[j-nsp] Interest in a (european) Juniper User Group
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I just thought that a Juniper User Group would be quiet cool - if someone else also has interest in it. Due to my latest experiences with Juniper, this could maybe change the way with problems is dealt with and how customers are heard. I believe that a Open PR database founded on the knowledge of the group could be quiet helpful - at least I have been confrontated with many confidential PRs, who killed our network, as we switched over to EX. The communication done by Juniper is not very helpful in these cases, and maybe we would be heard better, if we unite in our interests as Juniper users... What do you think? Do you believe this could make any sense? Thanks, Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqOWQ0ACgkQrUvjMoak8ZdOVwCdGQIXk33ljnRiHmXDClRaeC14 BD0AnjDvYwPZ0bVEJk6gAH1Kskah/p2B =pG53 -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] routing-instances routing-instance-name instance-type [ vrf | virtual-router|..]
Hi List, Can someone put some light on the instance-type: 'vrf' and 'virtual-router', preferably with some explanation/examples of using them ? Thanks in advance, Mustafa ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4200
I can remember we've had such an issue on 9.3R2, but at the end that turned out to be an hardware issue on one of the members of the VC. We're running 9.5R2.7 for about 6 weeks now and did not observe any issues anymore. The switches are used for 'simple' L2 forwarding with MSTP, no L3. We have come a long way with major bugs and issues (we started with 9.1R1!) but since 9.5 the platform is completely stable. BR, Niels -Oorspronkelijk bericht- Van: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] Namens Ross Vandegrift Verzonden: donderdag 20 augustus 2009 22:14 Aan: Brendan Mannella CC: juniper-nsp@puck.nether.net Onderwerp: Re: [j-nsp] EX4200 On Thu, Aug 20, 2009 at 08:15:57AM -0400, Brendan Mannella wrote: I have just went to 9.3r4.4 and it fixed most issues Seems very stable so far. Have you reported this issue to JTAC? Is it documented in a PR? This has huge potential impact for system I'll be turning live in the coming months, so the report makes for very good information. I'd like to see that addressed. Ross -- Ross Vandegrift r...@kallisti.us If the fight gets hot, the songs get hotter. If the going gets tough, the songs get tougher. --Woody Guthrie ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Interest in a (european) Juniper User Group
We would absolutely be very interested in such a group, even if actual meetings might be more complicated a place to exchange and write down ideas and known problems would be extremely helpful. The EX-series in particular seems like a moving target still and there's lots information there that could be useful. Not to mention that theoretically the UG could act on behalf of all members in communication with Juniper. So, we (I) are intrested! --- Martin Levin IT-strategy planning Mölndals stad Från:Thomas Eichhorn t...@te3networks.de Till:juniper-nsp@puck.nether.net Datum:2009-08-21 10:28 Ärende:[j-nsp] Interest in a (european) Juniper User Group -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I just thought that a Juniper User Group would be quiet cool - if someone else also has interest in it. Due to my latest experiences with Juniper, this could maybe change the way with problems is dealt with and how customers are heard. I believe that a Open PR database founded on the knowledge of the group could be quiet helpful - at least I have been confrontated with many confidential PRs, who killed our network, as we switched over to EX. The communication done by Juniper is not very helpful in these cases, and maybe we would be heard better, if we unite in our interests as Juniper users... What do you think? Do you believe this could make any sense? Thanks, Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqOWQ0ACgkQrUvjMoak8ZdOVwCdGQIXk33ljnRiHmXDClRaeC14 BD0AnjDvYwPZ0bVEJk6gAH1Kskah/p2B =pG53 -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] op script for checking when rpd fails
If RPD crashes or cores you will get syslog messages, which an event script can match on, then I suppose you could issue 'restart routing'. Truman On 21/08/2009, at 1:33 AM, Noah Garrett Wallach wrote: sth...@nethelp.no wrote: I'd like to have an op script turn off some interfaces when rpd fails. Does anybody know how to notify an op script to do something based on a process failing and/or disappearing? Not really answering your question, but: If you have serious problems with rpd dying *often*, you really need to open a JTAC case. rpd is such an important part of the system that the router really can't do much without it... no doubt - we took care of that within 5 minutes of the core found. we are fairly diligent with that type of stuff. that still does not address our op script next steps. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] routing-instances routing-instance-name instance-type [ vrf | virtual-router|..]
Sure. If you are coming from a Cisco world you can think of virtual-router as vrf-lite. It's not MPLS attached and just used as a seperate routing table and don't require RD or import/export. VRF would be a traditional MPLS L3 VPN instance. HTH, Brandon On Fri, Aug 21, 2009 at 2:36 AM, Mustafa Golam - mustafa.go...@gmail.comwrote: Hi List, Can someone put some light on the instance-type: 'vrf' and 'virtual-router', preferably with some explanation/examples of using them ? Thanks in advance, Mustafa ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Interest in a (european) Juniper User Group
There is also a Juniper company forum/board for EX and other products, see http://forums.juniper.net Rgds Alex - Original Message - From: Martin Levin martin.le...@molndal.se To: juniper-nsp@puck.nether.net Sent: Friday, August 21, 2009 2:31 PM Subject: Re: [j-nsp] Interest in a (european) Juniper User Group We would absolutely be very interested in such a group, even if actual meetings might be more complicated a place to exchange and write down ideas and known problems would be extremely helpful. The EX-series in particular seems like a moving target still and there's lots information there that could be useful. Not to mention that theoretically the UG could act on behalf of all members in communication with Juniper. So, we (I) are intrested! --- Martin Levin IT-strategy planning Mölndals stad Från:Thomas Eichhorn t...@te3networks.de Till:juniper-nsp@puck.nether.net Datum:2009-08-21 10:28 Ärende:[j-nsp] Interest in a (european) Juniper User Group -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I just thought that a Juniper User Group would be quiet cool - if someone else also has interest in it. Due to my latest experiences with Juniper, this could maybe change the way with problems is dealt with and how customers are heard. I believe that a Open PR database founded on the knowledge of the group could be quiet helpful - at least I have been confrontated with many confidential PRs, who killed our network, as we switched over to EX. The communication done by Juniper is not very helpful in these cases, and maybe we would be heard better, if we unite in our interests as Juniper users... What do you think? Do you believe this could make any sense? Thanks, Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqOWQ0ACgkQrUvjMoak8ZdOVwCdGQIXk33ljnRiHmXDClRaeC14 BD0AnjDvYwPZ0bVEJk6gAH1Kskah/p2B =pG53 -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Hello everyone, I just got my hands on a Juniper mx router and I'm starting the initial config in preparation to convert from Cisco. As I configure the interfaces, I can't seem to figure our how to create a routed vlan interface and have the ability to trunk it down multiple physical interfaces. I've looked up on the the web but was unable to find anything that direct describes what I'm trying to achieve. Below is a sample config from a Cisco; ! spanning-tree mode pvst spanning-tree vlan 200 priority 8192 ! interface GigabitEthernet2/1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 200 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet2/10 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 200 switchport mode trunk switchport nonegotiate ! interface Vlan200 ip address 10.10.10.2 255.255.255.192 no ip redirects no ip unreachables no ip proxy-arp standby ip 10.10.10.1 ! Can this be done on a MX router? if so, can a sample config be provided? Any help would be much appreciated. Michael ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Partition/Format new HD
Hello, I have been battling trying to replace a failed hard disk on my juniper m7i. I have finally got the disk to be recognized by the system. Now I need to put all the partitions back. The router successfully boots from the CF so I can run system commands. I tried.. r...@ibr1.pit request system partition hard-disk mount: /dev/ad1s1e on /altconfig: incorrect super block ERROR: Can't access hard disk, aborting partition. Am I missing a command first? Thanks, BRendan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Check the MX solution guide in documentation for latest JUNOS release. You need to look for interface-mode trunk, bridge-domain configuration and IRB interface configuration Thanks, Nilesh -- Sent from my mobile handheld device On Aug 21, 2009, at 9:27 AM, Michael Phung cyto...@gmail.com wrote: Hello everyone, I just got my hands on a Juniper mx router and I'm starting the initial config in preparation to convert from Cisco. As I configure the interfaces, I can't seem to figure our how to create a routed vlan interface and have the ability to trunk it down multiple physical interfaces. I've looked up on the the web but was unable to find anything that direct describes what I'm trying to achieve. Below is a sample config from a Cisco; ! spanning-tree mode pvst spanning-tree vlan 200 priority 8192 ! interface GigabitEthernet2/1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 200 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet2/10 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 200 switchport mode trunk switchport nonegotiate ! interface Vlan200 ip address 10.10.10.2 255.255.255.192 no ip redirects no ip unreachables no ip proxy-arp standby ip 10.10.10.1 ! Can this be done on a MX router? if so, can a sample config be provided? Any help would be much appreciated. Michael ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Partition/Format new HD
Date: Fri, 21 Aug 2009 12:32:30 -0400 From: Brendan Mannella bmanne...@teraswitch.com Sender: juniper-nsp-boun...@puck.nether.net Hello, I have been battling trying to replace a failed hard disk on my juniper m7i. I have finally got the disk to be recognized by the system. Now I need to put all the partitions back. The router successfully boots from the CF so I can run system commands. I tried.. r...@ibr1.pit request system partition hard-disk mount: /dev/ad1s1e on /altconfig: incorrect super block ERROR: Can't access hard disk, aborting partition. Am I missing a command first? request system snapshot partition but, if the disk is already partitioned for Windows, you should first start shell and 'dd if=/dev/zero of=/dev/adq bs=512 count=1024 This assumes the hard disk is ad1. You can confirm this with 'tail /var/run/dmesg' after starting shell or 'file show /var/run/dmesg' in the CLI. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
interfaces {
ge-0/0/0 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 10;
}
}
}
ge-0/0/1 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 1-4000;
}
}
}
irb {
unit 10 {
family inet {
address 10.0.0.3/29
}
}
}
}
}
}
}
bridge-domains {
vlan10 {
vlan-id 10;
routing-interface irb.10;
}
}
On Sat, Aug 22, 2009 at 12:23 AM, Michael Phung cyto...@gmail.com wrote:
Hello everyone,
I just got my hands on a Juniper mx router and I'm starting the
initial config in preparation to convert from Cisco. As I configure
the interfaces, I can't seem to figure our how to create a routed vlan
interface and have the ability to trunk it down multiple physical
interfaces. I've looked up on the the web but was unable to find
anything that direct describes what I'm trying to achieve.
Below is a sample config from a Cisco;
!
spanning-tree mode pvst
spanning-tree vlan 200 priority 8192
!
interface GigabitEthernet2/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface Vlan200
ip address 10.10.10.2 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
standby ip 10.10.10.1
!
Can this be done on a MX router? if so, can a sample config be provided?
Any help would be much appreciated.
Michael
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
BR!
James Chen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
FYI
Thanks,
Nilesh
On 8/21/09 10:34 AM, 陈江 iloveb...@gmail.com wrote:
interfaces {
ge-0/0/0 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 10;
}
}
}
ge-0/0/1 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 1-4000;
}
}
}
irb {
unit 10 {
family inet {
address 10.0.0.3/29 http://10.0.0.3/29
}
}
}
}
}
}
}
bridge-domains {
vlan10 {
vlan-id 10;
routing-interface irb.10;
}
}
On Sat, Aug 22, 2009 at 12:48 AM, Nilesh Khambal nkham...@juniper.net wrote:
Check the MX solution guide in documentation for latest JUNOS release.
You need to look for interface-mode trunk, bridge-domain
configuration and IRB interface configuration
Thanks,
Nilesh
--
Sent from my mobile handheld device
On Aug 21, 2009, at 9:27 AM, Michael Phung cyto...@gmail.com wrote:
Hello everyone,
I just got my hands on a Juniper mx router and I'm starting the
initial config in preparation to convert from Cisco. As I configure
the interfaces, I can't seem to figure our how to create a routed vlan
interface and have the ability to trunk it down multiple physical
interfaces. I've looked up on the the web but was unable to find
anything that direct describes what I'm trying to achieve.
Below is a sample config from a Cisco;
!
spanning-tree mode pvst
spanning-tree vlan 200 priority 8192
!
interface GigabitEthernet2/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface Vlan200
ip address 10.10.10.2 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
standby ip 10.10.10.1
!
Can this be done on a MX router? if so, can a sample config be
provided?
Any help would be much appreciated.
Michael
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Partition/Format new HD
Brendan,
Your new hdd doesn't look to be in good shape, how about a quick health
check?
A smartd,
r...@radium-re0-tarique% smartd -oX /dev/ad1
Drive Command Successful, Extended Self test has begun
Please wait 17 minutes for test to complete
Use smartd -oA to abort test
Ensure alternate super block exists,
r...@radium-re0-tarique% newfs -N /dev/ad1s1a
r...@radium-re0-tarique% newfs -N /dev/ad1s1e
Perform filechecks,
run these several times
r...@radium-re0-tarique% fsck -f /dev/ad1s1a
r...@radium-re0-tarique% fsck -f /dev/ad1s1e
{-f : Force fsck to check `clean' filesystems when preening}
If the above fails, we could preen.
r...@radium-re0-tarique% fsck -p /dev/ad1s1a
r...@radium-re0-tarique% fsck -p /dev/ad1s1e
-p : Preen filesystems
Some of the corrective actions which are not correctable under the -p
option can result in some loss of data.
The above checks will determine our next step.
Thanks Regards,
Tarique A. Nalkhande
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Brendan
Mannella
Sent: Friday, August 21, 2009 10:03 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Partition/Format new HD
Hello,
I have been battling trying to replace a failed hard disk on my juniper
m7i.
I have finally got the disk to be recognized by the system. Now I need
to
put all the partitions back. The router successfully boots from the CF
so I
can run system commands.
I tried..
r...@ibr1.pit request system partition hard-disk
mount: /dev/ad1s1e on /altconfig: incorrect super block
ERROR: Can't access hard disk, aborting partition.
Am I missing a command first?
Thanks,
BRendan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Restore M7 to initial state
Many thanks to all for answers. *am* - Andrea Montefusco iw0hdvhttp://www.montefusco.com tel: +393356992791 fax: +390623318709 - ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Partition/Format new HD
I am actually ok now, thanks to Kevin Oberman from Energy Sciences Network
(ESnet). I am working on documenting the events to post to the list, as I am
sure this will happen to someone else. And surprisingly I could not find one
place for the answer.
On 8/21/09 2:13 PM, Nalkhande Tarique Abbas ntari...@juniper.net wrote:
Brendan,
Your new hdd doesn't look to be in good shape, how about a quick health
check?
A smartd,
r...@radium-re0-tarique% smartd -oX /dev/ad1
Drive Command Successful, Extended Self test has begun
Please wait 17 minutes for test to complete
Use smartd -oA to abort test
Ensure alternate super block exists,
r...@radium-re0-tarique% newfs -N /dev/ad1s1a
r...@radium-re0-tarique% newfs -N /dev/ad1s1e
Perform filechecks,
run these several times
r...@radium-re0-tarique% fsck -f /dev/ad1s1a
r...@radium-re0-tarique% fsck -f /dev/ad1s1e
{-f : Force fsck to check `clean' filesystems when preening}
If the above fails, we could preen.
r...@radium-re0-tarique% fsck -p /dev/ad1s1a
r...@radium-re0-tarique% fsck -p /dev/ad1s1e
-p : Preen filesystems
Some of the corrective actions which are not correctable under the -p
option can result in some loss of data.
The above checks will determine our next step.
Thanks Regards,
Tarique A. Nalkhande
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Brendan
Mannella
Sent: Friday, August 21, 2009 10:03 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Partition/Format new HD
Hello,
I have been battling trying to replace a failed hard disk on my juniper
m7i.
I have finally got the disk to be recognized by the system. Now I need
to
put all the partitions back. The router successfully boots from the CF
so I
can run system commands.
I tried..
r...@ibr1.pit request system partition hard-disk
mount: /dev/ad1s1e on /altconfig: incorrect super block
ERROR: Can't access hard disk, aborting partition.
Am I missing a command first?
Thanks,
BRendan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Partition/Format new HD
Date: Fri, 21 Aug 2009 09:56:45 -0700 From: Kevin Oberman ober...@es.net Sender: juniper-nsp-boun...@puck.nether.net Date: Fri, 21 Aug 2009 12:32:30 -0400 From: Brendan Mannella bmanne...@teraswitch.com Sender: juniper-nsp-boun...@puck.nether.net Hello, I have been battling trying to replace a failed hard disk on my juniper m7i. I have finally got the disk to be recognized by the system. Now I need to put all the partitions back. The router successfully boots from the CF so I can run system commands. I tried.. r...@ibr1.pit request system partition hard-disk mount: /dev/ad1s1e on /altconfig: incorrect super block ERROR: Can't access hard disk, aborting partition. Am I missing a command first? request system snapshot partition but, if the disk is already partitioned for Windows, you should first start shell and 'dd if=/dev/zero of=/dev/adq bs=512 count=1024 This assumes the hard disk is ad1. You can confirm this with 'tail /var/run/dmesg' after starting shell or 'file show /var/run/dmesg' in the CLI. Replying to myself to correct my mistakes: The command to wipe the partition table on a disk set up for Windows, it should have read: dd if=/dev/zero of=/dev/ad1 bs=512 count=1024 Lazy finger! More importantly, once that is done 'request system partition hard-disk' is the correct way to partition the hard drive. the snapshot command will only create the partitions needed to snapshot the flash and not 'b' (swap) or 'f' (var) which don't exist on the CF. Sorry for posting the bogus information. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
This is how I do it... if this is not a recommended method, please let me know
(PLEASE!) I currently configure around 90 L3 interfaces in this manner right
now.
interfaces {
ge-0/0/20 {
description physical port;
unit 0 {
family ethernet-switching {
port-mode trunk;
native-vlan-id 3007;
}
}
}
vlan {
unit 98 {
description prov - vlan 98 - 8.0.0.0/30 - pri-switch -
fa0/3;
family inet {
address 8.0.0.1/30;
}
}
unit 4070 {
description psc - vlan 4070 - 10.254.0.128/26;
family inet {
address 10.254.0.129/26;
}
}
}
vlans {
prov {
description prov - vlan 98 - 8.0.0.0/30 - pri-switch - fa0/3;
vlan-id 98;
interface {
ge-0/0/20.0;
ge-0/0/1.0;
}
l3-interface vlan.98;
}
psc {
description psc - vlan 4070 - 10.254.0.128/26;
vlan-id 4070;
interface {
ge-0/0/20.0;
}
l3-interface vlan.4070;
}
Thanks,
Dan
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of ??
Sent: Friday, August 21, 2009 1:34 PM
To: Michael Phung
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
interfaces {
ge-0/0/0 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 10;
}
}
}
ge-0/0/1 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 1-4000;
}
}
}
irb {
unit 10 {
family inet {
address 10.0.0.3/29
}
}
}
}
}
}
}
bridge-domains {
vlan10 {
vlan-id 10;
routing-interface irb.10;
}
}
On Sat, Aug 22, 2009 at 12:23 AM, Michael Phung cyto...@gmail.com wrote:
Hello everyone,
I just got my hands on a Juniper mx router and I'm starting the
initial config in preparation to convert from Cisco. As I configure
the interfaces, I can't seem to figure our how to create a routed vlan
interface and have the ability to trunk it down multiple physical
interfaces. I've looked up on the the web but was unable to find
anything that direct describes what I'm trying to achieve.
Below is a sample config from a Cisco;
!
spanning-tree mode pvst
spanning-tree vlan 200 priority 8192
!
interface GigabitEthernet2/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface Vlan200
ip address 10.10.10.2 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
standby ip 10.10.10.1
!
Can this be done on a MX router? if so, can a sample config be provided?
Any help would be much appreciated.
Michael
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
BR!
James Chen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Partition/Format new HD
Yes, but that command did not work for me until I did request system snapshot partition first. Then I did request system partition hard-disk Initially I replaced the bad disk with a brand new SSD out of the box, booted and ran. request system partition hard-disk and I got the following error.. r...@ibr1.pit request system partition hard-disk mount: /dev/ad1s1e on /altconfig: incorrect super block ERROR: Can't access hard disk, aborting partition. Not until I ran request system snapshot partition first did it work. On 8/21/09 1:53 PM, Kevin Oberman ober...@es.net wrote: Date: Fri, 21 Aug 2009 09:56:45 -0700 From: Kevin Oberman ober...@es.net Sender: juniper-nsp-boun...@puck.nether.net Date: Fri, 21 Aug 2009 12:32:30 -0400 From: Brendan Mannella bmanne...@teraswitch.com Sender: juniper-nsp-boun...@puck.nether.net Hello, I have been battling trying to replace a failed hard disk on my juniper m7i. I have finally got the disk to be recognized by the system. Now I need to put all the partitions back. The router successfully boots from the CF so I can run system commands. I tried.. r...@ibr1.pit request system partition hard-disk mount: /dev/ad1s1e on /altconfig: incorrect super block ERROR: Can't access hard disk, aborting partition. Am I missing a command first? request system snapshot partition but, if the disk is already partitioned for Windows, you should first start shell and 'dd if=/dev/zero of=/dev/adq bs=512 count=1024 This assumes the hard disk is ad1. You can confirm this with 'tail /var/run/dmesg' after starting shell or 'file show /var/run/dmesg' in the CLI. Replying to myself to correct my mistakes: The command to wipe the partition table on a disk set up for Windows, it should have read: dd if=/dev/zero of=/dev/ad1 bs=512 count=1024 Lazy finger! More importantly, once that is done 'request system partition hard-disk' is the correct way to partition the hard drive. the snapshot command will only create the partitions needed to snapshot the flash and not 'b' (swap) or 'f' (var) which don't exist on the CF. Sorry for posting the bogus information. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Dan,
This EX switch configuration. Original post requested configuration for MX
Switches.
Thanks,
Nilesh.
On 8/21/09 11:45 AM, Dan Farrell da...@appliedi.net wrote:
This is how I do it... if this is not a recommended method, please let me know
(PLEASE!) I currently configure around 90 L3 interfaces in this manner right
now.
interfaces {
ge-0/0/20 {
description physical port;
unit 0 {
family ethernet-switching {
port-mode trunk;
native-vlan-id 3007;
}
}
}
vlan {
unit 98 {
description prov - vlan 98 - 8.0.0.0/30 - pri-switch -
fa0/3;
family inet {
address 8.0.0.1/30;
}
}
unit 4070 {
description psc - vlan 4070 - 10.254.0.128/26;
family inet {
address 10.254.0.129/26;
}
}
}
vlans {
prov {
description prov - vlan 98 - 8.0.0.0/30 - pri-switch - fa0/3;
vlan-id 98;
interface {
ge-0/0/20.0;
ge-0/0/1.0;
}
l3-interface vlan.98;
}
psc {
description psc - vlan 4070 - 10.254.0.128/26;
vlan-id 4070;
interface {
ge-0/0/20.0;
}
l3-interface vlan.4070;
}
Thanks,
Dan
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of ??
Sent: Friday, August 21, 2009 1:34 PM
To: Michael Phung
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
interfaces {
ge-0/0/0 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 10;
}
}
}
ge-0/0/1 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 1-4000;
}
}
}
irb {
unit 10 {
family inet {
address 10.0.0.3/29
}
}
}
}
}
}
}
bridge-domains {
vlan10 {
vlan-id 10;
routing-interface irb.10;
}
}
On Sat, Aug 22, 2009 at 12:23 AM, Michael Phung cyto...@gmail.com wrote:
Hello everyone,
I just got my hands on a Juniper mx router and I'm starting the
initial config in preparation to convert from Cisco. As I configure
the interfaces, I can't seem to figure our how to create a routed vlan
interface and have the ability to trunk it down multiple physical
interfaces. I've looked up on the the web but was unable to find
anything that direct describes what I'm trying to achieve.
Below is a sample config from a Cisco;
!
spanning-tree mode pvst
spanning-tree vlan 200 priority 8192
!
interface GigabitEthernet2/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface Vlan200
ip address 10.10.10.2 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
standby ip 10.10.10.1
!
Can this be done on a MX router? if so, can a sample config be provided?
Any help would be much appreciated.
Michael
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
BR!
James Chen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Partition/Format new HD
Date: Fri, 21 Aug 2009 14:50:51 -0400 From: Brendan Mannella bmanne...@teraswitch.com Yes, but that command did not work for me until I did request system snapshot partition first. Then I did request system partition hard-disk Initially I replaced the bad disk with a brand new SSD out of the box, booted and ran. request system partition hard-disk and I got the following error.. r...@ibr1.pit request system partition hard-disk mount: /dev/ad1s1e on /altconfig: incorrect super block ERROR: Can't access hard disk, aborting partition. Not until I ran request system snapshot partition first did it work. Yes, but it was the dd(1) that fixed the real problem. The disk was pre-formatted for either FAT or NTFS and that resulted in a partition table on the drive that FreeBSD (JunOS) could not work with. The dd(1) command blanked the partition table on the drive so the 'request system partition hard-drive' command could do the job. I believe that the sequence of things (at the FreeBSD level) is: Check for /dev/ad1s1 If it is not found, fdisk to create it. bsdlabel to partition the slice If the disk is already FAT or NTFS formatted, it will have /dev/ad1s1, but it won't be a FreeBSD type slice, so bsdlabel will fail (as it did). Wiping the partition table prevents this and causes fdisk to be run before bsdlabel. I am pretty sure that just doing the dd followed by the 'request system partition hard-disk' would have done the job. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Broken Per-Flow load sharing
For anyone curious, Juniper seems to have 3 ways to solve this problem:
http://www.juniper.net/techpubs/software/junos/junos93/swconfig-policy/configuring-per-flow-load-balancing-information.html#id-11352490
I can't say I understand all 3 (docs are a bit vague). We implemented the first
and it worked perfectly:
[edit forwarding-options hash-key]
family inet {
layer-3;
layer-4;
}
Serge
- Original Message
From: Serge Vautour sergevaut...@yahoo.ca
To: juniper-nsp@puck.nether.net
Sent: Thursday, August 20, 2009 11:44:25 AM
Subject: [j-nsp] Broken Per-Flow load sharing
Hello,
We have several M320s T640s in our network running 8.5R4.3. They are all
configured for per-flow load sharing:
RouterA show configuration routing-options forwarding-table
export perDestinationLoadBalance;
RouterA show configuration policy-options policy-statement
perDestinationLoadBalance
/* Policy exported against forwarding-table configuration to ensure
per-flow-destination load balance */
then {
load-balance per-packet;
}
The routers have 2x 10GEs via switches to reach Aggregation routers. OSPF sees
2 equal cost paths to the BGP next hops and splits the traffic across the
links. This has been working fine for a few years (it worked on 8.2 as well).
We recently upgraded to 9.3R2.8 and load sharing is no longer working:
RouterA show interfaces xe-1/0/0 detail | match Output packets.*pps
Output packets: 61838797 pps
Output packets:00 pps
Output packets:525426 pps
Output packets:192790 pps
Output packets: 31340 pps
Output packets:00 pps
RouterA show interfaces xe-2/0/0 detail | match Output packets.*pps
Output packets: 285078265156 228705 pps
Output packets:00 pps
Output packets: 280511288646 221803 pps
Output packets: 4118406919 6075 pps
Output packets:442607080 894 pps
Output packets:00 pps
The first Output line is the 10GE aggregate. The other output lines are the
VLANs on the 10GE. Note that the xe-1/0/0 interface has next to 0 pps on
output!! We have upgraded two M320s and they are both showing the same problem.
My guess is that the per-flow load balancing hash has changed in the newer
release. The 9.3 manual talks about setting something like this:
[edit forwarding-options hash-key]
family inet {
layer-3;
layer-4;
}
But it's a bit unclear as to what happens if it isn't set. Can anyone confirm
that this will restore per-flow load sharing?
Any help would be appreciated.
Thanks,
Serge
__
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
__
The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo!
Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Fwd: AS path loop detection from IBGP peer
Hi Jana,
I think I may have found a better solution. There is another option,
which is to pass the iBGP information of your customer transparently across
the VPN network. i.e. the routes on the customer side will not see the
AS(es) that are used on the VPN network.
You can do this by configuring a VRF such that:
routing-options {
autonomous-system *customer AS* *independent-domain*;
}
protocols {
bgp {
group ibgp {
type *internal*;
neighbor peer IP;
}
}
}
This will instruct the PE to transport the customer network BGP
attributes transparently over the VPN infrastructure. The protocol extension
is documented in draft-marques-l3vpn-ibgp-01.
On Thu, Aug 20, 2009 at 1:48 PM, janardhan madabattula
janardhan...@gmail.com wrote:
Hi Steve,
This is not working in IBGP case, I mean the command itself is not taking
affect.
Do you expect this to work in IBGP peers (PEs).?
=
}
policy-statement loopback1 {
from {
route-filter 6.6.6.6/32 exact;
}
then accept;
}
policy-statement spoke3-EX {
from protocol [ static direct bgp ];
then {
community add spoke3-comm1;
accept;
}
}
policy-statement spoke3-IMP {
from {
protocol bgp;
community spoke3-comm2;
}
then accept;
}
community vpn1-comm members target:1:6500;
community spoke3-comm1 members target:1:1100;
community spoke3-comm2 members target:1:1000;
}
routing-instances {
vpn1 {
instance-type vrf;
interface ge-0/0/6.1;
route-distinguisher 1.1.1.4:6500;
vrf-import vpn1-IMP;
vrf-export vpn1-EX;
routing-options {
rib vpn1.inet6.0 {
static {
route 210::/64 next-hop 3ffe::21:1;
}
}
}
protocols {
bgp {
family inet6 {
unicast;
}
group to-N2X {
peer-as 1000;
local-as 1;
neighbor 200::1;
}
}
}
}
spoke3 {
instance-type vrf;
interface ge-0/0/6.2;
route-distinguisher 1.1.1.4:1100;
vrf-import spoke3-IMP;
vrf-export spoke3-EX;
routing-options {
rib spoke3.inet6.0 {
static {
route 155::/64 next-hop 150::1;
}
}
}
}
}
routing-options {
autonomous-system loops 2;
}
[edit groups MPBN logical-systems jana]
t...@systest-m320# commit check
[edit logical-systems jana routing-options]
'autonomous-system'
Missing mandatory statement: as_number
error: configuration check-out failed: (missing mandatory statements)
[edit groups MPBN logical-systems jana]
t...@systest-m320# set routing-options autonomous-system loops 2 1
[edit groups MPBN logical-systems jana]
t...@systest-m320# commit check
[edit groups MPBN logical-systems jana protocols bgp group PE1]
'local-as'
Invalid loop count configured
error: configuration check-out failed
[edit groups MPBN logical-systems jana]
t...@systest-m320#
==
THanks,
Janardhan
On Tue, Aug 18, 2009 at 4:45 PM, Steven Brenchley breste...@gmail.comwrote:
I've never set it up with IPV6 and the doc's don't say one way or
another but I would think it wouldn't make a difference
.
If this is in a routing instance then you'll need to apply it in the
routing instance?
# set routing-instances vpn routing-options autonomous-system loops 2
On Tue, Aug 18, 2009 at 7:03 PM, janardhan madabattula
janardhan...@gmail.com wrote:
Hi,
Does this work in 6VPE environment ?
Still, I am seeing the IBGP peer is not installing those routes with its
own AS in AS-PATH list.
THanks,
Jana
On Tue, Aug 18, 2009 at 3:47 PM, Steven Brenchley breste...@gmail.com
wrote:
Hi Janardhan,
There is no way to disable AS loop detection but you can make the
router accept an AS loop up to 10 times. Use the following command.
# set routing-options autonomous-system loops 10
On Tue, Aug 18, 2009 at 5:01 PM, janardhan madabattula
janardhan...@gmail.com wrote:
Hi,
Is there any way to disable AS path loop detection when it recieve
route
update from IBGP peer.
Thanks,
Janardhan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Steven Brenchley
-
There are 10 types of people in the world those who understand binary
and those who don't.
--
Steven Brenchley
-
There are 10 types of people in the world those who understand
Re: [j-nsp] Broken Per-Flow load sharing
Hey Serge,
The default behavior is to look at layer-3 info only. The option you
configured below add the layer-4 information to the hash.
Starting in JUNOS 9.5, for MX routers with layer-2 links and link
aggregation, there are more options. In addition to:
[edit forwarding options hash key]
family inet
there is also:
[edit forwarding options hash key]
family multiservice
http://www.juniper.net/techpubs/software/junos/junos95/swconfig-layer-2/id-load-link-sec.html
This is used to layer-2 links can also look at the layer-3 and layer-4
information.
Cheers,
-Andy
On Fri, Aug 21, 2009 at 2:53 PM, Serge Vautour sergevaut...@yahoo.cawrote:
For anyone curious, Juniper seems to have 3 ways to solve this problem:
http://www.juniper.net/techpubs/software/junos/junos93/swconfig-policy/configuring-per-flow-load-balancing-information.html#id-11352490
I can't say I understand all 3 (docs are a bit vague). We implemented the
first and it worked perfectly:
[edit forwarding-options hash-key]
family inet {
layer-3;
layer-4;
}
Serge
- Original Message
From: Serge Vautour sergevaut...@yahoo.ca
To: juniper-nsp@puck.nether.net
Sent: Thursday, August 20, 2009 11:44:25 AM
Subject: [j-nsp] Broken Per-Flow load sharing
Hello,
We have several M320s T640s in our network running 8.5R4.3. They are all
configured for per-flow load sharing:
RouterA show configuration routing-options forwarding-table
export perDestinationLoadBalance;
RouterA show configuration policy-options policy-statement
perDestinationLoadBalance
/* Policy exported against forwarding-table configuration to ensure
per-flow-destination load balance */
then {
load-balance per-packet;
}
The routers have 2x 10GEs via switches to reach Aggregation routers. OSPF
sees 2 equal cost paths to the BGP next hops and splits the traffic across
the links. This has been working fine for a few years (it worked on 8.2 as
well).
We recently upgraded to 9.3R2.8 and load sharing is no longer working:
RouterA show interfaces xe-1/0/0 detail | match Output packets.*pps
Output packets: 61838797 pps
Output packets:00 pps
Output packets:525426 pps
Output packets:192790 pps
Output packets: 31340 pps
Output packets:00 pps
RouterA show interfaces xe-2/0/0 detail | match Output packets.*pps
Output packets: 285078265156 228705 pps
Output packets:00 pps
Output packets: 280511288646 221803 pps
Output packets: 4118406919 6075 pps
Output packets:442607080 894 pps
Output packets:00 pps
The first Output line is the 10GE aggregate. The other output lines are
the VLANs on the 10GE. Note that the xe-1/0/0 interface has next to 0 pps on
output!! We have upgraded two M320s and they are both showing the same
problem.
My guess is that the per-flow load balancing hash has changed in the newer
release. The 9.3 manual talks about setting something like this:
[edit forwarding-options hash-key]
family inet {
layer-3;
layer-4;
}
But it's a bit unclear as to what happens if it isn't set. Can anyone
confirm that this will restore per-flow load sharing?
Any help would be appreciated.
Thanks,
Serge
__
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
__
The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo!
Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] How to find GGSN Version?
Got my answer: Probably the easiest way is to log into the node and run the following command:- must...@ggsn1 bgwu...@cwggsn1 show services ggsn status Interface: gc-0/1/0 External address: 212.129.65.65 Internal address: 10.0.0.17 Function: Node Controller Hardware version: 1.11.0.0 , Software version: 4.0.13.27 On Fri, Aug 21, 2009 at 9:21 PM, Mustafa Golam - mustafa.go...@gmail.comwrote: Hi Experts, How to find GGSN Version [ like GGSN R4 FP01 CP05] for Ericsson GGSN in Juniper Platform? Any command, other than finding latest installed ggsn-install-rev.tgz file? Thanks in advance, Mustafa ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Partition/Format new HD
On Fri, Aug 21, 2009 at 12:26:10PM -0700, Kevin Oberman wrote: Yes, but it was the dd(1) that fixed the real problem. The disk was pre-formatted for either FAT or NTFS and that resulted in a partition table on the drive that FreeBSD (JunOS) could not work with. The dd(1) command blanked the partition table on the drive so the 'request system partition hard-drive' command could do the job. I believe that the sequence of things (at the FreeBSD level) is: Check for /dev/ad1s1 If it is not found, fdisk to create it. bsdlabel to partition the slice Back in the day I remember having to do a completely manual fdisk and bsdlabel, complete with manually calculating all the sizes and offsets for the slices when the drive size changed (*), whenever I had to install a new drive. Recently I tried installing 9.3 from install-media onto a completely non-standard sized drive with some pre-existing Windows partitions even, and was completely surprised to find that all the install scripts Just Worked (tm). Go Juniper. (*) Who else remembers having to boot their Juniper RE-2.0's into dos to flash the bios from 0.9 to 1.2 to work around the old award bios bug that blew up when you put in 32gb drives? Now THAT was a pain in the ass. :) -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Hi Brian,
Your way of configuring trunks and access ports is what I call an old style of
configuration before the introduction of interface-mode trunk and
interface-mode access knobs in JUNOS. Old style was a bit painful to use when
you had to configure multiple vlans on trunk interface. With new style, you
don't need to configure trunk interfaces with multiple logical units and assign
each unit to its corresponding bridge-domains. Interface-mode knob is more
user-friendly in that, when you configure it in access or trunk mode with
either vlan-id or vlan-id-list respectively, the interface is automatically
associated with the corresponding bridge-domain.
Again, it all depends on user convenience. You should be able to mix old-style
configuration with new-style configuration, especially in cases where vlan id
normalization is needed.
Thanks,
Nilesh.
On 8/21/09 12:47 PM, Brian Fitzgerald fitzgera...@camosun.bc.ca wrote:
Hello Michael
An alternate is to use the flexible-services that the MX has available -
leaves you able to use other vlans on the ports for direct routed use,
logical routers, QinQ tagging, VPLS, etc.
HSRP is Cisco specific - the equivalent with everyone else is VRRP -
which most Cisco gear also supports
The VSTP spanning tree protocol used on the MX (essentially PVST+) is
something I tinkered with, but we never implemented, so double-check my
syntax. As well, it does limit you to using the same vlan tags and a
matching normalizing bridge group tag on all interfaces that are part
of the bridge group - a fixed requirement on TCAM based Cisco gear, but
NOT on the MX (which allows you to bridge together dissimilar tags on
each interface that are part of a bridge group, if you aren't using
VSTP)
Example:
interfaces {
ge-2/0/0 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 200 {
encapsulation vlan-bridge;
vlan-id 200;
}
}
ge-2/1/0 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 200 {
encapsulation vlan-bridge;
vlan-id 200;
}
}
irb {
unit 200 {
family inet {
address 10.10.10.2/26;
vrrp-group 1 {
virtual-address 10.10.10.1;
priority 10;
}
}
}
}
}
protocols {
vstp {
vlan 200 {
interface ge-2/0/0.200;
interface ge-2/1/0.200;
}
}
}
bridge-domains {
vlan200 {
domain-type bridge;
vlan-id 200;
interface ge-2/0/0.200;
interface ge-2/1/0.200;
routing-interface irb.200
}
}
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Michael Phung
Sent: Friday, August 21, 2009 9:24 AM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Hello everyone,
I just got my hands on a Juniper mx router and I'm starting the
initial config in preparation to convert from Cisco. As I configure
the interfaces, I can't seem to figure our how to create a routed vlan
interface and have the ability to trunk it down multiple physical
interfaces. I've looked up on the the web but was unable to find
anything that direct describes what I'm trying to achieve.
Below is a sample config from a Cisco;
!
spanning-tree mode pvst
spanning-tree vlan 200 priority 8192
!
interface GigabitEthernet2/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface Vlan200
ip address 10.10.10.2 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
standby ip 10.10.10.1
!
Can this be done on a MX router? if so, can a sample config be provided?
Any help would be much appreciated.
Michael
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Partition/Format new HD
Date: Fri, 21 Aug 2009 16:46:40 -0500 From: Richard A Steenbergen r...@e-gerbil.net On Fri, Aug 21, 2009 at 12:26:10PM -0700, Kevin Oberman wrote: Yes, but it was the dd(1) that fixed the real problem. The disk was pre-formatted for either FAT or NTFS and that resulted in a partition table on the drive that FreeBSD (JunOS) could not work with. The dd(1) command blanked the partition table on the drive so the 'request system partition hard-drive' command could do the job. I believe that the sequence of things (at the FreeBSD level) is: Check for /dev/ad1s1 If it is not found, fdisk to create it. bsdlabel to partition the slice Back in the day I remember having to do a completely manual fdisk and bsdlabel, complete with manually calculating all the sizes and offsets for the slices when the drive size changed (*), whenever I had to install a new drive. Recently I tried installing 9.3 from install-media onto a completely non-standard sized drive with some pre-existing Windows partitions even, and was completely surprised to find that all the install scripts Just Worked (tm). Go Juniper. I remember doing this for a long time on BSD 4.2 systems before JunOS existed. That did not make it fun. Calculate every value at least twice...more often when you didn't get the same answer both times. We're stating to sound old, RAS. (*) Who else remembers having to boot their Juniper RE-2.0's into dos to flash the bios from 0.9 to 1.2 to work around the old award bios bug that blew up when you put in 32gb drives? Now THAT was a pain in the ass. :) That one I was fortunate enough to miss. Still all Cisco back then. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Thanks Nilesh, that helps clarify some things that have been nagging at
me.
We are running 9.3, so the knobs are sort-of there, and we are using
them for ports where we know the mode of operation is consistent (access
or trunk, with the associated bridge normalization - locally connected
machines, equipment, and services).
Good to know they have evolved to support mixed-use support.
Where we use the old-style config is on ports that are mixed services -
multiple layers of tagging, mixed tag values in the same bridge (with
and without normalization or IRB interfaces), sub-interfaces associated
with other bridge routing-instances, VPLS, VRFs and logical routers -
and we really are using the whole gamut on one interface at the same
time. It also maintains consistency of configuration on multi-service
interfaces with a number of other M-Series routers we have in service.
I guess it depends on what you already have deployed and are comfortable
with, what you are primarily using the box for (switch or router) and
just how complex what you are trying to do is...
Thanks for the update - more than I could find out from the docs ;-)
Brian
-Original Message-
From: Nilesh Khambal [mailto:nkham...@juniper.net]
Sent: Friday, August 21, 2009 3:09 PM
To: Brian Fitzgerald; Michael Phung
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Hi Brian,
Your way of configuring trunks and access ports is what I call an old
style of configuration before the introduction of interface-mode trunk
and interface-mode access knobs in JUNOS. Old style was a bit painful
to use when you had to configure multiple vlans on trunk interface. With
new style, you don't need to configure trunk interfaces with multiple
logical units and assign each unit to its corresponding bridge-domains.
Interface-mode knob is more user-friendly in that, when you configure it
in access or trunk mode with either vlan-id or vlan-id-list
respectively, the interface is automatically associated with the
corresponding bridge-domain.
Again, it all depends on user convenience. You should be able to mix
old-style configuration with new-style configuration, especially in
cases where vlan id normalization is needed.
Thanks,
Nilesh.
On 8/21/09 12:47 PM, Brian Fitzgerald fitzgera...@camosun.bc.ca
wrote:
Hello Michael
An alternate is to use the flexible-services that the MX has available -
leaves you able to use other vlans on the ports for direct routed use,
logical routers, QinQ tagging, VPLS, etc.
HSRP is Cisco specific - the equivalent with everyone else is VRRP -
which most Cisco gear also supports
The VSTP spanning tree protocol used on the MX (essentially PVST+) is
something I tinkered with, but we never implemented, so double-check my
syntax. As well, it does limit you to using the same vlan tags and a
matching normalizing bridge group tag on all interfaces that are part
of the bridge group - a fixed requirement on TCAM based Cisco gear, but
NOT on the MX (which allows you to bridge together dissimilar tags on
each interface that are part of a bridge group, if you aren't using
VSTP)
Example:
interfaces {
ge-2/0/0 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 200 {
encapsulation vlan-bridge;
vlan-id 200;
}
}
ge-2/1/0 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 200 {
encapsulation vlan-bridge;
vlan-id 200;
}
}
irb {
unit 200 {
family inet {
address 10.10.10.2/26;
vrrp-group 1 {
virtual-address 10.10.10.1;
priority 10;
}
}
}
}
}
protocols {
vstp {
vlan 200 {
interface ge-2/0/0.200;
interface ge-2/1/0.200;
}
}
}
bridge-domains {
vlan200 {
domain-type bridge;
vlan-id 200;
interface ge-2/0/0.200;
interface ge-2/1/0.200;
routing-interface irb.200
}
}
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Michael Phung
Sent: Friday, August 21, 2009 9:24 AM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Hello everyone,
I just got my hands on a Juniper mx router and I'm starting the
initial config in preparation to convert from Cisco. As I configure
the interfaces, I can't seem to figure our how to create a routed vlan
interface and have the ability to trunk it down multiple physical
interfaces. I've looked up on the the web but was unable to find
anything that direct describes what I'm trying to achieve.
Below is a sample config from a Cisco;
!
spanning-tree mode pvst
spanning-tree vlan 200 priority 8192
!
interface GigabitEthernet2/1
switchport
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
This is some great information!
This is one of the only things I dislike about Junipers; there are so
many ways to do one thing... In the long rung I suppose it's better
that way. I'm going to read up on the different options here and see
what is a right fit for our design based on the two examples shown
here.
I noticed on the Brian's example; it includes the STP configuration
via VSTP . Is this still required but just not included in the initial
config same by James? I just want to make sure I have this crystal
clear in my head before diving into the documentation.
Thanks for all the help guys!!
Michael
*off to read more JUNOS*
On Fri, Aug 21, 2009 at 3:09 PM, Nilesh Khambalnkham...@juniper.net wrote:
Hi Brian,
Your way of configuring trunks and access ports is what I call an old style
of configuration before the introduction of interface-mode trunk and
interface-mode access knobs in JUNOS. Old style was a bit painful to use
when you had to configure multiple vlans on trunk interface. With new style,
you don't need to configure trunk interfaces with multiple logical units and
assign each unit to its corresponding bridge-domains. Interface-mode knob is
more user-friendly in that, when you configure it in access or trunk mode
with either vlan-id or vlan-id-list respectively, the interface is
automatically associated with the corresponding bridge-domain.
Again, it all depends on user convenience. You should be able to mix
old-style configuration with new-style configuration, especially in cases
where vlan id normalization is needed.
Thanks,
Nilesh.
On 8/21/09 12:47 PM, Brian Fitzgerald fitzgera...@camosun.bc.ca wrote:
Hello Michael
An alternate is to use the flexible-services that the MX has available -
leaves you able to use other vlans on the ports for direct routed use,
logical routers, QinQ tagging, VPLS, etc.
HSRP is Cisco specific - the equivalent with everyone else is VRRP -
which most Cisco gear also supports
The VSTP spanning tree protocol used on the MX (essentially PVST+) is
something I tinkered with, but we never implemented, so double-check my
syntax. As well, it does limit you to using the same vlan tags and a
matching normalizing bridge group tag on all interfaces that are part
of the bridge group - a fixed requirement on TCAM based Cisco gear, but
NOT on the MX (which allows you to bridge together dissimilar tags on
each interface that are part of a bridge group, if you aren't using
VSTP)
Example:
interfaces {
ge-2/0/0 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 200 {
encapsulation vlan-bridge;
vlan-id 200;
}
}
ge-2/1/0 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 200 {
encapsulation vlan-bridge;
vlan-id 200;
}
}
irb {
unit 200 {
family inet {
address 10.10.10.2/26;
vrrp-group 1 {
virtual-address 10.10.10.1;
priority 10;
}
}
}
}
}
protocols {
vstp {
vlan 200 {
interface ge-2/0/0.200;
interface ge-2/1/0.200;
}
}
}
bridge-domains {
vlan200 {
domain-type bridge;
vlan-id 200;
interface ge-2/0/0.200;
interface ge-2/1/0.200;
routing-interface irb.200
}
}
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Michael Phung
Sent: Friday, August 21, 2009 9:24 AM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Hello everyone,
I just got my hands on a Juniper mx router and I'm starting the
initial config in preparation to convert from Cisco. As I configure
the interfaces, I can't seem to figure our how to create a routed vlan
interface and have the ability to trunk it down multiple physical
interfaces. I've looked up on the the web but was unable to find
anything that direct describes what I'm trying to achieve.
Below is a sample config from a Cisco;
!
spanning-tree mode pvst
spanning-tree vlan 200 priority 8192
!
interface GigabitEthernet2/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
switchport nonegotiate
!
interface Vlan200
ip address 10.10.10.2 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
standby ip 10.10.10.1
!
Can this be done on a MX router? if so, can a sample config be provided?
Any help would be much appreciated.
Michael
___
juniper-nsp mailing
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Interface-mode knob is more user-friendly in that, when you
configure it in access or trunk mode with either vlan-id or vlan-id-
list respectively, the interface is automatically associated with
the corresponding bridge-domain.
That's interesting, I didn't have that experience, and I just
coincidentally tried it an hour ago on 9.5R1.8.
I added a new vlan 555 to two trunked interfaces:
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list [ 104 555 ];
}
}
but I could not ping across until I manually added it to the bridge-
domain:
d...@lab-mx480 show configuration bridge-domains
test {
vlan-id-list [ 101-106 555 ];
}
Do I need some magic sauce to allow it to automatically associate?
-dd
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
Hi Dave,
You still need a bridge-domain with matching vlan-id configured. What
interface-mode does is when you add a vlan under a interface with
interface-mode access or in vlan-id-list under interface-mode trunk, it
will automatically associate that interface with the bridge-domain that you
have already configured with same vlan-id. You don't have to manually go and
add interface under bridge. The association is dynamic.
Here is an example.
[edit]
l...@lumos-re0# show interfaces ge-1/1/2
unit 0 {
family bridge {
interface-mode access;
vlan-id 400;
}
}
[edit]
l...@lumos-re0# show interfaces ge-1/1/3
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list [ 400 500 ];
}
}
[edit]
l...@lumos-re0#
l...@lumos-re0# show bridge-domains vlan-400
domain-type bridge;
vlan-id 400;
[edit]
l...@lumos-re0# show bridge-domains vlan-500
domain-type bridge;
vlan-id 500;
[edit]
l...@lumos-re0#
Here with the show command below, you can see that ge-1/1/2 is part of bridge
vlan-400 which is already configured with vlan-id 400. This is an access
port. While interface ge-1/1/3 is part of both bridges vlan-400 and vlan-500.
This is a trunk port.
l...@lumos-re0 show bridge domain vlan-400
Routing instanceBridge domainVLAN ID Interfaces
default-switch vlan-400 400
ge-1/1/2.0
ge-1/1/3.0
l...@lumos-re0 show bridge domain vlan-500
Routing instanceBridge domainVLAN ID Interfaces
default-switch vlan-500 500
ge-1/1/3.0
l...@lumos-re0
Now, if I have to mix the old-style configuration here, here is how I can do
it. I take a new interface and add 2 logical units in it. Each unit is
configured with a unique vlan-id.
l...@lumos-re0# show interfaces ge-1/1/4
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 0 {
encapsulation vlan-bridge;
vlan-id 400;
}
unit 1 {
encapsulation vlan-bridge;
vlan-id 500;
}
[edit]
l...@lumos-re0#
With old style, now I have to go and manually associate interfaces to their
respective bridge domains which are meant for those 2 vlans.
[edit]
l...@lumos-re0# show bridge-domains
...
vlan-400 {
domain-type bridge;
vlan-id 400;
interface ge-1/1/4.0;
}
vlan-500 {
domain-type bridge;
vlan-id 500;
interface ge-1/1/4.1;
}
...
Now if I run the same show command again, I will see both old style and new
style interfaces configured under respective bridges.
l...@lumos-re0 show bridge domain vlan-400
Routing instanceBridge domainVLAN ID Interfaces
default-switch vlan-400 400
ge-1/1/2.0
ge-1/1/3.0
ge-1/1/4.0
l...@lumos-re0
l...@lumos-re0 show bridge domain vlan-500
Routing instanceBridge domainVLAN ID Interfaces
default-switch vlan-500 500
ge-1/1/3.0
ge-1/1/4.1
l...@lumos-re0
HTH,
Thanks,
Nilesh.
On 8/21/09 4:28 PM, Dave Diller d...@maxgigapop.net wrote:
Interface-mode knob is more user-friendly in that, when you
configure it in access or trunk mode with either vlan-id or vlan-id-
list respectively, the interface is automatically associated with
the corresponding bridge-domain.
That's interesting, I didn't have that experience, and I just
coincidentally tried it an hour ago on 9.5R1.8.
I added a new vlan 555 to two trunked interfaces:
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list [ 104 555 ];
}
}
but I could not ping across until I manually added it to the bridge-
domain:
d...@lab-mx480 show configuration bridge-domains
test {
vlan-id-list [ 101-106 555 ];
}
Do I need some magic sauce to allow it to automatically associate?
-dd
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
