SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Expand all | Collapse all

USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

  • 1.  USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-14-2020 07:16

    Hi all,

     

    Already half of the year i try to solve this problem with "USP_IF_TOOLKIT: Duplicate attach for ifl_indexXX, flags 3, localaddr 0xXXXXXXXX local_plen 32",

     

    Junos with version 18.4R3-S2

     

    This error / log / notification directly affected to all connecton with untrust interface (ge0/0/0), connection dropped to 5-10 minutes

     

    All IP address on all interfaces are different 

     

    Maybe somebody had this problem before and solved it somehow

     

    messages | grep 'Dup'

     

    May 13 13:49:56 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122ab5a7 local_plen 32
    May 13 13:50:02 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x116ceb73 local_plen 32
    May 13 15:17:15 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0xc530ccf local_plen 32
    May 13 15:17:20 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x1229fbc3 local_plen 32
    May 13 16:06:45 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0xc530ccf local_plen 32
    May 13 16:06:51 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122906ab local_plen 32
    May 13 20:02:45 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32
    May 13 20:02:50 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122768fb local_plen 32
    May 13 20:24:56 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0xc530ccf local_plen 32
    May 13 20:25:01 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122906ab local_plen 32
    May 13 21:04:18 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index83, flags 3, localaddr 0x1229f5b7 local_plen 32
    May 13 21:04:23 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index83, flags 3, localaddr 0x1155e2f3 local_plen 32

     

     

     


    #duplicate
    #Local
    #Error
    #plen32
    #log


  • 2.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-14-2020 08:17

    Hello Feratti,

     

    Looks like this has the same issue as the other post. Pasting the same reply from the other post.

     

    I have investigated about the log message - "May 13 13:49:56 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122ab5a7 local_plen 32"

     

    The above messages are expected when an address change occurs on an interface with an address of the same subnet. In this scenario, this error message only indicates that either a secondary IP or a Duplicate IP (within the same subnet) has been assigned on an interface due to VRRP.
    Generally, log happens when there is below situation:
    1. When deleting multiple IP addresses on the same logical interface at the same time.
    2. When adding more than two IP addresses and deleting one IP address on the same logical interface at the same time.
    The above behaviors caused duplicated accesses to the same local address, which would be the location of the IP address and the SRX generated the logs.
    The above message is related to the logical interface assignment.
    It seems these messages are not related to any issue on the SRX.

    Please be informed that these messages are informational and can be ignored now.

     

    Let me know if you are seeing any customer impact cause of this issue?

     

    Also, check if there is any interface flap on ge-0/0/0 by using below command:-

     

    show interfaces ge-0/0/0 extensive |match "last flapped"

     

    The above log message is tracked under below KB, please refer it for more understanding:

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB35058

     

    In case if you would like to prevent certain syslogs, please follow the steps as mentioned in the following KB article -

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB9382&act=login

     

    use the below command to suppress the above logs:

     

    user@lab-re0# show system syslog user * {
        any emergency;
    } file messages {
        any notice;
        match "!(.*Duplicate.*)";
    }

    I hope this helps. Please mark this post "Accept as solution" if this answers your query.

     

    Kudos are always appreciated! Smiley Happy

     

    Best Regards,

    Lingabasappa H



  • 3.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-14-2020 12:35

    Hi Shlinga

    Thanks a lot for your reply and Greetings from Baku, Azerbaijan

     

    Actually i already checked this link when i started to investigate and also noticed that this link only one in Internet with description, even no any disscussion wasn't opened

     

    Unfortunately, all described symptoms i think not about my case, because my config very simple

     

    When this log appeared my connection always goes down for a while, ususally 2-4 minutes and after this error/log this log comes next

    For example:

    SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 185.40.158.210 to port 67 at 37.26.63.129 via interface 72 and routing instance default failed: No route to host

     

    You can find necessary logs below:

     

    root@SRXFW> show interfaces ge-0/0/0 extensive | match "last flapped"
    Last flapped : 2020-05-14 01:53:43 AZST (22:39:39 ago)

    root@SRXFW>

     

    root@SRXFW> show log messages | match Dup
    May 14 07:49:05 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x122784bf local_plen 32
    May 14 07:49:12 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x12298633 local_plen 32
    May 14 12:14:23 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x122c0b0f local_plen 32
    May 14 12:14:28 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x12298633 local_plen 32
    May 14 13:43:13 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x12298027 local_plen 32
    May 14 13:43:18 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x12279573 local_plen 32
    May 14 15:17:42 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x11b3876f local_plen 32
    May 14 15:18:28 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x12268aeb local_plen 32
    May 14 15:26:25 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x12298027 local_plen 32
    May 14 15:26:30 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x11a90393 local_plen 32
    May 14 23:42:12 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x1232c587 local_plen 32
    May 14 23:42:17 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x12322b9b local_plen 32

     

    root@SRXFW> show interfaces snmp-index 521 terse
    Interface Admin Link Proto Local Remote
    ge-0/0/2.0 up up inet 10.0.20.1/24

     

    root@SRXFW> show interfaces ifl-index 75
    Logical interface ge-0/0/2.0 (Index 75) (SNMP ifIndex 521)
    Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
    Input packets : 3937662
    Output packets: 7946388
    Security: Zone: Zone02
    Allowed host-inbound traffic : dhcp https ping ssh
    Protocol inet, MTU: 1500
    Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 18, Curr new hold cnt: 0, NH drop cnt: 0
    Flags: Sendbcast-pkt-to-re
    Addresses, Flags: Is-Preferred Is-Primary
    Destination: 10.0.20/24, Local: 10.0.20.1, Broadcast: 10.0.20.255

    root@SRXFW>

     

    You can find my junos config from here: https://github.com/Feratti/Junos-18.4R3-S2



  • 4.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-14-2020 19:17

    Hello @feratti,

     

    Greetings!

     

    I see the interface has flapped at 01:53:43 and the logs have appeared after that as well.

     

    root@SRXFW> show interfaces ge-0/0/0 extensive | match "last flapped"
    Last flapped : 2020-05-14 01:53:43 AZST (22:39:39 ago)

     

    May 14 07:49:05 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x122784bf local_plen 32
    May 14 07:49:12 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index75, flags 3, localaddr 0x12298633 local_plen 32

     

    I researched about the below log:

    SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 185.40.158.210 to port 67 at 37.26.63.129 via interface 72 and routing instance default failed: No route to host

     

    Cause of this log:

    > By default, there are some DHCP configurations for ZTP (Zero Touch Provisioning).

    Solution: Delete the DHCP configurations on unwanted ports.       

     

    Can you check if you can delete the DHCP configuration on unwanted ports?

     

    Command to check if the interface has DHCP configured:

    show configuration |match interfaces|match dhcp|display set

     

    Command to delete the DHCP configurations on unwanted ports:

    From configuration mode:

    #delete interface <interface_name> unit 0 family inet dhcp
    #commit  
     
    For more info:

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB31838

     

    I hope this helps. Please mark this post "Accept as solution" if this answers your query.

     

    Kudos are always appreciated! Smiley Happy

     

    Best Regards,

    Lingabasappa H

     



  • 5.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-15-2020 00:07

    Hi Shlinga

     

    Thanks a lot for reply, this is command output

     

    root@SRXFW> show configuration | match interfaces | match dhcp | display set
    set security zones functional-zone management interfaces ge-0/0/4.0 host-inbound-traffic system-services dhcp
    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
    set security zones security-zone Zone01 interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp
    set security zones security-zone Zone02 interfaces ge-0/0/2.0 host-inbound-traffic system-services dhcp
    set security zones security-zone Zone03 interfaces ge-0/0/3.0 host-inbound-traffic system-services dhcp
    set interfaces ge-0/0/0 unit 0 family inet dhcp update-server

     

    All dhcp already in use, so nothing to delete

     

     



  • 6.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-15-2020 00:22

    Hello feratti,

     

    It looks like the issue with the GE-0/0/0 interface having a DHCP update-server.

    Can you tell me when was the last time you saw your connection going down?

     

    Also, try to perform the below steps:

    1. Delete the ge-0/0/0 interface having DHCP:

    From configuration mode:

    #delete interface ge-0/0/0 unit 0 family inet dhcp
    #commit  

     2. after deleting check the behavior, if you are seeing the same logs as earlier.

    3. If logs appear again, manually re-seat the optics[transceiver] and the check for the logs if you are seeing them again.

    4. Enable the DHCP on ge-0/0/0 again after all the results:

     

    set interfaces ge-0/0/0 unit 0 family inet dhcp update-server

     

    Let me know the results.

     

    I hope this helps. Please mark this post "Accept as solution" if this answers your query.

     

    Kudos are always appreciated! Smiley Happy

     

    Best Regards,

    Lingabasappa H

     



  • 7.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-15-2020 01:06

    Hello Feratti,

     

    I am requesting you to deactivate the DHCP update-server feature from the interface ge-0/0/0, not the whole configuration on the ge-0/0/0.

     

    Let me know if you can do that activity for testing purposes on a window.

     

    Try to perform the below steps:

    1. Delete the ge-0/0/0 interface having DHCP:

    From configuration mode:

    #delete interface ge-0/0/0 unit 0 family inet dhcp
    #commit  

     2. after deleting check the behavior, if you are seeing the same logs as earlier.

    3. If logs appear again, manually re-seat the optics[transceiver] and the check for the logs if you are seeing them again.

    4. Enable the DHCP on ge-0/0/0 again after all the results:

     

    set interfaces ge-0/0/0 unit 0 family inet dhcp update-server

     

    Let me know the results.

     

     

    I hope this helps. Please mark this post "Accept as solution" if this answers your query.

     

    Kudos are always appreciated! Smiley Happy

     

    Best Regards,

    Lingabasappa H



  • 8.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-16-2020 06:35

    Hello @

     

    Here is some updates

    I did reconfiguration from scratch again, this time without 'update-server' config on ge-0/0/0

     

    New config you can check from  here: https://github.com/Feratti/Junos_config_15052020

     

    After reconfiguration, i faced with this log just once, and connection was dropped arround 30 minutes.

    Here is logs:

     

    May 16 02:45:33 SRXFW sshd[53483]: Accepted keyboard-interactive/pam for root from 10.0.20.104 port 52465 ssh2
    May 16 04:02:19 SRXFW inetd[1972]: /usr/sbin/sshd[44384]: exited, status 255
    May 16 11:54:42 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122e0c8f local_plen 32
    May 16 11:54:52 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122480ab local_plen 32
    May 16 11:56:44 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 12:00:15 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 12:03:46 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 12:07:17 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 12:10:48 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 12:17:21 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 10.0.30.1 to port 68 at 10.0.30.100 via interface 78 and outgoing routing instance default failed: Network is down
    May 16 12:17:22 SRXFW mib2d[1969]: SNMP_TRAP_LINK_UP: ifIndex 515, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/3
    May 16 12:42:49 SRXFW mib2d[1969]: SNMP_TRAP_LINK_DOWN: ifIndex 515, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/3
    May 16 13:39:51 SRXFW sshd[60750]: Accepted keyboard-interactive/pam for root from 10.0.20.104 port 54532 ssh2
    May 16 13:42:28 SRXFW mgd[60866]: UI_CHILD_EXITED: Child exited: PID 60877, status 1, command '/sbin/ifinfo'
    May 16 14:17:40 SRXFW mib2d[1969]: SNMP_TRAP_LINK_UP: ifIndex 515, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/3
    May 16 15:03:06 SRXFW mib2d[1969]: SNMP_TRAP_LINK_DOWN: ifIndex 515, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/3
    May 16 15:27:52 SRXFW mgd[60866]: UI_DBASE_LOGIN_EVENT: User 'root' entering configuration mode

    -------------------------------------------------------------------------------------------------------------------------------------------------------------

    root@SRXFW> show interfaces ifl-index 72
    Logical interface ge-0/0/1.0 (Index 72) (SNMP ifIndex 519)
    Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
    Input packets : 41942
    Output packets: 13524
    Security: Zone: Zone01
    Allowed host-inbound traffic : dhcp
    Protocol inet, MTU: 1500
    Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 2, Curr new hold cnt: 0, NH drop cnt: 0
    Flags: Sendbcast-pkt-to-re
    Addresses, Flags: Is-Preferred Is-Primary
    Destination: 192.168.1/24, Local: 192.168.1.1, Broadcast: 192.168.1.255

    root@SRXFW>

    ---------------------------------------------------------------------------------------------------------------------------------------------------

     

    root@SRXFW> show interfaces ifl-index 73
    Logical interface ge-0/0/0.0 (Index 73) (SNMP ifIndex 514)
    Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
    Input packets : 9615231
    Output packets: 4920658
    Security: Zone: untrust
    Allowed host-inbound traffic : dhcp
    Protocol inet, MTU: 1500
    Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 1, Curr new hold cnt: 0, NH drop cnt: 0
    Flags: Sendbcast-pkt-to-re, Is-Primary
    Addresses, Flags: Is-Default Is-Preferred Is-Primary
    Destination: 37.26.16/24, Local: 37.26.16.219, Broadcast: 37.26.16.255

    ---------------------------------------------------------------------------------------------------------------------------------------------

    root@SRXFW> show configuration | match interfaces | match dhcp | display set
    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
    set security zones security-zone Zone01 interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp
    set security zones security-zone Zone02 interfaces ge-0/0/2.0 host-inbound-traffic system-services dhcp
    set security zones security-zone Zone03 interfaces ge-0/0/3.0 host-inbound-traffic system-services dhcp
    set security zones security-zone Zone04 interfaces ge-0/0/4.0 host-inbound-traffic system-services dhcp
    set interfaces ge-0/0/0 unit 0 family inet dhcp

    root@SRXFW>

    ------------------------------------------------------------------------------------------------------------------------------

    root@SRXFW> show interfaces ge-0/0/0 extensive | match "last flapped"
    Last flapped : 2020-05-16 02:09:48 AZST (15:02:49 ago)

    root@SRXFW>

     

     

    Could you please check my config as well, maybe i missed smthg

     

    Thanks,

    Vadim



  • 9.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-16-2020 07:29
    Hello Vadim,

    Thanks for the reply.

    Looking into the logs and will update the thread in sometime.

    Best Regards,
    Lingabasappa H


  • 10.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-16-2020 09:30

    Hello Vadim,

    I looked at the logs,  and here is an update for both the logs.

     

    Log 1:-

     

    May 16 11:54:42 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122e0c8f local_plen 32
    May 16 11:54:52 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122480ab local_plen 32

     

    Did this log appear again after 11:54? If yes, please paste the logs to review. 

     

    The Ifl_index 72 is for logical interface ge-0/0/1. 

    root@SRXFW> show interfaces ifl-index 72
    Logical interface ge-0/0/1.0 (Index 72) (SNMP ifIndex 519)

     

    If you see the above logs again after 11:54? then paste the logs and with below command:

    show interfaces ge-0/0/1 extensive | match "last flapped"

     

    Log 2:

    May 16 11:56:44 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 12:00:15 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 12:03:46 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 12:07:17 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 12:10:48 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host

     

    I researched about the log and below is the explanation:

    The messages are typically generated due to “family inet dhcp” configured under an interface.

     

    As you can see in the above logs are only appearing for the "interface 73" [Logical interface is ge-0/0/0]

    root@SRXFW> show interfaces ifl-index 73
    Logical interface ge-0/0/0.0 (Index 73) (SNMP ifIndex 514)

     

    In order to stop these above logs, you need to delete the "family inet dhcp" command from the interface ge-0/0

     

    Command:- delete interfaces ge-0/0/0 unit 0 family inet dhcp

     

    The above command will delete the DHCP feature on the interface and the logs will stop occurring on the messages.

     

    I hope this helps. Please mark this post "Accept as solution" if this answers your query.

     

    Kudos are always appreciated! Smiley Happy

     

    Best Regards,

    Lingabasappa H



  • 11.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-16-2020 10:13

    Hi @

     

    Thanks a lot for your reply!

     

    Actually i faced with this "Drop" again (after 11:54), until i disable\enable ge-0/0/0, connection lost for 30 minutes

     

    May 16 18:27:43 SRXFW mib2d[1969]: SNMP_TRAP_LINK_UP: ifIndex 515, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/3
    May 16 18:28:07 SRXFW mib2d[1969]: SNMP_TRAP_LINK_DOWN: ifIndex 515, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/3
    May 16 18:28:10 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 10.0.30.1 to port 68 at 10.0.30.100 via interface 78 and outgoing routing instance default failed: Network is down
    May 16 18:28:10 SRXFW mib2d[1969]: SNMP_TRAP_LINK_UP: ifIndex 515, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/3
    May 16 18:50:47 SRXFW mib2d[1969]: SNMP_TRAP_LINK_UP: ifIndex 516, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/4
    May 16 18:51:09 SRXFW mib2d[1969]: SNMP_TRAP_LINK_DOWN: ifIndex 516, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/4
    May 16 18:51:13 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 10.0.40.1 to port 68 at 10.0.40.101 via interface 79 and outgoing routing instance default failed: Network is down
    May 16 18:51:13 SRXFW mib2d[1969]: SNMP_TRAP_LINK_UP: ifIndex 516, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/4
    May 16 19:18:22 SRXFW mib2d[1969]: SNMP_TRAP_LINK_DOWN: ifIndex 515, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/3
    May 16 20:23:49 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x1226006f local_plen 32
    May 16 20:23:54 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x1225311b local_plen 32
    May 16 20:25:47 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 20:27:51 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x20e5267 local_plen 32
    May 16 20:27:56 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122d4823 local_plen 32
    May 16 20:29:49 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 20:30:46 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 20:30:46 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122ecc5f local_plen 32
    May 16 20:30:46 SRXFW mib2d[1969]: SNMP_TRAP_LINK_DOWN: ifIndex 511, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/0
    May 16 20:34:26 SRXFW mib2d[1969]: SNMP_TRAP_LINK_UP: ifIndex 511, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/0
    May 16 20:34:58 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122cbd7b local_plen 32
    May 16 20:36:49 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 188.227.218.140 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 20:40:21 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 188.227.218.140 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 20:42:24 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x1225f5c7 local_plen 32
    May 16 20:42:33 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0xc52c54b local_plen 32
    May 16 20:44:26 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 188.227.218.140 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 20:47:50 SRXFW sshd[76880]: error: PAM: authentication error for roo from 10.0.40.101
    May 16 20:47:50 SRXFW sshd: SSHD_LOGIN_FAILED: Login failed for user 'roo' from host '10.0.40.101'
    May 16 20:47:57 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 188.227.218.140 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 20:48:01 SRXFW sshd[76880]: error: PAM: authentication error for roo from 10.0.40.101
    May 16 20:48:01 SRXFW sshd: SSHD_LOGIN_FAILED: Login failed for user 'roo' from host '10.0.40.101'
    May 16 20:48:15 SRXFW sshd[76880]: error: PAM: authentication error for roo from 10.0.40.101
    May 16 20:48:15 SRXFW sshd: SSHD_LOGIN_FAILED: Login failed for user 'roo' from host '10.0.40.101'
    May 16 20:48:30 SRXFW sshd[76881]: Disconnecting authenticating user roo 10.0.40.101 port 48180: Too many password failures for roo
    May 16 20:48:30 SRXFW sshd[76880]: Disconnecting authenticating user roo 10.0.40.101 port 48180: Too many password failures for roo [preauth]
    May 16 20:48:30 SRXFW sshd: SSHD_LOGIN_ATTEMPTS_THRESHOLD: Threshold for unsuccessful authentication attempts (3) reached by user 'roo'
    May 16 20:48:30 SRXFW inetd[1972]: /usr/sbin/sshd[76880]: exited, status 255
    May 16 20:48:51 SRXFW sshd[76926]: Accepted keyboard-interactive/pam for root from 10.0.40.101 port 48182 ssh2
    May 16 20:49:27 SRXFW mgd[76969]: UI_DBASE_LOGIN_EVENT: User 'root' entering configuration mode
    May 16 20:51:05 SRXFW mgd[76969]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
    May 16 20:51:08 SRXFW mgd[76969]: UI_CHILD_EXITED: Child exited: PID 77046, status 7, command '/usr/sbin/mustd'
    May 16 20:51:29 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 188.227.218.140 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 20:51:36 SRXFW flowd_octeon_hm: appqoe_client_handler: Invalid subtype
    May 16 20:51:40 SRXFW JBCM:jbcm_drv_port_stop: port is already down
    May 16 20:51:38 SRXFW mib2d[1969]: SNMP_TRAP_LINK_DOWN: ifIndex 513, ifAdminStatus down(2), ifOperStatus down(2), ifName ge-0/0/2
    May 16 20:51:45 SRXFW mgd[76969]: UI_COMMIT_COMPLETED: commit complete
    May 16 20:52:03 SRXFW mgd[76969]: UI_DBASE_LOGOUT_EVENT: User 'root' exiting configuration mode
    May 16 20:52:35 SRXFW mgd[76969]: UI_DBASE_LOGIN_EVENT: User 'root' entering configuration mode
    May 16 20:52:47 SRXFW mgd[76969]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
    May 16 20:52:50 SRXFW mgd[76969]: UI_CHILD_EXITED: Child exited: PID 77153, status 7, command '/usr/sbin/mustd'
    May 16 20:53:17 SRXFW flowd_octeon_hm: appqoe_client_handler: Invalid subtype
    May 16 20:53:22 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 10.0.20.1 to port 68 at 10.0.20.100 via interface 74 and outgoing routing instance default failed: Network is down
    May 16 20:53:22 SRXFW last message repeated 2 times
    May 16 20:53:22 SRXFW mib2d[1969]: SNMP_TRAP_LINK_UP: ifIndex 513, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/2
    May 16 20:53:22 SRXFW mgd[76969]: UI_COMMIT_COMPLETED: commit complete
    May 16 20:53:35 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x12252b0f local_plen 32
    May 16 20:53:40 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0xc52baa3 local_plen 32
    May 16 20:53:42 SRXFW sshd[77215]: Accepted keyboard-interactive/pam for root from 10.0.20.104 port 54049 ssh2
    May 16 20:55:33 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 188.227.218.140 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 20:56:39 SRXFW mgd[76969]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
    May 16 20:56:42 SRXFW mgd[76969]: UI_CHILD_EXITED: Child exited: PID 77362, status 7, command '/usr/sbin/mustd'
    May 16 20:57:19 SRXFW flowd_octeon_hm: appqoe_client_handler: Invalid subtype
    May 16 20:57:27 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 188.227.218.140 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host
    May 16 20:57:27 SRXFW mib2d[1969]: SNMP_TRAP_LINK_DOWN: ifIndex 511, ifAdminStatus down(2), ifOperStatus down(2), ifName ge-0/0/0
    May 16 20:57:27 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122d9737 local_plen 32
    May 16 20:57:27 SRXFW JBCM:jbcm_drv_port_stop: port is already down
    May 16 20:57:29 SRXFW mgd[76969]: UI_COMMIT_COMPLETED: commit complete
    May 16 20:58:33 SRXFW mgd[76969]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
    May 16 20:58:35 SRXFW mgd[76969]: UI_CHILD_EXITED: Child exited: PID 77467, status 7, command '/usr/sbin/mustd'
    May 16 20:59:02 SRXFW flowd_octeon_hm: appqoe_client_handler: Invalid subtype
    May 16 20:59:10 SRXFW mib2d[1969]: SNMP_TRAP_LINK_UP: ifIndex 511, ifAdminStatus up(1), ifOperStatus up(1), ifName ge-0/0/0
    May 16 20:59:12 SRXFW mgd[76969]: UI_COMMIT_COMPLETED: commit complete
    May 16 20:59:29 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122bf303 local_plen 32

     

    I will delete dhcp config from 0/0/0 as you said and update you for the result

     

    In adition:

     

    root@SRXFW> show interfaces ge-0/0/1 extensive | match "last flapped"
    Last flapped : 2020-05-16 02:09:46 AZST (18:59:07 ago)

    root@SRXFW>

     

     

    Regarding my config on github, is there any recomendation from your side?

     

    Also, i will request static public IP from from ISP, maybe it can help

     

    Thanks!

    Vadim

     

     



  • 12.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-16-2020 11:39

    Hello Vadim,

     

    Thanks for the reply.

     

    When you deleted the DHCP configuration form the ge-0/0/0, did you see the below logs?

     SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122e0c8f local_plen 32

    DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host

     

    Yes, can you get a static public IP from the ISP and delete the DHCP configuration from the ge-0/0/0? and check if you are seeing those above logs?

     

    Once, you delete the DHCP configuration from the ge-0/0/0, the below logs will stop appearing.

     

    May 16 20:44:26 SRXFW jdhcpd: DH_SVC_SENDMSG_FAILURE: sendmsg() from 188.227.218.140 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host

     

    Regarding the below log, it is seen on ge-0/0/1

    SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122e0c8f local_plen 32

     

    Can you provide below outputs to verify further? 

    >show interfaces diagnostics optics ge-0/0/1

    >show interfaces diagnostics optics ge-0/0/0

     

    Also, can you manually re-seat the interface ge-0/0/1 and ge-0/0/0 and check the behavior?

     

    I have reviewed the configuration and it looks ok for me. Please add a static public IP and check for the logs?

     

    I hope this helps. Please mark this post "Accept as solution" if this answers your query.

     

    Kudos are always appreciated! Smiley Happy

     

    Best Regards,

    Lingabasappa H



  • 13.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-16-2020 14:01

    Hi Lingabasappa,

     

    Thanks a lot for your reply!

     

    Regarding logs from commangs, interfaces 0/0/0 and 0/0/1 are electrical, so no any output from them:

     

    root@SRXFW> show interfaces diagnostics optics ge0/0/1

     

    root@SRXFW> show interfaces diagnostics optics ge0/0/0

     

     

    After i deleted DHCP config i lost connection to the internet, so can't wait generating logs and set DHCP back after about 2 minutes

     

    Static IP i can get next Monday, so untill this maybe you have suggestions how we can fix this "strange" connection drops, i'm 99% sure that  it's smthg with 0/0/0  (untrust) configuration

     

    In the description of this log wrote that this log message is informational and can be ignored, but in my case this log dropping my internet connection for 30 minutes (actually my kids learn remote from home and and these drops affect the connection for ZOOM app)

     

    Thanks,

    Vadim



  • 14.  RE: USP_IF_TOOLKIT: Duplicate attach for ifl_index84, flags 3, localaddr 0x122c3567 local_plen 32

     
    Posted 05-16-2020 23:34

    Hello Vadim,

    Thanks for the reply.

     

    Yes, please get a static public IP and delete the "family inet dhcp" from ge-0/0/0 and check for the below logs. I am sure there won't be below logs after deleting. 

     

    DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host

     

    Regarding the connection lost to the internet:

     

    security {
    screen {
    ids-option untrust-screen {
    icmp {
    ping-death;
    }
    ip {
    source-route-option;
    tear-drop;
    }
    tcp {
    syn-flood {
    alarm-threshold 1024;
    attack-threshold 200;
    source-threshold 1024;
    destination-threshold 2048;
    timeout 20;
    }
    land;
    }
    }
    }

     

     

    security-zone untrust {
    description Internet;
    screen untrust-screen;
    interfaces {
    ge-0/0/0.0 {
    host-inbound-traffic {
    system-services {
    dhcp;
    }
    }
    }
    }
    }

     

    I see ge-0/0/0 is in the untrust zone, and getting IP from the DHCP and is used to connect to the Internet. Hence, the zone untrust. I see "screen untrust-screen" is also configured for the untrust zone were in its is used to prevent attacks, such as IP address sweeps, port scans, denial of service (DOS) attacks, ICMP, UDP, and SYN floods.

    There are chances that the connectivity is being lost due to the above screen ids-option where any of the above is failing and tearing down the connection.

     

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-introduction-to-adp.html

     

    Once, you get the static IP from ISP, can you check the connectivity, and if the connectivity is lost, disable the  "untrust-screen" from the edit mode for testing and check for the behavior.

    deactivate security zones security-zone untrust screen untrust-screen

     

    and activate it after some time and observe the behavior.

    activate security zones security-zone untrust screen untrust-screen

     

    Regarding the below log:

     

    May 16 20:59:29 SRXFW USP_IF_TOOLKIT: Duplicate attach for ifl_index72, flags 3, localaddr 0x122bf303 local_plen 32

     

    As explained earlier, These messages are seen when an address change occurs on an interface that has an address of the same subnet. In this scenario, the log message only indicates that either a secondary IP address or a duplicate IP address (within the same subnet) has been assigned on an interface due to the Virtual Router Redundancy Protocol (VRRP). The log is usually generated when there is VRRP state change.

    The log message is informational and can be ignored.

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB35058

     

    Let us only concentrate on the "DH_SVC_SENDMSG_FAILURE" log which is due to DHCP:

     

    DH_SVC_SENDMSG_FAILURE: sendmsg() from 37.26.16.219 to port 67 at 37.26.63.129 via interface 73 and routing instance default failed: No route to host

     

    As per my understanding, you are losing connectivity due to the above log, not because of the " Duplicate attach".

     

    Update the thread after the next course of action.

     

    I hope this helps. Please mark this post "Accept as solution" if this answers your query.

     

    Kudos are always appreciated! Smiley Happy

     

    Best Regards,

    Lingabasappa H