Re: [j-nsp] Vpls-ldp signaling
Hi Steiner ... It's not that Junipers BGP based (Kompella) L2 P2P is proprietary - all the drafts are there, it's just not many vendors have implemented it as the LDP version is a lot easier to code .. :-) Cheers Sean -- Not so long ago you wrote : snn> - Juniper supports both standard Martini tunnels (l2circuit in Juniper snn> speak) and proprietary BGP based signaling for L2 point to point. snn> Martini tunnels are interoperable with Cisco and other vendors. snn> All clear now? snn> Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Vpls-ldp signaling
> You can read JNCIS book from Sybex on page 650 as below : > " Within the JUNOS software, two main varieties of these VPNs exist. To > help differentiate > between the different Layer 2 VPNs, we?ll use the configuration syntax as > our guide. The first type of VPN is based on a draft specification by Kireeti > Kompella. It uses the Border Gateway Protocol (BGP) as the mechanism for PE > routers to communicate with each other about their customer connections. > We?ll refer to a Kompella-based configuration as a Layer 2 VPN. The second > main form of a VPN is based on a draft specification by Luca Martini and uses > the Label Distribution Protocol (LDP) between PE routers. Every router > establishes a unique connection for each customer using the VPN. The > Martini-based VPN is known as a Layer 2 Circuit within the configuration. " The two varieties of *point to point* L2 circuits (Martini and Juniper proprietary) are not the issue. The issue that started this thread was somebody asking about LDP for *VPLS* (point to multipoint) signaling. And a later reply which evidently misunderstood the question to be about point to point L2 circuits. So, all together now: - Juniper currently only supports BGP for VPLS (L2 point to multipoint) signaling. - Juniper supports both standard Martini tunnels (l2circuit in Juniper speak) and proprietary BGP based signaling for L2 point to point. Martini tunnels are interoperable with Cisco and other vendors. All clear now? Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] firewall filter
Hi Damien, I am using M7i with JunOS 6.3 I put the filter on the interface section, and yes, i am having several VRF and connected to other sites using mpls with rsvp signaling. -rendo- On 3/1/07, Damien Holloway <[EMAIL PROTECTED]> wrote: > > Mpls packets are switched through without inspecting the content in a vpn > environment. > There are a couple of solutions depending on your hardware and software > and configuration. > What hardwarw do you have ? > What software version? > Are you deploying vpn's? And doing this within a vrf? > > Regards > > Damien > > ___ > Damien Holloway > Senior Instructor / Proctor > Juniper Networks Hong Kong > ICBC Tower > Citibank Plaza, 3 Garden Road > SUITES 2507-11, 25/F > Central Hong Kong > +852 6793 0450 mobile > +852 2574 7803 fax > [EMAIL PROTECTED] > www.juniper.net > ___ > > > > -Original Message- > From: [EMAIL PROTECTED] < > [EMAIL PROTECTED]> > To: juniper-nsp@puck.nether.net > Sent: Thu Mar 01 11:37:14 2007 > Subject: [j-nsp] firewall filter > > Hi, > > I have a problem with firewall filter and MPLS. > > My target is to block specific source traffic towards the host on the > other > end of ATM interface, so I put an output filter in an ATM interface. > > what i got about any specific packet that i want to discard are: > - any packet from another ATM interface as well as any other external > traffic is filtered > but > - packet coming from mpls is NOT filtered at all > > Since i run mpls also in the same router, Is it a normal behaviour? do i > need to put the filter in forwarding table to filter the traffic from > mpls? > > thanks. > > -rendo- > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] firewall filter
Hi, I have a problem with firewall filter and MPLS. My target is to block specific source traffic towards the host on the other end of ATM interface, so I put an output filter in an ATM interface. what i got about any specific packet that i want to discard are: - any packet from another ATM interface as well as any other external traffic is filtered but - packet coming from mpls is NOT filtered at all Since i run mpls also in the same router, Is it a normal behaviour? do i need to put the filter in forwarding table to filter the traffic from mpls? thanks. -rendo- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Vpls-ldp signaling
Hi,
You can read JNCIS book from Sybex on page 650 as below :
" Within the JUNOS software, two main varieties of these VPNs exist. To help
differentiate
between the different Layer 2 VPNs, well use the configuration syntax as our
guide. The first type of VPN is based on a draft specification by Kireeti
Kompella. It uses the Border Gateway Protocol (BGP) as the mechanism for PE
routers to communicate with each other about their customer connections. Well
refer to a Kompella-based configuration as a Layer 2 VPN. The second main form
of a VPN is based on a draft specification by Luca Martini and uses the Label
Distribution Protocol (LDP) between PE routers. Every router establishes a
unique connection for each customer using the VPN. The Martini-based VPN is
known as a Layer 2 Circuit within the configuration. "
And also from page 672 as below :
" The main difference between a Layer 2 VPN and a Layer 2 Circuit lies in the
control plane and the methods used to set up the virtual connection across the
provider network. The configuration of the physical interfaces as well as the
actual forwarding of traffic doesnt change. ..
Customer circuit information is advertised in a Layer 2 Circuit environment
using the Label Distribution Protocol (LDP). The two PE routers use targeted
LDP Hello messages to form a session with each other. Once the session is
established, the peers exchange Forwarding Equivalence Class (FEC) information,
which advertises available prefixes with an MPLS label mapping. The PE routers
use this FEC advertisement to establish the virtual connection by including a
new TLV that contains circuit specific information. "
Hope it would explain.
Regards,
- Teguh -
Peder Christian Bach <[EMAIL PROTECTED]> wrote:
Hi.
This is ordinary martini vpn. P2P.
Marini use LDP ( target LDP)
So this is not VPLS..
For example VPLS - BGP is configured like this:
routing-instances {
Cust {
description "VPLS";
instance-type vpls;
interface ge-0/0/0.2001;
interface ge-0/0/0.2002;
route-distinguisher 211:300;
vrf-target target:211:300;
protocols {
vpls {
site A {
site-identifier 2;
}
}
}
}
-Peder
-Opprinnelig melding-
Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne av Muhammad Teguh
Pribadi
Sendt: 28. februar 2007 09:17
Til: Junos Guy
Kopi: Juniper Milis
Emne: Re: [j-nsp] Vpls-ldp signaling
Hi,
Maybe you can use my configuration testing, i used it in my office lab, and it
works, even in other router using Junos 8.0
Hope it will help you.
Regards,
-Teguh-
Junos Guy wrote:
Thanks Jake.
Hope someone from Juniper can confirm this.
Regards,
Aditya.
On 2/27/07, Bourgeois, Jacob (Jake)** CTR **
wrote:
>
> This seems like a doc bug, AKAIK, and per 7.6 docs, BGP is still used to
> signal VPLS on juniper platforms.
>
>
> http://www.juniper.net/techpubs/software/junos/junos76/swref76-hierarchy/htm
> l/rfc-list2.html#1213459
>
> draft-ietf-l2vpn-vpls-bgp is listed.
> draft-ietf-l2vpn-vpls-ldp is not listed.
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Junos Guy
> Sent: Monday, February 26, 2007 8:41 PM
> To: juniper-nsp@puck.nether.net
> Subject: [j-nsp] Vpls-ldp signaling
>
> Hello ,
>
> How do we configure vpls with ldp signaling ?
>
>
>
> As per JunOS 7.6 Feature Release.
>
> LDP Signaling for VPLS
> Uses Label Distribution Protocol (LDP) instead of Border Gateway Protocol
> (BGP) as the signaling protocol for VPLS
> Implemented per draft-ietf-l2vpn-ldp-05
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
-
Any questions? Get answers on any topic at Yahoo! Answers. Try it now.
-
Get your own web address.
Have a HUGE year through Yahoo! Small Business.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ERX inter-VR links
Yes, but you must physically leave the router. You can easilly do this with a small switch and vlans on the 1 physical ERX intf on diff VRs.. On 2/28/07, phil colbourn <[EMAIL PROTECTED]> wrote: > Is it possible to establish links between VRs? For example to simulate a > network of routers. > > > > This e-mail and any attachments may contain confidential information that is > intended solely for the use of the intended recipient and may be subject to > copyright. If you receive this e-mail in error, please notify the sender > immediately and delete the e-mail and its attachments from your system. You > must not disclose, copy or use any part of this e-mail if you are not the > intended recipient. Any opinion expressed in this e-mail and any attachments > is not an opinion of RailCorp unless stated or apparent from its content. > RailCorp is not responsible for any unauthorised alterations to this e-mail > or any attachments. RailCorp will not incur any liability resulting directly > or indirectly as a result of the recipient accessing any of the attached > files that may contain a virus. > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] ERX inter-VR links
Is it possible to establish links between VRs? For example to simulate a network of routers. This e-mail and any attachments may contain confidential information that is intended solely for the use of the intended recipient and may be subject to copyright. If you receive this e-mail in error, please notify the sender immediately and delete the e-mail and its attachments from your system. You must not disclose, copy or use any part of this e-mail if you are not the intended recipient. Any opinion expressed in this e-mail and any attachments is not an opinion of RailCorp unless stated or apparent from its content. RailCorp is not responsible for any unauthorised alterations to this e-mail or any attachments. RailCorp will not incur any liability resulting directly or indirectly as a result of the recipient accessing any of the attached files that may contain a virus. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] JunOS 8.0 upgrade for SSG520/550M
- Original Message - From: Leigh Porter <[EMAIL PROTECTED]> [...] > You can put JunOS on them? > > Doesn't it become a router then? It becomes a J-Series. I imagine the hardware's identical, or nearly so. I wouldn't be surprised if the only difference between the SSG5x0M/Jx350 and SSG5x0 non-M is the CF card: 128MB for the non-M. I haven't tried booting JunOS on my SSG 550. Er, successfully, at least. Turns out my USB flash writer wouldn't write the binary properly. I hear that JunOS will be getting a full set of ScreenOS features, but that's been in the works for a while. I wonder how it'll be handled -- perhaps as a feature set license? I could certainly have a lot of fun designing a JunOS-ScreenOS hybrid -- it should be nice. The (documented) one-way conversion may simply be because ScreenOS doesn't have a flash recovery procedure and associated images (that I've seen). Peter E. Fry ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] problem with commit in JUNOS 8.1R1.5
Erdem Sener wrote:
> Hi Georgi,
>
> On the logs:
>
> Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp
> -T
> -t /vat/tmp/juniper.conf1.gz'
>
> I believe there's a typo "/vat" here, which might cause the problem.
> Can you please check ?
Yes, this is a mistake that I thing is not related to the case. Just
forget to cut that part of the log. This problem appears on every M320
with two REs and 8.1R1.5 - more than 20 boxes.
Thanks
> Cheers,
> Erdem
>
> On 2/28/07, Georgi Yalamov <[EMAIL PROTECTED]> wrote:
>> Hello,
>>
>> In addition to "slow commit" problem in same network, same devices and
>> JUNOS I must add some additional information. Actually the problem is
>> because of this configuration statement:
>>
>> [EMAIL PROTECTED] show system accounting
>> events [ login change-log interactive-commands ];
>> destination {
>>tacplus {
>>server {
>>A.B.C.D {
>>secret "$7$skg7JKlo30Vo5369CAu"; ## SECRET-DATA
>>source-address X.X.X.X;
>>}
>>}
>>}
>> }
>>
>>
>> Without this tacacs accounting commit synchronize works normally. This
>> problem appears only to m320 with two routing engines, without
>> graceful-switchover and name-servers.
>>
>> Here is log message from re1 which is backup at this moment and do
>> commit sync on re0.
>>
>> % date
>> Tue Feb 27 12:50:36 EET 2007
>> % tail -f /var/log/messages
>> Feb 26 10:40:26 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGIN_EVENT: User
>> 'ilko' entering configuration mode
>> Feb 26 10:40:34 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGOUT_EVENT: User
>> 'ilko' exiting configuration mode
>> Feb 26 10:40:58 Ruse-R-Edge mgd[7105]: UI_TACPLUS_ERROR: TACACS+
>> failure: connect: timed out
>> Feb 26 10:41:01 Ruse-R-Edge mgd[7105]: UI_LOAD_EVENT: User 'root' is
>> performing a 'load update'
>> Feb 26 10:49:24 Ruse-R-Edge mgd[7105]: UI_COMMIT: User 'ilko' performed
>> commit: no comment
>> Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp
>> -T
>> -t /vat/tmp/juniper.conf1.gz'
>> Feb 27 12:49:06 Ruse-R-Edge mgd[7445]: UI_TACPLUS_ERROR: TACACS+
>> failure: connect: timed out
>> Feb 27 12:49:09 Ruse-R-Edge mgd[7445]: UI_LOAD_EVENT: User 'root' is
>> performing a 'load update'
>> Feb 27 12:50:06 Ruse-R-Edge login: LOGIN_INFORMATION: User ilko logged
>> in from host re0 on device ttyp0
>> Feb 27 12:50:09 Ruse-R-Edge mgd[7448]: UI_TACPLUS_ERROR: TACACS+
>> failure: connect: timed out
>>
>>
>> This is commit without "system accounting " statements in configuration.
>> Feb 27 12:57:32 Ruse-R-Edge mgd[7445]: UI_COMMIT: User 'ilko' performed
>> commit: no comment
>> Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_LOAD_EVENT: User 'root' is
>> performing a 'load update'
>> Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_COMMIT: User 'ilko' performed
>> commit: no comment
>>
>>
>> Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_LOAD_EVENT: User 'root' is
>> performing a 'load update'
>> Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_COMMIT: User 'ilko' performed
>> commit: no comment
>>
>>
>> This seems to me that this is some kind of bug. I'll be grateful if
>> somebody can give an advice.
>>
>>
>> Kind regards,
>>
>> --
>> George Yalamov
>> Bulgarian Telecommunications Company AD
>> Senior Engineer Core/Metro Technologies
>>
>> tel: 359 2 949 6844
>>
>>
>>
>>
>> Vesselin Kostov wrote:
>> > Hello All,
>> >
>> > We have problem when commiting the configuration after we upgraded
>> to JUNOS
>> > 8.1R1.5.
>> >
>> > It is taking about 8 minutes for commit:
>> >
>> > 2007-02-20 10:30:54 EET: push configuration to re1 2007-02-20
>> 10:38:28 EET:
>> > asking re1 to commit
>> >
>> > With the old JUNOS the commit was taking less than 2 minutes:
>> >
>> > 2007-02-20 10:37:01 EET: push configuration to re1 2007-02-20
>> 10:37:05 EET:
>> > asking re1 to commit
>> >
>> > Does anyone else had this problem or it is normal?
>> >
>> >
>> >
>> > [EMAIL PROTECTED] commit | display detail re0: 2007-02-20 10:30:50 EET:
>> > obtaining db lock on re1
>> > 2007-02-20 10:30:53 EET: exporting juniper.conf 2007-02-20 10:30:53
>> EET:
>> > expanding groups 2007-02-20 10:30:53 EET: finished expanding groups
>> > 2007-02-20 10:30:53 EET: setup foreign files 2007-02-20 10:30:53 EET:
>> > propagating foreign files 2007-02-20 10:30:53 EET: complete foreign
>> files
>> > 2007-02-20 10:30:53 EET: dropping unchanged foreign files 2007-02-20
>> > 10:30:53 EET: executing 'ffp propagate'
>> > 2007-02-20 10:30:53 EET: daemons checking new configuration 2007-02-20
>> > 10:30:53 EET: Routing protocol daemon checking new configuration
>> 2007-02-20
>> > 10:30:53 EET: Init daemon checking new configuration 2007-02-20
>> 10:30:53
>> > EET: Interface daemon checking new configuration 2007-02-20
>> 10:30:53 EET:
>> > Pic Services Logging daemon checking new configuration 2007-02-20
>> 10:30:54
>> > EET: Web management daemon checking new configuration 2007-02-20
>> 10:30:54
>> > EET: Autoinstallation daemon
Re: [j-nsp] problem with commit in JUNOS 8.1R1.5
Hi Georgi,
On the logs:
Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp -T
-t /vat/tmp/juniper.conf1.gz'
I believe there's a typo "/vat" here, which might cause the problem.
Can you please check ?
Cheers,
Erdem
On 2/28/07, Georgi Yalamov <[EMAIL PROTECTED]> wrote:
> Hello,
>
> In addition to "slow commit" problem in same network, same devices and
> JUNOS I must add some additional information. Actually the problem is
> because of this configuration statement:
>
> [EMAIL PROTECTED] show system accounting
> events [ login change-log interactive-commands ];
> destination {
>tacplus {
>server {
>A.B.C.D {
>secret "$7$skg7JKlo30Vo5369CAu"; ## SECRET-DATA
>source-address X.X.X.X;
>}
>}
>}
> }
>
>
> Without this tacacs accounting commit synchronize works normally. This
> problem appears only to m320 with two routing engines, without
> graceful-switchover and name-servers.
>
> Here is log message from re1 which is backup at this moment and do
> commit sync on re0.
>
> % date
> Tue Feb 27 12:50:36 EET 2007
> % tail -f /var/log/messages
> Feb 26 10:40:26 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGIN_EVENT: User
> 'ilko' entering configuration mode
> Feb 26 10:40:34 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGOUT_EVENT: User
> 'ilko' exiting configuration mode
> Feb 26 10:40:58 Ruse-R-Edge mgd[7105]: UI_TACPLUS_ERROR: TACACS+
> failure: connect: timed out
> Feb 26 10:41:01 Ruse-R-Edge mgd[7105]: UI_LOAD_EVENT: User 'root' is
> performing a 'load update'
> Feb 26 10:49:24 Ruse-R-Edge mgd[7105]: UI_COMMIT: User 'ilko' performed
> commit: no comment
> Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp
> -T
> -t /vat/tmp/juniper.conf1.gz'
> Feb 27 12:49:06 Ruse-R-Edge mgd[7445]: UI_TACPLUS_ERROR: TACACS+
> failure: connect: timed out
> Feb 27 12:49:09 Ruse-R-Edge mgd[7445]: UI_LOAD_EVENT: User 'root' is
> performing a 'load update'
> Feb 27 12:50:06 Ruse-R-Edge login: LOGIN_INFORMATION: User ilko logged
> in from host re0 on device ttyp0
> Feb 27 12:50:09 Ruse-R-Edge mgd[7448]: UI_TACPLUS_ERROR: TACACS+
> failure: connect: timed out
>
>
> This is commit without "system accounting " statements in configuration.
> Feb 27 12:57:32 Ruse-R-Edge mgd[7445]: UI_COMMIT: User 'ilko' performed
> commit: no comment
> Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_LOAD_EVENT: User 'root' is
> performing a 'load update'
> Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_COMMIT: User 'ilko' performed
> commit: no comment
>
>
> Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_LOAD_EVENT: User 'root' is
> performing a 'load update'
> Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_COMMIT: User 'ilko' performed
> commit: no comment
>
>
> This seems to me that this is some kind of bug. I'll be grateful if
> somebody can give an advice.
>
>
> Kind regards,
>
> --
> George Yalamov
> Bulgarian Telecommunications Company AD
> Senior Engineer Core/Metro Technologies
>
> tel: 359 2 949 6844
>
>
>
>
> Vesselin Kostov wrote:
> > Hello All,
> >
> > We have problem when commiting the configuration after we upgraded to JUNOS
> > 8.1R1.5.
> >
> > It is taking about 8 minutes for commit:
> >
> > 2007-02-20 10:30:54 EET: push configuration to re1 2007-02-20 10:38:28 EET:
> > asking re1 to commit
> >
> > With the old JUNOS the commit was taking less than 2 minutes:
> >
> > 2007-02-20 10:37:01 EET: push configuration to re1 2007-02-20 10:37:05 EET:
> > asking re1 to commit
> >
> > Does anyone else had this problem or it is normal?
> >
> >
> >
> > [EMAIL PROTECTED] commit | display detail re0: 2007-02-20 10:30:50 EET:
> > obtaining db lock on re1
> > 2007-02-20 10:30:53 EET: exporting juniper.conf 2007-02-20 10:30:53 EET:
> > expanding groups 2007-02-20 10:30:53 EET: finished expanding groups
> > 2007-02-20 10:30:53 EET: setup foreign files 2007-02-20 10:30:53 EET:
> > propagating foreign files 2007-02-20 10:30:53 EET: complete foreign files
> > 2007-02-20 10:30:53 EET: dropping unchanged foreign files 2007-02-20
> > 10:30:53 EET: executing 'ffp propagate'
> > 2007-02-20 10:30:53 EET: daemons checking new configuration 2007-02-20
> > 10:30:53 EET: Routing protocol daemon checking new configuration 2007-02-20
> > 10:30:53 EET: Init daemon checking new configuration 2007-02-20 10:30:53
> > EET: Interface daemon checking new configuration 2007-02-20 10:30:53 EET:
> > Pic Services Logging daemon checking new configuration 2007-02-20 10:30:54
> > EET: Web management daemon checking new configuration 2007-02-20 10:30:54
> > EET: Autoinstallation daemon checking new configuration configuration check
> > succeeds 2007-02-20 10:30:54 EET: executing 'ffp synchronize'
> > 2007-02-20 10:30:54 EET: push configuration to re1 2007-02-20 10:38:28 EET:
> > asking re1 to commit
> > re1: 2007-02-20 10:38:34 EET: exporting juniper.conf 2007-02-20 10:38:34
> > EET: expanding groups 2007-02-20 10:38:34 EET: finished expanding groups
> > 2007-02-20 10:38:34 EET: set
Re: [j-nsp] JunOS 8.0 upgrade for SSG520/550M
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can put JunOS on them? Doesn't it become a router then? - -- Leigh Affan Basalamah wrote: > Hi all, > > I just want to know what is the advantages for SSG520M and SSG550M to > be upgradeable to JunOS 8.0 rather than ScreenOS. What about all of > the functionality, is it has the same features from ScreenOS ? And > what about the price ? Is the price differ too much from non-M SSGs ? > > Many thanks, > > -affan > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5YpOZ0chUame06wRAtUPAKC7be5aRjpABChWGlcOg8xsAwP3ggCfRVLp r4Mi9FAzPus8aEmT8Ma/INw= =2G0+ -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Vpls-ldp signaling
Hi.
This is ordinary martini vpn. P2P.
Marini use LDP ( target LDP)
So this is not VPLS..
For example VPLS - BGP is configured like this:
routing-instances {
Cust {
description "VPLS";
instance-type vpls;
interface ge-0/0/0.2001;
interface ge-0/0/0.2002;
route-distinguisher 211:300;
vrf-target target:211:300;
protocols {
vpls {
site A {
site-identifier 2;
}
}
}
}
-Peder
-Opprinnelig melding-
Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne av Muhammad Teguh
Pribadi
Sendt: 28. februar 2007 09:17
Til: Junos Guy
Kopi: Juniper Milis
Emne: Re: [j-nsp] Vpls-ldp signaling
Hi,
Maybe you can use my configuration testing, i used it in my office lab, and
it works, even in other router using Junos 8.0
Hope it will help you.
Regards,
-Teguh-
Junos Guy <[EMAIL PROTECTED]> wrote:
Thanks Jake.
Hope someone from Juniper can confirm this.
Regards,
Aditya.
On 2/27/07, Bourgeois, Jacob (Jake)** CTR **
wrote:
>
> This seems like a doc bug, AKAIK, and per 7.6 docs, BGP is still used to
> signal VPLS on juniper platforms.
>
>
> http://www.juniper.net/techpubs/software/junos/junos76/swref76-hierarchy/htm
> l/rfc-list2.html#1213459
>
> draft-ietf-l2vpn-vpls-bgp is listed.
> draft-ietf-l2vpn-vpls-ldp is not listed.
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Junos Guy
> Sent: Monday, February 26, 2007 8:41 PM
> To: juniper-nsp@puck.nether.net
> Subject: [j-nsp] Vpls-ldp signaling
>
> Hello ,
>
> How do we configure vpls with ldp signaling ?
>
>
>
> As per JunOS 7.6 Feature Release.
>
> LDP Signaling for VPLS
> Uses Label Distribution Protocol (LDP) instead of Border Gateway Protocol
> (BGP) as the signaling protocol for VPLS
> Implemented per draft-ietf-l2vpn-ldp-05
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
-
Any questions? Get answers on any topic at Yahoo! Answers. Try it now.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] JunOS 8.0 upgrade for SSG520/550M
Hi all, I just want to know what is the advantages for SSG520M and SSG550M to be upgradeable to JunOS 8.0 rather than ScreenOS. What about all of the functionality, is it has the same features from ScreenOS ? And what about the price ? Is the price differ too much from non-M SSGs ? Many thanks, -affan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Vpls-ldp signaling
Hi,
Maybe you can use my configuration testing, i used it in my office lab, and
it works, even in other router using Junos 8.0
Hope it will help you.
Regards,
-Teguh-
Junos Guy <[EMAIL PROTECTED]> wrote:
Thanks Jake.
Hope someone from Juniper can confirm this.
Regards,
Aditya.
On 2/27/07, Bourgeois, Jacob (Jake)** CTR **
wrote:
>
> This seems like a doc bug, AKAIK, and per 7.6 docs, BGP is still used to
> signal VPLS on juniper platforms.
>
>
> http://www.juniper.net/techpubs/software/junos/junos76/swref76-hierarchy/htm
> l/rfc-list2.html#1213459
>
> draft-ietf-l2vpn-vpls-bgp is listed.
> draft-ietf-l2vpn-vpls-ldp is not listed.
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Junos Guy
> Sent: Monday, February 26, 2007 8:41 PM
> To: juniper-nsp@puck.nether.net
> Subject: [j-nsp] Vpls-ldp signaling
>
> Hello ,
>
> How do we configure vpls with ldp signaling ?
>
>
>
> As per JunOS 7.6 Feature Release.
>
> LDP Signaling for VPLS
> Uses Label Distribution Protocol (LDP) instead of Border Gateway Protocol
> (BGP) as the signaling protocol for VPLS
> Implemented per draft-ietf-l2vpn-ldp-05
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
-
Any questions? Get answers on any topic at Yahoo! Answers. Try it now.[EMAIL PROTECTED] show | no-more
version 8.0R2.8;
system {
host-name PE1;
root-authentication {
encrypted-password "$1$W0fMH2sY$0IcZSuNoZ.C/D9bT2MOaZ0"; ## SECRET-DATA
}
login {
user lab {
uid 1000;
class super-user;
authentication {
encrypted-password "$1$pNct5zLJ$qH3NVNErnIJaKLhJajerA/"; ##
SECRET-DATA
}
}
}
services {
telnet;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
}
}
interfaces {
ge-1/0/0 {
vlan-tagging;
encapsulation vlan-ccc;
unit 0 {
encapsulation vlan-ccc;
vlan-id 520;
}
}
so-1/1/0 {
unit 0 {
family inet {
address 10.10.10.1/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 1.1.1.1/32;
}
}
}
}
routing-options {
router-id 1.1.1.1;
autonomous-system 65000;
}
protocols {
mpls {
interface so-1/1/0.0;
}
bgp {
group IBGP {
type internal;
neighbor 2.2.2.2 {
local-address 1.1.1.1;
family l2vpn {
signaling;
}
}
}
}
ospf {
area 0.0.0.0 {
interface lo0.0;
interface so-1/1/0.0;
}
}
ldp {
interface so-1/1/0.0;
interface lo0.0;
}
l2circuit {
neighbor 2.2.2.2 {
interface ge-1/0/0.0 {
virtual-circuit-id 1;
no-control-word;
}
}
}
}
[edit]
[EMAIL PROTECTED]
[edit]
[EMAIL PROTECTED]
[edit]
[EMAIL PROTECTED] run show l2circuit connections
Layer-2 Circuit Connections:
Legend for connection status (St)
EI -- encapsulation invalid NP -- interface h/w not present
MM -- mtu mismatch Dn -- down
EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down
CM -- control-word mismatch Up -- operational
VM -- vlan id mismatch CF -- Call admission control failure
OL -- no outgoing label XX -- unknown
NC -- intf encaps not CCC/TCC
CB -- rcvd cell-bundle size bad
Legend for interface status
Up -- operational
Dn -- down
Neighbor: 2.2.2.2
Interface Type St Time last up # Up trans
ge-1/0/0.0(vc 1) rmt Up Jan 30 10:40:38 2007 1
Local interface: ge-1/0/0.0, Status: Up, Encapsulation: VLAN
Remote PE: 2.2.2.2, Negotiated control-word: No
Incoming label: 100032, Outgoing label: 100032
[edit]
[EMAIL PROTECTED] run show l2circuit connections extensive
Layer-2 Circuit Connections:
Legend for connection status (St)
EI -- encapsulation invalid NP -- interface h/w not present
MM -- mtu mismatch Dn -- down
EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down
CM -- control-word mismatch Up -- operational
VM -- vlan id mismatch CF -- Call admission control failure
OL -- no outgoing label XX -- unknown
Re: [j-nsp] problem with commit in JUNOS 8.1R1.5
Hello,
In addition to "slow commit" problem in same network, same devices and
JUNOS I must add some additional information. Actually the problem is
because of this configuration statement:
[EMAIL PROTECTED] show system accounting
events [ login change-log interactive-commands ];
destination {
tacplus {
server {
A.B.C.D {
secret "$7$skg7JKlo30Vo5369CAu"; ## SECRET-DATA
source-address X.X.X.X;
}
}
}
}
Without this tacacs accounting commit synchronize works normally. This
problem appears only to m320 with two routing engines, without
graceful-switchover and name-servers.
Here is log message from re1 which is backup at this moment and do
commit sync on re0.
% date
Tue Feb 27 12:50:36 EET 2007
% tail -f /var/log/messages
Feb 26 10:40:26 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGIN_EVENT: User
'ilko' entering configuration mode
Feb 26 10:40:34 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGOUT_EVENT: User
'ilko' exiting configuration mode
Feb 26 10:40:58 Ruse-R-Edge mgd[7105]: UI_TACPLUS_ERROR: TACACS+
failure: connect: timed out
Feb 26 10:41:01 Ruse-R-Edge mgd[7105]: UI_LOAD_EVENT: User 'root' is
performing a 'load update'
Feb 26 10:49:24 Ruse-R-Edge mgd[7105]: UI_COMMIT: User 'ilko' performed
commit: no comment
Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp -T
-t /vat/tmp/juniper.conf1.gz'
Feb 27 12:49:06 Ruse-R-Edge mgd[7445]: UI_TACPLUS_ERROR: TACACS+
failure: connect: timed out
Feb 27 12:49:09 Ruse-R-Edge mgd[7445]: UI_LOAD_EVENT: User 'root' is
performing a 'load update'
Feb 27 12:50:06 Ruse-R-Edge login: LOGIN_INFORMATION: User ilko logged
in from host re0 on device ttyp0
Feb 27 12:50:09 Ruse-R-Edge mgd[7448]: UI_TACPLUS_ERROR: TACACS+
failure: connect: timed out
This is commit without "system accounting " statements in configuration.
Feb 27 12:57:32 Ruse-R-Edge mgd[7445]: UI_COMMIT: User 'ilko' performed
commit: no comment
Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_LOAD_EVENT: User 'root' is
performing a 'load update'
Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_COMMIT: User 'ilko' performed
commit: no comment
Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_LOAD_EVENT: User 'root' is
performing a 'load update'
Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_COMMIT: User 'ilko' performed
commit: no comment
This seems to me that this is some kind of bug. I'll be grateful if
somebody can give an advice.
Kind regards,
--
George Yalamov
Bulgarian Telecommunications Company AD
Senior Engineer Core/Metro Technologies
tel: 359 2 949 6844
Vesselin Kostov wrote:
> Hello All,
>
> We have problem when commiting the configuration after we upgraded to JUNOS
> 8.1R1.5.
>
> It is taking about 8 minutes for commit:
>
> 2007-02-20 10:30:54 EET: push configuration to re1 2007-02-20 10:38:28 EET:
> asking re1 to commit
>
> With the old JUNOS the commit was taking less than 2 minutes:
>
> 2007-02-20 10:37:01 EET: push configuration to re1 2007-02-20 10:37:05 EET:
> asking re1 to commit
>
> Does anyone else had this problem or it is normal?
>
>
>
> [EMAIL PROTECTED] commit | display detail re0: 2007-02-20 10:30:50 EET:
> obtaining db lock on re1
> 2007-02-20 10:30:53 EET: exporting juniper.conf 2007-02-20 10:30:53 EET:
> expanding groups 2007-02-20 10:30:53 EET: finished expanding groups
> 2007-02-20 10:30:53 EET: setup foreign files 2007-02-20 10:30:53 EET:
> propagating foreign files 2007-02-20 10:30:53 EET: complete foreign files
> 2007-02-20 10:30:53 EET: dropping unchanged foreign files 2007-02-20
> 10:30:53 EET: executing 'ffp propagate'
> 2007-02-20 10:30:53 EET: daemons checking new configuration 2007-02-20
> 10:30:53 EET: Routing protocol daemon checking new configuration 2007-02-20
> 10:30:53 EET: Init daemon checking new configuration 2007-02-20 10:30:53
> EET: Interface daemon checking new configuration 2007-02-20 10:30:53 EET:
> Pic Services Logging daemon checking new configuration 2007-02-20 10:30:54
> EET: Web management daemon checking new configuration 2007-02-20 10:30:54
> EET: Autoinstallation daemon checking new configuration configuration check
> succeeds 2007-02-20 10:30:54 EET: executing 'ffp synchronize'
> 2007-02-20 10:30:54 EET: push configuration to re1 2007-02-20 10:38:28 EET:
> asking re1 to commit
> re1: 2007-02-20 10:38:34 EET: exporting juniper.conf 2007-02-20 10:38:34
> EET: expanding groups 2007-02-20 10:38:34 EET: finished expanding groups
> 2007-02-20 10:38:34 EET: setup foreign files 2007-02-20 10:38:34 EET:
> propagating foreign files 2007-02-20 10:38:35 EET: complete foreign files
> 2007-02-20 10:38:35 EET: dropping unchanged foreign files 2007-02-20
> 10:38:35 EET: executing 'ffp propagate'
> 2007-02-20 10:38:35 EET: daemons checking new configuration 2007-02-20
> 10:38:35 EET: Routing protocol daemon checking new configuration 2007-02-20
> 10:38:35 EET: Init daemon checking new configuration 2007-02-20 10:38:35
> EET: Interface daemon checking new configuration 2
