Re: [j-nsp] BGP Policy - then accept == Route Reflector?

[Sebastian Wiesinger]

* Brad Fleming bdfle...@gmail.com [2010-11-12 16:48]:
 the MX960 with 9.6R2.11 did that. I was quite surprised as I was
 expecting the behaviour you describe.

 Do you happen to have configurations saved from that situation? That  
 seems like either (a) a MASSIVE BGP bug or (b) configuration causing  
 unintended results. With a sample config, we might be able to confirm or 
 deny the (b) possibility.

Hello,

it was a relatively simple configuration for testing purposes. This
was the iBGP configuration, I only changed the IPs and Communities:

group access-int {
type internal;
local-address 192.168.0.10;
import access-rt-in;
authentication-key XXX; ## SECRET-DATA
export [ next-hop-self access-rt-out ];
neighbor 192.168.0.1;
neighbor 192.168.0.2;
neighbor 192.168.0.3;
neighbor 192.168.0.4;
neighbor 192.168.0.5;
neighbor 192.168.0.6;
neighbor 192.168.0.7;
neighbor 192.168.0.8;
neighbor 192.168.0.9;
}

community blackhole-com members [ 65000:1 65000:2 ];
community no-export members no-export;

as-path private 64512-65535;
as-path no-as ();

policy-statement next-hop-self {
from protocol bgp;
then {
next-hop self;
}
}

policy-statement access-rt-in {
term 10 {
from community blackhole-com;
then accept;
}
term 20 {
then {
community add no-export;
}
}
}
policy-statement access-rt-out {
term 10 {
from as-path [ private no-as ];
then accept;
}
term 100 {
then reject;
}
}




-- 
New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX100/2x0 as small MPLS CPE?

[Miroslav Georgiev]

On 11/15/2010 07:31 PM, sth...@nethelp.no wrote:

The SRX only supports traffic with a single tag.  I don't think you can
provide L2 services without at least two tags.
   

Interesting; do you have a reference?
 

You *can* provide MPLS L2 services with some difficulty with just a
single tag - this is what Juniper offers on the EX switch series.
Means you need to use an MPLS LSP as your building element instead
of a pseudowire / Martini tunnel. It's not nearly as convenient,
though.

And mind you, I have not verified whether the SRX series supports
enough MPLS functionality to do this.
   

I've tested Kompella l2vpn and it's working fine.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


   

--
Regards,,,
Miroslav Georgiev
SpectrumNet Jsc.
+(359 2)4890604
+(359 2)4890619


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] EX 10.0S10.1

[Bill Blackford]

So I recently updated almost everything to 10.0R4.7 (I still have some stuff on 
10.0S1.1). I'm not experiencing any issues, that I'm aware of. I would like to 
see the IGMP snooping issues ironed out, but for the most part, I'm content.

My question is should I wait 'til the next recommended release, or is there a 
compelling reason I should update everything again, now? I am a little 
concerned about the [PR/546674 EX4200 Virtual Chassis problem not passing 
traffic] issue.

Thanks,

-b



--
Bill Blackford 
Senior Network Engineer
Technology Systems Group   
Northwest Regional ESD 

Logged into reality and abusing my sudo priviledges


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX 10.0S10.1

[Dale Shaw]

Hi Bill,

On Wed, Nov 17, 2010 at 8:44 AM, Bill Blackford
bblackf...@nwresd.k12.or.us wrote:
 So I recently updated almost everything to 10.0R4.7 (I still have some stuff 
 on 10.0S1.1). I'm not experiencing any issues, that I'm aware of. I would 
 like to see the IGMP snooping issues ironed out, but for the most part, I'm 
 content.

 My question is should I wait 'til the next recommended release, or is there a 
 compelling reason I should update everything again, now? I am a little 
 concerned about the [PR/546674 EX4200 Virtual Chassis problem not passing 
 traffic] issue.

We're in a similar boat. We're running 10.0S1 almost exclusively and
just started to play with 10.0R4. I saw the PSN bulletin for 10.0S10
yesterday and saw all the multicast PRs. *sigh*

I suspect we're being bitten by the
VLAN-tag-gets-mangled-when-multicast-flooded-over-dot1q-trunk bug. I'm
waiting for some advice back from the JTAC about whether any of the
PRs fixed in 10.0S10 could be a factor in one or two open cases.

Cheers,
Dale
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] AE Bundle Load Balancing | EX series

[Bill Blackford]

How would I determine the load balancing method in use for aggregated Ethernet 
bundles, what the choices are and how to change?

Thanks,

-b

--
Bill Blackford 
Senior Network Engineer
Technology Systems Group   
Northwest Regional ESD 

Logged into reality and abusing my sudo priviledges



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp