Re: [j-nsp] ISIS and BFD
On Mon, 28 Dec 2009, Bit Gossip wrote: rs2 is a IOS router and rc2 is Junos router and they have an established ISIS adjacency with BFD; fine. Then with a fw filter I block BFD packets reaching RC2; the ISIS session goes down as I would expect but then it is re-established. How is that possible the session is re-established when BFD packets are blocked? IS-IS adjacency falls back to non-BFD operation in this case. The spec says forming adjacencies SHOULD typically be blocked, but there's a lot of text there so read the full story: http://tools.ietf.org/html/draft-ietf-bfd-generic-05#section-4.1 -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] E3 to STM1 demultiplexering
Is there any one who has experience about optimux multiplexer/demultiplexer devices, i want to setup a topology below, Is there any one who works about a topology like this one? please share your practise with me, thanks E3--->| | | | E3--->|== RAD Optimux-1553 =|> Router-Channelized STM1 Card | | E3--->| | ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4200 Q-in-Q
This is not possible until 10.0 on the EX. From: Kevin Wormington To: juniper-nsp@puck.nether.net Sent: Mon, December 28, 2009 2:29:15 PM Subject: [j-nsp] EX4200 Q-in-Q Hi All, I'm fairly new to EX4200s and am running 9.6R1.13 on a three member stack. Unfortunately, I already have live traffic on this so it somewhat limits my ability to test. I would like to be able to configure a trunk port to have some vlan members that are single-tagged and some that are double-tagged (q-in-q). I was wondering if anyone has successfully done this? Thanks, Kevin ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] EX4200 Q-in-Q
Hi All, I'm fairly new to EX4200s and am running 9.6R1.13 on a three member stack. Unfortunately, I already have live traffic on this so it somewhat limits my ability to test. I would like to be able to configure a trunk port to have some vlan members that are single-tagged and some that are double-tagged (q-in-q). I was wondering if anyone has successfully done this? Thanks, Kevin ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] ISIS and BFD
Experts, rs2 is a IOS router and rc2 is Junos router and they have an established ISIS adjacency with BFD; fine. Then with a fw filter I block BFD packets reaching RC2; the ISIS session goes down as I would expect but then it is re-established. How is that possible the session is re-established when BFD packets are blocked? This is the console of rc2. rs2#show bfd neighbors NeighAddr LD/RDRH/RS State Int 1.1.6.533/43UpUpTe2/2 !!! Here I block BFD !!! Dec 28 11:13:27.593 CET: %CLNS-5-ADJCHANGE: ISIS: Adjacency to rc2 (TenGigabitEthernet2/2) Down, BFD hold time expired Dec 28 11:13:27.601 CET: %CLNS-5-ADJCHANGE: ISIS: Adjacency to rc2 (TenGigabitEthernet2/2) Up, new adjacency rs2#show bfd neighbors NeighAddr LD/RDRH/RS State Int 1.1.6.533/43Down Init Te2/2 rs2#show isis neighbors Tag null: System Id Type Interface IP Address State Holdtime Circuit Id rc2 L2 Te2/2 1.1.6.53 UP26 01 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] no router alert
Hi Alex, that would be a great solution but unfortunately 'ip-option any' and 'ip-options-except router-alert' are mutually exclusive; that is the last one typed in overwrites the previous one :-( Thanks, bit. On Wed, 2009-12-23 at 12:37 +0300, Alexander Tarkhov wrote: > Hello Bit, > > In addition to what Truman suggested (explicit approach) > you can also try adding "from ip-options any" to your term. > > term NO-RT-ALERT { >from { >ip-options any; >ip-options-except router-alert; >} >then { >count NO-RT-ALERT; >log; >discard; >} > } > > This way it might work. > I think the way "-except" is programmed requires some positive scope > of matching, otherwise it equals to an empty from clause matching all > packets. At least here in the documentation they alsways use some > positive matching along with -except match conditions: > http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-policy/policy-firewall-filter-how-to-specify-match-conditions.html > > Example: > destination-address { > 0.0.0.0/0; > 10.1.1.0/24 except; > } > > Greetings, > -Alex > > > On Mon, Dec 21, 2009 at 11:16 AM, Bit Gossip wrote: > > inactive: term NO-RT-ALERT { > >from { > >ip-options-except router-alert; > >} > >then { > >count NO-RT-ALERT; > >log; > >discard; > >} > > } ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp