I’ll get those outputs when at a terminal but the configuration did not change
and this was working pre reboot :/
The only other change was a failed MPC that was replaced.
Downstream devices are sending HELLOs but this 480 is not indicating it’s
receiving them via ospf3 stats output which is weird but connectivity is good.
-Scott H
> On Jun 16, 2019, at 2:08 AM, Anderson, Charles R wrote:
>
> Silly question, does the sa name match between "ospf3...ipsec-sa FOO"
> and "security ipsec security-association FOO..."?
>
> What does "show ipsec security-associations" show?
>
> What Junos version? There was a memory leak or file descriptor leak
> in older Junos that killed the ipsec daemon after a long uptime, but I
> don't recall anything that would cause it to fail right after reboot.
> But you can try "restart ipsec-key-management" anyway.
>
>> On Sat, Jun 15, 2019 at 09:02:30PM -0500, Scott Harvanek wrote:
>> Hey guys,
>>
>> Getting something interesting after a reboot;
>>
>> Jun 16 01:58:45 MX480.1 kernel: ipsec_find_sa_in_so_gen(1999): Couldn't
>> dereference the sa name = XX
>>
>> When trying to bring up the IPSec tunnel for ospf3 peering ( which never
>> establishes ), any ideas what this means? Do I need to restart the ipsec
>> key daemon?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
