SRX

 View Only

  • 1.  SRX ipsec-key-management is thrashing, not restarted

    Posted 27 days ago

    Hello all

    Could you please tell me what could be causing this problem?
    I periodically see the following message in the log on my SRX 345:
     
    - - - ipsec-key-management terminated by signal number 11. Core dumped!
     
    - - - ipsec-key-management started
     
     
     
    It seems that ipsec-key-management is periodically restarting. But sometimes it stops completely with a message:
     
    - - - ipsec-key-management is thrashing, not restarted
     
    Until you run the command restart ipsec-key-management this not start.
     
    I have other SRX and they don't have this message, and the daemon doesn't restart on its own.
    Can anyone suggest what the problem might be?



    ------------------------------
    Pavel Guegan
    ------------------------------


  • 2.  RE: SRX ipsec-key-management is thrashing, not restarted

    Posted 25 days ago

    You have to look through more log messages preceding the crashes for extra clues. This did ring a bell though:

    • https://supportportal.juniper.net/s/article/SRX-Multiple-KMD-core-files-generated-after-VPN-related-configuration-changes
    • https://supportportal.juniper.net/s/article/KMD-Core-missing-keypair-for-local-certificate

    In general, in BSD, signal 11 is a segmentation fault -- the process tried to mess with memory it didn't have access to. If the log messages and / or above articles do not provide an answer, then you'd have to address this with JTAC because they'd be able to analyze the memory dump files further.



    ------------------------------
    Nikolay Semov
    ------------------------------

    Original Message