Re: [j-nsp] M7i to Extreme BD6808
Hello Since your problem seems basic I would advice you to try to connect your M7i to some other kind of equipment on one hand And your BD6K switch on the other hand separately You have a silly physical problem or negotiation problem. On the M7i side the PE-4FE-TX card is MDI On the BD6K side I thought that every kind of equipment at Extreme are also auto MDI-MDX but it seems that they have the regular cabling of a switch that's to say MDX. Normally the correct cabling should be with the use of a Straight-through cable. Go ahead with some physical tests using some other equipment like PC to check the link status of each ports separately and after that you will go on with the negotiation parameters. From a PC to the M7i you should use a crossed-over cable From a PC to the BD6K you should use a direct cable Regards Alain John T. Yocum a écrit : Hello, Got a strange problem. I'm trying to setup an aggregated ethernet connection between a PE-4FE-TX and an Extreme BD6808 with F48Ti. I've tried both both straight through and cross-over cables but I can't get a link-light on either side. As well, neither of them log an event of a connection error. Anyone else had any trouble getting them to connect, or have any advice? And, yes I did check, the ports are enabled on both sides. Thanks, John ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] L2VPN path in a LDP core
Its not a stupid question, that's how we learn :) regards, Umar Ahmed JNCIE-M # 281, FNCNE, Numpty # 1 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wang dong bei Sent: 29 January 2008 03:10 To: Paolo Autore Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] L2VPN path in a LDP core Thank you very much for your help and response. That helps me a lot. After login in more routers. It seems that some of them do runs RSVP. In some of the LSP's have got ldp-tunneling configured. The juniper web pages simply says Enable the LSP to be used for LDP tunneling. However, after digging the juniper web sites, and some of my outdated in-house documents, it seems that it has something to do with load-balancing and hash calculation of the LSP's. Sorry to bother you gurus with stupid questions yet somehow i am pretty much on my own now 2008/1/28, Paolo Autore [EMAIL PROTECTED]: Sorry-- I didn't see that you were using LDP as the signaling protocol. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amos Rosenboim Sent: Monday, January 28, 2008 13:44 To: wang dong bei; juniper-nsp@puck.nether.net Subject: Re: [j-nsp] L2VPN path in a LDP core Since you are using LDP, which (at least for me) means that you don't have any MPLS traffic engineering in the network, then LDP LSP follows the IGP path. This means that a simple trace route can show you the path between the edge routers. Cheers, Amos On Jan 28, 2008, at 3:25 PM, Paolo Autore wrote: Try this command show rsvp session extensive -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wang dong bei Sent: Monday, January 28, 2008 08:26 To: Radu Pavaloiu Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] L2VPN path in a LDP core Hi Radu, Could you enlighten me with more details about it? regards, william 2008/1/28, Radu Pavaloiu [EMAIL PROTECTED]: Hi, , You have MPLS OAM. Kindest Regards Radu Pavaloiu Service Provider Team Leader CCIE #14582, JNCIS M/T mobile: +40 743286118 phone: +40 21 3178787 ext. 45 fax: +40 21 3179797 www.datanets.ro Believe in more In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away. wang dong bei wrote: Hi Talents, I have got a LDP based MPLS core with a few CE's attached to the PE's. Those CE's are running l2vpn and l3vpn. When one CE is trying to communicate with another, ether via l2vpn and/or l3vpn, how can i know exactly which P's are being transversed? thanks in advance for your help. dong bei ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ** Any opinions expressed in the e-mail are those of the individual and not necessarily the company. This e-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering it to the intended recipient, be advised that you have received this e-mail in error and that any dissemination, distribution, copying or use is strictly prohibited. If you have received this e-mail in error, or if you are concerned with the content of this e-mail please e-mail to: [EMAIL PROTECTED] The contents of an attachment to this e-mail may contain software viruses which could damage your own computer system. Whilst the sender has taken every reasonable precaution to minimise this risk, we can not accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening this e-mail or any attachments to this e-mail. This e-mail was sent from Vanco UK Limited a company registered in England under number 2296733 and whose registered office is Units 12, Great West Plaza, Riverbank Way, Brentford, TW8 9RE, UK Please consider the environment before printing this e-mail. **
[j-nsp] Ip share interface
hello i have a question regarding giving vpn access to the internet i have seen one way to do it is via a shared ip interface. host1(config)#virtual-router pe1:pe11host1:pe1:pe11(config)#interface ip internethost1:pe1:pe11(config-if)#ip share-interface gig 2/2.10host1:pe1:pe11(config-if)#ip address 10.1.1.3 255.255.255.255 host1:pe1:pe11(config-if)#exit host1:pe1:pe11(config)#ip route 0.0.0.0 0.0.0.0 ip internet1 when i tried to configure it the shared interface was ethernet and it was not possible any ideas on a workaround?E310-Lab:vr2:vpn1(config)#ip route 0.0.0.0 0.0.0.0 ip internet% invalid next-hop for a multiaccess interface2 what the ip of the shared interface should be?in the range of the shared interface? or it doesnt matter what ip will i use?thanks in advance ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
On Tue, Jan 29, 2008 at 06:47:59PM +0300, Alexandre Snarskii wrote: Hi, noting that these 'switches' will be MPLS-able in this year, so it can be used not only as 'enterprise switch', but as SP one. And their EX 4200-24F is always ideally suited for metro ethernet distribution/access levels... http://www.juniper.net/switch/products.html The specs say: Layer 3 Features: IPv4 Max number of ARP entries: 16,000 Max number of IPv4 unicast routes in hardware: 12,000 Max number of IPv4 multicast routes in hardware: 2,000 Routing protocols: RIPv1/v2, OSPF, BGP, ISIS 12k of routes would work 25 years ago for a service provider :) Thanks, -- Sabri ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sabri Berisha Sent: Tuesday, January 29, 2008 10:56 AM To: Alexandre Snarskii Cc: Juniper-NSP Mailing list Subject: Re: [j-nsp] The Switch is ON !!! The specs say: Layer 3 Features: IPv4 Max number of ARP entries: 16,000 Max number of IPv4 unicast routes in hardware: 12,000 Max number of IPv4 multicast routes in hardware: 2,000 Routing protocols: RIPv1/v2, OSPF, BGP, ISIS 12k of routes would work 25 years ago for a service provider :) Thanks, -- Sabri Why would customer edge switches servicing the typical voice/data customer require full routes? Out of the hundreds of Ethernet circuits that we've deployed using Cisco ME3400 switches, only 3 customers require full routes - in that case, we multihop them to a peer with full routes. A 1% need for such capacity doesn't justify the cost of a switch/router that can do a full table. Maybe our customer base is different than others, though. That said, none of the metro ethernet stackable switches that I know of (Foundry, Cisco ME-series, Telco Systems, MRV, etc.) have enough TCAM and/or memory to take full routes, so I'm still not sure the point is valid. -evt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
I guess this product will compete with Extreme Networks, Foundry, Cisco Catalyst stuff and some others.. Edson From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Tue 29-Jan-08 13:13 To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] The Switch is ON !!! On Tuesday, 29 January 2008, Matt Yaklin wrote: Did juniper buy out another switching company or is this their design from the ground up? Their design, according to our account team. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
Hi Guys, Why do they have POE on all models, surely nobody in SP environment wants that? cheers /rolf On Tuesday 29 January 2008 16:47:59 Alexandre Snarskii wrote: On Tue, Jan 29, 2008 at 12:32:37PM -0200, GIULIANO (UOL) wrote: Be welcome to the new Juniper EX-Series Family of Enterprise Class Switches: http://www.juniper.net/index.html Impressive. Especially footnote about Advanced Feature License: AFL including IPv6 Routing, IS-IS, BGP, MBGP, MPLS, Enhanced GRE Tunnels (7) available for purchase with JUNOS 9.1 in Q2'08. noting that these 'switches' will be MPLS-able in this year, so it can be used not only as 'enterprise switch', but as SP one. And their EX 4200-24F is always ideally suited for metro ethernet distribution/access levels... PS: if anybody knows, what MPLS features it will support - can you share it to me ? :) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
On Tue, Jan 29, 2008 at 04:55:38PM +0100, Sabri Berisha wrote: On Tue, Jan 29, 2008 at 06:47:59PM +0300, Alexandre Snarskii wrote: Hi, noting that these 'switches' will be MPLS-able in this year, so it can be used not only as 'enterprise switch', but as SP one. And their EX 4200-24F is always ideally suited for metro ethernet distribution/access levels... http://www.juniper.net/switch/products.html The specs say: Layer 3 Features: IPv4 Max number of ARP entries: 16,000 Max number of IPv4 unicast routes in hardware: 12,000 Max number of IPv4 multicast routes in hardware: 2,000 Routing protocols: RIPv1/v2, OSPF, BGP, ISIS 12k of routes would work 25 years ago for a service provider :) Yes, this switch will not be able to run full-view. So what ? :) Most (98%) of our customers dont need it, and those in need will have their vlan terminated not on that switch but on some router... ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
On Tue, Jan 29, 2008 at 12:32:37PM -0200, GIULIANO (UOL) wrote: Be welcome to the new Juniper EX-Series Family of Enterprise Class Switches: http://www.juniper.net/index.html Impressive. Especially footnote about Advanced Feature License: AFL including IPv6 Routing, IS-IS, BGP, MBGP, MPLS, Enhanced GRE Tunnels (7) available for purchase with JUNOS 9.1 in Q2'08. noting that these 'switches' will be MPLS-able in this year, so it can be used not only as 'enterprise switch', but as SP one. And their EX 4200-24F is always ideally suited for metro ethernet distribution/access levels... PS: if anybody knows, what MPLS features it will support - can you share it to me ? :) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
Did juniper buy out another switching company or is this their design from the ground up? It is their design from the ground up. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
On Tue, Jan 29, 2008 at 12:32:37PM -0200, GIULIANO (UOL) wrote: Be welcome to the new Juniper EX-Series Family of Enterprise Class Switches: http://www.juniper.net/index.html It'll be interesting to hear juniper folks compare it to the crisco nexus that was announced yesterday/ -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
4 models of 3200s and 5 models of 4200s, some having all POE ports and others having only 1/3 of the ports supporting POE. Doesn't sound unreasonable to me, as they're likely trying to cover a broader customer base. 9 models of wiring-closet switches from a historically router-only vendor sounds like a good first stab to me. In my case (an SP), we'd only ever use the SFP-based models, which naturally don't have POE. David On 29/01/2008, Rolf Mendelsohn [EMAIL PROTECTED] wrote: Hi Guys, Why do they have POE on all models, surely nobody in SP environment wants that? cheers /rolf On Tuesday 29 January 2008 16:47:59 Alexandre Snarskii wrote: On Tue, Jan 29, 2008 at 12:32:37PM -0200, GIULIANO (UOL) wrote: Be welcome to the new Juniper EX-Series Family of Enterprise Class Switches: http://www.juniper.net/index.html Impressive. Especially footnote about Advanced Feature License: AFL including IPv6 Routing, IS-IS, BGP, MBGP, MPLS, Enhanced GRE Tunnels (7) available for purchase with JUNOS 9.1 in Q2'08. noting that these 'switches' will be MPLS-able in this year, so it can be used not only as 'enterprise switch', but as SP one. And their EX 4200-24F is always ideally suited for metro ethernet distribution/access levels... PS: if anybody knows, what MPLS features it will support - can you share it to me ? :) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
On Tue, 29 Jan 2008, Joe Provo wrote: On Tue, Jan 29, 2008 at 12:32:37PM -0200, GIULIANO (UOL) wrote: Be welcome to the new Juniper EX-Series Family of Enterprise Class Switches: http://www.juniper.net/index.html It'll be interesting to hear juniper folks compare it to the crisco nexus that was announced yesterday/ Did juniper buy out another switching company or is this their design from the ground up? matt -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rolf Mendelsohn Sent: Tuesday, January 29, 2008 11:02 AM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] The Switch is ON !!! Hi Guys, Why do they have POE on all models, surely nobody in SP environment wants that? cheers /rolf Speak for yourself! There are plenty of reasons why an SP would want PoE, as there are no shortage of devices in an ISP network that might require it. WAPs, Ethernet demarcation devices, media converters, etc. -evt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
Actually he can speak for us on this one, too. I asked my cohort here what devices we had in our datacenters that would need POE... you know what I heard? ... cricket... I told a vendor rep recently that there is no way we would ever buy POE switches for our hosting work... and now he's smiling because he knows I like the sound of Juniper switching. Getting ready to eat my words... dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Van Tol Sent: Tuesday, January 29, 2008 1:18 PM To: Rolf Mendelsohn; juniper-nsp@puck.nether.net Subject: Re: [j-nsp] The Switch is ON !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rolf Mendelsohn Sent: Tuesday, January 29, 2008 11:02 AM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] The Switch is ON !!! Hi Guys, Why do they have POE on all models, surely nobody in SP environment wants that? cheers /rolf Speak for yourself! There are plenty of reasons why an SP would want PoE, as there are no shortage of devices in an ISP network that might require it. WAPs, Ethernet demarcation devices, media converters, etc. -evt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] IPv6 questions
And unless you are on only certain particular devices (e.g. L3 switches) then the end device won't necessarily have any relevant clue what VLAN it's on. I have never seen/heard of an RFC for it either and would certainly wonder WHY?. :) Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Nordmark Sent: Tuesday, January 29, 2008 1:44 PM To: snort bsd Cc: [EMAIL PROTECTED]; juniper-nsp Subject: Re: IPv6 questions snort bsd wrote: Never mind it is the VLAN number. But which RFC define this? I've never seen an IPv6 RFC specify to put the VLAN number in the link-local address. Thus this must be an (odd) choice made by some implementation. Perhaps the implementation somehow requires that all the link-local addresses for all its (sub)interfaces be unique, even though the RFCs assume that the implementation should be able to deal with multiple interfaces with same same link-local address. Erik Thanks all Dave - Original Message From: snort bsd [EMAIL PROTECTED] To: [EMAIL PROTECTED]; juniper-nsp juniper-nsp@puck.nether.net Sent: Monday, 28 January, 2008 3:05:59 PM Subject: IPv6 questions Hi All: With link-local IPv6 address, the converting from MAC-48 to EDU-64 address format (FF FE stuffing). How does the VLAN tags affect the conversion? With the rule of FF FE stuffing, I can see clearly work on the ptp interfaces. But on those Ethernet based VLANs, it doesn't seem to follow that pattern: Current address: 00:90:69:4a:b9:5d, Hardware address: 00:90:69:4a:b9:5d well, i assume the link-local should be fe80::290:69ff:fe4a:b95d/64. actually, it shows: Destination: fe80::/64, Local: fe80::290:6903:94a:b95d how does the router get this 03 09 instead of ff fe? Thanks all Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
I wonder if the EX4200 can have layer 3 on all ports. A 48 port GigE router would be nice, I just ordered two Cisco 3750G-Es for that exact purpose. I like the stacking capabilities of the EX4200 -Matt On Jan 29, 2008, at 11:57 AM, Scott Morris wrote: These aren't core... If you're needing to run a full table on every single device you have, you may consider a different design strategy! Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sabri Berisha Sent: Tuesday, January 29, 2008 10:56 AM To: Alexandre Snarskii Cc: Juniper-NSP Mailing list Subject: Re: [j-nsp] The Switch is ON !!! On Tue, Jan 29, 2008 at 06:47:59PM +0300, Alexandre Snarskii wrote: Hi, noting that these 'switches' will be MPLS-able in this year, so it can be used not only as 'enterprise switch', but as SP one. And their EX 4200-24F is always ideally suited for metro ethernet distribution/access levels... http://www.juniper.net/switch/products.html The specs say: Layer 3 Features: IPv4 Max number of ARP entries: 16,000 Max number of IPv4 unicast routes in hardware: 12,000 Max number of IPv4 multicast routes in hardware: 2,000 Routing protocols: RIPv1/v2, OSPF, BGP, ISIS 12k of routes would work 25 years ago for a service provider :) Thanks, -- Sabri ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] IPv6 questions
It does make sense though. Say one megabits interface with 20 VLANs. In that scenario, every VLAN, usually has own link-local address. It is more practical than multiple interfaces with same link-local address. I found this on Juniper router and now assume it is Juniper specific implementation. Thanks all - Original Message From: Scott Morris [EMAIL PROTECTED] To: Erik Nordmark [EMAIL PROTECTED]; snort bsd [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; juniper-nsp juniper-nsp@puck.nether.net Sent: Tuesday, 29 January, 2008 12:36:55 PM Subject: RE: IPv6 questions And unless you are on only certain particular devices (e.g. L3 switches) then the end device won't necessarily have any relevant clue what VLAN it's on. I have never seen/heard of an RFC for it either and would certainly wonder WHY?. :) Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Nordmark Sent: Tuesday, January 29, 2008 1:44 PM To: snort bsd Cc: [EMAIL PROTECTED]; juniper-nsp Subject: Re: IPv6 questions snort bsd wrote: Never mind it is the VLAN number. But which RFC define this? I've never seen an IPv6 RFC specify to put the VLAN number in the link-local address. Thus this must be an (odd) choice made by some implementation. Perhaps the implementation somehow requires that all the link-local addresses for all its (sub)interfaces be unique, even though the RFCs assume that the implementation should be able to deal with multiple interfaces with same same link-local address. Erik Thanks all Dave - Original Message From: snort bsd [EMAIL PROTECTED] To: [EMAIL PROTECTED]; juniper-nsp juniper-nsp@puck.nether.net Sent: Monday, 28 January, 2008 3:05:59 PM Subject: IPv6 questions Hi All: With link-local IPv6 address, the converting from MAC-48 to EDU-64 address format (FF FE stuffing). How does the VLAN tags affect the conversion? With the rule of FF FE stuffing, I can see clearly work on the ptp interfaces. But on those Ethernet based VLANs, it doesn't seem to follow that pattern: Current address: 00:90:69:4a:b9:5d, Hardware address: 00:90:69:4a:b9:5d well, i assume the link-local should be fe80::290:69ff:fe4a:b95d/64. actually, it shows: Destination: fe80::/64, Local: fe80::290:6903:94a:b95d how does the router get this 03 09 instead of ff fe? Thanks all Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
This makes it more useful than the Nexus. MPLS = good. Alexandre Snarskii wrote: On Tue, Jan 29, 2008 at 12:32:37PM -0200, GIULIANO (UOL) wrote: Be welcome to the new Juniper EX-Series Family of Enterprise Class Switches: http://www.juniper.net/index.html Impressive. Especially footnote about Advanced Feature License: AFL including IPv6 Routing, IS-IS, BGP, MBGP, MPLS, Enhanced GRE Tunnels (7) available for purchase with JUNOS 9.1 in Q2'08. noting that these 'switches' will be MPLS-able in this year, so it can be used not only as 'enterprise switch', but as SP one. And their EX 4200-24F is always ideally suited for metro ethernet distribution/access levels... PS: if anybody knows, what MPLS features it will support - can you share it to me ? :) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Strange J-Series IPSec Issue
I'm trying to build a site-to-site IPSec tunnel with two J-4350's, but
I'm running into a strange issue.
The tunnel appears to be up, the two routers see each other as neighbors
in OSPF, I can even ping between the two routers.
In addition a host on one side can ping a host on the other side. The
problem comes when I try to put real traffic over the link. Connecting
to port 80 on a remote machine doesn't work. Packet captures show no
traffic coming back from the remote side.
I'm sure I'm missing something simple - but I'm at a loss as to what it is.
If anyone has any suggestions, they'd be much appreciated.
--
matt
Here's my partial config:
root show ospf neighbor
Address Interface State ID Pri Dead
10.206.32.1 sp-0/0/0.11Full 218.81.216.253 12837
root show route protocol ospf
inet.0: 11 destinations, 12 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.206.32.0/24 *[OSPF/10] 00:42:47, metric 2
via sp-0/0/0.11
10.206.32.1/32 *[OSPF/10] 04:24:03, metric 1
via sp-0/0/0.11
10.206.34.0/24 *[OSPF/10] 00:42:47, metric 2
via sp-0/0/0.11
10.206.35.0/24 *[OSPF/10] 00:42:47, metric 2
via sp-0/0/0.11
192.168.1.1/32 [OSPF/10] 05:05:46, metric 2
via sp-0/0/0.11
218.81.216.0/24*[OSPF/10] 00:42:47, metric 2
via sp-0/0/0.11
224.0.0.5/32 *[OSPF/10] 1w0d 01:42:30, metric 1
MultiRecv
__juniper_private1__.inet.0: 2 destinations, 2 routes (2 active, 0
holddown, 0 hidden)
protocols {
ospf {
area 0.0.0.0 {
interface sp-0/0/0.11;
interface ge-0/0/0.0 {
passive;
}
}
}
}
services {
service-set ipsec {
next-hop-service {
inside-service-interface sp-0/0/0.11;
outside-service-interface sp-0/0/0.10;
}
ipsec-vpn-options {
local-gateway 1.1.1.1;
}
ipsec-vpn-rules ipsec-out;
}
ipsec-vpn {
rule ipsec-out {
term 1 {
then {
remote-gateway 2.2.2.2;
dynamic {
ike-policy ike-policy-hq;
ipsec-policy ipsec-policy-hq;
}
clear-dont-fragment-bit;
tunnel-mtu 1440;
}
}
match-direction input;
}
ipsec {
proposal ipsec-proposal-hq {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-192-cbc;
lifetime-seconds 3600;
}
policy ipsec-policy-hq {
proposals ipsec-proposal-hq;
}
}
ike {
proposal site-to-site {
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm aes-192-cbc;
lifetime-seconds 86400;
}
policy ike-policy-hq {
mode main;
proposals site-to-site;
pre-shared-key ascii-text XXX; ## SECRET-DATA
}
}
establish-tunnels immediately;
}
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
This makes it more useful than the Nexus. MPLS = good. If youre looking at using it in an SP environment, yes. But the Nexus isnt targeted at SP environments... ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] The Switch is ON !!!
On Tue, Jan 29, 2008 at 10:01:08AM -0500, Dorian Kim wrote: On Tue, Jan 29, 2008 at 09:41:01AM -0500, Joe Provo wrote: It'll be interesting to hear juniper folks compare it to the crisco nexus that was announced yesterday/ Bit of apples and oranges comparison between the two Obviously the proper comparison here is to the Cisco 3560G/E, the Foundry FESX, and the Extreme Summit x450 product lines. Interestingly, the EX series seems to be priced a fair bit below the comparable Cisco product across the board (typically Juniper seem to price a bit higher than the Cisco version, since their products are generally better and can command a higher price), and not much higher than the equivalent Foundry and Extreme products. In theory these boxes may be targeted at Enterprises (well some at any rate, clearly there are a huge percentage who will never be able to grasp non-Cisco, or who depend on Cisco proprietary protocols), but to me it looks more like they're targeted at the datacenter (also going up against Foundry and Extreme) than the enterprise wiring closet. Features like MPLS (for doing VPN PE), and ISIS support should make this box very popular for colo and hosting environments doing switch-per-rack aggregation. I could personally have done with support for a few more than 12k routes (no mention of IPv6/MPLS capacity, hopefully this won't impact IPv4 services), and 4xXFP uplinks to compete with some of the newer and much cheaper Broadcom reference design boxes like the Dell 6224F and Force10 S25P, but generally speaking this looks like a very interesting platform (and the bigger chassis even more so :P). Unfortunately 2 10GE uplinks for a 48-port 1GE box isn't quite good enough any more. The only product Juniper seems to be missing in this lineup is a Nx10G 1U box, going up against the Cisco 3560E-12D 12-port X2 box (recently repriced to $20k list), Force10 S2410 (24-port XFP), Fujitsu XG2000 (20-port XFP), and other similar products. I think if they made a 24-port or even a 12-port XFP 1U box that was stackable, MPLS capable, and perhaps supported a few more routes, it would sell like hotcakes. /product review -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
