyright © 2014, Juniper Networks, Inc.
127
Network Management and Monitoring on the QFX Series
Step-by-Step
Procedure
To configure sFlow features using the CLI:
1.
Configure the IP address and UDP port of at least one collector:
[edit protocols sflow]
user@switch# set collector 10.204.32.46 udp-port 5600
The default UDP port assigned is 6343.
2.
Enable sFlow technology on a specific interface:
[edit protocols sflow]
user@switch# set interfaces xe-0/0/1.0
NOTE: You cannot enable sFlow technology on a Layer 3 VLAN-tagged
interface.
You cannot enable sFlow technology on a LAG interface (for example,
ae0), but you can enable sFlow technology on the member interfaces
of the LAG (for example, xe-0/0/1).
3.
Specify how often (in seconds) the sFlow agent polls all interfaces at the global
level:
[edit protocols sflow]
user@switch# set polling-interval 20
NOTE: Specify 0 if you do not want to poll the interface.
4.
Specify the rate at which packets must be sampled at the global level. The following
example sets a sample rate of 1 in 1000 packets:
[edit protocols sflow]
user@switch# set sample-rate 1000
Results
Check the results of the configuration:
[edit]
user@switch# show protocols
sflow {
collector 10.204.32.46 {
udp-port 5600;
}
interfaces xe-0/0/1.0 {
polling-interval 20;
sample-rate 1000;
}
}
128
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
Verification
To confirm that the configuration is correct, perform these tasks:
•
Verifying That sFlow Technology Has Been Configured Properly on page 129
•
Verifying That sFlow Technology Is Enabled on an Interface on page 129
•
Verifying the sFlow Collector Configuration on page 129
Verifying That sFlow Technology Has Been Configured Properly
Purpose
Action
Verify that sFlow technology has been configured properly.
Enter the show sflow operational mode command:
user@switch> show sflow
sFlow
: Enabled
Sample limit
: 300 packets/second
Polling interval : 20 second
Sample rate
: 1:1000
Agent ID
: 10.1.1.2
NOTE: The sample limit cannot be configured and is set to 300 packets per
second.
Meaning
The output shows that sFlow technology is enabled and specifies the values for the
sampling limit, polling interval, and sampling rate.
Verifying That sFlow Technology Is Enabled on an Interface
Purpose
Action
Verify that sFlow technology is enabled on interfaces and display the sampling
parameters.
Enter the show sflow interface operational mode command:
user@switch> show sflow interface
Interface
Status
Sample
rate
xe-0/0/1.0
Enabled
1000
Meaning
Polling
interval
20
The output indicates that sFlow technology is enabled on the Node1:xe-0/0/1.0 interface
on the Node device with a sampling rate of 1000 and a polling interval of 20 seconds.
Verifying the sFlow Collector Configuration
Purpose
Action
Verify the sFlow collector configuration.
Enter the show sflow collector operational mode command:
user@switch> show sflow collector
Copyright © 2014, Juniper Networks, Inc.
129
Network Management and Monitoring on the QFX Series
Collector
address
10.204.32.46
Meaning
Related
Documentation
Udp-port
5600
No. of samples
7516
The output displays the IP address of the collector, the UDP port, and the number of
samples collected.
•
Configuring sFlow Technology on page 163
•
Overview of sFlow Technology
Example: Configuring SNMP
By default, SNMP is disabled on devices running Junos OS. This example describes the
steps for configuring SNMP on the QFabric system.
•
Requirements on page 130
•
Overview on page 130
•
Configuration on page 130
Requirements
This example uses the following hardware and software components:
•
Junos OS Release 12.2
•
Network management system (NMS) (running the SNMP manager)
•
QFabric system (running the SNMP agent) with multiple Node devices
Overview
Because SNMP is disabled by default on devices running Junos OS, you must enable
SNMP on your device by including configuration statements at the [edit snmp] hierarchy
level. At a minimum, you must configure the community public statement. The community
defined as public grants read-only access to MIB data to any client.
If no clients statement is configured, all clients are allowed. We recommend that you
always include the restrict option to limit SNMP client access to the switch.
The network topology in this example includes an NMS, a QFabric system with four Node
devices, and external SNMP servers that are configured for receiving traps.
Configuration
CLI Quick
Configuration
To quickly configure this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level.
set snmp name “snmp qfabric” description “qfabric0 switch”
set snmp location “Lab 4 Row 11” contact “qfabric-admin@qfabric0”
130
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
set snmp community public authorization read-only
set snmp client-list list0 192.168.0.0/24
set snmp community public client-list-name list0
set snmp community public clients 192.170.0.0/24 restrict
set snmp trap-group “qf-traps” destination-port 155 targets 192.168.0.100
Step-by-Step
Procedure
The following example requires that you navigate various levels in the configuration
hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration
Mode in the CLI User Guide.
To configure SNMP on the QFabric system:
NOTE: If the name, description, location, contact, or community name
contains spaces, enclose the text in quotation marks (" ").
1.
Configure the SNMP system name:
[edit snmp]
user@switch# set name “snmp qfabric”
2.
Specify a description.
[edit snmp]
user@switch# set description “qfabric0 system”
This string is placed into the MIB II sysDescription object.
3.
Specify the physical location of the QFabric system.
[edit snmp]
user@switch# set location “Lab 4 Row 11”
This string is placed into the MIB II sysLocation object.
4.
Specify an administrative contact for the SNMP system.
[edit snmp]
user@switch# set contact “qfabric-admin@qfabric0”
This name is placed into the MIB II sysContact object.
5.
Specify a unique SNMP community name and the read-only authorization level.
NOTE: The read-write option is not supported on the QFabric system.
[edit snmp]
user@switch# set community public authorization read-only
6.
Create a client list with a set of IP addresses that can use the SNMP community.
[edit snmp]
user@switch# set client-list list0 192.168.0.0/24
user@switch# set community public client-list-name list0
7.
Specify IP addresses of clients that are restricted from using the community.
Copyright © 2014, Juniper Networks, Inc.
131
Network Management and Monitoring on the QFX Series
[edit snmp]
user@switch# set community public clients 192.170.0.0/24 restrict
8.
Configure a trap group, destination port, and a target to receive the SNMP traps in
the trap group.
[edit snmp]
user@switch# set trap-group “qf-traps” destination-port 155 targets 192.168.0.100
NOTE: You do not need to include the destination-port statement if you
use the default port 162.
The trap group qf-traps is configured to send traps to 192.168.0.100.
Results
From configuration mode, confirm your configuration by entering the show command. If
the output does not display the intended configuration, repeat the instructions in this
example to correct the configuration.
[edit]
user@switch# show
snmp {
name "snmp qfabric";
description "qfabric0 system";
location "Lab 4 Row 11";
contact "qfabric-admin@qfabric0";
client-list list0 {
192.168.0.0/24;
}
community public {
authorization read-only;
clients {
197.170.0.0/24 restrict;
}
}
trap-group qf-traps {
destination-port 155;
targets {
192.168.0.100;
}
}
}
If you are done configuring the device, enter commit from configuration mode.
Related
Documentation
132
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
snmp on page 334
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
Example: Configuring Network Analytics
This example shows how to configure network analytics which includes queue and traffic
monitoring on a QFX3500 standalone switch.
NOTE: The configuration shown in this example is supported only on Junos
OS Release 13.2X50-D15 and 13.2X51-D10.
•
Requirements on page 133
•
Overview on page 133
•
Configuration on page 134
•
Verification on page 136
Requirements
This example uses the following hardware and software components:
•
A QFX3500 standalone switch
•
A external streaming server to collect data
•
Junos OS Release 13.2X50-D15 software
•
TCP server software (for remote streaming servers)
Before you configure network analytics, be sure you have:
•
Junos OS Release 13.2X50-D15 or later software installed and running on the QFX3500
switch
•
(Optional for streaming servers) TCP server software set up for processing records
separated by a newline character (\n) on the remote streaming server
•
All other devices running
Overview
The network analytics feature provides visibility into the performance and behavior of
the data center infrastructure. This feature collects data from the switch, analyzes the
data using sophisticated algorithms, and captures the results in reports. Network
administrators can use the reports to help troubleshoot problems, make decisions, and
adjust resources as needed. You can enable network analytics by configuring queue and
traffic statistics monitoring.
Topology
In this example, the QFX3500 switch is connected to an external server used for streaming
statistics data.
Copyright © 2014, Juniper Networks, Inc.
133
Network Management and Monitoring on the QFX Series
Configuration
To configure network analytics, perform these tasks:
CLI Quick
Configuration
•
Configuring Queue and Traffic Statistics Monitoring on page 134
•
Configuring Local Statistics Files on page 135
•
Configuring Streaming Servers on page 135
•
Results on page 135
To quickly configure this example, copy the following commands, paste them in a text
file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level.
[edit]
set services analytics interfaces all queue-statistics
set services analytics interfaces all latency-threshold high 900 low 300
set services analytics interfaces xe-0/0/1 traffic-statistics
set services analytics queue-statistics file qstats1.qs files 3 size 10
set services analytics queue-statistics interval 10
set services analytics traffic-statistics file tstats1.ts files 3 size 10
set services analytics traffic-statistics interval 2
set services analytics streaming-servers address 10.94.198.11 port 50001 stream-format
json stream-type queue-statistics
set services analytics streaming-servers address 10.94.198.11 port 50005 stream-format
csv stream-type traffic-statistics
Configuring Queue and Traffic Statistics Monitoring
Step-by-Step
Procedure
To configure queue and traffic monitoring on physical interfaces:
NOTE: You can configure queue and traffic monitoring on physical network
interfaces only; logical interfaces and Virtual Chassis physical (VCP)
interfaces are not supported.
NOTE: Disabling of the queue or traffic monitoring supersedes the
configuration (enabling) of this feature. You disable monitoring by issuing
the no-queue-statistics or no-traffic-statistics at the [edit services analytics
interfaces] hierarchy level.
1.
Configure all interfaces for queue monitoring and set the latency thresholds (in
microseconds):
[edit]
set services analytics interfaces all queue-statistics
set services analytics interfaces all latency-threshold high 900 low 300
134
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
2.
Configure one interface for traffic monitoring:
[edit]
set services analytics interfaces xe-0/0/1 traffic-statistics
Configuring Local Statistics Files
Step-by-Step
Procedure
To configure local statistics files:
1.
Configure the number of queue statistics files, and each file size in MB:
[edit]
set services analytics queue-statistics file qstats1.qs files 3 size 10m
2.
Configure the queue statistics collection interval in milliseconds
[edit]
set services analytics queue-statistics interval 10
3.
Configure the number of traffic statistics files, and each file size in MB:
[edit]
set services analytics traffic-statistics file tstats1.ts files 3 size 10m
4.
Configure the traffic statistics collection interval in seconds:
[edit]
set services analytics traffic-statistics interval 2
Configuring Streaming Servers
Step-by-Step
Procedure
To configure streaming servers for receiving monitoring data:
NOTE: In addition to configuring streaming servers, you must also set up the
TCP client software to process records that are separated by the newline
character (\n) on the remote server.
1.
Configure a server IP address and port for queue statistics monitoring:
[edit]
set services analytics streaming-servers address 10.94.198.11 port 50001
stream-format json stream-type queue-statistics
2.
Configure a server IP address and port for traffic statistics monitoring:
[edit]
set services analytics streaming-servers address 10.94.198.11 port 50005
stream-format csv stream-type traffic-statistics
Results
Display the results of the configuration:
[edit services analytics]
user@switch> show configuration
Copyright © 2014, Juniper Networks, Inc.
135
Network Management and Monitoring on the QFX Series
queue-statistics {
file qstats1.qs size 10m files 3;
interval 10;
}
traffic-statistics {
file tstats1.ts size 10m files 3;
interval 2;
}
interfaces {
xe-0/0/1 {
traffic-statistics;
}
all {
queue-statistics;
latency-threshold high 900 low 300;
}
}
Verification
Confirm that the configuration is correct and works as expected by performing these
tasks:
•
Verifying the Network Analytics Configuration on page 136
•
Verifying the Network Analytics Status on page 136
•
Verifying Streaming Servers Configuration on page 137
•
Verifying Queue Statistics on page 137
•
Verifying Traffic Statistics on page 137
Verifying the Network Analytics Configuration
Purpose
Action
Verify the configuration for network analytics.
From operational mode, enter the show analytics configuration command to display the
traffic and queue monitoring configuration.
user@host> show analytics configuration
Global configurations:
Traffic statistics: Auto, Poll interval: 2 seconds
Queue statistics: Enabled, Poll interval: 10 milliseconds
Depth threshold high: 0 bytes, low: 0 bytes
Latency threshold high: 900 microseconds, low: 300 microseconds
Interface
Traffic
Queue
Depth-threshold
Latency-threshold
Statistics
Statistics
High
Low
High
Low
(bytes)
(microseconds)
xe-0/0/1
Enabled
Auto
0
0
900
300
Meaning
The output displays information about traffic and queue monitoring on the switch.
Verifying the Network Analytics Status
Purpose
136
Verify the network analytics operational status of the switch.
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
Action
From operational mode, enter the show analytics status command to display the traffic
and queue monitoring status.
user@host> show analytics status
Global configurations:
Traffic statistics: Auto, Poll interval: 2 seconds
Queue statistics: Auto, Poll interval: 10 milliseconds
Depth threshold high: 1228800 bytes, low: 1024 bytes
Latency threshold high: 900 microseconds, low: 300 microseconds
Interface
Traffic
Queue
Depth-threshold
Latency-threshold
Statistics
Statistics
High
Low
High
Low
(bytes)
(microseconds)
xe-0/0/1
Enabled
Auto
1228800
1024
900
300
xe-0/0/7
Auto
Auto
1228800
1024
900
300
xe-0/0/8
Auto
Auto
1228800
1024
900
300
Verifying Streaming Servers Configuration
Purpose
Action
Verify the configuration for streaming data to remote servers is working.
From operational mode, enter the show analytics streaming-servers command to display
the streaming servers configuration.
user@host> show analytics streaming-servers
Address
Port
Stream-Format
10.94.198.11
50001
json
10.94.198.11
50005
csv
Meaning
Stream-Type
QS
TS/QS
State
Established
In Progress
Sent
1100
0
The output displays information about the remote streaming server.
Verifying Queue Statistics
Purpose
Action
Verify that queue statistics collection is working.
From operational mode, enter the show analytics queue-statistics command to display
the queue statistics.
user@host> show analytics queue-statistics
Time
Interface
Queue-length (bytes)
Apr 6 0:17:18.224 xe-0/0/1
1043952
Apr 6 0:17:18.234 xe-0/0/1
1053520
Apr 6 0:17:18.244 xe-0/0/1
1055184
Meaning
Latency (us)
835
842
844
The output displays queue-statistics information as expected.
Verifying Traffic Statistics
Purpose
Verify that traffic statistics collection is working.
Copyright © 2014, Juniper Networks, Inc.
137
Network Management and Monitoring on the QFX Series
Action
From operational mode, enter the show analytics traffic-statistics command to display
the traffic statistics.
user@host> show analytics traffic-statistics
Time: Apr 5 19:52:48.549, Physical interface: xe-0/0/1
Traffic Statistics:
Receive
Transmit
Total octets:
4797548752936
408886273632
Total packet:
5658257464
3190613435
Octets per second:
0
0
Packet per second:
0
0
Octets dropped:
0
252901000
Packet dropped:
0
252901
Utilization:
0.0%
0.0%
Time: Apr 5 19:52:48.549, Physical interface: xe-0/0/7
Traffic Statistics:
Receive
Transmit
Total octets:
4790866253100
477139024
Total packet:
5624473639
477944
Octets per second:
0
0
Packet per second:
0
0
Octets dropped:
0
166582000
Packet dropped:
0
166582
Utilization:
0.0%
0.0%
Time: Apr 5 19:52:48.549, Physical interface: xe-0/0/8
Traffic Statistics:
Receive
Transmit
Total octets:
4789797668456
764910024
Total packet:
5623280870
765715
Octets per second:
0
0
Packet per second:
0
0
Octets dropped:
0
156099000
Packet dropped:
0
156099
Utilization:
0.0%
0.0%
Meaning
Related
Documentation
The output displays traffic-statistics information as expected.
•
Network Analytics Overview on page 33
•
analytics on page 237
•
show analytics status on page 427
•
show analytics streaming-servers on page 431
Example: Configuring Enhanced Network Analytics Features
This example shows how to configure the enhanced network analytics feature, including
queue and traffic monitoring, on a QFX5100 standalone switch.
138
•
Requirements on page 139
•
Overview on page 139
•
Configuration on page 140
•
Verification on page 145
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
Requirements
This example uses the following hardware and software components:
•
A QFX5100 standalone switch
•
A external streaming server to collect data
•
Junos OS Release 13.2X51-D15 software
•
TCP server software (for remote streaming servers)
Before you configure network analytics, be sure you have:
•
Junos OS Release 13.2X51-D15 or later software installed and running on the QFX5100
switch.
•
(Optional for streaming servers for the JSON, CSV, and TSV formats) TCP or UDP
server software set up for processing records separated by a newline character (\n)
on the remote streaming server.
•
(Optional for streaming servers for the GPB format) TCP or UDP build streaming server
using the analytics.proto file.
•
All other network devices running.
Overview
The network analytics feature provides visibility into the performance and behavior of
the data center infrastructure. This feature collects data from the switch, analyzes the
data using sophisticated algorithms, and captures the results in reports. Network
administrators can use the reports to help troubleshoot problems, make decisions, and
adjust resources as needed.
You enable network analytics by first defining a resource profile template, and then
applying the profile to the system (for a global configuration) or to individual interfaces.
NOTE: You can configure queue and traffic monitoring on physical network
interfaces only; logical interfaces and Virtual Chassis physical (VCP)
interfaces are not supported.
Disabling of the queue or traffic monitoring supersedes the configuration
(enabling) of this feature. You disable monitoring by applying a resource
profile that includes the no-queue-monitoring or no-traffic-monitoring
configuration statement at the [edit services analytics resource-profiles]
hierarchy level.
Topology
In this example, the QFX5100 switch is connected to an external server used for streaming
statistics data.
Copyright © 2014, Juniper Networks, Inc.
139
Network Management and Monitoring on the QFX Series
Configuration
To configure the network analytics features, perform these tasks:
CLI Quick
Configuration
•
Configuring the Polling Interval for Queue and Traffic Monitoring on page 140
•
Configuring a Local Statistics File on page 141
•
Configuring and Applying a Resource Profile for the System on page 141
•
Configuring and Applying a Resource Profile for an Interface on page 141
•
Configuring an Export Profile and Collector for Streaming Data on page 142
To quickly configure this example, copy the following commands, paste them in a text
file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level.
[edit]
set services analytics resource system polling-interval queue-monitoring 1000
set services analytics resource system polling-interval traffic-monitoring 5
set services analytics collector local file an.stats
set services analytics collector local file an files 3
set services analytics collector local file an size 10m
set services analytics resource-profiles sys-rp queue-monitoring
set services analytics resource-profiles sys-rp traffic-monitoring
set services analytics resource-profiles sys-rp depth-threshold high 999999 low 99
set services analytics resource system resource-profile sys-rp
set services analytics resource-profiles if-rp queue-monitoring
set services analytics resource-profiles if-rp traffic-monitoring
set services analytics resource-profiles if-rp latency-threshold high 2300 low 20
set services analytics resource interfaces xe-0/0/16 resource-profile if-rp
set services analytics resource interfaces xe-0/0/18 resource-profile if-rp
set services analytics resource interfaces xe-0/0/19 resource-profile if-rp
set services analytics export-profiles ep stream-format gpb
set services analytics export-profiles ep interface information
set services analytics export-profiles ep interface statistics queue
set services analytics export-profiles ep interface statistics traffic
set services analytics export-profiles ep interface status link
set services analytics export-profiles ep system information
set services analytics export-profiles ep system status queue
set services analytics export-profiles ep system status traffic
set services analytics collector address 10.94.198.11 port 50001 transport tcp export-profile
ep
set services analytics collector address 10.94.184.25 port 50013 transport udp
export-profile ep
Configuring the Polling Interval for Queue and Traffic Monitoring
Step-by-Step
Procedure
To configure the polling interval queue and traffic monitoring globally:
1.
Configure the queue monitoring polling interval (in milliseconds) for the system:
[edit]
set services analytics resource system polling-interval queue-monitoring 1000
140
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
2.
Configure the traffic monitoring polling interval (in seconds) for the system:
[edit]
set services analytics resource system polling-interval traffic-monitoring 5
Configuring a Local Statistics File
Step-by-Step
Procedure
To configure a file for local statistics collection:
1.
Configure the filename:
[edit]
set services analytics collector local file an.stats
2.
Configure the number of files:
[edit]
set services analytics collector local file an files 3
3.
Configure the file size:
[edit]
set services analytics collector local file an size 10m
Configuring and Applying a Resource Profile for the System
Step-by-Step
Procedure
To define a resource profile template for queue and traffic monitoring resources:
1.
Configure a resource profile and enable queue monitoring:
[edit]
set services analytics resource-profiles sys-rp queue-monitoring
2.
Enable traffic monitoring in the profile:
[edit]
set services analytics resource-profiles sys-rp traffic-monitoring
3.
Configure the depth-threshold (high and low values) for queue monitoring in the
profile:
[edit]
set services analytics resource-profiles sys-rp depth-threshold high 999999 low
99
4.
Apply the resource profile template to the system resource type for a global
configuration:
[edit]
set services analytics resource system resource-profile sys-rp
Configuring and Applying a Resource Profile for an Interface
Step-by-Step
Procedure
You can configure queue and traffic monitoring for one or more specific interfaces. The
interface-specific configuration supersedes the global (system) configuration. To define
a resource profile template for queue and traffic monitoring resources for an interface:
1.
Configure a resource profile and enable queue monitoring:
Copyright © 2014, Juniper Networks, Inc.
141
Network Management and Monitoring on the QFX Series
[edit]
set services analytics resource-profiles if-rp queue-monitoring
2.
Enable traffic monitoring in the profile:
[edit]
set services analytics resource-profiles if-rp traffic-monitoring
3.
Configure the latency-threshold (high and low values) for queue monitoring in the
profile:
[edit]
set services analytics resource-profiles if-rp latency-threshold high 2300 low 20
4.
Apply the resource profile template to the interfaces resource type for specific
interfaces:
[edit]
set services analytics resource interfaces xe-0/0/16 resource-profile if-rp
set services analytics resource interfaces xe-0/0/18 resource-profile if-rp
set services analytics resource interfaces xe-0/0/19 resource-profile if-rp
Configuring an Export Profile and Collector for Streaming Data
Step-by-Step
Procedure
To configure a collector (streaming server) for receiving monitoring data:
1.
Create an export profile and specify the stream format:
[edit]
set services analytics export-profiles ep stream-format gpb
2.
Configure the export profile to include interface information:
[edit]
set services analytics export-profiles ep interface information
3.
Configure the export profile to include interface queue statistics:
[edit]
set services analytics export-profiles ep interface statistics queue
4.
Configure the export profile to include interface traffic statistics:
[edit]
set services analytics export-profiles ep interface statistics traffic
5.
Configure the export profile to include interface status link information:
[edit]
set services analytics export-profiles ep interface status link
6.
Configure the export profile to include system information:
[edit]
set services analytics export-profiles ep system information
7.
Configure the export profile to include system queue status:
[edit]
set services analytics export-profiles ep system status queue
8.
142
Configure the export profile to include system traffic status:
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
[edit]
set services analytics export-profiles ep system status traffic
9.
Configure the transport protocol for the collector addresses and apply an export
profile:
[edit]
set services analytics collector address 10.94.198.11 port 50001 transport tcp
export-profile ep
set services analytics collector address 10.94.184.25 port 50013 transport udp
export-profile ep
NOTE: If you configure the tcp or udp option for the JSON, CSV, and TSV
formats, you must also set up the TCP or UDP client software on the
remote collector to process records that are separated by the newline
character (\n) on the remote server.
If you configure the tcp or udp option for the GPB format, you must also
set up the TCP or UDP build streaming server using the analytics.proto
file.
Results
Display the results of the configuration:
[edit services analytics]
user@switch# run show configuration
services {
analytics {
export-profiles {
ep {
stream-format gpb;
interface {
information;
statistics {
traffic;
queue;
}
status {
link;
}
}
system {
information;
status {
traffic;
queue;
}
}
}
}
resource-profiles {
sys-rp {
queue-monitoring;
Copyright © 2014, Juniper Networks, Inc.
143
Network Management and Monitoring on the QFX Series
traffic-monitoring;
depth-threshold high 99999 low 99;
}
if-rp {
queue-monitoring;
traffic-monitoring;
latency-threshold high 2300 low 20;
}
}
resource {
system {
resource-profile sys-rp;
polling-interval {
traffic-monitoring 5;
queue-monitoring 1000;
}
}
interfaces {
xe-0/0/16 {
resource-profile if-rp;
}
xe-0/0/18 {
resource-profile if-rp;
}
xe-0/0/19 {
resource-profile if-rp;
}
}
}
collector {
local {
file an size 10m files 3;
}
address 10.94.184.25 {
port 50013 {
transport udp {
export-profile ep;
}
}
}
address 10.94.198.11 {
port 50001 {
transport tcp {
export-profile ep;
}
}
}
}
}
}
144
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
Verification
Confirm that the configuration is correct and works as expected by performing these
tasks:
•
Verifying the Network Analytics Configuration on page 145
•
Verifying the Network Analytics Status on page 145
•
Verifying the Collector Configuration on page 146
•
Verifying Queue Statistics on page 147
•
Verifying Traffic Statistics on page 147
Verifying the Network Analytics Configuration
Purpose
Action
Verify the configuration for network analytics.
From operational mode, enter the show analytics configuration command to display the
traffic and queue monitoring configuration.
user@host> show analytics configuration
Traffic monitoring status is enabled
Traffic monitoring polling interval : 5 seconds
Queue monitoring status is enabled
Queue monitoring polling interval : 1000 milliseconds
Queue depth high threshold : 99999 bytes
Queue depth low threshold : 99 bytes
Interface
xe-0/0/16
xe-0/0/18
xe-0/0/19
Meaning
Traffic
Statistics
enabled
enabled
enabled
Queue
Statistics
enabled
enabled
enabled
Queue depth
threshold
High
(bytes)
n/a
n/a
n/a
Low
n/a
n/a
n/a
Latency
threshold
High
Low
(nanoseconds)
2300
20
2300
20
2300
20
The output displays the traffic and queue monitoring configuration information on the
switch.
Verifying the Network Analytics Status
Purpose
Verify the network analytics operational status of the switch.
Copyright © 2014, Juniper Networks, Inc.
145
Network Management and Monitoring on the QFX Series
Action
From operational mode, enter the show analytics status global command to display
global traffic and queue monitoring status.
user@host> show analytics status global
Traffic monitoring status is enabled
Traffic monitoring pollng interval : 5 seconds
Queue monitoring status is enabled
Queue monitoring polling interval : 1000 milliseconds
Queue depth high threshold : 99999 bytes
Queue depth low threshold : 99 bytes
From operational mode, enter the show analytics status command to display both the
interface and global queue monitoring status.
user@host> show analytics status
Traffic monitoring status is enabled
Traffic monitoring pollng interval : 5 seconds
Queue monitoring status is enabled
Queue monitoring polling interval : 1000 milliseconds
Queue depth high threshold : 99999 bytes
Queue depth low threshold : 99 bytes
Meaning
Interface
Traffic
Queue
Statistics Statistics
xe-0/0/16
xe-0/0/18
xe-0/0/19
enabled
enabled
enabled
enabled
enabled
enabled
Queue depth
threshold
High
Low
(bytes)
n/a
n/a
n/a
n/a
n/a
n/a
Latency
threshold
High
Low
(nanoseconds)
2300
20
2300
20
2300
20
The output displays the global and interface status of traffic and queue monitoring on
the switch.
Verifying the Collector Configuration
Action
Verify the configuration for the collector for streamed data is working.
From operational mode, enter the show analytics collector command to display the
streaming servers configuration.
user@host> show analytics collector
Address
Port
Transport
10.94.184.25
50013 udp
10.94.198.11
50001 tcp
Meaning
Stream format
gpb
gpb
State
n/a
In progress
Sent
484
0
The output displays the collector configuration.
NOTE: The connection state of a port configured with the udp transport
protocol is always displayed as n/a.
146
Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Configuration Examples
Verifying Queue Statistics
Purpose
Action
Verify that queue statistics collection is working.
From operational mode, enter the show analytics queue-statistics command to display
the queue statistics.
user@host> show analytics queue-statistics
CLI issued at 2014-03-04 15:37:03.116018
Time
Interface
Queue-depth
(bytes)
00:00:00.412371 ago
xe-0/0/19
1384656
00:00:01.412395 ago
xe-0/0/19
1375712
00:00:02.415366 ago
xe-0/0/19
1385280
00:00:03.417395 ago
xe-0/0/19
1381744
00:00:04.411392 ago
xe-0/0/19
1368432
00:00:05.414387 ago
xe-0/0/19
1374880
00:00:06.414365 ago
xe-0/0/19
1373632
00:00:07.416386 ago
xe-0/0/19
1370096
00:00:08.413384 ago
xe-0/0/19
1377168
00:00:09.415379 ago
xe-0/0/19
1370720
00:00:10.418374 ago
xe-0/0/19
1381120
00:00:11.410376 ago
xe-0/0/19
1383408
00:00:12.412372 ago
xe-0/0/19
1382576
00:00:13.417371 ago
xe-0/0/19
1387152
00:00:14.411368 ago
xe-0/0/19
1375296
---(more)---
Meaning
Latency
(nanoseconds)
1107724
1100569
1108224
1105395
1094745
1099904
1098905
1096076
1101734
1096576
1104896
1106726
1106060
1109721
1100236
The output displays queue-statistics information, with the latest record at the top of the
report.
Verifying Traffic Statistics
Purpose
Verify that traffic statistics collection is working.
Copyright © 2014, Juniper Networks, Inc.
147
Network Management and Monitoring on the QFX Series
Action
From operational mode, enter the show analytics traffic-statistics command to display
the traffic statistics.
user@host> show analytics traffic-statistics
CLI issued at 2014-03-04 15:37:52.047136
Time: 00:00:02.252377 ago, Physical interface: xe-0/0/19
Traffic Statistics:
Receive
Transmit
Total octets:
15044882432
1502607382656
Total packets:
117538143
11739120146
Unicast packet:
117538143
11739120146
Multicast packets:
0
0
Broadcast packets:
0
0
Octets per second:
86488360
8649309384
Packets per second:
84461
8446590
CRC/Align errors:
0
0
Packets dropped:
0
11760298455
Time: 00:00:02.252377 ago, Physical interface: xe-0/0/18
Traffic Statistics:
Receive
Transmit
Total octets:
1504619929836
15782818944
Total packets:
11754843131
123303273
Unicast packet:
11754843131
123303273
Multicast packets:
0
0
Broadcast packets:
0
0
Octets per second:
8649134008
86487816
Packets per second:
8446458
84461
CRC/Align errors:
5
0
Packets dropped:
0
0
Time: 00:00:02.252377 ago, Physical interface: xe-0/0/16
Traffic Statistics:
Receive
Transmit
Total octets:
1504801437048
757345408
Total packets:
11756261156
5916761
Unicast packet:
11756261156
5916761
Multicast packets:
0
0
Broadcast packets:
0
0
Octets per second:
7910619496
0
Packets per second:
7725214
0
CRC/Align errors:
3
0
Packets dropped:
0
0
Meaning
Related
Documentation
148
The output displays traffic-statistics information.
•
Network Analytics Overview on page 33
•
analytics on page 237
•
show analytics status on page 427
•
show analytics collector on page 419
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 10
Configuration Tasks for Network
Management
•
Configuring Console and Auxiliary Port Properties on page 149
•
Configuring SSH Service for Remote Access to the Router or Switch on page 150
•
Configuring Telnet Service for Remote Access to a Switch on page 152
Configuring Console and Auxiliary Port Properties
The console port and auxiliary port on a switch provide out-of-band remote access to
the switch. You can configure the console and auxiliary ports so that an external data
terminal may be connected to the switch. The console port is enabled by default, and
its speed is 9600 baud. The auxiliary port is disabled by default.
By default, terminal connections to the console and auxiliary ports are secure. When you
configure the console and auxiliary ports as insecure, root logins are not allowed to
establish terminal connections, and superusers and anyone with a user identifier (UID)
of 0 are not allowed to establish terminal connections in multiuser mode.
To configure the console and auxiliary port properties on the switch:
1.
To specify that the console port session should terminate if the connection to the
data carrier is lost:
[edit system ports]
user@switch# set console log-out-on-disconnect
2. To specify the auxiliary port terminal type:
[edit system ports]
user@switch# set auxiliary type (ansi | small-xterm | vt100 | xterm)
For example, to specify the auxiliary port terminal type of xterm with a display of 80
columns by 65 rows:
[edit system ports]
user@switch# set auxiliary type xterm
3. To check the configuration:
[edit system ports]
user@switch# show
console log-out-on-disconnect;
Copyright © 2014, Juniper Networks, Inc.
149
Network Management and Monitoring on the QFX Series
auxiliary type xterm;
Related
Documentation
•
auxiliary
•
console (Physical Port)
•
ports
Configuring SSH Service for Remote Access to the Router or Switch
To configure the router or switch to accept SSH as an access service, include the ssh
statement at the [edit system services] hierarchy level:
[edit system services]
ssh {
ciphers [ cipher-1 cipher-2 cipher-3 ...]
client-alive-count-max number;
client-alive-interval seconds;
connection-limit limit;
hostkey-algorithm <algorithm | no-algorithm>;
key-exchange algorithm;
macs algorithm;
max-sessions-per-connection number;
no-tcp-forwarding;
protocol-version [v1 v2] ;
rate-limit limit;
root-login <allow | deny | deny-password>;
}
By default, the router or switch supports a limited number of simultaneous SSH sessions
and connection attempts per minute. Use the following statements to change the defaults:
•
connection-limit limit—Maximum number of simultaneous connections per protocol
(IPV4 and IPv6). The range is a value from 1 through 250. The default is 75. When you
configure a connection limit, the limit is applicable to the number of SSH sessions per
protocol (IPv4 and IPv6). For example, a connection limit of 10 allows 10 IPv6 SSH
sessions and 10 IPv4 SSH sessions.
•
max-sessions-per-connection number—Include this statement to specify the maximum
number of SSH sessions allowed per single SSH connection. This allows you to limit
the number of cloned sessions tunneled within a single SSH connection. The default
value is 10.
•
rate-limit limit—Maximum number of connection attempts accepted per minute (a
value from 1 through 250). The default is 150. When you configure a rate limit, the limit
is applicable to the number of connection attempts per protocol (IPv4 and IPv6). For
example, a rate limit of 10 allows 10 IPv6 SSH session connection attempts per minute
and 10 IPv4 SSH session connection attempts per minute.
150
Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Configuration Tasks for Network Management
For information about other configuration settings, see the following topics:
•
Configuring the Root Login Through SSH on page 151
•
Configuring the SSH Protocol Version on page 151
•
Configuring the Client Alive Mechanism on page 151
Configuring the Root Login Through SSH
By default, users are allowed to log in to the router or switch as root through SSH. To
control user access through SSH, include the root-login statement at the [edit systems
services ssh] hierarchy level:
[edit system services ssh]
root-login (allow | deny | deny-password);
allow—Allows users to log in to the router or switch as root through SSH. The default is
allow.
deny—Disables users from logging in to the router or switch as root through SSH.
deny-password—Allows users to log in to the router or switch as root through SSH when
the authentication method (for example, RSA) does not require a password.
Configuring the SSH Protocol Version
By default, both version 1 and version 2 of the SSH protocol are enabled. To configure
the router or switch to use only version 1 of the SSH protocol, include the protocol-version
statement and specify v1 at the [edit system services ssh] hierarchy level:
[edit system services ssh]
protocol-version [ v1 ];
To configure the router or switch to use only version 2 of the SSH protocol, include the
protocol-version statement and specify v2 at the [edit system services ssh] hierarchy
level:
[edit system services ssh]
protocol-version [ v2 ];
To explicitly configure the router or switch to use version 1 and 2 of the SSH protocol,
include the protocol-version statement and specify v1 and v2 at the [edit system services
ssh] hierarchy level:
[edit system services ssh]
protocol-version [ v1 v2 ];
For J Series Services Routers, the export license software supports SSH version 1 only.
Configuring the Client Alive Mechanism
The client alive mechanism is valuable when the client or server depends on knowing
when a connection has become inactive. It differs from the standard keepalive mechanism
because the client alive messages are sent through the encrypted channel. The client
alive mechanism is not enabled at default. To enable it, configure the
Copyright © 2014, Juniper Networks, Inc.
151
Network Management and Monitoring on the QFX Series
client-alive-count-max and the client-alive-interval. This option applies to SSH protocol
version 2 only.
In the following example, unresponsive SSH clients will be disconnected after
approximately 100 seconds (20 x 5).
[edit system services ssh]
client-alive-count-max 5;
client-alive-interval 20;
Configuring Telnet Service for Remote Access to a Switch
Telnet provides unencrypted access to network devices. Configuring Telnet service for
a switch enables in-band remote access to the switch.
By default, the switch supports a limited number of simultaneous Telnet sessions and
connection attempts per minute. Optionally, you can change the default Telnet settings
by configuring the connection limit and rate limit at the [edit system services telnet]
hierarchy level.
The connection limit is the maximum number of simultaneous connections per protocol
(IPv4). The range is from 1 through 250. The default is 75.
The rate limit is the maximum number of connection attempts accepted per minute per
protocol. The range is from 1 through 250. The default is 150.
To configure Telnet service:
1.
To specify the connection limit:
[edit system services]
user@switch# set telnet connection-limit connection-limit
2. To specify the rate limit:
[edit system services]
user@switch# set telnet rate-limit rate-limit
3. Check that the Telnet connection limit and rate limit show the values you specified:
[edit system services]
user@switch# show
telnet {
connection-limit 50;
rate-limit 100;
}
Related
Documentation
152
•
Understanding Telnet on the QFabric System on page 7
•
Limiting the Number of User Login Attempts for SSH and Telnet Sessions
•
Example: Limiting the Number of Login Attempts for SSH and Telnet Sessions
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 11
Configuration Tasks for Automation
•
Invoking the Python Interpreter on page 153
•
Controlling the Execution of Commit Scripts on page 153
Invoking the Python Interpreter
The Python interpreter is available by default with the QFX5100 switch automation
enhancements. You can invoke Python by entering the python command at the shell
script.
To invoke the Python interpreter:
1.
Start the shell interface:
user@switch> start shell
2. Enter the python command without any parameters:
% python
NOTE: The Python interpreter is designated with the prompt >>> at the
beginning of a line or ... to indicate the continuation of a line.
Related
Documentation
•
Overview of Python with QFX5100 Switch Automation Enhancements on page 12
•
Overview of QFX5100 Switch Automation Enhancements on page 11
•
Installing Junos OS Software with QFX5100 Switch Automation Enhancements on
page 113
•
QFX5100 Switch with Automation Enhancements Frequently Asked Questions on
page 487
Controlling the Execution of Commit Scripts
This document describes the tasks that affect the way commit scripts are executed. In
the QFabric system, commit scripts are stored in the in the
/pbdata/mgd_shared/partition-ip/var/db/scripts/commit directory that is shared among
Director devices in a Director group.
Copyright © 2014, Juniper Networks, Inc.
153
Network Management and Monitoring on the QFX Series
To determine which commit scripts are currently enabled on the QFabric system, use
the show command to display the files included at the [edit system scripts commit]
hierarchy level. To ensure that the enabled files are on the device, list the contents of the
/pbdata/mgd_shared/partition-ip/var/db/scripts/commit directory using the file list
operational mode command.
See the following tasks:
•
Enabling Commit Scripts to Execute on page 154
•
Removing Commit Scripts from the Configuration on page 155
•
Deactivating Commit Scripts on page 155
•
Activating Inactive Commit Scripts on page 156
Enabling Commit Scripts to Execute
The commit operation requires that all scripts be included in configuration at the [edit
system scripts commit file] hierarchy level for all QFabric Director devices.
If you need to temporarily remove a script from a commit operation but do not want to
remove it from the configuration permanently, you may configure the optional statement
at the [edit system scripts commit file filename] hierarchy level to enable the commit
operation to succeed even if a script is missing from the commit script directory.
CAUTION: When you include the optional statement at the [edit system scripts
commit file filename] hierarchy level, no error message is generated during
the commit operation if the file does not exist. As a result, you might not be
aware that a script has not been executed as expected.
The filename of a commit script written in SLAX must include the .slax extension for the
script to be executed.
To enable a commit script to execute during a commit operation:
1.
Ensure that the commit script is located in the correct directory:
/pbdata/mgd_shared/partition-ip/var/db/scripts/commit directory on the Director
device.
2. Configure the commit script.
[edit system scripts commit]
user@switch# set file filename <optional>
3. Commit the configuration.
[edit system scripts commit]
user@switch# top
[edit]
user@switch# commit
154
Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Configuration Tasks for Automation
Removing Commit Scripts from the Configuration
You can prevent commit scripts from executing during a commit operation by removing
the scripts from the commit directory in the configuration.
NOTE: You can also deactivate a script using the deactivate statement instead
of removing it from the configuration. Deactivated scripts may be reactivated
later.
To prevent a commit script from executing during a commit operation:
1.
Delete the commit script file from the commit directory in the configuration.
[edit system scripts commit]
user@switch# delete file filename
2. Commit the configuration.
[edit system scripts commit]
user@switch# top
[edit]
user@switch# commit
3. Remove the commit script from the /pbdata/mgd_shared/ directory on the Director
device.
BEST PRACTICE: Although removing the commit script is not necessary,
we recommend deleting unused files from the system.
Deactivating Commit Scripts
Deactivating a commit script results in its being marked as inactive in the configuration.
The script is not executed during the commit operation, but you can reactivate the script
by using the activate statement.
To deactivate the commit script:
1.
Deactivate the script.
[edit]
user@switch deactivate system scripts commit file filename
2. Commit your changes.
[edit]
user@switch# commit
3. Verify that the commit script is deactivated.
[edit]
user@switch# show system scripts commit
inactive: file mycommit.slax
Copyright © 2014, Juniper Networks, Inc.
155
Network Management and Monitoring on the QFX Series
Activating Inactive Commit Scripts
Deactivating a commit script results in its being marked as inactive in the configuration
and is therefore not executed during the commit operation.
To activate an inactive commit script:
1.
Activate the script.
[edit]
user@switch# activate system scripts commit file filename
2. Commit your changes.
[edit]
user@switch# commit
156
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 12
Configuration Tasks for Network Analytics
•
Configuring Queue Monitoring on page 157
•
Configuring Traffic Monitoring on page 159
•
Configuring a Local File for Network Analytics Data on page 160
•
Configuring a Remote Collector for Streaming Analytics Data on page 161
Configuring Queue Monitoring
Network analytics queue monitoring provides visibility into the performance and behavior
of the data center infrastructure. This feature collects data from the switch, analyzes
the data using sophisticated algorithms, and captures the results in reports. You can use
the reports to help troubleshoot problems, make decisions, and adjust resources as
needed.
You enable queue monitoring by first defining a resource profile template, and then
applying the profile to the system (for a global configuration) or to individual interfaces.
NOTE: You can configure queue monitoring on physical network interfaces
only; logical interfaces and Virtual Chassis physical (VCP) interfaces are not
supported.
NOTE: This procedure requires Junos OS Release 13.2X51-D15 to be installed
on your device.
To configure queue monitoring on a QFX Series standalone switch:
1.
Configure the queue monitoring polling interval (in milliseconds) globally (for the
system):
[edit]
set services analytics resource system polling-interval queue-monitoring interval
2. Configure a resource profile for the system, and enable queue monitoring:
[edit]
set services analytics resource-profiles profile-name queue-monitoring
Copyright © 2014, Juniper Networks, Inc.
157
Network Management and Monitoring on the QFX Series
3. Configure high and low values of the depth-threshold (in bytes) for queue monitoring
in the system profile:
[edit]
set services analytics resource-profiles profile-name depth-threshold high number low
number
For both high and low values, the range is from 1 to 1,250,000,000 bytes, and the
default value is 0 bytes.
NOTE: You can configure either the depth-threshold or latency threshold
for the system, but not both.
4. Apply the resource profile template to the system for a global configuration:
[edit]
set services analytics resource system resource-profile profile-name
5. Configure an interface-specific resource profile and enable queue monitoring for the
interface:
[edit]
set services analytics resource-profiles profile-name queue-monitoring
6. Configure the latency-threshold (high and low values) for queue monitoring in the
interface-specific profile:
[edit]
set services analytics resource-profiles profile-name latency-threshold high number
low number
For both high and low values, the range is from 1 to 100,000,000 nanoseconds, and
the default value is 1,000,000 nanoseconds.
NOTE: You can configure either the depth-threshold or latency threshold
for interfaces, but not both.
7. Apply the resource profile template for interfaces to one or more interfaces:
[edit]
set services analytics resource interfaces interface-name resource-profile profile-name
NOTE: If a conflict arises between the system and interface configurations,
the interface-specific configuration supersedes the global (system)
configuration.
Related
Documentation
158
•
Network Analytics Overview on page 33
•
Example: Configuring Enhanced Network Analytics Features on page 138
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
Chapter 12: Configuration Tasks for Network Analytics
Configuring Traffic Monitoring
Network analytics queue monitoring provides visibility into the performance and behavior
of the data center infrastructure. This feature collects data from the switch, analyzes
the data using sophisticated algorithms, and captures the results in reports. You can use
the reports to help troubleshoot problems, make decisions, and adjust resources as
needed.
You enable queue monitoring by first defining a resource profile template, and then
applying the profile to the system (for a global configuration) or to individual interfaces.
NOTE: You can configure queue monitoring on physical network interfaces
only; logical interfaces and Virtual Chassis physical (VCP) interfaces are not
supported.
NOTE: This procedure requires Junos OS Release 13.2X51-D15 to be installed
on your device.
To configure traffic monitoring on a QFX Series standalone switch:
1.
Configure the traffic monitoring polling interval (in seconds) for the system:
[edit]
set services analytics resource system polling-interval traffic-monitoring interval
2. Configure a resource profile for the system, and enable traffic monitoring in the profile:
[edit]
set services analytics resource-profiles profile-name traffic-monitoring
3. Apply the resource profile to the system for a global configuration:
[edit]
set services analytics resource system resource-profile profile-name
4. Configure a resource profile for interfaces, and enable traffic monitoring in the profile:
[edit]
set services analytics resource-profiles profile-name traffic-monitoring
NOTE: If a conflict arises between the system and interface configurations,
the interface-specific configuration supersedes the global (system)
configuration.
5. Apply the resource profile template to one or more interfaces:
[edit]
set services analytics resource interfaces interface-name resource-profile profile-name
Copyright © 2014, Juniper Networks, Inc.
159
Network Management and Monitoring on the QFX Series
Related
Documentation
•
Network Analytics Overview on page 33
•
Example: Configuring Enhanced Network Analytics Features on page 138
•
analytics on page 237
Configuring a Local File for Network Analytics Data
The network analytics feature provides visibility into the performance and behavior of
the data center infrastructure. This feature collects data from the switch, analyzes the
data using sophisticated algorithms, and captures the results in reports. Network
administrators can use the reports to help troubleshoot problems, make decisions, and
adjust resources as needed.
To save the queue and traffic statistics data in a local file, you must configure a filename
to store it.
NOTE: This procedure requires Junos OS Release 13.2X51-D15 to be installed
on your device.
To configure a local file for storing queue and traffic monitoring statistics:
1.
Configure a filename:
[edit]
set services analytics collector local file filename
There is no default filename. If you do not configure a filename, network analytics
statistics are not saved locally.
2. Configure the number of files (from 2 to 1000 files):
[edit]
set services analytics collector local file filename files number
3. Configure the file size (from 10 to 4095 MB) in the format of xm:
[edit]
set services analytics collector local file an size size
Related
Documentation
160
•
Network Analytics Overview on page 33
•
Example: Configuring Enhanced Network Analytics Features on page 138
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
Chapter 12: Configuration Tasks for Network Analytics
Configuring a Remote Collector for Streaming Analytics Data
The network analytics feature provides visibility into the performance and behavior of
the data center infrastructure. This feature collects data from the switch, analyzes the
data using sophisticated algorithms, and captures the results in reports. Network
administrators can use the reports to help troubleshoot problems, make decisions, and
adjust resources as needed.
You can configure an export profile to define the stream format and type of data, and
one or more remote servers (collectors) to receive streaming network analytics data.
NOTE: This procedure requires Junos OS Release 13.2X51-D15 to be installed
on your device.
To configure a collector for receiving streamed analytics data:
1.
Create an export profile and specify the stream format:
[edit]
set services analytics export-profiles profile-name stream-format format
2. Configure the export profile to include interface information:
[edit]
set services analytics export-profiles profile-name interface information
3. Configure the export profile to include interface queue statistics:
[edit]
set services analytics export-profiles profile-name interface statistics queue
4. Configure the export profile to include interface traffic statistics:
[edit]
set services analytics export-profiles profile-name interface statistics traffic
5. Configure the export profile to include interface status link information:
[edit]
set services analytics export-profiles profile-name interface status link
6. Configure the export profile to include system information:
[edit]
set services analytics export-profiles profile-name system information
7. Configure the export profile to include system queue status:
[edit]
set services analytics export-profiles profile-name system status queue
8. Configure the export profile to include system traffic status:
[edit]
set services analytics export-profiles profile-name system status traffic
Copyright © 2014, Juniper Networks, Inc.
161
Network Management and Monitoring on the QFX Series
9. Configure the transport protocol for the collector addresses and apply the export
profile:
[edit]
set services analytics collector address ip-address port port transport protocol
export-profile profile-name
set services analytics collector address ip-address port port transport protocol
export-profile profile-name
NOTE: If you configure the tcp or udp option for the JSON, CSV, and TSV
formats, you must also set up the TCP or UDP client software on the
remote collector to process records that are separated by the newline
character (\n) on the remote server.
If you configure the tcp or udp option for the GPB format, you must also
set up the TCP or UDP build streaming server using the analytics.proto file.
Related
Documentation
162
•
Network Analytics Overview on page 33
•
Example: Configuring Enhanced Network Analytics Features on page 138
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 13
Configuration Tasks for sFlow Technology
•
Configuring sFlow Technology on page 163
Configuring sFlow Technology
The sFlow technology is a monitoring technology for high-speed switched or routed
networks. sFlow monitoring technology collects samples of network packets and sends
them in a UDP datagram to a monitoring station called a collector. You can configure
sFlow technology on a QFX Series device to monitor traffic continuously at wire speed
on all interfaces simultaneously. You must enable sFlow monitoring on each interface
individually; you cannot globally enable sFlow monitoring on all interfaces with a single
configuration statement. Junos OS fully supports the sFlow technology standard described
in RFC 3176, InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and
Routed Networks.
On the QFabric system, the sFlow monitoring global configuration that is defined on the
Director device is distributed to Node groups that have sFlow sampling configured on
the interfaces.
To configure sFlow features using the CLI:
1.
Configure the IP address and UDP port of at least one collector:
[edit protocols sflow]
user@host# set collector ip-address udp-port port-number
The default UDP port assigned is 6343.
2. Enable sFlow technology on a specific interface:
[edit protocols sflow]
user@host# set interfaces interface-name
NOTE: You cannot enable sFlow technology on a Layer 3 VLAN-tagged
interface.
You cannot enable sFlow technology on a LAG interface (for example
ae0), but you can enable sFlow technology on the member interfaces of
the LAG (for example, xe-0/0/1).
3. Specify how often (in seconds) the sFlow agent polls all interfaces at the global level:
Copyright © 2014, Juniper Networks, Inc.
163
Network Management and Monitoring on the QFX Series
[edit protocols sflow]
user@host# set polling-interval seconds
NOTE: Specify 0 if you do not want to poll the interface.
4. Specify the rate at which packets are sampled at the global level. For example,
configuring a number of 1000 sets a sample rate of 1 in 1000 packets.
[edit protocols sflow]
user@host# set sample-rate number
5. (Optional) You can also configure the polling interval and sample rate at the interface
level:
[edit protocols sflow]
user@host# set interfaces interface-name polling-interval seconds sample-rate number
NOTE: The interface-level configuration overrides the global configuration
for the specified interface.
Related
Documentation
164
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
•
Overview of sFlow Technology
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 14
Configuration Tasks for SNMP
•
Configuring SNMP on page 165
•
Configuring the SNMP Community String on page 169
•
Configuring SNMP Trap Groups on page 170
•
Adding a Group of Clients to an SNMP Community on page 171
•
Configuring the Interfaces on Which SNMP Requests Can Be Accepted on page 172
•
Configuring MIB Views on page 172
•
Configuring RMON Alarms and Events on page 173
•
Configuring Health Monitoring on page 176
•
Creating SNMPv3 Users on page 176
•
Configuring Access Privileges for a Group on page 178
•
Assigning a Security Name to a Group on page 179
•
Configuring SNMPv3 Traps on a Device Running Junos OS on page 180
•
Configuring SNMP Informs on page 181
Configuring SNMP
SNMP is implemented in the Junos OS Software running on the QFX Series products. By
default, SNMP is not enabled. To enable SNMP, you must include the SNMP configuration
statements at the [edit] hierarchy level.
To configure the minimum requirements for SNMP, include the following statements at
the [edit] hierarchy level of the configuration:
[edit]
snmp {
community public;
}
To configure complete SNMP features, include the following statements at the [edit]
hierarchy level of the configuration:
snmp {
client-list client-list-name {
ip-addresses;
}
Copyright © 2014, Juniper Networks, Inc.
165
Network Management and Monitoring on the QFX Series
community community-name {
authorization authorization;
client-list-name client-list-name;
clients {
address restrict;
}
logical-system logical-system-name {
routing-instance routing-instance-name {
clients {
addresses;
}
}
}
routing-instance routing-instance-name {
clients {
addresses;
}
}
view view-name;
}
contact contact;
description description;
filter-duplicates;
filter-interfaces;
health-monitor {
falling-threshold integer;
interval seconds;
rising-threshold integer;
}
interface [ interface-names ];
location location;
name name;
nonvolatile {
commit-delay seconds;
}
rmon {
alarm index {
description description;
falling-event-index index;
falling-threshold integer;
falling-threshold-interval seconds;
interval seconds;
request-type;
rising-event-index index;
rising-threshold integer;
sample-type (absolute-value | delta-value);
startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm);
syslog-subtag syslog-subtag;
variable oid-variable;
}
event index {
community community-name;
description description;
type type;
}
history history-index {
166
Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Configuration Tasks for SNMP
bucket-size number;
interface interface-name;
interval seconds;
owner owner-name;
}
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable> <match
regular-expression>;
flag flag;
}
trap-group group-name {
categories {
category;
}
destination-port port-number;
routing-instance routing-instance-name;
targets {
address;
}
version (all | v1 | v2);
}
trap-options {
agent-address outgoing-interface;
source-address address;
}
v3 {
notify name {
tag tag-name;
type trap;
}
notify-filter profile-name {
oid object-identifier (include | exclude);
}
snmp-community community-index {
community-name community-name;
security-name security-name;
tag tag-name;
}
target-address target-address-name {
address address;
address-mask address-mask;
logical-system logical-system;
port port-number;
retry-count number;
routing-instance routing-instance-name;
tag-list tag-list;
target-parameters target-parameters-name;
timeout seconds;
}
target-parameters target-parameters-name {
notify-filter profile-name;
parameters {
message-processing-model (v1 | v2c | V3);
security-level (authentication | none | privacy);
security-model (usm | v1 | v2c);
Copyright © 2014, Juniper Networks, Inc.
167
Network Management and Monitoring on the QFX Series
security-name security-name;
}
}
usm {
local-engine {
user username {
authentication-sha {
authentication-password authentication-password;
}
authentication-md5 {
authentication-password authentication-password;
}
authentication-none;
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none;
}
}
remote-engine engine-id {
user username {
authentication-sha {
authentication-password authentication-password;
}
authentication-md5 {
authentication-password authentication-password;
}
authentication-none;
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none {
privacy-password privacy-password;
}
}
}
}
vacm {
access {
group group-name {
(default-context-prefix | context-prefix context-prefix) {
security-model (any | usm | v1 | v2c) {
security-level (authentication | none | privacy) {
notify-view view-name;
168
Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Configuration Tasks for SNMP
read-view view-name;
write-view view-name;
}
}
}
}
}
security-to-group {
security-model (usm | v1 | v2c) {
security-name security-name {
group group-name;
}
}
}
}
}
view view-name {
oid object-identifier (include | exclude);
}
}
Related
Documentation
•
Understanding the Implementation of SNMP on page 59
•
snmp on page 334
Configuring the SNMP Community String
The SNMP community string defines the relationship between an SNMP server system
and the client systems. This string acts like a password to control the clients’ access to
the server. To configure a community string in a Junos OS configuration, include the
community statement at the [edit snmp] hierarchy level:
[edit snmp]
community name {
authorization authorization;
clients {
default restrict;
address restrict;
}
view view-name;
}
If the community name contains spaces, enclose it in quotation marks (" ").
The default authorization level for a community is read-only. To allow Set requests within
a community, you need to define that community as authorization read-write. For Set
requests, you also need to include the specific MIB objects that are accessible with
read-write privileges using the view statement. The default view includes all supported
MIB objects that are accessible with read-only privileges; no MIB objects are accessible
with read-write privileges. For more information about the view statement, see
“Configuring MIB Views” on page 172.
The clients statement lists the IP addresses of the clients (community members) that
are allowed to use this community. If no clients statement is present, all clients are
Copyright © 2014, Juniper Networks, Inc.
169
Network Management and Monitoring on the QFX Series
allowed. For address, you must specify an IPv4 address, not a hostname. Include the
default restrict option to deny access to all SNMP clients for which access is not explicitly
granted. We recommend that you always include the default restrict option to limit SNMP
client access to the local switch.
NOTE: Community names must be unique within each SNMP system.
Related
Documentation
•
Configuring SNMP on page 165
Configuring SNMP Trap Groups
Before any SNMP traps can be sent, you must configure a trap group, the categories of
traps the group can receive, and the targets (systems) that will receive the traps. To
create and name an SNMP trap group, include the trap-group statement at the [edit
snmp] hierarchy level:
[edit snmp]
trap-group group-name {
categories {
category;
}
destination-port port-number;
targets {
address;
}
version (all | v1 | v2);
}
The trap group name can be any string and is embedded in the community name field
of the trap. To configure your own trap group port, include the destination-port statement.
The default destination port is port 162.
For each trap group that you define, you must include the target statement to define at
least one system as the recipient of the SNMP traps in the trap group. Specify the IPv4
address of each recipient and not its hostname.
Specify the types of traps the trap group can receive in the categories statement.
A trap group can receive the following categories of traps:
170
•
authentication—Authentication failures
•
chassis—Chassis or environment notifications
•
configuration—Configuration notifications
•
link—Link-related notifications such as up-down transitions
•
remote-operations—Remote operation notifications
•
startup—System warm and cold starts
Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Configuration Tasks for SNMP
The version statement allows you to specify the SNMP version of the traps sent to targets
of the trap group. If you specify v1 only, SNMPv1 traps are sent. If you specify v2 only,
SNMPv2 traps are sent. If you specify all, both an SNMPv1 and an SNMPv2 trap are sent
for every trap condition. For more information about the version statement, see version.
Related
Documentation
•
Standard SNMP Version 1 Traps
•
Standard SNMP Version 2 Traps
•
Juniper Networks Enterprise-Specific SNMP Version 1 Traps
•
Juniper Networks Enterprise-Specific SNMP Version 2 Traps
Adding a Group of Clients to an SNMP Community
Junos OS enables you to add one or more groups of clients to an SNMP community. You
can include the client-list-name name statement at the [edit snmp community
community-name] hierarchy level to add all the members of the client list or prefix list to
an SNMP community.
To define a list of clients, include the client-list statement followed by the IP addresses
of the clients at the [edit snmp] hierarchy level:
[edit snmp]
client-list client-list-name {
ip-addresses;
}
You can configure a prefix list at the [edit policy options] hierarchy level. Support for
prefix lists in the SNMP community configuration enables you to use a single list to
configure the SNMP and routing policies. For more information about the prefix-list
statement, see the Routing Policy Feature Guide for Routing Devices.
To add a client list or prefix list to an SNMP community, include the client-list-name
statement at the [edit snmp community community-name] hierarchy level:
[edit snmp community community-name]
client-list-name client-list-name;
NOTE: The client list and prefix list must not have the same name.
The following example shows how to define a client list:
[edit]
snmp {
client-list clentlist1 {
10.1.1.1/32;
10.2.2.2/32;
}
}
The following example shows how to add a client list to an SNMP community:
[edit]
Copyright © 2014, Juniper Networks, Inc.
171
Network Management and Monitoring on the QFX Series
snmp {
community community1 {
authorization read-only;
client-list-name clientlist1;
}
}
The following example shows how to add a prefix list to an SNMP community:
[edit]
policy-options {
prefix-list prefixlist {
10.3.3.3/32;
10.5.5.5/32;
}
}
snmp {
community community2 {
client-list-name prefixlist;
}
}
Related
Documentation
•
client-list on page 283
•
client-list-name on page 283
Configuring the Interfaces on Which SNMP Requests Can Be Accepted
By default, all router or switch interfaces have SNMP access privileges. To limit the access
through certain interfaces only, include the interface statement at the [edit snmp]
hierarchy level:
[edit snmp]
interface [ interface-names ];
Specify the names of any logical or physical interfaces that should have SNMP access
privileges. Any SNMP requests entering the router or switch from interfaces not listed
are discarded.
Related
Documentation
•
Configuring SNMP on a Device Running Junos OS
•
Configuration Statements at the [edit snmp] Hierarchy Level
•
Example: Configuring Secured Access List Checking
•
Configuring SNMP on page 165
Configuring MIB Views
By default, an SNMP community grants read access and denies write access to all
supported MIB objects (even communities configured as authorization read-write). To
restrict or grant read or write access to a set of MIB objects, you must configure a MIB
view and associate the view with a community.
172
Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Configuration Tasks for SNMP
To configure MIB views, include the view statement at the [edit snmp] hierarchy level:
[edit snmp]
view view-name {
oid object-identifier (include | exclude);
}
The view statement defines a MIB view and identifies a group of MIB objects. Each MIB
object of a view has a common object identifier (OID) prefix. Each object identifier
represents a subtree of the MIB object hierarchy. The subtree can be represented either
by a sequence of dotted integers (such as 1.3.6.1.2.1.2) or by its subtree name (such as
interfaces). A configuration statement uses a view to specify a group of MIB objects on
which to define access. You can also use a wildcard character asterisk (*) to include
OIDs that match a particular pattern in the SNMP view. To enable a view, you must
associate the view with a community.
NOTE: To remove an OID completely, use the delete view all oid oid-number
command but omit the include parameter.
To associate MIB views with a community, include the view statement at the [edit snmp
community community-name] hierarchy level:
[edit snmp community community-name]
view view-name;
For more information about the Ping MIB, see RFC 2925 and the PING MIB topic in the
SNMP MIBs and Traps Reference.
Related
Documentation
•
Configuring SNMP on a Device Running Junos OS
•
Configuration Statements at the [edit snmp] Hierarchy Level
•
Example: Ping Proxy MIB
•
view (Configuring a MIB View)
•
view (Associating MIB View with a Community) on page 359
•
oid
Configuring RMON Alarms and Events
The Junos OS supports the Remote Network Monitoring (RMON) MIB (RFC 2819), which
allows a management device to monitor the values of MIB objects, or variables, against
configured thresholds. When the value of a variable crosses a threshold, an alarm and
Copyright © 2014, Juniper Networks, Inc.
173
Network Management and Monitoring on the QFX Series
its corresponding event are generated. The event can be logged and can generate an
SNMP trap.
To configure RMON alarms and events using the CLI, perform these tasks:
1.
Configuring SNMP on page 174
2. Configuring an Event on page 174
3. Configuring an Alarm on page 175
Configuring SNMP
To configure SNMP:
1.
Grant read-only access to all SNMP clients:
[edit snmp]
user@switch# set community community-name authorization authorization
For example:
[edit snmp]
user@switch# set community public authorization read-only
2. Grant read-write access to the RMON and jnx-rmon MIBs:
[edit snmp]
user@switch# set view view-name oid object-identifier include
user@switch# set view view-name oid object-identifier include
user@switch# set community community-name authorization authorization view view-name
For example:
[edit snmp]
user@switch# set view rmon-mib-view oid .1.3.6.1.2.1.16 include
user@switch# set view rmon-mib-view oid .1.3.6.1.4.1.2636.13 include
user@switch# set community private authorization read-write view rmon-mib-view
OIDs 1.3.6.1.2.1.16 and 1.3.6.1.4.1.2636.13 correspond to the RMON and jnxRmon MIBs.
3. Configure an SNMP trap group:
[edit snmp]
user@switch# set trap-group group-name categories category
user@switch# set trap-group group-name targets address
For example:
[edit snmp]
user@switch# set trap-group rmon-trap-group categories rmon-alarm
user@switch# set trap-group rmon-trap-group targets 192.168.5.5
The trap group rmon-trap-group is configured to send RMON traps to 192.168.5.5.
Configuring an Event
To configure an event:
1.
Configure an event index, community name, and type:
[edit snmp rmon]
user@switch# set event index community community-name typetype
For example:
[edit snmp rmon]
174
Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Configuration Tasks for SNMP
user@switch# set event 1 community rmon-trap-group type log-and-trap
The event community corresponds to the SNMP trap group and is not the same as
an SNMP community. This event generates an SNMP trap and adds an entry to the
logTable in the RMON MIB.
2. Configure a description for the event:
[edit snmp rmon]
user@switch# set event index description description
For example:
[edit snmp rmon]
user@switch# set event 1 description “rmon event”
Configuring an Alarm
To configure an alarm:
1.
Configure an alarm index, the variable to monitor, the rising and falling thresholds,
and the corresponding rising and falling events:
[edit snmp rmon]
user@switch# set alarm index variable oid-variable falling-threshold integer rising-threshold
integer rising-event-index index falling-event-index index
For example:
[edit snmp rmon]
user@switch# set alarm 5 variable .1.3.6.1.4.1.2636.3.1.13.1.8.9.1.0.0 falling-threshold 75
rising-threshold 90 rising-event-index 1 falling-event-index 1
The variable .1.3.6.1.4.1.2636.3.1.13.1.8.9.1.0.0 corresponds to the jnxRmon MIB object
jnxOperatingCPU, which represents the CPU utilization of the Routing Engine. The
falling and rising threshold integers are 75 and 90. The rising and falling events both
generate the same event (event index 1).
2. Configure the sample interval and type and the alarm type:
[edit snmp rmon]
user@switch# set alarm index interval seconds sample-type (absolute-value | delta-value)
startup-alarm (falling-alarm | rising-alarm | rising-or-falling-alarm)
For example:
[edit snmp rmon]
user@switch# set alarm 5 interval 30 sample-type absolute-value
startup-alarm rising-or-falling-alarm
The absolute value of the monitored variable is sampled every 30 seconds. The initial
alarm can occur because of rising above the rising threshold or falling below the falling
threshold.
Related
Documentation
•
Configuring SNMP on page 165
•
Juniper Networks Enterprise-Specific MIBs
•
Monitoring RMON MIB Tables on page 387
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Understanding RMON on page 71
Copyright © 2014, Juniper Networks, Inc.
175
Network Management and Monitoring on the QFX Series
Configuring Health Monitoring
This topic describes how to configure the health monitor feature for QFX Series devices.
The health monitor feature extends the SNMP RMON alarm infrastructure to provide
predefined monitoring for a selected set of object instances (such as file system usage,
CPU usage, and memory usage) and dynamic object instances (such as Junos OS
processes).
To configure health monitoring:
1.
Configure the health monitor:
[edit snmp]
user@switch# set health-monitor
2. Configure the falling threshold:
[edit snmp]
user@switch# set health-monitor falling-threshold percentage
For example:
user@switch# set health-monitor falling-threshold 85
3. Configure the rising threshold:
[edit snmp]
user@switch# set health-monitor rising-threshold percentage
For example:
user@switch# set health-monitor rising-threshold 75
4. Configure the interval:
[edit snmp]
user@switch# set health-monitor interval seconds
For example:
user@switch# set health-monitor interval 600
Related
Documentation
•
Understanding Health Monitoring on page 75
•
falling-threshold on page 293
•
interval (Health Monitor) on page 301
•
rising-threshold (Health Monitor) on page 321
Creating SNMPv3 Users
For each SNMPv3 user, you can specify the username, authentication type, authentication
password, privacy type, and privacy password. After a user enters a password, a key
based on the engine ID and password is generated and is written to the configuration
file. After the generation of the key, the password is deleted from this configuration file.
176
Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Configuration Tasks for SNMP
NOTE: You can configure only one encryption type for each SNMPv3 user.
To create users, include the user statement at the [edit snmp v3 usm local-engine]
hierarchy level:
[edit snmp v3 usm local-engine]
user username;
username is the name that identifies the SNMPv3 user.
To configure user authentication and encryption, include the following statements at
the [edit snmp v3 usm local-engine user username] hierarchy level:
[edit snmp v3 usm local-engine user username]
authentication-md5 {
authentication-password authentication-password;
}
authentication-sha {
authentication-password authentication-password;
}
authentication-none;
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none;
Related
Documentation
•
Complete SNMPv3 Configuration Statements
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
•
Example: Creating SNMPv3 Users Configuration
•
Example: SNMPv3 Configuration
Copyright © 2014, Juniper Networks, Inc.
177
Network Management and Monitoring on the QFX Series
Configuring Access Privileges for a Group
In SNMPv3, you can configure a group that sets the same access privileges for one or
more users. Configuring a group includes defining the security model and security level,
and associating one or more MIB view permissions for the group.
NOTE: You must associate at least one MIB view with the group. You can
associate multiple MIB views (read, notify, write) to authorize different
permissions based on the view. The view name cannot exceed 32 characters.
To configure access privileges for a group:
1.
To configure the group:
[edit snmp v3 vacm access]
user@switch# edit group group-name
2. To configure the context prefix of the SNMP instance for the group:
[edit snmp v3 vacm access group group-name]
user@switch# edit (default-context-prefix | context-prefix context-prefix)
For example, to configure the default context prefix:
[edit snmp v3 vacm access group group-name]
user@switch# edit default-context-prefix
3. To configure the security model:
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix)]
user@switch# edit security-model (any | usm | v1 | v2c)
For example, to configure the SNMPv3 user-based security model (USM):
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix)]
user@switch# edit security-model usm
4. To configure the security level:
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix) security-model (any | usm | v1 | v2c)]
user@switch# edit security-level (authentication | none | privacy)
For example, to configure a security level requiring user authentication and encryption:
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix) security-model (any | usm | v1 | v2c)]
user@switch# edit security-level privacy
178
Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Configuration Tasks for SNMP
NOTE: Access privileges are granted to all packets with a security level
equal to or greater than that configured. If you are configuring the SNMPv1
or v2c security model, use none as your security level. If you are configuring
the SNMPv3 security model (USM), use the authentication, none, or privacy
security level.
5. (Optional) To associate a read-only MIB view with an SNMP group:
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix) security-model (any | usm | v1 | v2c) security-level (authentication |
none | privacy)]
user@switch# edit read-view view-name
6. (Optional) To associate a MIB view with an SNMP notification permission for an SNMP
group:
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix) security-model (any | usm | v1 | v2c) security-level (authentication |
none | privacy)]
user@switch# edit notify-view view-name
7. (Optional) To associate a MIB view with write permission for an SNMP group:
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix) security-model (any | usm | v1 | v2c) security-level (authentication |
none | privacy)]
user@switch# edit write-view view-name
Related
Documentation
•
SNMPv3 Overview on page 69
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
Assigning a Security Name to a Group
In SNMPv3, each username is associated with a security name. The security name,
together with the SNMP engine ID, is included in SNMP messages to ensure messaging
security.
Before you assign a security name to a group, first create the security name. For an
SNMPv3 client, the security name is the username configured at the [edit snmp v3 usm
local-engine user username] hierarchy level. For SNMPv1 or v2c clients, the security name
is the community string configured at the [edit snmp v3 snmp-community community-index]
hierarchy level.
Assigning a security name to a group includes configuring a security model for the group,
assigning the security name to the group, and configuring the group.
To assign an SNMP security name to a group:
1.
To configure a security model for the group:
[edit snmp v3 vacm security-to-group]
user@switch# edit security-model (usm | v1 | v2c)
Copyright © 2014, Juniper Networks, Inc.
179
Network Management and Monitoring on the QFX Series
For example, to configure the SNMPv3 user-based security model (USM):
[edit snmp v3 vacm security-to-group]
user@switch# edit security-model usm
2. To associate the security name with a group:
[edit snmp v3 vacm security-to-group security-model (usm | v1 | v2c)]
user@switch# edit security-name security-name
3. To configure a group of SNMPv3 security names with the same security policy:
[edit snmp v3 vacm security-to-group security-model (usm | v1 | v2c) security-name
security-name]
user@switch# edit group group-name
Related
Documentation
•
Creating SNMPv3 Users on page 176
•
group (Associating a Security Name) on page 296
•
security-model (Group) on page 328
•
security-name (Community String) on page 330
•
security-name (Security Group) on page 331
Configuring SNMPv3 Traps on a Device Running Junos OS
In SNMPv3, you create traps and informs by configuring the notify, target-address, and
target-parameters parameters. Traps are unconfirmed notifications, whereas informs
are confirmed notifications. This section describes how to configure SNMP traps. For
information about configuring SNMP informs, see “Configuring SNMP Informs” on page 181.
The target address defines a management application’s address and parameters to be
used in sending notifications. Target parameters define the message processing and
security parameters that are used in sending notifications to a particular management
target. SNMPv3 also lets you define SNMPv1 and SNMPv2c traps.
NOTE: When you configure SNMP traps, make sure your configured access
privileges allow the traps to be sent. Access privileges are configured at the
[edit snmp v3 vacm access] and [edit snmp v3 vacm security-to-group] hierarchy
levels.
To configure SNMP traps, include the following statements at the [edit snmp v3] hierarchy
level:
[edit snmp v3]
notify name {
tag tag-name;
type trap;
}
notify-filter name {
oid object-identifier (include | exclude);
}
180
Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Configuration Tasks for SNMP
target-address target-address-name {
address address;
address-mask address-mask;
logical-system (SNMP logical-system;
port port-number;
routing-instance instance;
tag-list tag-list;
target-parameters target-parameters-name;
}
target-parameters target-parameters-name {
notify-filter profile-name;
parameters {
message-processing-model (v1 | v2c | v3);
security-level (authentication | none | privacy);
security-model (usm | v1 | v2c);
security-name security-name;
}
}
Related
Documentation
•
Configuring the SNMPv3 Trap Notification
•
Configuring the Trap Notification Filter
•
Configuring the Trap Target Address
•
Defining and Configuring the Trap Target Parameters
•
Configuring SNMP Informs on page 181
•
Configuring the Remote Engine and Remote User
•
Configuring the Inform Notification Type and Target Address
•
Complete SNMPv3 Configuration Statements
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
Configuring SNMP Informs
Junos OS supports two types of notifications: traps and informs. With traps, the receiver
does not send any acknowledgment when it receives a trap. Therefore, the sender cannot
determine if the trap was received. A trap may be lost because a problem occurred during
transmission. To increase reliability, an inform is similar to a trap except that the inform
is stored and retransmitted at regular intervals until one of these conditions occurs:
•
The receiver (target) of the inform returns an acknowledgment to the SNMP agent.
•
A specified number of unsuccessful retransmissions have been attempted and the
agent discards the inform message.
If the sender never receives a response, the inform can be sent again. Thus, informs are
more likely to reach their intended destination than traps are. Informs use the same
communications channel as traps (same socket and port) but have different protocol
data unit (PDU) types.
Copyright © 2014, Juniper Networks, Inc.
181
Network Management and Monitoring on the QFX Series
Informs are more reliable than traps, but they consume more network, router, and switch
resources (see Figure 9 on page 182). Unlike a trap, an inform is held in memory until a
response is received or the timeout is reached. Also, traps are sent only once, whereas
an inform may be retried several times. Use informs when it is important that the SNMP
manager receive all notifications. However, if you are more concerned about network
traffic, or router and switch memory, use traps.
Figure 9: Inform Request and Response
For information about configuring SNMP traps, see “Configuring SNMPv3 Traps on a
Device Running Junos OS” on page 180.
Related
Documentation
182
•
Configuring SNMPv3 Traps on a Device Running Junos OS on page 180
•
Configuring the Remote Engine and Remote User
•
Configuring the Inform Notification Type and Target Address
•
Complete SNMPv3 Configuration Statements
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 15
Configuration Tasks for System Log
Messages
•
Junos OS Minimum System Logging Configuration on page 183
•
Junos OS System Log Configuration Statements on page 184
•
Adding a Text String to System Log Messages on page 185
•
Directing System Log Messages to a Log File on page 186
•
Directing System Log Messages to a Remote Machine on page 186
•
Directing System Log Messages to a User Terminal on page 187
•
Directing System Log Messages to the Console on page 188
•
Disabling the System Logging of a Facility on page 188
•
Displaying a Log File from a Single-Chassis System on page 189
•
Including Priority Information in System Log Messages on page 190
•
Including the Year or Millisecond in Timestamps on page 191
•
Logging Messages in Structured-Data Format on page 192
•
Interpreting Messages Generated in Structured-Data Format on page 193
•
Interpreting Messages Generated in Standard Format on page 196
•
Specifying Log File Size, Number, and Archiving Properties on page 197
•
Specifying the Facility and Severity of Messages to Include in the Log on page 198
•
Junos OS System Logging Facilities and Message Severity Levels on page 199
•
System Log Default Facilities for Messages Directed to a Remote Destination on page 200
•
Junos OS System Log Alternate Facilities for Remote Logging on page 201
•
Changing the Alternative Facility Name for Remote System Log Messages on page 202
•
Using Regular Expressions to Refine the Set of Logged Messages on page 204
Junos OS Minimum System Logging Configuration
To record or view system log messages, you must include the syslog statement at the
[edit system] hierarchy level. Specify at least one destination for the messages, as
described in Table 31 on page 184. For more information about the configuration
statements, see Single-Chassis System Logging Configuration Overview.
Copyright © 2014, Juniper Networks, Inc.
183
Network Management and Monitoring on the QFX Series
Table 31: Minimum Configuration Statements for System Logging
Destination
Related
Documentation
Minimum Configuration Statements
File
[edit system syslog]
file filename {
facility severity;
}
Terminal session of one, several, or all
users
[edit system syslog]
user (username | *) {
facility severity;
}
Router or switch console
[edit system syslog]
console {
facility severity;
}
Remote machine or the other Routing
Engine on the router or switch
[edit system syslog]
host (hostname | other-routing-engine) {
facility severity;
}
•
Junos OS System Log Configuration Overview
•
Overview of Junos OS System Log Messages on page 107
•
Overview of Single-Chassis System Logging Configuration on page 107
Junos OS System Log Configuration Statements
To configure the switch to log system messages, include the syslog statement at the
[edit system] hierarchy level:
[edit system]
syslog {
archive <files number> <size size> <world-readable | no-world-readable>;
console {
facility severity;
}
file filename {
facility severity;
archive <archive-sites (ftp-url <password password>)> <files number> <size size>
<start-time "YYYY-MM-DD.hh:mm"> <transfer-interval minutes> <world-readable |
no-world-readable>;
explicit-priority;
match "regular-expression";
structured-data {
brief;
}
}
host hostname {
facility severity;
explicit-priority;
facility-override facility;
184
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
log-prefix string
match "regular-expression";
}
source-address source-address;
time-format (year | millisecond | year millisecond);
user (username | *) {
facility severity;
match "regular-expression";
}
}
Related
Documentation
•
Overview of Junos OS System Log Messages on page 107
Adding a Text String to System Log Messages
To add a text string to every system log message directed to a remote machine or to the
other Routing Engine, include the log-prefix statement at the [edit system syslog host]
hierarchy level:
[edit system syslog host (hostname | other-routing-engine)]
facility severity;
log-prefix string;
The string can contain any alphanumeric or special character except the equal sign ( = )
and the colon ( : ). It also cannot include the space character; do not enclose the string
in quotation marks (“ ”) in an attempt to include spaces in it.
The Junos OS system logging utility automatically appends a colon and a space to the
specified string when the system log messages are written to the log. The string is inserted
after the identifier for the Routing Engine that generated the message.
The following example shows how to add the string M120 to all messages to indicate
that the router is an M120 router, and direct the messages to the remote machine
hardware-logger.mycompany.com:
[edit system syslog]
host hardware-logger.mycompany.com {
any info;
log-prefix M120;
}
When these configuration statements are included on an M120 router called origin1, a
message in the system log on hardware-logger.mycompany.com looks like the following:
Mar 9 17:33:23 origin1 M120: mgd[477]: UI_CMDLINE_READ_LINE: user ‘root’, command ‘run
show version’
Related
Documentation
•
Single-Chassis System Logging Configuration Overview
•
Specifying Log File Size, Number, and Archiving Properties on page 197
•
Overview of Single-Chassis System Logging Configuration on page 107
Copyright © 2014, Juniper Networks, Inc.
185
Network Management and Monitoring on the QFX Series
Directing System Log Messages to a Log File
To direct system log messages to a file in the /var/log directory of the local Routing
Engine, include the file statement at the [edit system syslog] hierarchy level:
[edit system syslog]
file filename {
facility severity;
archive <archive-sites (ftp-url <password password>)> <files number> <size size>
<start-time "YYYY-MM-DD.hh:mm"> <transfer-interval minutes> <world-readable |
no-world-readable>;
explicit-priority;
match "regular-expression";
structured-data {
brief;
}
}
For the list of facilities and severity levels, see Specifying the Facility and Severity of
Messages to Include in the Log.
To prevent log files from growing too large, the Junos OS system logging utility by default
writes messages to a sequence of files of a defined size. By including the archive
statement, you can configure the number of files, their maximum size, and who can read
them, either for all log files or for a certain log file. For more information, see “Specifying
Log File Size, Number, and Archiving Properties” on page 197.
For information about the following statements, see the indicated sections:
•
explicit-priority—See “Including Priority Information in System Log Messages” on page 190
•
match—See “Using Regular Expressions to Refine the Set of Logged Messages” on
page 204
Related
Documentation
•
structured-data—See Logging Messages in Structured-Data Format
•
Single-Chassis System Logging Configuration Overview
•
Overview of Junos OS System Log Messages on page 107
•
Logging Messages in Structured-Data Format on page 192
•
Examples: Configuring System Logging
•
Examples: Configuring System Logging on page 121
Directing System Log Messages to a Remote Machine
To direct system log messages to a remote machine, include the host statement at the
[edit system syslog] hierarchy level:
[edit system syslog]
host (hostname | other-routing-engine) {
facility severity;
186
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
explicit-priority;
facility-override facility;
log-prefix string;
match "regular-expression";
}
source-address source-address;
To direct system log messages to a remote machine, include the host hostname statement
to specify the remote machine’s IP version 4 (IPv4) address or fully qualified hostname.
The remote machine must be running the standard syslogd utility. We do not recommend
directing messages to another Juniper Networks switch. In each system log message
directed to the remote machine, the hostname of the local Routing Engine appears after
the timestamp to indicate that it is the source for the message.
For the list of logging facilities and severity levels to configure under the host statement,
see “Specifying the Facility and Severity of Messages to Include in the Log” on page 198.
To record facility and severity level information in each message, include the
explicit-priority statement. For more information, see “Including Priority Information in
System Log Messages” on page 190.
For information about the match statement, see “Using Regular Expressions to Refine
the Set of Logged Messages” on page 204.
When directing messages to remote machines, you can include the source-address
statement to specify the IP address of the switch that is reported in the messages as
their source. In each host statement, you can also include the facility-override statement
to assign an alternative facility and the log-prefix statement to add a string to each
message.
Related
Documentation
•
Overview of Single-Chassis System Logging Configuration on page 107
Directing System Log Messages to a User Terminal
To direct system log messages to the terminal session of one or more specific users (or
all users) when they are logged in to the local Routing Engine, include the user statement
at the [edit system syslog] hierarchy level:
[edit system syslog]
user (username | *) {
facility severity;
match "regular-expression";
}
Specify one or more Junos OS usernames, separating multiple values with spaces, or use
the asterisk (*) to indicate all users who are logged in to the local Routing Engine.
For the list of logging facilities and severity levels, see Specifying the Facility and Severity
of Messages to Include in the Log. For information about the match statement, see “Using
Regular Expressions to Refine the Set of Logged Messages” on page 204.
Copyright © 2014, Juniper Networks, Inc.
187
Network Management and Monitoring on the QFX Series
Related
Documentation
•
Single-Chassis System Logging Configuration Overview
•
Overview of Single-Chassis System Logging Configuration on page 107
•
Examples: Configuring System Logging
•
Examples: Configuring System Logging on page 121
Directing System Log Messages to the Console
To direct system log messages to the console of the local Routing Engine, include the
console statement at the [edit system syslog] hierarchy level:
[edit system syslog]
console {
facility severity;
}
For the list of logging facilities and severity levels, see Specifying the Facility and Severity
of Messages to Include in the Log.
Related
Documentation
•
Single-Chassis System Logging Configuration Overview
•
Overview of Single-Chassis System Logging Configuration on page 107
•
Examples: Configuring System Logging
•
Examples: Configuring System Logging on page 121
Disabling the System Logging of a Facility
To disable the logging of messages that belong to a particular facility, include the
facility none statement in the configuration. This statement is useful when, for example,
you want to log messages that have the same severity level and belong to all but a few
facilities. Instead of including a statement for each facility you want to log, you can include
the any severity statement and then a facility none statement for each facility that you
do not want to log. For example, the following logs all messages at the error level or
higher to the console, except for messages from the daemon and kernel facilities.
Messages from those facilities are logged to the file >/var/log/internals instead:
[edit system syslog]
console {
any error;
daemon none;
kernel none;
}
file internals {
daemon info;
kernel info;
}
Related
Documentation
188
•
Single-Chassis System Logging Configuration Overview
•
Overview of Single-Chassis System Logging Configuration on page 107
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
Displaying a Log File from a Single-Chassis System
To display a log file stored on a single-chassis system such as the QFX3500 switch, enter
Junos OS CLI operational mode and issue the following commands:
user@switch> show log log-filename
user@switch> file show log-file-pathname
By default, the commands display the file stored on the local Routing Engine.
The following example shows the output from the show log messages command:
user@switch1> show log messages
Nov 4 11:30:01 switch1 newsyslog[2283]: logfile turned over due to size>128K
Nov 4 11:30:01 switch1 newsyslog[2283]: logfile turned over due to size>128K
Nov 4 11:30:06 switch1 chassism[952]: CM ENV Monitor: set fan speed is 65 percent
for Fan 1
Nov 4 11:30:06 switch1 chassism[952]: CM ENV Monitor: set fan speed is 65 percent
for Fan 2
Nov 4 11:30:06 switch1 chassism[952]: CM ENV Monitor: set fan speed is 65 percent
for Fan 3
...
Nov 4 11:52:53 switch1 snmpd[944]: SNMPD_HEALTH_MON_INSTANCE: Health Monitor:
jroute daemon memory usage (Management
process): new instance detected (variable: sysApplElmtRunMemory.5.6.2293)
Nov 4 11:52:53 switch1 snmpd[944]: SNMPD_HEALTH_MON_INSTANCE: Health Monitor:
jroute daemon memory usage (Command-line
interface): new instance detected (variable: sysApplElmtRunMemory.5.8.2292)
...
Nov 4 12:08:30 switch1 rpdf[957]: task_connect: task BGP_100.10.10.1.6+179 addr
10.10.1.6+179: Can't assign requested
address
Nov 4 12:08:30 switch1 rpdf[957]: bgp_connect_start: connect 10.10.1.6 (Internal
AS 100): Can't assign requested address
Nov 4 12:10:24 switch1 mgd[2293]: UI_CMDLINE_READ_LINE: User 'jsmith', command
'exit '
Nov 4 12:10:27 switch1 mgd[2293]: UI_DBASE_LOGOUT_EVENT: User 'jsmith' exiting
configuration mode
Nov 4 12:10:31 switch1 mgd[2293]: UI_CMDLINE_READ_LINE: User 'jsmith', command
'show log messages
The following example shows the output from the file show command. The file in the
pathname /var/log/processes has been previously configured to include messages from
the daemon facility.
user@switch1> file show /var/log/processes
Feb 22 08:58:24 switch1 snmpd[359]: SNMPD_TRAP_WARM_START: trap_generate_warm:
SNMP trap: warm start
Feb 22 20:35:07 switch1 snmpd[359]: SNMPD_THROTTLE_QUEUE_DRAINED:
trap_throttle_timer_handler: cleared all throttled traps
Feb 23 07:34:56 switch1 snmpd[359]: SNMPD_TRAP_WARM_START: trap_generate_warm:
SNMP trap: warm start
Feb 23 07:38:19 switch1 snmpd[359]: SNMPD_TRAP_COLD_START: trap_generate_cold:
SNMP trap: cold start
...
Related
Documentation
•
Interpreting Messages Generated in Standard Format on page 196
Copyright © 2014, Juniper Networks, Inc.
189
Network Management and Monitoring on the QFX Series
•
Interpreting Messages Generated in Structured-Data Format on page 193
Including Priority Information in System Log Messages
The facility and severity level of a message are together referred to as its priority. By
default, messages logged in the standard Junos OS format do not include information
about priority. To include priority information in standard-format messages directed to
a file, include the explicit-priority statement at the [edit system syslog file filename]
hierarchy level:
[edit system syslog file filename]
facility severity;
explicit-priority;
NOTE: Messages logged in structured-data format include priority information
by default. If you include the structured-data statement at the [edit system
syslog file filename] hierarchy level along with the explicit-priority statement,
the explicit-priority statement is ignored and messages are logged in
structured-data format.
For information about the structured-data statement, see Logging Messages
in Structured-Data Format. For information about the contents of a
structured-data message, see the Junos OS System Log Messages Reference.
To include priority information in messages directed to a remote machine or the other
Routing Engine, include the explicit-priority statement at the
[edit system syslog host (hostname | other-routing-engine)] hierarchy level:
[edit system syslog host (hostname | other-routing-engine)]
facility severity;
explicit-priority;
NOTE: The other-routing-engine option does not apply to the QFX Series.
The priority recorded in a message always indicates the original, local facility name. If
the facility-override statement is included for messages directed to a remote destination,
the Junos OS system logging utility still uses the alternative facility name for the messages
themselves when directing them to the remote destination. For more information, see
“Changing the Alternative Facility Name for Remote System Log Messages” on page 202.
When the explicit-priority statement is included, the Junos OS logging utility prepends
codes for the facility name and severity level to the message tag name, if the message
has one:
FACILITY-severity[-TAG]
(The tag is a unique identifier assigned to some Junos OS system log messages; for more
information, see the Junos OS System Log Messages Reference.)
190
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
In the following example, the CHASSISD_PARSE_COMPLETE message belongs to the
daemon facility and is assigned severity info (6):
Aug 21 12:36:30 router1 chassisd[522]: %DAEMON-6-CHASSISD_PARSE_COMPLETE:
Using new configuration
When the explicit-priority statement is not included, the priority does not appear in the
message:
Aug 21 12:36:30 router1 chassisd[522]: CHASSISD_PARSE_COMPLETE: Using new
configuration
For more information about message formatting, see the Junos OS System Log Messages
Reference.
Related
Documentation
•
Single-Chassis System Logging Configuration Overview
•
Overview of Single-Chassis System Logging Configuration on page 107
•
Examples: Configuring System Logging
Including the Year or Millisecond in Timestamps
By default, the timestamp recorded in a standard-format system log message specifies
the month, date, hour, minute, and second when the message was logged, as in the
following example:
Aug 21 15:36:30
To include the year, the millisecond, or both, in the timestamp, include the time-format
statement at the [edit system syslog] hierarchy level:
[edit system syslog]
time-format (year | millisecond | year millisecond);
The modified timestamp is used in messages directed to each destination configured by
a file, console, or user statement at the [edit system syslog] hierarchy level, but not to
destinations configured by a host statement.
The following example illustrates the format for a timestamp that includes both the
millisecond (401) and the year (2010):
Aug 21 15:36:30.401 2010
Copyright © 2014, Juniper Networks, Inc.
191
Network Management and Monitoring on the QFX Series
NOTE: By default, messages logged in structured-data format include the
year and millisecond. If you include the structured-data statement at the [edit
system syslog file filename] hierarchy level along with the time-format
statement, the time-format statement is ignored and messages are logged
in structured-data format.
For information about the structured-data statement, see “Logging Messages
in Structured-Data Format” on page 192. For information about interpreting
messages in a structured-data format, see “Interpreting Messages Generated
in Structured-Data Format” on page 193.
Logging Messages in Structured-Data Format
You can log messages to a file in structured-data format instead of the standard Junos
OS format. The structured-data format provides more information without adding
significant length, and makes it easier for automated applications to extract information
from a message.
The structured-data format complies with Internet draft draft-ietf-syslog-protocol-21.txt.
The draft establishes a standard message format regardless of the source or transport
protocol for logged messages.
To output messages to a file in structured-data format, include the structured-data
statement at the [edit system syslog file filename] hierarchy level:
[edit system syslog file filename]
facility severity;
structured-data {
brief;
}
The optional brief statement suppresses the English-language text that appears by
default at the end of a message to describe the error or event. For information about the
fields in a structured-data–format message, see “Interpreting Messages Generated in
Structured-Data Format” on page 193.
The structured format is used for all messages logged to the file that are generated by
a Junos OS process or software library.
NOTE: If you include either or both of the explicit-priority and time-format
statements along with the structured-data statement, they are ignored. These
statements apply to the standard Junos OS system log format, not to
structured-data format.
192
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
Interpreting Messages Generated in Structured-Data Format
By default, Junos OS processes and software libraries write messages to the system log
file in structured-data format. For information about the structured-data statement, see
Logging Messages in Structured-Data Format.
Structured-format makes it easier for automated applications to extract information
from the message. In particular, the standardized format for reporting the value of
variables (elements in the English-language message that vary depending on the
circumstances that triggered the message) makes it easy for an application to extract
those values.
The structured-data format for a message includes the following fields (which appear
here on two lines only for legibility):
<priority code>version timestamp hostname process processID TAG [junos@2636.platform
variable-value-pairs] message-text
Table 32 on page 193 describes the fields. If the system logging utility cannot determine
the value in a particular field, a hyphen ( - ) appears instead.
Table 32: Fields in Structured-Data Messages
Field
Description
<priority code>
Number that indicates the facility and
severity of a message. It is calculated by
multiplying the facility number by 8 and
then adding the numerical value of the
severity. For a mapping of the numerical
codes to facility and severity, see
Specifying the Facility and Severity of
Messages to Include in the Log.
<165> for a message from
the pfe facility
(facility=20) with
severity notice
(severity=5).
version
Version of the Internet Engineering Task
Force (IETF) system logging protocol
specification.
1 for the initial version
timestamp
Time when the message was generated,
in one of two representations:
2007-02-15T09:17:15.719Z
is 9:17 AM UTC on 15
February 2007.
2007-02-15T01:17:15.719
-08:00 is the same
timestamp expressed as
Pacific Standard Time in
the United States.
•
YYYY-MM-DDTHH:MM:SS.MSZ is the
year, month, day, hour, minute, second
and millisecond in Universal
Coordinated Time (UTC)
•
YYYY-MM-DDTHH:MM:SS.MS+/-HH:MM
Examples
is the year, month, day, hour, minute,
second and millisecond in local time;
the hour and minute that follows the
plus sign (+) or minus sign (-) is the
offset of the local time zone from UTC
hostname
Copyright © 2014, Juniper Networks, Inc.
Name of the host that originally
generated the message.
switch1
193
Network Management and Monitoring on the QFX Series
Table 32: Fields in Structured-Data Messages (continued)
Field
Description
Examples
process
Name of the Junos OS process that
generated the message.
mgd
processID
UNIX process ID (PID) of the Junos
process that generated the message.
3046
TAG
Junos OS system log message tag, which
uniquely identifies the message.
UI_DBASE_LOGOUT_EVENT
junos@2636.platform
An identifier for the type of hardware
platform that generated the message.
The junos@2636 prefix indicates that
the platform runs the Junos OS. It is
followed by a dot-separated numerical
identifier for the platform type.
junos@2636.1.1.1.2.18
variable-value-pairs
A variable-value pair for each element
in the message-text string that varies
depending on the circumstances that
triggered the message. Each pair
appears in the format variable = "value".
username="regress"
message-text
English-language description of the
event or error (omitted if the brief
statement is included at the [edit system
syslog file filename structured-data]
hierarchy level).
User 'regress' exiting
configuration mode
By default, the structured-data version of a message includes English text at the end, as
in the following example (which appears on multiple lines only for legibility):
<165>1 2007-02-15T09:17:15.719Z router1 mgd 3046 UI_DBASE_LOGOUT_EVENT
[junos@2636.1.1.1.2.18 username="regress"] User 'regress' exiting configuration mode
When the brief statement is included at the [edit system syslog file filename
structured-data ] hierarchy level, the English text is omitted, as in this example:
<165>1 2007-02-15T09:17:15.719Z router1 mgd 3046 UI_DBASE_LOGOUT_EVENT
[junos@2636.1.1.1.2.18 username="regress"]
Table 33 on page 195 maps the codes that appear in the priority-code field to facility and
severity level.
NOTE: Not all of the facilities and severities listed in Table 33 on page 195 can
be included in statements at the [edit system syslog] hierarchy level (some
are used by internal processes). For a list of the facilities and severity levels
that can be included in the configuration, see “Specifying the Facility and
Severity of Messages to Include in the Log” on page 198.
194
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
Table 33: Facility and Severity Codes in the priority-code Field
Facility (number)
Severity
emergency
alert
critical
error
warning
notice
info
debug
kernel (0)
1
1
2
3
4
5
6
7
user (1)
8
9
10
11
12
13
14
15
mail (2)
16
17
18
19
20
21
22
23
daemon (3)
24
25
26
27
28
29
30
31
authorization (4)
32
33
34
35
36
37
38
39
syslog (5)
40
41
42
43
44
45
46
47
printer (6)
48
49
50
51
52
53
54
55
news (7)
56
57
58
59
60
61
62
63
uucp (8)
64
65
66
67
68
69
70
71
clock (9)
72
73
74
75
76
77
78
79
authorization-private
(10)
80
81
82
83
84
85
86
87
ftp (11)
88
89
90
91
92
93
94
95
ntp (12)
96
97
98
99
100
101
102
103
security (13)
104
105
106
107
108
109
110
111
console (14)
112
113
114
115
116
117
118
119
local0 (16)
128
129
130
131
132
133
134
135
dfc (17)
136
137
138
139
140
141
142
143
local2 (18)
144
145
146
147
148
149
150
151
firewall (19)
152
153
154
155
156
157
158
159
pfe (20)
160
161
162
163
164
165
166
167
conflict-log (21)
168
169
170
171
172
173
174
175
change-log (22)
176
177
178
179
180
181
182
183
interactive-commands
(23)
184
185
186
187
188
189
190
191
Copyright © 2014, Juniper Networks, Inc.
195
Network Management and Monitoring on the QFX Series
Interpreting Messages Generated in Standard Format
The syntax of a standard-format message generated by a Junos OS process or subroutine
library depends on whether it includes priority information:
•
When the explicit-priority statement is included at the [edit system syslog file filename]
or [edit system syslog host hostname ] hierarchy level, a system log message has the
following syntax:
timestamp
•
message-source: %facility–severity–TAG: message-text
When directed to the console or to users, or when the explicit-priority statement is not
included for files or remote hosts, a system log message has the following syntax:
timestamp
message-source: TAG: message-text
Table 34 on page 196 describes the message fields.
Table 34: Fields in Standard-Format Messages
Field
Description
timestamp
Time at which the message was logged.
message-source
Identifier of the process or component that generated the message and the
routing platform on which the message was logged. This field includes two or
more subfields: hostname, process and process ID (PID). If the process does
not report its PID, the PID is not displayed. The message source subfields are
displayed in the following format:
hostname process[process-ID]
facility
Code that specifies the facility to which the system log message belongs. For
a mapping of codes to facility names, see Table: Facility Codes Reported in
Priority Information in “Including Priority Information in System Log Messages”
on page 190.
severity
Numerical code that represents the severity level assigned to the system log
message. For a mapping of codes to severity names, see Table: Numerical
Codes for Severity Levels Reported in Priority Information in “Including Priority
Information in System Log Messages” on page 190.
TAG
Text string that uniquely identifies the message, in all uppercase letters and
using the underscore (_) to separate words. The tag name begins with a prefix
that indicates the generating software process or library. The entries in this
reference are ordered alphabetically by this prefix.
Not all processes on a routing platform use tags, so this field does not always
appear.
message-text
196
Text of the message.
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
Specifying Log File Size, Number, and Archiving Properties
To prevent log files from growing too large, by default the Junos system logging utility
writes messages to a sequence of files of a defined size. The files in the sequence are
referred to as archive files to distinguish them from the active file to which messages are
currently being written. The default maximum size depends on the platform type:
•
128 kilobytes (KB) for EX Series switches and J Series routers
•
1 megabyte (MB) for M Series, MX Series, and T Series routers
•
10 MB for TX Matrix or TX Matrix Plus routers
•
1 MB for the QFX Series
When an active log file called logfile reaches the maximum size, the logging utility closes
the file, compresses it, and names the compressed archive file logfile.0.gz. The logging
utility then opens and writes to a new active file called logfile. This process is also known
as file rotation. When the new logfile reaches the configured maximum size, logfile.0.gz
is renamed logfile.1.gz, and the new logfile is closed, compressed, and renamed logfile.0.gz.
By default, the logging utility creates up to 10 archive files in this manner. When the
maximum number of archive files is reached and when the size of the active file reaches
the configured maximum size, the contents of the last archived file are overwritten by
the current active file. The logging utility by default also limits the users who can read
log files to the root user and users who have the Junos OS maintenance permission.
Junos OS provides a configuration statement log-rotate-frequency that configures the
system log file rotation frequency by configuring the time interval for checking the log
file size. The frequency can be set to a value of 1 minute through 59 minutes. The default
frequency is 15 minutes.
To configure the log rotation frequency, include the log-rotate-frequency statement at
the [edit system syslog] hierarchy level.
You can include the archive statement to change the maximum size of each file, how
many archive files are created, and who can read log files.
To configure values that apply to all log files, include the archive statement at the
[edit system syslog] hierarchy level:
archive <files number> <size size> <world-readable | no-world-readable>;
To configure values that apply to a specific log file, include the archive statement at the
[edit system syslog file filename] hierarchy level:
archive <archive-sites (ftp-url <password password>)> <files number> <size size>
<start-time "YYYY-MM-DD.hh:mm"> <transfer-interval minutes> <world-readable |
no-world-readable> ;
archive-sites site-name specifies a list of archive sites that you want to use for storing
files. The site-name value is any valid FTP URL to a destination. If more than one site
name is configured, a list of archive sites for the system log files is created. When a file
is archived, the router or switch attempts to transfer the file to the first URL in the list,
Copyright © 2014, Juniper Networks, Inc.
197
Network Management and Monitoring on the QFX Series
moving to the next site only if the transfer does not succeed. The log file is stored at the
archive site with the specified log filename. For information about how to specify valid
FTP URLs, see Format for Specifying Filenames and URLs in Junos OS CLI Commands.
binary-data Mark file as containing binary data. This allows proper archiving of binary
files, such as WTMP files (login records for UNIX based systems). To restore the default
setting, include the no-binary-data statement.
files number specifies the number of files to create before the oldest file is overwritten.
The value can be from 1 through 1000.
size size specifies the maximum size of each file. The value can be from 64 KB (64k)
through 1 gigabyte (1g); to represent megabytes, use the letter m after the integer. There
is no space between the digits and the k, m, or g units letter.
start-time "YYYY-MM-DD.hh:mm" defines the date and time in the local time zone for a
one-time transfer of the active log file to the first reachable site in the list of sites specified
by the archive-sites statement.
transfer-interval interval defines the amount of time the current log file remains open
(even if it has not reached the maximum possible size) and receives new statistics before
it is closed and transferred to an archive site. This interval value can be from 5 through
2880 minutes.
world-readable enables all users to read log files. To restore the default permissions,
include the no-world-readable statement.
Related
Documentation
•
Single-Chassis System Logging Configuration Overview
•
Examples: Configuring System Logging
•
Overview of Single-Chassis System Logging Configuration on page 107
•
Routing Matrix with a TX Matrix Plus Router Solutions Page
Specifying the Facility and Severity of Messages to Include in the Log
Each system log message belongs to a facility, which is a group of messages that are
either generated by the same software process or concern a similar condition or activity
(such as authentication attempts). Each message is also preassigned a severity level,
which indicates how seriously the triggering event affects router functions.
When you configure logging for a facility and destination, you specify a severity level for
each facility. Messages from the facility that are rated at that level or higher are logged
to the destination:
[edit system syslog]
(console | file filename | host destination | user username) {
facility severity;
}
Related
Documentation
198
•
Junos OS System Logging Facilities and Message Severity Levels on page 199
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
•
Single-Chassis System Logging Configuration Overview
•
Examples: Configuring System Logging
•
Overview of Single-Chassis System Logging Configuration on page 107
Junos OS System Logging Facilities and Message Severity Levels
Table 35 on page 199 lists the Junos system logging facilities that you can specify in
configuration statements at the [edit system syslog] hierarchy level.
Table 35: Junos OS System Logging Facilities
Facility
Type of Event or Error
any
All (messages from all facilities)
authorization
Authentication and authorization attempts
change-log
Changes to the Junos OS configuration
conflict-log
Specified configuration is invalid on the router type
daemon
Actions performed or errors encountered by system processes
dfc
Events related to dynamic flow capture
firewall
Packet filtering actions performed by a firewall filter
ftp
Actions performed or errors encountered by the FTP process
interactive-commands
Commands issued at the Junos OS command-line interface (CLI) prompt
or by a client application such as a Junos XML protocol or NETCONF XML
client
kernel
Actions performed or errors encountered by the Junos OS kernel
pfe
Actions performed or errors encountered by the Packet Forwarding Engine
user
Actions performed or errors encountered by user-space processes
Table 36 on page 200 lists the severity levels that you can specify in configuration
statements at the [edit system syslog] hierarchy level. The levels from emergency through
info are in order from highest severity (greatest effect on functioning) to lowest.
Unlike the other severity levels, the none level disables logging of a facility instead of
indicating how seriously a triggering event affects routing functions. For more information,
see “Disabling the System Logging of a Facility” on page 188.
Copyright © 2014, Juniper Networks, Inc.
199
Network Management and Monitoring on the QFX Series
Table 36: System Log Message Severity Levels
Related
Documentation
Severity Level
Description
any
Includes all severity levels
none
Disables logging of the associated facility to a destination
emergency
System panic or other condition that causes the router to stop functioning
alert
Conditions that require immediate correction, such as a corrupted system
database
critical
Critical conditions, such as hard errors
error
Error conditions that generally have less serious consequences than errors at
the emergency, alert, and critical levels
warning
Conditions that warrant monitoring
notice
Conditions that are not errors but might warrant special handling
info
Events or nonerror conditions of interest
•
Single-Chassis System Logging Configuration Overview
•
Overview of Single-Chassis System Logging Configuration on page 107
•
Examples: Configuring System Logging
System Log Default Facilities for Messages Directed to a Remote Destination
Table 37 on page 200 lists the default alternative facility name next to the Junos OS-specific
facility name for which it is used. For facilities that are not listed, the default alternative
name is the same as the local facility name.
Table 37: Default Facilities for Messages Directed to a Remote Destination
200
Junos OS–specific Local
Facility
Default Facility When Directed to Remote Destination
change-log
local6
conflict-log
local5
dfc
local1
firewall
local3
interactive-commands
local7
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
Table 37: Default Facilities for Messages Directed to a Remote
Destination (continued)
Related
Documentation
Junos OS–specific Local
Facility
Default Facility When Directed to Remote Destination
pfe
local4
•
Single-Chassis System Logging Configuration Overview
•
Overview of Single-Chassis System Logging Configuration on page 107
Junos OS System Log Alternate Facilities for Remote Logging
Table 38 on page 201 lists the facilities that you can specify in the facility-override
statement.
Table 38: Facilities for the facility-override Statement
Facility
Description
authorization
Authentication and authorization attempts
daemon
Actions performed or errors encountered by system processes
ftp
Actions performed or errors encountered by the FTP process
kernel
Actions performed or errors encountered by the Junos OS kernel
local0
Local facility number 0
local1
Local facility number 1
local2
Local facility number 2
local3
Local facility number 3
local4
Local facility number 4
local5
Local facility number 5
local6
Local facility number 6
local7
Local facility number 7
user
Actions performed or errors encountered by user-space processes
We do not recommend including the facility-override statement at the [edit system syslog
host other-routing-engine] hierarchy level. It is not necessary to use alternative facility
Copyright © 2014, Juniper Networks, Inc.
201
Network Management and Monitoring on the QFX Series
names when directing messages to the other Routing Engine, because its Junos OS
system logging utility can interpret the Junos OS-specific names.
Related
Documentation
•
Examples: Assigning an Alternative Facility
•
Single-Chassis System Logging Configuration Overview
•
Overview of Single-Chassis System Logging Configuration on page 107
Changing the Alternative Facility Name for Remote System Log Messages
Some facilities assigned to messages logged on the local router or switch have Junos
OS-specific names (see Table 35 on page 199). In the recommended configuration, a
remote machine designated at the [edit system syslog host hostname] hierarchy level is
not a Juniper Networks router or switch, so its syslogd utility cannot interpret the Junos
OS-specific names. To enable the standard syslogd utility to handle messages from
these facilities when messages are directed to a remote machine, a standard localX
facility name is used instead of the Junos OS-specific facility name.
Table 37 on page 200 lists the default alternative facility name next to the Junos OS-specific
facility name it is used for.
The syslogd utility on a remote machine handles all messages that belong to a facility
in the same way, regardless of the source of the message (the Juniper Networks router
or switch or the remote machine itself). For example, the following statements in the
configuration of the router called local-router direct messages from the authorization
facility to the remote machine monitor.mycompany.com:
[edit system syslog]
host monitor.mycompany.com {
authorization info;
}
The default alternative facility for the local authorization facility is also authorization. If
the syslogd utility on monitor is configured to write messages belonging to the
authorization facility to the file /var/log/auth-attempts, then the file contains the messages
generated when users log in to local-router and the messages generated when users log
in to monitor. Although the name of the source machine appears in each system log
message, the mixing of messages from multiple machines can make it more difficult to
analyze the contents of the auth-attempts file.
To make it easier to separate the messages from each source, you can assign an
alternative facility to all messages generated on local-router when they are directed to
monitor. You can then configure the syslogd utility on monitor to write messages with
the alternative facility to a different file from messages generated on monitor itself.
To change the facility used for all messages directed to a remote machine, include the
facility-override statement at the [edit system syslog host hostname] hierarchy level:
[edit system syslog host hostname]
facility severity;
facility-override facility;
202
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
In general, it makes sense to specify an alternative facility that is not already in use on
the remote machine, such as one of the localX facilities. On the remote machine, you
must also configure the syslogd utility to handle the messages in the desired manner.
Table 38 on page 201 lists the facilities that you can specify in the facility-override
statement.
We do not recommend including the facility-override statement at the [edit system syslog
host other-routing-engine] hierarchy level. It is not necessary to use alternative facility
names when directing messages to the other Routing Engine, because its Junos OS
system logging utility can interpret the Junos OS-specific names.
The following example shows how to log all messages generated on the local router at
the error level or higher to the local0 facility on the remote machine called
monitor.mycompany.com:
[edit system syslog]
host monitor.mycompany.com {
any error;
facility-override local0;
}
The following example shows how to configure routers located in California and routers
located in New York to send messages to a single remote machine called
central-logger.mycompany.com. The messages from California are assigned to alternative
facility local0 and the messages from New York are assigned to alternative facility local2.
•
Configure California routers to aggregate messages in the local0 facility:
[edit system syslog]
host central-logger.mycompany.com {
change-log info;
facility-override local0;
}
•
Configure New York routers to aggregate messages in the local2 facility:
[edit system syslog]
host central-logger.mycompany.com {
change-log info;
facility-override local2;
}
On central-logger, you can then configure the system logging utility to write messages
from the local0 facility to the file change-log and the messages from the local2 facility
to the file new-york-config.
Related
Documentation
•
Table 37 on page 200
•
Junos OS System Log Alternate Facilities for Remote Logging on page 201
•
Examples: Assigning an Alternative Facility
•
Examples: Assigning an Alternative Facility on page 123
Copyright © 2014, Juniper Networks, Inc.
203
Network Management and Monitoring on the QFX Series
Using Regular Expressions to Refine the Set of Logged Messages
The predefined facilities group together related messages, but you can also use regular
expression matching to specify more exactly which messages from a facility are logged
to a file, a user terminal, or a remote destination.
To specify the text string that must (or must not) appear in a message for the message
to be logged to a destination, include the match statement and specify the regular
expression which the text string must match:
match "regular-expression";
You can include this statement at the following hierarchy levels:
•
[edit system syslog file filename] (for a file)
•
[edit system syslog user (username | *)] (for a specific user session or for all user sessions
on a terminal)
•
[edit system syslog host (hostname | other-routing-engine)] (for a remote destination)
In specifying the regular expression, use the notation defined in POSIX Standard 1003.2
for extended (modern) UNIX regular expressions. Explaining regular expression syntax
is beyond the scope of this document, but POSIX standards are available from the Institute
of Electrical and Electronics Engineers (IEEE, http://www.ieee.org).
Table 39 on page 204 specifies which character or characters are matched by some of
the regular expression operators that you can use in the match statement. In the
descriptions, the term term refers to either a single alphanumeric character or a set of
characters enclosed in square brackets, parentheses, or braces.
NOTE: The match statement is not case-sensitive.
Table 39: Regular Expression Operators for the match Statement
204
Operator
Matches
. (period)
One instance of any character except the space.
* (asterisk)
Zero or more instances of the immediately preceding term.
+ (plus sign)
One or more instances of the immediately preceding term.
? (question mark)
Zero or one instance of the immediately preceding term.
| (pipe)
One of the terms that appears on either side of the pipe operator.
! (exclamation point)
Any string except the one specified by the expression, when the
exclamation point appears at the start of the expression. Use of the
exclamation point is Junos OS-specific.
Copyright © 2014, Juniper Networks, Inc.
Chapter 15: Configuration Tasks for System Log Messages
Table 39: Regular Expression Operators for the match
Statement (continued)
Operator
Matches
^ (caret)
Start of a line, when the caret appears outside square brackets.
One instance of any character that does not follow it within square
brackets, when the caret is the first character inside square brackets.
Using Regular
Expressions
$ (dollar sign)
End of a line.
[ ] (paired square
brackets)
One instance of one of the enclosed alphanumeric characters. To
indicate a range of characters, use a hyphen ( - ) to separate the
beginning and ending characters of the range. For example, [a-z0-9]
matches any letter or number.
( ) (paired parentheses)
One instance of the evaluated value of the enclosed term.
Parentheses are used to indicate the order of evaluation in the regular
expression.
Filter messages that belong to the interactive-commands facility, directing those that
include the string configure to the terminal of the root user:
[edit system syslog]
user root {
interactive-commands any;
match “.*configure.*”;
}
Messages like the following appear on the root user’s terminal when a user issues a
configure command to enter configuration mode:
timestamp router-name mgd[PID]: UI_CMDLINE_READ_LINE: User 'user', command
'configure private'
Filter messages that belong to the daemon facility and have a severity of error or higher,
directing them to the file /var/log/process-errors. Omit messages generated by the SNMP
process (snmpd), instead directing them to the file /var/log/snmpd-errors:
[edit system syslog]
file process-errors {
daemon error;
match “!(.*snmpd.*)”;
}
file snmpd-errors {
daemon error;
match “.*snmpd.*”;
}
Related
Documentation
•
Single-Chassis System Logging Configuration Overview
•
Overview of Single-Chassis System Logging Configuration on page 107
•
Examples: Configuring System Logging
•
Examples: Configuring System Logging on page 121
Copyright © 2014, Juniper Networks, Inc.
205
Network Management and Monitoring on the QFX Series
206
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 16
Configuration Statements for Network
Management
•
connection-limit on page 208
•
destination-override on page 209
•
no-remote-trace on page 209
•
protocol-version on page 210
•
rate-limit on page 211
•
ssh on page 212
•
telnet on page 213
•
tracing on page 214
Copyright © 2014, Juniper Networks, Inc.
207
Network Management and Monitoring on the QFX Series
connection-limit
Syntax
Hierarchy Level
Release Information
connection-limit limit;
[edit system services finger],
[edit system services ftp],
[edit system services netconf ssh],
[edit system services ssh],
[edit system services telnet],
[edit system services xnm-clear-text],
[edit system services xnm-ssl]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description
Configure the maximum number of connections sessions for each type of system services
(finger, ftp, ssh, telnet, xnm-clear-text, or xnm-ssl) per protocol (either IPv6 or IPv4).
Options
limit—(Optional) Maximum number of established connections per protocol (either IPv6
or IPv4).
Range: 1 through 250
Default: 75
NOTE: The actual number of maximum connections depends on the
availability of system resources, and might be fewer than the configured
connection-limit value if the system resources are limited.
Required Privilege
Level
Related
Documentation
208
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Configuring clear-text or SSL Service for Junos XML Protocol Client Applications
•
Configuring DTCP-over-SSH Service for the Flow-Tap Application
•
Configuring Finger Service for Remote Access to the Router
•
Configuring FTP Service for Remote Access to the Router or Switch
•
Configuring SSH Service for Remote Access to the Router or Switch on page 150
•
Configuring Telnet Service for Remote Access to a Router or Switch
Copyright © 2014, Juniper Networks, Inc.
Chapter 16: Configuration Statements for Network Management
destination-override
Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
destination-override {
syslog host ip-address;
}
[edit system tracing]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Override the system-wide configuration of the switch at the [edit system tracing] hierarchy
level. This statement has no effect if system tracing is not configured.
syslog—System process log files to send to the remote tracing host.
•
syslog—System process log files to send to the remote tracing host.
•
host ip-address—IP address to which to send tracing information.
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Understanding Tracing and Logging Operations on page 7
•
tracing on page 214
no-remote-trace
Syntax
Hierarchy Level
Release Information
Description
Default
Required Privilege
Level
Related
Documentation
no-remote-trace
[edit system]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the switch to disable remote tracing after remote tracing has been enabled.
Remote tracing is disabled.
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
tracing on page 214
Copyright © 2014, Juniper Networks, Inc.
209
Network Management and Monitoring on the QFX Series
protocol-version
Syntax
Hierarchy Level
Release Information
Description
Default
Options
Required Privilege
Level
Related
Documentation
210
protocol-version version;
[edit system services ssh]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify the secure shell (SSH) protocol version.
v2—SSH protocol version 2 is the default, introduced in Junos OS Release 11.4.
version—SSH protocol version: v1, v2, or both.
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
•
Configuring the SSH Protocol Version on page 151
Copyright © 2014, Juniper Networks, Inc.
Chapter 16: Configuration Statements for Network Management
rate-limit
Syntax
Hierarchy Level
Release Information
Description
Default
Options
rate-limit limit;
[edit system services finger],
[edit system services ftp],
[edit system services netconf ssh],
[edit system services ssh],
[edit system services telnet],
[edit system services xnm-clear-text],
[edit system services xnm-ssl]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the maximum number of connections attempts per protocol (either IPv6 or
IPv4) on an access service.
150 connections
rate-limit limit—(Optional) Maximum number of connection attempts allowed per minute,
per IP protocol (either IPv4 or IPv6).
Range: 1 through 250
Default: 150
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Configuring clear-text or SSL Service for Junos XML Protocol Client Applications
Copyright © 2014, Juniper Networks, Inc.
211
Network Management and Monitoring on the QFX Series
ssh
Syntax
Hierarchy Level
Release Information
Description
ssh {
ciphers [ cipher-1 cipher-2 cipher-3 ...];
client-alive-count-max seconds;
client-alive-interval seconds;
connection-limit limit;
hostkey-algorithm <algorithm|no-algorithm>;
key-exchange <algorithm>;
macs <algorithm>;
max-sessions-per-connection <number>;
no-tcp-forwarding;
protocol-version [v1 v2];
rate-limit limit;
root-login (allow | deny | deny-password);
}
[edit system services]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
client-alive-interval and client-alive-max-count statements introduced in Junos OS Release
12.2.
Allow SSH requests from remote systems to the local router or switch.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
212
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Configuring SSH Service for Remote Access to the Router or Switch on page 150
Copyright © 2014, Juniper Networks, Inc.
Chapter 16: Configuration Statements for Network Management
telnet
Syntax
Hierarchy Level
Release Information
Description
telnet {
connection-limit limit;
rate-limit limit;
}
[edit system services]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Provide Telnet connections from remote systems to the local router or switch.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Configuring Telnet Service for Remote Access to a Router or Switch
Copyright © 2014, Juniper Networks, Inc.
213
Network Management and Monitoring on the QFX Series
tracing
Syntax
Hierarchy Level
Release Information
Description
tracing {
destination-override syslog host ip-address;
}
[edit system]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the switch to enable remote tracing to a specified host IP address.
NOTE: The tracing statement is not supported on the QFX3000 QFabric
system.
The following processes are supported:
•
chassisd—Chassis-control process
•
eventd—Event-processing process
•
cosd—Class-of-service process
If you enabled remote tracing but wish to disable it for specific processes on the switch,
use the no-remote-trace statement at the [edit system process-name traceoptions]
hierarchy level.
Default
Options
Remote tracing is disabled by default.
destination-override syslog host ip-address—Overrides the global configuration for system
tracing and has no effect if the tracing statement is not configured.
Required Privilege
Level
Related
Documentation
214
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Understanding Tracing and Logging Operations on page 7
•
destination-override on page 209
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 17
Configuration Statements for Automation
•
allow-transients on page 216
•
apply-macro on page 217
•
checksum on page 218
•
command on page 219
•
commit on page 220
•
description on page 221
•
direct-access on page 221
•
file (Commit Scripts) on page 222
•
file (Op Scripts) on page 223
•
no-allow-url on page 224
•
op on page 225
•
optional on page 226
•
refresh (Commit Scripts) on page 227
•
refresh (Op Scripts) on page 228
•
refresh-from (Commit Scripts) on page 229
•
refresh-from (Op Scripts) on page 230
•
scripts on page 231
•
source (Commit Scripts) on page 232
•
source (Op Scripts) on page 233
Copyright © 2014, Juniper Networks, Inc.
215
Network Management and Monitoring on the QFX Series
allow-transients
Syntax
Hierarchy Level
Release Information
Description
Default
Required Privilege
Level
Related
Documentation
216
allow-transients;
[edit system scripts commit]
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS commit scripts, enable transient configuration changes to be committed.
Transient changes are disabled by default. If you do not include the allow-transients
statement, and an enabled script generates transient changes, the command-line
interface (CLI) generates an error message and the commit operation fails.
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Generating a Persistent or Transient Change
•
Creating a Macro to Read the Custom Syntax and Generate Related Configuration
Statements
Copyright © 2014, Juniper Networks, Inc.
Chapter 17: Configuration Statements for Automation
apply-macro
Syntax
Hierarchy Level
Release Information
Description
apply-macro apply-macro-name {
parameter-name parameter-value;
}
All hierarchy levels
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 12.2 for the QFX Series.
With commit script macros, use custom syntax in your configuration.
Macros work by locating apply-macro statements that you include in the candidate
configuration and using the values specified in the apply-macro statement as parameters
to a set of instructions (the macro) defined in a commit script. The commit script alters
your configuration from one that contains custom syntax into a full configuration
containing standard Junos OS statements.
In effect, your custom configuration syntax serves a dual purpose. The syntax allows you
to simplify your configuration tasks, and it provides data (or hooks) that are used by
commit script macros.
You can include the apply-macro statement at any level of the configuration hierarchy.
You can include multiple apply-macro statements at each level of the configuration
hierarchy; however, each must have a unique name.
Options
apply-macro-name—Name of the apply-macro statement.
parameter-name—One or more parameters. Parameters can be any text you want to
include in your configuration.
parameter-value—A value that corresponds to the parameter name. Parameter values
can be any text you want to include in your configuration.
Required Privilege
Level
Related
Documentation
configure—To enter configuration mode; other required privilege levels depend on where
the statement is located in the configuration hierarchy.
•
Overview of Creating Custom Configuration Syntax with Macros
Copyright © 2014, Juniper Networks, Inc.
217
Network Management and Monitoring on the QFX Series
checksum
Syntax
Hierarchy Level
Release Information
Description
Options
checksum (md5 | sha-256 | sha1) hash;
[edit event-options event-script file filename],
[edit system scripts commit file filename],
[edit system scripts op file filename]
Statement introduced in Junos OS Release 9.5.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS commit scripts and op scripts, specify the MD5, SHA-1, or SHA-256 checksum
hash. When it executes a local event, commit, or op script, Junos OS verifies the
authenticity of the script by using the configured checksum hash.
md5 hash—MD5 checksum of this script.
sha-256 hash—SHA-256 checksum of this script.
sha1 hash—SHA-1 checksum of this script.
Required Privilege
Level
Related
Documentation
218
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Configuring Checksum Hashes for a Commit Script
•
Configuring Checksum Hashes for an Event Script
•
Configuring Checksum Hashes for an Op Script
•
Executing an Op Script from a Remote Site
•
file checksum md5 command in the System Basics and Services Command Reference
•
file checksum sha-256 command in the System Basics and Services Command Reference
•
file checksum sha1 command in the System Basics and Services Command Reference
Copyright © 2014, Juniper Networks, Inc.
Chapter 17: Configuration Statements for Automation
command
Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
command filename-alias;
[edit system scripts op file filename]
Statement introduced in Junos OS Release 7.6.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS op scripts, configure a filename alias for the script file. This allows you to
run the script by referencing either the script filename or the filename alias.
filename-alias—Alias for the script file.
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Enabling an Op Script and Defining a Script Alias
Copyright © 2014, Juniper Networks, Inc.
219
Network Management and Monitoring on the QFX Series
commit
Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
220
commit {
allow-transients;
direct-access;
file filename {
checksum (md5 | sha-256 | sha1) hash;
optional;
refresh;
refresh-from url;
source url;
}
max-datasize
refresh;
refresh-from url;
traceoptions {
file <filename> <files number> <size size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
[edit system scripts]
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS commit scripts, configure the commit-time scripting mechanism.
The statements are explained separately.
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Storing and Enabling Scripts
Copyright © 2014, Juniper Networks, Inc.
Chapter 17: Configuration Statements for Automation
description
Syntax
Hierarchy Level
Release Information
Description
Required Privilege
Level
Related
Documentation
description descriptive-text;
[edit system scripts op file filename]
[edit system scripts op file filename arguments argument-name]
Statement introduced in Junos OS Release 7.6.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS op scripts, provide a help-text string that appears in the command-line
interface (CLI).
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Configuring Help Text for Op Scripts
•
Declaring Arguments in Op Scripts
•
file (Op Scripts) on page 223
direct-access
Syntax
Hierarchy Level
Release Information
Description
Required Privilege
Level
Related
Documentation
direct-access;
[edit system scripts commit]
Statement introduced in Junos OS Release 9.1.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify that commit scripts read input configurations directly from the database when
inspecting these scripts for errors.
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Executing Large Commit Scripts
Copyright © 2014, Juniper Networks, Inc.
221
Network Management and Monitoring on the QFX Series
file (Commit Scripts)
Syntax
Hierarchy Level
Release Information
Description
Options
file filename {
checksum (md5 | sha-256 | sha1) hash;
optional;
refresh;
refresh-from url;
source url;
}
[edit system scripts commit]
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS commit scripts, enable a commit script that is located in the
/var/db/scripts/commit directory.
filename—Name of an Extensible Stylesheet Language Transformations (XSLT) or
Stylesheet Language Alternative Syntax (SLAX) file containing a commit script.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
222
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Controlling Execution of Commit Scripts During Commit Operations
Copyright © 2014, Juniper Networks, Inc.
Chapter 17: Configuration Statements for Automation
file (Op Scripts)
Syntax
Hierarchy Level
Release Information
Description
Options
file filename {
arguments {
argument-name {
description descriptive-text;
}
}
checksum (md5 | sha-256 | sha1) hash;
command filename-alias;
description descriptive-text;
refresh;
refresh-from url;
source url;
}
[edit system scripts op]
Statement introduced in Junos OS Release 7.6.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS op scripts, enable an op script that is located in the /var/db/scripts/op
directory.
filename—The name of an Extensible Stylesheet Language Transformations (XSLT) or
Stylesheet Language Alternative Syntax (SLAX) file containing an op script.
The statements are explained separately.
Required Privilege
Level
Related
Documentation
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Enabling an Op Script and Defining a Script Alias
Copyright © 2014, Juniper Networks, Inc.
223
Network Management and Monitoring on the QFX Series
no-allow-url
Syntax
Hierarchy Level
Release Information
Description
Required Privilege
Level
Related
Documentation
224
no-allow-url;
[edit system scripts op]
Statement introduced in Junos OS Release 10.0.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS op scripts, prohibit the remote execution of scripts. When you include this
configuration statement, the op url operational mode command generates an error and
does not permit you to execute the op script from a remote site.
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
file (Op Scripts) on page 223
•
Executing an Op Script from a Remote Site
Copyright © 2014, Juniper Networks, Inc.
Chapter 17: Configuration Statements for Automation
op
Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
op {
file filename {
arguments {
argument-name {
description descriptive-text;
}
}
checksum (md5 | sha-256 | sha1) hash;
command filename-alias;
description descriptive-text;
max-datasize
refresh;
refresh-from url;
source url;
}
no-allow-url
refresh;
refresh-from url;
traceoptions {
file <filename> <files number> <size size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
[edit system scripts]
Statement introduced in Junos OS Release 7.6.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS op scripts, configure an operation scripting mechanism.
The statements are explained separately.
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Storing and Enabling Scripts
Copyright © 2014, Juniper Networks, Inc.
225
Network Management and Monitoring on the QFX Series
optional
Syntax
Hierarchy Level
Release Information
Description
optional;
[edit system scripts commit file filename]
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS commit scripts, allow a commit operation to succeed even if the script
specified in the file statement is missing from the /var/db/scripts/commit directory on
the device.
NOTE: On the QFabric system, commit scripts are stored in the
/pbdata/mgd_shared/partition-ip/var/db/scripts/commit/ directory on the
Director device.
Required Privilege
Level
Related
Documentation
226
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Controlling Execution of Commit Scripts During Commit Operations
Copyright © 2014, Juniper Networks, Inc.
Chapter 17: Configuration Statements for Automation
refresh (Commit Scripts)
Syntax
Hierarchy Level
Release Information
Description
refresh;
[edit system scripts commit],
[edit system scripts commit file filename]
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS commit scripts, overwrite the local copy of all enabled commit scripts or
a single enabled script located in the /var/db/scripts/commit directory with the copy
located at the source URL, as specified in the source statement at the same hierarchy
level.
The update operation occurs as soon as you issue the set refresh configuration mode
command. Issuing the set refresh command does not add the refresh statement to the
configuration. Thus the command behaves like an operational mode command by
executing an operation, instead of adding a statement to the configuration.
NOTE: On the QFabric system, commit scripts are stored in the
/pbdata/mgd_shared/partition-ip/var/db/scripts/commit/ directory on the
Director device.
Required Privilege
Level
Related
Documentation
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Using a Master Source Location for a Script
•
refresh-from (Commit Scripts) on page 229
•
source (Commit Scripts) on page 232
Copyright © 2014, Juniper Networks, Inc.
227
Network Management and Monitoring on the QFX Series
refresh (Op Scripts)
Syntax
Hierarchy Level
Release Information
Description
refresh;
[edit system scripts op],
[edit system scripts op file filename]
Statement introduced in Junos OS Release 7.6.
Statement introduced in Junos OS Release 11.1 on the QFX Series.
For Junos OS op scripts, overwrite the local copy of all enabled op scripts or a single
enabled script located in the /var/db/scripts/op directory with the copy located at the
source URL, specified in the source statement at the same hierarchy level.
The update operation occurs as soon as you issue the set refresh configuration mode
command. Issuing the set refresh command does not add the refresh statement to the
configuration. Thus the command behaves like an operational mode command by
executing an operation, instead of adding a statement to the configuration.
NOTE: On the QFabric system, op scripts are stored in the
/pbdata/mgd_shared/partition-ip/var/db/scripts/op/ directory on the Director
device.
Required Privilege
Level
Related
Documentation
228
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Using a Master Source Location for a Script
•
refresh-from (Op Scripts) on page 230
•
source (Op Scripts) on page 233
Copyright © 2014, Juniper Networks, Inc.
Chapter 17: Configuration Statements for Automation
refresh-from (Commit Scripts)
Syntax
Hierarchy Level
Release Information
Description
refresh-from url;
[edit system scripts commit],
[edit system scripts commit file filename]
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS commit scripts, overwrite the local copy of all enabled commit scripts or
a single enabled script located in the /var/db/scripts/commit directory with the copy
located at a URL other than the URL specified in the source statement.
The update operation occurs as soon as you issue the set refresh-from url configuration
mode command. Issuing the set refresh-from command does not add the refresh-from
statement to the configuration. Thus the command behaves like an operational mode
command by executing an operation, instead of adding a statement to the configuration.
NOTE: This statement is not supported on the QFabric system.
Options
url—The source specified as a Hypertext Transfer Protocol (HTTP) URL, FTP URL, or
secure copy (scp)-style remote file specification.
Required Privilege
Level
Related
Documentation
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Using an Alternate Source Location for a Script
•
refresh (Commit Scripts) on page 227
•
source (Commit Scripts) on page 232
Copyright © 2014, Juniper Networks, Inc.
229
Network Management and Monitoring on the QFX Series
refresh-from (Op Scripts)
Syntax
Hierarchy Level
Release Information
Description
refresh-from url;
[edit system scripts op],
[edit system scripts op file filename]
Statement introduced in Junos OS Release 7.6.
Statement introduced in Junos OS Release 11.1 on the QFX Series.
For Junos OS op scripts, overwrite the local copy of all enabled op scripts or a single
enabled script located in the /var/db/scripts/op directory with the copy located at a URL
other than the URL specified in the source statement.
The update operation occurs as soon as you issue the set refresh-from url configuration
mode command. Issuing the set refresh-from command does not add the refresh-from
statement to the configuration. Thus the command behaves like an operational mode
command by executing an operation, instead of adding a statement to the configuration.
NOTE: This statement is not supported on the QFabric system.
Options
url—Source specified as a Hypertext Transfer Protocol (HTTP) URL, FTP URL, or secure
copy (scp)-style remote file specification.
Required Privilege
Level
Related
Documentation
230
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Using an Alternate Source Location for a Script
•
refresh (Op Scripts) on page 228
•
source (Op Scripts) on page 233
Copyright © 2014, Juniper Networks, Inc.
Chapter 17: Configuration Statements for Automation
scripts
Syntax
Hierarchy Level
Release Information
scripts {
commit {
allow-transients;
direct-access;
file filename {
checksum (md5 | sha-256 | sha1) hash;
optional;
refresh;
refresh-from url;
source url;
}
max-datasize
refresh;
refresh-from url;
traceoptions {
file <filename> <files number> <size size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
load-scripts-from-flash;
op {
file filename {
arguments {
argument-name {
description descriptive-text;
}
}
checksum (md5 | sha-256 | sha1) hash;
command filename-alias;
description descriptive-text;
max-datasize
refresh;
refresh-from url;
source url;
}
no-allow-url
refresh;
refresh-from url;
traceoptions {
file <filename> <files number> <size size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
synchronize;
}
[edit system]
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Copyright © 2014, Juniper Networks, Inc.
231
Network Management and Monitoring on the QFX Series
Description
For Junos OS commit or op scripts, configure scripting mechanisms.
NOTE: The traceoptions statement is not supported on QFabric systems.
Options
Required Privilege
Level
Related
Documentation
The statements are explained separately.
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Storing and Enabling Scripts
source (Commit Scripts)
Syntax
Hierarchy Level
Release Information
Description
source url;
[edit system scripts commit file filename]
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS commit scripts, specify the location of the source file for an enabled script
located in the /var/db/scripts/commit directory. When you include the refresh statement
at the same hierarchy level and commit the configuration, the local copy is overwritten
by the version stored at the specified URL.
NOTE: On the QFabric system, commit scripts are stored in the
/pbdata/mgd_shared/partition-ip/var/db/scripts/op/ directory on the Director
device.
Options
Required Privilege
Level
Related
Documentation
232
url—The source specified as an HTTP URL, FTP URL, or scp-style remote file specification.
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Using a Master Source Location for a Script
•
Overview of Updating Scripts from a Remote Source
•
refresh (Commit Scripts) on page 227
•
refresh-from (Commit Scripts) on page 229
Copyright © 2014, Juniper Networks, Inc.
Chapter 17: Configuration Statements for Automation
source (Op Scripts)
Syntax
Hierarchy Level
Release Information
Description
source url;
[edit system scripts op file filename]
Statement introduced in Junos OS Release 7.6.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
For Junos OS op scripts, specify the location of the source file for an enabled script located
in the /var/db/scripts/op directory. When you include the refresh statement at the same
hierarchy level, the local copy is overwritten by the version stored at the specified URL.
NOTE: On the QFabric system, commit scripts are stored in the
/pbdata/mgd_shared/partition-ip/var/db/scripts/op/ directory on the Director
device.
Options
url—Master source file for an op script specified as an HTTP URL, FTP URL, or scp-style
remote file specification.
Required Privilege
Level
Related
Documentation
maintenance—To view this statement in the configuration.
maintenance-control—To add this statement to the configuration.
•
Using a Master Source Location for a Script
•
refresh (Op Scripts) on page 228
•
refresh-from (Op Scripts) on page 230
Copyright © 2014, Juniper Networks, Inc.
233
Network Management and Monitoring on the QFX Series
234
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 18
Configuration Statements for Network
Analytics
•
address (Analytics Collector) on page 236
•
analytics on page 237
•
collector (Analytics) on page 241
•
depth-threshold on page 242
•
export-profiles on page 243
•
file (Analytics) on page 245
•
interface (Export Profiles) on page 246
•
interfaces (Analytics Resource) on page 247
•
interfaces (Analytics) on page 248
•
latency-threshold on page 250
•
local (Analytics Collector) on page 251
•
queue-statistics on page 252
•
resource (Analytics) on page 253
•
resource-profiles (Analytics) on page 254
•
streaming-servers on page 255
•
system (Analytics Resource) on page 257
•
system (Export Profiles) on page 258
•
traceoptions (Analytics) on page 259
•
traffic-statistics on page 260
Copyright © 2014, Juniper Networks, Inc.
235
Network Management and Monitoring on the QFX Series
address (Analytics Collector)
Syntax
Hierarchy Level
Release Information
Description
address ip-address {
port number {
transport protocol {
export-profile profile-name;
}
}
}
[edit services analytics collector]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Configure the address of a remote server to receive streamed analytics (queue and traffic
statistics) data.
NOTE: The address statement is available in Junos OS Release 13.2X51-D15
or later.
Options
ip-address—IP address of the remote server receiving the streamed data.
port number—Port number of the remote server receiving the streaming data.
export-profile profile-name—Name of the export profile containing the parameters for
the analytics data being streamed.
transport protocol—A transport protocol used to stream data to the port.
Values:
Required Privilege
Level
Related
Documentation
236
•
tcp—Transmission Control Procol (TCP)
•
udp—User Datagram Protocol (UDP)
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
•
show analytics collector on page 419
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
analytics
Syntax
Junos OS Release 13.2X51-D15 and later:
analytics {
collector {
local {
file filename {
size size;
files number;
}
}
address ip-address {
port number {
transport protocol {
export-profile profile-name;
}
}
}
}
export-profiles {
profile-name {
interface {
information;
statistics {
queue;
traffic;
}
status {
link;
queue;
traffic;
}
}
stream-format format;
system {
information;
status {
queue;
traffic;
}
}
}
}
resource {
interfaces {
interface-name {
resource-profile name;
}
}
system {
polling-interval {
queue-monitoring interval;
traffic-monitoring interval;
}
Copyright © 2014, Juniper Networks, Inc.
237
Network Management and Monitoring on the QFX Series
resource-profile name;
}
}
resource-profiles {
profile-name {
depth-threshold {
high number;
low number;
}
latency-threshold {
high number;
low number;
}
no-queue-monitoring;
no-traffic-monitoring;
queue-monitoring;
traffic-monitoring;
}
}
traceoptions {
file filename {
files number;
size size;
}
}
}
238
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
Junos OS Release 13.2X50-D15 and 13.2X51-D10 only:
analytics {
interfaces {
all {
depth-threshold high number low number;
latency-threshold high number low number;
queue-statistics;
no-queue-statistics;
traffic-statistics;
no-traffic-statistics;
}
interface-name {
depth-threshold high number low number;
latency-threshold high number low number;
queue-statistics;
no-queue-statistics;
traffic-statistics;
no-traffic-statistics;
}
}
queue-statistics {
file filename {
files number-of-files;
size size;
}
interval interval;
}
streaming-servers {
address ip-address {
port number {
stream-format format;
stream-type type
}
}
}
traceoptions {
file filename {
files number;
size size;
}
}
traffic-statistics {
file filename {
files number-of-files;
size size;
}
interval interval;
}
}
Hierarchy Level
Release Information
[edit services]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Copyright © 2014, Juniper Networks, Inc.
239
Network Management and Monitoring on the QFX Series
Description
Configure the network analytics feature that includes monitoring for traffic and queue
statistics. The network analytics processes running on the Packet Forwarding Engine and
Routing Engine collect and analyze the data, and generate reports that may be saved in
log files or sent as streaming data to remote servers.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
240
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
show analytics traffic-statistics on page 433
•
show analytics collector on page 419
•
show analytics status on page 427
•
show analytics queue-statistics on page 425
•
show analytics configuration on page 421
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
collector (Analytics)
Syntax
Hierarchy Level
Release Information
Description
collector {
local {
file filename {
size size;
files number;
}
}
address ip-address {
port number {
transport protocol {
export-profile profile-name;
}
}
}
}
[edit services analytics]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Configure a local file for storing network analytics statistics and/or a remote server for
receiving streamed statistics data.
NOTE: The collector statement is available in Junos OS Release 13.2X51-D15
or later.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
Copyright © 2014, Juniper Networks, Inc.
241
Network Management and Monitoring on the QFX Series
depth-threshold
Syntax
Hierarchy Level
Release Information
Description
depth-threshold {
high number;
low number;
}
[edit services analytics interfaces]
[edit services analytics resource-profiles]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Statement in the [edit services analytics resource-profiles] hierarchy level introduced in
Junos OS Release 13.2X51-D15.
If network analytics queue statistics monitoring is enabled, specify the high and low
values (in bytes) of the queue depth (buffer) threshold. If you configure a depth threshold,
you cannot configure the latency threshold. You can configure the depth threshold for
one interface or all interfaces. Specify the high and low queue depth threshold numbers:
NOTE: The configuration for a specific interface supersedes the global
configuration for all interfaces.
Options
high number—Specify the maximum value for the depth threshold.
Range: 1 to 1,250,000,000 bytes
Default:
•
Junos OS Release 13.2X51-D10 or later—0 bytes
•
Junos OS Release 13.2X50-D15—14,680,064 bytes (14 MB)
low number—Specify the minimum value for the depth threshold.
Range: 1 to 1,250,000,000 bytes
Default:
Required Privilege
Level
Related
Documentation
242
•
Junos OS Release 13.2X51-D10 or later—0 bytes
•
Junos OS Release 13.2X50-D15—1024 bytes (1 KB)
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
•
latency-threshold on page 250
•
resource-profiles (Analytics) on page 254
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
export-profiles
Syntax
Hierarchy Level
Release Information
Description
export-profiles {
profile-name {
interface {
information;
statistics {
queue;
traffic;
}
status {
link;
queue;
traffic;
}
}
stream-format format;
system {
information;
status {
queue;
traffic;
}
}
}
}
[edit services analytics]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Configure an profile to specify the network analytics data being streamed to remote
servers. Each profile is a template that defines the type of data being streamed.
NOTE: The export-profile statement is available in Junos OS Release
13.2X51-D15 or later.
Options
profile-name—Name of the export profile containing the configuration of the data being
streamed.
stream-format format—Format of the streaming data being sent to a server. Only one
format can be sent to each port on a server.
Values:
•
csv—Comma-separated Values (CSV). Data sent in this format is newline
separated, and each record contains one stream type (queue or traffic data) per
interface.Each record contains either a “q” for a queue statistics, or a “t” for a traffic
statistics.
Copyright © 2014, Juniper Networks, Inc.
243
Network Management and Monitoring on the QFX Series
•
gpb—Google Protocol Buffer (GPB). Data sent in this format has a hierachical
format, and is categorized by resource type (system or interfaces), which is
specified in the message header. You can generate data formatted in other formats
(CSV, TSV, and JSON) from GPB-encoded data.
Each message includes a 8-byte header containing the following information:
•
Bytes 0 to 3—Length of the message.
•
Byte 4—Message version.
•
Bytes 5 to 7—Reserved for future use.
NOTE: A schema file called analytics.proto containing the definitions
of the GPB messages is available for downloading from the following
location:
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/proto-files/analytics-proto.txt
•
json—JavaScript Object Notation (JSON). Data sent in this format is newline
separated, and each record contains one stream type (queue or traffic data) per
interface. Each record contains either “queue-statistics” or “traffic-statistics” in
the “record type” field.
•
tsv—Tab-separated Values (TSV). Data sent in this format is newline separated,
and each record contains one stream type (queue or traffic data) per interface.
Each record contains a “q” for a queue statistics, or a “t” for a traffic statistics.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
244
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
file (Analytics)
Syntax
Hierarchy Level
Release Information
Description
Default
Options
file filename {
files number-of-files;
size size;
}
[edit services analytics collector local]
[edit services analytics queue-statistics]
[edit services analytics traffic-statistics]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Enable the logging of queue or traffic monitoring statistics in a local file. This statement
does not enable monitoring.
This feature is disabled by default.
filename—Specify a filename for storing queue and traffic monitoring statistics in the
Comma-separated Values (CSV) format. The file is stored in the /var/log/ directory
of your device.
If you do not specify a filename, the data is not stored in a file.
NOTE: In Junos OS Release 13.2X51-D15 or later, you configure a single
filename to store both queue and traffic monitoring statistics. In Junos
OS Release 13.2X51-D10 and earlier, you configure separate files for
storing monitoring data, one for queue statistics, and another for traffic
statistics.
files number-of-files—Specify the number of files to store locally. After the number of
files with the maximum file size is reached, the system starts over and writes the
data to the first file.
Range: 2 to 1,000 files.
size size—Configure the file size in megabytes (MB).
Syntax: xm to specify MB.
Range: 10 to 4095 MB
Required Privilege
Level
Related
Documentation
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
245
Network Management and Monitoring on the QFX Series
interface (Export Profiles)
Syntax
Hierarchy Level
Release Information
Description
interface {
information;
statistics {
queue;
traffic;
}
status {
link;
queue;
traffic;
}
}
[edit services analytics export-profiles]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Configure an export profile for streaming network analytics data for a specific interface
to remote servers. Each profile is a template that defines the type of data being streamed
for that interface.
NOTE: The interface statement is available in Junos OS Release 13.2X51-D15
or later.
Options
information—Information about the specified interface, including SNMP index, interface
index, slot, port number, media type, capability, and port type.
statistics—Type of monitoring statistics to be streamed.
Values:
•
queue
•
traffic
status—Status information about the interface to be streamed.
Values:
Required Privilege
Level
Related
Documentation
246
•
link
•
queue
•
traffic
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
•
analytics on page 237
interfaces (Analytics Resource)
Syntax
Hierarchy Level
Release Information
Description
interfaces {
interface-name {
resource-profile profile-name;
}
}
[edit services analytics resource]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Apply the network analytics resource profile to an interface for which you wish to enable
queue or traffic statistics monitoring. The resource profile is a template that specifies
the parameters for queue and traffic monitoring, as well as for the depth and latency
thresholds.
NOTE: The interfaces statement in the [edit services analytics resource]
hierarchy is available in Junos OS Release 13.2X51-D15 or later.
Options
interface-name—Name of the interface for which a resource profile has been configured.
resource-profile profile-name—Name of a resource profile containing the analytics
parameters that have been specified for interfaces. Information contained in a
resource profile includes the configuration of queue and traffic monitoring (whether
enabled or disabled), and values for the depth and latency thresholds (if applicable).
Required Privilege
Level
Related
Documentation
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
247
Network Management and Monitoring on the QFX Series
interfaces (Analytics)
Syntax
Hierarchy Level
Release Information
Description
interfaces {
all {
depth-threshold high number low number;
latency-threshold high number low number;
queue-statistics;
no-queue-statistics;
traffic-statistics;
no-traffic-statistics;
}
interface-name {
depth-threshold high number low number;
latency-threshold high number low number;
queue-statistics;
no-queue-statistics;
traffic-statistics;
no-traffic-statistics;
}
}
[edit services analytics]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Configure physical interfaces for monitoring traffic and queue statistics by the network
analytics processes running on the Packet Forwarding Engine and Routing Engine. You
may specify one interface or all interfaces in your configuration.
NOTE: The configuration for a specific interface supersedes the global
configuration for all interfaces. You can configure traffic and queue monitoring
for physical interfaces only; logical interfaces and Virtual Chassis port (VCP)
interfaces are not supported.
NOTE: Disabling the queue or traffic monitoring (using the no-queue-statistics
or no-traffic-statistics configuration statements) supersedes the configuration
(enabling) of the feature.
Options
all—Configure all interfaces on the device for high-frequency monitoring.
interface-name—Name of the interface to configure for high-frequency monitoring.
no-queue-statistics—Disable the collection of queue statistics.
248
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
NOTE: The no-queue-statistics statement supersedes the queue-statistics
statement.
no-traffic-statistics—Disable the collection of traffic statistics.
NOTE: The no-traffic-statistics statement supersedes the traffic-statistics
statement.
queue-statistics—Enable the collection of queue statistics for a specific interface or all
interfaces.
traffic-statistics—Enable the collection of traffic statistics for a specific interface or all
interfaces.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
249
Network Management and Monitoring on the QFX Series
latency-threshold
Syntax
Hierarchy Level
Release Information
Description
latency-threshold {
high number;
low number;
}
[edit services analytics interfaces]
[edit services analytics resource-profiles]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Statement in the [edit services analytics resource-profiles] hierarchy level introduced in
Junos OS Release 13.2X51-D15.
If network analytics queue statistics monitoring is enabled, specify the high and low
values (in microseconds) of the latency threshold of the queue. If you configure a latency
threshold, you cannot configure the depth threshold. You can configure the latency
threshold for one interface or all interfaces. Specify the high and low latency threshold
numbers:
NOTE: The configuration for a specific interface supersedes the global
configuration for all interfaces.
Options
high number—Specify the maximum value for the latency threshold.
Range:
•
Junos OS Release 13.2X51-D15 or later—1 to 100,000,000 nanoseconds (0.001 to
100,000 microseconds)
•
Junos OS Release 13.2X51-D10 or earlier—1 to 100,000 microseconds
Default:
•
Junos OS Release 13.2X51-D15 or later—1,000,000 nanoseconds (1000
microseconds or 1 millisecond)
•
Junos OS Release 13.2X51-D10—1000 microseconds
•
Junos OS Release 13.2X50-D15—900 microseconds
low number—Specify the minimum value for the latency threshold.
Range:
•
Junos OS Release 13.2X51-D15 or later—1 to 100,000,000 nanoseconds
•
Junos OS Release 13.2X51-D10 or earlier—1 to 100,000 microseconds
Default:
250
•
Junos OS Release 13.2X51-D15 or later—100 nanoseconds (0.1 microseconds)
•
Junos OS Release 13.2X51-D10—50 microseconds
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
•
Required Privilege
Level
Related
Documentation
Junos OS Release 13.2X50-D15—300 microseconds
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
•
depth-threshold on page 242
local (Analytics Collector)
Syntax
Hierarchy Level
Release Information
Description
local {
file filename {
size size;
files number;
}
}
[edit services analytics collector]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Configure a local file for logging network analytics (queue and traffic) statistics.
NOTE: The local statement is available in Junos OS Release 13.2X51-D15 or
later.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
collector (Analytics) on page 241
Copyright © 2014, Juniper Networks, Inc.
251
Network Management and Monitoring on the QFX Series
queue-statistics
Syntax
Hierarchy Level
Release Information
Description
queue-statistics {
file filename {
files number-of-files;
size size;
}
interval interval;
}
[edit services analytics]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Enable the logging of queue statistics in a local file. This statement does not enable
queue statistics monitoring.
To enable queue monitoring, you must specify the queue-statistics configuration
statement at the [edit services analytics interfaces] hierarchy level.
Default
Options
This feature is disabled by default.
interval interval—Configure the polling interval in milliseconds.
NOTE: You can configure the polling interval for queue statistics globally
for all interfaces only. Due to limitations and variations in the hardware
capability of different devices, you might see a difference in value
between the actual interval and configured interval.
Range:
•
Junos OS Release 13.2X50-D15—8 to 1000 milliseconds (8 milliseconds to 1 second)
•
Junos OS Release 13.2X51-D10 or later—10 to 1000 milliseconds (10 milliseconds
to 1 second)
NOTE: In Junos OS Release 13.2X51-D10 or later, if you configured an
interval of less than 10 milliseconds, the following warning messages
appear during the commit process: Queue statistics polling interval can
not be less than 10 milliseconds and Setting Queue statistics polling interval
to 10 milliseconds. These messages do not stop the commit operation,
but the interval is automatically set to 10 milliseconds.
Default:
252
•
Junos OS Release 13.2X50-D15—8 milliseconds
•
Junos OS Release 13.2X51-D10 or later—10 milliseconds
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
resource (Analytics)
Syntax
Hierarchy Level
Release Information
Description
resource {
interfaces {
interface-name {
resource-profile profile-name;
}
}
system {
polling-interval {
queue-monitoring interval;
traffic-monitoring interval;
}
resource-profile profile-name;
}
}
[edit services analytics]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Configure network analytics resources such as resource profiles (for interfaces and
system), and polling intervals (for queue and traffic monitoring).
NOTE: The resource statement is available in Junos OS Release 13.2X51-D15
or later.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
253
Network Management and Monitoring on the QFX Series
resource-profiles (Analytics)
Syntax
Hierarchy Level
Release Information
Description
resource-profiles {
profile-name {
depth-threshold {
high number;
low number;
}
latency-threshold {
high number;
low number;
}
no-queue-monitoring;
no-traffic-monitoring;
queue-monitoring;
traffic-monitoring;
}
}
[edit services analytics]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Configure resource profiles that are used as templates for specifying network analytics
parameters. You use resource profiles to enable and disable queue and traffic monitoring,
and specify depth and latency thresholds as applicable. Once you have defined a resource
profile, you can apply it specifically to individual interfaces, or globally to a system.
NOTE: The resource-profiles statement is available in Junos OS Release
13.2X51-D15 or later.
The remaining statements are explained separately.
Options
profile-name—Specify a name for the resource profile.
no-queue-monitoring—Disable queue monitoring.
no-traffic-monitoring—Disable traffic monitoring.
queue-monitoring—Enable queue monitoring.
traffic-monitoring—Enable traffic monitoring.
Required Privilege
Level
Related
Documentation
254
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
streaming-servers
Syntax
Hierarchy Level
Release Information
Description
streaming-servers {
address ip-address {
port number {
stream-format format;
stream-type type
}
}
}
[edit services analytics]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Configure remote servers to receive streaming output for the network analytics monitoring
of traffic and queue statistics. The streaming function supports TCP connections only,
and sends records separated by a newline character.
NOTE: Before you use the remote server to receive streaming data, you must
set up the TCP server software to process records that are separated by the
newline character (\n).
You can configure multiple servers and multiple ports on each server to receive the
streaming data. You can configure different streaming data types and formats for different
ports on a server, but you can configure only one streaming type and one format for each
port on a server.
Options
address ip-address—IP address of the remote server receiving the streaming data.
port number—Port number of the remote server receiving the streaming data.
stream-format format—Format of the streaming data being sent to a server. Only one
format can be sent to each port on a server.
Values:
•
csv—Comma-separated Values (CSV). Records sent in this format contain a “q”
for a queue statistics, or a “t” for a traffic statistics.
•
json—JavaScript Object Notification (JSON). Records sent in this format contain
“queue-statistics” or “traffic-statistics” in the “record type” field.
•
tsv—Tab-separated Values (TSV). Records sent in this format contain a “q” for a
queue statistics, or a “t” for a traffic statistics.
stream-type type—Type of streaming data sent to a port. You can specify different types
of streaming data to be sent to different ports on the same server.
Values:
•
queue-statistics
Copyright © 2014, Juniper Networks, Inc.
255
Network Management and Monitoring on the QFX Series
•
Required Privilege
Level
Related
Documentation
256
traffic-statistics
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
Understanding Network Analytics Streaming Data on page 42
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
system (Analytics Resource)
Syntax
Hierarchy Level
Release Information
Description
system {
polling-interval {
queue-monitoring interval;
traffic-monitoring interval;
}
resource-profile profile-name;
}
[edit services analytics resource]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Apply a network analytics resource profile to a system for which you wish to enable queue
or traffic monitoring. The resource profile is a template that specifies the parameters for
queue and traffic monitoring, as well as for the depth and latency thresholds.
NOTE: The system statement in the [edit services analytics resource] hierarchy
is available in Junos OS Release 13.2X51-D15 or later.
Options
polling-interval—Configure the polling interval for queue and traffic monitoring:
queue-monitoring polling-interval—Configure the queue monitoring interval in
milliseconds.
Range: 1 to 1000 milliseconds (1 millisecond to 1 second)
traffic-monitoring polling-interval—Configure the traffic monitoring interval in seconds.
Range: 1 to 300 seconds (1 second to 5 minutes)
resource-profile profile-name—Name of a resource profile containing the global analytics
parameters that have been configured for the system. Information contained in a
resource profile includes the configuration of queue and traffic monitoring (whether
enabled or disabled), and values for the depth and latency thresholds (if applicable).
Required Privilege
Level
Related
Documentation
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
257
Network Management and Monitoring on the QFX Series
system (Export Profiles)
Syntax
Hierarchy Level
Release Information
Description
system {
information;
status {
queue;
traffic;
}
}
[edit services analytics export-profiles]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Configure a system-wide export profile for streaming network analytics data to remote
servers. Each profile is a template that defines the type of data being streamed for that
system.
NOTE: The system statement is available in Junos OS Release 13.2X51-D15
or later.
Options
information—Information about the system, including boot time, model, serial number,
maximum number of ports, collector information, and interface list.
status—System status information to be streamed.
Values:
Required Privilege
Level
Related
Documentation
258
•
queue
•
traffic
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
traceoptions (Analytics)
Syntax
Hierarchy Level
Release Information
traceoptions {
file filename;
files number-of-files;
size size;
}
[edit services analytics]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Description
Configure traceoptions for the network analytics daemon (analyticsd) running on the
Routing Engine.
Options
file filename—Specify a filename for storing the traceoptions data. The file is stored in
the /var/log/ directory of your device.
If you do not specify a filename, the data is not stored in a file.
files number-of-files—Specify the number of files to store locally. After the number files
witsh the maximum file size is reached, the system starts over and writes the data
to the first file.
Range: 2 to 1,000 files.
size size—Configure the file size in megabytes (MB).
Syntax: xm to specify MB.
Range: 10 to 4095 MB
Required Privilege
Level
Related
Documentation
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
259
Network Management and Monitoring on the QFX Series
traffic-statistics
Syntax
Hierarchy Level
Release Information
Description
traffic-statistics {
file filename {
files number-of-files;
size size;
}
interval interval;
}
[edit services analytics]
Statement introduced in Junos OS Release 13.2 for the QFX Series.
Enable the logging of traffic statistics in a local file. This statement does not enable traffic
statistics monitoring.
To enable the monitoring of traffic statistics, configure the traffic-statistics configuration
statement at the [edit services analytics interfaces] hierarchy level.
Default
Options
This feature is disabled by default.
file filename—Specify a filename for storing the traffic statistics in the JavaScript Object
Notification (JSON) format. The file is stored in the /var/log/ directory of your device.
If you do not specify a filename, the data is not stored in a file.
files number-of-files—Specify the number of files to store locally. After the number files
with the maximum file size is reached, the system starts over and writes the data to
the first file.
Range: 2 to 1,000 files.
interval interval—Configure the polling interval in seconds.
NOTE: You can configure the polling interval for traffic statistics globally
for all interfaces only. Due to limitations and variations in the hardware
capability of different devices, you might see a difference in value
between the actual interval and configured interval.
Range:
•
Junos OS Release 13.2X51-D10 or later—2 to 300 seconds (2 seconds to 5 minutes)
•
Junos OS Release 13.2X50-D15—1 to 300 seconds (1 second to 5 minutes)
NOTE: In Junos OS Release 13.2X51-D10 or later, if you configured an
interval of less than 2 seconds, the following warning messages appear
during the commit process:
260
Copyright © 2014, Juniper Networks, Inc.
Chapter 18: Configuration Statements for Network Analytics
Traffic statistics polling interval can not be less than 2 seconds, and
Setting Traffic statistics polling interval to 2 seconds.
These messages do not stop the commit operation, but the interval is
automatically set to 2 seconds.
Default:
•
Junos OS Release 13.2X50-D15—1 second
•
Junos OS Release 13.2X51-D10 or later—2 seconds
size size—Configure the file size in megabytes (MB).
Syntax: xm to specify MB.
Range: 10 to 4095 MB
Required Privilege
Level
Related
Documentation
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
261
Network Management and Monitoring on the QFX Series
262
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 19
Configuration Statements for sFlow
Technology
•
agent-id on page 263
•
collector (sFlow Technology) on page 264
•
interfaces (sFlow) on page 264
•
polling-interval on page 265
•
sample-rate on page 266
•
sflow on page 267
•
source-ip on page 268
•
traceoptions (sFlow Technology) on page 269
•
udp-port on page 270
agent-id
Syntax
Hierarchy Level
Release Information
Description
Required Privilege
Level
Related
Documentation
agent-id ip-address;
[edit protocols sflow]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Configure the IP address of the sFlow agent. If you do not configure the sFlow agent ID,
the IP address for the agent is dynamically created using the IP address of an interface
configured on the QFX Series device.
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
•
Configuring sFlow Technology on page 163
•
sflow on page 267
Copyright © 2014, Juniper Networks, Inc.
263
Network Management and Monitoring on the QFX Series
collector (sFlow Technology)
Syntax
Hierarchy Level
Release Information
Description
collector ip-address {
udp-port port-number;
}
[edit protocols sflow]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Configure a remote collector for sFlow network traffic monitoring. The device sends
sFlow UDP datagrams to the configured collector for analysis. You can configure up to
four collectors on the device. You specify the IP address for each collector you configure.
The remaining statement is explained separately.
Options
Required Privilege
Level
Related
Documentation
ip-address—IP address of the collector.
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
•
Configuring sFlow Technology on page 163
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
interfaces (sFlow)
Syntax
Hierarchy Level
Release Information
Description
interfaces interface-name {
polling-interval seconds;
sample-rate number;
}
[edit protocols sflow]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Configure sFlow network traffic monitoring on the specified interface on the device. You
can configure sFlow parameters (polling interval, sample rate) with different values on
different interfaces.
The remaining statements are explained separately.
Options
Required Privilege
Level
Related
Documentation
264
interface-name—Name of the interface on which to configure sFlow parameters.
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
•
Configuring sFlow Technology on page 163
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
Copyright © 2014, Juniper Networks, Inc.
Chapter 19: Configuration Statements for sFlow Technology
polling-interval
Syntax
Hierarchy Level
Release Information
Description
Default
Options
polling-interval seconds;
[edit protocols sflow],
[edit protocols sflow interfaces interface-name]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Configure the rate (in seconds) at which successive samples of interface statistics
(counters) are taken.
If no polling interval is configured for a particular interface, the device uses the global
polling interval configured at the [edit protocols sflow] hierarchy level. If no global interval
is configured, the device uses the default polling interval of 20 seconds.
seconds—Number of seconds between successive samples of interface statistics.
Specifying a value of 0 (zero) disables the polling.
Range: 0 through 3600 seconds
Required Privilege
Level
Related
Documentation
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
•
Configuring sFlow Technology on page 163
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
Copyright © 2014, Juniper Networks, Inc.
265
Network Management and Monitoring on the QFX Series
sample-rate
Syntax
Hierarchy Level
Release Information
Description
Default
Options
sample-rate number;
[edit protocols sflow],
[edit protocols sflow interfaces interface-name]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Specify the denominator (number) of the ratio that is the sample rate in sFlow traffic
monitoring. For example, to configure a sample rate of 1 in 1000 packets, you specify a
number of 1000.
If no sample rate is configured for a particular interface, the device uses the global sample
rate configured at the [edit protocols sflow] hierarchy level. If no global rate is configured,
the device uses the default sample rate of 1 in 2000 packets.
number—Denominator of the ratio representing the sample rate (one packet out of
number).
Range: 1 through 16,777,215
Required Privilege
Level
Related
Documentation
266
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
•
Configuring sFlow Technology on page 163
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
Copyright © 2014, Juniper Networks, Inc.
Chapter 19: Configuration Statements for sFlow Technology
sflow
Syntax
Hierarchy Level
Release Information
Description
sflow {
agent-id ip-address;
collector ip-address {
udp-port port-number;
}
interfaces interface-name {
polling-interval number;
sample-rate {
egress number;
ingress number;
}
}
polling-interval number;
sample-rate {
egress number;
ingress number;
}
source-ip ip-address;
traceoptions {
file filename <files number> <no-stamp> <replace> <size size> <world-readable |
no-world-readable>;
flag flag;
}
}
[edit protocols]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Configure sFlow technology to monitor traffic continuously on specified interfaces
simultaneously. sFlow data can be used to characterize network activity.
The remaining statements are explained separately.
Default
Required Privilege
Level
Related
Documentation
The sFlow protocol is disabled by default.
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
•
Configuring sFlow Technology on page 163
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
Copyright © 2014, Juniper Networks, Inc.
267
Network Management and Monitoring on the QFX Series
source-ip
Syntax
Hierarchy Level
Release Information
Description
Required Privilege
Level
Related
Documentation
268
source-ip ip-address;
[edit protocols sflow]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Configure the source IP address to be used for sFlow datagrams. If you do not configure
a source IP address, it is dynamically created based on the IP address of an Ethernet
interface configured on the QFX Series device.
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
•
Configuring sFlow Technology on page 163
•
sflow on page 267
Copyright © 2014, Juniper Networks, Inc.
Chapter 19: Configuration Statements for sFlow Technology
traceoptions (sFlow Technology)
Syntax
Hierarchy Level
Release Information
Description
Default
Options
traceoptions {
file filename <files number> <no-stamp> <replace> <size size> <world-readable |
no-world-readable>;
flag flag;
}
[edit protocols sflow]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Define tracing operations for sFlow technology.
The traceoptions feature is disabled.
file filename—Name of the file to receive the tracing operation output. Enclose the name
in quotation marks. Output files are located in the /var/log/ directory.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0. Incoming trace file
data is logged in the now empty trace-file. When trace-file again reaches its maximum
size, trace-file.0 is renamed trace-file.1 and trace-file is renamed trace-file.0. This
renaming scheme continues until the maximum number of trace files is reached.
Then the oldest trace file is overwritten.
If you specify the maximum number of files, you must also specify the maximum file
size using the size option.
Range: 2 through 1000 files
Default: 1 trace file
flag flag—Tracing operation to perform. To specify more than one tracing operation,
include multiple flag statements.
•
all—Trace all sFlow monitoring events.
•
client-server—Trace sFlow monitoring client-server events.
•
configuration—Trace sFlow monitoring configuration events.
•
interface—Trace sFlow monitoring interface events.
•
rtsock—Trace routing socket code events.
no-stamp—(Optional) Do not place timestamp information at the beginning of each line
in the trace file.
no-world-readable—(Optional) Prevent any user from reading the trace file.
replace—(Optional) Replace an existing trace file if there is one.
size size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB),
or gigabytes (GB). When a trace file named trace-file reaches its maximum size, it
Copyright © 2014, Juniper Networks, Inc.
269
Network Management and Monitoring on the QFX Series
is renamed trace-file.0. Incoming trace file data is logged in the now empty trace-file.
When trace-file again reaches its maximum size, trace-file.0 is renamed trace-file.1
and trace-file is renamed trace-file.0. This renaming scheme continues until the
maximum number of trace files is reached. Then the oldest trace file is overwritten.
If you specify a maximum file size, you must also specify a maximum number of trace
files with the files option.
Syntax: xk to specify KB, xm to specify MB, or xg to specify GB
Range: 10 KB through the maximum file size of 4 GB
Default: 128 KB
world-readable—(Optional) Allow any user to read the trace file.
Required Privilege
Level
Related
Documentation
routing and trace—To view this statement in the configuration.
routing-control and trace-control—To add this statement to the configuration.
•
Overview of sFlow Technology
udp-port
Syntax
Hierarchy Level
Release Information
Description
Default
Options
Required Privilege
Level
Related
Documentation
270
udp-port port-number;
[edit protocols sflow collector]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Configure the UDP port for a remote collector for sFlow network traffic monitoring. The
device sends sFlow UDP datagrams to the collector for analysis.
Port 6343
port-number—UDP port number for this collector.
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
•
Configuring sFlow Technology on page 163
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 20
Configuration Statements for SNMP
•
access (SNMP) on page 274
•
address (SNMP) on page 274
•
address-mask on page 275
•
agent-address on page 275
•
alarm (SNMP RMON) on page 276
•
authentication-md5 on page 277
•
authentication-none on page 278
•
authentication-password on page 279
•
authentication-sha on page 280
•
authorization on page 281
•
bucket-size on page 282
•
categories on page 282
•
client-list on page 283
•
client-list-name on page 283
•
clients on page 284
•
commit-delay on page 284
•
community (SNMP) on page 285
•
community (RMON) on page 286
•
community-name (SNMP) on page 287
•
contact on page 288
•
description (SNMP) on page 288
•
description (RMON) on page 289
•
destination-port (SNMP) on page 289
•
engine-id on page 290
•
event on page 291
•
falling-event-index (RMON) on page 292
•
falling-threshold (Health Monitor) on page 293
•
falling-threshold (RMON) on page 294
Copyright © 2014, Juniper Networks, Inc.
271
Network Management and Monitoring on the QFX Series
272
•
falling-threshold-interval on page 295
•
filter-duplicates on page 295
•
filter-interfaces on page 296
•
group (Associating a Security Name) on page 296
•
group (Configuring Access Privileges) on page 297
•
health-monitor on page 298
•
history on page 299
•
interface (SNMP) on page 300
•
interface (RMON) on page 301
•
interval (Health Monitor) on page 301
•
interval (RMON) on page 302
•
local-engine on page 303
•
location on page 304
•
message-processing-model on page 304
•
name on page 305
•
nonvolatile on page 305
•
notify on page 306
•
notify-filter (Applying to the Management Target) on page 307
•
notify-filter (Configuring the Profile Name) on page 307
•
notify-view on page 308
•
oid on page 308
•
oid (SNMPv3) on page 309
•
owner on page 310
•
parameters on page 310
•
port (SNMP) on page 311
•
privacy-3des on page 312
•
privacy-aes128 on page 313
•
privacy-des on page 314
•
privacy-none on page 314
•
privacy-password on page 315
•
read-view on page 316
•
remote-engine on page 317
•
request-type on page 318
•
retry-count (SNMPv3) on page 319
•
rising-event-index on page 320
•
rising-threshold (Health Monitor) on page 321
•
rising-threshold (RMON) on page 322
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
•
rmon on page 323
•
sample-type on page 324
•
security-level (Defining Access Privileges) on page 325
•
security-level (Generating SNMP Notifications) on page 326
•
security-model (Access Privileges) on page 327
•
security-model (Group) on page 328
•
security-model (SNMP Notifications) on page 329
•
security-name (Community String) on page 330
•
security-name (Security Group) on page 331
•
security-name (SNMP Notifications) on page 332
•
security-to-group on page 333
•
snmp on page 334
•
snmp-community on page 338
•
source-address (SNMP) on page 338
•
startup-alarm on page 339
•
syslog-subtag on page 340
•
tag (Configuring Notification Targets) on page 340
•
tag (Configuring the SNMP Community) on page 341
•
tag-list on page 341
•
target-address on page 342
•
target-parameters on page 343
•
targets on page 344
•
timeout on page 344
•
traceoptions (SNMP) on page 345
•
trap-group on page 347
•
trap-options on page 348
•
type (RMON Notification) on page 349
•
type (SNMPv3) on page 350
•
user on page 350
•
usm on page 351
•
v3 on page 353
•
vacm on page 355
•
variable on page 356
•
version on page 357
•
view (Configuring a MIB View) on page 358
•
view (Associating MIB View with a Community) on page 359
•
write-view on page 359
Copyright © 2014, Juniper Networks, Inc.
273
Network Management and Monitoring on the QFX Series
access (SNMP)
Syntax
Hierarchy Level
Release Information
Description
access {
group group-name {
(default-context-prefix | context-prefix context-prefix) {
security-model (any | usm | v1 | v2c) {
security-level (authentication | none | privacy) {
notify-view view-name;
read-view view-name;
write-view view-name;
}
}
}
}
}
[edit snmp v3 vacm]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set SNMP access limits.
The remaining statements are explained separately.
Required Privilege
Level
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
address (SNMP)
Syntax
Hierarchy Level
Release Information
Description
Options
address address;
[edit snmp v3 target-address target-address-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify the SNMP target address for receiving traps or informs.
address—IPv4 address of the system to receive traps or informs. You must specify an
address, not a hostname.
Required Privilege
Level
Related
Documentation
274
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
Configuring SNMP on page 165
•
Example: Configuring SNMP on page 130
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
address-mask
Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
address-mask address-mask;
[edit snmp v3 target-address target-address-name]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 on the QFX Series.
Define and verify the source addresses for a group of target addresses for SNMP traps
and informs.
address-mask—Define a range of addresses.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Address Mask
agent-address
Syntax
Hierarchy Level
Release Information
Description
Options
agent-address outgoing-interface;
[edit snmp trap-options]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the agent address of all SNMPv1 traps generated by this router or switch. Currently,
the only option is outgoing-interface, which sets the agent address of each SNMPv1 trap
to the address of the outgoing interface of that trap.
outgoing-interface—Value of the agent address of all SNMPv1 traps generated by this
router or switch. The outgoing-interface option sets the agent address of each SNMPv1
trap to the address of the outgoing interface of that trap.
Default: Disabled (the agent address is not specified in SNMPv1 traps).
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Agent Address for SNMP Traps
Copyright © 2014, Juniper Networks, Inc.
275
Network Management and Monitoring on the QFX Series
alarm (SNMP RMON)
Syntax
Hierarchy Level
Release Information
Description
Options
alarm index {
description description;
falling-event-index index;
falling-threshold integer;
falling-threshold-interval seconds;
interval seconds;
request-type (get-next-request | get-request | walk-request);
rising-event-index index;
rising-threshold integer;
sample-type (absolute-value | delta-value);
startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm);
syslog-subtag syslog-subtag;
variable oid-variable;
}
[edit snmp rmon]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure RMON alarm entries.
index—Identifies this alarm entry as an integer.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
276
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring an Alarm Entry and Its Attributes
•
event (SNMP)
•
Configuring RMON Alarms and Events on page 173
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
authentication-md5
Syntax
Hierarchy Level
Release Information
Description
authentication-md5 {
authentication-password authentication-password;
}
[edit snmp v3 usm local-engine user username],
[edit snmp v3 usm remote-engine engine-id user username]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure MD5 as the authentication type for the SNMPv3 user.
NOTE: You can only configure one authentication type for each SNMPv3
user.
The remaining statement is explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring MD5 Authentication
Copyright © 2014, Juniper Networks, Inc.
277
Network Management and Monitoring on the QFX Series
authentication-none
Syntax
Hierarchy Level
Release Information
Description
authentication-none;
[edit snmp v3 usm local-engine user username],
[edit snmp v3 usm remote-engine engine-id user username]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure that there should be no authentication for the SNMPv3 user.
NOTE: You can configure only one authentication type for each SNMPv3
user.
Required Privilege
Level
Related
Documentation
278
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring No Authentication
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
authentication-password
Syntax
Hierarchy Level
Release Information
Description
Options
authentication-password authentication-password;
[edit snmp v3 usm local-engine user username authentication-md5],
[edit snmp v3 usm local-engine user username authentication-sha],
[edit snmp v3 usm remote-engine engine-id user username authentication-md5],
[edit snmp v3 usm remote-engine engine-id user username authentication-sha]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the password for user authentication.
authentication-password—Password that a user enters. The password is then converted
into a key that is used for authentication.
SNMPv3 has special requirements when you create plain-text passwords on a router or
switch:
•
The password must be at least eight characters long.
•
The password can include lowercase letters, uppercase letters, numbers, and the
following special characters:
,./\<>;:'[]{}~!@#$%^*_+=-`
In addition, the following special characters are also supported, but you must enclose
them within quotation marks (“”) if you enter them on the CLI; if you use a Network
Management System to enter the password, the quotation marks are not required:
|&()?
Control characters—entered by simultaneously pressing the Ctrl key and additional
keys—are not supported.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring MD5 Authentication
•
Configuring SHA Authentication
Copyright © 2014, Juniper Networks, Inc.
279
Network Management and Monitoring on the QFX Series
authentication-sha
Syntax
Hierarchy Level
Release Information
Description
authentication-sha {
authentication-password authentication-password;
}
[edit snmp v3 usm local-engine user username],
[edit snmp v3 usm remote-engine engine-id user username]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the secure hash algorithm (SHA) as the authentication type for the SNMPv3
user.
NOTE: You can configure only one authentication type for each SNMPv3
user.
The remaining statement is explained separately.
Required Privilege
Level
Related
Documentation
280
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring SHA Authentication
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
authorization
Syntax
Hierarchy Level
Release Information
Description
Options
authorization authorization;
[edit snmp community community-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the access authorization for SNMP Get, GetBulk, GetNext, and Set requests.
authorization—Access authorization level:
•
read-only—Enable Get, GetNext, and GetBulk requests.
•
read-write—Enable all requests, including Set requests. You must configure a view to
enable Set requests.
NOTE: The read-write option is not supported on the QFX3000 QFabric
system.
Default: read-only
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the SNMP Community String on page 169
Copyright © 2014, Juniper Networks, Inc.
281
Network Management and Monitoring on the QFX Series
bucket-size
Syntax
Hierarchy Level
Release Information
Description
Default
Options
Required Privilege
Level
Related
Documentation
bucket-size number;
[edit snmp rmon history index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the sampling of Ethernet statistics for network fault diagnosis, planning, and
performance tuning.
50
number—Number of discrete samples of Ethernet statistics requested.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
categories
Syntax
Hierarchy Level
Release Information
Description
Default
Options
categories {
category;
}
[edit snmp trap-group group-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Define the types of traps that are sent to the targets of the named trap group.
If you omit the categories statement, all trap types are included in trap notifications.
category—Name of a trap type: authentication, chassis, configuration, link,
remote-operations, rmon-alarm, or startup.
Required Privilege
Level
Related
Documentation
282
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring SNMP Trap Groups on page 170
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
client-list
Syntax
Hierarchy Level
Release Information
Description
Options
client-list client-list-name {
ip-addresses;
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Define a list of SNMP clients.
client-list-name—Name of the client list.
ip-addresses—IP addresses of the SNMP clients to be added to the client list,
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Adding a Group of Clients to an SNMP Community on page 171
client-list-name
Syntax
Hierarchy Level
Release Information
client-list-name client-list-name;
[edit snmp community community-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description
Add a client list or prefix list to an SNMP community.
Options
client-list-name—Name of the client list or prefix list.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Adding a Group of Clients to an SNMP Community on page 171
Copyright © 2014, Juniper Networks, Inc.
283
Network Management and Monitoring on the QFX Series
clients
Syntax
Hierarchy Level
Release Information
Description
Default
Options
clients {
address <restrict>;
}
[edit snmp community community-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify the IPv4 or IPv6 addresses of the SNMP client hosts that are authorized to use
this community.
If you omit the clients statement, all SNMP clients using this community string are
authorized to access the switch.
address—Address of an SNMP client that is authorized to access this switch. You must
specify an address, not a hostname. To specify more than one client, include multiple
address options.
restrict—(Optional) Do not allow the specified SNMP client to access the switch.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the SNMP Community String
commit-delay
Syntax
commit-delay seconds;
Hierarchy Level
[edit snmp nonvolatile]
Release Information
Description
Options
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the timer for the SNMP Set reply and start of the commit.
seconds—Delay between an affirmative SNMP Set reply and start of the commit operation.
Default: 5 seconds
Required Privilege
Level
Related
Documentation
284
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Commit Delay Timer
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
community (SNMP)
Syntax
Hierarchy Level
Release Information
Description
community community-name {
authorization authorization;
client-list-name client-list-name;
clients {
address restrict;
}
view view-name;
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Define an SNMP community. An SNMP community authorizes SNMP clients based on
the source IP address of incoming SNMP request packets. A community also defines
which MIB objects are available and the operations (read-only or read-write) allowed
on those objects.
NOTE: The authorization read-write option is not supported on the QFX3000
QFabric system.
The SNMP client application specifies an SNMP community name in Get, GetBulk, GetNext,
and Set SNMP requests.
Default
Options
If you omit the community statement, all SNMP requests are denied.
community-name—Community string. If the name includes spaces, enclose it in quotation
marks (" ").
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the SNMP Community String on page 169
Copyright © 2014, Juniper Networks, Inc.
285
Network Management and Monitoring on the QFX Series
community (RMON)
Syntax
community community-name;
Hierarchy Level
[edit snmp rmon event index]
Release Information
Description
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the SNMP trap group that is used when generating a trap (if the eventType
object is configured to send traps). If that trap group has the rmon-alarm trap category
configured, a trap is sent to all the targets configured for that trap group. The community
string in the trap matches the name of the trap group (and hence, the value of
eventCommunity). If nothing is configured, traps are sent to each group that has the
rmon-alarm category configured.
The event community is not the same as an SNMP community.
Options
Required Privilege
Level
Related
Documentation
286
community-name—Name of the trap group that is used when generating a trap if the
event is configured to send traps.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
community-name (SNMP)
Syntax
Hierarchy Level
Release Information
Description
Options
community-name community-name;
[edit snmp v3 snmp-community community-index]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11. for the QFX Series.
Define an SNMP community to authorize SNMPv1 or SNMPv2c clients in an SNMPv3
system. When you configure a community in SNMPv3, you can also specify a security
name. The access privileges associated with the security name determine which MIB
objects are available and which operations (read, write, or notify) are allowed on those
objects.
community-name—Community string for an SNMPv1 or SNMPv2c community. If
unconfigured, it is the same as the community index. If the name includes spaces,
enclose the name in quotation marks (" ").
NOTE: Community names must be unique. You cannot configure the same
community name at the [edit snmp community] and [edit snmp v3
snmp-community community-index] hierarchy levels.
The community name at the [edit snmp v3 snmp-community community-index]
hierarchy level is encrypted and not displayed in the command-line interface
(CLI).
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the SNMPv3 Community
Copyright © 2014, Juniper Networks, Inc.
287
Network Management and Monitoring on the QFX Series
contact
Syntax
Hierarchy Level
Release Information
Description
Options
contact contact;
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Define the value of the MIB II sysContact object, which is the contact person for the
managed system.
contact—Name of the contact person. If the name includes spaces, enclose it in quotation
marks (" ").
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the System Contact on a Device Running Junos OS
description (SNMP)
Syntax
Hierarchy Level
Release Information
Description
Options
description description;
[edit snmp]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Define the value of the MIB II sysDescription object, which is the description of the system
being managed.
description—System description. If the name includes spaces, enclose it in quotation
marks (" ").
Required Privilege
Level
Related
Documentation
288
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the System Description on a Device Running Junos OS
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
description (RMON)
Syntax
Hierarchy Level
Release Information
Description
Options
description description;
[edit snmp rmon alarm index],
[edit snmp rmon event index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Text description of alarm or event.
description—Text description of an alarm or event entry. If the description includes spaces,
enclose it in quotation marks (" ").
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
destination-port (SNMP)
Syntax
Hierarchy Level
Release Information
destination-port port-number;
[edit snmp trap-group]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description
Assign a trap port number other than the default.
Default
If you omit this statement, the default port is 162.
Options
Required Privilege
Level
Related
Documentation
port-number—SNMP trap port number.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring SNMP Trap Groups on page 170
Copyright © 2014, Juniper Networks, Inc.
289
Network Management and Monitoring on the QFX Series
engine-id
Syntax
Hierarchy Level
Release Information
Description
engine-id {
(local engine-id-suffix | use-default-ip-address | use-mac-address);
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Define a unique identifier for an SNMPv3 engine by configuring the suffix of the engine
ID. The engine ID is used for identification only and not for addressing. There are two
parts of an engine ID: the prefix and the suffix. The prefix is formatted according to the
specifications defined in RFC 3411, An Architecture for Describing Simple Network
Management Protocol (SNMP) Management Frameworks and cannot be configured. The
suffix is configured here.
NOTE: SNMPv3 authentication and encryption keys are generated based on
the associated user passwords and the engine ID. If you configure or change
the engine ID, you must commit the user passwords and new engine ID before
you configure SNMPv3 users, or the authentication will fail.
By default, the engine ID suffix is configured with the MAC address of the
management interface (the use-mac-address option) on the QFX Series. You
can override this configuration by using the local engine-id-suffix or
use-default-ip-address option.
Default
Options
use-mac-address
local engine-id-suffix—The engine ID suffix is set based on the data entered.
use-default-ip-address—The engine ID suffix is generated from the default IP address.
use-mac-address—The engine ID suffix is generated from the MAC address of the
management interface on the switch.
Required Privilege
Level
Related
Documentation
290
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
SNMPv3 Overview on page 69
•
Configuring SNMP on page 165
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
event
Syntax
Hierarchy Level
Release Information
Description
Options
event index {
community community-name;
description description;
type (RMON Notification) type;
}
[edit snmp rmon]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure RMON event entries.
index—Identifier for a specific event entry.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
291
Network Management and Monitoring on the QFX Series
falling-event-index (RMON)
Syntax
Hierarchy Level
Release Information
Description
Options
falling-event-index index;
[edit snmp rmon alarm index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the index number of the event entry that is used when a falling threshold is crossed.
You specify the falling-event index when you configure an SNMP RMON alarm. If this
value is zero, no event is triggered.
index—Index of the event entry that is used when a falling threshold is crossed.
Range: 0 through 65,535
Default: 0
Required Privilege
Level
Related
Documentation
292
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
falling-threshold (Health Monitor)
Syntax
Hierarchy Level
Release Information
Description
Options
falling-threshold percentage;
[edit snmp health-monitor]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the lower threshold for the monitored object when you configure a health monitor
alarm. By setting a rising and a falling threshold for a monitored variable, you can be
alerted whenever the value of the variable falls outside the allowable operational range.
percentage—Lower threshold for the alarm entry.
Range: 1 through 100
Default: 70 percent of the maximum possible value
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
rising-threshold on page 321
•
Configuring Health Monitoring on page 176
Copyright © 2014, Juniper Networks, Inc.
293
Network Management and Monitoring on the QFX Series
falling-threshold (RMON)
Syntax
Hierarchy Level
Release Information
Description
Options
falling-threshold integer;
[edit snmp rmon alarm index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the lower threshold for the sampled variable (monitored object) when you configure
an SNMP RMON alarm. By setting a rising and a falling threshold for a variable, you can
be alerted whenever the value of the variable falls outside the allowable operational
range.
integer—Lower threshold for the alarm entry.
Range: –2,147,483,648 through 2,147,483,647
Default: 20 percent less than the rising-threshold value
Required Privilege
Level
Related
Documentation
294
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
falling-threshold-interval
Syntax
Hierarchy Level
Release Information
Description
Options
falling-threshold-interval seconds;
[edit snmp rmon alarm index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the interval between samples after the rising threshold is exceeded and the value of
the sample starts to drop. If the value of the sample drops and exceeds the falling
threshold, the regular sampling interval is used.
interval—Time between samples, in seconds.
Range: 1 through 2,147,483,647 seconds
Default: 60 seconds
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
filter-duplicates
Syntax
Hierarchy Level
Release Information
Description
Required Privilege
Level
Related
Documentation
filter-duplicates;
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Filter duplicate Get, GetNext, or GetBulk SNMP requests.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
Example: Configuring SNMP on page 130
Copyright © 2014, Juniper Networks, Inc.
295
Network Management and Monitoring on the QFX Series
filter-interfaces
Syntax
Hierarchy Level
Release Information
Description
Options
filter-interfaces {
all-internal-interfaces;
interfaces interface
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Filter out information related to specific interfaces from the output of SNMP Get and
GetNext requests performed on interface-related MIBs.
all-internal-interfaces—Filter out information from SNMP Get and GetNext requests for
all internal interfaces.
interfaces—Filter out information from SNMP Get and GetNext requests for the specified
interface.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Filtering Interface Information Out of SNMP Get and GetNext Output
group (Associating a Security Name)
Syntax
Hierarchy Level
Release Information
Description
Options
group group-name;
[edit snmp v3 vacm security-to-group security-model (usm | v1 | v2c)
security-name security-name]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Associate a security name with a group composed of users with the same access
privileges. The security name is used during authentication of SNMP messages, and is
mapped to a username.
group-name—Collection of SNMP security names that share the same SNMPv3 access
privileges.
Required Privilege
Level
Related
Documentation
296
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Group
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
group (Configuring Access Privileges)
Syntax
Hierarchy Level
Release Information
Description
group group-name {
(default-context-prefix | context-prefix context-prefiix){
security-model (any | usm | v1 | v2c) {
security-level (authentication | none | privacy) {
notify-view view-name;
read-view view-name;
write-view view-name;
}
}
}
}
[edit snmp v3 vacm access]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Assign the security name to a group, and specify the SNMPv3 context applicable to the
group. The default-context-prefix statement, when included, adds all the contexts
configured on the device to the group, whereas the context-prefix context-prefix statement
enables you to specify a context and to add that particular context to the group.
(Not applicable to the QFX Series.) When the context prefix is specified as default (for
example, context-prefix default), the context associated with the master routing instance
is added to the group. To specify a routing instance that is part of a logical system, specify
it as logical system/routing instance. For example, to specify routing instance ri1 in logical
system ls1, include context-prefix ls1/ri1.
The remaining statements under this hierarchy are explained separately.
Options
Required Privilege
Level
Related
Documentation
group-name—SNMPv3 group name created for the SNMPv3 group.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Group
Copyright © 2014, Juniper Networks, Inc.
297
Network Management and Monitoring on the QFX Series
health-monitor
Syntax
Hierarchy Level
Release Information
Description
health-monitor {
falling-threshold percentage;
interval seconds;
rising-threshold percentage;
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure health monitoring.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
298
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring Health Monitoring on page 176
•
Understanding Health Monitoring on page 75
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
history
Syntax
Hierarchy Level
Release Information
Description
history history-index {
bucket-size number;
interface interface-name;
interval seconds;
owner owner-name;
}
[edit snmp rmon]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure RMON history group entries. This RMON feature can be used with the Simple
Network Management Protocol (SNMP) agent on the network to monitor all the traffic
flowing among devices on all connected LAN segments. The RMON history feature
collects statistics in accordance with user-configurable parameters.
The history group controls the periodic statistical sampling of data from various types
of networks. This group contains configuration entries that specify an interface, polling
period, and other parameters. If you use the history statement, you must also configure
the interface interface-name statement.
Options
history-index—Provide a number for this history entry.
Range: 1 through 655535
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp–control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
299
Network Management and Monitoring on the QFX Series
interface (SNMP)
Syntax
Hierarchy Level
Release Information
Description
Default
[edit snmp]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the interfaces on which SNMP requests can be accepted.
If you omit this statement, SNMP requests entering the router or switch through any
interface are accepted.
Options
interface-names—Names of one or more logical interfaces.
Required Privilege
Level
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
Related
Documentation
300
interface [ interface-names ];
•
Configuring the Interfaces on Which SNMP Requests Can Be Accepted on page 172
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
interface (RMON)
Syntax
Hierarchy Level
Release Information
Description
interface interface-name;
[edit snmp rmon history history-index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify the interface to be monitored in the specified RMON history entry.
Only one interface can be specified for a particular RMON history index. There is a
one-to-one relationship between the interface and the history index. The interface must
be specified in order for the RMON history to be created.
Options
interface-name—Specify the interface to be monitored within the specified entry of the
RMON history of Ethernet statistics.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp–control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
interval (Health Monitor)
Syntax
Hierarchy Level
Release Information
Description
Options
interval seconds;
[edit snmp health-monitor]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the interval between sampling of the object being monitored by the health
monitor.
seconds—Time between samples, in seconds.
Range: 1 through 2147483647 seconds
Default: 300 seconds
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring Health Monitoring on page 176
Copyright © 2014, Juniper Networks, Inc.
301
Network Management and Monitoring on the QFX Series
interval (RMON)
Syntax
Hierarchy Level
Release Information
Description
Default
interval seconds;
[edit snmp rmon alarm index],
[edit snmp rmon history index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the interval over which data is to be sampled for the specified alarm or interface.
60 sec for alarm sampling.
1800 sec for history sampling.
Options
Required Privilege
Level
Related
Documentation
302
seconds—Interval at which data is to be sampled for the specified alarm or interface.
snmp—To view this statement in the configuration.
snmp–control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
local-engine
Syntax
Hierarchy Level
Release Information
Description
local-engine {
user username {
authentication-md5 {
authentication-password authentication-password;
}
authentication-none;
authentication-sha {
authentication-password authentication-password;
}
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none {
privacy-password privacy-password;
}
}
}
[edit snmp v3 usm]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure local engine information for the user-based security model (USM).
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Creating SNMPv3 Users on page 176
Copyright © 2014, Juniper Networks, Inc.
303
Network Management and Monitoring on the QFX Series
location
Syntax
Hierarchy Level
Release Information
location location;
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description
Define the value of the MIB II sysLocation object, which is the physical location of the
managed system.
Options
location—Location of the local system. You must enclose the name within quotation
marks (" ").
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the System Location for a Device Running Junos OS
message-processing-model
Syntax
Hierarchy Level
Release Information
Description
Options
message-processing-model (v1 | v2c | v3);
[edit snmp v3 target-parameters target-parameter-name parameters]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the message processing model to be used when generating SNMP notifications.
v1—SNMPv1 message process model.
v2c—SNMPv2c message process model.
v3—SNMPv3 message process model.
Required Privilege
Level
Related
Documentation
304
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Message Processing Model
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
name
Syntax
name name;
Hierarchy Level
[edit snmp]
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the system name from the command-line interface.
name—System name override.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the System Name
nonvolatile
Syntax
Hierarchy Level
Release Information
Description
nonvolatile {
commit-delay seconds;
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure options for SNMP Set requests.
The statement is explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Commit Delay Timer
•
commit-delay
Copyright © 2014, Juniper Networks, Inc.
305
Network Management and Monitoring on the QFX Series
notify
Syntax
Hierarchy Level
Release Information
Description
Options
notify name {
tag tag-name;
type (trap | inform);
}
[edit snmp v3]
Statement introduced before Junos OS Release 7.4.
type inform option added in Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Select management targets for SNMPv3 notifications as well as the type of notifications.
Notifications can be either traps or informs.
name—Name assigned to the notification.
tag-name—Notifications are sent to all targets configured with this tag.
type—Notification type is trap or inform. Traps are unconfirmed notifications. Informs are
confirmed notifications.
Required Privilege
Level
Related
Documentation
306
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Inform Notification Type and Target Address
•
Configuring the SNMPv3 Trap Notification
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
notify-filter (Applying to the Management Target)
Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
notify-filter profile-name;
[edit snmp v3 target-parameters target-parameters-name]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the notify filter applied to a specific set of SNMPv3 target parameters. Target
parameters are the message processing and security parameters for notifications sent
to a target SNMP manager.
profile-name—Name of the notify filter to apply to notifications.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Applying the Trap Notification Filter
notify-filter (Configuring the Profile Name)
Syntax
Hierarchy Level
Release Information
Description
Options
notify-filter profile-name {
oid oid (include | exclude);
}
[edit snmp v3]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify a group of MIB objects for which you define access. The notify filter limits the
type of traps or informs sent to the network management system.
profile-name—Name assigned to the notify filter.
The remaining statement is explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Trap Notification Filter
•
oid (SNMP)
Copyright © 2014, Juniper Networks, Inc.
307
Network Management and Monitoring on the QFX Series
notify-view
Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
notify-view view-name;
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix) security-model (any | usm | v1 | v2c) security-level (authentication | none |
privacy)]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Associate the notify view with a community (for SNMPv1 or SNMPv2c clients) or a group
name (for SNMPv3 clients).
view-name—Name of the view to which the SNMP user group has access.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring MIB Views on page 172
•
Configuring the Notify View
oid
Syntax
Hierarchy Level
Release Information
Description
Options
oid object-identifier (exclude| include);
[edit snmp view view-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify an object identifier (OID) used to represent a subtree of MIB objects.
exclude—Exclude the subtree of MIB objects represented by the specified OID.
include—Include the subtree of MIB objects represented by the specified OID.
object-identifier—OID used to represent a subtree of MIB objects. All MIB objects
represented by this statement have the specified OID as a prefix. You can specify
the OID using either a sequence of dotted integers or a subtree name.
Required Privilege
Level
Related
Documentation
308
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring MIB Views on page 172
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
oid (SNMPv3)
Syntax
Hierarchy Level
Release Information
Description
Options
oid oid (include | exclude);
[edit snmp v3 notify-filter profile-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify an object identifier (OID) used to represent a subtree of MIB objects. This OID is
a prefix that the represented MIB objects have in common.
exclude—Exclude the subtree of MIB objects represented by the specified OID.
include—Include the subtree of MIB objects represented by the specified OID.
oid—Object identifier used to represent a subtree of MIB objects. All MIB objects
represented by this statement have the specified OID as a prefix. You can specify
the OID using either a sequence of dotted integers or a subtree name.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
SNMPv3 Overview on page 69
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
•
Configuring SNMP on page 165
•
Configuring the SNMPv3 Trap Notification
Copyright © 2014, Juniper Networks, Inc.
309
Network Management and Monitoring on the QFX Series
owner
Syntax
Hierarchy Level
Release Information
Description
Options
owner owner-name;
[edit snmp rmon history index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify the user or group responsible for this RMON history configuration.
owner-name—User or group responsible for this configuration.
Range: 0 through 32 alphanumeric characters
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp–control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
parameters
Syntax
Hierarchy Level
Release Information
Description
parameters {
message-processing-model (v1 | v2c | v3);
security-level (none | authentication | privacy);
security-model (usm | v1 | v2c);
security-name security-name;
}
[edit snmp v3 target-parameters target-parameters-name]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure a set of target parameters for message processing and security.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
310
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Defining and Configuring the Trap Target Parameters
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
port (SNMP)
Syntax
Hierarchy Level
Release Information
Description
Default
Options
Required Privilege
Level
Related
Documentation
port port-number;
[edit snmp v3 target-address target-address-name]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure a UDP port number for an SNMP target.
If you omit this statement, the default port is 162.
port-number—Port number for the SNMP target.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Port
Copyright © 2014, Juniper Networks, Inc.
311
Network Management and Monitoring on the QFX Series
privacy-3des
Syntax
Hierarchy Level
Release Information
privacy-3des {
privacy-password privacy-password;
}
[edit snmp v3 usm local-engine user username],
[edit snmp v3 usm remote-engine engine-id user username]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description
Configure the triple Data Encryption Standard (3DES) as the privacy type for the SNMPv3
user.
Options
privacy-password privacy-password—Password that a user enters. The password is then
converted into a key that is used for encryption.
SNMPv3 has special requirements when you create plain-text passwords on a router or
switch:
Required Privilege
Level
Related
Documentation
312
•
The password must be at least eight characters long.
•
The password can include alphabetic, numeric, and special characters, but it cannot
include control characters.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Encryption Type
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
privacy-aes128
Syntax
Hierarchy Level
Release Information
Description
Options
privacy-aes128 {
privacy-password privacy-password;
}
[edit snmp v3 usm local-engine user username],
[edit snmp v3 usm remote-engine engine-id user username]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the Advanced Encryption Standard encryption algorithm (CFB128-AES-128
Privacy Protocol) for the SNMPv3 user.
privacy-password privacy-password—Password that a user enters. The password is then
converted into a key that is used for encryption.
SNMPv3 has special requirements when you create plain-text passwords on a router or
switch:
Required Privilege
Level
Related
Documentation
•
The password must be at least eight characters long.
•
The password can include alphabetic, numeric, and special characters, but it cannot
include control characters.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Encryption Type
Copyright © 2014, Juniper Networks, Inc.
313
Network Management and Monitoring on the QFX Series
privacy-des
Syntax
Hierarchy Level
Release Information
privacy-des {
privacy-password privacy-password;
}
[edit snmp v3 usm local-engine user username],
[edit snmp v3 usm remote-engine engine-id user username]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description
Configure the Data Encryption Standard (DES) as the privacy type for the SNMPv3 user.
Options
privacy-password privacy-password—Password that a user enters. The password is then
converted into a key that is used for encryption.
SNMPv3 has special requirements when you create plain-text passwords on a router or
switch:
Required Privilege
Level
Related
Documentation
•
The password must be at least eight characters long.
•
The password can include alphabetic, numeric, and special characters, but it cannot
include control characters.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Encryption Type
privacy-none
Syntax
Hierarchy Level
Release Information
[edit snmp v3 usm local-engine user username],
[edit snmp v3 usm remote-engine engine-id user username]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description
Configure that no encryption be used for the SNMPv3 user.
Required Privilege
Level
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
Related
Documentation
314
privacy-none;
•
Configuring the Encryption Type
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
privacy-password
Syntax
Hierarchy Level
Release Information
Description
Options
privacy-password privacy-password;
[edit snmp v3 usm local-engine user username privacy-3des],
[edit snmp v3 usm local-engine user username privacy-aes128],
[edit snmp v3 usm local-engine user username privacy-des],
[edit snmp v3 usm remote-engine engine-id user username privacy-3des],
[edit snmp v3 usm remote-engine engine-id user username privacy-aes128],
[edit snmp v3 usm remote-engine engine-id user username privacy-des]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure a privacy password for the SNMPv3 user.
privacy-password—Password that a user enters. The password is then converted into a
key that is used for encryption.
SNMPv3 has special requirements when you create plain-text passwords on a router or
switch:
Required Privilege
Level
Related
Documentation
•
The password must be at least eight characters long.
•
The password can include alphabetic, numeric, and special characters, but it cannot
include control characters.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Encryption Type
Copyright © 2014, Juniper Networks, Inc.
315
Network Management and Monitoring on the QFX Series
read-view
Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
316
read-view view-name;
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix) security-model (any | usm | v1 | v2c) security-level (authentication | none |
privacy)]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Associate the read-only view with a community (for SNMPv1 or SNMPv2c clients) or a
group name (for SNMPv3 clients).
view-name—The name of the view to which the SNMP user group has access.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Read View
•
Configuring MIB Views on page 172
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
remote-engine
Syntax
Hierarchy Level
Release Information
Description
Options
remote-engine engine-id {
user username {
authentication-md5 {
authentication-password authentication-password;
}
authentication-none;
authentication-sha {
authentication-password authentication-password;
}
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none {
privacy-password privacy-password;
}
}
}
[edit snmp v3 usm]
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the remote engine information for the user-based security model (USM). To
send inform messages to an SNMPv3 user on a remote device, you must configure the
engine identifier for the SNMP agent on the remote device where the user resides.
engine-id—Specify engine identifier in hexadecimal format. Used to compute the security
digest for authenticating and encrypting packets sent to a user on the remote host.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Remote Engine and Remote User
Copyright © 2014, Juniper Networks, Inc.
317
Network Management and Monitoring on the QFX Series
request-type
Syntax
Hierarchy Level
Release Information
Description
request-type (get-next-request | get-request | walk-request);
[edit snmp rmon alarm index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Extend monitoring to a specific SNMP object instance (get-request), to all object instances
belonging to a MIB branch (walk-request), or to the next object instance after the instance
specified in the configuration (get-next-request).
Default
walk-request
Options
get-next-request—Perform an SNMP get next request.
get-request—Perform an SNMP get request.
walk-request—Perform an SNMP walk request.
Required Privilege
Level
Related
Documentation
318
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
retry-count (SNMPv3)
Syntax
Hierarchy Level
Release Information
Description
Options
retry-count number;
[edit snmp v3 target-address target-address-name]
Statement introduced in Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the retry count for SNMP informs.
number—Maximum number of times the inform is transmitted if no acknowledgment is
received. If no acknowledgment is received after the inform is transmitted the
maximum number of times, the inform message is discarded.
Default: 3 times
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring SNMP Informs on page 181
•
timeout
Copyright © 2014, Juniper Networks, Inc.
319
Network Management and Monitoring on the QFX Series
rising-event-index
Syntax
Hierarchy Level
Release Information
Description
Options
rising-event-index index;
[edit snmp rmon alarm index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the index of the event entry that is used when a rising alarm threshold is exceeded.
The rising-event index is specified when you configure an SNMP RMON alarm. If this
value is zero, no event is triggered.
index—Index of the event entry that is used when a rising threshold is exceeded.
Range: 0 through 65,535
Default: 0
Required Privilege
Level
Related
Documentation
320
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
rising-threshold (Health Monitor)
Syntax
rising-threshold percentage;
Hierarchy Level
[edit snmp health-monitor]
Release Information
Description
Options
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the upper threshold for the monitored object when you configure a health monitor
alarm. By setting a rising and a falling threshold for a monitored object, you can be alerted
whenever the value of the variable falls outside the allowable operational range.
percentage—Upper threshold for the alarm entry.
Range: 1 through 100
Default: 80 percent of the maximum possible value
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring Health Monitoring on page 176
•
falling-threshold on page 293
Copyright © 2014, Juniper Networks, Inc.
321
Network Management and Monitoring on the QFX Series
rising-threshold (RMON)
Syntax
Hierarchy Level
Release Information
Description
Options
rising-threshold integer;
[edit snmp rmon alarm index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the upper threshold for the sampled variable (monitored object) when you configure
an SNMP RMON alarm. By setting a rising and a falling threshold for a variable, you can
be alerted whenever the value of the variable falls outside the allowable operational
range.
integer—Upper threshold for the alarm entry.
Range: –2,147,483,648 through 2,147,483,647
Required Privilege
Level
Related
Documentation
322
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
rmon
Syntax
Hierarchy Level
Release Information
Description
rmon {
alarm index {
description description;
falling-event-index index;
falling-threshold integer;
falling-threshold-interval seconds;
interval seconds;
request-type;
rising-event-index index;
rising-threshold integer;
sample-type (absolute-value | delta-value);
startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm);
syslog-subtag syslog-subtag;
variable oid-variable;
}
event index {
community community-name;
description description;
type (RMON Notification) type;
}
history history-index {
bucket-size number;
interface interface-name;
interval seconds;
owner owner-name;
}
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Provide comprehensive network fault diagnosis, planning, and performance tuning
information. RMON delivers this information in nine groups of monitoring elements, each
providing specific sets of data to meet common network monitoring requirements. Each
group is optional, so that vendors do not need to support all the groups within the MIB.
Junos OS supports the RMON statistics, history, alarm, and event groups.
The remaining statements are explained separately.
Default
Required Privilege
Level
Related
Documentation
Disabled.
snmp—To view this statement in the configuration.
snmp–control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
Copyright © 2014, Juniper Networks, Inc.
323
Network Management and Monitoring on the QFX Series
•
Junos OS Network Management Configuration Guide
sample-type
Syntax
Hierarchy Level
Release Information
Description
Options
sample-type (absolute-value | delta-value);
[edit snmp rmon alarm index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the method of sampling the selected variable (monitored object). When you
configure an SNMP RMON alarm, you can specify the sample type.
absolute-value—Actual value of the selected variable is used when comparing against
the thresholds.
delta-value—Difference between samples of the selected variable is used when comparing
against the thresholds.
Required Privilege
Level
Related
Documentation
324
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
security-level (Defining Access Privileges)
Syntax
Hierarchy Level
Release Information
Description
Default
Options
security-level (authentication | none | privacy) {
notify-view view-name;
read-view view-name;
write-view view-name;
}
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix) security-model (any | usm | v1 | v2c)]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Define the security level used for access privileges.
none
authentication—Provide authentication but no encryption.
none—No authentication and no encryption.
privacy—Provide authentication and encryption.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Security Level
Copyright © 2014, Juniper Networks, Inc.
325
Network Management and Monitoring on the QFX Series
security-level (Generating SNMP Notifications)
Syntax
Hierarchy Level
Release Information
Description
Default
Options
security-level (authentication | none | privacy);
[edit snmp v3 target-parameters target-parameters-name parameters]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the security level to use when generating SNMP notifications.
none
authentication—Provide authentication but no encryption.
none—No authentication and no encryption.
privacy—Provide authentication and encryption.
Required Privilege
Level
Related
Documentation
326
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Security Level
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
security-model (Access Privileges)
Syntax
Hierarchy Level
Release Information
Description
Options
security-model (usm | v1 | v2c);
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix)]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the security model for an SNMPv3 group. The security model is used to
determine access privileges for the group.
usm—SNMPv3 security model.
v1—SNMPv1 security model.
v2c—SNMPv2c security model.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Security Model
Copyright © 2014, Juniper Networks, Inc.
327
Network Management and Monitoring on the QFX Series
security-model (Group)
Syntax
Hierarchy Level
Release Information
Description
Options
security-model (usm | v1 | v2c) {
security-name security-name {
group group-name;
}
}
[edit snmp v3 vacm security-to-group]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Define a security model for an SNMPv3 group and associate the security name of a user
with the group. All users in the group have the same access privileges.
usm—SNMPv3 security model.
v1—SNMPv1 security model.
v2c—SNMPv2c security model.
Required Privilege
Level
Related
Documentation
328
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Security Model
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
security-model (SNMP Notifications)
Syntax
Hierarchy Level
Release Information
Description
Options
security-model (usm | v1 | v2c);
[edit snmp v3 target-parameters target-parameters-name parameters]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the security model for an SNMPv3 group. The security model is used for SNMP
notifications.
usm—SNMPv3 security model.
v1—SNMPv1 security model.
v2c—SNMPv2c security model.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Security Model
Copyright © 2014, Juniper Networks, Inc.
329
Network Management and Monitoring on the QFX Series
security-name (Community String)
Syntax
Hierarchy Level
Release Information
Description
Options
security-name security-name;
[edit snmp v3 snmp-community community-index]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Associate a community string with the security name of a user. The community string,
which is used for SNMPv1 and SNMPv2c clients in an SNMPv3 system, is configured at
the [edit snmp v3 snmp-community community-index] hierarchy level.
security-name—Name that is used for messaging security and user access control.
NOTE: The security name must match the configured security name at the
[edit snmp v3 target-parameters target-parameters-name parameters] hierarchy
level when you configure traps or informs.
Required Privilege
Level
Related
Documentation
330
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Security Names
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
security-name (Security Group)
Syntax
Hierarchy Level
Release Information
Description
Options
security-name security-name {
group group-name;
}
[edit snmp v3 vacm security-to-group security-model (usm | v1 | v2c)]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Associate the security name of a user (for SNMPv3 clients) or a community string (for
SNMPv1 and SNMPv2c clients) with a configured security group.
security-name—SNMPv3 secure username configured at the [edit snmp v3 usm local-engine
user username] hierarchy level that is used for messaging security. For SNMPv1 and
SNMPv2c, the security name is the community string configured at the [edit snmp
v3 snmp-community community-index] hierarchy level.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Assigning Security Names to Groups
•
Assigning a Security Name to a Group on page 179
Copyright © 2014, Juniper Networks, Inc.
331
Network Management and Monitoring on the QFX Series
security-name (SNMP Notifications)
Syntax
Hierarchy Level
Release Information
Description
Options
security-name security-name;
[edit snmp v3 target-parameters target-parameters-name parameters]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the security name used when generating SNMP notifications.
security-name—If the SNMPv3 USM security model is used, identify the user when
generating the SNMP notification. If the v1 or v2c security models are used, identify
the SNMP community used when generating the notification.
NOTE: The access privileges for the group associated with this security name
must allow this notification to be sent.
If you are using the v1 or v2 security models, the security name at the [edit
snmp v3 vacm security-to-group] hierarchy level must match the security
name at the [edit snmp v3 snmp-community community-index] hierarchy level.
Required Privilege
Level
Related
Documentation
332
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Security Name
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
security-to-group
Syntax
Hierarchy Level
Release Information
Description
security-to-group {
security-model (usm | v1 | v2c) {
group group-name;
security-name security-name;
}
}
[edit snmp v3 vacm]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the group to which a specific SNMPv3 security name belongs. The security
name is used for messaging security.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Assigning Security Model and Security Name to a Group
Copyright © 2014, Juniper Networks, Inc.
333
Network Management and Monitoring on the QFX Series
snmp
Syntax
334
snmp {
client-list client-list-name {
ip-addresses;
}
community community-name {
authorization authorization;
client-list-name client-list-name;
clients {
address restrict;
}
logical-system logical-system-name {
routing-instance routing-instance-name {
clients {
addresses;
}
}
}
routing-instance routing-instance-name {
clients {
addresses;
}
}
view view-name;
}
contact contact;
description description;
filter-duplicates;
filter-interfaces;
health-monitor {
falling-threshold integer;
interval seconds;
rising-threshold integer;
}
interface [ interface-names ];
location location;
name name;
nonvolatile {
commit-delay seconds;
}
rmon {
alarm index {
description description;
falling-event-index index;
falling-threshold integer;
falling-threshold-interval seconds;
interval seconds;
request-type;
rising-event-index index;
rising-threshold integer;
sample-type (absolute-value | delta-value);
startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm);
syslog-subtag syslog-subtag;
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
variable oid-variable;
}
event index {
community community-name;
description description;
type type;
}
history history-index {
bucket-size number;
interface interface-name;
interval seconds;
owner owner-name;
}
}
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable> <match
regular-expression>;
flag flag;
}
trap-group group-name {
categories {
category;
}
destination-port port-number;
routing-instance routing-instance-name;
targets {
address;
}
version (all | v1 | v2);
}
trap-options {
agent-address outgoing-interface;
source-address address;
}
v3 {
notify name {
tag tag-name;
type trap;
}
notify-filter profile-name {
oid object-identifier (include | exclude);
}
snmp-community community-index {
community-name community-name;
security-name security-name;
tag tag-name;
}
target-address target-address-name {
address address;
address-mask address-mask;
logical-system logical-system;
port port-number;
retry-count number;
routing-instance routing-instance-name;
tag-list tag-list;
target-parameters target-parameters-name;
Copyright © 2014, Juniper Networks, Inc.
335
Network Management and Monitoring on the QFX Series
timeout seconds;
}
target-parameters target-parameters-name {
notify-filter profile-name;
parameters {
message-processing-model (v1 | v2c | V3);
security-level (authentication | none | privacy);
security-model (usm | v1 | v2c);
security-name security-name;
}
}
usm {
local-engine {
user username {
authentication-sha {
authentication-password authentication-password;
}
authentication-md5 {
authentication-password authentication-password;
}
authentication-none;
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none;
}
}
remote-engine engine-id {
user username {
authentication-sha {
authentication-password authentication-password;
}
authentication-md5 {
authentication-password authentication-password;
}
authentication-none;
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none {
privacy-password privacy-password;
}
}
}
336
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
}
vacm {
access {
group group-name {
(default-context-prefix | context-prefix context-prefix) {
security-model (any | usm | v1 | v2c) {
security-level (authentication | none | privacy) {
notify-view view-name;
read-view view-name;
write-view view-name;
}
}
}
}
}
security-to-group {
security-model (usm | v1 | v2c) {
security-name security-name {
group group-name;
}
}
}
}
}
view view-name {
oid object-identifier (include | exclude);
}
}
}
Hierarchy Level
Release Information
Description
[edit]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure SNMP.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp–control—To add this statement to the configuration.
•
Understanding the Implementation of SNMP on page 59
•
Configuring SNMP on page 165
Copyright © 2014, Juniper Networks, Inc.
337
Network Management and Monitoring on the QFX Series
snmp-community
Syntax
Hierarchy Level
Release Information
Description
Options
snmp-community community-index {
community-name community-name;
security-name security-name;
tag tag-name;
}
[edit snmp v3]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the SNMP community which authorizes SNMPv1 or SNMPv2c clients in an
SNMPv3 system.
community-index—(Optional) String that identifies an SNMP community.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the SNMPv3 Community
source-address (SNMP)
Syntax
Hierarchy Level
Release Information
Description
Options
source-address address;
[edit snmp trap-options]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the source address of every SNMP trap packet sent by this switch to a single address
regardless of the outgoing interface. If the source address is not specified, the default is
to use the address of the outgoing interface as the source address.
address—Source address of SNMP traps. You can configure the source address of trap
packets two ways: lo0 or a valid IPv4 address configured on one of the interfaces.
The value lo0 indicates that the source address of all SNMP trap packets is set to
the lowest loopback address configured at interface lo0.
Default: Disabled. (The source address is the address of the outgoing interface.)
Required Privilege
Level
Related
Documentation
338
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Source Address for SNMP Traps
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
startup-alarm
Syntax
Hierarchy Level
Release Information
Description
startup-alarm (falling-alarm | rising-alarm | rising-or-falling-alarm);
[edit snmp rmon alarm index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set an initial alarm that is sent after the configured SNMP RMON alarm becomes active.
Default
rising-or-falling-alarm
Options
falling-alarm—Generated if the first sample after the alarm becomes active is equal to
or greater than the falling threshold.
rising-alarm—Generated if the first sample after the alarm becomes active is equal to
or greater than the rising threshold.
rising-or-falling-alarm—Generated if the first sample after the alarm entry becomes
active is equal to or greater than either the rising threshold or the falling threshold.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
339
Network Management and Monitoring on the QFX Series
syslog-subtag
Syntax
Hierarchy Level
Release Information
Description
Required Privilege
Level
Related
Documentation
syslog-subtag syslog-subtag;
[edit snmp rmon alarm index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Add the syslog-subtag tag to the system log message. The tag should not exceed 80
uppercase characters.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
tag (Configuring Notification Targets)
Syntax
Hierarchy Level
Release Information
Description
Options
tag tag-name;
[edit snmp v3 notify name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure a set of target addresses to receive SNMP traps or informs (for IPv4 packets
only).
tag-name—Define the target addresses to which an SNMP notification is sent. Target
addresses containing the same tag in their tag list are sent the same notification.
The tag-name is not included in the notification.
Required Privilege
Level
Related
Documentation
340
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
SNMPv3 Overview on page 69
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
•
Configuring SNMP on page 165
•
Configuring the SNMPv3 Trap Notification
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
tag (Configuring the SNMP Community)
Syntax
Hierarchy Level
Release Information
Description
Options
tag tag-name;
[edit snmp v3 snmp-community community-index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure a set of SNMP managers that are authorized to use a community string.
tag-name—Identify the set of addresses for the SNMP managers authorized to use the
community string.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
SNMPv3 Overview on page 69
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
•
Configuring SNMP on page 165
•
Configuring the SNMPv3 Trap Notification
tag-list
Syntax
Hierarchy Level
Release Information
Description
Options
tag-list tag-list;
[edit snmp v3 target-address target-address-name]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure an SNMP tag list used to select target addresses.
tag-list—Define sets of target addresses (tags). To specify more than one tag, specify
the tag names as a space-separated list enclosed within double quotes.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the Trap Target Address
Copyright © 2014, Juniper Networks, Inc.
341
Network Management and Monitoring on the QFX Series
target-address
Syntax
Hierarchy Level
Release Information
Description
Options
target-address target-address-name {
address address;
address-mask address-mask;
port port-number;
retry-count number;
tag-list tag-list;
target-parameters target-parameters-name;
timeout seconds;
}
[edit snmp v3]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the address of an SNMP management application and the parameters to be
used in sending notifications.
target-address-name—String that identifies the target address.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
342
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Understanding the Implementation of SNMP on page 59
•
SNMP MIBs Support on page 76
•
SNMP Traps Support on page 92
•
snmp on page 334
•
Configuring SNMP on page 165
•
Monitoring SNMP on page 387
•
Example: Configuring SNMP on page 130
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
target-parameters
Syntax
At the [edit snmp v3] hierarchy level:
target-parameters target-parameters-name {
profile-name;
parameters {
message-processing-model (v1 | v2c | V3);
security-level (authentication | none | privacy);
security-model (usm | v1 | v2c);
security-name security-name;
}
}
At the [edit snmp v3 target-address target-address-name] hierarchy level:
target-parameters target-parameters-name;
Hierarchy Level
Release Information
Description
[edit snmp v3]
[edit snmp v3 target-address target-address-name]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the message processing and security parameters for sending notifications to
a particular management target. The target parameters are configured at the [edit snmp
v3] hierarchy level. The remaining statements at this level are explained separately.
Then apply the target parameters configured at the [edit snmp v3 target-parameters
target-parameters-name] hierarchy level to the target address configuration at the [edit
snmp v3] hierarchy level.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Defining and Configuring the Trap Target Parameters
•
Applying Target Parameters
Copyright © 2014, Juniper Networks, Inc.
343
Network Management and Monitoring on the QFX Series
targets
Syntax
Hierarchy Level
Release Information
Description
Options
targets {
address;
}
[edit snmp trap-group group-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure one or more systems to receive SNMP traps.
address—IPv4 or IPv6 address of the system to receive traps. You must specify an address,
not a hostname.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring SNMP Trap Groups on page 170
timeout
Syntax
Hierarchy Level
Release Information
Description
Default
Options
timeout seconds;
[edit snmp v3 target-address target-address-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the timeout period (in seconds) for SNMP informs.
15 seconds
seconds—Number of seconds to wait for an inform acknowledgment. If no
acknowledgment is received within the timeout period, the inform is retransmitted.
Required Privilege
Level
Related
Documentation
344
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Understanding the Implementation of SNMP on page 59
•
Configuring SNMP Informs on page 181
•
retry-count (SNMPv3) on page 319
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
traceoptions (SNMP)
Syntax
Hierarchy Level
Release Information
Description
traceoptions {
file filename <files number> <match regular-expression> <size size> <world-readable |
no-world-readable>;
flag flag;
no-remote-trace;
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Track the activities of SNMP agents on the switch and record the information in log files.
NOTE: The traceoptions statement is not supported on the QFabric system.
The output of the tracing operations is placed into log files in the /var/log directory. Each
log file is named after the SNMP agent that generates it. The following logs are created
in the /var/log directory when the traceoptions statement is used:
Options
•
chassisd
•
craftd
•
ilmid
•
mib2d
•
rmopd
•
serviced
•
snmpd
file filename—By default, the name of the log file that records trace output is the name
of the process being traced (for example, mib2d or snmpd). Use this option to specify
another name.
files number—(Optional) Maximum number of trace files per SNMP subagent. When a
trace file (for example, snmpd) reaches its maximum size, it is archived by being
renamed to snmpd.0. The previous snmpd.1 is renamed to snmpd.2, and so on. The
oldest archived file is deleted.
Range: 2 through 1000 files
Default: 10 files
flag flag—Tracing operation to perform. To specify more than one tracing operation,
include multiple flag statements:
•
all—Log all SNMP events.
Copyright © 2014, Juniper Networks, Inc.
345
Network Management and Monitoring on the QFX Series
•
configuration—Log reading of configuration at the [edit snmp] hierarchy level.
•
database—Log events involving storage and retrieval in the events database.
•
events—Log important events.
•
general—Log general events.
•
interface-stats—Log physical and logical interface statistics.
•
nonvolatile-sets—Log nonvolatile SNMP set request handling.
•
pdu—Log SNMP request and response packets.
•
policy—Log policy processing.
•
protocol-timeouts—Log SNMP response timeouts.
•
routing-socket—Log routing socket calls.
•
server—Log communication with processes that are generating events.
•
subagent—Log subagent restarts.
•
timer-events—Log internally generated events.
•
varbind-error—Log variable binding errors.
match regular-expression—(Optional) Refine the output to include lines that contain
the regular expression.
size size—(Optional) Maximum size, in kilobytes (KB), of each trace file before it is closed
and archived.
Range: 10 KB through 1 GB
Default: 1000 KB
world-readable | no-world-readable—(Optional) By default, log files can be accessed
only by the user who configures the tracing operation. The world-readable option
enables any user to read the file. To explicitly set the default behavior, use the
no-world-readable option.
Required Privilege
Level
Related
Documentation
346
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Understanding Tracing and Logging Operations on page 7
•
Tracing SNMP Activity on a Device Running Junos OS on page 391
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
trap-group
Syntax
Hierarchy Level
Release Information
Description
Options
trap-group group-name {
categories {
category;
}
destination-port port-number;
targets {
address;
}
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for QFX Series switches.
Create a named group of hosts to receive the specified trap notifications. The name of
the trap group is embedded in SNMP trap notification packets as one variable binding
(varbind) known as the community name. At least one trap group must be configured
for SNMP traps to be sent.
group-name—Name of the trap group. If the name includes spaces, enclose it in quotation
marks (" ").
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring SNMP Trap Groups on page 170
Copyright © 2014, Juniper Networks, Inc.
347
Network Management and Monitoring on the QFX Series
trap-options
Syntax
Hierarchy Level
Release Information
Description
trap-options {
agent-address outgoing-interface;
source-address address;
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Using SNMP trap options, you can set the source address of every SNMP trap packet
sent by the router or switch to a single address, regardless of the outgoing interface. In
addition, you can set the agent address of each SNMPv1 trap. For more information about
the contents of SNMPv1 traps, see RFC 1157.
The remaining statements are explained separately.
Default
Required Privilege
Level
Related
Documentation
348
Disabled
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring SNMP Trap Options
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
type (RMON Notification)
Syntax
Hierarchy Level
Release Information
Description
Default
Options
Required Privilege
Level
Related
Documentation
type type;
[edit snmp rmon event index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the type of notification generated when a rising or falling threshold is crossed.
log-and-trap
type—Type of notification. It can be one of the following:
•
log—Add an entry to the logTable object.
•
log-and-trap—Send an SNMP trap and add a log entry.
•
none—No notifications are sent.
•
snmptrap—Send an SNMP trap.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
349
Network Management and Monitoring on the QFX Series
type (SNMPv3)
Syntax
Hierarchy Level
Release Information
Description
Options
type (inform | trap);
[edit snmp v3 notify name]
Statement introduced before Junos OS Release 7.4.
inform option added in Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the type of SNMP notification.
inform—Defines the type of notification as an inform. SNMP informs are confirmed
notifications.
trap—Defines the type of notification as a trap. SNMP traps are unconfirmed notifications.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring SNMP Informs on page 181
•
Configuring the SNMPv3 Trap Notification
user
Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
350
user username;
[edit snmp v3 usm local-engine],
[edit snmp v3 usm remote-engine engine-id]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify a user associated with an SNMPv3 group on a local or remote SNMP engine.
username—SNMPv3 user-based security model (USM) username.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Creating SNMPv3 Users on page 176
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
usm
Syntax
Hierarchy Level
Release Information
usm {
local-engine {
user username {
authentication-md5 {
authentication-password authentication-password;
}
authentication-none;
authentication-sha {
authentication-password authentication-password;
}
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none {
privacy-password privacy-password;
}
}
remote-engine engine-id {
user username {
authentication-md5 {
authentication-password authentication-password;
}
authentication-none;
authentication-sha {
authentication-password authentication-password;
}
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none {
privacy-password privacy-password;
}
}
}
}
}
[edit snmp v3]
Statement introduced before Junos OS Release 7.4.
Copyright © 2014, Juniper Networks, Inc.
351
Network Management and Monitoring on the QFX Series
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description
Configure user-based security model (USM) information.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
352
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Creating SNMPv3 Users on page 176
•
Configuring the Remote Engine and Remote User
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
v3
Syntax
v3 {
notify name {
tag tag-name;
type trap;
}
notify-filter profile-name {
oid object-identifier (include | exclude);
}
snmp-community community-index {
community-name community-name;
security-name security-name;
tag tag-name;
}
target-address target-address-name {
address address;
address-mask address-mask;
port port-number;
retry-count number;
tag-list tag-list;
target-parameters target-parameters-name;
timeout seconds;
}
target-parameters target-parameters-name {
notify-filter profile-name;
parameters {
message-processing-model (v1 | v2c | V3);
security-level (authentication | none | privacy);
security-model (usm | v1 | v2c);
security-name security-name;
}
}
usm {
local-engine {
user username {
authentication-md5 {
authentication-password authentication-password;
}
authentication-sha {
authentication-password authentication-password;
}
authentication-none;
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none;
}
Copyright © 2014, Juniper Networks, Inc.
353
Network Management and Monitoring on the QFX Series
}
remote-engine engine-id {
user username {
authentication-md5 {
authentication-password authentication-password;
}
authentication-sha {
authentication-password authentication-password;
}
authentication-none;
privacy-aes128 {
privacy-password privacy-password;
}
privacy-des {
privacy-password privacy-password;
}
privacy-3des {
privacy-password privacy-password;
}
privacy-none {
privacy-password privacy-password;
}
}
}
}
vacm {
access {
group group-name {
(default-context-prefix | context-prefix context-prefix) {
security-model (any | usm | v1 | v2c) {
security-level (authentication | none | privacy) {
notify-view view-name;
read-view view-name;
write-view view-name;
}
}
}
}
}
security-to-group {
security-model (usm | v1 | v2c) {
security-name security-name {
group group-name;
}
}
}
}
}
Hierarchy Level
Release Information
Description
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure SNMPv3.
The remaining statements are explained separately.
354
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
vacm
Syntax
Hierarchy Level
Release Information
Description
vacm {
access {
group group-name {
(default-context-prefix | context-prefix context-prefix){
security-model (any | usm | v1 | v2c) {
security-level (authentication | none | privacy) {
notify-view view-name;
read-view view-name;
write-view view-name;
}
}
}
}
}
security-to-group {
security-model (usm | v1 | v2c);
security-name security-name {
group group-name;
}
}
}
[edit snmp v3]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure view-based access control model (VACM) information, including access
privileges such as security model and security level for a group of users.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Defining Access Privileges for an SNMP Group
Copyright © 2014, Juniper Networks, Inc.
355
Network Management and Monitoring on the QFX Series
variable
Syntax
Hierarchy Level
Release Information
Description
Options
variable oid-variable;
[edit snmp rmon alarm index]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Set the object identifier (OID) of the MIB object (also called variable) to be monitored
when you configure an SNMP RMON alarm. If the value of the monitored variable exceeds
the configured rising threshold or falling threshold, an alarm is triggered and a
corresponding event may be generated.
oid-variable—OID of the MIB variable that is being monitored. The OID can be a dotted
decimal (for example, 1.3.6.1.2.1.2.1.2.2.1.10.1) or the name of the MIB object—for
example, ifInOctets.1.
Required Privilege
Level
Related
Documentation
356
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Configuring RMON Alarms and Events on page 173
•
Monitoring RMON MIB Tables on page 387
•
Understanding RMON on page 71
•
Junos OS Network Management Configuration Guide
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
version
Syntax
Hierarchy Level
Release Information
Description
version (all | v1 | v2);
[edit snmp trap-group group-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify the version number of SNMP traps.
Default
all—Send an SNMPv1 and SNMPv2 trap for every trap condition.
Options
all—Send an SNMPv1 and SNMPv2 trap for every trap condition.
v1—Send SNMPv1 traps only.
v2—Send SNMPv2 traps only.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring SNMP Trap Groups on page 170
Copyright © 2014, Juniper Networks, Inc.
357
Network Management and Monitoring on the QFX Series
view (Configuring a MIB View)
Syntax
Hierarchy Level
Release Information
Description
view view-name {
oid object-identifier (include | exclude);
}
[edit snmp]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Define a MIB view. A MIB view identifies a group of MIB objects. Each MIB object in a view
has a common OID prefix. Each object identifier represents a subtree of the MIB object
hierarchy. The view statement uses a view to specify a group of MIB objects on which to
define access. To enable a view, you must associate the view with a community by
including the view statement at the [edit snmp community community-name] hierarchy
level.
NOTE: To remove an OID completely, use the delete view all oid oid-number
command but omit the include parameter.
Options
view-name—Name of the view.
The remaining statement is explained separately.
Required Privilege
Level
Related
Documentation
358
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring MIB Views on page 172
•
Associating MIB Views with an SNMP User Group
•
community on page 285
Copyright © 2014, Juniper Networks, Inc.
Chapter 20: Configuration Statements for SNMP
view (Associating MIB View with a Community)
Syntax
Hierarchy Level
Release Information
Description
Options
view view-name;
[edit snmp community community-name]
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Associate a view with a community. A view represents a group of MIB objects.
view-name—Name of the view. You must use a view name already configured in the view
statement at the [edit snmp] hierarchy level.
Required Privilege
Level
Related
Documentation
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring the SNMP Community String
write-view
Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
write-view view-name;
[edit snmp v3 vacm access group group-name (default-context-prefix | context-prefix
context-prefix) security-model (any | usm | v1 | v2c) security-level (authentication | none |
privacy)]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series switches.
Associate the write view with a community (for SNMPv1 or SNMPv2c clients) or a group
name (for SNMPv3 clients).
view-name—Name of the view for which the SNMP user group has write permission.
snmp—To view this statement in the configuration.
snmp-control—To add this statement to the configuration.
•
Configuring MIB Views on page 172
•
Configuring the Write View
Copyright © 2014, Juniper Networks, Inc.
359
Network Management and Monitoring on the QFX Series
360
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 21
Configuration Statements for System Log
Messages
•
archive (All System Log Files) on page 362
•
archive (Individual System Log File) on page 364
•
archive (QFabric System) on page 365
•
console (System Logging) on page 366
•
explicit-priority on page 367
•
facility-override on page 367
•
file (QFabric System) on page 368
•
file (System Logging) on page 369
•
files on page 370
•
host (System) on page 371
•
log-prefix (System) on page 373
•
match on page 373
•
size (System) on page 374
•
structured-data on page 375
•
syslog (System) on page 376
•
syslog (QFabric System) on page 378
•
time-format on page 379
•
user (System Logging) on page 380
Copyright © 2014, Juniper Networks, Inc.
361
Network Management and Monitoring on the QFX Series
archive (All System Log Files)
Syntax
Hierarchy Level
Release Information
Description
Options
archive <files number> <size size> <start-timetime> <transfer-interval interval>
<binary-data | no-binary-data>;
<world-readable | no-world-readable> ;
[edit system syslog]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure archiving properties for all system log files.
files number—Maximum number of archived log files to retain. When the Junos OS logging
utility has written a defined maximum amount of data to a log file logfile, it closes
the file, compresses it, and renames it logfile.0.gz (the amount of data is determined
by the size statement at this hierarchy level). The utility then opens and writes to a
new file called logfile. When the new file reaches the maximum size, the logfile.0.gz
file is renamed to logfile.1.gz, and the new file is closed, compressed, and renamed
logfile.0.gz. By default, the logging facility creates up to ten archive files in this manner.
Once the maximum number of archive files exists, each time the active log file reaches
the maximum size, the contents of the oldest archive file are lost (overwritten by
the next oldest file).
Range: 1 through 1000
Default: 10 files
size size—Maximum amount of data that the Junos OS logging utility writes to a log file
logfile before archiving it (closing it, compressing it, and changing its name to
logfile.0.gz). The utility then opens and writes to a new file called logfile.
Syntax: x k to specify the number of kilobytes, x m for the number of megabytes, or x g
for the number of gigabytes
Range: 64 KB through 1 GB
Default:
•
128 KB for EX Series switches and J Series routers
•
1 MB for M Series, MX Series, and T Series routers, and the QFX3500 switch
•
10 MB for TX Matrix and TX Matrix Plus routers
binary-data | no-binary-data—Mark file as containing binary data. This allows proper
archiving of binary files, such as WTMP files (login records for UNIX based systems)..
Default: no-binary-data
world-readable | no-world-readable—Grant all users permission to read archived log files,
or restrict the permission only to the root user and users who have the Junos OS
maintenance permission.
Default: no-world-readable
362
Copyright © 2014, Juniper Networks, Inc.
Chapter 21: Configuration Statements for System Log Messages
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Specifying Log File Size, Number, and Archiving Properties on page 197
Copyright © 2014, Juniper Networks, Inc.
363
Network Management and Monitoring on the QFX Series
archive (Individual System Log File)
Syntax
Hierarchy Level
Release Information
Description
Options
archive <archive-sites (ftp-url <password password>)> <files number> <size size>
<start-time "YYYY-MM-DD.hh:mm"> <transfer-interval minutes> <world-readable |
no-world-readable>;
[edit system syslog file filename]
Statement introduced before Junos OS Release 7.4.
start-time and transfer-interval statements introduced in Junos OS Release 8.5.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure archiving properties for a specific system log file.
archive-sites site-name—FTP URL representing the destination for the archived log file
(for information about how to specify valid FTP URLs, see Format for Specifying
Filenames and URLs in Junos OS CLI Commands). If more than one site name is
configured, a list of archive sites for the system log files is created. When a file is
archived, the router attempts to transfer the file to the first URL in the list, moving
to the next site only if the transfer does not succeed. The log file is stored at the
archive site with the filename specified at the [edit system syslog] hierarchy level.
files number—Maximum number of archived log files to retain. When the Junos OS logging
utility has written a defined maximum amount of data to a log file logfile, it closes
the file, compresses it, and renames it logfile.0.gz (the amount of data is determined
by the size statement at this hierarchy level). The utility then opens and writes to a
new file called logfile. When the new file reaches the maximum size, the logfile.0.gz
file is renamed to logfile.1.gz, and the new file is closed, compressed, and renamed
logfile.0.gz. By default, the logging facility creates up to ten archive files in this manner.
Once the maximum number of archive files exists, each time the active log file reaches
the maximum size, the contents of the oldest archive file are lost (overwritten by
the next oldest file).
Range: 1 through 1000
Default: 10 files
password password—Password for authenticating with the site specified by the
archive-sites statement.
size size—Maximum amount of data that the Junos OS logging utility writes to a log file
logfile before archiving it (closing it, compressing it, and changing its name to
logfile.0.gz). The utility then opens and writes to a new file called logfile.
Syntax: xk to specify the number of kilobytes, xm for the number of megabytes, or xg
for the number of gigabytes
Range: 64 KB through 1 GB
Default: 128 KB for J Series routers; 1 MB for M Series, MX Series, and T Series routers,
and the QFX3500 switch; 10 MB for TX Matrix and TX Matrix Plus routers
364
Copyright © 2014, Juniper Networks, Inc.
Chapter 21: Configuration Statements for System Log Messages
start-time "YYYY-MM-DD.hh:mm"—Date and time in the local time zone for a one-time
transfer of the active log file to the first reachable site in the list of sites specified by
the archive-sites statement.
transfer-interval interval—Interval at which to transfer the log file to an archive site.
Range: 5 through 2880 minutes
world-readable | no-world-readable—Grant all users permission to read archived log files,
or restrict the permission only to the root user and users who have the Junos OS
maintenance permission.
Default: no-world-readable
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Specifying Log File Size, Number, and Archiving Properties on page 197
archive (QFabric System)
Syntax
Hierarchy Level
archive {
size size;
}
[edit system syslog file filename]
Release Information
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Description
Configure the archiving properties for the system message log file.
Options
size size—Maximum amount of system log message data that the QFabric system stores
in the log file.
Syntax: xk to specify the number of kilobytes, xm for the number of megabytes, or
xg for the number of gigabytes
Range: 65 KB through 1 GB
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
syslog on page 378
Copyright © 2014, Juniper Networks, Inc.
365
Network Management and Monitoring on the QFX Series
console (System Logging)
Syntax
Hierarchy Level
Release Information
Description
Options
console {
facility severity;
}
[edit system syslog]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the logging of system messages to the system console.
facility—Class of messages to log. To specify multiple classes, include multiple facility
severity statements. For a list of the facilities, see Table 35 on page 199.
severity—Severity of the messages that belong to the facility specified by the paired
facility name. Messages with severities of the specified level and higher are logged.
For a list of the severities, see Table 36 on page 200.
Required Privilege
Level
Related
Documentation
366
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Directing System Log Messages to the Console on page 188
•
Junos OS System Log Messages Reference
Copyright © 2014, Juniper Networks, Inc.
Chapter 21: Configuration Statements for System Log Messages
explicit-priority
Syntax
Hierarchy Level
Release Information
Description
explicit-priority;
[edit logical-systems logical-system-name system syslog file filename],
[edit logical-systems logical-system-name system syslog host],
[edit system syslog file filename],
[edit system syslog host]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Record the priority (facility and severity level) in each standard-format system log
message directed to a file or remote destination.
When the structured-data statement is also included at the [edit system syslog
file filename] hierarchy level, this statement is ignored for the file.
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Including Priority Information in System Log Messages on page 190
•
Junos OS System Log Messages Reference
•
structured-data on page 375
facility-override
Syntax
Hierarchy Level
Release Information
Description
Options
facility-override facility;
[edit system syslog host]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Substitute an alternate facility for the default facilities used when messages are directed
to a remote destination.
facility—Alternate facility to substitute for the default facilities. For a list of the possible
facilities, see Table 38 on page 201.
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Changing the Alternative Facility Name for Remote System Log Messages on page 202
•
Junos OS System Log Messages Reference
Copyright © 2014, Juniper Networks, Inc.
367
Network Management and Monitoring on the QFX Series
file (QFabric System)
Syntax
Hierarchy Level
Release Information
Description
Options
file filename {
archive {
size maximum-file-size;
}
explicit-priority;
facility severity;
match "regular-expression";
structured-data {
brief;
}
}
[edit system syslog]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Configure the logging of system messages to a file.
facility—Class of messages to log. To specify multiple classes, include multiple
facility severity statements.
filename—Filename that you specify with the show log command.
Default: Filename messages
severity—Severity of the messages that belong to the facility specified by the paired
facility name. Messages with severities at the specified level and higher are logged.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
368
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
syslog on page 378
Copyright © 2014, Juniper Networks, Inc.
Chapter 21: Configuration Statements for System Log Messages
file (System Logging)
Syntax
Hierarchy Level
Release Information
Description
Options
file filename {
facility severity;
archive {
files number;
size size;
(no-world-readable | world-readable);
}
explicit-priority;
match "regular-expression";
structured-data {
brief;
}
}
[edit system syslog]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the logging of system messages to a file.
facility—Class of messages to log. To specify multiple classes, include multiple
facility severity statements. For a list of the facilities, see Table 35 on page 199.
file filename—File in the severity directory in which to log messages from the specified
facility. To log messages to more than one file, include more than one file statement.
severity—Severity of the messages that belong to the facility specified by the paired
facility name. Messages with severities of the specified level and higher are logged.
For a list of the severities, see Table 36 on page 200.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Directing System Log Messages to a Log File on page 186
•
Junos OS System Log Messages Reference
Copyright © 2014, Juniper Networks, Inc.
369
Network Management and Monitoring on the QFX Series
files
Syntax
Hierarchy Level
Release Information
Description
Options
files number;
[edit system syslog archive],
[edit system syslog file filename archive]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for QFX Series switches.
Configure the maximum number of archived log files to retain. When the Junos OS logging
utility has written a defined maximum amount of data to a log file logfile, it closes the
file, compresses it, and renames it to logfile.0.gz (for information about the maximum
file size, see size). The utility then opens and writes to a new file called logfile. When the
new file reaches the maximum size, the logfile.0.gz file is renamed to logfile.1.gz, and the
new file is closed, compressed, and renamed logfile.0.gz. By default, the logging facility
creates up to ten archive files in this manner. Once the maximum number of archive files
exists, each time the active log file reaches the maximum size, the contents of the oldest
archive file are lost (overwritten by the next oldest file).
number—Maximum number of archived files.
Range: 1 through 1000
Default: 10 files
Required Privilege
Level
Related
Documentation
370
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Specifying Log File Size, Number, and Archiving Properties on page 197
•
Junos OS System Log Messages Reference
•
size on page 374
Copyright © 2014, Juniper Networks, Inc.
Chapter 21: Configuration Statements for System Log Messages
host (System)
Syntax
QFX Series
host (hostname | other-routing-engine) {
facility severity;
exclude-hostname
explicit-priority;
facility-override facility;
log-prefix string;
match "regular-expression";
source-address source-address;
structured-data {
brief;
}
}
host (hostname {
facility severity;
explicit-priority;
facility-override facility;
log-prefix string;
match "regular-expression";
port;
source-address source-address;
}
TX Matrix Router and
EX Series Switches
host (hostname | other-routing-engine | scc-master) {
facility severity;
explicit-priority;
facility-override facility;
log-prefix string;
match "regular-expression";
port;
source-address source-address;
}
TX Matrix Plus Router
host (hostname | other-routing-engine | sfc0-master) {
facility severity;
allow-duplicates;
explicit-priority;
facility-override facility;
log-prefix string;
match "regular-expression";
port;
source-address source-address;
}
Hierarchy Level
Release Information
Description
[edit logical-systems logical-system-name system syslog],
[edit system syslog]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the logging of system messages to a remote destination.
Copyright © 2014, Juniper Networks, Inc.
371
Network Management and Monitoring on the QFX Series
Options
facility—Class of messages to log. To specify multiple classes, include multiple facility
severity statements. For a list of the facilities, see Table 35 on page 199.
hostname—IPv4 address, IPv6 address, or fully qualified hostname of the remote machine
to which to direct messages. To direct messages to multiple remote machines,
include a host statement for each one.
other-routing-engine—Direct messages to the other Routing Engine on a router or switch
with two Routing Engines installed and operational.
NOTE: The other-routing-engine option is not applicable to the QFX Series.
port—Port number of the remote syslog server that can be modified.
scc-master—(TX Matrix routers only) On a T640 router that is part of a routing matrix,
direct messages to the TX Matrix router.
severity—Severity of the messages that belong to the facility specified by the paired
facility name. Messages with severities of the specified level and higher are logged.
For a list of the severities, see Table 36 on page 200.
sfc0-master—(TX Matrix Plus routers only) On a T1600 or T4000 router that is part of
a routing matrix, direct messages to the TX Matrix Plus router.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
372
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Directing System Log Messages to a Remote Machine or the Other Routing Engine
•
Directing Messages to a Remote Destination from the Routing Matrix Based on the TX
Matrix Router
•
Directing Messages to a Remote Destination from the Routing Matrix Based on a TX
Matrix Plus Router
•
Junos OS System Log Messages Reference
Copyright © 2014, Juniper Networks, Inc.
Chapter 21: Configuration Statements for System Log Messages
log-prefix (System)
Syntax
Hierarchy Level
log-prefix string;
[edit system syslog host]
Release Information
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description
Include a text string in each message directed to a remote destination.
Options
Required Privilege
Level
Related
Documentation
string—Text string to include in each message.
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Adding a Text String to System Log Messages on page 185
•
Junos OS System Log Messages Reference
match
Syntax
Hierarchy Level
Release Information
Description
Required Privilege
Level
Related
Documentation
match "regular-expression";
[edit logical-systems logical-system-name system syslog file filename],
[edit logical-systems logical-system-name system syslog user (username | *)],
[edit system syslog file filename],
[edit system syslog host hostname | other-routing-engine| scc-master)],
[edit system syslog user (username | *)]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Specify a text string that must (or must not) appear in a message for the message to be
logged to a destination.
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Using Regular Expressions to Refine the Set of Logged Messages on page 204
Copyright © 2014, Juniper Networks, Inc.
373
Network Management and Monitoring on the QFX Series
size (System)
Syntax
Hierarchy Level
Release Information
Description
Options
size size;
[edit system syslog archive],
[edit system syslog file filename archive]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the maximum amount of data that the Junos OS logging utility writes to a log
file logfile before archiving it (closing it, compressing it, and changing its name to
logfile.0.gz). The utility then opens and writes to a new file called logfile. For information
about the number of archive files that the utility creates in this way, see files.
size—Maximum size of each system log file, in kilobytes (KB), megabytes (MB), or
gigabytes (GB).
Syntax: xk to specify the number of kilobytes, xm for the number of megabytes, or xg
for the number of gigabytes
Range: 64 KB through 1 GB
Default: 1 MB for MX Series routers and the QFX Series
Required Privilege
Level
Related
Documentation
374
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Specifying Log File Size, Number, and Archiving Properties on page 197
•
Junos OS System Log Messages Reference
•
files on page 370
Copyright © 2014, Juniper Networks, Inc.
Chapter 21: Configuration Statements for System Log Messages
structured-data
Syntax
Hierarchy Level
Release Information
Description
structured-data {
brief;
}
[edit logical-systems logical-system-name system syslog file filename],
[edit system syslog file filename]
Statement introduced in Junos OS Release 8.3.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Write system log messages to the log file in structured-data format, which complies with
Internet draft draft-ietf-syslog-protocol-23, The syslog Protocol
(http://tools.ietf.org/html/draft-ietf-syslog-protocol-23).
NOTE: When this statement is included, other statements that specify the
format for messages written to the file are ignored (the explicit-priority
statement at the [edit system syslog file filename] hierarchy level and the
time-format statement at the [edit system syslog] hierarchy level).
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Logging Messages in Structured-Data Format
•
Junos OS System Log Messages Reference
•
explicit-priority on page 367
•
time-format on page 379
Copyright © 2014, Juniper Networks, Inc.
375
Network Management and Monitoring on the QFX Series
syslog (System)
Syntax
Hierarchy Level
376
syslog {
archive {
(binary-data| no-binary-data);
files number;
size maximum-file-size;
start-time "YYYY-MM-DD.hh:mm";
transfer-interval minutes;
(world-readable | no-world-readable);
}
console {
facility severity;
}
file filename {
facility severity;
explicit-priority;
match "regular-expression";
archive {
(binary-data| no-binary-data);
files number;
size maximum-file-size;
start-time "YYYY-MM-DD.hh:mm";
transfer-interval minutes;
(world-readable | no-world-readable);
}
structured-data {
brief;
}
}
host (hostname | other-routing-engine | scc-master) {
facility severity;
explicit-priority;
facility-override facility;
log-prefix string;
match "regular-expression";
source-address source-address;
structured-data {
brief;
}
port port number;
}
log-rotate-frequency frequency;
server server name;
source-address source-address;
time-format(millisecond | year | year millisecond);
user (username | *) {
facility severity;
match "regular-expression";
}
}
[edit logical-systems logical-system-name system],
[edit system]
Copyright © 2014, Juniper Networks, Inc.
Chapter 21: Configuration Statements for System Log Messages
Release Information
Description
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Support at the [edit logical-systems logical-system-name system] hierarchy level
introduced in Junos OS Release 11.4.
Configure the types of system log messages to send to files, to a remote destination, to
user terminals, or to the system console.
The remaining statements are explained separately.
Options
archive—Define parameters for archiving log messages.
console—Send log messages of a specified class and severity to the console.
file—Send log messages to a named file.
host —Remote location to be notified of specific log messages.
log-rotate-frequency—Configure the interval for checking logfile size and archiving
messages.
server—Name of the system log server in the inet.0 routing instance.
source-address—Include a specified address as the source address for log messages.
time-format—Additional information to include in the system log time stamp.
user—Notify a specific user of the log event.
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Junos OS System Log Configuration Overview
•
Junos OS System Log Messages Reference
•
Overview of Single-Chassis System Logging Configuration on page 107
Copyright © 2014, Juniper Networks, Inc.
377
Network Management and Monitoring on the QFX Series
syslog (QFabric System)
Syntax
Hierarchy Level
Release Information
Description
syslog {
file filename {
archive {
size maximum-file-size;
}
explicit-priority;
facility severity;
match "regular-expression";
structured-data;
}
filter all {
facility severity;
match "regular-expression";
}
host hostname {
explicit-priority;
facility severity;
facility-override facility;
log-prefix string;
match "regular-expression";
structured-data;
}
}
[edit system]
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Configure system log messages for the QFabric system.
The remaining statements are explained separately.
Required Privilege
Level
Related
Documentation
378
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Understanding the Implementation of System Log Messages on the QFabric System
on page 109
•
Directing System Log Messages to a Remote Machine on page 186
Copyright © 2014, Juniper Networks, Inc.
Chapter 21: Configuration Statements for System Log Messages
time-format
Syntax
Hierarchy Level
Release Information
Description
time-format (year | millisecond | year millisecond);
[edit system syslog]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Include the year, the millisecond, or both, in the timestamp on every standard-format
system log message. The additional information is included for messages directed to
each destination configured by a file, console, or user statement at the [edit system syslog]
hierarchy level. As of Junos OS Release 11.4, the additional time information is also sent
to destinations configured by a host statement.
By default, the timestamp specifies the month, date, hour, minute, and second when the
message was logged—for example, Aug 21 12:36:30. However, the timestamp for
traceoption messages is specified in milliseconds by default, and is independent of the
[edit system syslog time-format] statement.
NOTE: When the structured-data statement is included at the [edit system
syslog file filename] hierarchy level, this statement is ignored for the file.
Options
millisecond—Include the millisecond in the timestamp.
year—Include the year in the timestamp.
Required Privilege
Level
Related
Documentation
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Including the Year or Millisecond in Timestamps
•
Junos OS System Log Messages Reference
•
structured-data on page 375
Copyright © 2014, Juniper Networks, Inc.
379
Network Management and Monitoring on the QFX Series
user (System Logging)
Syntax
Hierarchy Level
Release Information
Description
Options
user (username | *) {
facility severity;
match "regular-expression";
}
[edit system syslog]
Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Configure the logging of system messages to user terminals.
* (the asterisk)—Log messages to the terminal sessions of all users who are currently
logged in.
facility—Class of messages to log. To specify multiple classes, include multiple facility
severity statements. For a list of the facilities, see Table 35 on page 199.
severity—Severity of the messages that belong to the facility specified by the paired
facility name. Messages with severities the specified level and higher are logged. For
a list of the severities, see Table 36 on page 200.
username—Junos OS login name of the user whose terminal session is to receive system
log messages. To log messages to more than one user’s terminal session, include
more than one user statement.
The remaining statement is explained separately.
Required Privilege
Level
Related
Documentation
380
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
•
Directing System Log Messages to a User Terminal on page 187
•
Junos OS System Logging Facilities and Message Severity Levels on page 199
•
Junos OS System Log Messages Reference
Copyright © 2014, Juniper Networks, Inc.
PART 4
Administration
•
Monitoring Tasks on page 383
•
Commands for General Monitoring on page 399
•
Commands for Network Analytics on page 415
•
Commands for sFlow Technology on page 435
•
Commands for SNMP on page 443
•
Commands for Syslog on page 477
Copyright © 2014, Juniper Networks, Inc.
381
Network Management and Monitoring on the QFX Series
382
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 22
Monitoring Tasks
•
Displaying a Log File from a Single-Chassis System on page 383
•
Monitoring Traffic Through the Router or Switch on page 384
•
Monitoring RMON MIB Tables on page 387
•
Monitoring SNMP on page 387
•
Monitoring System Log Messages on page 389
•
Pinging Hosts on page 390
•
Tracing SNMP Activity on a Device Running Junos OS on page 391
•
Using the Enterprise-Specific Utility MIB to Enhance SNMP Coverage on page 394
•
Displaying Commit Script Output on page 396
Displaying a Log File from a Single-Chassis System
To display a log file stored on a single-chassis system such as the QFX3500 switch, enter
Junos OS CLI operational mode and issue the following commands:
user@switch> show log log-filename
user@switch> file show log-file-pathname
By default, the commands display the file stored on the local Routing Engine.
The following example shows the output from the show log messages command:
user@switch1> show log messages
Nov 4 11:30:01 switch1 newsyslog[2283]: logfile turned over due to size>128K
Nov 4 11:30:01 switch1 newsyslog[2283]: logfile turned over due to size>128K
Nov 4 11:30:06 switch1 chassism[952]: CM ENV Monitor: set fan speed is 65 percent
for Fan 1
Nov 4 11:30:06 switch1 chassism[952]: CM ENV Monitor: set fan speed is 65 percent
for Fan 2
Nov 4 11:30:06 switch1 chassism[952]: CM ENV Monitor: set fan speed is 65 percent
for Fan 3
...
Nov 4 11:52:53 switch1 snmpd[944]: SNMPD_HEALTH_MON_INSTANCE: Health Monitor:
jroute daemon memory usage (Management
process): new instance detected (variable: sysApplElmtRunMemory.5.6.2293)
Nov 4 11:52:53 switch1 snmpd[944]: SNMPD_HEALTH_MON_INSTANCE: Health Monitor:
jroute daemon memory usage (Command-line
interface): new instance detected (variable: sysApplElmtRunMemory.5.8.2292)
...
Nov 4 12:08:30 switch1 rpdf[957]: task_connect: task BGP_100.10.10.1.6+179 addr
Copyright © 2014, Juniper Networks, Inc.
383
Network Management and Monitoring on the QFX Series
10.10.1.6+179: Can't assign requested
address
Nov 4 12:08:30 switch1 rpdf[957]: bgp_connect_start: connect 10.10.1.6 (Internal
AS 100): Can't assign requested address
Nov 4 12:10:24 switch1 mgd[2293]: UI_CMDLINE_READ_LINE: User 'jsmith', command
'exit '
Nov 4 12:10:27 switch1 mgd[2293]: UI_DBASE_LOGOUT_EVENT: User 'jsmith' exiting
configuration mode
Nov 4 12:10:31 switch1 mgd[2293]: UI_CMDLINE_READ_LINE: User 'jsmith', command
'show log messages
The following example shows the output from the file show command. The file in the
pathname /var/log/processes has been previously configured to include messages from
the daemon facility.
user@switch1> file show /var/log/processes
Feb 22 08:58:24 switch1 snmpd[359]: SNMPD_TRAP_WARM_START: trap_generate_warm:
SNMP trap: warm start
Feb 22 20:35:07 switch1 snmpd[359]: SNMPD_THROTTLE_QUEUE_DRAINED:
trap_throttle_timer_handler: cleared all throttled traps
Feb 23 07:34:56 switch1 snmpd[359]: SNMPD_TRAP_WARM_START: trap_generate_warm:
SNMP trap: warm start
Feb 23 07:38:19 switch1 snmpd[359]: SNMPD_TRAP_COLD_START: trap_generate_cold:
SNMP trap: cold start
...
Related
Documentation
•
Interpreting Messages Generated in Standard Format on page 196
•
Interpreting Messages Generated in Structured-Data Format on page 193
Monitoring Traffic Through the Router or Switch
To help with the diagnosis of a problem, display real-time statistics about the traffic
passing through physical interfaces on the router or switch.
To display real-time statistics about physical interfaces, perform these tasks:
1.
Displaying Real-Time Statistics About All Interfaces on the Router or Switch on page 384
2. Displaying Real-Time Statistics About an Interface on the Router or Switch on page 385
Displaying Real-Time Statistics About All Interfaces on the Router or Switch
Purpose
Display real-time statistics about traffic passing through all interfaces on the router or
switch.
Action
To display real-time statistics about traffic passing through all interfaces on the router
or switch:
user@host> monitor interface traffic
Sample Output
user@host> monitor interface traffic
host name
Seconds: 15
Interface
Link Input packets
so-1/0/0
Down
0
384
(pps)
(0)
Time: 12:31:09
Output packets
0
(pps)
(0)
Copyright © 2014, Juniper Networks, Inc.
Chapter 22: Monitoring Tasks
so-1/1/0
Down
0
(0)
0
(0)
so-1/1/1
Down
0
(0)
0
(0)
so-1/1/2
Down
0
(0)
0
(0)
so-1/1/3
Down
0
(0)
0
(0)
t3-1/2/0
Down
0
(0)
0
(0)
t3-1/2/1
Down
0
(0)
0
(0)
t3-1/2/2
Down
0
(0)
0
(0)
t3-1/2/3
Down
0
(0)
0
(0)
so-2/0/0
Up
211035
(1)
36778
(0)
so-2/0/1
Up
192753
(1)
36782
(0)
so-2/0/2
Up
211020
(1)
36779
(0)
so-2/0/3
Up
211029
(1)
36776
(0)
so-2/1/0
Up
189378
(1)
36349
(0)
so-2/1/1
Down
0
(0)
18747
(0)
so-2/1/2
Down
0
(0)
16078
(0)
so-2/1/3
Up
0
(0)
80338
(0)
at-2/3/0
Up
0
(0)
0
(0)
at-2/3/1
Down
0
(0)
0
(0)
Bytes=b, Clear=c, Delta=d, Packets=p, Quit=q or ESC, Rate=r, Up=^U, Down=^D
Meaning
The sample output displays traffic data for active interfaces and the amount that each
field has changed since the command started or since the counters were cleared by using
the C key. In this example, the monitor interface command has been running for 15 seconds
since the command was issued or since the counters last returned to zero.
Displaying Real-Time Statistics About an Interface on the Router or Switch
Purpose
Action
Display real-time statistics about traffic passing through an interface on the router or
switch.
To display traffic passing through an interface on the router or switch, use the following
Junos OS CLI operational mode command:
user@host> monitor interface interface-name
Sample Output
user@host> monitor interface so-0/0/1
Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i'
R1
Interface: so-0/0/1, Enabled, Link is Up
Encapsulation: PPP, Keepalives, Speed: OC3 Traffic statistics:
Input bytes:
5856541 (88 bps)
Output bytes:
6271468 (96 bps)
Input packets:
157629 (0 pps)
Output packets:
157024 (0 pps)
Encapsulation statistics:
Input keepalives:
42353
Output keepalives:
42320
LCP state: Opened
Error statistics:
Input errors:
0
Input drops:
0
Input framing errors:
0
Input runts:
0
Input giants:
0
Policed discards:
0
L3 incompletes:
0
Copyright © 2014, Juniper Networks, Inc.
385
Network Management and Monitoring on the QFX Series
L2 channel errors:
L2 mismatch timeouts:
Carrier transitions:
Output errors:
Output drops:
Aged packets:
Active alarms : None
Active defects: None
SONET error counts/seconds:
LOS count
LOF count
SEF count
ES-S
SES-S
SONET statistics:
BIP-B1
BIP-B2
REI-L
BIP-B3
REI-P
Received SONET overhead: F1
Meaning
0
0
1
0
0
0
1
1
1
77
77
0
0
0
0
0
: 0x00
J0
: 0xZ
The sample output shows the input and output packets for a particular SONET interface
(so-0/0/1). The information can include common interface failures, such as SONET/SDH
and T3 alarms, loopbacks detected, and increases in framing errors. For more information,
see Checklist for Tracking Error Conditions.
To control the output of the command while it is running, use the keys shown in
Table 40 on page 386.
Table 40: Output Control Keys for the monitor interface Command
Action
Key
Display information about the next interface. The monitor interface command
scrolls through the physical or logical interfaces in the same order that they
are displayed by the show interfaces terse command.
N
Display information about a different interface. The command prompts you
for the name of a specific interface.
I
Freeze the display, halting the display of updated statistics.
F
Thaw the display, resuming the display of updated statistics.
T
Clear (zero) the current delta counters since monitor interface was started. It
does not clear the accumulative counter.
C
Stop the monitor interface command.
Q
See the CLI Explorer for details on using match conditions with the monitor traffic
command.
386
Copyright © 2014, Juniper Networks, Inc.
Chapter 22: Monitoring Tasks
Monitoring RMON MIB Tables
Purpose
Action
Monitor remote monitoring (RMON) alarm, event, and log tables.
To display the RMON tables:
user@switch> show snmp rmon
Alarm
Index Variable description
5 monitor
jnxOperatingCPU.9.1.0.0
Value State
5 falling threshold
Event
Index Type
Last Event
1 log and trap
2010-07-10 11:34:17 PDT
Event Index: 1
Description: Event 1 triggered by Alarm 5, rising threshold (90) crossed,
(variable: jnxOperatingCPU.9.1.0.0, value: 100)
Time: 2010-07-10 11:34:07 PDT
Description: Event 1 triggered by Alarm 5, falling threshold (75) crossed,
(variable: jnxOperatingCPU.9.1.0.0, value: 5)
Time: 2010-07-10 11:34:17 PDT
Meaning
Related
Documentation
The display shows that an alarm has been defined to monitor jnxRmon MIB object
jnxOperatingCPU, which represents the CPU utilization of the Routing Engine. The alarm
is configured to generate an event that sends an SNMP trap and adds an entry to the
logTable in the RMON MIB. The log table shows that two occurrences of the event have
been generated—one for rising above a threshold of 90 percent, and one for falling below
a threshold of 75 percent.
•
Configuring RMON Alarms and Events on page 173
•
show snmp rmon on page 465
•
show snmp rmon history on page 469
•
clear snmp statistics on page 445
•
clear snmp history on page 444
Monitoring SNMP
There are several commands that you can access in Junos OS operational mode to
monitor SNMP information. Some of the commands are:
•
show snmp health-monitor, which displays the health monitor log and alarm information.
•
show snmp mib, which displays information from the MIBs, such as device and system
information.
Copyright © 2014, Juniper Networks, Inc.
387
Network Management and Monitoring on the QFX Series
•
show snmp statistics, which displays SNMP statistics such as the number of packets,
silent drops, and invalid output values.
•
show snmp rmon, which displays the RMON alarm, event, history, and log information
The following example provides sample output from the show snmp health-monitor
command:
user@switch> show snmp health-monitor
Alarm
Index Variable description
Value State
32768 Health Monitor: root file system utilization
jnxHrStoragePercentUsed.1
58 active
32769 Health Monitor: /config file system utilization
jnxHrStoragePercentUsed.2
0 active
32770 Health Monitor: RE 0 CPU utilization
jnxOperatingCPU.9.1.0.0
0 active
32773 Health Monitor: RE 0 Memory utilization
jnxOperatingBuffer.9.1.0.0
35 active
32775 Health Monitor: jkernel daemon CPU utilization
Init daemon
Chassis daemon
Firewall daemon
Interface daemon
SNMP daemon
MIB2 daemon
...
0
50
0
5
11
42
active
active
active
active
active
active
The following example provides sample output from the show snmp mib command:
user@switch> show snmp mib walk system
sysDescr.0
= Juniper Networks, Inc. qfx3500s internet router, kernel
JUNOS 11.1-20100926.0 #0: 2010-09-26 06:17:38 UTC builder@abc.juniper.net:
/volume/build/junos/11.1/production/20100926.0/obj-xlr/bsd/sys/compile/JUNIPER-xxxxx
Build date: 2010-09-26 06:00:10 U
sysObjectID.0 = jnxProductQFX3500
sysUpTime.0
= 24444184
sysContact.0 = J Smith
sysName.0
= Lab QFX3500
sysLocation.0 = Lab
sysServices.0 = 4
The following example provides sample output from the show snmp statistics command:
user@switch> show snmp statistics
SNMP statistics:
Input:
Packets: 0, Bad versions: 0, Bad community names: 0,
Bad community uses: 0, ASN parse errors: 0,
Too bigs: 0, No such names: 0, Bad values: 0,
Read onlys: 0, General errors: 0,
388
Copyright © 2014, Juniper Networks, Inc.
Chapter 22: Monitoring Tasks
Total request varbinds: 0, Total set varbinds: 0,
Get requests: 0, Get nexts: 0, Set requests: 0,
Get responses: 0, Traps: 0,
Silent drops: 0, Proxy drops: 0, Commit pending drops: 0,
Throttle drops: 0, Duplicate request drops: 0
Output:
Packets: 0, Too bigs: 0, No such names: 0,
Bad values: 0, General errors: 0,
Get requests: 0, Get nexts: 0, Set requests: 0,
Get responses: 0, Traps: 0
Related
Documentation
•
health-monitor on page 298
•
show snmp mib on page 462
•
show snmp statistics on page 470
Monitoring System Log Messages
Purpose
Action
Display system log messages about the QFX Series. By looking through a system log file
for any entries pertaining to the interface that you are interested in, you can further
investigate a problem with an interface on the switch.
To view system log messages:
user@switch1> show log messages
Sample Output
Nov 4 11:30:01 switch1 newsyslog[2283]: logfile turned over due to size>128K
Nov 4 11:30:01 switch1 newsyslog[2283]: logfile turned over due to size>128K
Nov 4 11:30:06 switch1 chassism[952]: CM ENV Monitor: set fan speed is 65 percent
for Fan 1
Nov 4 11:30:06 switch1 chassism[952]: CM ENV Monitor: set fan speed is 65 percent
for Fan 2
Nov 4 11:30:06 switch1 chassism[952]: CM ENV Monitor: set fan speed is 65 percent
for Fan 3
...
Nov 4 11:52:53 switch1 snmpd[944]: SNMPD_HEALTH_MON_INSTANCE: Health Monitor:
jroute daemon
memory usage (Management process): new instance detected (variable:
sysApplElmtRunMemory.5.6.2293)
Nov 4 11:52:53 switch1 snmpd[944]: SNMPD_HEALTH_MON_INSTANCE: Health Monitor:
jroute daemon
memory usage (Command-line interface): new instance detected (variable:
sysApplElmtRunMemory.5.8.2292)
...
Nov 4 12:10:24 switch1 mgd[2293]: UI_CMDLINE_READ_LINE: User 'jsmith', command
'exit '
Nov 4 12:10:27 switch1 mgd[2293]: UI_DBASE_LOGOUT_EVENT: User 'jsmith' exiting
configuration mode
Nov 4 12:10:31 switch1 mgd[2293]: UI_CMDLINE_READ_LINE: User 'jsmith', command
'show log messages
Meaning
The sample output shows the following entries in the messages file:
Copyright © 2014, Juniper Networks, Inc.
389
Network Management and Monitoring on the QFX Series
Related
Documentation
•
A new log file was created when the previous file reached the maximum size of
128 kilobytes (KB).
•
The fan speed for Fan 1, 2, and 3 is set at 65 percent.
•
Health monitoring activity is detected.
•
CLI commands were entered by the user jsmith.
•
Overview of Junos OS System Log Messages on page 107
•
Understanding the Implementation of System Log Messages on the QFabric System
on page 109
•
Example: Configuring System Log Messages on page 124
•
clear log
•
show log on page 478
•
syslog on page 376
Pinging Hosts
Purpose
Action
Use the CLI ping command to verify that a host can be reached over the network. This
command is useful for diagnosing host and network connectivity problems. The switch
sends a series of Internet Control Message Protocol (ICMP) echo (ping) requests to a
specified host and receives ICMP echo responses.
To use the ping command to send four requests (ping count) to host3:
ping host count number
Sample Output
ping host3 count 4
user@switch> ping host3 count 4
PING host3.site.net (176.26.232.111): 56
64 bytes from 176.26.232.111: icmp_seq=0
64 bytes from 176.26.232.111: icmp_seq=1
64 bytes from 176.26.232.111: icmp_seq=2
64 bytes from 176.26.232.111: icmp_seq=3
data bytes
ttl=122 time=0.661
ttl=122 time=0.619
ttl=122 time=0.621
ttl=122 time=0.634
ms
ms
ms
ms
--- host3.site.net ping statistics --4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.619/0.634/0.661/0.017 ms
Meaning
390
•
The ping results show the following information:
•
Size of the ping response packet (in bytes).
•
IP address of the host from which the response was sent.
•
Sequence number of the ping response packet. You can use this value to match the
ping response to the corresponding ping request.
•
Time-to-live (ttl) hop-count value of the ping response packet.
Copyright © 2014, Juniper Networks, Inc.
Chapter 22: Monitoring Tasks
Related
Documentation
•
Total time between the sending of the ping request packet and the receiving of the
ping response packet, in milliseconds. This value is also called round-trip time.
•
Number of ping requests (probes) sent to the host.
•
Number of ping responses received from the host.
•
Packet loss percentage.
•
Round-trip time statistics: minimum, average, maximum, and standard deviation of
the round-trip time.
•
Troubleshooting Overview on page 485
•
Understanding Troubleshooting Resources on page 483
Tracing SNMP Activity on a Device Running Junos OS
SNMP tracing operations track activity for SNMP agents and record the information in
log files. The logged error descriptions provide detailed information to help you solve
problems faster.
By default, Junos OS does not trace any SNMP activity. If you include the traceoptions
statement at the [edit snmp] hierarchy level, the default tracing behavior is:
•
Important activities are logged in files located in the /var/log directory. Each log is
named after the SNMP agent that generates it. Currently, the following log files are
created in the /var/log directory when the traceoptions statement is used:
•
chassisd
•
craftd
•
ilmid
•
mib2d
•
rmopd
•
serviced
•
snmpd
•
When a trace file named filename reaches its maximum size, it is renamed filename.0,
then filename.1, and so on, until the maximum number of trace files is reached. Then
the oldest trace file is overwritten. (For more information about how log files are created,
see the Junos OS System Log Messages Reference.)
•
Log files can be accessed only by the user who configured the tracing operation.
You cannot change the directory (/var/log) in which trace files are located. However,
you can customize the other trace file settings by including the following statements at
the [edit snmp] hierarchy level:
[edit snmp]
traceoptions {
Copyright © 2014, Juniper Networks, Inc.
391
Network Management and Monitoring on the QFX Series
file <files number> <match regular-expression> <size size> <world-readable |
no-world-readable>;
flag flag;
no-remote-trace;
}
These statements are described in the following sections:
•
Configuring the Number and Size of SNMP Log Files on page 392
•
Configuring Access to the Log File on page 392
•
Configuring a Regular Expression for Lines to Be Logged on page 392
•
Configuring the Trace Operations on page 393
Configuring the Number and Size of SNMP Log Files
By default, when the trace file reaches 128 kilobytes (KB) in size, it is renamed filename.0,
then filename.1, and so on, until there are three trace files. Then the oldest trace file
(filename.2) is overwritten.
You can configure the limits on the number and size of trace files by including the following
statements at the [edit snmp traceoptions] hierarchy level:
[edit snmp traceoptions]
file files number size size;
For example, set the maximum file size to 2 MB, and the maximum number of files to 20.
When the file that receives the output of the tracing operation (filename) reaches 2 MB,
filename is renamed filename.0, and a new file called filename is created. When the new
filename reaches 2 MB, filename.0 is renamed filename.1 and filename is renamed
filename.0. This process repeats until there are 20 trace files. Then the oldest file
(filename.19) is overwritten by the newest file (filename.0).
The number of files can be from 2 through 1000 files. The file size of each file can be from
10 KB through 1 gigabyte (GB).
Configuring Access to the Log File
By default, log files can be accessed only by the user who configured the tracing operation.
To specify that any user can read all log files, include the file world-readable statement
at the [edit snmp traceoptions] hierarchy level:
[edit snmp traceoptions]
file world-readable;
To explicitly set the default behavior, include the file no-world-readable statement at the
[edit snmp traceoptions] hierarchy level:
[edit snmp traceoptions]
file no-world-readable;
Configuring a Regular Expression for Lines to Be Logged
By default, the trace operation output includes all lines relevant to the logged activities.
392
Copyright © 2014, Juniper Networks, Inc.
Chapter 22: Monitoring Tasks
You can refine the output by including the match statement at the [edit snmp traceoptions
file filename] hierarchy level and specifying a regular expression (regex) to be matched:
[edit snmp traceoptions]
file filename match regular-expression;
Configuring the Trace Operations
By default, only important activities are logged. You can specify which trace operations
are to be logged by including the following flag statement (with one or more tracing
flags) at the [edit snmp traceoptions] hierarchy level:
[edit snmp traceoptions]
flag {
all;
configuration;
database;
events;
general;
interface-stats;
nonvolatile-sets;
pdu;
policy;
protocol-timeouts;
routing-socket;
server;
subagent;
timer;
varbind-error;
}
Table 41 on page 393 describes the meaning of the SNMP tracing flags.
Table 41: SNMP Tracing Flags
Flag
Description
Default Setting
all
Log all operations.
Off
configuration
Log reading of the configuration at the
[edit snmp] hierarchy level.
Off
database
Log events involving storage and retrieval in the
events database.
Off
events
Log important events.
Off
general
Log general events.
Off
interface-stats
Log physical and logical interface statistics.
Off
nonvolatile-set
Log nonvolatile SNMP set request handling.
Off
pdu
Log SNMP request and response packets.
Off
Copyright © 2014, Juniper Networks, Inc.
393
Network Management and Monitoring on the QFX Series
Table 41: SNMP Tracing Flags (continued)
Flag
Description
Default Setting
policy
Log policy processing.
Off
protocol-timeouts
Log SNMP response timeouts.
Off
routing-socket
Log routing socket calls.
Off
server
Log communication with processes that are
generating events.
Off
subagent
Log subagent restarts.
Off
timer
Log internal timer events.
Off
varbind-error
Log variable binding errors.
Off
To display the end of the log for an agent, issue the show log agentd | last operational
mode command:
[edit]
user@host# run show log agentd | last
where agent is the name of an SNMP agent.
Related
Documentation
•
Configuring SNMP on a Device Running Junos OS
•
Configuration Statements at the [edit snmp] Hierarchy Level
•
Example: Tracing SNMP Activity
•
Configuring SNMP on page 165
Using the Enterprise-Specific Utility MIB to Enhance SNMP Coverage
Even though the Junos OS has built-in performance metrics and monitoring options, you
might need to have customized performance metrics. To make it easier for you to monitor
such customized data through a standard monitoring system, the Junos OS provides you
with an enterprise-specific Utility MIB that can store such data and thus extend SNMP
support for managing and monitoring the data of your choice.
The enterprise-specific Utility MIB provides you with container objects of the following
types: 32-bit counters, 64-bit counters, signed integers, unsigned integers, and octet strings.
You can use these container MIB objects to store the data that are otherwise not
supported for SNMP operations. You can populate data for these objects either by using
CLI commands or with the help of Op scripts and an RPC API that can invoke the CLI
commands.
394
Copyright © 2014, Juniper Networks, Inc.
Chapter 22: Monitoring Tasks
The following CLI commands enable you to set and clear Utility MIB object values:
•
request snmp utility-mib set instance name object-type <counter | counter 64 | integer
| string | unsigned integer> object-value value
•
request snmp utility-mib clear instance name object-type <counter | counter 64 | integer
| string | unsigned integer>
The instance name option of the request snmp utility-mib <set | clear> command specifies
the name of the data instance and is the main identifier of the data. The object-type
<counter | counter 64 | integer | string | unsigned integer> option enables you specify the
object type, and the object-value value option enables you to set the value of the object.
To automate the process of populating Utility MIB data, you can use a combination of
an event policy and event script. The following examples show the configuration for an
event policy to run show system buffers every hour and to store the show system buffers
data in Utility MIB objects by running an event script (check-mbufs.slax).
Event Policy
Configuration
To configure an event policy that runs the show system buffers command every hour and
invokes check-mbufs.slax to store the show system buffers data into Utility MIB objects,
include the following statements at the [edit] hierarchy level:
event-options {
generate-event {
1-HOUR time-interval 3600;
}
policy MBUFS {
events 1-HOUR;
then {
event-script check-mbufs.slax; # script stored at /var/db/scripts/event/
}
}
event-script {
file check-mbufs.slax;
}
}
check-mbufs.slax
Script
The following example shows the check-mbufs.slax script that is stored under
/var/db/scripts/event/:
------ script START -----version 1.0;
ns
ns
ns
ns
junos
xnm =
jcs =
ext =
= "http://xml.juniper.net/junos/*/junos";
"http://xml.juniper.net/xnm/1.1/xnm";
"http://xml.juniper.net/junos/commit-scripts/1.0";
"http://xmlsoft.org/XSLT/namespace";
match / {
<op-script-results>{
var $cmd = <command> "show system buffers";
var $out = jcs:invoke($cmd);
var $lines = jcs:break_lines($out);
for-each ($lines) {
if (contains(., "current/peak/max")) {
Copyright © 2014, Juniper Networks, Inc.
395
Network Management and Monitoring on the QFX Series
var $pattern = "([0-9]+)/([0-9]+)/([0-9]+) mbufs";
var $split = jcs:regex($pattern, .);
var $result = $split[2];
var $rpc = <request-snmp-utility-mib-set> {
<object-type> "integer";
<instance> "current-mbufs";
<object-value> $result;
}
var $res = jcs:invoke($rpc);
}
}
}
}
------ script END ------
You can run the following command to check the data stored in the Utility MIB as a result
of the event policy and script shown in the preceding examples:
user@host> show snmp mib walk jnxUtilData ascii jnxUtilIntegerValue."current-mbufs"
= 0 jnxUtilIntegerTime."current-mbufs" = 07 da 05 0c 03 14 2c 00 2d 07 00
regress@caramels>
NOTE: The show snmp mib walk command is not available on the QFabric
system, but you can use external SNMP client applications to perform this
operation.
Related
Documentation
•
Understanding the Implementation of SNMP on the QFabric System on page 62
Displaying Commit Script Output
Table 42 on page 396 summarizes the Junos OS command-line interface (CLI) commands
you can use to monitor and troubleshoot commit scripts. For more information about
the cscript.log file, see Tracing Commit Script Processing.
NOTE: Tracing commit script processing, including the cscript.log file, is not
supported on the QFX3000-G QFabric system.
Table 42: Commit Script Configuration and Operational Mode Commands
Task
Command
Configuration Mode Commands
396
Display errors and warnings generated
by commit scripts.
commit or commit check
Display detailed information.
commit | display detail
Display the underlying Extensible
Markup Language (XML) data.
commit | display xml
Copyright © 2014, Juniper Networks, Inc.
Chapter 22: Monitoring Tasks
Table 42: Commit Script Configuration and Operational Mode
Commands (continued)
Task
Command
Display the postinheritance contents
of the configuration database. This
view includes transient changes, but
does not include changes made in
configuration groups.
show | display commit-scripts
Display the postinheritance contents
of the configuration database. This
view excludes transient changes.
show | display commit-scripts no-transients
Display the postinheritance
configuration in XML format.
show | display commit-scripts view
Viewing the configuration in XML
format can be helpful when you are
writing XML Path Language (XPath)
expressions and configuration element
tags.
Display the postinheritance
configuration in XML format, but
exclude transient changes.
show |
display commit-scripts view |
display commit-scripts no-transients
Display all configuration groups data,
including script-generated changes to
the groups.
show groups | display commit-scripts
Display a particular configuration
group, including script-generated
changes to the group.
show groups group-name | display commit-scripts
Operational Mode Commands
Related
Documentation
•
Display logging data associated with
all commit script processing.
show log cscript.log
Display processing for only the most
recent commit operation.
show log cscript.log | last
Display processing for script errors.
show log cscript.log | match error
Display processing for a particular
script.
show log cscript.log | match filename
Tracing Commit Script Processing
Copyright © 2014, Juniper Networks, Inc.
397
Network Management and Monitoring on the QFX Series
398
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 23
Commands for General Monitoring
•
monitor traffic
•
ping
Copyright © 2014, Juniper Networks, Inc.
399
Network Management and Monitoring on the QFX Series
monitor traffic
Syntax
Release Information
Description
monitor traffic
<brief | detail | extensive>
<absolute-sequence>
<count count>
<interface interface-name>
<layer2-headers>
<matching matching>
<no-domain-names>
<no-promiscuous>
<no-resolve>
<no-timestamp>
<print-ascii>
<print-hex>
<resolve-timeout>
<size size>
Command introduced before Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Display packet headers or packets received and sent from the Routing Engine.
NOTE:
•
Using the monitor-traffic command can degrade router or switch
performance.
•
Delays from DNS resolution can be eliminated by using the no-resolve
option.
NOTE: This command is not supported on the QFabric system.
Options
none—(Optional) Display packet headers transmitted through fxp0. On a TX Matrix Plus
router, display packet headers transmitted through em0.
brief | detail | extensive—(Optional) Display the specified level of output.
absolute-sequence—(Optional) Display absolute TCP sequence numbers.
count count—(Optional) Specify the number of packet headers to display (0 through
1,000,000). The monitor traffic command quits automatically after displaying the
number of packets specified.
400
Copyright © 2014, Juniper Networks, Inc.
Chapter 23: Commands for General Monitoring
interface interface-name—(Optional) Specify the interface on which the monitor traffic
command displays packet data. If no interface is specified, the monitor traffic
command displays packet data arriving on the lowest-numbered interface.
layer2-headers—(Optional) Display the link-level header on each line.
matching matching—(Optional) Display packet headers that match a regular expression.
Use matching expressions to define the level of detail with which the monitor traffic
command filters and displays packet data.
no-domain-names—(Optional) Suppress the display of the domain portion of hostnames.
With the no-domain-names option enabled, the monitor traffic command displays
only team for the hostname team.company.net.
no-promiscuous—(Optional) Do not put the interface into promiscuous mode.
no-resolve—(Optional) Suppress reverse lookup of the IP addresses.
no-timestamp—(Optional) Suppress timestamps on displayed packets.
print-ascii—(Optional) Display each packet in ASCII format.
print-hex—(Optional) Display each packet, except the link-level header, in hexadecimal
format.
resolve-timeout timeout—(Optional) Amount of time the router or switch waits for each
reverse lookup before timing out. You can set the timeout for 1 through 4,294,967,295
seconds. The default is 4 seconds. To display each packet, use the print-ascii,
print-hex, or extensive option.
size size—(Optional) Read but do not display up to the specified number of bytes for
each packet. When set to brief output, the default packet size is 96 bytes and is
adequate for capturing IP, ICMP, UDP, and TCP packet data. When set to detail and
extensive output, the default packet size is 1514. The monitor traffic command
truncates displayed packets if the matched data exceeds the configured size.
Additional Information
In the monitor traffic command, you can specify an expression to match by using the
matching option and including the expression in quotation marks:
monitor traffic matching "expression"
Replace expression with one or more of the match conditions listed in Table 43 on page 402.
Copyright © 2014, Juniper Networks, Inc.
401
Network Management and Monitoring on the QFX Series
Table 43: Match Conditions for the monitor traffic Command
Match Type
Condition
Description
Entity
host [address | hostname]
Matches packets that contain the specified
address or hostname.
The protocol match conditions arp, ip, or rarp,
or any of the directional match conditions can
be prepended to the host match condition.
net address
Matches packets with source or destination
addresses containing the specified network
address.
net address mask mask
Matches packets containing the specified
network address and subnet mask.
port (port-number | port-name)
Matches packets containing the specified
source or destination TCP or UDP port
number or port name.
In place of the numeric port address, you can
specify a text synonym, such as bgp (179),
dhcp (67), or domain (53) (the port numbers
are also listed).
Directional
Packet Length
402
dst
Matches packets going to the specified
destination. This match condition can be
prepended to any of the entity type match
conditions.
src
Matches packets from a specified source.
This match condition can be prepended to
any of the entity type match conditions.
src and dst
Matches packets that contain the specified
source and destination addresses. This match
condition can be prepended to any of the
entity type match conditions.
src or dst
Matches packets containing either of the
specified addresses. This match condition
can be prepended to any of the entity type
match conditions.
less value
Matches packets shorter than or equal to the
specified value, in bytes.
greater value
Matches packets longer than or equal to the
specified value, in bytes.
Copyright © 2014, Juniper Networks, Inc.
Chapter 23: Commands for General Monitoring
Table 43: Match Conditions for the monitor traffic Command (continued)
Match Type
Condition
Description
Protocol
amt
Matches all AMT packets. Use the extensive
level of output to decode the inner IGMP
packets in addition to the AMT outer packet.
arp
Matches all ARP packets.
ether
Matches all Ethernet packets.
ether (broadcast | multicast)
Matches broadcast or multicast Ethernet
frames. This match condition can be
prepended withsrc and dst.
ether protocol (address | (arp | ip | rarp))
Matches packets with the specified Ethernet
address or Ethernet packets of the specified
protocol type. The ether protocol arguments
arp, ip, and rarp are also independent match
conditions, so they must be preceded by a
backslash (\) when used in the ether protocol
match condition.
icmp
Matches all ICMP packets.
ip
Matches all IP packets.
ip (broadcast | multicast)
Matches broadcast or multicast IP packets.
ip protocol (address | (icmp | igrp | tcp | udp))
Matches packets with the specified address
or protocol type. The ip protocol arguments
icmp, tcp, and udp are also independent
match conditions, so they must be preceded
by a backslash (\) when used in the ip
protocol match condition.
isis
Matches all IS-IS routing messages.
rarp
Matches all RARP packets.
tcp
Matches all TCP datagrams.
udp
Matches all UDP datagrams.
To combine expressions, use the logical operators listed in Table 44 on page 403.
Table 44: Logical Operators for the monitor traffic Command
Logical Operator (Highest to Lowest Precedence)
Description
!
Logical NOT. If the first condition does not match, the next condition
is evaluated.
Copyright © 2014, Juniper Networks, Inc.
403
Network Management and Monitoring on the QFX Series
Table 44: Logical Operators for the monitor traffic Command (continued)
Logical Operator (Highest to Lowest Precedence)
Description
&&
Logical AND. If the first condition matches, the next condition is
evaluated. If the first condition does not match, the next condition is
skipped.
||
Logical OR. If the first condition matches, the next condition is skipped.
If the first condition does not match, the next condition is evaluated.
()
Group operators to override default precedence order. Parentheses are
special characters, each of which must be preceded by a backslash
(\).
You can use relational operators to compare arithmetic expressions composed of integer
constants, binary operators, a length operator, and special packet data accessors. The
arithmetic expression matching condition uses the following syntax:
monitor traffic matching "ether[0] & 1 != 0""arithmetic_expression relational_operator
arithmetic_expression"
The packet data accessor uses the following syntax:
protocol [byte-offset <size>]
The optional size field represents the number of bytes examined in the packet header.
The available values are 1, 2, or 4 bytes. The following sample command captures all
multicast traffic:
user@host> monitor traffic matching "ether[0] & 1 != 0"
To specify match conditions that have a numeric value, use the arithmetic and relational
operators listed in Table 45 on page 405.
NOTE: Because the Packet Forwarding Engine removes Layer 2 header
information before sending packets to the Routing Engine:
404
•
The monitor traffic command cannot apply match conditions to inbound
traffic.
•
The monitor traffic interface command also cannot apply match conditions
for Layer 3 and Layer 4 packet data, resulting in the match pipe option (|
match) for this command for Layer 3 and Layer 4 packets not working
either. Therefore, ensure that you specify match conditions as described
in this command summary. For more information about match conditions,
see Table 43 on page 402.
•
The 802.1Q VLAN tag information included in the Layer 2 header is removed
from all inbound traffic packets. Because the monitor traffic interface ae[x]
command for aggregated Ethernet interfaces (such as ae0) only shows
inbound traffic data, the command does not show VLAN tag information
in the output.
Copyright © 2014, Juniper Networks, Inc.
Chapter 23: Commands for General Monitoring
Table 45: Arithmetic and Relational Operators for the monitor traffic
Command
Arithmetic or Relational
Operator
Description
Arithmetic Operator
+
Addition operator.
-
Subtraction operator.
/
Division operator.
&
Bitwise AND.
*
Bitwise exclusive OR.
|
Bitwise inclusive OR.
Relational Operator (Highest to Lowest Precedence)
Required Privilege
Level
List of Sample Output
Output Fields
<=
If the first expression is less than or equal to the second, the packet
matches.
>=
If the first expression is greater than or equal to the second, the
packet matches.
<
If the first expression is less than the second, the packet matches.
>
If the first expression is greater than the second, the packet matches.
=
If the compared expressions are equal, the packet matches.
!=
If the compared expressions are unequal, the packet matches.
trace
maintenance
monitor traffic count on page 406
monitor traffic detail count on page 406
monitor traffic extensive (Absolute Sequence) on page 406
monitor traffic extensive (Relative Sequence) on page 406
monitor traffic extensive count on page 406
monitor traffic interface on page 407
monitor traffic matching on page 407
monitor traffic (TX Matrix Plus Router) on page 407
monitor traffic (QFX3500 Switch) on page 408
When you enter this command, you are provided feedback on the status of your request.
Copyright © 2014, Juniper Networks, Inc.
405
Network Management and Monitoring on the QFX Series
Sample Output
monitor traffic count
user@host> monitor traffic count 2
listening on fxp0
04:35:49.814125 In my-server.home.net.1295 > my-server.work.net.telnet: . ack
4122529478 win 16798 (DF)
04:35:49.814185
Out my-server.work.net.telnet > my-server.home.net.1295: P
1:38(37) ack 0 win 17680 (DF) [tos 0x10]
monitor traffic detail count
user@host> monitor traffic detail count 2
listening on fxp0
04:38:16.265864 In my-server.home.net.1295 > my-server.work.net.telnet: . ack
4122529971 win 17678 (DF) (ttl 121, id 6812)
04:38:16.265926
Out my-server.work.net.telnet.telnet > my-server.home.net.1295: P 1:38(37) ack 0
win 17680 (DF) [tos 0x10] (ttl 6)
monitor traffic extensive (Absolute Sequence)
user@host> monitor traffic extensive no-domain-names no-resolve no-timestamp count 20
matching "tcp" absolute-sequence
listening on fxp0
In 207.17.136.193.179 > 192.168.4.227.1024: . 4042780859:4042780859(0)
ack 1845421797 win 16384 <nop,nop,timestamp 4935628 965951> [tos 0xc0] (ttl )
In 207.17.136.193.179 > 192.168.4.227.1024: P 4042780859:4042780912(53)
ack 1845421797 win 16384
<nop,nop,timestamp 4935628 965951>:
BGP [|BGP UPDAT)
In 192.168.4.227.1024 > 207.17.136.193.179:
P 1845421797:1845421852(55) ack 4042780912 win 16384 <nop,nop,timestamp 965951
4935628>: BGP [|BGP UPDAT)
...
monitor traffic extensive (Relative Sequence)
user@host> monitor traffic extensive no-domain-names no-resolve no-timestamp count 20
matching "tcp"
listening on fxp0
In 172.24.248.221.1680 > 192.168.4.210.23: . 396159737:396159737(0)
ack 1664980689 win 17574 (DF) (ttl 121, id 50003)
Out 192.168.4.210.23 > 172.24.248.221.1680: P 1:40(39)
ack 0 win 17680 (DF) [tos 0x10] (ttl 64, id 5394)
In 207.17.136.193.179 > 192.168.4.227.1024: P 4042775817:4042775874(57)
ack 1845416593 win 16384 <nop,nop,timestamp 4935379 965690>: BGP [|BGP UPDAT)
...
monitor traffic extensive count
user@host> monitor traffic extensive count 5 no-domain-names no-resolve
listening on fxp013:18:17.406933
In 192.168.4.206.2723610880 > 172.17.28.8.2049:
40 null (ttl 64, id 38367)13:18:17.407577
In 172.17.28.8.2049 > 192.168.4.206.2723610880:
406
Copyright © 2014, Juniper Networks, Inc.
Chapter 23: Commands for General Monitoring
reply ok 28 null (ttl 61, id 35495)13:18:17.541140
In 0:e0:1e:42:9c:e0 0:e0:1e:42:9c:e0 9000 60:
0000 0100 0000 0000
0000 0000 0000 0000
0000 0000 0000 0000
0000 0000 0000 0000
0000 0000 0000 0000
0000 0000 000013:18:17.591513
In 172.24.248.156.4139 > 192.168.4.210.23:
3556964918:3556964918(0)
ack 295526518 win 17601 (DF)
(ttl 121, id 14)13:18:17.591568
Out 192.168.4.210.23 >
172.24.248.156.4139: P 1:40(39)
ack 0 win 17680 (DF) [tos 0x10]
(ttl 64, id 52376)
monitor traffic interface
user@host> monitor traffic interface fxp0
listening on fxp0.0
18:17:28.800650 In server.home.net.723 > host1-0.lab.home.net.log
18:17:28.800733 Out host2-0.lab.home.net.login > server.home.net.7
18:17:28.817813 In host30.lab.home.net.syslog > host40.home0
18:17:28.817846 In host30.lab.home.net.syslog > host40.home0
...
monitor traffic matching
user@host> monitor traffic matching "net 192.168.1.0/24"
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on fxp0, capture size 96 bytes
Reverse lookup for 192.168.1.255 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use no-resolve to avoid reverse lookups on IP addresses.
21:55:54.003511 In IP truncated-ip - 18 bytes missing!
192.168.1.17.netbios-ns > 192.168.1.255.netbios-ns: UDP, length 50
21:55:54.003585 Out IP truncated-ip - 18 bytes missing!
192.168.1.17.netbios-ns > 192.168.1.255.netbios-ns: UDP, length 50
21:55:54.003864 In arp who-has 192.168.1.17 tell 192.168.1.9
...
monitor traffic (TX Matrix Plus Router)
user@host> monitor traffic
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on em0, capture size 96 bytes
04:11:59.862121 Out IP truncated-ip - 25 bytes missing!
summit-em0.englab.juniper.net.syslog > sv-log-01.englab.juniper.net.syslog:
SYSLOG kernel.info, length: 57
04:11:59.862303
Out IP truncated-ip - 25 bytes missing!
summit-em0.englab.juniper.net.syslog >
sv-log-02.englab.juniper.net.syslog: SYSLOG kernel.info, length: 57
04:11:59.923948
In IP aj-em0.englab.juniper.net.65235 >
Copyright © 2014, Juniper Networks, Inc.
407
Network Management and Monitoring on the QFX Series
summit-em0.englab.juniper.net.telnet: .
ack 1087492766 win 33304 <nop,nop,timestamp 42366734 993490>
04:11:59.923983 Out IP truncated-ip - 232 bytes missing!
summit-em0.englab.juniper.net.telnet > aj-em0.englab.juniper.net.65235: P
1:241(240) ack 0 win 33304
<nop,nop,timestamp 993590 42366734>
04:12:00.022900
In IP aj-em0.englab.juniper.net.65235 >
summit-em0.englab.juniper.net.telnet: . ack 241 win 33304 <nop,nop,timestamp
42366834 993590>
04:12:00.141204
In IP truncated-ip - 40 bytes missing!
ipg-lnx-shell1.juniper.net.46182 > summit-em0.englab.juniper.net.telnet: P
2950530356:2950530404(48) ack 485494987 win 63712
<nop,nop,timestamp 1308555294 987086>
04:12:00.141345
Out IP summit-em0.englab.juniper.net.telnet >
ipg-lnx-shell1.juniper.net.46182: P 1:6(5)
ack 48 win 33304
<nop,nop,timestamp 993809 1308555294>
04:12:00.141572
In IP ipg-lnx-shell1.juniper.net.46182 >
summit-em0.englab.juniper.net.telnet: .
ack 6 win 63712
<nop,nop,timestamp 1308555294 993809>
04:12:00.141597
Out IP summit-em0.englab.juniper.net.telnet >
ipg-lnx-shell1.juniper.net.46182: P 6:10(4) ack 48 win 33304
<nop,nop,timestamp 993810 1308555294>
04:12:00.141821
In IP ipg-lnx-shell1.juniper.net.46182 >
summit-em0.englab.juniper.net.telnet: .
ack 10 win 63712 <nop,nop,timestamp 1308555294 993810>
04:12:00.141837 Out IP truncated-ip - 2 bytes missing!
summit-em0.englab.juniper.net.telnet >
ipg-lnx-shell1.juniper.net.46182: P 10:20(10) ack 48 win 33304
<nop,nop,timestamp 993810 1308555294>
04:12:00.142072
In IP ipg-lnx-shell1.juniper.net.46182 >
summit-em0.englab.juniper.net.telnet: . ack 20 win 63712
<nop,nop,timestamp 1308555294 993810>
04:12:00.142089 Out IP summit-em0.englab.juniper.net.telnet >
ipg-lnx-shell1.juniper.net.46182: P 20:28(8) ack 48 win 33304 <nop,nop,timestamp
993810 1308555294>
04:12:00.142321
In IP ipg-lnx-shell1.juniper.net.46182 >
summit-em0.englab.juniper.net.telnet: .
ack 28 win 63712 <nop,nop,timestamp 1308555294 993810>
04:12:00.142337
Out IP truncated-ip - 1 bytes missing!
summit-em0.englab.juniper.net.telnet >
ipg-lnx-shell1.juniper.net.46182: P 28:37(9) ack 48 win 33304 <nop,nop,timestamp
993810 1308555294>
...
monitor traffic (QFX3500 Switch)
user@switch> monitor traffic
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
408
Copyright © 2014, Juniper Networks, Inc.
Chapter 23: Commands for General Monitoring
Listening on me4, capture size 96 bytes
Reverse lookup for 172.22.16.246 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use <no-resolve> to avoid reverse lookups on IP addresses.
16:35:32.240873 Out IP truncated-ip - 112 bytes missing!
labqfx-me0.lab4.juniper.net.ssh >
172.22.16.246.telefinder: P 4200727624:4200727756(132) ack 2889954831 win 65535
16:35:32.240900 Out IP truncated-ip - 176 bytes missing!
labqfx-me0.lab4.juniper.net.ssh >
172.22.16.246.telefinder: P 132:328(196) ack 1 win 65535
...
Copyright © 2014, Juniper Networks, Inc.
409
Network Management and Monitoring on the QFX Series
ping
Syntax
ping host
<bypass-routing>
<count requests>
<detail>
<do-not-fragment>
<inet | inet6>
<interface source-interface>
<interval seconds>
<logical-system logical-system-name>
<loose-source value>
<mac-address mac-address>
<no-resolve>
<pattern string>
<rapid>
<record-route>
<routing-instance routing-instance-name>
<size bytes>
<source source-address>
<strict >
<strict-source value.>
<tos type-of-service>
<ttl value>
<verbose>
<vpls instance-name>
<wait seconds>
Syntax (QFX Series)
ping host
<bypass-routing>
<count requests>
<detail>
<do-not-fragment>
<inet>
<interface source-interface>
<interval seconds>
<logical-system logical-system-name>
<loose-source value>
<mac-address mac-address>
<no-resolve>
<pattern string>
<rapid>
<record-route>
<routing-instance routing-instance-name>
<size bytes>
<source source-address>
<strict>
< strict-source value>
<tos type-of-service>
<ttl value>
<verbose>
<wait seconds>
Release Information
Command introduced before Junos OS Release 7.4.
410
Copyright © 2014, Juniper Networks, Inc.
Chapter 23: Commands for General Monitoring
Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Description
Options
Check host reachability and network connectivity. The ping command sends Internet
Control Message Protocol (ICMP) ECHO_REQUEST messages to elicit ICMP
ECHO_RESPONSE messages from the specified host. Press Ctrl+c to interrupt a ping
command.
host—IP address or hostname of the remote system to ping.
bypass-routing—(Optional) Bypass the normal routing tables and send ping requests
directly to a system on an attached network. If the system is not on a directly attached
network, an error is returned. Use this option to ping a local system through an
interface that has no route through it.
count requests—(Optional) Number of ping requests to send. The range of values is 1
through 2,000,000,000. The default value is an unlimited number of requests.
detail—(Optional) Include in the output the interface on which the ping reply was received.
do-not-fragment—(Optional) Set the do-not-fragment (DF) flag in the IP header of the
ping packets. For IPv6 packets, this option disables fragmentation.
NOTE: In Junos OS Release 11.1 and later, when issuing the ping command
for an IPv6 route with the do-not-fragment option, the maximum ping
packet size is calculated by subtracting 48 bytes (40 bytes for the IPV6
header and 8 bytes for the ICMP header) from the MTU. Therefore, if the
ping packet size (including the 48-byte header) is greater than the MTU,
the ping operation might fail.
inet—(Optional) Ping Packet Forwarding Engine IPv4 routes.
inet6—(Optional) Ping Packet Forwarding Engine IPv6 routes.
interface source-interface—(Optional) Interface to use to send the ping requests.
interval seconds—(Optional) How often to send ping requests. The range of values, in
seconds, is 1 through infinity. The default value is 1.
logical-system logical-system-name—(Optional) Name of logical system from which to
send the ping requests.
Alternatively, enter the set cli logical-system logical-system-name command and
then run the ping command. To return to the main router or switch, enter the clear
cli logical-system command.
loose-source value—(Optional) Intermediate loose source route entry (IPv4). Open a set
of values.
Copyright © 2014, Juniper Networks, Inc.
411
Network Management and Monitoring on the QFX Series
mac-address mac-address—(Optional) Ping the physical or hardware address of the
remote system you are trying to reach.
no-resolve—(Optional) Do not attempt to determine the hostname that corresponds to
the IP address.
pattern string—(Optional) Specify a hexadecimal fill pattern to include in the ping packet.
rapid—(Optional) Send ping requests rapidly. The results are reported in a single message,
not in individual messages for each ping request. By default, five ping requests are
sent before the results are reported. To change the number of requests, include the
count option.
record-route—(Optional) Record and report the packet’s path (IPv4).
routing-instance routing-instance-name—(Optional) Name of the routing instance for the
ping attempt.
size bytes—(Optional) Size of ping request packets. The range of values, in bytes, is 0
through 65,468. The default value is 56, which is effectively 64 bytes because 8
bytes of ICMP header data are added to the packet.
source source-address—(Optional) IP address of the outgoing interface. This address is
sent in the IP source address field of the ping request. If this option is not specified,
the default address is usually the loopback interface (lo.0).
strict—(Optional) Use the strict source route option (IPv4).
strict-source value—(Optional) Intermediate strict source route entry (IPv4). Open a set
of values.
tos type-of-service—(Optional) Set the type-of-service (ToS) field in the IP header of the
ping packets. The range of values is 0 through 255.
If the device configuration includes the dscp-code-point value statement at the [edit
class-of-service host-outbound-traffic] hierarchy level, the configured DSCP value
overrides the value specified in this command option. In this case, the ToS field of
ICMP echo request packets sent on behalf of this command carries the DSCP value
specified in the dscp-code-point configuration statement instead of the value you
specify in this command option.
ttl value—(Optional) Time-to-live (TTL) value to include in the ping request (IPv6). The
range of values is 0 through 255.
verbose—(Optional) Display detailed output.
vpls instance-name—(Optional) Ping the instance to which this VPLS belongs.
wait seconds—(Optional) Maximum wait time, in seconds, after the final packet is sent.
If this option is not specified, the default delay is 10 seconds. If this option is used
without the count option, a default count of 5 packets is used.
412
Copyright © 2014, Juniper Networks, Inc.
Chapter 23: Commands for General Monitoring
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
network
•
Configuring the Junos OS ICMPv4 Rate Limit for ICMPv4 Routing Engine Messages
ping hostname on page 413
ping hostname rapid on page 413
ping hostname size count on page 413
When you enter this command, you are provided feedback on the status of your request.
An exclamation point (!) indicates that an echo reply was received. A period (.) indicates
that an echo reply was not received within the timeout period. An x indicates that an
echo reply was received with an error code. These packets are not counted in the received
packets count. They are accounted for separately.
Sample Output
ping hostname
user@host> ping skye
PING skye.net (192.168.169.254): 56 data bytes
64 bytes from 192.168.169.254: icmp_seq=0 ttl=253
64 bytes from 192.168.169.254: icmp_seq=1 ttl=253
64 bytes from 192.168.169.254: icmp_seq=2 ttl=253
64 bytes from 192.168.169.254: icmp_seq=3 ttl=253
64 bytes from 192.168.169.254: icmp_seq=4 ttl=253
64 bytes from 192.168.169.254: icmp_seq=5 ttl=253
^C [abort]
time=1.028
time=1.053
time=1.025
time=1.098
time=1.032
time=1.044
ms
ms
ms
ms
ms
ms
ping hostname rapid
user@host> ping skye rapid
PING skye.net (192.168.169.254): 56 data bytes
!!!!!
--- skye.net ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.956/0.974/1.025/0.026 ms
ping hostname size count
user@host> ping skye size 200 count 5
PING skye.net (192.168.169.254): 200 data bytes
208 bytes from 192.168.169.254: icmp_seq=0 ttl=253
208 bytes from 192.168.169.254: icmp_seq=1 ttl=253
208 bytes from 192.168.169.254: icmp_seq=2 ttl=253
208 bytes from 192.168.169.254: icmp_seq=3 ttl=253
208 bytes from 192.168.169.254: icmp_seq=4 ttl=253
time=1.759 ms
time=2.075 ms
time=1.843 ms
time=1.803 ms
time=17.898 ms
--- skye.net ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.759/5.075/17.898 ms
Copyright © 2014, Juniper Networks, Inc.
413
Network Management and Monitoring on the QFX Series
414
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 24
Commands for Network Analytics
•
monitor start (Analytics)
•
show analytics collector
•
show analytics configuration
•
show analytics queue-statistics
•
show analytics status
•
show analytics streaming-servers
•
show analytics traffic-statistics
Copyright © 2014, Juniper Networks, Inc.
415
Network Management and Monitoring on the QFX Series
monitor start (Analytics)
Syntax
Release Information
Description
monitor start filename
Command introduced in Junos OS Release 13.2 for the QFX Series.
Start the display of the queue statistics or traffic statistics file if you had enabled queue
or traffic monitoring on your device. The output is displayed in the JavaScript Object
Notation (JSON) format.
NOTE: This topic describes the local file output in Junos OS Release
13.2X50-D15 and 13.2X51-D10 only. For information about 13.2X51-D15 and
later, see “Understanding Enhanced Analytics Local File Output” on page 49
Options
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
filename—Name of the queue statistics or traffic statistics file.
trace
•
Network Analytics Overview on page 33
•
analytics on page 237
monitor start Using the Queue Statistics File (Junos OS Release
13.2X51-D10) on page 417
monitor start Using the Queue Statistics File (Junos OS Release
13.2X50-D15) on page 418
monitor start Using the Traffic Statistics File (Junos OS Release
13.2X51-D10) on page 418
monitor start Using the Traffic Statistics File (Junos OS Release
13.2X50-D15) on page 418
Table 46 on page 416 describes the output fields for the monitor start command. Output
fields are listed in the approximate order in which they appear.
Table 46: monitor start Command Output Fields
Field
Description
hostname (used in Junos OS
Release 13.2X50-D15 only)
Name of the network analytics host device.
record type
Type of statistics. May be queue statistics or traffic statistics.
time
Time at which the statistics were captured.
router-id
ID of the network analytics host device.
416
Copyright © 2014, Juniper Networks, Inc.
Chapter 24: Commands for Network Analytics
Table 46: monitor start Command Output Fields (continued)
Field
Description
latency
For queue statistics only. Traffic queue latency in milliseconds.
port
Name of the physical port configured for network analytics.
queue depth
For queue statistics only. Depth of the traffic queue in bytes.
rxpkt
For traffic statistics monitoring only. Total packets received.
rxpps
For traffic statistics monitoring only. Total packets received per second.
rxbyte
For traffic statistics monitoring only. Total bytes received.
rxbps
For traffic statistics monitoring only. Total bytes received per second.
rxdrop
For traffic statistics monitoring only. Total incoming packets dropped.
rxerr
For traffic statistics monitoring only. Total packets with errors.
rxutil (in Junos OS Release
13.2X50-D15 only)
For traffic statistics monitoring only. Total percent of traffic utilization for incoming traffic.
txpkt
For traffic statistics monitoring only. Total packets transmitted.
txpps
For traffic statistics monitoring only. Total packets transmitted per second.
txbyte
For traffic statistics monitoring only. Total bytes transmitted.
txbps
For traffic statistics monitoring only. Total bytes transmitted per second.
txdrop
For traffic statistics monitoring only. Total transmitted bytes dropped.
txerr
For traffic statistics monitoring only. Total transmitted packets with errors (dropped).
txutil (in Junos OS Release
13.2X50-D15 only)
For traffic statistics monitoring only. Total percent of traffic utilization for outgoing traffic.
Sample Output
monitor start Using the Queue Statistics File (Junos OS Release 13.2X51-D10)
user@host> monitor start analytics.qs
{"record-type":"queue-stats","time":"2013 Nov 3 4:40:42.840",
"router-id":"qfx5100-switch","port":"xe-0/0/18","latency":0,"queue-depth":208}
{"record-type":"queue-stats","time":"2013 Nov 3 4:40:44.887",
"router-id":"qfx5100-switch","port":"xe-0/0/18","latency": 1110,"queue-depth":
1387568}
Copyright © 2014, Juniper Networks, Inc.
417
Network Management and Monitoring on the QFX Series
monitor start Using the Queue Statistics File (Junos OS Release 13.2X50-D15)
user@host> monitor start analytics.qs
{"hostname":"sw-la-pb-03","latency":566,"port":xe-0/0/9,"queue depth":708656,
"record type":"queue-stats","time":"Apr 11 20:18:40.329"}
Sample Output
monitor start Using the Traffic Statistics File (Junos OS Release 13.2X51-D10)
user@host> monitor start analytics.ts
{"record-type":"traffic-stats","time":"2013 Nov 3 4:39:53.910",
"router-id":"qfx5100-switch","port":"xe-0/0/18","rxpkt":23193749091,"rxpps":8299889,
"rxbyte":2968799876957,"rxbps":824002992,"rxdrop":0,"rxerr":0,"txpkt":1029323986,
"txpps":82671,"txbyte":131753470470,"txbps":85598256,"txdrop":0,"txerr":0}
monitor start Using the Traffic Statistics File (Junos OS Release 13.2X50-D15)
user@host> monitor start analytics.ts
{"hostname":"sw-la-pb-03","port":"xe-0/0/9","record type":"traffic-statistics",
"time":"Apr 11 20:13:48.545", "rxpkt":601024640, "rxpps": 840315,
"rxbyte":76931153920,
"rxbps":863997032, "rxdrop":0, "rxerr":0, "rxutil":8.32,"txpkt":336551380309,
"txpps":405395,"txbyte":23369872265951,"txbps":3240000976,"txdrop":1010566660824,
"txerr":69920099883860,"txutil":32.76}
418
Copyright © 2014, Juniper Networks, Inc.
Chapter 24: Commands for Network Analytics
show analytics collector
Syntax
Release Information
Description
show analytics collector
Command introduced in Junos OS Release 13.2 for the QFX Series.
Show the list of network analytics remote collectors and related information. Remote
collectors can be configured to receive streaming output for queue statistics and traffic
statistics from the network analytics process (Analyticsd) running on the Routing Engine.
NOTE: The show analytics collector command is available in Junos OS Release
13.2X51-D15 or later.
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
interface-control
•
Network Analytics Overview on page 33
•
analytics on page 237
•
address (Analytics Collector) on page 236
show analytics collector on page 420
Table 47 on page 419 describes the output fields for the show analytics collector command.
Table 47: show analytics collector Command Output Fields
Field
Description
Address
IP Address of the collector that is configured for receiving the streaming data.
Port
Port number of the collector receiving the streaming data.
Transport
Transport protocol:
•
tcp—Transmission Control Protocol
•
udp—User Datagram Protocol
NOTE: The connection state of a port configured with the udp transport protocol
is always displayed as n/a.
Stream format
State
Copyright © 2014, Juniper Networks, Inc.
Format of the data that is sent to the server:
•
csv—Comma-separated values
•
gpb—Google Protocol Buffer
•
json—JavaScript Object Notation
•
tsv—Tab-separated values
Connection state of the streaming server.
419
Network Management and Monitoring on the QFX Series
Table 47: show analytics collector Command Output Fields (continued)
Field
Description
Sent
Number of bytes sent to the streaming server.
Sample Output
show analytics collector
user@host> show analytics collector
Address
Port
Transport
10.94.184.25
50013 udp
10.94.184.25
50040 tcp
10.94.184.25
50050 tcp
10.94.184.62
50010 tcp
10.94.184.62
50020 udp
420
Stream format
gpb
gpb
gpb
csv
json
State
n/a
Not initialized
Established
Established
n/a
Sent
8710
0
405
18
17
Copyright © 2014, Juniper Networks, Inc.
Chapter 24: Commands for Network Analytics
show analytics configuration
Syntax
Release Information
Description
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
show analytics configuration
Command introduced in Junos OS Release 13.2 for the QFX Series.
Show the network analytics configuration details for the global and interface
configurations.
interface-control
•
Network Analytics Overview on page 33
•
analytics on page 237
show analytics configuration (Junos OS Release 13.2X51-D15 and Later) on page 424
show analytics configuration (Junos OS Release 13.2X51-D10 and Earlier) on page 424
describes the output fields for the show analytics configuration command in Junos OS
Release 13.2X51-D15 and later.
Table 48: show analytics configuration Command Output Fields (Junos OS Release 13.2X51-D15
and Later)
Field
Descriptions
Global Configurations
Traffic monitoring status
Settings are enabled or disabled. If traffic statistics monitoring is not enabled, this field is
not shown.
Traffic monitoring polling
interval
Interval for traffic statistics polling in seconds.
NOTE: Due to limitations and variations in hardware capability in different devices, there
might be a difference in value between the actual interval and configured interval.
Queue monitoring status
Settings are enabled or disabled. If queue statistics monitoring is not enabled, this field is
not shown.
Queue monitoring polling
interval
Interval for queue statistics polling in milliseconds.
NOTE: Due to limitations and variations in hardware capability in different devices, there
might be a difference in value between the actual interval and configured interval.
Queue depth high threshold
Upper limit of the depth threshold configuration in number of bytes.
If the queue depth threshold is not configured, this field is not shown.
Queue depth low threshold
Lower limit of the depth threshold configuration in number of bytes.
If the queue depth threshold is not configured, this field is not shown.
Copyright © 2014, Juniper Networks, Inc.
421
Network Management and Monitoring on the QFX Series
Table 48: show analytics configuration Command Output Fields (Junos OS Release 13.2X51-D15
and Later) (continued)
Field
Descriptions
Queue latency high threshold
Upper limit of the latency threshold configuration in nanoeconds.
If the queue latency threshold is not configured, this field is not shown.
Queue latency low threshold
Lower limit of the latency threshold configuration in microseconds.
If the queue latency threshold is not configured, this field is not shown.
Interface Configurations
Interface
Name of interface that is configured for network analytics. The interface configuration
overrides the global network analytics configuration.
Traffic Statistics
Settings are Enabled or Disabled for the interface.
Queue Statistics
Settings are Enabled or Disabled for the interface.
Queue depth threshold High
Upper limit of the depth threshold configuration in number of bytes.
If the queue depth threshold is not configured, n/a is displayed.
Queue depth threshold Low
Lower limit of the depth threshold configuration in number of bytes.
If the queue depth threshold is not configured, n/a is displayed.
Latency threshold High
Upper limit of the latency threshold configuration in nanoseconds.
If the latency threshold is not configured, n/a is displayed.
Latency threshold Low
Lower limit of the latency threshold configuration in nanoseconds.
If the latency threshold is not configured, n/a is displayed.
Table 49 on page 422 describes the output fields for the show analytics configuration
command in Junos OS Release 13.2X51-D10 and 13.2X50-D15.
Table 49: show analytics configuration Command Output Fields (Junos OS Release 13.2X51-D10
and earlier)
Field
Descriptions
Global Configurations
Traffic statistics
Settings are Auto, Enabled, or Disabled.
If Auto is displayed, traffic statistics monitoring is not enabled.
422
Copyright © 2014, Juniper Networks, Inc.
Chapter 24: Commands for Network Analytics
Table 49: show analytics configuration Command Output Fields (Junos OS Release 13.2X51-D10
and earlier) (continued)
Field
Descriptions
Poll interval (traffic statististics)
Interval for traffic statistics polling in seconds.
If the output displays a setting of 0 seconds, the polling interval was not configured, and the
default interval applies.
NOTE: The default interval is 1 second in Junos OS Release 13.2X50-D15, and 2 seconds in
Junos OS Release 13.2X51-D10.
NOTE: Due to limitations and variations in hardware capability in different devices, there
might be a difference in value between the actual interval and configured interval.
Queue statistics
Settings are Auto, Enabled, or Disabled.
If Auto is displayed, queue statistics monitoring is not enabled.
Poll interval (queue statististics)
Interval for queue statistics polling in milliseconds.
NOTE: The default interval is 8 milliseconds in Junos OS Release 13.2X50-D15, and
10 milliseconds in Junos OS Release 13.2X51-D10 or later.
NOTE: Due to limitations and variations in hardware capability in different devices, there
might be a difference in value between the actual interval and configured interval.
Depth threshold high
Upper limit of the depth threshold configuration in number of bytes.
If 0 is displayed, depth threshold is not enabled.
Depth threshold low
Lower limit of the depth threshold configuration in number of bytes.
If 0 is displayed, depth threshold is not enabled.
Latency threshold high
Upper limit of the latency threshold configuration in microseconds.
If 0 is displayed, latency threshold is not enabled.
Latency threshold low
Lower limit of the latency threshold configuration in microseconds.
If 0 is displayed, latency threshold is not enabled.
Interface Configurations
Interface
Name of interface that is configured for network analytics. The interface configuration
overrides the global network analytics configuration.
Traffic Statistics
Settings are Enabled or Disabled for the interface.
Queue Statistics
Settings are Enabled or Disabled for the interface.
Depth-threshold High
Upper limit of the depth threshold configuration in number of bytes.
If 0 is displayed, depth threshold is not enabled.
Copyright © 2014, Juniper Networks, Inc.
423
Network Management and Monitoring on the QFX Series
Table 49: show analytics configuration Command Output Fields (Junos OS Release 13.2X51-D10
and earlier) (continued)
Field
Descriptions
Depth-threshold Low
Lower limit of the depth threshold configuration in number of bytes.
If 0 is displayed, depth threshold is not enabled.
Latency-threshold High
Upper limit of the latency threshold configuration in microseconds.
If 0 is displayed, latency threshold is not enabled.
Latency-threshold Low
Lower limit of the latency threshold configuration in microseconds.
If 0 is displayed, latency threshold is not enabled.
Sample Output
show analytics configuration (Junos OS Release 13.2X51-D15 and Later)
user@host> show analytics configuration
Traffic monitoring status is enabled
Traffic monitoring polling interval : 5 seconds
Queue monitoring status is enabled
Queue monitoring polling interval : 1000 milliseconds
Queue depth high threshold : 99999 bytes
Queue depth low threshold : 99 bytes
Interface
xe-0/0/16
xe-0/0/18
xe-0/0/19
Traffic
Statistics
enabled
enabled
enabled
Queue
Statistics
enabled
enabled
enabled
Queue depth
threshold
High
(bytes)
n/a
n/a
n/a
Low
n/a
n/a
n/a
Latency
threshold
High
Low
(nanoseconds)
2300
20
2300
20
2300
20
show analytics configuration (Junos OS Release 13.2X51-D10 and Earlier)
user@host> show analytics configuration
Global configurations:
Traffic statistics: Enabled, Poll interval: 2 seconds
Queue statistics: Auto, Poll interval: 10 milliseconds
Depth threshold high: 0 bytes, low: 0 bytes
Latency threshold high: 0 microseconds, low: 0 microseconds
Interface
Traffic
Queue
Depth-threshold
Latency-threshold
Statistics
Statistics
High
Low
High
Low
(bytes)
(microseconds)
xe-0/0/0
Auto
Auto
204800
10
0
0
424
Copyright © 2014, Juniper Networks, Inc.
Chapter 24: Commands for Network Analytics
show analytics queue-statistics
Syntax
Release Information
show analytics queue-statistics
<interface interface-name>
Command introduced in Junos OS Release 13.2 for the QFX Series.
Description
Show the queue statistics (queue length and latency) that are collected for all interfaces
that are enabled for network analytics on a device. Optionally, if you wish to see the
queue statistics for one interface only, you may specify the interface.
Options
interface interface-name—(Optional) Display the queue statistics for the specified interface
only.
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
interface-control
•
Network Analytics Overview on page 33
•
analytics on page 237
show analytics queue-statistics (Junos OS Release 13.2X51-D15 and Later) on page 425
show analytics queue-statistics (Junos OS Release 13.2X51-D10) on page 426
show analytics queue-statistics (Junos OS Release 13.2X50-D15) on page 426
Table 12 on page 50 describes the output fields for the show analytics queue-statistics
command.
Table 50: show analytics queue-statistics Command Output Fields
Field
Description
Time
Date and time at which the queue statistics are collected.
Interface
Name of the interface at which the queue statistics are collected.
Queue-length or queue-depth
(bytes)
Queue depth (length) in number of bytes.
Latency
Queue depth in nanoseconds (Junos OS Release 13.2X51-D15 and later) or microseconds
(Junos OS Release 13.2X51-D10 and earlier).
Sample Output
show analytics queue-statistics (Junos OS Release 13.2X51-D15 and Later)
user@host> show analytics queue-statistics
CLI issued at 2014-01-07 17:20:29.978561
Time
Interface
00:00:00.870058 ago
00:00:01.875049 ago
Copyright © 2014, Juniper Networks, Inc.
xe-0/0/19
xe-0/0/19
Queue-depth
(bytes)
1369680
1381952
Latency
(nanoseconds)
1095744
1105561
425
Network Management and Monitoring on the QFX Series
00:00:02.875053
00:00:03.876047
00:00:04.873045
00:00:05.871044
00:00:06.873354
ago
ago
ago
ago
ago
xe-0/0/19
xe-0/0/19
xe-0/0/19
xe-0/0/19
xe-0/0/19
1387776
1387568
1388192
1385904
1371552
1110220
1110054
1110553
1108723
1097241
show analytics queue-statistics (Junos OS Release 13.2X51-D10)
user@host>
Time
2013 Nov 3
2013 Nov 3
2013 Nov 3
2013 Nov 3
2013 Nov 3
2013 Nov 3
2013 Nov 3
2013 Nov 3
2013 Nov 3
2013 Nov 3
show analytics queue-statistics
Interface
Queue-length (bytes)
3:52:26.272 xe-0/0/9
208
3:52:26.292 xe-0/0/9
208
3:52:26.372 xe-0/0/9
208
3:52:26.392 xe-0/0/9
208
3:52:26.432 xe-0/0/9
208
3:52:26.492 xe-0/0/9
208
3:52:26.572 xe-0/0/9
208
4:30:24.584 xe-0/0/9
1387152
4:30:24.604 xe-0/0/9
1372384
4:30:24.624 xe-0/0/9
1384864
Latency (us)
0
0
0
0
0
0
0
1109
1097
1107
Sample Output
show analytics queue-statistics (Junos OS Release 13.2X50-D15)
user@host> show analytics queue-statistics
Time
Interface
Queue-length (bytes)
Apr 6 0:17:18.224 xe-0/0/9
1043952
Apr 6 0:17:18.234 xe-0/0/9
1053520
Apr 6 0:17:18.244 xe-0/0/9
1055184
426
Latency (us)
835
842
844
Copyright © 2014, Juniper Networks, Inc.
Chapter 24: Commands for Network Analytics
show analytics status
Syntax
Release Information
Description
Options
show analytics status
<global>
Command introduced in Junos OS Release 13.2 for the QFX Series.
Show the status of the network analytics components that are configured on a device.
none—Show the global and interface status for network analytics.
global—Show the global status only for network analytics.
NOTE: The global option is available in Junos OS Release 13.2X51-D15 or
later.
Required Privilege
Level
Related
Documentation
interface-control
•
Network Analytics Overview on page 33
•
analytics on page 237
List of Sample Output
show analytics status (Junos OS Release 13.2X51-D15 or Later) on page 429
show analytics status global (Junos OS Release 13.2X51-D15 or Later) on page 429
show analytics status (Junos OS Release 13.2X50-D15 and 13.2X51-D10) on page 429
Output Fields
Table 51 on page 427 describes the output fields for the show analytics status command.
Table 51: show analytics status Command Output Fields
Field
Descriptions
Global Configurations
Traffic statistics or Traffic
monitoring status
Settings are Auto, Enabled, or Disabled.
If Auto is displayed, traffic statistics monitoring is not enabled.
NOTE: The Disabled setting always supersedes the Enabled setting.
Poll interval or Traffic monitoring
polling interval
Interval for traffic statistics polling in seconds.
NOTE: Due to limitations and variations in the hardware capability of different devices, you
might see a difference in value between the actual interval and configured interval.
Queue statistics or Queue
monitoring status
Can be Auto, Enabled, or Disabled.
If Auto is displayed, queue statistics monitoring is not enabled.
NOTE: The Disabled setting always supersedes the Enabled setting.
Copyright © 2014, Juniper Networks, Inc.
427
Network Management and Monitoring on the QFX Series
Table 51: show analytics status Command Output Fields (continued)
Field
Descriptions
Poll interval or Queue monitoring
polling interval
Interval for queue statistics polling in milliseconds.
NOTE: Due to limitations and variations in the hardware capability of different devices, you
might see a difference in value between the actual interval and configured interval.
Depth threshold high or Queue
depth high threshold
Upper limit of the depth threshold configuration in number of bytes.
In Junos OS Release 13.2X51-D15 or later, if this parameter is not configured, this field is not
shown.
In Junos OS Release 13.2X51-D10 or earlier, if this parameter is not configured, a value of 0
is displayed.
Depth threshold low or Queue
depth low threshold
Lower limit of the depth threshold configuration in number of bytes.
In Junos OS Release 13.2X51-D15 or later, if this parameter is not configured, this field is not
shown.
In Junos OS Release 13.2X51-D10 or earlier, if this parameter is not configured, a value of 0
is displayed.
Latency threshold high
Upper limit of the latency threshold configuration in microseconds.
In Junos OS Release 13.2X51-D15 or later, if this parameter is not configured, this field is not
shown.
In Junos OS Release 13.2X51-D10 or earlier, if this parameter is not configured, a value of 0
is displayed.
Latency threshold low
Lower limit of the latency threshold configuration in microseconds.
In Junos OS Release 13.2X51-D15 or later, if this parameter is not configured, this field is not
shown.
In Junos OS Release 13.2X51-D10 or earlier, if this parameter is not configured, a value of 0
is displayed.
Interface Configurations
Interface
Name of an interface that is configured for network analytics. The interface configuration
overrides the global network analytics configuration.
Traffic Statistics
Settings are Enabled or Disabled for the interface.
NOTE: The Disabled setting always supersedes the Enabled setting.
Queue Statistics
Settings are Enabled or Disabled for the interface.
NOTE: The Disabled setting always supersedes the Enabled setting.
Depth-threshold High or Queue
depth threshold high
Upper limit of the depth threshold configuration in number of bytes.
If this parameter is not configured, an output of n/a or 0 is displayed in this column, depending
on the software release.
428
Copyright © 2014, Juniper Networks, Inc.
Chapter 24: Commands for Network Analytics
Table 51: show analytics status Command Output Fields (continued)
Field
Descriptions
Depth-threshold Low or Queue
depth threshold low
Lower limit of the depth threshold configuration in number of bytes.
If this parameter is not configured, an output of n/a or 0 is displayed in this column, depending
on the software release.
Latency-threshold High
Upper limit of the latency threshold configuration in nanoseconds or microseconds.
If this parameter is not configured, an output of n/a or 0 is displayed in this column, depending
on the software release.
Latency-threshold Low
Lower limit of the latency threshold configuration in nanoseconds or microseconds.
If this parameter is not configured, an output of n/a or 0 is displayed in this column, depending
on the software release.
Sample Output
show analytics status (Junos OS Release 13.2X51-D15 or Later)
user@host> show analytics status
Traffic monitoring status is auto
Traffic monitoring polling interval : 5 seconds
Queue monitoring status is enabled
Queue monitoring status polling interval : 1000 milliseconds
Queue depth high threshold : 1000000000 bytes
Queue depth low threshold : 99 bytes
Interface
Traffic
Statistics
xe-0/0/16
xe-0/0/18
xe-0/0/19
enabled
disabled
enabled
Queue
Statistics
enabled
enabled
enabled
Queue depth
threshold
High
Low
(bytes)
1000000000 99
1000000000 99
1000000000 99
Latency
threshold
High
Low
(nanoseconds)
n/a
n/a
n/a
n/a
n/a
n/a
show analytics status global (Junos OS Release 13.2X51-D15 or Later)
user@host> show analytics status global
Traffic monitoring status is auto
Traffic monitoring polling interval : 5 seconds
Queue monitoring status is enabled
Queue monitoring status polling interval : 1000 milliseconds
Queue depth high threshold : 1000000000 bytes
Queue depth low threshold : 99 bytes
show analytics status (Junos OS Release 13.2X50-D15 and 13.2X51-D10)
user@host> show analytics status
Global configurations:
Traffic statistics: Auto, Poll interval: 2 seconds
Queue statistics: Auto, Poll interval: 10 milliseconds
Depth threshold high: 0 bytes, low: 0 bytes
Latency threshold high: 1000 microseconds, low: 50 microseconds
Interface
Traffic
Queue
Depth-threshold
Latency-threshold
Copyright © 2014, Juniper Networks, Inc.
429
Network Management and Monitoring on the QFX Series
Statistics
xe-0/0/6
xe-0/0/7
xe-0/0/8
430
Enabled
Enabled
Enabled
Statistics
Enabled
Enabled
Enabled
High
Low
(bytes)
0
0
204800
10
0
0
High
Low
(microseconds)
1000
50
0
0
1000
50
Copyright © 2014, Juniper Networks, Inc.
Chapter 24: Commands for Network Analytics
show analytics streaming-servers
Syntax
Release Information
Description
show analytics streaming-servers
Command introduced in Junos OS Release 13.2 for the QFX Series.
Show the list of streaming servers that are configured for network analytics. Streaming
servers receive streaming output for queue statistics and traffic statistics from the network
analytics process (Analyticsd) running on the Routing Engine.
NOTE: The show analytics streaming-servers command is available in Junos
OS Release 13.2X50-D15 and 13.2X51-D10 only.
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
interface-control
•
Network Analytics Overview on page 33
•
analytics on page 237
•
show analytics collector on page 419
show analytics streaming-servers on page 432
Table 52 on page 431 describes the output fields for the show analytics streaming-servers
command.
Table 52: show analytics streaming-servers Command Output Fields
Field
Description
Address
IP Address of the streaming server that is configured for receiving the streaming data.
Port
Port number of the streaming server receiving the streaming data.
Stream-Format
Format of the data that is sent to the server. Values are:
Stream-Type
•
csv—Comma-separated values.
•
json—JavaScript Object Notification.
•
tsv—Tab-separated values.
Type of data that is sent to the a port on the streaming server:
•
QS—Queue statistics.
•
TS—Traffic statistics.
State
Connection state of the streaming server.
Sent
Number of bytes sent to the streaming server.
Copyright © 2014, Juniper Networks, Inc.
431
Network Management and Monitoring on the QFX Series
Sample Output
show analytics streaming-servers
user@host> show analytics streaming-servers
Address
Port
Stream-Format
10.94.198.14
50001
json
10.94.198.14
50005
csv
172.17.28.28
50005
tsv
432
Stream-Type
QS
TS
TS/QS
State
Established
Established
In Progress
Sent
0
1185
0
Copyright © 2014, Juniper Networks, Inc.
Chapter 24: Commands for Network Analytics
show analytics traffic-statistics
Syntax
Release Information
show analytics traffic-statistics
<interface interface-name>
Command introduced in Junos OS Release 13.2 for the QFX Series.
Description
Show the traffic statistics that are collected for all interfaces that are enabled for network
analytics on a device. Optionally, if you wish to see the traffic statistics for one interface
only, you may specify the interface.
Options
interface interface-name—(Optional) Display the traffic statistics for the specified interface
only.
Required Privilege
Level
Related
Documentation
interface-control
•
Network Analytics Overview on page 33
•
analytics on page 237
List of Sample Output
show analytics traffic-statistics (Junos OS Release 13.2X51-D15 or Later) on page 434
show analytics traffic-statistics (Junos OS Release 13.2X51-D10) on page 434
show analytics traffic-statistics (Junos OS Release 13.2X50-D15) on page 434
Output Fields
Table 53 on page 433 describes the output fields for the show analytics traffic-statistics
command.
Table 53: show analytics traffic-statistics Command Output Fields
Field
Description
Time
The date and time at which the traffic statistics are generated.
Physical interface
Name of the interface at which the traffic statistics are collected.
Total octets
Total number of octets that are received and transmitted.
Total packets
Total number of packets that are received and transmitted.
Octets per second
Number of octets received and transmitted per second.
Packet per second
Number of packets received and transmitted per second.
CRC/Align errors or Octets
dropped
Number of cyclic redundancy check (CRC) errors or octets dropped.
Packets dropped
•
Junos OS Release 13.2X51-D15 or later—Number of cyclic redundancy check (CRC) errors.
•
Junos OS Release 13.2X51-D10 and earlier—Number of octets dropped.
Number of packets dropped.
Copyright © 2014, Juniper Networks, Inc.
433
Network Management and Monitoring on the QFX Series
Sample Output
show analytics traffic-statistics (Junos OS Release 13.2X51-D15 or Later)
user@host> show analytics traffic-statistics
CLI issued at 2014-01-07 17:22:28.952677
Time: 00:00:03.480244 ago, Physical interface: xe-0/0/19
Traffic Statistics:
Receive
Transmit
Total octets:
3929946593792
393001011519232
Total packets:
30702707784
3070320402462
Unicast packet:
30702707784
3070320402462
Multicast packets:
0
0
Broadcast packets:
0
0
Octets per second:
86407016
59044064
Packets per second:
84787
8469688
CRC/Align errors:
0
392986110751744
Packets dropped:
0
3070203990248
show analytics traffic-statistics (Junos OS Release 13.2X51-D10)
user@host> show analytics traffic-statistics
Time: 2013 Nov 3 4:36:55.542, Physical interface: xe-0/0/8
Traffic Statistics:
Receive
Transmit
Total octets:
2777524779008
101855533467
Total packet:
21699412289
795746503
Octets per second:
904001272
0
Packet per second:
8399574
0
Octets dropped:
0
0
Packet dropped:
0
0
Time: 2013 Nov 3 4:36:57.559, Physical interface: xe-0/0/10
Traffic Statistics:
Receive
Transmit
Total octets:
2777546444381
129840936198
Total packet:
21699581650
1014382311
Octets per second:
90400211
86403728
Packet per second:
8400382
84438
Octets dropped:
0
0
Packet dropped:
0
0
show analytics traffic-statistics (Junos OS Release 13.2X50-D15)
user@host> show analytics traffic-statistics
Time: Apr 5 19:52:48.549, Physical interface: xe-0/0/8
Traffic Statistics:
Receive
Transmit
Total octets:
4797548752936
408886273632
Total packet:
5658257464
3190613435
Octets per second:
0
0
Packet per second:
0
0
Octets dropped:
0
252901000
Packet dropped:
0
252901
Utilization:
0.0%
0.0%
Time: Apr 5 19:52:48.549, Physical interface: xe-0/0/10
Traffic Statistics:
Receive
Transmit
Total octets:
4790866253100
477139024
Total packet:
5624473639
477944
Octets per second:
0
0
Packet per second:
0
0
Octets dropped:
0
166582000
Packet dropped:
0
166582
Utilization:
0.0%
0.0%
434
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 25
Commands for sFlow Technology
•
clear sflow collector statistics
•
show sflow
•
show sflow collector
•
show sflow interface
Copyright © 2014, Juniper Networks, Inc.
435
Network Management and Monitoring on the QFX Series
clear sflow collector statistics
Syntax
Release Information
Description
Required Privilege
Level
Related
Documentation
List of Sample Output
clear sflow collector statistics
Command introduced in Junos OS Release 11.3 for the QFX Series.
Clear the sample counters for all sFlow collectors.
view
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
•
Configuring sFlow Technology on page 163
•
show sflow collector on page 439
clear sflow collector statistics on page 436
Sample Output
clear sflow collector statistics
The following example shows two output examples for the show sflow collector
command, one before and one after the clear sflow collector statistics command was
issued.
user@host> show sflow collector
Collector
Udp-port
No. of samples
address
10.1.1.1
6343
3174
10.1.2.1
6343
3562
user@host> clear sflow collector statistics
user@host> show sflow collector
Collector
Udp-port
No. of samples
address
10.1.1.1
6343
0
10.1.2.1
6343
0
436
Copyright © 2014, Juniper Networks, Inc.
Chapter 25: Commands for sFlow Technology
show sflow
Syntax
Release Information
Description
Options
show sflow
<collector>
<interface>
Command introduced in Junos OS Release 11.3 for the QFX Series.
Display sFlow configuration information.
none—Display all sFlow configuration information.
collector—(Optional) Display a list of configured sFlow collectors and their properties.
interface—(Optional) Display the interfaces on which sFlow technology is enabled and
the sampling parameters.
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
view
•
show sflow interface on page 440
•
show sflow collector on page 439
•
clear sflow collector statistics on page 436
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
•
Configuring sFlow Technology on page 163
show sflow on page 438
Table 54 on page 437 lists the output fields for the show sflow command. Output fields
are listed in the approximate order in which they appear.
Table 54: show sflow Output Fields
Field Name
Field Description
Level of Output
sFlow
Status of the feature: Enabled or Disabled.
All levels
Sample limit
Number of packets sampled per second. This sample limit
cannot be configured and is set to 300 packets per second.
All levels
Polling interval
Interval at which the sFlow agent polls the interface.
All levels
Sample rate egress
Rate at which egress packets are sampled.
All levels
Sample rate ingress
Rate at which ingress packets are sampled.
All levels
Agent ID
IP address assigned to the sFlow agent.
All levels
Source IP address
Source IP address for the sFlow packets.
All levels
Copyright © 2014, Juniper Networks, Inc.
437
Network Management and Monitoring on the QFX Series
Sample Output
show sflow
user@host> show sflow
sFlow
Sample limit
Polling interval
Sample rate egress
Sample rate ingress
Agent ID
Source IP address
438
:
:
:
:
:
:
:
Enabled
300 packets/second
20 second
1:2048: Disabled
1:1000: Enabled
10.93.54.7
10.93.54.7
Copyright © 2014, Juniper Networks, Inc.
Chapter 25: Commands for sFlow Technology
show sflow collector
Syntax
Release Information
Description
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
show sflow collector
Command introduced in Junos OS Release 11.3 for the QFX Series.
Display a list of configured sFlow collectors and their properties.
view
•
clear sflow collector statistics on page 436
•
show sflow on page 437
•
show sflow interface on page 440
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
•
Configuring sFlow Technology on page 163
show sflow collector on page 439
Table 55 on page 439 lists the output fields for the show sflow collector command. Output
fields are listed in the approximate order in which they appear.
Table 55: show sflow collector Output Fields
Field Name
Field Description
Level of Output
Collector address
IP address of the collector.
All levels
UDP-Port
UDP port number of the collector.
All levels
No. of samples
Number of samples collected.
All levels
Sample Output
show sflow collector
user@host> show sflow collector
Collector
address
10.204.32.46
100.204.32.76
Copyright © 2014, Juniper Networks, Inc.
Udp-port
6343
3400
No. of samples
1000
1000
439
Network Management and Monitoring on the QFX Series
show sflow interface
Syntax
Release Information
Description
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
show sflow interface
Command introduced in Junos OS Release 11.3 for the QFX Series.
Display the interfaces on which sFlow is enabled and the sampling parameters for the
interface.
view
•
show sflow on page 437
•
show sflow collector on page 439
•
Example: Monitoring Network Traffic Using sFlow Technology on page 126
•
Configuring sFlow Technology on page 163
show sflow interface (QFX3500 Switch in Standalone Mode) on page 440
show sflow interface (QFabric System) on page 441
Table 56 on page 440 lists the output fields for the show sflow interface command. Output
fields are listed in the approximate order in which they appear.
Table 56: show sflow interface Output Fields
Field Name
Field Description
Level of Output
Interface
Interface on which sFlow technology is enabled.
All levels
Status Egress
Indicates whether an egress sample rate is enabled.
All levels
Status Ingress
Indicates whether an ingress sample rate is enabled.
All levels
Sample rate Egress
Rate at which egress packets are sampled.
All levels
Sample rate Ingress
Rate at which ingress packets are sampled.
All levels
Adapted sample rate Egress
Adapted rate at which egress packets are sampled.
All levels
Adapted sample rate Ingress
Adapted rate at which ingress packets are sampled.
All levels
Polling-interval
Interval at which the sFlow agent polls the interface.
All levels
Sample Output
show sflow interface (QFX3500 Switch in Standalone Mode)
user@host> show sflow interface
440
Copyright © 2014, Juniper Networks, Inc.
Chapter 25: Commands for sFlow Technology
Interface
Status
Sample rate
Adapted sample rate
Polling-interval
Egress Ingress
Egress Ingress
Egress Ingress
xe-0/0/0.0
Enabled Disabled 1000
2048
1000
2048
20
xe-1/0/1.0
Enabled Disabled 1000
2048
1000
2048
20
Sample Output
show sflow interface (QFabric System)
user@host> show sflow interface
Interface Status
Sample rate
Adapted sample rate
Polling-interval
Egress Ingress
Egress Ingress
Egress Ingress
node1:xe-0/0/0.0
Enabled Disabled 1000
2048
1000
2048
20
node2:xe-1/0/1.0
Enabled Disabled 1000
2048
1000
2048
20
node4:xe-1/0/0.0
Enabled Disabled 1000
2048
1000
2048
20
Copyright © 2014, Juniper Networks, Inc.
441
Network Management and Monitoring on the QFX Series
442
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 26
Commands for SNMP
•
clear snmp history
•
clear snmp statistics
•
request snmp spoof-trap
•
request snmp utility-mib clear instance
•
request snmp utility-mib set instance
•
show snmp health-monitor
•
show snmp inform-statistics
•
show snmp mib
•
show snmp rmon
•
show snmp rmon history
•
show snmp statistics
•
show snmp v3
Copyright © 2014, Juniper Networks, Inc.
443
Network Management and Monitoring on the QFX Series
clear snmp history
Syntax
Release Information
Description
Options
clear snmp history (index | all)
Command introduced in Junos OS Release 11.1 for the QFX Series.
Delete the samples of Ethernet statistics collected for a history group.
all—Clear all the entries in the history index.
index—Clear the contents of the specified entry in the history index.
Required Privilege
Level
Related
Documentation
444
clear
•
clear snmp statistics on page 445
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
clear snmp statistics
Syntax
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
clear snmp statistics
Command introduced before Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Clear Simple Network Management Protocol (SNMP) statistics.
This command has no options.
clear
•
show snmp statistics on page 470
clear snmp statistics on page 445
See show snmp statistics for an explanation of output fields.
Sample Output
clear snmp statistics
In the following example, SNMP statistics are displayed before and after the clear snmp
statistics command is issued:
user@host> show snmp statistics
SNMP statistics:
Input:
Packets: 8, Bad versions: 0, Bad community names: 0,
Bad community uses: 0, ASN parse errors: 0,
Too bigs: 0, No such names: 0, Bad values: 0,
Read onlys: 0, General errors: 0,
Total request varbinds: 8, Total set varbinds: 0,
Get requests: 0, Get nexts: 8, Set requests: 0,
Get responses: 0, Traps: 0,
Silent drops: 0, Proxy drops 0
Output:
Packets: 2298, Too bigs: 0, No such names: 0,
Bad values: 0, General errors: 0,
Get requests: 0, Get nexts: 0, Set requests: 0,
Get responses: 8, Traps: 2290
user@host> clear snmp statistics
user@host> show snmp statistics
SNMP statistics:
Input:
Packets: 0, Bad versions: 0, Bad community names: 0,
Bad community uses: 0, ASN parse errors: 0,
Too bigs: 0, No such names: 0, Bad values: 0,
Read onlys: 0, General errors: 0,
Copyright © 2014, Juniper Networks, Inc.
445
Network Management and Monitoring on the QFX Series
Total request varbinds: 0, Total set varbinds: 0,
Get requests: 0, Get nexts: 0, Set requests: 0,
Get responses: 0, Traps: 0,
Silent drops: 0, Proxy drops 0
Output:
Packets: 0, Too bigs: 0, No such names: 0,
Bad values: 0, General errors: 0,
Get requests: 0, Get nexts: 0, Set requests: 0,
Get responses: 0, Traps: 0
446
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
request snmp spoof-trap
Syntax
Release Information
Description
Options
request snmp spoof-trap
<trap> variable-bindings <object> <instance> <value>
Command introduced in Junos OS Release 8.2.
Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Spoof (mimic) the behavior of a Simple Network Management Protocol (SNMP) trap.
<trap>—Name of the trap to spoof.
variable-bindings <object> <instance> <value>—(Optional) List of variables and values
to include in the trap. Each variable binding is specified as an object name, the object
instance, and the value (for example, ifIndex[14] = 14). Enclose the list of variable
bindings in quotation marks (“ “) and use a comma to separate each object name,
instance, and value definition (for example, variable-bindings “ifIndex[14] = 14,
ifAdminStatus[14] = 1, ifOperStatus[14] = 2”). Objects included in the trap definition
that do not have instances and values specified as part of the command are included
in the trap and spoofed with automatically generated instances and values.
<dummy name>—A dummy trap name to display the list of available traps.
Question mark (?)—Question mark? to display possible completions.
Required Privilege
Level
List of Sample Output
request
request snmp spoof-trap (with Variable Bindings) on page 447
request snmp spoof-trap (Illegal Trap Name) on page 447
request snmp spoof-trap (Question Mark ?) on page 451
Sample Output
request snmp spoof-trap (with Variable Bindings)
user@host> request snmp spoof-trap linkUp variable-bindings “ifIndex[14] = 14, ifAdminStatus[14]
= 1, ifOperStatus[14] = 2”
Spoof trap request result: trap sent successfully
request snmp spoof-trap (Illegal Trap Name)
user@host> request snmp spoof-trap xx
Spoof trap request result: trap not found
Allowed Traps:
adslAtucInitFailureTrap
adslAtucPerfESsThreshTrap
adslAtucPerfLofsThreshTrap
adslAtucPerfLolsThreshTrap
adslAtucPerfLossThreshTrap
adslAtucPerfLprsThreshTrap
adslAtucRateChangeTrap
adslAturPerfESsThreshTrap
Copyright © 2014, Juniper Networks, Inc.
447
Network Management and Monitoring on the QFX Series
adslAturPerfLofsThreshTrap
adslAturPerfLossThreshTrap
adslAturPerfLprsThreshTrap
adslAturRateChangeTrap
apsEventChannelMismatch
apsEventFEPLF
apsEventModeMismatch
apsEventPSBF
apsEventSwitchover
authenticationFailure
bfdSessDown
bfdSessUp
bgpBackwardTransition
bgpEstablished
coldStart
dlswTrapCircuitDown
dlswTrapCircuitUp
dlswTrapTConnDown
dlswTrapTConnPartnerReject
dlswTrapTConnProtViolation
dlswTrapTConnUp
dsx1LineStatusChange
dsx3LineStatusChange
entConfigChange
fallingAlarm
frDLCIStatusChange
ggsnTrapChanged
ggsnTrapCleared
ggsnTrapNew
gmplsTunnelDown
ifMauJabberTrap
ipv6IfStateChange
isisAreaMismatch
isisAttemptToExceedMaxSequence
isisAuthenticationFailure
isisAuthenticationTypeFailure
isisCorruptedLSPDetected
isisDatabaseOverload
isisIDLenMismatch
isisLSPTooLargeToPropagate
isisManualAddressDrops
isisMaxAreaAddressesMismatch
isisOriginatingLSPBufferSizeMismatch
isisOwnLSPPurge
isisProtocolsSupportedMismatch
isisRejectedAdjacency
isisSequenceNumberSkip
isisVersionSkew
jnxAccessAuthServerDisabled
jnxAccessAuthServerEnabled
jnxAccessAuthServiceDown
jnxAccessAuthServiceUp
jnxBfdSessDetectionTimeHigh
jnxBfdSessTxIntervalHigh
jnxBgpM2BackwardTransition
jnxBgpM2Established
jnxCmCfgChange
jnxCmRescueChange
jnxCollFlowOverload
jnxCollFlowOverloadCleared
jnxCollFtpSwitchover
448
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
jnxCollMemoryAvailable
jnxCollMemoryUnavailable
jnxCollUnavailableDest
jnxCollUnavailableDestCleared
jnxCollUnsuccessfulTransfer
jnxDfcHardMemThresholdExceeded
jnxDfcHardMemUnderThreshold
jnxDfcHardPpsThresholdExceeded
jnxDfcHardPpsUnderThreshold
jnxDfcSoftMemThresholdExceeded
jnxDfcSoftMemUnderThreshold
jnxDfcSoftPpsThresholdExceeded
jnxDfcSoftPpsUnderThreshold
jnxEventTrap
jnxExampleStartup
jnxFEBSwitchover
jnxFanFailure
jnxFanOK
jnxFruCheck
jnxFruFailed
jnxFruInsertion
jnxFruOK
jnxFruOffline
jnxFruOnline
jnxFruPowerOff
jnxFruPowerOn
jnxFruRemoval
jnxHardDiskFailed
jnxHardDiskMissing
jnxJsAvPatternUpdateTrap
jnxJsChassisClusterSwitchover
jnxJsFwAuthCapacityExceeded
jnxJsFwAuthFailure
jnxJsFwAuthServiceDown
jnxJsFwAuthServiceUp
jnxJsNatAddrPoolThresholdStatus
jnxJsScreenAttack
jnxJsScreenCfgChange
jnxLdpLspDown
jnxLdpLspUp
jnxLdpSesDown
jnxLdpSesUp
jnxMIMstCistPortLoopProtectStateChangeTrap
jnxMIMstCistPortRootProtectStateChangeTrap
jnxMIMstErrTrap
jnxMIMstGenTrap
jnxMIMstInvalidBpduRxdTrap
jnxMIMstMstiPortLoopProtectStateChangeTrap
jnxMIMstMstiPortRootProtectStateChangeTrap
jnxMIMstNewRootTrap
jnxMIMstProtocolMigrationTrap
jnxMIMstRegionConfigChangeTrap
jnxMIMstTopologyChgTrap
jnxMacChangedNotification
jnxMplsLdpInitSesThresholdExceeded
jnxMplsLdpPathVectorLimitMismatch
jnxMplsLdpSessionDown
jnxMplsLdpSessionUp
jnxOspfv3IfConfigError
jnxOspfv3IfRxBadPacket
jnxOspfv3IfStateChange
Copyright © 2014, Juniper Networks, Inc.
449
Network Management and Monitoring on the QFX Series
jnxOspfv3LsdbApproachingOverflow
jnxOspfv3LsdbOverflow
jnxOspfv3NbrRestartHelperStatusChange
jnxOspfv3NbrStateChange
jnxOspfv3NssaTranslatorStatusChange
jnxOspfv3RestartStatusChange
jnxOspfv3VirtIfConfigError
jnxOspfv3VirtIfRxBadPacket
jnxOspfv3VirtIfStateChange
jnxOspfv3VirtNbrRestartHelperStatusChange
jnxOspfv3VirtNbrStateChange
jnxOtnAlarmCleared
jnxOtnAlarmSet
jnxOverTemperature
jnxPMonOverloadCleared
jnxPMonOverloadSet
jnxPingEgressJitterThresholdExceeded
jnxPingEgressStdDevThresholdExceeded
jnxPingEgressThresholdExceeded
jnxPingIngressJitterThresholdExceeded
jnxPingIngressStddevThresholdExceeded
jnxPingIngressThresholdExceeded
jnxPingRttJitterThresholdExceeded
jnxPingRttStdDevThresholdExceeded
jnxPingRttThresholdExceeded
jnxPortBpduErrorStatusChangeTrap
jnxPortLoopProtectStateChangeTrap
jnxPortRootProtectStateChangeTrap
jnxPowerSupplyFailure
jnxPowerSupplyOK
jnxRedundancySwitchover
jnxRmonAlarmGetFailure
jnxRmonGetOk
jnxSecAccessIfMacLimitExceeded
jnxSecAccessdsRateLimitCrossed
jnxSonetAlarmCleared
jnxSonetAlarmSet
jnxSpSvcSetCpuExceeded
jnxSpSvcSetCpuOk
jnxSpSvcSetZoneEntered
jnxSpSvcSetZoneExited
jnxStormEventNotification
jnxSyslogTrap
jnxTemperatureOK
jnxVccpPortDown
jnxVccpPortUp
jnxVpnIfDown
jnxVpnIfUp
jnxVpnPwDown
jnxVpnPwUp
jnxl2aldGlobalMacLimit
jnxl2aldInterfaceMacLimit
jnxl2aldRoutingInstMacLimit
linkDown
linkUp
lldpRemTablesChange
mfrMibTrapBundleLinkMismatch
mplsLspChange
mplsLspDown
mplsLspInfoChange
mplsLspInfoDown
450
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
mplsLspInfoPathDown
mplsLspInfoPathUp
mplsLspInfoUp
mplsLspPathDown
mplsLspPathUp
mplsLspUp
mplsNumVrfRouteMaxThreshExceeded
mplsNumVrfRouteMidThreshExceeded
mplsNumVrfSecIllglLblThrshExcd
mplsTunnelDown
mplsTunnelReoptimized
mplsTunnelRerouted
mplsTunnelUp
mplsVrfIfDown
mplsVrfIfUp
mplsXCDown
mplsXCUp
msdpBackwardTransition
msdpEstablished
newRoot
ospfIfAuthFailure
ospfIfConfigError
ospfIfRxBadPacket
ospfIfStateChange
ospfLsdbApproachingOverflow
ospfLsdbOverflow
ospfMaxAgeLsa
ospfNbrStateChange
ospfOriginateLsa
ospfTxRetransmit
ospfVirtIfAuthFailure
ospfVirtIfConfigError
ospfVirtIfRxBadPacket
ospfVirtIfStateChange
ospfVirtIfTxRetransmit
ospfVirtNbrStateChange
pethMainPowerUsageOffNotification
pethMainPowerUsageOnNotification
pethPsePortOnOffNotification
pingProbeFailed
pingTestCompleted
pingTestFailed
ptopoConfigChange
risingAlarm
rpMauJabberTrap
sdlcLSStatusChange
sdlcPortStatusChange
topologyChange
traceRoutePathChange
traceRouteTestCompleted
traceRouteTestFailed
vrrpTrapAuthFailure
vrrpTrapNewMaster
warmStart
request snmp spoof-trap (Question Mark ?)
user@host> request snmp spoof-trap ?
Possible completions:
<trap>
The name of the trap to spoof
adslAtucInitFailureTrap
Copyright © 2014, Juniper Networks, Inc.
451
Network Management and Monitoring on the QFX Series
adslAtucPerfESsThreshTrap
adslAtucPerfLofsThreshTrap
adslAtucPerfLolsThreshTrap
adslAtucPerfLossThreshTrap
adslAtucPerfLprsThreshTrap
adslAtucRateChangeTrap
adslAturPerfESsThreshTrap
adslAturPerfLofsThreshTrap
adslAturPerfLossThreshTrap
adslAturPerfLprsThreshTrap
adslAturRateChangeTrap
apsEventChannelMismatch
apsEventFEPLF
apsEventModeMismatch
apsEventPSBF
apsEventSwitchover
authenticationFailure
bfdSessDown
bfdSessUp
bgpBackwardTransition
bgpEstablished
coldStart
dlswTrapCircuitDown
dlswTrapCircuitUp
---(more 10%)---
452
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
request snmp utility-mib clear instance
Syntax
Release Information
Description
Options
request snmp utility-mib clear instance name
object-type type
Command introduced in Junos OS Release 12.2 for the QFX Series.
Clear the data stored in the specified container object in the SNMP Utility MIB.
name—Name of the SNMP instance that is used to identify the data stored in the container
object.
object-type type—Type of container object in which the data is stored. The following
container object types are supported:
Required Privilege
Level
Related
Documentation
•
counter—Stores a 32-bit counter value.
•
counter64—Stores a 64-bit counter value.
•
integer—Stores a 32-bit signed integer value.
•
unsigned-integer—Stores a 32-bit unsigned integer value.
clear
•
Utility MIB on page 68
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
request snmp utility-mib set instance on page 454
Copyright © 2014, Juniper Networks, Inc.
453
Network Management and Monitoring on the QFX Series
request snmp utility-mib set instance
Syntax
Release Information
Description
Options
request snmp utility-mib set instance name
object-type type
object-value value
Command introduced in Junos OS Release 12.2 for the QFX Series.
Store data in the specified container object in the SNMP Utility MIB. The data may be
retrieved by SNMP operations.
name—Name of the SNMP instance that is used to identify the data stored in the container
object.
object-type type—Type of container object in which to store data. The following container
object types are supported:
•
counter—Stores a 32-bit counter value.
•
counter64—Stores a 64-bit counter value.
•
integer—Stores a 32-bit signed integer value.
•
unsigned-integer—Stores a 32-bit unsigned integer value.
•
string—Stores an octet string value.
object-value value—Data that is stored in the container object.
Required Privilege
Level
Related
Documentation
454
request
•
Utility MIB on page 68
•
Understanding the Implementation of SNMP on the QFabric System on page 62
•
request snmp utility-mib clear instance on page 453
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
show snmp health-monitor
Syntax
Release Information
Description
Options
show snmp health-monitor
<alarms (brief | detail) | logs>
Command introduced in Junos OS Release 11.1 for the QFX Series.
Display information about Simple Network Management Protocol (SNMP) health monitor
alarms and logs.
none—Display information about all health monitor alarms and logs.
alarms (brief | detail)—(Optional) Display information about health monitor alarms.
Optionally, specify brief or detailed information about the alarms.
logs—(Optional) Display information about health monitor logs.
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
view
•
Understanding Health Monitoring on page 75
•
Configuring Health Monitoring on page 176
show snmp health-monitor on page 457
show snmp health-monitor alarms detail on page 457
Table 57 on page 455 describes the output fields for the show snmp health-monitor
command. Output fields are listed in the approximate order in which they appear.
Table 57: show snmp health-monitor Output Fields
Field Name
Field Description
Level of Output
Alarm Index
Alarm identifier.
All levels
Variable
description
Description of the health monitor object instance being monitored.
All levels
Variable name
Name of the health monitor object instance being monitored.
All levels
Value
Current value of the monitored variable in the most recent sample interval.
All levels
Copyright © 2014, Juniper Networks, Inc.
455
Network Management and Monitoring on the QFX Series
Table 57: show snmp health-monitor Output Fields (continued)
Field Name
Field Description
Level of Output
State
State of the alarm or event entry:
All levels
•
Alarms:
•
active—Entry is fully configured and activated.
•
falling threshold crossed—Value of the variable has crossed the lower
threshold limit.
•
rising threshold crossed—Value of the variable has crossed the upper
threshold limit.
•
under creation—Entry is being configured and is not yet activated.
•
startup—Alarm is waiting for the first sample of the monitored variable.
•
object not available—Monitored variable of that type is not available to
the health monitor agent.
•
instance not available—Monitored variable’s instance is not available to
the health monitor agent.
•
object type invalid—Monitored variable is not a numeric value.
•
object processing errored—An error occurred when the monitored variable
was processed.
•
unknown—State is not one of the above.
Variable OID
Object ID to which the variable name is resolved. The format is x.x.x.x.
detail
Sample type
Method of sampling the monitored variable and calculating the value to compare
against the upper and lower thresholds. It can have the value absolute value or
delta value.
detail
Startup alarm
Alarm that might be sent when this entry is first activated, depending on the
following criteria:
detail
•
•
Alarm is sent when one of the following situations exists:
•
Value of the alarm is above or equal to the rising threshold and the startup
type is either rising alarm or rising or falling alarm. falling alarm
•
Value of the alarm is below or equal to the falling threshold and the startup
type is either falling alarm or rising or falling alarm.
Alarm is not sent when one of the following situations exists:
•
Value of the alarm is above or equal to the rising threshold and the startup
type is falling alarm.
•
Value of the alarm is below or equal to the falling threshold and the startup
type is rising alarm.
•
Value of the alarm is between the thresholds.
Owner
Name of the entry configured by the user. If the entry was created through the
CLI, the owner has monitor prepended to it.
detail
Creator
Mechanism by which the entry was configured (Health Monitor).
detail
Sample interval
Time period between samples (in seconds).
detail
Rising threshold
Upper limit threshold value as a percentage of the maximum possible value.
detail
456
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
Table 57: show snmp health-monitor Output Fields (continued)
Field Name
Field Description
Level of Output
Falling threshold
Lower limit threshold value as a percentage of the maximum possible value.
detail
Rising event index
Index number of the event triggered when the rising threshold is crossed.
detail
Falling event index
Index number of the event triggered when the falling threshold is crossed. Details
include the value of the falling event instance and the state of the falling event
instance.
detail
Sample Output
show snmp health-monitor
user@switch> show snmp health-monitor
Alarm
Index
Variable description
Value State
32768 Health Monitor: root file system utilization
jnxHrStoragePercentUsed.1
59 active
32769 Health Monitor: /config file system utilization
jnxHrStoragePercentUsed.2
0 active
32770 Health Monitor: RE 0 CPU utilization
jnxOperatingCPU.9.1.0.0
9 falling threshold
32772 Health Monitor: RE 0 memory utilization
jnxOperatingBuffer.9.1.0.0
23 active
32774 Health Monitor: Max Kernel Memory Used (%)
jnxBoxKernelMemoryUsedPercent.0
3 active
Event Index: 32768
Description: Health Monitor: RE 0 CPU utilization crossed falling threshold
70 (value: 5), (variable: jnxOperatingCPU.9.1.0.0)
Time: 2011-01-09 19:18:35 PST
show snmp health-monitor alarms detail
user@switch> show snmp health-monitor alarms detail
Alarm Index 32768:
Variable name
Variable OID
Sample type
Startup alarm
Owner
Creator
State
Sample interval
Rising threshold
Copyright © 2014, Juniper Networks, Inc.
jnxHrStoragePercentUsed.1
1.3.6.1.4.1.2636.3.31.1.1.1.1.1
absolute value
rising alarm
Health Monitor: root file system
utilization
Health Monitor
active
300 seconds
80
457
Network Management and Monitoring on the QFX Series
Falling threshold
Rising event index
Falling event index
Instance Value: 59
Instance State: active
Alarm Index 32769:
Variable name
Variable OID
Sample type
Startup alarm
Owner
Creator
State
Sample interval
Rising threshold
Falling threshold
Rising event index
Falling event index
Instance Value: 0
Instance State: active
Alarm Index 32770:
Variable name
Variable OID
Sample type
Startup alarm
Owner
70
32768
32768
jnxHrStoragePercentUsed.2
1.3.6.1.4.1.2636.3.31.1.1.1.1.2
absolute value
rising alarm
Health Monitor: /config file system
utilization
Health Monitor
active
300 seconds
80
70
32768
32768
jnxOperatingCPU.9.1.0.0
1.3.6.1.4.1.2636.3.1.13.1.8.9.1.0.0
absolute value
rising alarm
Health Monitor: RE 0 CPU utilization
Creator
Health Monitor
State
active
Sample interval
300 seconds
Rising threshold
80
Falling threshold
70
Rising event index
32768
Falling event index
32768
Instance Value: 9
Instance State: falling threshold
Alarm Index 32772:
Variable name
Variable OID
Sample type
Startup alarm
Owner
Creator
State
Sample interval
Rising threshold
Falling threshold
Rising event index
Falling event index
Instance Value: 23
Instance State: active
Alarm Index 32774:
Variable name
Variable OID
Sample type
458
jnxOperatingBuffer.9.1.0.0
1.3.6.1.4.1.2636.3.1.13.1.11.9.1.0.0
absolute value
rising alarm
Health Monitor: RE 0 memory utilization
Health Monitor
active
300 seconds
80
70
32768
32768
jnxBoxKernelMemoryUsedPercent.0
1.3.6.1.4.1.2636.3.1.16.0
absolute value
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
Startup alarm
Owner
Creator
State
Sample interval
Rising threshold
Falling threshold
Rising event index
Falling event index
Instance Value: 3
Instance State: active
Copyright © 2014, Juniper Networks, Inc.
rising alarm
Health Monitor: Max Kernel Memory Used
(%)
Health Monitor
active
300 seconds
80
70
32768
32768
459
Network Management and Monitoring on the QFX Series
show snmp inform-statistics
Syntax
Release Information
Description
Options
Required Privilege
Level
List of Sample Output
Output Fields
show snmp inform-statistics
Command introduced in Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Display information about Simple Network Management Protocol (SNMP) inform
requests.
This command has no options.
view
show snmp inform-statistics on page 460
Table 58 on page 460 describes the output fields for the show snmp inform-statistics
command. Output fields are listed in the approximate order in which they appear.
Table 58: show snmp inform-statistics Output Fields
Field Name
Field Description
Target Name
Name of the device configured to receive and respond to SNMP informs.
Address
IP address of the target device.
Sent
Number of informs sent to the target device and acknowledged by the target device.
Pending
Number of informs held in memory pending a response from the target device.
Discarded
Number of informs discarded after the specified number of retransmissions to the target device were
attempted.
Timeouts
Number of informs that did not receive an acknowledgement from the target device within the timeout
specified.
Probe Failures
Connection failures that occurred (for example, when the target server returned invalid content or
you incorrectly configured the target address).
Sample Output
show snmp inform-statistics
user@host> show snmp inform-statistics
Inform Request Statistics:
Target Name: TA1_v3_md5_none Address: 172.17.20.184
Sent: 176, Pending: 0
Discarded: 0, Timeouts: 0, Probe Failures: 0
Target Name: TA2_v3_sha_none Address: 192.168.110.59
460
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
Sent: 0, Pending: 4
Discarded: 84, Timeouts: 0, Probe Failures: 258
Target Name: TA5_v2_none Address: 172.17.20.184
Sent: 0, Pending: 0
Discarded: 2, Timeouts: 10, Probe Failures: 0
Copyright © 2014, Juniper Networks, Inc.
461
Network Management and Monitoring on the QFX Series
show snmp mib
Syntax
Release Information
Description
Options
show snmp mib (get | get-next | walk) (ascii | decimal) object-id
Command introduced before Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
ascii and decimal options introduced in Junos OS Release 9.6.
ascii and decimal options introduced in Junos OS Release 9.6 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Display local Simple Network Management Protocol (SNMP) Management Information
Base (MIB) object values.
get—Retrieve and display one or more SNMP object values.
get-next—Retrieve and display the next SNMP object values.
walk—Retrieve and display the SNMP object values that are associated with the requested
object identifier (OID). When you use this option, the Junos OS displays the objects
below the subtree that you specify.
ascii—Display the SNMP object’s string indices as an ASCII-key representation.
decimal—Display the SNMP object values in the decimal (default) format. The decimal
option is the default option for this command. Therefore, issuing the show snmp mib
(get | get-next | walk) decimal object-id and the show snmp mib (get | get-next | walk)
object-id commands display the same output.
object-id—The object can be represented by a sequence of dotted integers (such as
1.3.6.1.2.1.2) or by its subtree name (such as interfaces). When entering multiple
objects, enclose the objects in quotation marks.
Required Privilege
Level
List of Sample Output
Output Fields
462
snmp—To view this statement in the configuration.
show snmp mib get on page 463
show snmp mib get (Multiple Objects) on page 463
show snmp mib get (Layer 2 Policer) on page 463
show snmp mib get-next on page 463
show snmp mib get-next (Specify an OID) on page 463
show snmp mib walk on page 463
show snmp mib walk (QFX Series) on page 463
show snmp mib walk decimal on page 464
show snmp mib walk (ASCII) on page 464
show snmp mib walk (Multiple Indices) on page 464
show snmp mib walk decimal (Multiple Indices) on page 464
Table 59 on page 463 describes the output fields for the show snmp mib command. Output
fields are listed in the approximate order in which they appear.
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
Table 59: show snmp mib Output Fields
Field Name
Field Description
name
Object name and numeric instance value.
object value
Object value. The Junos OS translates OIDs into the corresponding
object names.
Sample Output
show snmp mib get
user@host> show snmp mib get sysObjectID.0
sysObjectID.0 = jnxProductNameM20
show snmp mib get (Multiple Objects)
user@host> show snmp mib get ?sysObjectID.0 sysUpTime.0?
sysObjectID.0 = jnxProductNameM20
sysUpTime.0 = 1640992
show snmp mib get (Layer 2 Policer)
user@host> show snmp mib get ifInOctets.25970
ifInOctets.25970 = 7545720
show snmp mib get-next
user@host> show snmp mib get-next jnxMibs
jnxBoxClass.0 = jnxProductLineM20.0
show snmp mib get-next (Specify an OID)
user@host> show snmp mib get-next 1.3.6.1
sysDescr.0
= Juniper Networks, Inc. m20 internet router, kernel
Junos OS Release: 2004-1 Build date: build date UTC Copyright (c) 1996-2004 Juniper
Networks, Inc.
show snmp mib walk
user@host> show snmp mib walk system
sysDescr.0
= Juniper Networks, Inc. m20 internet router, kernel
Junos OS Release #0: 2004-1 Build date: build date UTC Copyright (c) 1996-2004
Juniper Networks, Inc.
sysObjectID.0 = jnxProductNameM20
sysUpTime.0 = 1640992
sysContact.0 = Your contact
sysName.0 = my router
sysLocation.0 = building 1
sysServices.0 = 4
show snmp mib walk (QFX Series)
user@switch> show snmp mib walk system
sysDescr.0
= Juniper Networks, Inc. qfx3500s internet router, kernel JUNOS
11.1-20100926.0 #0: 2010-09-26 06:17:38 UTC Build date: 2010-09-26 06:00:10
sysObjectID.0 = jnxProductQFX3500
sysUpTime.0
= 138980301
sysContact.0 = System Contact
Copyright © 2014, Juniper Networks, Inc.
463
Network Management and Monitoring on the QFX Series
sysName.0
= LabQFX3500
sysLocation.0 = Lab
sysServices.0 = 4
show snmp mib walk decimal
user@host show snmp mib walk decimal jnxUtilData
jnxUtilCounter32Value.102.114.101.100 = 100
show snmp mib walk (ASCII)
show snmp mib walk ascii jnxUtilData
jnxUtilCounter32Value."fred" = 100
show snmp mib walk (Multiple Indices)
show snmp mib walk ascii jnxFWCounterByteCount
jnxFWCounterByteCount."fe-1/3/0.0-i"."CLASS_BE-fe-1/3/0.0-i".2 = 0
jnxFWCounterByteCount."fe-1/3/0.0-i"."CLASS_CC-fe-1/3/0.0-i".2 = 0
jnxFWCounterByteCount."fe-1/3/0.0-i"."CLASS_RT-fe-1/3/0.0-i".2 = 0
.......
show snmp mib walk decimal (Multiple Indices)
show snmp mib walk ascii jnxFWCounterByteCount
jnxFWCounterByteCount."fe-1/3/0.0-i"."CLASS_BE-fe-1/3/0.0-i".2 = 0
jnxFWCounterByteCount."fe-1/3/0.0-i"."CLASS_CC-fe-1/3/0.0-i".2 = 0
jnxFWCounterByteCount."fe-1/3/0.0-i"."CLASS_RT-fe-1/3/0.0-i".2 = 0
.......
464
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
show snmp rmon
Syntax
Release Information
Description
Options
show snmp rmon
<alarms (brief | detail)>
<events (brief | detail)>
<logs>
Command introduced in Junos OS Release 11.1 for the QFX Series.
Display information about Simple Network Management Protocol (SNMP) Remote
Monitoring (RMON) alarms, events, and logs.
none—Display information about all RMON alarms and events.
brief | detail—(Optional) Display brief or detailed information about RMON alarms or
events.
alarms—(Optional) Display information about RMON alarms.
events—(Optional) Display information about RMON events.
logs—(Optional) Display information about RMON monitoring logs.
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
view
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Monitoring RMON MIB Tables on page 387
•
Configuring RMON Alarms and Events on page 173
•
Understanding RMON on page 71
•
clear snmp statistics on page 445
•
clear snmp history on page 444
•
show snmp rmon history on page 469
show snmp rmon on page 467
show snmp rmon alarms detail on page 468
show snmp rmon events detail on page 468
show snmp rmon logs on page 468
Table 60 on page 465 describes the output fields for the show snmp rmon command.
Output fields are listed in the approximate order in which they appear.
Table 60: show snmp rmon Output Fields
Field Name
Field Description
Level of Output
Alarm Index
Alarm identifier.
All levels
Copyright © 2014, Juniper Networks, Inc.
465
Network Management and Monitoring on the QFX Series
Table 60: show snmp rmon Output Fields (continued)
Field Name
Field Description
Level of Output
State
State of the alarm or event entry:
All levels
Alarms:
•
active—Entry is fully configured and activated.
•
falling threshold crossed—Value of the variable has crossed the lower threshold
limit.
•
rising threshold crossed—Value of the variable has crossed the upper threshold
limit.
•
under creation—Entry is being configured and is not yet activated.
•
startup—Alarm is waiting for the first sample of the monitored variable.
•
object not available—Monitored variable of that type is not available to the
SNMP agent.
•
instance not available—Monitored variable's instance is not available to the
SNMP agent.
•
object type invalid—Monitored variable is not a numeric value.
•
object processing errored—An error occurred when the monitored variable
was processed.
•
unknown—State is not one of the above.
Events:
•
active—Entry has been fully configured and activated.
•
under creation—Entry is being configured and is not yet activated.
•
unknown—State is not one of the above.
Variable name
Name of the SNMP object instance being monitored.
All levels
Event Index
Event identifier.
All levels
Type
Type of notification made when an event is triggered. It can be one of the
following:
detail
•
log—A system log message is generated and an entry is made to the log table.
•
snmptrap—An SNMP trap is sent to the configured destination.
•
log and trap—A system log message is generated, an entry is made to the log
table, and an SNMP trap is sent to the configured destination.
•
none—Neither log nor trap will be sent.
Last Event
Date and time of the last event. It has the format yyyy-mm-dd hh:mm:ss
timezone.
brief
Community
Trap group used for sending the SNMP trap.
detail
Variable OID
Object ID to which the variable name is resolved. The format is x.x.x.x.
detail
Sample type
Method of sampling the monitored variable and calculating the value to compare
against the upper and lower thresholds. It can have the value of absolute value
or delta value.
detail
466
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
Table 60: show snmp rmon Output Fields (continued)
Field Name
Field Description
Level of Output
Startup alarm
Alarm that might be sent when this entry is first activated, depending on the
following criteria:
detail
•
•
Alarm is sent when one of the following situations exists:
•
Value of the alarm is above or equal to the rising threshold and the startup
type is either rising alarm or rising or falling alarm.
•
Value of the alarm is below or equal to the falling threshold and the startup
type is either falling alarm or rising or falling alarm.
Alarm is not sent when one of the following situations exists:
•
Value of the alarm is above or equal to the rising threshold and the startup
type is falling alarm.
•
Value of the alarm is below or equal to the falling threshold and the startup
type is rising alarm.
•
Value of the alarm is between the thresholds.
Owner
Name of the entry configured by the user. If the entry was created through the
CLI, the owner has monitor prepended to it.
detail
Creator
Mechanism by which the entry was configured (CLI or SNMP).
detail
Sample interval
Time period between samples (in seconds).
detail
Rising threshold
Upper limit threshold value configured by the user.
detail
Falling threshold
Lower limit threshold value configured by the user.
detail
Rising event index
Event triggered when the rising threshold is crossed.
detail
Falling event index
Event triggered when the falling threshold is crossed.
detail
Current value
Current value of the monitored variable in the most recent sample interval.
detail
Sample Output
show snmp rmon
user@host> show snmp rmon
Alarm
Index Variable description
5 monitor
jnxOperatingCPU.9.1.0.0
Value State
5 falling threshold
Event
Index Type
Last Event
1 log and trap
2009-07-10 11:34:17 PDT
Event Index: 1
Description: Event 1 triggered by Alarm 5, rising threshold (90) crossed,
(variable: jnxOperatingCPU.9.1.0.0, value: 100)
Time: 2009-07-10 11:34:07 PDT
Copyright © 2014, Juniper Networks, Inc.
467
Network Management and Monitoring on the QFX Series
Description: Event 1 triggered by Alarm 5, falling threshold (75) crossed,
(variable: jnxOperatingCPU.9.1.0.0, value: 5)
Time: 2009-07-10 11:34:17 PDT
show snmp rmon alarms detail
user@host> show snmp rmon alarms detail
Alarm Index 5:
Variable name
Variable OID
Sample type
Startup alarm
Owner
jnxOperatingCPU.9.1.0.0
1.3.6.1.4.1.2636.3.1.13.1.8.9.1.0.0
absolute value
rising or falling alarm
monitor
Creator
CLI
State
active
Sample interval
5 seconds
Rising threshold
90
Falling threshold
75
Rising event index
1
Falling event index
1
Instance Value: 4
Instance State: falling threshold
show snmp rmon events detail
user@host> show snmp rmon events detail
Event Index 1:
Description
Type
Community
Last event
Creator
State
rmon event
log and trap
rmon-trap-group
2009-07-10 11:34:17 PDT
CLI
active
show snmp rmon logs
user@host> show snmp rmon logs
Event Index: 1
Description: Event 1 triggered by Alarm 5, rising threshold (90) crossed,
(variable: jnxOperatingCPU.9.1.0.0, value: 100)
Time: 2009-07-10 11:34:07 PDT
Description: Event 1 triggered by Alarm 5, falling threshold (75) crossed,
(variable: jnxOperatingCPU.9.1.0.0, value: 5)
Time: 2009-07-10 11:34:17 PDT
468
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
show snmp rmon history
Syntax
Release Information
Description
Options
show snmp rmon history
<history-index>
sample-index <sample-index>
Command introduced in Junos OS Release 11.1 for the QFX Series.
Display the contents of the RMON history group.
none—Display all the entries in the RMON history group.
history-index—(Optional) Display the contents of the specified entry in the RMON history
group.
sample-index sample-index—(Optional) Display the statistics collected for the specified
sample within the specified entry in the RMON history group.
Required Privilege
Level
Related
Documentation
view
•
RMON MIB Event, Alarm, Log, and History Control Tables on page 73
•
Monitoring RMON MIB Tables on page 387
•
Configuring RMON Alarms and Events on page 173
•
Understanding RMON on page 71
•
clear snmp statistics on page 445
•
clear snmp history on page 444
•
show snmp rmon on page 465
Copyright © 2014, Juniper Networks, Inc.
469
Network Management and Monitoring on the QFX Series
show snmp statistics
Syntax
show snmp statistics
Release Information
Command introduced before Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Description
Display statistics about Simple Network Management Protocol (SNMP) packets sent
and received by the router or switch.
Options
This command has no options.
Required Privilege
Level
view
Related
Documentation
•
List of Sample Output
clear snmp statistics on page 445
show snmp statistics on page 473
Output Fields
Table 61 on page 470 describes the output fields for the show snmp statistics command.
Output fields are listed in the approximate order in which they appear.
Table 61: show snmp statistics Output Fields
Field Name
Field Description
Input
Information about received packets:
•
Packets(snmpInPkts)—Total number of messages delivered to the SNMP entity from the transport
service.
•
Bad versions—(snmpInBadVersions) Total number of messages delivered to the SNMP entity that
were for an unsupported SNMP version.
•
Bad community names—(snmpInBadCommunityNames) Total number of messages delivered to
the SNMP entity that used an SNMP community name not known to the entity.
•
Bad community uses—(snmpInBadCommunityUses) Total number of messages delivered to the
SNMP entity that represented an SNMP operation that was not allowed by the SNMP community
named in the message.
•
ASN parse errors—(snmpInASNParseErrs) Total number of ASN.1 or BER errors encountered by the
SNMP entity when decoding received SNMP messages.
470
•
Too bigs—(snmpInTooBigs) Total number of SNMP PDUs delivered to the SNMP entity with an
error status field of tooBig.
•
No such names—(snmpInNoSuchNames) Total number of SNMP PDUs delivered to the SNMP entity
with an error status field of noSuchName.
•
Bad values—(snmpInBadValues) Total number of SNMP PDUs delivered to the SNMP entity with
an error status field of badValue.
•
Read onlys—(snmpInReadOnlys) Total number of valid SNMP PDUs delivered to the SNMP entity
with an error status field of readOnly. Only incorrect implementations of SNMP generate this error.
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
Table 61: show snmp statistics Output Fields (continued)
Field Name
Field Description
Input (continued)
•
General errors—(snmpInGenErrs) Total number of SNMP PDUs delivered to the SNMP entity with
an error status field of genErr.
•
Total requests varbinds—(snmpInTotalReqVars) Total number of MIB objects retrieved successfully
by the SNMP entity as a result of receiving valid SNMP GetRequest and GetNext PDUs.
•
Total set varbinds—(snmpInSetVars) Total number of MIB objects modified successfully by the
SNMP entity as a result of receiving valid SNMP SetRequest PDUs.
•
Get requests—(snmpInGetRequests) Total number of SNMP GetRequest PDUs that have been
accepted and processed by the SNMP entity.
•
Get nexts—(snmpInGetNexts) Total number of SNMP GetNext PDUs that have been accepted and
processed by the SNMP entity.
•
Set requests—(snmpInSetRequests) Total number of SNMP SetRequest PDUs that have been
accepted and processed by the SNMP entity.
•
Get responses—(snmpInGetResponses) Total number of SNMP GetResponse PDUs that have been
accepted and processed by the SNMP entity.
•
Traps—(snmpInTraps) Total number of SNMP traps generated by the SNMP entity.
•
Silent drops—(snmpSilentDrops) Total number of GetRequest, GetNextRequest, GetBulkRequest,
SetRequests, and InformRequest PDUs delivered to the SNMP entity that were silently dropped
because the size of a reply containing an alternate response PDU with an empty variable-bindings
field was greater than either a local constraint or the maximum message size associated with the
originator of the requests.
•
Proxy drops—(snmpProxyDrops) Total number of GetRequest, GetNextRequest, GetBulkRequest,
SetRequests, and InformRequest PDUs delivered to the SNMP entity that were silently dropped
because the transmission of the message to a proxy target failed in such a way (other than a
timeout) that no response PDU could be returned.
•
Commit pending drops—Number of SNMP packets for Set requests dropped because of a previous
pending SNMP Set request on the committed configuration.
•
Throttle drops—Number of SNMP packets for any requests dropped reaching the throttle limit.
Copyright © 2014, Juniper Networks, Inc.
471
Network Management and Monitoring on the QFX Series
Table 61: show snmp statistics Output Fields (continued)
Field Name
Field Description
V3 Input
Information about SNMP version 3 packets:
•
Unknown security models—(snmpUnknownSecurityModels) Total number of packets received by
the SNMP engine that were dropped because they referenced a security model that was not known
to or supported by the SNMP engine.
•
Invalid messages—(snmpInvalidMsgs) Number of packets received by the SNMP engine that were
dropped because there were invalid or inconsistent components in the SNMP message.
•
Unknown pdu handlers—(snmpUnknownPDUHandlers) Number of packets received by the SNMP
engine that were dropped because the PDU contained in the packet could not be passed to an
application responsible for handling the PDU type.
•
Unavailable contexts—(snmpUnavailableContexts) Number of requests received for a context that
is known to the SNMP engine, but is currently unavailable.
•
Unknown contexts—(snmpUnknownContexts) Total number of requests received for a context that
is unknown to the SNMP engine.
•
Unsupported security levels—(usmStatsUnsupportedSecLevels) Total number of packets received
by the SNMP engine that were dropped because they requested a security level unknown to the
SNMP engine (or otherwise unavailable).
•
Not in time windows—(usmStatsNotInTimeWindows) Total number of packets received by the
SNMP engine that were dropped because they appeared outside the authoritative SNMP engine’s
window.
•
Unknown user names—(usmStatsUnknownUserNames) Total number of packets received by the
SNMP engine that were dropped because they referenced a user that was not known to the SNMP
engine.
•
Unknown engine ids—(usmStatsUnknownEngineIDs) Total number of packets received by the SNMP
engine that were dropped because they referenced an SNMP engine ID that was not known to the
SNMP engine.
•
Wrong digests—(usmStatsWrongDigests) Total number of packets received by the SNMP engine
that were dropped because they did not contain the expected digest value.
•
Decryption errors—(usmStatsDecryptionErrors) Total number of packets received by the SNMP
engine that were dropped because they could not be decrypted.
472
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
Table 61: show snmp statistics Output Fields (continued)
Field Name
Field Description
Output
Information about transmitted packets:
•
Packets—(snmpOutPkts) Total number of messages passed from the SNMP entity to the transport
service.
•
Too bigs—(snmpOutTooBigs) Total number of SNMP PDUs generated by the SNMP entity with an
error status field of tooBig.
•
No such names—(snmpOutNoSuchNames) Total number of SNMP PDUs delivered to the SNMP
entity with an error status field of noSuchName.
•
Bad values—(snmpOutBadValues) Total number of SNMP PDUs generated by the SNMP entity
with an error status field of badValue.
•
General errors—(snmpOutGenErrs) Total number of SNMP PDUs generated by the SNMP entity
with an error status field of genErr.
•
Get requests—(snmpOutGetRequests) Total number of SNMP GetRequest PDUs generated by the
SNMP entity.
•
Get nexts—(snmpOutGetNexts) Total number of SNMP GetNext PDUs generated by the SNMP
entity.
•
Set requests—(snmpOutSetRequests) Total number of SNMP SetRequest PDUs generated by the
SNMP entity.
•
Get responses—(snmpOutGetResponses) Total number of SNMP GetResponse PDUs generated by
the SNMP entity.
•
Traps—(snmpOutTraps) Total number of SNMP traps generated by the SNMP entity.
Sample Output
show snmp statistics
user@host> show snmp statistics
SNMP statistics:
Input:
Packets: 246213, Bad versions: 12, Bad community names: 12,
Bad community uses: 0, ASN parse errors: 96,
Too bigs: 0, No such names: 0, Bad values: 0,
Read onlys: 0, General errors: 0,
Total request varbinds: 227084, Total set varbinds: 67,
Get requests: 44942, Get nexts: 190371, Set requests: 10712,
Get responses: 0, Traps: 0,
Silent drops: 0, Proxy drops: 0, Commit pending drops: 0,
Throttle drops: 0,
V3 Input:
Unknown security models: 0, Invalid messages: 0
Unknown pdu handlers: 0, Unavailable contexts: 0
Unknown contexts: 0, Unsupported security levels: 1
Not in time windows: 0, Unknown user names: 0
Unknown engine ids: 44, Wrong digests: 23, Decryption errors: 0
Output:
Packets: 246093, Too bigs: 0, No such names: 31561,
Bad values: 0, General errors: 2,
Get requests: 0, Get nexts: 0, Set requests: 0,
Get responses: 246025, Traps: 0
Copyright © 2014, Juniper Networks, Inc.
473
Network Management and Monitoring on the QFX Series
show snmp v3
Syntax
Release Information
Description
Options
show snmp v3
<access <brief | detail> | community | general | groups | notify <filter> | target <address |
parameters> | users>
Command introduced in Junos OS Release 11.1 for the QFX Series.
Display the Simple Network Management Protocol version 3 (SNMPv3) operating
configuration.
none—Display all of the SNMPv3 operating configuration.
access—(Optional) Display SNMPv3 access information.
brief | detail—(Optional) Display brief or detailed information about SNMPv3 access
information.
community—(Optional) Display SNMPv3 community information.
general—(Optional) Display SNMPv3 general information.
groups—(Optional) Display SNMPv3 security-to-group information.
notify <filter>—(Optional) Display SNMPv3 notify information and, optionally, notify filter
information.
target <address | parameters>—(Optional) Display SNMPv3 target information and,
optionally, either target address or target parameter information.
users—(Optional) Display SNMPv3 user information.
Additional Information
Required Privilege
Level
Related
Documentation
List of Sample Output
Output Fields
474
To edit the default display of the show snmp v3 command, specify options in the show
statement at the [edit snmp v3] hierarchy level.
view
•
SNMPv3 Overview on page 69
•
Minimum SNMPv3 Configuration on a Device Running Junos OS on page 70
•
Configuring Access Privileges for a Group on page 178
show snmp v3 on page 475
Table 62 on page 475 describes the output fields for the show snmp v3 command. Output
fields are listed in the approximate order in which they appear.
Copyright © 2014, Juniper Networks, Inc.
Chapter 26: Commands for SNMP
Table 62: show snmp v3 Output Fields
Field Name
Field Description
Local engine
Information about the local SNMP engine configuration:
•
Local engine ID—Unique Identifier of the local SNMPv3 engine.
•
Engine boots—Number of times the local SNMPv3 engine has rebooted or reinitialized since this
engine ID was configured.
Engine ID (local
engine)
•
Engine time—Number of seconds since the local SNMPv3 engine was last rebooted or reinitialized.
•
Max msg size—Maximum message size the sender can accommodate.
Information about the local SNMP engine ID and the associated users:
•
User—SNMPv3 username.
•
Auth/Priv—Authentication and encryption algorithm that is configured for the user.
•
Storage—Indicates whether a username is saved to the configuration file (nonvolatile) or not saved
(volatile). Applies only to users with active status.
•
Status—Status of the user as listed in the SNMPv3 user table. Only rows with an active status in
the table are used by the SNMPv3 engine.
Engine ID (remote
engine)
Information about a remote SNMP engine, associated users, user groups, and user access policies:
•
User—SNMPv3 username.
•
Auth/Priv—Authentication and encryption algorithm that is configured for the user.
•
Storage—Indicates whether a username is saved to the configuration file (nonvolatile) or not
(volatile). Applies only to users with active status.
•
Status—Status of a new user that has been activated. Only users with an active status can use
SNMPv3.
•
Group name—Name of a group of users for which the configured access privileges apply.
•
Security model—Security model (such as usm, v1, v2c, or any) that is configured for the group. The
security model is used with the security name to ensure messaging security.
•
Security name—Security name that is associated with a user, and which is used with the security
model to ensure messaging security.
•
Storage type—Indicates whether a username is saved to the configuration file (nonvolatile) or not
saved (volatile). Applies only to users with active status.
•
Access control
Status—Status of a user in a group. Only users with an active status can use SNMPv3.
Information about access control:
•
Group name—Name of a group of users for which the configured access privileges apply.
•
Context prefix—SNMPv3 context for which the configured access privileges apply.
•
Security model/level—Security model and security level combination that is configured for user
access privileges.
•
Read view—Identifies the MIB view used for SNMPv3 read operations.
•
Write view—Identifies the MIB view used for SNMPv3 write operations.
•
Notify view—Identifies the MIB view used for outbound SNMP notifications.
Sample Output
show snmp v3
user@host> show snmp v3
Copyright © 2014, Juniper Networks, Inc.
475
Network Management and Monitoring on the QFX Series
Local engine ID: 80 00 0a 4c e04 31 32 33 34
Engine boots:
38
Engine time:
64583 seconds
Max msg size:
2048 bytes
Engine ID: local
User
user1
user2
user3
Auth/Priv
md5/des
sha/none
none/none
Engine ID: 81 00 0a 4c 04 64 64 64 64
User
Auth/Priv
UNEW
md5/none
Group name
Security Security
model
name
g1
usm
user1
g2
usm
user2
g3
usm
user3
Access control:
Group
g1
g2
g3
476
Context Security
prefix model/level
usm/privacy
usm/authent
usm/none
Read
view
v1
v1
v1
Storage
nonvolatile
nonvolatile
nonvolatile
Status
active
active
active
Storage
Status
nonvolatile active
Storage
Status
type
nonvolatile active
nonvolatile active
nonvolatile active
Write
view
v1
v1
v1
Notify
view
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 27
Commands for Syslog
•
show log
Copyright © 2014, Juniper Networks, Inc.
477
Network Management and Monitoring on the QFX Series
show log
Syntax
Syntax (QFabric
System)
Syntax (TX Matrix
Routers)
Release Information
Description
Options
show log
<filename | user <username>>
show log filename
<device-type (device-id | device-alias)>
show log
<all-lcc | lcc number | scc>
<filename | user <username>>
Command introduced before Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Option device-type (device-id | device-alias) is introduced in Junos OS Release 13.1 for
the QFX Series.
List log files, display log file contents, or display information about users who have logged
in to the router or switch.
none—List all log files.
<all-lcc | lcc number | scc>—(TX Matrix routers only)(Optional) Display logging information
about all T640 routers (or line-card chassis) or a specific T640 router (replace
number with a value from 0 through 3) connected to a TX Matrix router. Or, display
logging information about the TX Matrix router (or switch-card chassis).
device-type—(QFabric system only) (Optional) Display log messages for only one of the
following device types:
•
director-device—Display logs for Director devices.
•
infrastructure-device—Display logs for the logical components of the QFabric
system infrastructure, including the diagnostic Routing Engine, fabric control
Routing Engine, fabric manager Routing Engine, and the default network Node
group and its backup (NW-NG-0 and NW-NG-0-backup).
•
interconnect-device—Display logs for Interconnect devices.
•
node-device—Display logs for Node devices.
NOTE: If you specify the device-type optional parameter, you must also
specify either the device-id or device-alias optional parameter.
(device-id | device-alias)—If a device type is specified, display logs for a device of that
type. Specify either the device ID or the device alias (if configured).
478
Copyright © 2014, Juniper Networks, Inc.
Chapter 27: Commands for Syslog
filename—(Optional) Display the log messages in the specified log file. For the routing
matrix, the filename must include the chassis information.
NOTE: The filename parameter is mandatory for the QFabric system. If
you did not configure a syslog filename, specify the default filename of
messages.
user <username>—(Optional) Display logging information about users who have recently
logged in to the router or switch. If you include username, display logging information
about the specified user.
Required Privilege
Level
List of Sample Output
trace
show log on page 479
show log filename on page 479
show log filename (QFabric System) on page 480
show log user on page 480
Sample Output
show log
user@host> show log
total 57518
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-rw-r-- 1 root
bin
bin
bin
bin
bin
bin
bin
bin
bin
bin
bin
bin
bin
211663
999947
999994
238815
1049098
1061095
1052026
1056309
1056371
1056301
1056350
1048876
19656
Oct
Oct
Oct
Oct
Oct
Oct
Oct
Sep
Sep
Sep
Sep
Sep
Oct
1
1
1
1
1
1
1
30
30
30
30
30
1
19:44
19:41
17:48
19:44
18:00
12:13
06:08
18:21
14:36
10:50
07:04
03:21
19:37
dcd
dcd.0
dcd.1
rpd
rpd.0
rpd.1
rpd.2
rpd.3
rpd.4
rpd.5
rpd.6
rpd.7
wtmp
show log filename
user@host> show log rpd
Oct 1 18:00:18 trace_on: Tracing to ?/var/log/rpd? started
Oct 1 18:00:18 EVENT <MTU> ds-5/2/0.0 index 24 <Broadcast PointToPoint Multicast
Oct 1 18:00:18
Oct 1 18:00:19 KRT recv len 56 V9 seq 148 op add Type route/if af 2 addr
13.13.13.21 nhop type local nhop 13.13.13.21
Oct 1 18:00:19 KRT recv len 56 V9 seq 149 op add Type route/if af 2 addr
13.13.13.22 nhop type unicast nhop 13.13.13.22
Oct 1 18:00:19 KRT recv len 48 V9 seq 150 op add Type ifaddr index 24 devindex
43
Oct 1 18:00:19 KRT recv len 144 V9 seq 151 op chnge Type ifdev devindex 44
Oct 1 18:00:19 KRT recv len 144 V9 seq 152 op chnge Type ifdev devindex 45
Oct 1 18:00:19 KRT recv len 144 V9 seq 153 op chnge Type ifdev devindex 46
Copyright © 2014, Juniper Networks, Inc.
479
Network Management and Monitoring on the QFX Series
Oct
...
1 18:00:19 KRT recv len 1272 V9 seq 154 op chnge Type ifdev devindex 47
show log filename (QFabric System)
user@qfabric> show log messages
Mar 28 18:00:06 qfabric chassisd: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:06 ED1486
chassisd: CHASSISD_SNMP_TRAP10: SNMP trap generated: FRU power on
(jnxFruContentsIndex 8, jnxFruL1Index 1, jnxFruL2Index 1, jnxFruL3Index 0,
jnxFruName PIC: 48x 10G-SFP+ @ 0/0/*, jnxFruType 11, jnxFruSlot 0,
jnxFruOfflineReason 2, jnxFruLastPowerOff 0, jnxFruLastPowerOn 2159)
Mar 28 18:00:07 qfabric chassisd: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:07 ED1486
chassisd: CHASSISD_SNMP_TRAP10: SNMP trap generated: FRU power on
(jnxFruContentsIndex 8, jnxFruL1Index 1, jnxFruL2Index 2, jnxFruL3Index 0,
jnxFruName PIC: @ 0/1/*, jnxFruType 11, jnxFruSlot 0, jnxFruOfflineReason 2,
jnxFruLastPowerOff 0, jnxFruLastPowerOn 2191)
Mar 28 18:00:07 qfabric chassisd: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:07 ED1492
chassisd: CHASSISD_SNMP_TRAP10: SNMP trap generated: FRU power on
(jnxFruContentsIndex 8, jnxFruL1Index 1, jnxFruL2Index 1, jnxFruL3Index 0,
jnxFruName PIC: 48x 10G-SFP+ @ 0/0/*, jnxFruType 11, jnxFruSlot 0,
jnxFruOfflineReason 2, jnxFruLastPowerOff 0, jnxFruLastPowerOn 242726)
Mar 28 18:00:07 qfabric chassisd: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:07 ED1492
chassisd: CHASSISD_SNMP_TRAP10: SNMP trap generated: FRU power on
(jnxFruContentsIndex 8, jnxFruL1Index 1, jnxFruL2Index 2, jnxFruL3Index 0,
jnxFruName PIC: @ 0/1/*, jnxFruType 11, jnxFruSlot 0, jnxFruOfflineReason 2,
jnxFruLastPowerOff 0, jnxFruLastPowerOn 242757)
Mar 28 18:00:16 qfabric file: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:16 ED1486
file: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
Mar 28 18:00:27 qfabric file: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:27 ED1486
file: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
Mar 28 18:00:50 qfabric file: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:50
_DCF_default___NW-INE-0_RE0_ file: UI_COMMIT: User 'root' requested 'commit'
operation (comment: none)
Mar 28 18:00:50 qfabric file: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:50
_DCF_default___NW-INE-0_RE0_ file: UI_COMMIT: User 'root' requested 'commit'
operation (comment: none)
Mar 28 18:00:55 qfabric file: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:00:55 ED1492
file: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
Mar 28 18:01:10 qfabric file: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:01:10 ED1492
file: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
Mar 28 18:02:37 qfabric chassisd: QFABRIC_INTERNAL_SYSLOG: Mar 28 18:02:37 ED1491
chassisd: CHASSISD_SNMP_TRAP10: SNMP trap generated: FRU power on
(jnxFruContentsIndex 8, jnxFruL1Index 1, jnxFruL2Index 1, jnxFruL3Index 0,
jnxFruName PIC: 48x 10G-SFP+ @ 0/0/*, jnxFruType 11, jnxFruSlot 0,
jnxFruOfflineReason 2, jnxFruLastPowerOff 0, jnxFruLastPowerOn 33809)
show log user
user@host> show log user
darius
mg2546
darius
mg2529
darius
mg2518
root
mg1575
root
ttyp2
jun.site.per
alex
ttyp1
192.168.1.2
480
Thu Oct 1 19:37
still logged in
Thu Oct 1 19:08 - 19:36 (00:28)
Thu Oct 1 18:53 - 18:58 (00:04)
Wed Sep 30 18:39 - 18:41 (00:02)
Wed Sep 30 18:39 - 18:41 (00:02)
Wed Sep 30 01:03 - 01:22 (00:19)
Copyright © 2014, Juniper Networks, Inc.
PART 5
Troubleshooting
•
Troubleshooting Overview on page 483
•
Troubleshooting Procedures on page 491
Copyright © 2014, Juniper Networks, Inc.
481
Network Management and Monitoring on the QFX Series
482
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 28
Troubleshooting Overview
•
Understanding Troubleshooting Resources on page 483
•
Troubleshooting Overview on page 485
•
QFX5100 Switch with Automation Enhancements Frequently Asked
Questions on page 487
Understanding Troubleshooting Resources
This topic describes some of the troubleshooting resources available for the QFX Series.
These resources include tools such as the Junos OS CLI, Junos Space applications, and
the Advanced Insight Scripts (AI-Scripts).
Table 63 on page 483 provides a list of some of the troubleshooting resources.
Table 63: Troubleshooting Resources on the QFX Series
Troubleshooting Resource
Description
Documentation
Chassis alarms
Chassis alarms indicate a failure on the
switch or one of its components. A chassis
alarm count is displayed on the LCD panel
on the front of the switch.
Chassis Alarm Messages on a QFX3500
Device
Chassis Status LEDs and Fan Tray
LEDs
A blinking amber Power, Fan, or Fan Tray
LED indicates a hardware component error.
A blinking amber Status LED indicates a
software error.
Chassis Status LEDs on a QFX3500 Device
Interface alarms
A predefined alarm (red or yellow) for an
interface type is triggered when an interface
of that type goes down.
Interface Alarm Messages
System alarms
A predefined alarm is triggered by a missing
rescue configuration or problem with the
software license.
Understanding Alarms
Copyright © 2014, Juniper Networks, Inc.
483
Network Management and Monitoring on the QFX Series
Table 63: Troubleshooting Resources on the QFX Series (continued)
Troubleshooting Resource
Description
Documentation
System log messages
The system log includes details of system
and user events, including errors. Specify
the severity and type of system log
messages you wish to view or save, and
configure the output to be sent to local or
remote hosts.
•
Overview of Single-Chassis System
Logging Configuration on page 107
•
Junos OS System Log Configuration
Statements on page 184
Operational mode commands can be used
to monitor switch performance and current
activity on the network. For example, use
the traceroute monitor command to locate
points of failure in a network.
•
Monitoring System Process Information
•
Monitoring System Properties
•
traceroute monitor
Junos OS automation scripts
(event scripts)
Event scripts can be used to automate
network troubleshooting and management
tasks.
Junos OS Automation Library
Junos OS XML operational tags
XML operational tags are equivalent in
function to operational mode commands
in the CLI, which you can use to retrieve
status information for a device.
Junos XML API Operational Developer
Reference
NETCONF XML management
protocol
The NETCONF XML management protocol
defines basic operations that are equivalent
to Junos OS CLI configuration mode
commands. Client applications use the
protocol operations to display, edit, and
commit configuration statements (among
other operations), just as administrators
use CLI configuration mode commands
such as show, set, and commit to perform
those operations.
NETCONF XML Management Protocol
Developer Guide
SNMP MIBs and traps
MIBs enable the monitoring of network
devices from a central location. For
example, use the Traceroute MIB to monitor
devices remotely.
•
SNMP MIBs Support on page 76
•
SNMP Traps Support on page 92
•
Using the Traceroute MIB for Remote
Monitoring Devices Running Junos OS
AI-Scripts and Advanced Insight
Manager (AIM)
AI-Scripts installed on the switch can
automatically detect and monitor faults on
the switch, and depending on the
configuration on the AIM application, send
notifications of potential problems and
submit problem reports to Juniper Support
Systems.
Advanced Insight Scripts (AI-Scripts)
Release Notes
Junos Space Service Now
This application enables you to display and
manage information about problem events.
When problems are detected on the switch
by Advanced Insight Scripts (AI-Scripts)
that are installed on the switch, the data is
collected and sent to Service Now for your
review and action.
Service Automation
Junos OS operational mode
commands
484
Copyright © 2014, Juniper Networks, Inc.
Chapter 28: Troubleshooting Overview
Table 63: Troubleshooting Resources on the QFX Series (continued)
Troubleshooting Resource
Description
Documentation
Junos Space Service Insight
This application helps in accelerating
operational analysis and managing the
exposure to known issues. You can identify
devices that are nearing their End Of Life
(EOL) and also discover and prevent issues
that could occur in your network. The
functionality of Service Insight is dependent
on the information sent from Service Now.
Service Automation
Juniper Networks Knowledge Base
You can search in this database for Juniper
Networks product information, including
alerts and troubleshooting tips.
http://kb.juniper.net
Troubleshooting Overview
This topic provides a general guide to troubleshooting some typical problems you may
encounter on your QFX Series product.
Table 64 on page 485 provides a list of problem categories, summary of the symptom or
problem, and recommended actions with links to the troubleshooting documentation.
Table 64: Troubleshooting on the QFX Series
Problem Category
Symptom or Problem
Recommended Action
Switch hardware
components
LCD panel shows a chassis alarm count.
See Chassis Alarm Messages on a QFX3500 Device.
Fan tray LED is blinking amber.
See Fan Tray LED on a QFX3500 Device.
Chassis status LED for the power is blinking
amber.
See Chassis Status LEDs on a QFX3500 Device.
Chassis status LED for the fan (on the
management board) is blinking amber.
Replace the management board as soon as possible.
See Chassis Status LEDs on a QFX3500 Device.
Copyright © 2014, Juniper Networks, Inc.
485
Network Management and Monitoring on the QFX Series
Table 64: Troubleshooting on the QFX Series (continued)
Problem Category
Symptom or Problem
Recommended Action
Port configuration
Cannot configure a port as a Gigabit Ethernet
port.
Check whether the port is a valid Gigabit Ethernet
port (6 through 41).
See QFX3500 Device Overview.
Cannot configure a port as a Fibre Channel port.
Check whether the port is a valid Fibre Channel port
(0 through 5 and 42 through 47).
See QFX3500 Device Overview.
Cannot configure a port as a 10-Gigabit Ethernet
port.
If the port is not a 40-Gbps QSFP+ interface, check
whether the port is in the range of 0 through 5 or 42
through 47. If one of the ports in that block (0 through
5 or 42 through 47) is configured as a Fibre Channel
port, then all ports in that block must also be
configured as Fibre Channel ports.
If the port is a 40-Gbps QSFP+ interface. make sure
the configuration does not exceed the interface limit.
Each 40-Gbps QSFP+ interface can be split into four
10-Gigabit Ethernet interfaces, but because port 0
is reserved, so you can only configure an additional
fifteen 10-Gigabit Ethernet interfaces.
See QFX3500 Device Overview.
Cannot configure a 40-Gbps QSFP+ interface.
The 40-Gbps QSFP+ interfaces can only be used as
10-Gigabit Ethernet interfaces. Each 40-Gbps QSFP+
interface can be split into four 10-Gigabit Ethernet
interfaces using a breakout cable. However, port 0
is reserved, so you can only configure an additional
fifteen 10-Gigabit Ethernet interfaces.
See QFX3500 Device Overview.
External devices (USB
devices)
Upgrading software from a USB device results
in an upgrade failure, and the system enters an
invalid state.
Unplug the USB device and reboot the switch.
Initial device
configuration
Cannot configure management Ethernet ports.
Configure the management ports from the console
port. You cannot configure the management ports
by directly connecting to them.
NOTE: The management ports are on the front panel
of the QFX3500 switch. They are labeled C0 and C1
on the front panel. In the CLI they are referred to as
me0 and me1.
See Configuring a QFX3500 Device as a Standalone
Switch.
486
Copyright © 2014, Juniper Networks, Inc.
Chapter 28: Troubleshooting Overview
Table 64: Troubleshooting on the QFX Series (continued)
Problem Category
Symptom or Problem
Recommended Action
Software upgrade
and configuration
Failed software upgrade.
See “Recovering from a Failed Software Installation”
on page 491.
Active partition becomes inactive after upgrade.
Problem with the active configuration file.
Network interfaces
See the following topics:
•
Loading a Previous Configuration File on page 492
•
Reverting to the Default Factory Configuration on
page 493
•
Reverting to the Rescue Configuration on page 493
•
Performing a Recovery Installation on a QFX Series
Device
Root password is lost or forgotten.
Recover the root password. See “Recovering the Root
Password” on page 494.
An aggregated Ethernet interface is down.
See Troubleshooting an Aggregated Ethernet Interface.
Interface on built-in network port is down.
See Troubleshooting Network Interfaces.
Interface on port in which SFP or SFP+
transceiver is installed in an SFP+ uplink module
is down.
Ethernet switching
A MAC address entry in the Ethernet switching
table is not updated after the device with that
MAC address has been moved from one
interface to another on the switch.
See Troubleshooting Ethernet Switching.
Firewall filter
Firewall configuration exceeded available
Ternary Content Addressable Memory (TCAM)
space.
See Troubleshooting Firewall Filter Configuration.
QFX5100 Switch with Automation Enhancements Frequently Asked Questions
This FAQ addresses questions regarding using QFX5100 switches with automation
enhancements, which were introduced at Junos OS Release 13.2X51-D15 .
This FAQ covers the following questions:
•
Who Should You Contact If You Have Problems with Loading, Installing or Updating
Libraries? on page 488
•
Who Should You Contact If You Have Problems with Puppet for Junos OS? on page 488
•
Who Should You Contact If You Have Problems with Chef for Junos OS? on page 488
•
What Happens to the User Partition If You Downgrade a QFX5100 Switch That Is
Running the jinstall-qfx-5-flex-x.tgz Software Bundle to a QFX Switch That Is Running
a Different QFX5100 Software Bundle? on page 488
Copyright © 2014, Juniper Networks, Inc.
487
Network Management and Monitoring on the QFX Series
•
How Do You Recover Junos OS Binaries That You Have Deleted? on page 488
•
How Do You Recover from a System Crash? on page 488
•
How Can You Verify That a QFX5100 Switch Is Running a jinstall-qfx-5-flex-x.tgz
Software Bundle? on page 488
Who Should You Contact If You Have Problems with Loading, Installing or Updating Libraries?
Contact Customer Support at http://www.juniper.net/support.
Who Should You Contact If You Have Problems with Puppet for Junos OS?
You can obtain support for Puppet for Junos OS through the J-Net Forum for Puppet at
http://forums.juniper.net/t5/Puppet-for-Junos-OS/bd-p/puppet_junos .
Who Should You Contact If You Have Problems with Chef for Junos OS?
You can obtain support for Chef for Junos OS through the J-Net Forum for Chef at
http://forums.juniper.net/t5/Chef-for-Junos-OS/bd-p/chef_junos.
What Happens to the User Partition If You Downgrade a QFX5100 Switch That Is Running the
jinstall-qfx-5-flex-x.tgz Software Bundle to a QFX Switch That Is Running a Different QFX5100
Software Bundle?
In this case, the user partition remains intact.
NOTE: If you make changes to the user partition while performing a unified
in-service software upgrade (unified ISSU), the changes might be lost.
How Do You Recover Junos OS Binaries That You Have Deleted?
You must reinstall the software package.
How Do You Recover from a System Crash?
You must reinstall the software package.
How Can You Verify That a QFX5100 Switch Is Running a jinstall-qfx-5-flex-x.tgz Software
Bundle?
You cannot use the show version command to verify that a QFX5100 switch is running
the jinstall-qfx-5-flex-x.tgz software bundle. However, there are two other ways to verify
this.
488
•
Use the show configuration command to check that you are running a Layer 3
configuration. See “Installing Junos OS Software with QFX5100 Switch Automation
Enhancements” on page 113.
•
Go to the shell and confirm that you can invoke Python. See “Invoking the Python
Interpreter” on page 153.
Copyright © 2014, Juniper Networks, Inc.
Chapter 28: Troubleshooting Overview
Related
Documentation
•
Overview of QFX5100 Switch Automation Enhancements on page 11
•
Installing Junos OS Software with QFX5100 Switch Automation Enhancements on
page 113
•
Invoking the Python Interpreter on page 153
•
Chef for Junos Getting Started Guide
•
Puppet for Junos OS Documentation
Copyright © 2014, Juniper Networks, Inc.
489
Network Management and Monitoring on the QFX Series
490
Copyright © 2014, Juniper Networks, Inc.
CHAPTER 29
Troubleshooting Procedures
•
Recovering from a Failed Software Installation on page 491
•
Loading a Previous Configuration File on page 492
•
Reverting to the Default Factory Configuration on page 493
•
Reverting to the Rescue Configuration on page 493
•
Recovering the Root Password on page 494
•
Troubleshooting a Deprecated Network Analytics Configuration on page 495
Recovering from a Failed Software Installation
Problem
If the Junos OS appears to have been installed but the CLI does not work, or if the switch
has no software installed, you can use this recovery installation procedure to install the
Junos OS.
Solution
If a Junos OS image already exists on the switch, you can either install the new Junos OS
package in a separate partition, in which case both Junos OS images remain on the switch,
or you can remove the existing Junos OS image before you start the new installation
process.
To perform a recovery installation:
1.
Power on the switch. The loader script starts.
2. After the message Loading /boot/defaults/loader.conf appears, you are prompted
with the following message:
Hit [Enter] to boot immediately, or space bar for command prompt.
Press the Spacebar to enter the manual loader. The loader> prompt appears.
3. Enter the following command:
loader> install [– –format] [– –external] source
where:
•
format—Enables you to erase the installation media before installing the installation
package. If you do not include this option, the system installs the new Junos OS in
a different partition from that of the most recently installed Junos OS.
Copyright © 2014, Juniper Networks, Inc.
491
Network Management and Monitoring on the QFX Series
•
external—Installs the installation package onto external media (a USB stick, for
example).
•
source—Represents the name and location of the Junos OS package, either on a
server on the network or as a file on an external media, as shown in the following
two examples:
•
Network address of the server and the path on the server; for example,
tftp://192.17.1.28/junos/jinstall-qfx-11.1R1.5-domestic-signed.tgz
•
Junos OS package on a USB device (commonly stored in the root drive as the
only file), for example, file:///jinstall-qfx-11.1R1.5-domestic-signed.tgz).
The installation now proceeds normally and ends with a login prompt.
Loading a Previous Configuration File
You can use the rollback <number command to return to a previously committed
configuration file. A switch saves the last 50 committed configurations, including the
rollback number, date, time, and name of the user who issued the commit configuration
command.
Syntax
rollback <number>
Options
•
none— Return to the most recently saved configuration.
•
number—Configuration to return to.
•
Range: 0 through 49. The most recently saved configuration is number 0, and the
oldest saved configuration is number 49.
•
Default: 0
To return to a configuration prior to the most recently committed one:
1.
Specify the rollback number (here, 1 is entered and the configuration returns to the
previously committed configuration):
[edit]
user@switch# rollback 1
load complete
2. Activate the configuration you have loaded:
[edit]
user@switch# commit
Related
Documentation
492
•
Configuration File Terms
Copyright © 2014, Juniper Networks, Inc.
Chapter 29: Troubleshooting Procedures
Reverting to the Default Factory Configuration
If for any reason the current active configuration fails, you can revert to the default factory
configuration. The default factory configuration contains the basic configuration settings.
This is the first configuration of the switch, and it is loaded when the switch is first installed
and powered on.
The load factory default command is a standard Junos OS configuration command. This
configuration command replaces the current active configuration with the default factory
configuration.
To revert the switch to the rescue configuration:
1.
Related
Documentation
[edit]
user@switch# load factory-default
[edit]
user@switch# delete system commit factory-settings
[edit]
user@switch# commit
•
Understanding Configuration Files
•
Loading a Previous Configuration File on page 492
•
Reverting to the Rescue Configuration on page 493
Reverting to the Rescue Configuration
If someone inadvertently commits a configuration that denies management access to
a QFX Series product and the console port is not accessible, you can overwrite the invalid
configuration and replace it with the rescue configuration. The rescue configuration is a
previously committed, valid configuration.
To revert the switch to the rescue configuration:
1.
Enter the load override command.
[edit]
user@switch# load override filename
2. Commit your changes.
[edit]
user@switch# commit filename
Related
Documentation
•
Setting or Deleting the Rescue Configuration
•
Reverting to the Default Factory Configuration on page 493
•
Configuration File Terms
Copyright © 2014, Juniper Networks, Inc.
493
Network Management and Monitoring on the QFX Series
Recovering the Root Password
If you forget the root password for the QFX3500 switch, you can use the password
recovery procedure to reset the root password.
NOTE: The root password cannot be recovered on a QFabric system.
NOTE: You need console access to the switch to recover the root password.
To recover the root password:
1.
Power off the switch by switching off the AC power outlet of the device or, if necessary,
by pulling the power cords out of the QFX3500 switch power supplies.
2. Turn off the power to the management device, such as a PC or laptop computer, that
you want to use to access the CLI.
3. Plug one end of the Ethernet rollover cable supplied with the switch into the
RJ-45–to–DB-9 serial port adapter supplied with the switch.
4. Plug the RJ-45–to–DB-9 serial port adapter into the serial port on the management
device.
5. Connect the other end of the Ethernet rollover cable to the console port on the switch.
6. Turn on the power to the management device.
7. On the management device, start your asynchronous terminal emulation application
(such as Microsoft Windows Hyperterminal) and select the appropriate COM port to
use (for example, COM1).
8. Configure the port settings as follows:
•
Bits per second: 9600
•
Data bits: 8
•
Parity: None
•
Stop bits: 1
•
Flow control: None
9. Power on the switch by (if necessary) plugging the power cords into the QFX3500
switch power supply, or turning on the power to the device or switch by switching on
the AC power outlet the device is plugged into
The terminal emulation screen on your management device displays the switch’s boot
sequence.
10. When the following prompt appears, press the Spacebar to access the switch’s
bootstrap loader command prompt:
494
Copyright © 2014, Juniper Networks, Inc.
Chapter 29: Troubleshooting Procedures
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [kernel] in 9 seconds...
11. At the following prompt, enter boot -s to start up the system in single-user mode.
ok boot -s
12. At the following prompt, enter recovery to start the root password recovery procedure.
Enter full pathname of shell or 'recovery' for root password recovery or RETURN
for /bin/sh: recovery
13. Enter configuration mode in the CLI.
14. Set the root password. For example:
user@switch# set system root-authentication plain-text-password
15. At the following prompt, enter the new root password. For example:
New password: juniper1
Retype new password:
16. At the second prompt, reenter the new root password.
17. After you have finished configuring the password, commit the configuration.
root@host# commit
commit complete
18. Exit configuration mode in the CLI.
19. Exit operational mode in the CLI.
20. At the prompt, enter y to reboot the switch.
Reboot the system? [y/n] y
Related
Documentation
•
Configuring the Root Password
Troubleshooting a Deprecated Network Analytics Configuration
Problem
After a software upgrade to Junos OS Release 13.2X51-D15 from an earlier release, the
network analytics configuration is no longer valid and the feature is disabled.
The network analytics configuration used in Junos OS Release 13.2X51-D10 has been
deprecated in Release 13.2X51-D15. Issuing the show services analytics command results
in the following output:
root@qfx5100# show services analytics
queue-statistics { ## Warning: 'queue-statistics' is deprecated
interval 1;
}
Cause
Solution
Junos OS Release 13.2X51-D15 added enhancements to the network analytics feature,
resulting in significant changes in the CLI. The updated [edit services analytics] hierarchy
level contains some statements that have replaced those that were previously released.
As a result, the earlier configuration does not work in the new release.
Use the new CLI statements to reconfigure the network analytics feature.
Copyright © 2014, Juniper Networks, Inc.
495
Network Management and Monitoring on the QFX Series
Related
Documentation
496
•
Network Analytics Overview on page 33
•
analytics on page 237
Copyright © 2014, Juniper Networks, Inc.
Download PDF
Similar pages