rACL vty and Juniper
Greeting, I am looking up some ACL rules and there are something i am not quite sure, I know on cisco router, applying rACL will protect the router itself, no transit traffic will hit the rACL rules or router RP. So i guess it is safe i assume rACL only take control and management plane traffic. But how about Line vty access-class command? Does it only take management plane traffic? Do i need this if i have rACL defined? and on Juniper router, does it have similar concept? i am only aware of the input filter on the lo0 interface. so there is nothing like rACL? Thanks FD
large icmp packet issue
I am having problem getting ping to work to a specific destination host when using large size icmp packet and i am hoping someone here can offer some suggestion. With regular ping, i can ping this remote host without any problem, but if i crank up the packet size to above 1500 (1500 still works), i won't get any icmp reply. My first thought was this was a pmtu issue. but when I ran tcpdump on this remote host, i saw the incoming ping requests and this host actually sent back icmp replies, so it appears that there is some device in between blocking these large size icmp reply packets. Here is the question, how can i find out which hop on the path is causing this behavior? FD
Re: large icmp packet issue
Thanks, the thing is How can i be sure even if a device blocks my ping , it might have policy blocking ping at it at all. On Sat, Sep 25, 2010 at 10:18 PM, Robert Bonomi wrote: > > From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Sat Sep 25 > 21:56:30 2010 > > Date: Sat, 25 Sep 2010 21:57:53 -0500 > > Subject: large icmp packet issue > > From: fedora fedora > > To: nanog@nanog.org > > > > I am having problem getting ping to work to a specific destination host > when > > using large size icmp packet and i am hoping someone here can offer some > > suggestion. > > > > With regular ping, i can ping this remote host without any problem, but > if i > > crank up the packet size to above 1500 (1500 still works), i won't get > any > > icmp reply. > > > > My first thought was this was a pmtu issue. but when I ran tcpdump on > this > > remote host, i saw the incoming ping requests and this host actually sent > > back icmp replies, so it appears that there is some device in between > > blocking these large size icmp reply packets. > > > > Here is the question, how can i find out which hop on the path is causing > > this behavior? > > Did you consider doing a traceroute? > > And then pinging the intermediate machines? with the big packets, that is. > > you'll get a response from the 'near side' of the problem, but -not- > from any machine on the far side of it. > > Ping with small packets first, to discovr machines that dont respond to > pings at all. > >
log parsing tool?
Greetings, Anyone has good recommendations for an open-sourced log parsing and analyzing application? It will be used to work with syslog-ng and other general syslog and application logs. I have been looking at swatch and logwatch, but would like to find out if there are other good choices, thanks FD
Re: log parsing tool?
ah, never heard of SEC before and it really looks interesting, Thanks everyone for the great input! FD On Mon, Feb 22, 2010 at 4:34 PM, Jeff Rooney wrote: > I personally like SEC (Simple Event Correlator), check out > http://simple-evcorr.sourceforge.net/ > > Jeff Rooney > jtroo...@nexdlevel.com > > > > On Mon, Feb 22, 2010 at 4:15 PM, fedora fedora > wrote: > > Greetings, > > > > Anyone has good recommendations for an open-sourced log parsing and > > analyzing application? It will be used to work with syslog-ng and other > > general syslog and application logs. > > > > I have been looking at swatch and logwatch, but would like to find out if > > there are other good choices, thanks > > > > FD > > >
