|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Strange issue involving sampling
On Wed, Jan 18, 2006 at 03:09:50PM -0500, Peering wrote: > First, apologies if this isn't the right place, but I was hoping to hit > a lot of networking folks in one shot and this seemed like the likely > venue. This sounds like a Juniper-specific issue, so the appropriate place is probably going to be http://puck.nether.net/juniper-nsp/. > I have this problem where a customer of mine has issues getting to > secure websites (https sites like Charles Schwab's). It doesn't happen > all the time, maybe once a month or so. We went to Juniper with the > issue (we're using M-20s as our edge routers) and they couldn't figure > it out, but one of our engineers found that the config pasted below > (with proprietary info removed) fixed the problem. The only problem is > that even with this config, we have to restart the sampling daemon every > month or so because the problem will come back. Understandably, the > customer would prefer to have a more permanent solution. You have to restart the sampling daemon to forward packets to SSL based websites? Wha? Are you sure you didn't accidentally install a Crackpipe Services PIC in that router? :) > Anyone have an idea why this one customer on my entire network would > have this issue? Supposedly the customer had Cisco come out and look at > their network and they couldn't find any reason for it either. [snip] Nothing in that config would cause or cure the problem you've described, unless the config it replaced was "from destination-port 443; then reject;". I suspect your problem lies elsewhere, which is why Juniper and Cisco both said there were no problems. :) But if there really is something going on with the Juniper, re-post this to juniper-nsp (with more details about the failure behavior) and I'm sure someone will give it their best shot to figure out what your problem is. -- Richard A Steenbergen <[email protected]> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
|