Re: [j-nsp] Vpls-ldp signaling
Hi Steiner ... It's not that Junipers BGP based (Kompella) L2 P2P is proprietary - all the drafts are there, it's just not many vendors have implemented it as the LDP version is a lot easier to code .. :-) Cheers Sean -- Not so long ago you wrote : snn> - Juniper supports both standard Martini tunnels (l2circuit in Juniper snn> speak) and proprietary BGP based signaling for L2 point to point. snn> Martini tunnels are interoperable with Cisco and other vendors. snn> All clear now? snn> Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Vpls-ldp signaling
> You can read JNCIS book from Sybex on page 650 as below : > " Within the JUNOS software, two main varieties of these VPNs exist. To > help differentiate > between the different Layer 2 VPNs, we?ll use the configuration syntax as > our guide. The first type of VPN is based on a draft specification by Kireeti > Kompella. It uses the Border Gateway Protocol (BGP) as the mechanism for PE > routers to communicate with each other about their customer connections. > We?ll refer to a Kompella-based configuration as a Layer 2 VPN. The second > main form of a VPN is based on a draft specification by Luca Martini and uses > the Label Distribution Protocol (LDP) between PE routers. Every router > establishes a unique connection for each customer using the VPN. The > Martini-based VPN is known as a Layer 2 Circuit within the configuration. " The two varieties of *point to point* L2 circuits (Martini and Juniper proprietary) are not the issue. The issue that started this thread was somebody asking about LDP for *VPLS* (point to multipoint) signaling. And a later reply which evidently misunderstood the question to be about point to point L2 circuits. So, all together now: - Juniper currently only supports BGP for VPLS (L2 point to multipoint) signaling. - Juniper supports both standard Martini tunnels (l2circuit in Juniper speak) and proprietary BGP based signaling for L2 point to point. Martini tunnels are interoperable with Cisco and other vendors. All clear now? Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] firewall filter
Hi Damien, I am using M7i with JunOS 6.3 I put the filter on the interface section, and yes, i am having several VRF and connected to other sites using mpls with rsvp signaling. -rendo- On 3/1/07, Damien Holloway <[EMAIL PROTECTED]> wrote: > > Mpls packets are switched through without inspecting the content in a vpn > environment. > There are a couple of solutions depending on your hardware and software > and configuration. > What hardwarw do you have ? > What software version? > Are you deploying vpn's? And doing this within a vrf? > > Regards > > Damien > > ___ > Damien Holloway > Senior Instructor / Proctor > Juniper Networks Hong Kong > ICBC Tower > Citibank Plaza, 3 Garden Road > SUITES 2507-11, 25/F > Central Hong Kong > +852 6793 0450 mobile > +852 2574 7803 fax > [EMAIL PROTECTED] > www.juniper.net > ___ > > > > -Original Message- > From: [EMAIL PROTECTED] < > [EMAIL PROTECTED]> > To: juniper-nsp@puck.nether.net > Sent: Thu Mar 01 11:37:14 2007 > Subject: [j-nsp] firewall filter > > Hi, > > I have a problem with firewall filter and MPLS. > > My target is to block specific source traffic towards the host on the > other > end of ATM interface, so I put an output filter in an ATM interface. > > what i got about any specific packet that i want to discard are: > - any packet from another ATM interface as well as any other external > traffic is filtered > but > - packet coming from mpls is NOT filtered at all > > Since i run mpls also in the same router, Is it a normal behaviour? do i > need to put the filter in forwarding table to filter the traffic from > mpls? > > thanks. > > -rendo- > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] firewall filter
Hi, I have a problem with firewall filter and MPLS. My target is to block specific source traffic towards the host on the other end of ATM interface, so I put an output filter in an ATM interface. what i got about any specific packet that i want to discard are: - any packet from another ATM interface as well as any other external traffic is filtered but - packet coming from mpls is NOT filtered at all Since i run mpls also in the same router, Is it a normal behaviour? do i need to put the filter in forwarding table to filter the traffic from mpls? thanks. -rendo- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Vpls-ldp signaling
Hi, You can read JNCIS book from Sybex on page 650 as below : " Within the JUNOS software, two main varieties of these VPNs exist. To help differentiate between the different Layer 2 VPNs, well use the configuration syntax as our guide. The first type of VPN is based on a draft specification by Kireeti Kompella. It uses the Border Gateway Protocol (BGP) as the mechanism for PE routers to communicate with each other about their customer connections. Well refer to a Kompella-based configuration as a Layer 2 VPN. The second main form of a VPN is based on a draft specification by Luca Martini and uses the Label Distribution Protocol (LDP) between PE routers. Every router establishes a unique connection for each customer using the VPN. The Martini-based VPN is known as a Layer 2 Circuit within the configuration. " And also from page 672 as below : " The main difference between a Layer 2 VPN and a Layer 2 Circuit lies in the control plane and the methods used to set up the virtual connection across the provider network. The configuration of the physical interfaces as well as the actual forwarding of traffic doesnt change. .. Customer circuit information is advertised in a Layer 2 Circuit environment using the Label Distribution Protocol (LDP). The two PE routers use targeted LDP Hello messages to form a session with each other. Once the session is established, the peers exchange Forwarding Equivalence Class (FEC) information, which advertises available prefixes with an MPLS label mapping. The PE routers use this FEC advertisement to establish the virtual connection by including a new TLV that contains circuit specific information. " Hope it would explain. Regards, - Teguh - Peder Christian Bach <[EMAIL PROTECTED]> wrote: Hi. This is ordinary martini vpn. P2P. Marini use LDP ( target LDP) So this is not VPLS.. For example VPLS - BGP is configured like this: routing-instances { Cust { description "VPLS"; instance-type vpls; interface ge-0/0/0.2001; interface ge-0/0/0.2002; route-distinguisher 211:300; vrf-target target:211:300; protocols { vpls { site A { site-identifier 2; } } } } -Peder -Opprinnelig melding- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne av Muhammad Teguh Pribadi Sendt: 28. februar 2007 09:17 Til: Junos Guy Kopi: Juniper Milis Emne: Re: [j-nsp] Vpls-ldp signaling Hi, Maybe you can use my configuration testing, i used it in my office lab, and it works, even in other router using Junos 8.0 Hope it will help you. Regards, -Teguh- Junos Guy wrote: Thanks Jake. Hope someone from Juniper can confirm this. Regards, Aditya. On 2/27/07, Bourgeois, Jacob (Jake)** CTR ** wrote: > > This seems like a doc bug, AKAIK, and per 7.6 docs, BGP is still used to > signal VPLS on juniper platforms. > > > http://www.juniper.net/techpubs/software/junos/junos76/swref76-hierarchy/htm > l/rfc-list2.html#1213459 > > draft-ietf-l2vpn-vpls-bgp is listed. > draft-ietf-l2vpn-vpls-ldp is not listed. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Junos Guy > Sent: Monday, February 26, 2007 8:41 PM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] Vpls-ldp signaling > > Hello , > > How do we configure vpls with ldp signaling ? > > > > As per JunOS 7.6 Feature Release. > > LDP Signaling for VPLS > Uses Label Distribution Protocol (LDP) instead of Border Gateway Protocol > (BGP) as the signaling protocol for VPLS > Implemented per draft-ietf-l2vpn-ldp-05 > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp - Any questions? Get answers on any topic at Yahoo! Answers. Try it now. - Get your own web address. Have a HUGE year through Yahoo! Small Business. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ERX inter-VR links
Yes, but you must physically leave the router. You can easilly do this with a small switch and vlans on the 1 physical ERX intf on diff VRs.. On 2/28/07, phil colbourn <[EMAIL PROTECTED]> wrote: > Is it possible to establish links between VRs? For example to simulate a > network of routers. > > > > This e-mail and any attachments may contain confidential information that is > intended solely for the use of the intended recipient and may be subject to > copyright. If you receive this e-mail in error, please notify the sender > immediately and delete the e-mail and its attachments from your system. You > must not disclose, copy or use any part of this e-mail if you are not the > intended recipient. Any opinion expressed in this e-mail and any attachments > is not an opinion of RailCorp unless stated or apparent from its content. > RailCorp is not responsible for any unauthorised alterations to this e-mail > or any attachments. RailCorp will not incur any liability resulting directly > or indirectly as a result of the recipient accessing any of the attached > files that may contain a virus. > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] ERX inter-VR links
Is it possible to establish links between VRs? For example to simulate a network of routers. This e-mail and any attachments may contain confidential information that is intended solely for the use of the intended recipient and may be subject to copyright. If you receive this e-mail in error, please notify the sender immediately and delete the e-mail and its attachments from your system. You must not disclose, copy or use any part of this e-mail if you are not the intended recipient. Any opinion expressed in this e-mail and any attachments is not an opinion of RailCorp unless stated or apparent from its content. RailCorp is not responsible for any unauthorised alterations to this e-mail or any attachments. RailCorp will not incur any liability resulting directly or indirectly as a result of the recipient accessing any of the attached files that may contain a virus. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] JunOS 8.0 upgrade for SSG520/550M
- Original Message - From: Leigh Porter <[EMAIL PROTECTED]> [...] > You can put JunOS on them? > > Doesn't it become a router then? It becomes a J-Series. I imagine the hardware's identical, or nearly so. I wouldn't be surprised if the only difference between the SSG5x0M/Jx350 and SSG5x0 non-M is the CF card: 128MB for the non-M. I haven't tried booting JunOS on my SSG 550. Er, successfully, at least. Turns out my USB flash writer wouldn't write the binary properly. I hear that JunOS will be getting a full set of ScreenOS features, but that's been in the works for a while. I wonder how it'll be handled -- perhaps as a feature set license? I could certainly have a lot of fun designing a JunOS-ScreenOS hybrid -- it should be nice. The (documented) one-way conversion may simply be because ScreenOS doesn't have a flash recovery procedure and associated images (that I've seen). Peter E. Fry ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] problem with commit in JUNOS 8.1R1.5
Erdem Sener wrote: > Hi Georgi, > > On the logs: > > Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp > -T > -t /vat/tmp/juniper.conf1.gz' > > I believe there's a typo "/vat" here, which might cause the problem. > Can you please check ? Yes, this is a mistake that I thing is not related to the case. Just forget to cut that part of the log. This problem appears on every M320 with two REs and 8.1R1.5 - more than 20 boxes. Thanks > Cheers, > Erdem > > On 2/28/07, Georgi Yalamov <[EMAIL PROTECTED]> wrote: >> Hello, >> >> In addition to "slow commit" problem in same network, same devices and >> JUNOS I must add some additional information. Actually the problem is >> because of this configuration statement: >> >> [EMAIL PROTECTED] show system accounting >> events [ login change-log interactive-commands ]; >> destination { >>tacplus { >>server { >>A.B.C.D { >>secret "$7$skg7JKlo30Vo5369CAu"; ## SECRET-DATA >>source-address X.X.X.X; >>} >>} >>} >> } >> >> >> Without this tacacs accounting commit synchronize works normally. This >> problem appears only to m320 with two routing engines, without >> graceful-switchover and name-servers. >> >> Here is log message from re1 which is backup at this moment and do >> commit sync on re0. >> >> % date >> Tue Feb 27 12:50:36 EET 2007 >> % tail -f /var/log/messages >> Feb 26 10:40:26 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGIN_EVENT: User >> 'ilko' entering configuration mode >> Feb 26 10:40:34 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGOUT_EVENT: User >> 'ilko' exiting configuration mode >> Feb 26 10:40:58 Ruse-R-Edge mgd[7105]: UI_TACPLUS_ERROR: TACACS+ >> failure: connect: timed out >> Feb 26 10:41:01 Ruse-R-Edge mgd[7105]: UI_LOAD_EVENT: User 'root' is >> performing a 'load update' >> Feb 26 10:49:24 Ruse-R-Edge mgd[7105]: UI_COMMIT: User 'ilko' performed >> commit: no comment >> Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp >> -T >> -t /vat/tmp/juniper.conf1.gz' >> Feb 27 12:49:06 Ruse-R-Edge mgd[7445]: UI_TACPLUS_ERROR: TACACS+ >> failure: connect: timed out >> Feb 27 12:49:09 Ruse-R-Edge mgd[7445]: UI_LOAD_EVENT: User 'root' is >> performing a 'load update' >> Feb 27 12:50:06 Ruse-R-Edge login: LOGIN_INFORMATION: User ilko logged >> in from host re0 on device ttyp0 >> Feb 27 12:50:09 Ruse-R-Edge mgd[7448]: UI_TACPLUS_ERROR: TACACS+ >> failure: connect: timed out >> >> >> This is commit without "system accounting " statements in configuration. >> Feb 27 12:57:32 Ruse-R-Edge mgd[7445]: UI_COMMIT: User 'ilko' performed >> commit: no comment >> Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_LOAD_EVENT: User 'root' is >> performing a 'load update' >> Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_COMMIT: User 'ilko' performed >> commit: no comment >> >> >> Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_LOAD_EVENT: User 'root' is >> performing a 'load update' >> Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_COMMIT: User 'ilko' performed >> commit: no comment >> >> >> This seems to me that this is some kind of bug. I'll be grateful if >> somebody can give an advice. >> >> >> Kind regards, >> >> -- >> George Yalamov >> Bulgarian Telecommunications Company AD >> Senior Engineer Core/Metro Technologies >> >> tel: 359 2 949 6844 >> >> >> >> >> Vesselin Kostov wrote: >> > Hello All, >> > >> > We have problem when commiting the configuration after we upgraded >> to JUNOS >> > 8.1R1.5. >> > >> > It is taking about 8 minutes for commit: >> > >> > 2007-02-20 10:30:54 EET: push configuration to re1 2007-02-20 >> 10:38:28 EET: >> > asking re1 to commit >> > >> > With the old JUNOS the commit was taking less than 2 minutes: >> > >> > 2007-02-20 10:37:01 EET: push configuration to re1 2007-02-20 >> 10:37:05 EET: >> > asking re1 to commit >> > >> > Does anyone else had this problem or it is normal? >> > >> > >> > >> > [EMAIL PROTECTED] commit | display detail re0: 2007-02-20 10:30:50 EET: >> > obtaining db lock on re1 >> > 2007-02-20 10:30:53 EET: exporting juniper.conf 2007-02-20 10:30:53 >> EET: >> > expanding groups 2007-02-20 10:30:53 EET: finished expanding groups >> > 2007-02-20 10:30:53 EET: setup foreign files 2007-02-20 10:30:53 EET: >> > propagating foreign files 2007-02-20 10:30:53 EET: complete foreign >> files >> > 2007-02-20 10:30:53 EET: dropping unchanged foreign files 2007-02-20 >> > 10:30:53 EET: executing 'ffp propagate' >> > 2007-02-20 10:30:53 EET: daemons checking new configuration 2007-02-20 >> > 10:30:53 EET: Routing protocol daemon checking new configuration >> 2007-02-20 >> > 10:30:53 EET: Init daemon checking new configuration 2007-02-20 >> 10:30:53 >> > EET: Interface daemon checking new configuration 2007-02-20 >> 10:30:53 EET: >> > Pic Services Logging daemon checking new configuration 2007-02-20 >> 10:30:54 >> > EET: Web management daemon checking new configuration 2007-02-20 >> 10:30:54 >> > EET: Autoinstallation daemon
Re: [j-nsp] problem with commit in JUNOS 8.1R1.5
Hi Georgi, On the logs: Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp -T -t /vat/tmp/juniper.conf1.gz' I believe there's a typo "/vat" here, which might cause the problem. Can you please check ? Cheers, Erdem On 2/28/07, Georgi Yalamov <[EMAIL PROTECTED]> wrote: > Hello, > > In addition to "slow commit" problem in same network, same devices and > JUNOS I must add some additional information. Actually the problem is > because of this configuration statement: > > [EMAIL PROTECTED] show system accounting > events [ login change-log interactive-commands ]; > destination { >tacplus { >server { >A.B.C.D { >secret "$7$skg7JKlo30Vo5369CAu"; ## SECRET-DATA >source-address X.X.X.X; >} >} >} > } > > > Without this tacacs accounting commit synchronize works normally. This > problem appears only to m320 with two routing engines, without > graceful-switchover and name-servers. > > Here is log message from re1 which is backup at this moment and do > commit sync on re0. > > % date > Tue Feb 27 12:50:36 EET 2007 > % tail -f /var/log/messages > Feb 26 10:40:26 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGIN_EVENT: User > 'ilko' entering configuration mode > Feb 26 10:40:34 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGOUT_EVENT: User > 'ilko' exiting configuration mode > Feb 26 10:40:58 Ruse-R-Edge mgd[7105]: UI_TACPLUS_ERROR: TACACS+ > failure: connect: timed out > Feb 26 10:41:01 Ruse-R-Edge mgd[7105]: UI_LOAD_EVENT: User 'root' is > performing a 'load update' > Feb 26 10:49:24 Ruse-R-Edge mgd[7105]: UI_COMMIT: User 'ilko' performed > commit: no comment > Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp > -T > -t /vat/tmp/juniper.conf1.gz' > Feb 27 12:49:06 Ruse-R-Edge mgd[7445]: UI_TACPLUS_ERROR: TACACS+ > failure: connect: timed out > Feb 27 12:49:09 Ruse-R-Edge mgd[7445]: UI_LOAD_EVENT: User 'root' is > performing a 'load update' > Feb 27 12:50:06 Ruse-R-Edge login: LOGIN_INFORMATION: User ilko logged > in from host re0 on device ttyp0 > Feb 27 12:50:09 Ruse-R-Edge mgd[7448]: UI_TACPLUS_ERROR: TACACS+ > failure: connect: timed out > > > This is commit without "system accounting " statements in configuration. > Feb 27 12:57:32 Ruse-R-Edge mgd[7445]: UI_COMMIT: User 'ilko' performed > commit: no comment > Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_LOAD_EVENT: User 'root' is > performing a 'load update' > Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_COMMIT: User 'ilko' performed > commit: no comment > > > Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_LOAD_EVENT: User 'root' is > performing a 'load update' > Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_COMMIT: User 'ilko' performed > commit: no comment > > > This seems to me that this is some kind of bug. I'll be grateful if > somebody can give an advice. > > > Kind regards, > > -- > George Yalamov > Bulgarian Telecommunications Company AD > Senior Engineer Core/Metro Technologies > > tel: 359 2 949 6844 > > > > > Vesselin Kostov wrote: > > Hello All, > > > > We have problem when commiting the configuration after we upgraded to JUNOS > > 8.1R1.5. > > > > It is taking about 8 minutes for commit: > > > > 2007-02-20 10:30:54 EET: push configuration to re1 2007-02-20 10:38:28 EET: > > asking re1 to commit > > > > With the old JUNOS the commit was taking less than 2 minutes: > > > > 2007-02-20 10:37:01 EET: push configuration to re1 2007-02-20 10:37:05 EET: > > asking re1 to commit > > > > Does anyone else had this problem or it is normal? > > > > > > > > [EMAIL PROTECTED] commit | display detail re0: 2007-02-20 10:30:50 EET: > > obtaining db lock on re1 > > 2007-02-20 10:30:53 EET: exporting juniper.conf 2007-02-20 10:30:53 EET: > > expanding groups 2007-02-20 10:30:53 EET: finished expanding groups > > 2007-02-20 10:30:53 EET: setup foreign files 2007-02-20 10:30:53 EET: > > propagating foreign files 2007-02-20 10:30:53 EET: complete foreign files > > 2007-02-20 10:30:53 EET: dropping unchanged foreign files 2007-02-20 > > 10:30:53 EET: executing 'ffp propagate' > > 2007-02-20 10:30:53 EET: daemons checking new configuration 2007-02-20 > > 10:30:53 EET: Routing protocol daemon checking new configuration 2007-02-20 > > 10:30:53 EET: Init daemon checking new configuration 2007-02-20 10:30:53 > > EET: Interface daemon checking new configuration 2007-02-20 10:30:53 EET: > > Pic Services Logging daemon checking new configuration 2007-02-20 10:30:54 > > EET: Web management daemon checking new configuration 2007-02-20 10:30:54 > > EET: Autoinstallation daemon checking new configuration configuration check > > succeeds 2007-02-20 10:30:54 EET: executing 'ffp synchronize' > > 2007-02-20 10:30:54 EET: push configuration to re1 2007-02-20 10:38:28 EET: > > asking re1 to commit > > re1: 2007-02-20 10:38:34 EET: exporting juniper.conf 2007-02-20 10:38:34 > > EET: expanding groups 2007-02-20 10:38:34 EET: finished expanding groups > > 2007-02-20 10:38:34 EET: set
Re: [j-nsp] JunOS 8.0 upgrade for SSG520/550M
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can put JunOS on them? Doesn't it become a router then? - -- Leigh Affan Basalamah wrote: > Hi all, > > I just want to know what is the advantages for SSG520M and SSG550M to > be upgradeable to JunOS 8.0 rather than ScreenOS. What about all of > the functionality, is it has the same features from ScreenOS ? And > what about the price ? Is the price differ too much from non-M SSGs ? > > Many thanks, > > -affan > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5YpOZ0chUame06wRAtUPAKC7be5aRjpABChWGlcOg8xsAwP3ggCfRVLp r4Mi9FAzPus8aEmT8Ma/INw= =2G0+ -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Vpls-ldp signaling
Hi. This is ordinary martini vpn. P2P. Marini use LDP ( target LDP) So this is not VPLS.. For example VPLS - BGP is configured like this: routing-instances { Cust { description "VPLS"; instance-type vpls; interface ge-0/0/0.2001; interface ge-0/0/0.2002; route-distinguisher 211:300; vrf-target target:211:300; protocols { vpls { site A { site-identifier 2; } } } } -Peder -Opprinnelig melding- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne av Muhammad Teguh Pribadi Sendt: 28. februar 2007 09:17 Til: Junos Guy Kopi: Juniper Milis Emne: Re: [j-nsp] Vpls-ldp signaling Hi, Maybe you can use my configuration testing, i used it in my office lab, and it works, even in other router using Junos 8.0 Hope it will help you. Regards, -Teguh- Junos Guy <[EMAIL PROTECTED]> wrote: Thanks Jake. Hope someone from Juniper can confirm this. Regards, Aditya. On 2/27/07, Bourgeois, Jacob (Jake)** CTR ** wrote: > > This seems like a doc bug, AKAIK, and per 7.6 docs, BGP is still used to > signal VPLS on juniper platforms. > > > http://www.juniper.net/techpubs/software/junos/junos76/swref76-hierarchy/htm > l/rfc-list2.html#1213459 > > draft-ietf-l2vpn-vpls-bgp is listed. > draft-ietf-l2vpn-vpls-ldp is not listed. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Junos Guy > Sent: Monday, February 26, 2007 8:41 PM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] Vpls-ldp signaling > > Hello , > > How do we configure vpls with ldp signaling ? > > > > As per JunOS 7.6 Feature Release. > > LDP Signaling for VPLS > Uses Label Distribution Protocol (LDP) instead of Border Gateway Protocol > (BGP) as the signaling protocol for VPLS > Implemented per draft-ietf-l2vpn-ldp-05 > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp - Any questions? Get answers on any topic at Yahoo! Answers. Try it now. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] JunOS 8.0 upgrade for SSG520/550M
Hi all, I just want to know what is the advantages for SSG520M and SSG550M to be upgradeable to JunOS 8.0 rather than ScreenOS. What about all of the functionality, is it has the same features from ScreenOS ? And what about the price ? Is the price differ too much from non-M SSGs ? Many thanks, -affan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Vpls-ldp signaling
Hi, Maybe you can use my configuration testing, i used it in my office lab, and it works, even in other router using Junos 8.0 Hope it will help you. Regards, -Teguh- Junos Guy <[EMAIL PROTECTED]> wrote: Thanks Jake. Hope someone from Juniper can confirm this. Regards, Aditya. On 2/27/07, Bourgeois, Jacob (Jake)** CTR ** wrote: > > This seems like a doc bug, AKAIK, and per 7.6 docs, BGP is still used to > signal VPLS on juniper platforms. > > > http://www.juniper.net/techpubs/software/junos/junos76/swref76-hierarchy/htm > l/rfc-list2.html#1213459 > > draft-ietf-l2vpn-vpls-bgp is listed. > draft-ietf-l2vpn-vpls-ldp is not listed. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Junos Guy > Sent: Monday, February 26, 2007 8:41 PM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] Vpls-ldp signaling > > Hello , > > How do we configure vpls with ldp signaling ? > > > > As per JunOS 7.6 Feature Release. > > LDP Signaling for VPLS > Uses Label Distribution Protocol (LDP) instead of Border Gateway Protocol > (BGP) as the signaling protocol for VPLS > Implemented per draft-ietf-l2vpn-ldp-05 > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp - Any questions? Get answers on any topic at Yahoo! Answers. Try it now.[EMAIL PROTECTED] show | no-more version 8.0R2.8; system { host-name PE1; root-authentication { encrypted-password "$1$W0fMH2sY$0IcZSuNoZ.C/D9bT2MOaZ0"; ## SECRET-DATA } login { user lab { uid 1000; class super-user; authentication { encrypted-password "$1$pNct5zLJ$qH3NVNErnIJaKLhJajerA/"; ## SECRET-DATA } } } services { telnet; } syslog { user * { any emergency; } file messages { any notice; authorization info; } } } interfaces { ge-1/0/0 { vlan-tagging; encapsulation vlan-ccc; unit 0 { encapsulation vlan-ccc; vlan-id 520; } } so-1/1/0 { unit 0 { family inet { address 10.10.10.1/30; } family mpls; } } lo0 { unit 0 { family inet { address 1.1.1.1/32; } } } } routing-options { router-id 1.1.1.1; autonomous-system 65000; } protocols { mpls { interface so-1/1/0.0; } bgp { group IBGP { type internal; neighbor 2.2.2.2 { local-address 1.1.1.1; family l2vpn { signaling; } } } } ospf { area 0.0.0.0 { interface lo0.0; interface so-1/1/0.0; } } ldp { interface so-1/1/0.0; interface lo0.0; } l2circuit { neighbor 2.2.2.2 { interface ge-1/0/0.0 { virtual-circuit-id 1; no-control-word; } } } } [edit] [EMAIL PROTECTED] [edit] [EMAIL PROTECTED] [edit] [EMAIL PROTECTED] run show l2circuit connections Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label XX -- unknown NC -- intf encaps not CCC/TCC CB -- rcvd cell-bundle size bad Legend for interface status Up -- operational Dn -- down Neighbor: 2.2.2.2 Interface Type St Time last up # Up trans ge-1/0/0.0(vc 1) rmt Up Jan 30 10:40:38 2007 1 Local interface: ge-1/0/0.0, Status: Up, Encapsulation: VLAN Remote PE: 2.2.2.2, Negotiated control-word: No Incoming label: 100032, Outgoing label: 100032 [edit] [EMAIL PROTECTED] run show l2circuit connections extensive Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label XX -- unknown
Re: [j-nsp] problem with commit in JUNOS 8.1R1.5
Hello, In addition to "slow commit" problem in same network, same devices and JUNOS I must add some additional information. Actually the problem is because of this configuration statement: [EMAIL PROTECTED] show system accounting events [ login change-log interactive-commands ]; destination { tacplus { server { A.B.C.D { secret "$7$skg7JKlo30Vo5369CAu"; ## SECRET-DATA source-address X.X.X.X; } } } } Without this tacacs accounting commit synchronize works normally. This problem appears only to m320 with two routing engines, without graceful-switchover and name-servers. Here is log message from re1 which is backup at this moment and do commit sync on re0. % date Tue Feb 27 12:50:36 EET 2007 % tail -f /var/log/messages Feb 26 10:40:26 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGIN_EVENT: User 'ilko' entering configuration mode Feb 26 10:40:34 Ruse-R-Edge mgd[6914]: UI_DBASE_LOGOUT_EVENT: User 'ilko' exiting configuration mode Feb 26 10:40:58 Ruse-R-Edge mgd[7105]: UI_TACPLUS_ERROR: TACACS+ failure: connect: timed out Feb 26 10:41:01 Ruse-R-Edge mgd[7105]: UI_LOAD_EVENT: User 'root' is performing a 'load update' Feb 26 10:49:24 Ruse-R-Edge mgd[7105]: UI_COMMIT: User 'ilko' performed commit: no comment Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp -T -t /vat/tmp/juniper.conf1.gz' Feb 27 12:49:06 Ruse-R-Edge mgd[7445]: UI_TACPLUS_ERROR: TACACS+ failure: connect: timed out Feb 27 12:49:09 Ruse-R-Edge mgd[7445]: UI_LOAD_EVENT: User 'root' is performing a 'load update' Feb 27 12:50:06 Ruse-R-Edge login: LOGIN_INFORMATION: User ilko logged in from host re0 on device ttyp0 Feb 27 12:50:09 Ruse-R-Edge mgd[7448]: UI_TACPLUS_ERROR: TACACS+ failure: connect: timed out This is commit without "system accounting " statements in configuration. Feb 27 12:57:32 Ruse-R-Edge mgd[7445]: UI_COMMIT: User 'ilko' performed commit: no comment Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_LOAD_EVENT: User 'root' is performing a 'load update' Feb 27 12:59:28 Ruse-R-Edge mgd[7663]: UI_COMMIT: User 'ilko' performed commit: no comment Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_LOAD_EVENT: User 'root' is performing a 'load update' Feb 27 13:00:09 Ruse-R-Edge mgd[7875]: UI_COMMIT: User 'ilko' performed commit: no comment This seems to me that this is some kind of bug. I'll be grateful if somebody can give an advice. Kind regards, -- George Yalamov Bulgarian Telecommunications Company AD Senior Engineer Core/Metro Technologies tel: 359 2 949 6844 Vesselin Kostov wrote: > Hello All, > > We have problem when commiting the configuration after we upgraded to JUNOS > 8.1R1.5. > > It is taking about 8 minutes for commit: > > 2007-02-20 10:30:54 EET: push configuration to re1 2007-02-20 10:38:28 EET: > asking re1 to commit > > With the old JUNOS the commit was taking less than 2 minutes: > > 2007-02-20 10:37:01 EET: push configuration to re1 2007-02-20 10:37:05 EET: > asking re1 to commit > > Does anyone else had this problem or it is normal? > > > > [EMAIL PROTECTED] commit | display detail re0: 2007-02-20 10:30:50 EET: > obtaining db lock on re1 > 2007-02-20 10:30:53 EET: exporting juniper.conf 2007-02-20 10:30:53 EET: > expanding groups 2007-02-20 10:30:53 EET: finished expanding groups > 2007-02-20 10:30:53 EET: setup foreign files 2007-02-20 10:30:53 EET: > propagating foreign files 2007-02-20 10:30:53 EET: complete foreign files > 2007-02-20 10:30:53 EET: dropping unchanged foreign files 2007-02-20 > 10:30:53 EET: executing 'ffp propagate' > 2007-02-20 10:30:53 EET: daemons checking new configuration 2007-02-20 > 10:30:53 EET: Routing protocol daemon checking new configuration 2007-02-20 > 10:30:53 EET: Init daemon checking new configuration 2007-02-20 10:30:53 > EET: Interface daemon checking new configuration 2007-02-20 10:30:53 EET: > Pic Services Logging daemon checking new configuration 2007-02-20 10:30:54 > EET: Web management daemon checking new configuration 2007-02-20 10:30:54 > EET: Autoinstallation daemon checking new configuration configuration check > succeeds 2007-02-20 10:30:54 EET: executing 'ffp synchronize' > 2007-02-20 10:30:54 EET: push configuration to re1 2007-02-20 10:38:28 EET: > asking re1 to commit > re1: 2007-02-20 10:38:34 EET: exporting juniper.conf 2007-02-20 10:38:34 > EET: expanding groups 2007-02-20 10:38:34 EET: finished expanding groups > 2007-02-20 10:38:34 EET: setup foreign files 2007-02-20 10:38:34 EET: > propagating foreign files 2007-02-20 10:38:35 EET: complete foreign files > 2007-02-20 10:38:35 EET: dropping unchanged foreign files 2007-02-20 > 10:38:35 EET: executing 'ffp propagate' > 2007-02-20 10:38:35 EET: daemons checking new configuration 2007-02-20 > 10:38:35 EET: Routing protocol daemon checking new configuration 2007-02-20 > 10:38:35 EET: Init daemon checking new configuration 2007-02-20 10:38:35 > EET: Interface daemon checking new configuration 2