[88037] in North American Network Operators' Group
Re: Strange issue involving sampling
daemon@ATHENA.MIT.EDU (Richard A Steenbergen)
Wed Jan 18 16:06:56 2006
Date: Wed, 18 Jan 2006 16:03:30 -0500
From: Richard A Steenbergen <ras@e-gerbil.net>
To: Peering <Peering@xspedius.com>
Cc: nanog@merit.edu
In-Reply-To: <AFAF0E1DDFEBDD4FB5376F27E943570301B77AB9@PNTXCMAIL01.hq.espire.net>
Errors-To: owner-nanog@merit.edu
On Wed, Jan 18, 2006 at 03:09:50PM -0500, Peering wrote:
> First, apologies if this isn't the right place, but I was hoping to hit
> a lot of networking folks in one shot and this seemed like the likely
> venue.
This sounds like a Juniper-specific issue, so the appropriate place is
probably going to be http://puck.nether.net/juniper-nsp/.
> I have this problem where a customer of mine has issues getting to
> secure websites (https sites like Charles Schwab's). It doesn't happen
> all the time, maybe once a month or so. We went to Juniper with the
> issue (we're using M-20s as our edge routers) and they couldn't figure
> it out, but one of our engineers found that the config pasted below
> (with proprietary info removed) fixed the problem. The only problem is
> that even with this config, we have to restart the sampling daemon every
> month or so because the problem will come back. Understandably, the
> customer would prefer to have a more permanent solution.
You have to restart the sampling daemon to forward packets to SSL based
websites? Wha? Are you sure you didn't accidentally install a Crackpipe
Services PIC in that router? :)
> Anyone have an idea why this one customer on my entire network would
> have this issue? Supposedly the customer had Cisco come out and look at
> their network and they couldn't find any reason for it either.
[snip]
Nothing in that config would cause or cure the problem you've described,
unless the config it replaced was "from destination-port 443; then
reject;". I suspect your problem lies elsewhere, which is why Juniper and
Cisco both said there were no problems. :)
But if there really is something going on with the Juniper, re-post this
to juniper-nsp (with more details about the failure behavior) and I'm sure
someone will give it their best shot to figure out what your problem is.
--
Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
