error (Security)
Syntax
error { (fatal | major | minor) { threshold threshold number; action (alarm | disable-pfe | offline-pic | log | get-state |offline | reset); } }
Hierarchy Level
[edit chassis]
[edit chassis fpc slot-number]
Description
Configure the threshold at which FPC errors will take the action you configure to be performed by the device.
Some devices include an internal framework for detecting and correcting FPC errors that can have the potential to affect services. You can classify FPC errors according to severity, set an automatic recovery action for each severity, and set a threshold (the number of times the error must occur before the action is triggered).
However, the alarm is added to the default fault handling action list for a fatal error. Adding an alarm to the default fault handling list will allow the chassis alarm to trigger the RG1 switchover as soon as the fatal error is detected.
Starting with Junos OS Release 15.1-X49-D50 and Junos OS Release 17.3R1, this feature supports I/O cards (IOCs) and Services Processing Cards (SPCs) on the Junos OS SRX5000 line of devices. The following cards are supported:
IOC2
IOC3
SPC2
Take care when setting the fault handling actions for SPC2 cards on the SRX5000 line of devices. Consider that if you set the fault handling action on an SPC2 card to offline or reset, when the card is either taken offline or the reboot occurs, the chassis daemon (chassisd) will reboot all of its FPC cards, both SPCs and IOCs—that is, the entire chassis will be rebooted.
Options
You can configure the threshold for the following severity levels:
You cannot change the severity level of an error.
fatal
—Fatal error on the FPC. An error that results in the blockage of a considerable amount of traffic across modules is a fatal error. (default: raise an alarm and reset the FPC)major
—Major error on the FPC. An error that results in continuing loss of packet traffic but does not affect other modules is a major error. (default: get the current state of the FPC and raise an alarm)minor
—Minor error on the FPC. An error that results in the loss of a small number of packets but is fully recoverable is a minor error. (default: write a log for the event.)threshold threshold-value
—Configure the threshold value at which to take action. If the severity level of the error is fatal, the action is carried out only once when the total number of errors exceeds the threshold value. If the severity level of the error is major, the action is carried out once after the occurrence exceeds the threshold. If the severity level is minor, the action is carried out as many times as the value specified by the threshold. For example, when the severity level is minor, and you have configured the threshold value as 10, the action is carried out after the tenth occurrence.Note:You can set the threshold value to 0 for errors with a severity level of minor. This implies that no action is taken for that error. You cannot set the threshold value to 0 for errors with a severity level of major or fatal.
Reset and offline are not listed as default actions for the minor error level for safety purposes.
The alarm and reset default action is included in the implementation for the SRX5000 line of devices. It is required to trigger the RG1 switchover in a chassis cluster environment when an FPC fatal error occurs and the alarm being raised is a major alarm.
Default: The error count for fatal and major actions is 1. The default error count for minor actions is 10.
Table 1 shows the range of values for each error level.
Table 1: Value Ranges for Error Levels Error Level
Default Threshold
Value Range
Fatal
1
1 through 1024
Major
1
1 through 1024
Minor
10
0 through 1024
The available detection and recovery actions are as follows:
alarm
—Raise an alarm.disable-pfe
—Disable the Packet Forwarding Engine interfaces on the FPC.get-state
—Get the current state of the FPC.log
—Generate a log for the event.offline
—Take the FPC offline.offline-pic
—Take the PIC (installed in the FPC) offline.reset
—Reset the FPC.
Required Privilege Level
interface | To view this in the configuration. |
interface-control | To add this to the configuration. |
Release Information
Statement introduced in Junos OS Release 15.1X49-D40.