Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[M/MX/T-series] Slow response to interactive commands when committing the configuration by the user in a router with accounting/ TAC+ configured

0

0

Article ID: KB24917 KB Last Updated: 19 Feb 2020Version: 3.0
Summary:
This article describes the issue of slow response to any interactive commands being entered in the router or when the configuration is committed with accounting/ TAC+ configured.
Symptoms:

Slow response to any interactive commands being entered in the router or when the configuration is committed with accounting/ TAC+ configured.

General Behavior:

When issuing interactive commands or committing the configuration on a router, which is configured with accounting/ TAC+, the router checks with the server; prior to executing the same.

 

Scenario:

If the accounting/ TAC+ server is configured and the route is there in the routing table, but the server is not operational, then the router waits for the configured timeout to expire; before executing the command.

Configuration:

accounting {
    events [ change-log interactive-commands ];
    destination {
        tacplus {
            server {
                192.168.1.1 {
                    secret "$ABC123"; ## SECRET-DATA
                    timeout 10;---> timeout configured is 10 ms
                }
            }
        }
    }
}

Route entry for the server:

User@router> show route table inet.0 192.168.1.1

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.1.1/32      *[Static/5] 00:13:22
                    > to 10.0.75.254 via fxp0.0

The show interfaces terse interactive command is issued during the Jun 15 03:59:20 timestamp:

Jun 15 03:59:20  Router mgd[1325]: UI_CMDLINE_READ_LINE: User 'lab', command 'show interfaces terse '	
Packets initiated towards the server 192.168.1.1
-----original packet-----
00:00:00:00:3e:ff > 00:00:00:00:21:d0, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl  64, id 24838, offset 0, flags [DF], proto: TCP (6),
length: 64) 10.0.75.157.59638 > 192.168.1.1.49: S 3428893759:3428893759(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 4268529 0,sackOK,eol>
03:59:20.651409  In
Juniper PCAP Flags [Ext, In], PCAP Extension(s) total length 16
   Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
   Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
   Device Interface Index Extension TLV #1, length 2, value: 16384
   Logical Interface Index Extension TLV #4, length 4, value: 4

-----original packet---

00:00:00:00:3e:ff > 00:00:00:00:21:d0, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl  64, id 24927, offset 0, flags [DF], proto: TCP (6),
length: 64) 10.0.75.157.59638 > 192.168.1.1.49: S 3428893759:3428893759(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 4271529 0,sackOK,eol>
03:59:24.124410 Out 
	Juniper PCAP Flags [Ext], PCAP Extension(s) total length 16
	  Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
	  Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
	  Device Interface Index Extension TLV #1, length 2, value: 16384
	  Logical Interface Index Extension TLV #4, length 4, value: 4
-----original packet-----
00:00:00:00:3e:ff > 00:00:00:00:21:d0, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl  64, id 25005, offset 0, flags [DF], proto: TCP (6),
 length: 64) 10.0.75.157.59638 > 192.168.1.1.49: S 3428893759:3428893759(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 4274729 0,sackOK,eol>
03:59:26.621784  In 
	Juniper PCAP Flags [Ext, In], PCAP Extension(s) total length 16
	  Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
	  Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
	  Device Interface Index Extension TLV #1, length 2, value: 16384
	  Logical Interface Index Extension TLV #4, length 4, value: 4	
-----original packet-----
00:00:00:00:3e:ff > 00:00:00:00:21:d0, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl  64, id 25083, offset 0, flags [DF], proto: TCP (6),
length: 48) 10.0.75.157.59638 > 192.168.1.1.49: S 3428893759:3428893759(0) win 65535 <mss 1460,sackOK,eol>
03:59:30.237342 Out 
	Juniper PCAP Flags [Ext], PCAP Extension(s) total length 16
	  Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
	  Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
	  Device Interface Index Extension TLV #1, length 2, value: 16384
	  Logical Interface Index Extension TLV #4, length 4, value: 4
-----original packet-----

The output is seen by the Jun 15 03:59:30 timestamp, after a delay of 10ms (when the timeout expires):

User@router> show interfaces terse 
Jun 15 03:59:30--------------------------> There is a delay of 10ms after issuing the command
Interface               Admin Link Proto    Local                 Remote
lc-0/0/0                up    up  
lc-0/0/0.32769          up    up   vpls    
pfe-0/0/0               up    up  
pfe-0/0/0.16383         up    up   inet    
                                   inet6   
pfh-0/0/0               up    up  
pfh-0/0/0.16383         up    up   inet    
xe-0/0/0                up    up  
xe-0/0/1                up    up  
xe-0/0/2                up    down
xe-0/0/3                up    up  
ge-1/0/0                up    down
Solution:
This is expected behavior of the router, when the accounting/ TAC+ server is configured and the entry for the same is available in the routing table. But when the server is not operational, the router waits for the reply from the server, until the configured timeout expires and it then executes the issued command.
Modification History:
2020-02-19: minor non-technical edits.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search