Re: [j-nsp] Study books.
Besides brushing up via PDFs, techpubs, and printed books, I'd encourage anyone making purchases to ensure that their account team is including Juniper training credits in the deal at no charge. Compared to the cost of most Juniper gear, training credits are c-h-e-a-p, and the quality of the training is outstanding in my experience. It's in your rep's best interest to include it, since it'll get you trained up on their gear quickly and make it more likely that you'll purchase more. Maybe everyone is already doing this, but if not, give it a think. David On 21 September 2010 17:56, Stefan Fouant wrote: > I'm surprised this hasn't been mentioned yet, but the Fasttrack web site is > chock full of useful information - http://www.juniper.net/fasttrack > > And Pam Van Meter's book on Junos Fundamentals is coming out in just a few > short months. > > Stefan Fouant, CISSP, JNCIEx2 > www.shortestpathfirst.net > GPG Key ID: 0xB5E3803D > > > -Original Message- > > From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- > > boun...@puck.nether.net] On Behalf Of Keith > > Sent: Tuesday, September 21, 2010 2:28 PM > > To: juniper-nsp@puck.nether.net > > Subject: [j-nsp] Study books. > > > > Hi. > > > > We just purchased an MX480 to replace our aging 7206vxr-G1. > > > > We spent a few months going back and forth, C or J. In the end J worked > > harder > > for our business and ended up with a redundant MX480. > > > > Our only experience was with an M10i five years ago so we are green. > > > > My coworker and I need some new books. Looking at Amazon, most of > > the books are at least five years old. Are any of them still relevant > > enough to > > warrant purchasing them? > > > > Anyone have books they want to recommend? > > > > Thanks, > > Keith > > > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange no memory issue on 10.0R3.10
On Tue, Sep 21, 2010 at 5:35 PM, wrote: > > > I have 2 x J4350's with 2 BGP feeds and each receiving about 320k > routes > > > with 1GB of RAM and I have no issues. My max RAM usage is 253MB. I'm > > > running JunOS 10.1R2.8. > > > > Hmmm. > > > > Why 10.1R2.8 release? Juniper advice is to use 10.0R3.10 on every J > device. > > There are of course those of us who refuse to have anything to do with > the flow-based versions for the J-series, and therefore stay at 9.3R3.8 > (the last "classical" release of JunOS for the J series). > > At least they're nice lab boxes... > > Steinar Haug, Nethelp consulting, sth...@nethelp.no Ah, I guess it would have been important for me to mention that I am running in router mode with all that flow stuff disabled. I started with the routermode template on the box. Sorry for any confusion. Joe * * ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange no memory issue on 10.0R3.10
But... JUNOS 9.3 has problem on the enhanced-switching mode, I have following config in chassis section, fpc 6 { pic 0 { ethernet { pic-mode enhanced-switching; } } } as soon as I commit, following error bumps up, Sep 21 23:54:54 chassisd[889]: CHASSISD_FRU_OFFLINE_NOTICE: Taking FPC 6 offline: Restarted by cli command Sep 21 23:54:54 chassisd[889]: CHASSISD_IFDEV_DETACH_FPC: ifdev_detach(6) Sep 21 23:54:54 chassisd[889]: CHASSISD_IFDEV_DETACH_FPC: ifdev_detach(6) Sep 21 23:54:55 chassisd[889]: CHASSISD_SNMP_TRAP10: SNMP trap generated: FRU power off (jnxFruContentsIndex 8, jnxFruL1Index 7, jnxFruL2Index 1, jnxFruL3Index 0, jnxFruName PIC: 8x GE uPIM @ 6/0/*, jnxFruType 11, jnxFruSlot 6, jnxFruOfflineReason 1, jnxFruLastPowerOff 0, jnxFruLastPowerOn 0) Sep 21 23:55:03 chassisd[889]: CHASSISD_SNMP_TRAP10: SNMP trap generated: FRU power on (jnxFruContentsIndex 8, jnxFruL1Index 7, jnxFruL2Index 1, jnxFruL3Index 0, jnxFruName PIC: 8x GE uPIM @ 6/0/*, jnxFruType 11, jnxFruSlot 6, jnxFruOfflineReason 2, jnxFruLastPowerOff 1218828013, jnxFruLastPowerOn 1218828814) Sep 21 23:55:03 chassisd[889]: CHASSISD_PIC_HWERROR: PIC 0 in FPC 6 (PIC type 1586, version 269) had hardware error Sep 21 23:55:03 chassisd[889]: CHASSISD_SNMP_TRAP7: SNMP trap generated: Fru Failed (jnxFruContentsIndex 8, jnxFruL1Index 7, jnxFruL2Index 1, jnxFruL3Index 0, jnxFruName PIC: 8x GE uPIM @ 6/0/*, jnxFruType 11, jnxFruSlot 6) Sep 21 23:55:03 alarmd[890]: Alarm set: PIC color=RED, class=CHASSIS, reason=FPC 6 PIC 0 Failure Sep 21 23:55:03 craftd[891]: Major alarm set, FPC 6 PIC 0 Failure Sep 21 23:55:03 fwdd[900]: YUKON-BED(6/0): Failed to get VLAN ifd Sep 21 23:55:03 fwdd[900]: YUKON-BED(6/0): VLAN ifd init failed Sep 21 23:55:03 fwdd[900]: L2S-8xGE(6/0): back-end device pic init failed Sep 21 23:55:03 fwdd[900]: CM_FWDD: FPC 6 PIC 0 INIT failed Sep 21 23:55:03 fwdd[900]: CM_FWDD: Error initializing FPC 6 PIC 0, ID 0x0632 Sep 21 23:55:03 fwdd[900]: CMLC: 'PIC Online ack' (opcode 148) failed Sep 21 23:55:03 fwdd[900]: slot 6; failed to online PIC 0 When I change to routing mode, everything works fine. fpc 6 { pic 0 { ethernet { pic-mode routing; } } } My OS is 9.3r3.8 and 9.3r4.4 on J6350 packet-mode. When I contact JTAC, the only answer I got is OS upgrading, but I need packet-mode OS. Any one experienced same issue on enhanced-switching? -- Michel~ On Tue, Sep 21, 2010 at 2:35 PM, wrote: >> > I have 2 x J4350's with 2 BGP feeds and each receiving about 320k routes >> > with 1GB of RAM and I have no issues. My max RAM usage is 253MB. I'm >> > running JunOS 10.1R2.8. >> >> Hmmm. >> >> Why 10.1R2.8 release? Juniper advice is to use 10.0R3.10 on every J device. > > There are of course those of us who refuse to have anything to do with > the flow-based versions for the J-series, and therefore stay at 9.3R3.8 > (the last "classical" release of JunOS for the J series). > > At least they're nice lab boxes... > > Steinar Haug, Nethelp consulting, sth...@nethelp.no > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Study books.
I'm surprised this hasn't been mentioned yet, but the Fasttrack web site is chock full of useful information - http://www.juniper.net/fasttrack And Pam Van Meter's book on Junos Fundamentals is coming out in just a few short months. Stefan Fouant, CISSP, JNCIEx2 www.shortestpathfirst.net GPG Key ID: 0xB5E3803D > -Original Message- > From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- > boun...@puck.nether.net] On Behalf Of Keith > Sent: Tuesday, September 21, 2010 2:28 PM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] Study books. > > Hi. > > We just purchased an MX480 to replace our aging 7206vxr-G1. > > We spent a few months going back and forth, C or J. In the end J worked > harder > for our business and ended up with a redundant MX480. > > Our only experience was with an M10i five years ago so we are green. > > My coworker and I need some new books. Looking at Amazon, most of > the books are at least five years old. Are any of them still relevant > enough to > warrant purchasing them? > > Anyone have books they want to recommend? > > Thanks, > Keith > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SSG or J-series for virtual firewalling services?
Hi Mike, On 22/09/2010, at 5:13 AM, TCIS List Acct wrote: > The J-series specs (which run JunOS) did seem to list a specific # of VRs, > not sure if that is a license limit or just a "capacity" type of rating. > This PDF is quite handy for specs like that: > > http://www.juniper.net/us/en/local/pdf/datasheets/1000265-en.pdf > > For instance, it lists the J-6350 as having 30 VRs. My experience with the JUNOS data sheet numbers is that they are the maximum "supported" from a JTAC perspective, however the box will continue to take configuration until it runs out of memory. I just had a quick look back through the j-nsp archives for an old post of mine, where in JUNOS 8.4 I wrote a script that built 300 VRs (which was an arbitrary number) for a customer trying to do almost exactly what you are doing. There certainly is no licensing on the J-Series (or SRX) for the number of VRs. > It isn't clear from your answer if if I can have 192.168.1.x exist as a > remote network for multiple customers (each with their own VR).. can you > clarify? >From a routing perspective, yes - all VRs are logically separate routing >domains, so you can have overlapping prefixes without any issues. Similarly, >your firewall rules will be applied to zones which contain interfaces, which >are placed in these VRs, so different zones can have overlapping address >objects and your rulesets will all work as expected. Where things become difficult is when you have multiple customers in their own zones/VRs and you want them to egress through a single zone/interface - if anyone out there has a solution (elegant or otherwise) for this scenario, I'd love to hear about it. In the next week or so, I've got some IPSEC work that needs to be done for a customer who would like tunnels split between VRs as well, so I'll come back with my findings there. > Ben Dale wrote: >> Hi Mike, >> In ScreenOS you can achieve all of your requirements using VSYS, however you >> will find this is a fairly expensive road to go down with large numbers of >> clients (VSYS are licensed). >> In JunOS you should be able to meet all of your requirements without any >> licensing issues - VRs are "free" and will do most of the same >> functionality. The only limitation is IPSEC tunnelling from within a VR >> which is currently in a state of flux (currently the interface the IKE >> gateway is bound to has to live in the global routing table), but I imagine >> this will be fixed in time. >> Cheers, >> Ben >> On 21/09/2010, at 5:02 AM, TCIS List Acct wrote: >>> We are looking to provide "virtual firewalling/VPN" services to customers >>> hosted in our VMware and Hyper-V hosting environments (trying to avoid >>> dedicating a physical NIC port for each customer on the host and hanging a >>> firewall appliance off of each). In a nutshell, each customer gets their >>> own VLAN subinterface (which will cascade all the way down into their >>> virtual machine), and we can define unique firewall rules (as well as >>> establish IPSec VPN tunnels) on a per-customer basis. >>> >>> I'm looking at the following platforms: >>> >>> SSG-500 (ScreenOS) >>> Juniper J-series (JunOS) >>> >>> It is not clear if I simply need the VR (virtual router) or VSYS (virtual >>> system) feature(s) to do this -- I need a unique routing table, a unique >>> set of firewall rules/zones, and the ability to define VPN tunnels even if >>> there are overlapping VPN endpoint networks among multiple customers (e.g. >>> both Customer "A" and Customer "B" use 192.168.1.x on their side). >>> >>> Any insight would be much appreciated. >>> >>> --Mike >>> ___ >>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/juniper-nsp >>> > > -- > > - > Mike Bacher / lista...@tulsaconnect.com > TCIS - TulsaConnect Internet Services > http://www.tulsaconnect.com > - > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] 10.0S8 on MX...
Anyone try this yet or do any testing with it? I'm hearing that this is the version to go to for MX... Derick ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Study books.
http://www.onfulfillment.com/JuniperTrainingPublic/Category.aspx?d=44&sid=323&sm=d44 There is this too, the official courseware. You can order the courseware without the course. It can be expensive. If you have an SE or RE that can log into this, they can get the books much cheaper... you might be able to work something out with them. From: Keith To: "juniper-nsp@puck.nether.net" Sent: Tue, September 21, 2010 1:27:56 PM Subject: [j-nsp] Study books. Hi. We just purchased an MX480 to replace our aging 7206vxr-G1. We spent a few months going back and forth, C or J. In the end J worked harder for our business and ended up with a redundant MX480. Our only experience was with an M10i five years ago so we are green. My coworker and I need some new books. Looking at Amazon, most of the books are at least five years old. Are any of them still relevant enough to warrant purchasing them? Anyone have books they want to recommend? Thanks, Keith ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange no memory issue on 10.0R3.10
> > I have 2 x J4350's with 2 BGP feeds and each receiving about 320k routes > > with 1GB of RAM and I have no issues. My max RAM usage is 253MB. I'm > > running JunOS 10.1R2.8. > > Hmmm. > > Why 10.1R2.8 release? Juniper advice is to use 10.0R3.10 on every J device. There are of course those of us who refuse to have anything to do with the flow-based versions for the J-series, and therefore stay at 9.3R3.8 (the last "classical" release of JunOS for the J series). At least they're nice lab boxes... Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Study books.
On Tue, Sep 21, 2010 at 14:31, Smith W. Stacy wrote: > On Sep 21, 2010, at 2:15 PM, Evan Williams wrote: > > > Do they still have the study guides available, they IMHO provided an > excellent resource to develop an understanding of the Juniper Man machine > interface and the approach to the underlying protocols deployed. > > Those books are out of print, but are available for free in PDF format on > the Juniper web site. > > http://www.juniper.net/us/en/training/certification/books.html > +1 The JNCIS Study Guide is another great resource - much better than you would expect from a study guide.And you can't beat the price. ;) ~Chris > > --Stacy > > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.coisoc.org ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Study books.
On 9/21/2010 12:43 PM, Michael Damkot wrote: Junos is Junos, the command structure hasn't really changed significantly since 4.0 If you're protocol savvy, just novice to how a particular vendor twists knobs, check the e-learning stuff on Juniper site first: http://www.juniper.net:80/us/en/training/technical_education/ I am a novice on Juniper for sure. I have been going over Junipers site for the last few days so am getting some good info there, but some good suggestions have come from the list too. Thanks, Keith ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Study books.
Keith, Go directly here dude... http://www.juniper.net/us/en/training/technical_education/ ~Jay Murphy IP Network Specialist NM State Government IT Services Division "We move the information that moves your world." “Good engineering demands that we understand what we’re doing and why, keep an open mind, and learn from experience.” “Engineering is about finding the sweet spot between what's solvable and what isn't." Radia Perlman Please consider the environment before printing e-mail -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Keith Sent: Tuesday, September 21, 2010 12:28 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] Study books. Hi. We just purchased an MX480 to replace our aging 7206vxr-G1. We spent a few months going back and forth, C or J. In the end J worked harder for our business and ended up with a redundant MX480. Our only experience was with an M10i five years ago so we are green. My coworker and I need some new books. Looking at Amazon, most of the books are at least five years old. Are any of them still relevant enough to warrant purchasing them? Anyone have books they want to recommend? Thanks, Keith ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Confidentiality Notice: This e-mail, including all attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -- This email has been scanned by the Sybari - Antigen Email System. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Study books.
On Sep 21, 2010, at 2:15 PM, Evan Williams wrote: > Do they still have the study guides available, they IMHO provided an > excellent resource to develop an understanding of the Juniper Man machine > interface and the approach to the underlying protocols deployed. Those books are out of print, but are available for free in PDF format on the Juniper web site. http://www.juniper.net/us/en/training/certification/books.html --Stacy ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Study books.
agreed, Aviva Garrett's book is essential reading,. Do they still have the study guides available, they IMHO provided an excellent resource to develop an understanding of the Juniper Man machine interface and the approach to the underlying protocols deployed. - Original Message - From: "Chris Grundemann" To: "Keith" Cc: Sent: Tuesday, September 21, 2010 8:52 PM Subject: Re: [j-nsp] Study books. The Day One series of booklets are all quite current: http://www.juniper.net/us/en/community/junos/training-certification/day-one/. They are short, practical guides on many interesting topics and are FREE to download (and cheap to buy in hard copy). [1] For more in-depth info, the best new book is "Network Mergers and Migrations" although it deals primarily with network change, not new deployments. The "Junos Cookbook" is still a great resource. I wrote a more complete list back in February: http://weblog.chrisgrundemann.com/index.php/2010/juniper-guru-books/ [2] Cheers, ~Chris Full Disclosure: [1] I wrote a Day One booklet and am currently writing a second. [2] The links on that post are Amazon affiliate links, but I don't get paid from them anymore since I live in CO. I am just too lazy to go back and change the links. On Tue, Sep 21, 2010 at 12:27, Keith wrote: Hi. We just purchased an MX480 to replace our aging 7206vxr-G1. We spent a few months going back and forth, C or J. In the end J worked harder for our business and ended up with a redundant MX480. Our only experience was with an M10i five years ago so we are green. My coworker and I need some new books. Looking at Amazon, most of the books are at least five years old. Are any of them still relevant enough to warrant purchasing them? Anyone have books they want to recommend? Thanks, Keith ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.coisoc.org ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Study books.
On Tue, Sep 21, 2010 at 11:27:56AM -0700, Keith wrote: > Hi. > > We just purchased an MX480 to replace our aging 7206vxr-G1. > > We spent a few months going back and forth, C or J. In the end J worked > harder > for our business and ended up with a redundant MX480. > > Our only experience was with an M10i five years ago so we are green. > > My coworker and I need some new books. Looking at Amazon, most of > the books are at least five years old. Are any of them still relevant > enough to > warrant purchasing them? > http://oreilly.com/catalog/9780596514426 is fairly recent, and pretty good. > Anyone have books they want to recommend? > > Thanks, > Keith > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Study books.
The Day One series of booklets are all quite current: http://www.juniper.net/us/en/community/junos/training-certification/day-one/. They are short, practical guides on many interesting topics and are FREE to download (and cheap to buy in hard copy). [1] For more in-depth info, the best new book is "Network Mergers and Migrations" although it deals primarily with network change, not new deployments. The "Junos Cookbook" is still a great resource. I wrote a more complete list back in February: http://weblog.chrisgrundemann.com/index.php/2010/juniper-guru-books/ [2] Cheers, ~Chris Full Disclosure: [1] I wrote a Day One booklet and am currently writing a second. [2] The links on that post are Amazon affiliate links, but I don't get paid from them anymore since I live in CO. I am just too lazy to go back and change the links. On Tue, Sep 21, 2010 at 12:27, Keith wrote: > Hi. > > We just purchased an MX480 to replace our aging 7206vxr-G1. > > We spent a few months going back and forth, C or J. In the end J worked > harder > for our business and ended up with a redundant MX480. > > Our only experience was with an M10i five years ago so we are green. > > My coworker and I need some new books. Looking at Amazon, most of > the books are at least five years old. Are any of them still relevant > enough to > warrant purchasing them? > > Anyone have books they want to recommend? > > Thanks, > Keith > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.coisoc.org ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Study books.
Junos is Junos, the command structure hasn't really changed significantly since 4.0 If you're protocol savvy, just novice to how a particular vendor twists knobs, check the e-learning stuff on Juniper site first: http://www.juniper.net:80/us/en/training/technical_education/ On Sep 21, 2010, at 14:27 , Keith wrote: > Hi. > > We just purchased an MX480 to replace our aging 7206vxr-G1. > > We spent a few months going back and forth, C or J. In the end J worked harder > for our business and ended up with a redundant MX480. > > Our only experience was with an M10i five years ago so we are green. > > My coworker and I need some new books. Looking at Amazon, most of > the books are at least five years old. Are any of them still relevant enough > to > warrant purchasing them? > > Anyone have books they want to recommend? > > Thanks, > Keith > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Study books.
Hi. We just purchased an MX480 to replace our aging 7206vxr-G1. We spent a few months going back and forth, C or J. In the end J worked harder for our business and ended up with a redundant MX480. Our only experience was with an M10i five years ago so we are green. My coworker and I need some new books. Looking at Amazon, most of the books are at least five years old. Are any of them still relevant enough to warrant purchasing them? Anyone have books they want to recommend? Thanks, Keith ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SSG or J-series for virtual firewalling services?
The J-series specs (which run JunOS) did seem to list a specific # of VRs, not sure if that is a license limit or just a "capacity" type of rating. This PDF is quite handy for specs like that: http://www.juniper.net/us/en/local/pdf/datasheets/1000265-en.pdf For instance, it lists the J-6350 as having 30 VRs. It isn't clear from your answer if if I can have 192.168.1.x exist as a remote network for multiple customers (each with their own VR).. can you clarify? Ben Dale wrote: Hi Mike, In ScreenOS you can achieve all of your requirements using VSYS, however you will find this is a fairly expensive road to go down with large numbers of clients (VSYS are licensed). In JunOS you should be able to meet all of your requirements without any licensing issues - VRs are "free" and will do most of the same functionality. The only limitation is IPSEC tunnelling from within a VR which is currently in a state of flux (currently the interface the IKE gateway is bound to has to live in the global routing table), but I imagine this will be fixed in time. Cheers, Ben On 21/09/2010, at 5:02 AM, TCIS List Acct wrote: We are looking to provide "virtual firewalling/VPN" services to customers hosted in our VMware and Hyper-V hosting environments (trying to avoid dedicating a physical NIC port for each customer on the host and hanging a firewall appliance off of each). In a nutshell, each customer gets their own VLAN subinterface (which will cascade all the way down into their virtual machine), and we can define unique firewall rules (as well as establish IPSec VPN tunnels) on a per-customer basis. I'm looking at the following platforms: SSG-500 (ScreenOS) Juniper J-series (JunOS) It is not clear if I simply need the VR (virtual router) or VSYS (virtual system) feature(s) to do this -- I need a unique routing table, a unique set of firewall rules/zones, and the ability to define VPN tunnels even if there are overlapping VPN endpoint networks among multiple customers (e.g. both Customer "A" and Customer "B" use 192.168.1.x on their side). Any insight would be much appreciated. --Mike ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- - Mike Bacher / lista...@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com - ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4500 Experiences?
Joe, Chris Two new EX4500's are now available. EX4500-40F-FB-C - EX 4500, 40-port 10G SFP+ Converged Switch, 1200W AC PS, front to back airflow EX4500-40F-BF-C - EX 4500, 40-port 10G SFP+ Converged Switch, 1200W AC PS, back to front airflow The new "-C" versions of the EX4500 switches enable convergence with hardware support for Data Center Bridging (DCB, formerly known as Converged Enhanced Ethernet, or CEE) features in hardware, which are required to transport storage traffic over IP/Ethernet networks*. Thanks, Matt -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Chris Evans Sent: Monday, September 20, 2010 3:32 PM To: Joe Hamelin Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] EX4500 Experiences? It doesn't support fcoe as of yet. There is another sku coming out next year I believe that supports it. > Has anyone on-list deployed an EX4500 using FCoE? How did it work out for you? > > > -- > Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474 > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp