Re: [j-nsp] ISIS and BFD

2009-12-28 Thread Pekka Savola 

On Mon, 28 Dec 2009, Bit Gossip wrote:

rs2 is a IOS router and rc2 is Junos router and they have an established
ISIS adjacency with BFD; fine. Then with a fw filter I block BFD packets
reaching RC2; the ISIS session goes down as I would expect but then it
is re-established. How is that possible the session is re-established
when BFD packets are blocked?


IS-IS adjacency falls back to non-BFD operation in this case.

The spec says forming adjacencies SHOULD typically be blocked, but 
there's a lot of text there so read the full story: 
http://tools.ietf.org/html/draft-ietf-bfd-generic-05#section-4.1


--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] E3 to STM1 demultiplexering

2009-12-28 Thread xseroot 
Is there any one who has experience about optimux 
multiplexer/demultiplexer devices, i want to setup a topology below,
Is there any one who works about a topology like this one? please share 
your practise with me,

thanks




E3--->| |
  | |
E3--->|== RAD Optimux-1553 =|> Router-Channelized STM1 Card
  | |
E3--->| |


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX4200 Q-in-Q

2009-12-28 Thread Derick Winkworth 
This is not possible until 10.0 on the EX.







From: Kevin Wormington 
To: juniper-nsp@puck.nether.net
Sent: Mon, December 28, 2009 2:29:15 PM
Subject: [j-nsp] EX4200 Q-in-Q

Hi All,

I'm fairly new to EX4200s and am running 9.6R1.13 on a three member stack.  
Unfortunately, I already have live traffic on this so it somewhat limits my 
ability to test.  I would like to be able to configure a trunk port to have 
some vlan members that are single-tagged and some that are double-tagged 
(q-in-q).  I was wondering if anyone has successfully done this?

Thanks,

Kevin
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] EX4200 Q-in-Q

2009-12-28 Thread Kevin Wormington 

Hi All,

I'm fairly new to EX4200s and am running 9.6R1.13 on a three member 
stack.  Unfortunately, I already have live traffic on this so it 
somewhat limits my ability to test.  I would like to be able to 
configure a trunk port to have some vlan members that are single-tagged 
and some that are double-tagged (q-in-q).  I was wondering if anyone has 
successfully done this?


Thanks,

Kevin
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] ISIS and BFD

2009-12-28 Thread Bit Gossip 
Experts,
rs2 is a IOS router and rc2 is Junos router and they have an established
ISIS adjacency with BFD; fine. Then with a fw filter I block BFD packets
reaching RC2; the ISIS session goes down as I would expect but then it
is re-established. How is that possible the session is re-established
when BFD packets are blocked?

This is the console of rc2.

rs2#show bfd neighbors

NeighAddr LD/RDRH/RS State Int
1.1.6.533/43UpUpTe2/2


!!! Here I block BFD !!!

Dec 28 11:13:27.593 CET: %CLNS-5-ADJCHANGE: ISIS: Adjacency to rc2
(TenGigabitEthernet2/2) Down, BFD hold time expired
Dec 28 11:13:27.601 CET: %CLNS-5-ADJCHANGE: ISIS: Adjacency to rc2
(TenGigabitEthernet2/2) Up, new adjacency


rs2#show bfd neighbors

NeighAddr LD/RDRH/RS State Int
1.1.6.533/43Down  Init  Te2/2
rs2#show isis neighbors

Tag null:
System Id  Type Interface   IP Address  State Holdtime Circuit
Id
rc2  L2   Te2/2   1.1.6.53 UP26   01



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] no router alert

2009-12-28 Thread Bit Gossip 
Hi Alex,
that would be a great solution but unfortunately 'ip-option any' and
'ip-options-except router-alert' are mutually exclusive; that is the
last one typed in overwrites the previous one :-(
Thanks,
bit.


On Wed, 2009-12-23 at 12:37 +0300, Alexander Tarkhov wrote:
> Hello Bit,
> 
> In addition to what Truman suggested (explicit approach)
> you can also try adding "from ip-options any" to your term.
> 
> term NO-RT-ALERT {
>from {
>ip-options any;
>ip-options-except router-alert;
>}
>then {
>count NO-RT-ALERT;
>log;
>discard;
>}
> }
> 
> This way it might work.
> I think the way "-except" is programmed requires some positive scope
> of matching, otherwise it equals to an empty from clause matching all
> packets. At least here in the documentation they alsways use some
> positive matching along with -except match conditions:
> http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-policy/policy-firewall-filter-how-to-specify-match-conditions.html
> 
> Example:
> destination-address {
>   0.0.0.0/0;
>   10.1.1.0/24 except;
> }
> 
> Greetings,
> -Alex
> 
> 
> On Mon, Dec 21, 2009 at 11:16 AM, Bit Gossip  wrote:
> > inactive: term NO-RT-ALERT {
> >from {
> >ip-options-except router-alert;
> >}
> >then {
> >count NO-RT-ALERT;
> >log;
> >discard;
> >}
> > }


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp