Security

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

vSRX

  • 1.  vSRX

    Posted 4 days ago
    HI!
    Does vSRX support grpc telemetry?
    whith show version, i see there is openconfig!
    "user@vsrx> show version | match "Openconfig|na\ telemetry"
    JUNOS na telemetry [21.2R1.10]
    JUNOS Openconfig [21.2R1.10]"

    someone who tried?
    I tried but it does not work.

    /Mohammed


  • 2.  RE: vSRX

    Posted 4 days ago
    It should be supported as per the feature navigator, https://apps.juniper.net/home/vsrx/features?swName=vSRX&rel=21.2R1.

    Elvin


  • 3.  RE: vSRX

    Posted 3 days ago
    But, it does not work!

    "
    Sep 14 17:47:26 17:47:25.983271:CID-0:THREAD_ID-01:LSYS_ID-00:RT:check self-traffic on ge-0/0/0.0, in_tunnel 0x0 dp 32767
    Sep 14 17:47:26 17:47:25.983273:CID-0:THREAD_ID-01:LSYS_ID-00:RT:pak_for_self: No handler function found for proto:6, dst-port:32767, drop pkt
    Sep 14 17:47:26 17:47:25.983284:CID-0:THREAD_ID-01:LSYS_ID-00:RT: flow_first_in_dst_nat: in <ge-0/0/0.0>, out <N/A> dst_adr 10.199.88.254, sp 33814, dp 32767
    Sep 14 17:47:42 17:47:42.110852:CID-0:THREAD_ID-01:LSYS_ID-00:RT:~~~FLOW <10.10.10.216/33814->10.199.88.254/32767;6,0x0> of root-logical-system for iif ge-0/0/0.0:
    Sep 14 17:47:42 17:47:42.110869:CID-0:THREAD_ID-01:LSYS_ID-00:RT: ge-0/0/0.0:10.10.10.216/33814->10.199.88.254/32767, tcp, flag 2 syn
    Sep 14 17:47:42 17:47:42.110871:CID-0:THREAD_ID-01:LSYS_ID-00:RT: find flow: table 0x2aa75480, hash 50070(0xffff), sa 10.10.10.216, da 10.199.88.254, sp 33814, dp 32767, proto 6, tok 24, conn-tag 0x00000000, vrf-grp-id 0
    "
    traffic is coming in on vsxr but it drops, i don´t understand why.
    security zone trust which ge-0/0/0 belongs i configured:
    security-zone trust {
    host-inbound-traffic {
    system-services {
    all;
    }
    protocols {
    all;
    }
    }
    interfaces {
    ge-0/0/0.0;
    }
    }

    This is only a lab environment!

    /Mohammed


    ------------------------------
    MOHAMMED MOHAMMED
    ------------------------------