Am I correct that "show pfe route ip" extracts information from PFE and "show route forwarding-table" extracts information from routing-engine copy of forwarding table? So this means that in latter case there is no RE<->PFE communication?
Difference Between ‘show route forwarding-table’ and ‘show pfe route ip’ in JUNOS
juniper
Related Solutions
The answer is:
The setting
forwarding-options {
hash-key {
family inet {
layer-4;
}
}
}
only works in PACKET MODE
The default mode for an SRX is flow mode. You can set configure packet mode by deleting ALL of the configuration under the security stanza and then running
set security forwarding-options family mpls mode packet-based
once you have committed that you will need to reboot your device.
You can check and see which mode it's running in by running the operational mode command
show security flow status
This gives the following output
Flow forwarding mode:
Inet forwarding mode: packet based
Inet6 forwarding mode: flow based
MPLS forwarding mode: packet based
ISO forwarding mode: drop
Flow trace status
Flow tracing status: off
Flow session distribution
Distribution mode: RR-based
GTP-U distribution: Disabled
Flow ipsec performance acceleration: off
Flow packet ordering
Ordering mode: Hardware
You are interested in lines 2 & 3. Below, mine show that the device is in packet mode for IPV4 traffic and flow mode for IPV6.
Inet forwarding mode: packet based
Inet6 forwarding mode: flow based
For more details see here: https://kb.juniper.net/InfoCenter/index?page=content&id=KB30461
Note: It took a JTAC engineer a few weeks to work this out after building it in a lab and testing it. He is going to try and get the documentation updated to note it only works in packet mode!
First and foremost "Not OK" is just signifying that there is some kind of problem relating to the PEM, it could be anything. The "Input Failure" is just trying to be more detailed (this doesn't always happen).
Unfortunately, for these sorts of alarms there is no way to definitively determine if the cause is due to the PEM in the router or some problem with the power source from looking at the router.
It's really unlikely that 2 PEMs are failing at the same time. Most power in Central Offices and Data Centers will be connected to an A side and a B side PDUs for redundancy. For example, PEM 0/Feed 1 and PEM 1/Feed 1 will connect to A, with PEM 0/Feed 2 and PEM 1/Feed 2 connecting to B.
Looking at your situation, my first instinct would be to have someone look at the PDUs to see if a breaker is tripped or turned off.
Best Answer
Correct, a little review.
The Routing Engine(s) are the control plane, they build the routing table based on all of the information given to it by whatever protocols are configured, and it also builds the forwarding table. The routing engine will then copy it's version of the forwarding table to the appropriate PFE'(s) (forwarding plane).
All in all, the RE has a copy of the routing table and the forwarding table, and all of the PFE's have their respective forwarding entries to be used to actually forward traffic.
show route- will display the routing table.show route forwarding-table- will show the routing engine's version of the forwarding tableshow pfe route ip- will show the forwarding table/entries that are actually installed in each PFE.Yes, but lets be clear. In the case of
show pfe route ip, the RE still has to communicate with the PFE to query their version of the forwarding table, but it will not query its own copy of the forwarding table.I'll be happy to update my answer if necessary.