Re: [j-nsp] Next hop self for BGP
On Sun, Apr 25, 2010 at 11:30:08PM -0400, David water wrote: Hi All, I guess there are multiple way of changing next-hop attribute to self. One write import policy with next-hop-self and apply under EBGP group, other is write export policy under IBGP group and other is at neighbor level. Anything else? Can some one describe it when and which one to use? In JNCIP book, it is as import under the IBGP group, I am still confuse what exactly are we doing there to avoid suboptimal routing via RR? Changing next-hop to self as an import policy on an EBGP group won't work. You'll end up changing the next-hop to yourself for the routes in your own local routing table, but you need to know the real, original next-hops at the PE router. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] any guidance on JNCIP-M
Read the book, study hard. Get hands on, will be hard to pass and go further without hands on. I passed this one in Jan 2010. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] any guidance on JNCIP-M
On Sun, Apr 25, 2010 at 08:48, David water dwater2...@gmail.com wrote: How to prepare for JNCIP M exam? Take a look here: http://weblog.chrisgrundemann.com/index.php/2009/jncip-lab-exam-faq/ and here: http://weblog.chrisgrundemann.com/index.php/2009/13-tips-for-passing-juniper-lab-tests/ I tried to lay out all the information I could in those two posts (without breaking any rules / moral obligations). I hope it is helpful. If you (or anyone) has additional specific questions, let me know and maybe I can add them to the FAQ, or create another one. Also - for those that asked, a link to the study guide is included in the third answer of the FAQ. ~Chris (JNCIE-M #449) PS - I plan on creating a similar FAQ for the JNCIE-M, if anyone has questions for that exam please send them to me (off-list) and I will do my best to include the answers in that forthcoming post. -- David W. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.coisoc.org ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J Series - BGP Peering Router?
Hey Paul, For what you want to do, you would be fine with a J-series. BGP instances means the number of BGP processes you would run inside additional routing-instances (ie. instance-type virtual-router, etc). If you are basically doing all your routing from inet.0, then you have essentially one BGP instance with multiple peers. I don't think the BGP peers on J-series is hard coded but rather the value that systest has qualified. As per Richard's comments, he is absolutely correct; you don't want to do millions of paths on J-series; but for a small number of routes you are working with, the box would work fine. As for performance, you would also be fine to push 200Mbps IMIX on the router. I suspect you may also want to disable the flow mode (aka, running in packet mode) if you run a newer software release on the J's. Kind regards, Truman On 22/04/2010, at 4:07 PM, Paul Stewart wrote: Thanks very much for the feedback.. I've received a few offline replies as well. To clarify the small nature of this application - we would be sending about 65 iBGP routes to the box and receiving about 4000 eBGP routes. It's for a small peering pop/exchange point. Having said that, if I thought it would work we'd take some J6350's and dump some much larger tables for 600-800Mb/s applications involving about 20k routes or even maybe full tables depending on the application the feedback has been mixed so far to say the least ;) Travelling at the moment but going to fire up this handy J2320 I have laying around and dump a full table to it ... like to flap it a few times etc. and see what happens with 10.x loaded on it. Richard, I've heard you mention the rib/fib installation bug a few times but never seen it yet (we're slowly entering the Juniper world from Cisco). Is there anything documented on this issue or more details we can look up somewhere? Best regards, Paul -Original Message- From: Richard A Steenbergen [mailto:r...@e-gerbil.net] Sent: April-22-10 3:28 PM To: Paul Stewart Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] J Series - BGP Peering Router? On Thu, Apr 22, 2010 at 12:30:30PM -0400, Paul Stewart wrote: Hi there.. I have a couple of applications pop up recently where I think a J-Series might suffice for BGP peering. The application is a small peering POP doing about 200Mb/s of traffic, about 50 BGP peers, and total routes is roughly 4000 total. In our experience w/J-series running the old/regular JUNOS (can't speak to JUNOS-ES, which is really more of an integration of security features to make J-series a mini-SRX), this would probably be a bad idea (I'm assuming you mean more than 4000 routes, since you mention 400k later in the email). We evaluated J-series for use as route reflectors, and found that they suffer GREATLY from the ye olde slow rib/fib installation bug. What might take a few minutes to install under extraordinary conditions like coming up from a fresh restart on M/T/MX could take 30 minutes to in some cases HOURS to install on J-series. When I asked Juniper people about it, they basically said we don't really support/recommend J-series for this application, and the software is heavily optimized towards providing packet forwarding performance at the expense of bgp performance. Of course they said that AFTER we spent money on those stupid route reflector software licenses, which they continue to sell even though the box is completely unusable as a route reflector. :) YMMV but on J-series running JUNOS as of 9.3R4 the only words I can use to describe loading up a lot of bgp routes/neighbors is epic disaster. Maybe JUNOS-ES is better or different or something, I dunno. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Cisco Reflexive Access-list
Hello there, What You are asking is: Not possible without AS-PIC on M/T-series Not possible without MS-DPC on MX Possible on J-series in packet-mode with SFW policies Possible on J-series or SRX, in flow mode. Regards Alex - Original Message - From: Juan C. Crespo R. jcre...@ifxnw.com.ve To: juniper-nsp@puck.nether.net Sent: Monday, April 26, 2010 2:57 AM Subject: [j-nsp] Cisco Reflexive Access-list Guys I have been trying to find a translation of this Cisco feature but is almost impossible to find it, so please give me a hand IP access-list extended OUTBOUND permit tcp any any reflect permit udp any any reflect permit icmp any any reflect ip access-list extended INBOUND evaluate OUTBOUND inter serial 0/0/1 ip add 10.0.0.1 255.255.255.252 ip access-list extended INBOUND in ip access-list extended OUTBOUND out Thanks JC ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] any guidance on JNCIP-M
On Mon, Apr 26, 2010 at 10:24:45AM +0530, Dilip Srivastava wrote: Please send me study material http://www.juniper.net/us/en/training/certification/JNCIP_studyguide.pdf Is literally all you need. The exam is 99.9% straight out of the JNCIP study guide, If anything the study guide is too thorough, only about 20% of it is actually on the exam, and most of the more complicated scenarios are nowhere to be found or are only a single question out of a section. If you read and understand the study guide, you are all but guaranteed to pass. :) -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] rib group
All, How does rib-group work in JUNOS? How does the import and export works using rib-groups? -- David W. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
