[j-nsp] Frame-relay Switching on J-Series
Hi Guys, I have a lab that I am trying to setup, some basics here. I would like to setup a J-Series to act like a Frame-relay switch. Could anyone direct me to some configurations? I am using T1 ports here and would like to get some p2p and p2m configurations. So some configurations would definitely help. Thanks, Hoogen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] BGP import policy not refreshing properly
I have 2 POPs each with a connection to a common upstream. The upstream
is sending me MEDs, but lots of routes have (missing or 0) MEDs and I
want to reset those to a fixed value so I can tweak them later.
So I have an import policy on each BGP session like so:
term setall-meds {
from metric 0;
then {
metric 3;
}
}
term def {
then {
local-preference 110;
accept;
}
}
term rej {
then reject;
}
I apply this on both routers and get, for example:
At POP A (M10i 9.3R1.7):
A DestinationP Prf Metric 1 Metric 2 Next hopAS path
* 64.152.0.0/13 B 170110 0 >(TO POP B) 3356 I
B 170110 3 >(UPSTREAM AT A) 3356 I
At POP B (M10 9.3R3.8):
A DestinationP Prf Metric 1 Metric 2 Next hopAS path
* 64.152.0.0/13 B 170110 0 >(UPSTREAM AT B) 3356 I
So the M10 at POP B doesn't appear to be applying the import policy and
setting the MED to 3. POP A as a result picks the route through B.
(Yes, I waited more than the 15 minutes for POP B's CPU to go back to
idle so the RE-333-768 churned through the whole table).
This resolved itself with a hard clear of the BGP session to the upstream
at POP B. 'soft-intbound' clear at B didn't do it (other than pegging the
RE CPU for another 15 minutes).
Any ideas? JUNOS bug? Old/decrepit RE getting non-deterministic
with age? Do I really have to hard-clear the BGP session on the 'B'
router any time I change the import policy now? :/
-Will Orton
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] How to upgrade junos 5.0.0r8.1
You configuration will remain after the upgrade/reboot. Downgrading is the same process as upgrading as long as you're going from say 5.2 to 5.0. Just load the 5.0 image and reboot. The 5.0 image is blown away when you load the newer screenOS. Good luck, -Tim Eberhard On Mon, Jul 13, 2009 at 11:04 AM, George wrote: > Thanks Guys, > > Sure I had planned to upgrade to above 5.2 , are these firmwares available > for download? > > So the next question is really about the configs, Once a reboot is done all > the previous setting take in effect, is that so? And for a rollback the do I > just scroll for the image? > > Regards > George > > > > On Mon, 2009-07-13 at 17:39 +0300, Humair Ali wrote: > > Hi Georges > > Tim is absolutely correct, and since you are using the 2 netscreens as a > standalone, you are bound to have downtime. > > One other , I believe (needs to verify) you can't go straight from 5.0 to > 6.x, you need to upgrade through an intermediary such as 5.4 then upgrade > 6.x so that is added downtime since again code needs to be reloaded after > upgrade to 5.4 and then to 6.0 > > HTH > > > > 2009/7/13 Tim Eberhard > > George, > > It's not possible to preform any kind of hitless upgrade.. > > The Netscreen must reboot once the new code is loaded. So you must factor > in > the time it will take for the firewall to reload in addition to the hit it > will take when the wall comes back online and the traffic starts to flood > back. Depending on the size of your network/amount of VPN tunnels it could > take a couple of minutes for everything to ramp back up. > > Downgrading code is possible depending what code version you're going to. > It > can be a bit problematic if say you go to 6.X code from 5.0 but if you had > planned on going from 5.0 to 5.4 going back shouldn't be much of a problem. > > Good luck, > > -Tim Eberhard > > > > > On Mon, Jul 13, 2009 at 7:12 AM, George wrote: > > > Sorry guys, > > > > The two firewalls are in completely two different networks and in no way > > work together. The reason I mentioned the two is because I tried the > > same VPN on the other Firewall with a higher firmware and it worked > > within minutes of set-up. So i really want to upgrade this firewall. > > > > Thanks > > George > > > > On Mon, 2009-07-13 at 17:17 +0500, mas...@nexlinx.net.pk wrote: > > > > > Are you using both of the firewalls as n active/active or > active/passive; > > > if yes thn you can try upgrading one of them while the other will take > > > care of your production services. > > > > > > Regards, > > > Masood > > > > > > > Hi there, > > > > > > > > I have two juniper netscreens one is Firmware 5.0.0r8.1 . Now I have > > > > encountered a problem when setting up a VPN on this one due to > firmware > > > > version thus I need to upgrade it. > > > > > > > > The question is how do I upgrade this firmware, challenge being that > it > > > > is running live services and if the upgrade fails how do I roll-back. > > > > Guess the thing is I have to be 100% sure the upgrade will not affect > > > > anything. > > > > > > > > Cheers. > > > > George > > > > ___ > > > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > > > > > > > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX960 NSR Problem
>From the docs. Based on distributed or the timeout when not, you can have bfd >timeouts during a nsr; for a gres I believe that bfd is not supported and a >session reset is also expected. When a BFD session is distributed to the Packet Forwarding Engine, BFD packets continue to be sent during a Routing Engine switchover. If non-distributed BFD sessions are to be kept alive during a switchover, you must ensure that the session failure detection time is greater than the Routing Engine switchover time. The following BFD sessions are not distributed to the Packet Forwarding Engine: multi-hop sessions, tunnel-encapsulated sessions, and sessions over aggregated Ethernet and Integrated Routing and Bridging (IRB) interfaces. NOTE: For BFD sessions to remain up during a Routing Engine switchover event when nonstop active routing is configured, the value for the minimum-interval configuration statement (a BFD liveness detection parameter) must be at least 2500 ms for Routing Engine-based sessions and at least 10 ms for distributed BFD sessions. -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Walaa Abdel razzak Sent: Monday, July 13, 2009 10:54 AM To: Richard A Steenbergen Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] MX960 NSR Problem OK, That's why I see BGP session reset on the new Backup RE but not on the new master because of resync process and we can say this behaviour is normal. But why the BFD, ISIS sessions was reset on the new master and affected neighbours state? Best Regards, Walaa Abdel Razzak -Original Message- From: Richard A Steenbergen [mailto:r...@e-gerbil.net] Sent: Monday, July 13, 2009 12:55 AM To: Walaa Abdel razzak Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] MX960 NSR Problem On Sun, Jul 12, 2009 at 08:36:12PM +0300, Walaa Abdel razzak wrote: > Experts > > I have MX960 router with JUNOS 9.4R2 having GRES and NSR enabled. When I > switch from the master to backup RE, Traffic is not interrupted but the > protocols appears to reset on the old master but the strange thing is > that it appears not reset on the new master, do you have reason for > this? The BGP on the neighbor routers didn't flap, but ISIS, BFD session > flapped on the neighbors. That is how NSR is supposed to work. When running NSR, the backup RE is pre-synchronized to the state of the active RE, so when you do a switchover the BGP session appears to be uninterrupted. At some point after the switchover is completed, the new backup RE should sync up in the same way, but it won't be instant. BTW if I were you I'm not sure that I would be running NSR in production on 9.4R2. I've seen a lot of bugs related to it (and even related to GRES, ever since around 9.1+ it has been very sketchy for me) which can cause disruptions or even blackholing within packet forwarding when "something" happens on the backup RE. LDP sessions resetting whenever the backup RE was rebooted was extremely annoying. :) -- Richard A Steenbergen http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) __ Information from ESET Smart Security, version of virus signature database 4223 (20090708) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4223 (20090708) __ The message was checked by ESET Smart Security. http://www.eset.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX960 NSR Problem
OK, That's why I see BGP session reset on the new Backup RE but not on the new master because of resync process and we can say this behaviour is normal. But why the BFD, ISIS sessions was reset on the new master and affected neighbours state? Best Regards, Walaa Abdel Razzak -Original Message- From: Richard A Steenbergen [mailto:r...@e-gerbil.net] Sent: Monday, July 13, 2009 12:55 AM To: Walaa Abdel razzak Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] MX960 NSR Problem On Sun, Jul 12, 2009 at 08:36:12PM +0300, Walaa Abdel razzak wrote: > Experts > > I have MX960 router with JUNOS 9.4R2 having GRES and NSR enabled. When I > switch from the master to backup RE, Traffic is not interrupted but the > protocols appears to reset on the old master but the strange thing is > that it appears not reset on the new master, do you have reason for > this? The BGP on the neighbor routers didn't flap, but ISIS, BFD session > flapped on the neighbors. That is how NSR is supposed to work. When running NSR, the backup RE is pre-synchronized to the state of the active RE, so when you do a switchover the BGP session appears to be uninterrupted. At some point after the switchover is completed, the new backup RE should sync up in the same way, but it won't be instant. BTW if I were you I'm not sure that I would be running NSR in production on 9.4R2. I've seen a lot of bugs related to it (and even related to GRES, ever since around 9.1+ it has been very sketchy for me) which can cause disruptions or even blackholing within packet forwarding when "something" happens on the backup RE. LDP sessions resetting whenever the backup RE was rebooted was extremely annoying. :) -- Richard A Steenbergen http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) __ Information from ESET Smart Security, version of virus signature database 4223 (20090708) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4223 (20090708) __ The message was checked by ESET Smart Security. http://www.eset.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] How to upgrade junos 5.0.0r8.1
Thanks Guys, Sure I had planned to upgrade to above 5.2 , are these firmwares available for download? So the next question is really about the configs, Once a reboot is done all the previous setting take in effect, is that so? And for a rollback the do I just scroll for the image? Regards George On Mon, 2009-07-13 at 17:39 +0300, Humair Ali wrote: > Hi Georges > > Tim is absolutely correct, and since you are using the 2 netscreens as > a standalone, you are bound to have downtime. > > One other , I believe (needs to verify) you can't go straight from 5.0 > to 6.x, you need to upgrade through an intermediary such as 5.4 then > upgrade 6.x so that is added downtime since again code needs to be > reloaded after upgrade to 5.4 and then to 6.0 > > HTH > > > > > 2009/7/13 Tim Eberhard > > George, > > It's not possible to preform any kind of hitless upgrade.. > > The Netscreen must reboot once the new code is loaded. So you > must factor in > the time it will take for the firewall to reload in addition > to the hit it > will take when the wall comes back online and the traffic > starts to flood > back. Depending on the size of your network/amount of VPN > tunnels it could > take a couple of minutes for everything to ramp back up. > > Downgrading code is possible depending what code version > you're going to. It > can be a bit problematic if say you go to 6.X code from 5.0 > but if you had > planned on going from 5.0 to 5.4 going back shouldn't be much > of a problem. > > Good luck, > > -Tim Eberhard > > > > > On Mon, Jul 13, 2009 at 7:12 AM, George > wrote: > > > Sorry guys, > > > > The two firewalls are in completely two different networks > and in no way > > work together. The reason I mentioned the two is because I > tried the > > same VPN on the other Firewall with a higher firmware and it > worked > > within minutes of set-up. So i really want to upgrade this > firewall. > > > > Thanks > > George > > > > On Mon, 2009-07-13 at 17:17 +0500, mas...@nexlinx.net.pk > wrote: > > > > > Are you using both of the firewalls as n active/active or > active/passive; > > > if yes thn you can try upgrading one of them while the > other will take > > > care of your production services. > > > > > > Regards, > > > Masood > > > > > > > Hi there, > > > > > > > > I have two juniper netscreens one is Firmware > 5.0.0r8.1 . Now I have > > > > encountered a problem when setting up a VPN on this one > due to firmware > > > > version thus I need to upgrade it. > > > > > > > > The question is how do I upgrade this firmware, > challenge being that it > > > > is running live services and if the upgrade fails how do > I roll-back. > > > > Guess the thing is I have to be 100% sure the upgrade > will not affect > > > > anything. > > > > > > > > Cheers. > > > > George > > > > ___ > > > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > > > > > > > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] (no subject)
Hi, Has anyone come across an M20 which suddenly looses communication and after coming back online it looks like the chassis has restarted for some reason. See messages below. Jul 10 18:38:06 tnp_scb mpc106 machine check caused by error on the Processor Bus Jul 10 18:38:09 CHASSISD_SHUTDOWN: shutdown reason: ipc_pipe_write_error, chassisd_ipc_dispatch Jul 10 18:38:09 CHASSISD_IFDEV_DETACH: ifdev_detach(0) This has happened on 2 M20s and makes me think that there are hardware issues present. Any input or guidance would be much appreciated. Thanks, Brendan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX960 NSR Problem
I agree. I ran into PR 434162 which was causing my BGP sessions to constantly reset on my backup RE, breaking ISSU (on T-series, however). The fix is making it into 9.3R4 and 9.4R3, and I think 9.4R3 is due later this week. Might be a different issue than you were hitting, but is related to NSR nonetheless. David 2009/7/12 Richard A Steenbergen : > On Sun, Jul 12, 2009 at 08:36:12PM +0300, Walaa Abdel razzak wrote: >> Experts >> >> I have MX960 router with JUNOS 9.4R2 having GRES and NSR enabled. When I >> switch from the master to backup RE, Traffic is not interrupted but the >> protocols appears to reset on the old master but the strange thing is >> that it appears not reset on the new master, do you have reason for >> this? The BGP on the neighbor routers didn't flap, but ISIS, BFD session >> flapped on the neighbors. > > That is how NSR is supposed to work. When running NSR, the backup RE is > pre-synchronized to the state of the active RE, so when you do a > switchover the BGP session appears to be uninterrupted. At some point > after the switchover is completed, the new backup RE should sync up in > the same way, but it won't be instant. > > BTW if I were you I'm not sure that I would be running NSR in production > on 9.4R2. I've seen a lot of bugs related to it (and even related to > GRES, ever since around 9.1+ it has been very sketchy for me) which can > cause disruptions or even blackholing within packet forwarding when > "something" happens on the backup RE. LDP sessions resetting whenever > the backup RE was rebooted was extremely annoying. :) > > -- > Richard A Steenbergen http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] How to upgrade junos 5.0.0r8.1
George, It's not possible to preform any kind of hitless upgrade.. The Netscreen must reboot once the new code is loaded. So you must factor in the time it will take for the firewall to reload in addition to the hit it will take when the wall comes back online and the traffic starts to flood back. Depending on the size of your network/amount of VPN tunnels it could take a couple of minutes for everything to ramp back up. Downgrading code is possible depending what code version you're going to. It can be a bit problematic if say you go to 6.X code from 5.0 but if you had planned on going from 5.0 to 5.4 going back shouldn't be much of a problem. Good luck, -Tim Eberhard On Mon, Jul 13, 2009 at 7:12 AM, George wrote: > Sorry guys, > > The two firewalls are in completely two different networks and in no way > work together. The reason I mentioned the two is because I tried the > same VPN on the other Firewall with a higher firmware and it worked > within minutes of set-up. So i really want to upgrade this firewall. > > Thanks > George > > On Mon, 2009-07-13 at 17:17 +0500, mas...@nexlinx.net.pk wrote: > > > Are you using both of the firewalls as n active/active or active/passive; > > if yes thn you can try upgrading one of them while the other will take > > care of your production services. > > > > Regards, > > Masood > > > > > Hi there, > > > > > > I have two juniper netscreens one is Firmware 5.0.0r8.1 . Now I have > > > encountered a problem when setting up a VPN on this one due to firmware > > > version thus I need to upgrade it. > > > > > > The question is how do I upgrade this firmware, challenge being that it > > > is running live services and if the upgrade fails how do I roll-back. > > > Guess the thing is I have to be 100% sure the upgrade will not affect > > > anything. > > > > > > Cheers. > > > George > > > ___ > > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > > > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper (M20) - GRe Tunnel - Cisco(7206)
PR55687 was fixed a long time ago, unless your running ancient code you
should be fine. It was fixed in 7.3 and later codes.
On Sat, Jul 11, 2009 at 5:22 PM, raymondh (NSP) wrote:
> Hi Simon,
>
> Based on your config, I assumed you do have an AS / MS PIC (only the AS or
> MS PIC supports key). Without those PIC(s) you'll most probably receive
> "/kernel: gre doesn't support key option" hence you'll need to remove the
> key option.
>
> what's your junos version and verify the output of show log messages (most
> probably you'll get most of your answers from there before enabling any
> flags in traceoptions).
>
> Out of curiosity, do you have any CoS on the GRE interface on your M20. (If
> no, then you're fine but if yes, do take a look at PR55687 - For your info.)
>
>
> --raymondh
>
>
> on your ios based equipment
>
> On Jul 11, 2009, at 9:05 PM, mas...@nexlinx.net.pk wrote:
>
> You know each packet entering the tunnel is encapsulated wtih gre key
>> value. each packet exiting the tunnel is verified by the gre tunnel key
>> value and de-encapsulated. the AS pic drops packets tht don't match the
>> configured key value.
>>
>> Since GRE doesn't provide encryption. This is like a simple clear-text
>> password with no encryption. You can enable debug on Cisco box and see if
>> you can catch the key; do the same thing on Juniper box (traceoption is
>> your friend there)
>>
>> Regards,
>> Masood
>>
>> -Original Message-
>> From: juniper-nsp-boun...@puck.nether.net
>> [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of simon teh
>> Sent: Saturday, July 11, 2009 10:55 AM
>> To: juniper-nsp
>> Subject: [j-nsp] Juniper (M20) - GRe Tunnel - Cisco(7206)
>>
>> Hi all,
>>
>> I have a question over here and have tried to find out the answer from
>> the forum thread, but failed to get the answer.
>> Did anyone experience this type of problem before:
>>
>> Juniper(M20) GRE tunnel---Cisco(7206)
>>
>> Juniper Configuration
>>
>>> show configuration interfaces gr-0/1/0
>>>
>> unit 0 {
>> tunnel {
>> source 219.93.2.1;
>> destination 219.93.2.2;
>> key 123456;
>> }
>> family inet {
>> mtu 1514;
>> address 192.168.1.1/30;
>> }
>> }
>>
>> Cisco Configuration
>> interface Tunnel0
>> ip address 192.168.1.2 255.255.255.252
>> no ip unreachables
>> no ip proxy-arp
>> ip mtu 1514
>> tunnel source 219.93.2.2
>> tunnel destination 219.93.2.1
>> tunnel key 123456
>>
>> The problem I had was if I configured both router WITHOUT the tunnel
>> key, everything looks FINE. However once I include the tunnel key,
>> then both tunnel UNABLE to ping (interface still up, up). Does anyone
>> has any idea about the tunnel key between Juniper and Cisco. I am
>> confident that other configuration is good, it is the problem with the
>> key.
>> Any suggestion?
>>
>> Thank you very much.
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Steven Brenchley
-
There are 10 types of people in the world those who understand binary and
those who don't.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] How to upgrade junos 5.0.0r8.1
Sorry guys, The two firewalls are in completely two different networks and in no way work together. The reason I mentioned the two is because I tried the same VPN on the other Firewall with a higher firmware and it worked within minutes of set-up. So i really want to upgrade this firewall. Thanks George On Mon, 2009-07-13 at 17:17 +0500, mas...@nexlinx.net.pk wrote: > Are you using both of the firewalls as n active/active or active/passive; > if yes thn you can try upgrading one of them while the other will take > care of your production services. > > Regards, > Masood > > > Hi there, > > > > I have two juniper netscreens one is Firmware 5.0.0r8.1 . Now I have > > encountered a problem when setting up a VPN on this one due to firmware > > version thus I need to upgrade it. > > > > The question is how do I upgrade this firmware, challenge being that it > > is running live services and if the upgrade fails how do I roll-back. > > Guess the thing is I have to be 100% sure the upgrade will not affect > > anything. > > > > Cheers. > > George > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] How to upgrade junos 5.0.0r8.1
Sorry guys, The two firewalls are in completely two different networks and in no way work together. The reason I mentioned the two is because I tried the same VPN on the other Firewall with a higher firmware and it worked within minutes of set-up. So i really want to upgrade this firewall. Thanks George On Mon, 2009-07-13 at 17:17 +0500, mas...@nexlinx.net.pk wrote: > Are you using both of the firewalls as n active/active or active/passive; > if yes thn you can try upgrading one of them while the other will take > care of your production services. > > Regards, > Masood > > > Hi there, > > > > I have two juniper netscreens one is Firmware 5.0.0r8.1 . Now I have > > encountered a problem when setting up a VPN on this one due to firmware > > version thus I need to upgrade it. > > > > The question is how do I upgrade this firmware, challenge being that it > > is running live services and if the upgrade fails how do I roll-back. > > Guess the thing is I have to be 100% sure the upgrade will not affect > > anything. > > > > Cheers. > > George > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] How to upgrade junos 5.0.0r8.1
Are you using both of the firewalls as n active/active or active/passive; if yes thn you can try upgrading one of them while the other will take care of your production services. Regards, Masood > Hi there, > > I have two juniper netscreens one is Firmware 5.0.0r8.1 . Now I have > encountered a problem when setting up a VPN on this one due to firmware > version thus I need to upgrade it. > > The question is how do I upgrade this firmware, challenge being that it > is running live services and if the upgrade fails how do I roll-back. > Guess the thing is I have to be 100% sure the upgrade will not affect > anything. > > Cheers. > George > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] How to upgrade junos 5.0.0r8.1
Hi there, I have two juniper netscreens one is Firmware 5.0.0r8.1 . Now I have encountered a problem when setting up a VPN on this one due to firmware version thus I need to upgrade it. The question is how do I upgrade this firmware, challenge being that it is running live services and if the upgrade fails how do I roll-back. Guess the thing is I have to be 100% sure the upgrade will not affect anything. Cheers. George ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
