Re: [j-nsp] JUNOS and MX Trio cards
On Wednesday 30 June 2010 05:28:39 pm Derick Winkworth wrote: I understand things will get much, much better in 10.3 thru 10.5. Without any confirmation from anyone at Juniper, I suspect the same. This would be a mirror experiences with JUNOS 9, where anything pre-9.3 was really terrible. When I look back at JUNOS 8, 8.5 seems to be the favorite, although I see 8.1 has EEOL (well, that seems to have run out too, last May). If we trend this, it would make sense to stay on 8.5 and 9.6 until 10.3 is out, and remain on that up to 10.6 until 11.3 is out, and then on that till 11.6 until 12.3 is out... see a pattern :-). Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] JUNOS and MX Trio cards
On Thursday 01 July 2010 05:27:26 am Joe Hughes wrote: I began an exercise a few months back researching the options available to replace some of our Cisco gear with Juniper. At the time - it was looking like a combination of the M7i and the EX series switches - We implemented this combo for some Metro deployments in our attempt to have a non-STP-based control plane in the Access. It works quite well. But the MX80 makes much more sense now. but since learning the EX has limitations in regard to MPLS and the fact the M7i is getting old - the MX looked a perfect candidate; decent port density with sufficient horsepower. Despite the attractiveness of the platform, I'm not sure I could cope with the sleepless nights. We couldn't wait to get the Trio-based cards and moved to purchase our new batch of MX480 DPC's. Even if we'd gotten them (which would have been several months later), tons of bugs would need to be worked out (recall the start of this thread). The real PITA is that the Trio cards will give you more value for money when you start looking at platforms like the MX240 or higher. Just that the code sucks today. I mean, what Richard was trying to do was pretty stock. If this issue is not limited to the batch of kit he received, JUNOS has really become something else. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i crash with strage log entry
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the disabling of the hard drive did not change the behaviour, so I would like trying to disable adaptive standby - but I can't find it anywhere in the manual... Is this a hidden knob somebody could point me to? Thanks Tom Am 30.06.2010 12:57, schrieb Thomas Eichhorn: If you could give me a hint where to find it I would be really glad! Tom Am 30.06.2010 12:43, schrieb Jared Mauch: Have you disabled adaptive standby? I can look up the configuration in a few if you don't have it. Sent from my iThing On Jun 30, 2010, at 5:46 AM, Thomas Eichhorn t...@te3networks.de wrote: Thanks for all your help, I cannot simply remove the disk nor the cf card, the box is to far away. I now tried to remove the disk from the boot list, so it does not get initialized and the box completely runs from CF - If that doesn't work I will try the other way (disabling cf and enabling disk). If this works I will give feedback here so that people also running into that problem will find it. Tom Am 30.06.2010 10:51, schrieb Marcin Kucharczyk: On Wednesday 30 of June 2010 10:10:24 Akhmedd Aly wrote: Hi Marcin, we have the same problems with M7Is in the may: *M7i panic: ad_ioctl:1275539168: ad1: Standby not armed but state is in valid: state=ARMED* And all of this problems come after installing (we never did not use internal CF in its before) Compact Flash 1GB (not from official Juniper upgrade kit), its also rebooted every 3-4 hours with the same PANIC message. After removing CFs we do not have this problems. So I think that it was not problems with internal disks... Hi, our router had rebooted every 4 hours and 21 minutes (exactly). As I wrote to Thomas we had removed HDD, and now router runs on CF only. Our CF isn't from official Juniper upgrade kit, it's regular Kingston Standard 4GB CF Type 1. It's a pity that CF and HDD can't run together. Regards, Marcin 2010/6/22 Marcin Kucharczyk m.kucharc...@net.icm.edu.pl Hello, tonight one of ours M7i crashed with strange log entry: savecore: reboot after panic: ad_ioctl:1277186066: ad1: Standby not armed but state is invalid: state=ARMED Disk was replaced 2 weeks ago. Yesterday we inserted new compact flash card (there wasn't any before). We upgraded Junos to 10.0R3.10 also. Do you have any idea what could happened? Regards, Marcin Kucharczyk ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwsPNwACgkQrUvjMoak8Zd5cgCdHwUD5c8kvjCZ/vt8giRjZoSW Lm4AnR5mvVIHS7pMbKvclh/r4TFrOMIo =Y3kW -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] P2MP LSP
On Thursday 01 July 2010 02:44:12 am David water wrote: So from your replies: it look like we have already provisioned P2MP tunnel right? When setting up the NG-MVPN infrastructure, you'd typically provision the p2mp LSP's prior to enabling the MVPN itself (I think you could also do it fron-to-back, but only if you're really bored, hehe). Then in document they talk about static lsp and dynamic LSP configuration then what is it all about? Alright, I see what you mean - my experience is only with static p2mp LSP's which, as you know, are manually provisioned. Dynamic p2mp LSP's are based on a template with pre-defined constraints that allow for dynamic creation of p2mp LSP's after MVPN membership information has been exchanged using the MVPN Auto-discovery infrastructure. Dynamic p2mp LSP's won't work until they are associated with an MPVN instance and membership information is received. Dynamic p2mp LSP's allow you to aggregate constraints so you can use them for multiple MVPN's. This helps reduce on the amount of configuration operators need to perform. In our case, since the p2mp LSP's are unidirectional, and implemented only on the Sender PE router, and only when we know a Receiver PE router has interested listeners behind it, adding an extra line for a new Receiver PE router (static) is trivial and doesn't hurt scalability. Now about PMSI attribute if tunnel is already built then why do we need to communicate the PMSI information? Still bit confused about the PMSI attribute usage. Basically, the tunnel provides a data plane over which Multicast traffic will be forwarded. But for traffic to be forwarded down this tunnel, there must be control plane information that tells the router to use this tunnel as the interface through which the traffic is to be forwarded. The PMSI BGP attribute is distributed along with the MVPN Auto-discovery NLRI, via BGP. This attribute is generally originated by the Sender PE router, as the Sender PE router typically sets up the P-tunnel. The PMSI attribute contains important information about the P-tunnel, key among which are: - Tunnel Type - Tunnel Identifier Tunnel Type determines the Tunnel Identifier. The Tunnel Type is normally how the tunnel is signaled. There are 7 methods, but the key ones I find are: - RSVP-TE (p2mp LSP's) - mLDP (p2mp + mp2mp LSP's) - PIM-SM/SSM/Bidir tree(s) If RSVP-TE is used to signal the LSP, MPLS is used to forward traffic. If it is PIM-SM, that becomes IP/GRE. In either case, BGP signals all this control plane information via the PMSI attribute. This is the information the PMSI attribute is useful for, so that the right methods are used to forward data down the P- tunnel. I'd refer you to Section 5 of 'draft-ietf-l3vpn-2547bis- mcast-bgp-08.txt' which contains some good detail. Hope this helps. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i crash with strage log entry
On Thursday 01 of July 2010 08:59:40 Thomas Eichhorn wrote: Hi, the disabling of the hard drive did not change the behaviour, so I would like trying to disable adaptive standby - but I can't find it anywhere in the manual... Is this a hidden knob somebody could point me to? I've found it on this list archive. http://puck.nether.net/pipermail/juniper-nsp/2008-July/010943.html In fact it's a hidden knob: set chassis routing-engine disk no-standby But, they said that HDD had to be prepared for 24x7 work. If not it will fail eventualy... Regards, Marcin Am 30.06.2010 12:57, schrieb Thomas Eichhorn: If you could give me a hint where to find it I would be really glad! Tom Am 30.06.2010 12:43, schrieb Jared Mauch: Have you disabled adaptive standby? I can look up the configuration in a few if you don't have it. Sent from my iThing On Jun 30, 2010, at 5:46 AM, Thomas Eichhorn t...@te3networks.de wrote: Thanks for all your help, I cannot simply remove the disk nor the cf card, the box is to far away. I now tried to remove the disk from the boot list, so it does not get initialized and the box completely runs from CF - If that doesn't work I will try the other way (disabling cf and enabling disk). If this works I will give feedback here so that people also running into that problem will find it. Tom Am 30.06.2010 10:51, schrieb Marcin Kucharczyk: On Wednesday 30 of June 2010 10:10:24 Akhmedd Aly wrote: Hi Marcin, we have the same problems with M7Is in the may: *M7i panic: ad_ioctl:1275539168: ad1: Standby not armed but state is in valid: state=ARMED* And all of this problems come after installing (we never did not use internal CF in its before) Compact Flash 1GB (not from official Juniper upgrade kit), its also rebooted every 3-4 hours with the same PANIC message. After removing CFs we do not have this problems. So I think that it was not problems with internal disks... Hi, our router had rebooted every 4 hours and 21 minutes (exactly). As I wrote to Thomas we had removed HDD, and now router runs on CF only. Our CF isn't from official Juniper upgrade kit, it's regular Kingston Standard 4GB CF Type 1. It's a pity that CF and HDD can't run together. Regards, Marcin 2010/6/22 Marcin Kucharczyk m.kucharc...@net.icm.edu.pl Hello, tonight one of ours M7i crashed with strange log entry: savecore: reboot after panic: ad_ioctl:1277186066: ad1: Standby not armed but state is invalid: state=ARMED Disk was replaced 2 weeks ago. Yesterday we inserted new compact flash card (there wasn't any before). We upgraded Junos to 10.0R3.10 also. Do you have any idea what could happened? Regards, Marcin Kucharczyk ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Marcin Kucharczyk Dział Sieciowy ICM, Uniwersytet Warszawski m.kucharc...@net.icm.edu.pl (+48-22) 5520527, 8268009, fax. 8284195 http://www.net.icm.edu.pl/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] dropped packet counter and stat of traffic policer
Hi,
I am testing the rate limiting in junos 9.2, M7i series. Everything is
working as expected but, I could not find and figure out the command
which can show the statistics specially the dropped/discard packets
counter by the traffic police rules. Any tips would be appreciated.
sa...@gw-router# show
term test-limit-prefix {
from {
destination-address {
0.0.0.0/0;
}
}
then {
policer test-police;
count test-count;
accept;
}
}
[edit firewall filter test-traffic-limit]
sa...@gw-router#
sa...@gw-router# show firewall policer test-police
if-exceeding {
bandwidth-limit 256k;
burst-size-limit 16k;
}
then discard;
[edit]
sa...@gw-router show policer ?
Possible completions:
[Enter]Execute this command
policerPolicer name
__auto_policer_template_1__
__auto_policer_template_2__
__auto_policer_template_3__
__auto_policer_template_4__
__auto_policer_template__
__default_arp_policer__
|Pipe through a command
sa...@gw-router show policer
sa...@gw-router show firewall filter test-traffic-limit
Filter: test-traffic-limit
Counters:
NameBytes
Packets
test-count173823870 4588919
Policers:
Name Packets
test-police-test-limit-prefix 290558
sa...@gw-router
sa...@gw-router# show interfaces ge-0/0/0
description sw-test Gi0/1;
vlan-tagging;
unit 0 {
vlan-id 12;
family inet {
filter {
output test-traffic-limit;
}
address 192.168.0.1/24;
}
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Certification advise
On 30 June 2010 06:50, Timo Krjukoff t...@natetis.se wrote: JNCIP-M will be replaced by a new JNCIP-SP written exam and JNCIE-M by JNCIE-SP. JNCIS-SP is planned to replace the JNCIS-M in Q3, but if you have the JNCIS-M it will be automatically migrated to JNCIS-SP level. Having taken the JNCIS-M (JN0-304) last month, that's good to know! M ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] RE-400 memory upgrade
On 30 Jan 2010, at 15:41, Kevin Wormington wrote: 陈江 wrote: RE400 is a standard PC running on Intel Celeron400 and 82443BX mainboard. Your could check SPEC of Intel 82443BX how much DRAM it supported. And I don't think there is any limitation in JUNOS. I took a quick look at the spec sheet for the 82443BX and it appears to support 1GB max DRAM but using 4 DIMM sockets, so with the 3 DIMM sockets on the RE-400 768MB would be the max. Hi, j-nsp, -- Does this mean that nobody here has ignored the spec sheet and tried alternative configurations ? :-) I would be interested to hear empirical evidence that 2x512GB certainly would work, or certainly would not work. Best wishes, Andy ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] dropped packet counter and stat of traffic policer
Samit,
sa...@gw-router show firewall filter test-traffic-limit
Filter: test-traffic-limit
Counters:
NameBytes
Packets
test-count173823870 4588919
Policers:
Name Packets
test-police-test-limit-prefix 290558 === this is
counter of packets discarded by policer
There is no built-in counter for dicarded bytes. You have to rewrite a
policer and add a special filter term like this:
policer test-police {
if-exceeding {
bandwidth-limit XXXM;
burst-size-limit YYYM;
}
then forwarding-class assured-forwarding; ## any unused forwarding-class
}
term test-limit-prefix-FCtag {
then {
policer test-police;
next term;
}
}
term test-limit-prefix-discard {
from forwarding-class {
assured-forwarding;
}
then {
discard;
count test-count-bytes+packets;
}
}
This will _only_ work on T-series/M320/M120 and MX. It will _not_ work on
any regular M-series M5/M10/M20/M160/M7i/M10i.
HTH
Regards
Alex
- Original Message -
From: Samit janasa...@wlink.com.np
To: juniper-nsp juniper-nsp@puck.nether.net
Sent: Thursday, July 01, 2010 8:50 AM
Subject: [j-nsp] dropped packet counter and stat of traffic policer
Hi,
I am testing the rate limiting in junos 9.2, M7i series. Everything is
working as expected but, I could not find and figure out the command
which can show the statistics specially the dropped/discard packets
counter by the traffic police rules. Any tips would be appreciated.
sa...@gw-router# show
term test-limit-prefix {
from {
destination-address {
0.0.0.0/0;
}
}
then {
policer test-police;
count test-count;
accept;
}
}
[edit firewall filter test-traffic-limit]
sa...@gw-router#
sa...@gw-router# show firewall policer test-police
if-exceeding {
bandwidth-limit 256k;
burst-size-limit 16k;
}
then discard;
[edit]
sa...@gw-router show policer ?
Possible completions:
[Enter]Execute this command
policerPolicer name
__auto_policer_template_1__
__auto_policer_template_2__
__auto_policer_template_3__
__auto_policer_template_4__
__auto_policer_template__
__default_arp_policer__
|Pipe through a command
sa...@gw-router show policer
sa...@gw-router show firewall filter test-traffic-limit
Filter: test-traffic-limit
Counters:
NameBytes
Packets
test-count173823870 4588919
Policers:
Name Packets
test-police-test-limit-prefix 290558
sa...@gw-router
sa...@gw-router# show interfaces ge-0/0/0
description sw-test Gi0/1;
vlan-tagging;
unit 0 {
vlan-id 12;
family inet {
filter {
output test-traffic-limit;
}
address 192.168.0.1/24;
}
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] RE-400 memory upgrade
Andy Davidson wrote: On 30 Jan 2010, at 15:41, Kevin Wormington wrote: 陈江 wrote: RE400 is a standard PC running on Intel Celeron400 and 82443BX mainboard. Your could check SPEC of Intel 82443BX how much DRAM it supported. And I don't think there is any limitation in JUNOS. I took a quick look at the spec sheet for the 82443BX and it appears to support 1GB max DRAM but using 4 DIMM sockets, so with the 3 DIMM sockets on the RE-400 768MB would be the max. Hi, j-nsp, -- Does this mean that nobody here has ignored the spec sheet and tried alternative configurations ? :-) I would be interested to hear empirical evidence that 2x512GB certainly would work, or certainly would not work. Just tried booting with 1x 512MB module installed and only 256MB was detected. -- Regards Andy Harding Internet Connections Ltd Phone: 020 7531 5655 Mobile: 07813 975 459 Fax: 01538 382596 Web: www.inetc.co.uk Email: a...@inetc.co.uk ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Stripping off BGP Prepends
Your right but the customer never enjoys being told it could be dangerous to give them that power :-) -- Phill Jolliffe ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] I forgot my username and password?
Good day, I forgot my username and password, so I can't access to my juniper. How can I access to the Juniper? Thanks _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] I forgot my username and password?
http://kb.juniper.net/KB12167 On 2/07/2010, at 11:39 AM, Onam Rubio wrote: Good day, I forgot my username and password, so I can't access to my juniper. How can I access to the Juniper? Thanks _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
