Re: [j-nsp] Multi Core on JUNOS?
And the change now announced on 15.1 (new release) using freebsd 10 will not help to solve it ? > On Oct 8, 2015, at 12:33, Colton Conorwrote: > > Saku, > > You seem to be very familiar with the major routing vendors implementations > on SMP. Do you consider the lack of SMP support on Juniper a reason not to > go with Juniper until implemented. Particularly interested to hear about > JunOS vs TimOS. > >> On Thu, Oct 8, 2015 at 10:13 AM, Saku Ytti wrote: >> >> On 3 October 2015 at 03:41, Olivier Benghozi >> wrote: >> >> Hey, >> >>> I have heard that: >>> 1) forget it about PowerPC CPUs (MX 80/104). >> >> This is shame, but completely understandable, give customers couple >> more years on old kit or force them to buy new kit? I'm afraid maybe >> no HW of current generation will get SMP support. I'm sure marketing >> is pondering lot how many customers would switch vendor versus how >> many customers would just buy new next-gen hardware when deciding >> which platforms to target for SMP. >> >> I honestly believe that SMP is weekend project for single developer on >> JunOS now that they've remedied the underlaying FreeBSD issues. Fixing >> rpd mess is certainly big deal. But just affinity to put RPD on its >> own core and rest on the other core on MX80/MX104 should be terribly >> trivial. >> >> Even radar plans for RPD + threads is far cry from what other vendors >> are doing already with SMP on XR, EOS and particularly TimOS. But >> still very nice that JNPR is finally doing something. >> >> -- >> ++ytti >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4300-24T and 40GE ports
Yes for sure. We use it like this !!! You need only to break the virtual chassis initial configuration > request virtual chassis vc-port delete ... Dont forget that juniper only will support qsfp+ to 10km Att Giuliano Cardozo Medalha WZTECH NETWORKS ADVANCED SERVICES giuli...@wztech.com.br giuliano@advanced.services +55 (17) 98112-5394 > On Sep 9, 2015, at 15:38, Robert Hasswrote: > > Hi > I have two questions regarding 40GE ports build-in into EX4300-24T switch. > > Can I use these ports as regular line ports / VLANs / 802.1Q - instead of > VirtualChassis ? > Are they support Breakout into 4x10GE ? > > Rob > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Breaking an EX cluster?
Request virtual-chassis recycle and renumber you can put the switch as a master stand alone Sent from my iPhone On Aug 13, 2015, at 22:23, Scott Granados sc...@granados-llc.net wrote: Hi, Have some EX 4300s that I want to break apart and start like they were factory new and reboot. I know about the factory default button on the front and the configuration option but no matter how I apply that I still have the node boot thinking it’s a member of the previous chassis. How do I delete it’s membership when it’s active / a stand alone node? Any pointers are most appreciated. Thank you Scott ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Breaking an EX cluster?
Have you tried to remove the vc-ports ? Sent from my iPhone On Aug 13, 2015, at 23:19, Scott Granados sc...@granados-llc.net wrote: I tried this one and it errors out because the node was active. Thanks Scott On Aug 13, 2015, at 9:34 PM, Giuliano (WZTECH) giuli...@wztech.com.br wrote: Request virtual-chassis recycle and renumber you can put the switch as a master stand alone Sent from my iPhone On Aug 13, 2015, at 22:23, Scott Granados sc...@granados-llc.net wrote: Hi, Have some EX 4300s that I want to break apart and start like they were factory new and reboot. I know about the factory default button on the front and the configuration option but no matter how I apply that I still have the node boot thinking it’s a member of the previous chassis. How do I delete it’s membership when it’s active / a stand alone node? Any pointers are most appreciated. Thank you Scott ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper 10G Switch Options
I think the better option is to use ACX5048 Same qfx hardware with a different software It will support vpls and evpn But I think you will need license for 10G interfaces and L3vpn Sent from my iPhone On Jun 4, 2015, at 10:38, Tim Jackson jackson@gmail.com wrote: It should support EVPN shortly. On Thu, Jun 4, 2015, 6:38 AM Joe Freeman j...@netbyjoe.com wrote: Keep in mind the QFX5100 doesn't support evpn or vpls. To do vpls right now, we're having to l2vpn back to an MX tunnel interface and stitch into a bridge domain. It's not pretty but so far it has worked. We've got our fingers crossed that evpn is coming soon. Also, the 5100's apparently aren't using ASICs, or at least aren't using an ASIC on the interfaces that will support flexible-ethernet-services. What this means is that I can't L2 switch a customer on the same QFX interface that I'm either A) Terminating another customer at L3 (l3 vpn for example), or B) Doing a vlan-ccc/l2circuit/l2vpn connection on. This means there are some use cases (p2p ethernet circuits between olt's in the same CO for instance) that may require more than 1 port between the QFX and the olt. Joe On Thu, Jun 4, 2015 at 8:26 AM, Tim Jackson jackson@gmail.com wrote: I'd recommend QFX5100 or EX4600. Same hardware inside for both. Beware that there are a few issues with DHCP and DHCPv6 pass through on them, but that seems to be resolved now. On Jun 4, 2015 6:22 AM, Colton Conor colton.co...@gmail.com wrote: We need a Juniper switch with at least 24 built in SFP+ ports. Looks like Juniper has a ton of options including the EX4500, EX4550, EX4600, and the QFX line which I don't know much about. This switch will be for aggregation purposes for an access network that has GPON OLT's with 10G uplinks on them. What do you recommend? Which has the latest hardware? Which is the most cost effective? Any limitations to be aware of? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX80 BGP Convergence
13.3R5 or 14.1R4 are better options Sent from my iPhone On Mar 20, 2015, at 14:09, Tan Heng Chai ad...@sg.gs wrote: Hi J-NSP, Just wondering if anyone has benchmark/feedback on BGP convergence times on the MX80 with and without sampling on versions higher than 11.4R7.5, especially with reference to PR836197 and the sampling issue? -- Yours Sincerely, Tan Heng Chai Chief Technical Officer - SG.GS http://www.sg.gs ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MPLS EX4550
We didnt find a solution because ex4550 (junos) code does not support 2 different families for the same interface (yet) ... Using 12.3R8 I think the new switches ex4600, ex4300 fiber and qfx5100 will support it considering junos ELS and it new hardware Sent from my iPhone On Mar 6, 2015, at 18:01, Levi Pederson levipeder...@mankatonetworks.net wrote: Giuliano, I thank you for the prompt reply. I had originally thought that would create a loop on the switch, but I believe you are right in that it will just shunt the VLAN as anticipated. However, I was wondering if there was a a solution that can be accomplished without having to use a loop-cable? Thank you, Levi Pederson Mankato Networks LLC cell | 612.481.0769 work | 612.787.7392 levipeder...@mankatonetworks.net On Fri, Mar 6, 2015 at 2:57 PM, Giuliano (WZTECH) giuli...@wztech.com.br wrote: We have a situation here and we find a way ... We connect 2 interfaces in a optical cable loop ... One that came from a trunk interface ... Family ethernet-switching and other family mpls with L2-circuit to do a vlan traffic to enter in a mpls interface Sent from my iPhone On Mar 6, 2015, at 17:51, Levi Pederson levipeder...@mankatonetworks.net wrote: All, I've got a simple MPLS setup with 4 EX4550's. They are currently in an incomplete ring but will soon have a full ring situation. I've currently got 3 circuits on the transport working wonderfully. However I'm trying to add another alas I'm a bit confused as how to proceed. Previous other circuits were easier in the fact they were simply saying the port on MPLS1-1 is equivalent to this port on MPLS 3-1. The new circuit is different in that I have to take a VLAN recieved on a trunk port and send it through the MPLS network to 3-1 and then into a vlan-tagged MX-10. I was wondering if anyone has attempted this and has any pointers. Thank you, *Levi Pederson* Mankato Networks LLC cell | 612.481.0769 work | 612.787.7392 levipeder...@mankatonetworks.net ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MPLS EX4550
We have a situation here and we find a way ... We connect 2 interfaces in a optical cable loop ... One that came from a trunk interface ... Family ethernet-switching and other family mpls with L2-circuit to do a vlan traffic to enter in a mpls interface Sent from my iPhone On Mar 6, 2015, at 17:51, Levi Pederson levipeder...@mankatonetworks.net wrote: All, I've got a simple MPLS setup with 4 EX4550's. They are currently in an incomplete ring but will soon have a full ring situation. I've currently got 3 circuits on the transport working wonderfully. However I'm trying to add another alas I'm a bit confused as how to proceed. Previous other circuits were easier in the fact they were simply saying the port on MPLS1-1 is equivalent to this port on MPLS 3-1. The new circuit is different in that I have to take a VLAN recieved on a trunk port and send it through the MPLS network to 3-1 and then into a vlan-tagged MX-10. I was wondering if anyone has attempted this and has any pointers. Thank you, *Levi Pederson* Mankato Networks LLC cell | 612.481.0769 work | 612.787.7392 levipeder...@mankatonetworks.net ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] DDOS_PROTOCOL_VIOLATION_SET: Protocol Reject:aggregate
Chris The best option is to disable the feature ? And about to configure it ? If you have a protect-re firewall filter applied in loopback ... Can this be done ? Is it safe ? Some documents from juniper showing the best way ? And about to disable the process ? Thanks a lot Sent from my iPhone On Dec 11, 2014, at 01:20, Chris Morrow morr...@ops-netman.net wrote: On 12/10/2014 09:54 PM, Wojciech Janiszewski wrote: Hi, Make sure that you have a discard next-hop instead of default reject in your aggregate routes. That should help. ick, that ddos protection stuff in JunOS is broken...you should just disable it: system { ddos-protection { global { disable-routing-engine; disable-fpc; disable-logging; } } } 2014-12-10 23:16 GMT+01:00 Brendan Mannella bmanne...@teraswitch.com: Just wondering if anyone has ever seen these DDOS messages before and what i should be looking at to resolve. Dec 10 11:10:24 re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned to normal. Violated at fpc 1 for 931 times, from 2014-12-10 11:05:23 EST to 2014-12-10 11:05:23 EST Dec 10 11:23:44 re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET: Protocol Reject:aggregate is violated at fpc 1 for 932 times, started at 2014-12-10 11:23:43 EST Dec 10 11:28:49 re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned to normal. Violated at fpc 1 for 932 times, from 2014-12-10 11:23:43 EST to 2014-12-10 11:23:43 EST Dec 10 12:50:55 re0.edge2 xntpd[2681]: kernel time sync enabled 6001 Dec 10 13:08:00 re0.edge2 xntpd[2681]: kernel time sync enabled 2001 Dec 10 15:01:34 re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET: Protocol Reject:aggregate is violated at fpc 1 for 933 times, started at 2014-12-10 15:01:33 EST Dec 10 15:06:34 re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned to normal. Violated at fpc 1 for 933 times, from 2014-12-10 15:01:33 EST to 2014-12-10 15:01:33 EST ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] MX Memory Allocation Problems
Hi, We have an MX80-5 router with 108 BGP sessions. All the BGP sessions for less than few routes. Only 2 BGP is full routing. We are running 12.2R2 version ... of JUNOS Software. After a reboot this morning putting the box in the following mode: set chassis network-services enhanced-ip ... The chassis starts to allocate memory without any reason. Along the day it was 82%, 84% and now is beating a critical limit of 95%. I thing that we will need to restart the box again to cleanup memory allocation. Did you ever see this kind of issue before ? The total number of routes is not been suffering any update. And the box is running J-Flow IPFX mode. We have started a conversation with J-TAC but still remaining as no solution for the problem. Does anyone can give some update about it ? Any similar issue like this before ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX240 as VPLS Backbone
Hi, Does anyone has some experience using SRX240 for VPLS Backbone ? How much clients and mac address it scale ? Is it simple to configure ? How much bandwidth is possible to pass ... considering a rectangular topology (4 points). Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] JUNIPER POLICER and CoS Shaping Rate
People, Some topics where questioned today about how to limit traffic for vlan subscribers using MX5 routers. The main question is related to system architecture related to the main gear (internal machine) to control and limiting packets. Using policers (input or output) or shaping-rate we have quite the same result: miscalculating or error. If we create a rule like the following: set class-of-service interfaces ge-0/0/1 unit 530 shaping-rate 20m The output traffic rates 19.2~ Mbps only (using MRTG and SNMP statistics and graphics). We ever needs to allocate more bandwidth for the subscriber like. set class-of-service interfaces ge-0/0/1 unit 530 shaping-rate 22m To get the correct result ... Using policers generate almost the same result for output traffic. Is this because of system architecture or this is a graphic's mistake ? The burst size limit influence this result ? It must be calculated using what kind of parameter ? For example (same physical interface, same MTU, etc): Interface ge-0/0/0 unit 10 - VLAN 10 - 30 Mbps What is the correct burst ? Interface ge-0/0/0 unit 20 - VLAN 20 - 50 Mbps What is the correct burst ? Interface ge-0/0/0 unit 30 - VLAN 30 - 150 Mbps What is the correct burst ? Interface ge-0/0/0 unit 30 - VLAN 30 - 4 Mbps What is the correct burst ? Does anyone has solved this problems ? Is it possible to get a correct parameter and points to a correct limit for the contracted bandwidth ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] MX5 - Subscriber Management
People, Dow anyone on list is using MX series as a BRAS box ? We are looking forward some samples of configurations to apply shapping rate using only radius variables. We have found the configuration bellow ... but we did not find any RADIUS dictionary to apply it. The only way we found to controle the subscriber (PPP.) interface bandwidth was using firewall filters and policers. But with firewall filter and policers ... we need to create it statically before apply using radius. We are lookig for a soltuion where we can apply only one configuration directly on radius server only (without have to create a policer or a firewall filter). If anyone has the experience with this kind of config, could share about it ? Thanks a lot, Giuliano dynamic-profiles {subscriber_profile {interfaces {$junos-interface-ifd-name {unit $junos-underlying-interface-unit {family inet;}}}class-of-service {traffic-control-profiles {subscriber_tcp {shaping-rate $shaping-rate;guaranteed-rate $guaranteed-rate;}}interfaces {$junos-interface-ifd-name {unit $junos-underlying-interface-unit {output-traffic-control-profile subscriber_tcp; ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX MPLS
Phill, Could ou please share some juniper links or configurations on how about to configure SRX boxes with MPLS in a RING topology ? Are you using L3 MPLS VPN or L2 VPLS or EoMPLS ? Is it possible to share some configurations or links ? Thanks a lot, Giuliano On 15/08/12 15:29, Johan Borch wrote: Hi, I have a design question regarding MPLS. I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet mode and the main purpose is L3VPN/VPLS p1-p2-p3-p4-p5-p1 (p5 connects back to p1) My budget is low for this and the srx240 is cheap, we will push max 1Gbps. That should be ok. I've had hundreds of megabits of MPLS out of the SRX210. For example in some sites there will be two SRX and the plan is to use these two as P/PE and use VRRP for customer equipment. At the same time they will be P routers for other sites. Example site: P1P3-P4--P5 \ / (vrrp) Customer equipment Do I make any sense? Will this work? :) Should do. We use them in similar (but not identical) configurations. I've never tested VRRP on them, however. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] How to restart a JUNOS process using Shell and CRONTAB
Hi everyone, Does anyone know how to restart a JUNOS process using Shell and CRONTAB ? Do we need to create some kind of shell script to do that ? This seems not to be working for me: ps -ax | grep dfwd 1146 ?? I 0:00.27 /usr/sbin/dfwd -N kill -s HUP 1146 Does anyone uses the CRONTAB for that ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] How to restart a JUNOS process using Shell and CRONTAB
Looks like is better to use event-options: set event-options generate-event TestEvent time-of-day 09:05:00 -0300 set event-options policy Policy1 events TestEvent set event-options policy Policy1 then execute-commands commands run restart firewall set event-options policy Policy1 then execute-commands output-filename test1 set event-options policy Policy1 then execute-commands destination local-directory set event-options destinations local-directory archive-sites /var/tmp/ Hi everyone, Does anyone know how to restart a JUNOS process using Shell and CRONTAB ? Do we need to create some kind of shell script to do that ? This seems not to be working for me: ps -ax | grep dfwd 1146 ?? I 0:00.27 /usr/sbin/dfwd -N kill -s HUP 1146 Does anyone uses the CRONTAB for that ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Static Route Names
People, Besides the use of groups feature on JUNOS, how can name a static route ? IOS has an option 'name' for static routes ... how can we do the same thing in junos ? Is it possible ? There is some kind of description ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] M-Series DHCP Server
Hi, We are trying to configure JUNIPER M-Series with dhcp-local-server without any good results. Basically we are configuring: set system services dhcp-local-server and set access address-assignment It is not working and the router is dropping the DHCP Requests ... Does anyone has some experience with this ? How can I make it work ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX650 Dual SRE6
People, Does anyone knows if SRX650 box supports dual SRE6 (Services and Routing Engine 6) ? It is possible with JUNOS 11.4 (last version available) to use both routing engines ? Any special configuration to do ... for this both SRE6 to work ? We have tried dual SRE6 ... but what happen is that system do not recognizes second routing engine. The second SRE stays in shutdown mode ... or inactive mode. Can you please give to me some feedback ? Anyone experience sometinh similar ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Securing management access to Juniper gear
You can use a firewall filter to avoid or to permit the correct ip address to your gear. There is a good document at Juniper web site explaining how you can do that (best practices) ... beside others: http://www.cymru.com/gillsr/documents/junos-template.pdf http://www.juniper.net/us/en/community/junos/training-certification/day-one/ http://www.juniper.net/us/en/community/junos/training-certification/day-one/fundamentals-series/securing-routing-engine/ What is the recommend/preferred way to secure the SSH Web access to a piece of JunOS gear? I have a couple routers (MX80) and switches (EX4200) that are remote. Can I attach packet filters to the system services (HTTP,SSH)? Do I attach the packet filter to the lo0 interface? Thanks -Matt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] JUNIPER EX8208 - Redundant RE Option
People, Does anyone knows about how much advances licenses are necessary for a EX8208 chassis configured with 2 Routing Engines ? EX8208-AFL EX8208 Advanced Feature License It will be necessary 1 or 2 licenses ? Theses licenses are available for chassis or for RE ? If we use OSPFv3 ... considering 1 single licenses ... if the main RE fails ... the backup RE will stop doing OSPFv3 because lack of license ? Does anyone have experienced this before ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp