[j-nsp] SRX100
Does anyone have an example config for an SRX100 they could share? I understand JUNOS a bit but the vlan configuration is a bit confusing. harbor235 ;} ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] disable status vector on juniper router
Hello Community, For compatibility reasons with huawei routers we need to disable the BGP status vector (or bit vector) on juniper router. Is it possible ? and how ? Thanks a lot. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Uplink failure detection in EX series
Yes, it will come out in EX in 11.1 in Mar. On Wed, Mar 16, 2011 at 12:16 AM, Richard A Steenbergen r...@e-gerbil.netwrote: On Tue, Mar 15, 2011 at 12:25:59PM +0100, Tore Anderson wrote: Hi, I'm wondering if it possible to configure something equivalent to the EX2500's Uplink Failure Detection on the JUNOS-based EX series switches? I want to designate a couple of interfaces as uplink ports, and if they all go down, all the other ports on the switch should be disabled as well. I think uplink failure detection is on the roadmap for 11.1, though I'm not sure about the EX-specificness of it. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] disable status vector on juniper router
-Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- boun...@puck.nether.net] On Behalf Of meryem Z Sent: Friday, March 18, 2011 12:26 PM Cc: juniper-nsp@puck.nether.net Subject: [j-nsp] disable status vector on juniper router Hello Community, For compatibility reasons with huawei routers we need to disable the BGP status vector (or bit vector) on juniper router. Is it possible ? and how ? I've only heard this when referring to authentication w/ key-chain based signatures. Are you referring to this or something else. Please be more specific what exactly you are trying to disable from being advertised/negotiated/etc. Stefan Fouant, CISSP, JNCIEx2 www.shortestpathfirst.net GPG Key ID: 0xB4C956EC ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] disable status vector on juniper router
This problem happened when trying to implement VPLS between juniper and huawei routers. It seems that there is an extra byte on the BGP packets sent by juniper. On huawei routers under the vpls session it is possible to disable it. Thank you. From: sfou...@shortestpathfirst.net To: merye...@hotmail.com CC: juniper-nsp@puck.nether.net Subject: RE: [j-nsp] disable status vector on juniper router Date: Fri, 18 Mar 2011 12:37:19 -0400 -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- boun...@puck.nether.net] On Behalf Of meryem Z Sent: Friday, March 18, 2011 12:26 PM Cc: juniper-nsp@puck.nether.net Subject: [j-nsp] disable status vector on juniper router Hello Community, For compatibility reasons with huawei routers we need to disable the BGP status vector (or bit vector) on juniper router. Is it possible ? and how ? I've only heard this when referring to authentication w/ key-chain based signatures. Are you referring to this or something else. Please be more specific what exactly you are trying to disable from being advertised/negotiated/etc. Stefan Fouant, CISSP, JNCIEx2 www.shortestpathfirst.net GPG Key ID: 0xB4C956EC ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] disable status vector on juniper router
-Original Message- From: meryem Z [mailto:merye...@hotmail.com] Sent: Friday, March 18, 2011 12:48 PM To: sfou...@shortestpathfirst.net Cc: juniper-nsp@puck.nether.net Subject: RE: [j-nsp] disable status vector on juniper router This problem happened when trying to implement VPLS between juniper and huawei routers. It seems that there is an extra byte on the BGP packets sent by juniper. On huawei routers under the vpls session it is possible to disable it. Hi Meryem, If you are referring to Circuit status vector in VPLS, this is a mandatory sub-TLV within MP_REACH_NLRI. If Huawei doesn't recognize it, it sounds like they aren't conforming to the standard... I honestly have no idea how to turn this off :( Perhaps someone else on-list might be able to shed some light... Stefan Fouant, CISSP, JNCIEx2 www.shortestpathfirst.net GPG Key ID: 0xB4C956EC ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SFPs in MX.
I was doing some stuff to our MX the other day and our SFP's that came with the MX when we got it are recognized as NON-JNPR: FPC 0REV 13 750-031087 YE3588MPC Type 1 3D CPUREV 06 711-030884 YE6679MPC PMB 2G MIC 0 REV 22 750-028392 YD05093D 20x 1GE(LAN) SFP PIC 0 BUILTIN BUILTIN 10x 1GE(LAN)SFP Xcvr 0 NON-JNPR 99QT000162SFP-LX10 Xcvr 1 NON-JNPR PH46RFT SFP-SX Xcvr 2 NON-JNPR PHG3ZXF SFP-T Xcvr 3 NON-JNPR PHB6BYW SFP-T PIC 1 BUILTIN BUILTIN 10x 1GE(LAN)SFP They are made by MRV? I had an issue were there card that holds the SFP's rebooted on me the other day while I was doing some testing. I had a little 3560 switch attached to the LX and SX ports on the MX and was doing some cut and paste stuff to try and get a local BGP connection going for testing and both links and my console went down and realized the card that has the SFPs in it rebooted. The RE's were fine. JTAC suggested to upgrade to the lastest 10.4R2.6, which I did but the SFP's are still NON-JNPR. Is this ok? I have been really leery of any JunOS versions as I have read so many things from everyone here with real production boxes hitting so many bugs. I don't know if the latest and greatest is the way to go. Thanks, Keith ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SFPs in MX.
On Fri, Mar 18, 2011 at 10:58:28AM -0700, Keith wrote: I was doing some stuff to our MX the other day and our SFP's that came with the MX when we got it are recognized as NON-JNPR: FPC 0REV 13 750-031087 YE3588MPC Type 1 3D CPUREV 06 711-030884 YE6679MPC PMB 2G MIC 0 REV 22 750-028392 YD05093D 20x 1GE(LAN) SFP PIC 0 BUILTIN BUILTIN 10x 1GE(LAN)SFP Xcvr 0 NON-JNPR 99QT000162SFP-LX10 Xcvr 1 NON-JNPR PH46RFT SFP-SX Xcvr 2 NON-JNPR PHG3ZXF SFP-T Xcvr 3 NON-JNPR PHB6BYW SFP-T PIC 1 BUILTIN BUILTIN 10x 1GE(LAN)SFP They are made by MRV? What does: show chassis pic fpc-slot 0 pic-slot 0 say they are? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SFPs in MX.
On 3/18/2011 12:02 PM, Chuck Anderson wrote: What does: show chassis pic fpc-slot 0 pic-slot 0 show chassis pic fpc-slot 0 pic-slot 0 FPC slot 0, PIC slot 0 information: Type 10x 1GE(LAN) SFP StateOnline PIC version 2.22 Uptime 4 hours, 58 minutes, 49 seconds PIC port information: FiberXcvr vendor Port Cable typetype Xcvr vendorpart number Wavelength 0 GIGE 1000LX10 SMMRV COMM, INC. SFP-GD-LX 1310 nm 1 GIGE 1000SX MMMRVSFP-DGD-SX850 nm 2 GIGE 1000Tn/a MRVSFP-GA-R n/a 3 GIGE 1000Tn/a MRVSFP-GA-R n/a The uptime is not a good sign as I upgraded this box and rebooted both RE's: System booted: 2011-03-17 13:31:12 PDT (22:54:34 ago) Going through the messages log it appears an CHASSISD_SNMP_TRAP10: FRU Power-On is being generated then a whole lot of messages that looks like a whack of processes are restarting. Can't go into production like this. Thanks, Keith ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SFPs in MX.
On Fri, Mar 18, 2011 at 12:40:14PM -0700, Keith wrote: FPC slot 0, PIC slot 0 information: Type 10x 1GE(LAN) SFP StateOnline PIC version 2.22 Uptime 4 hours, 58 minutes, 49 seconds PIC port information: FiberXcvr vendor Port Cable typetype Xcvr vendorpart number Wavelength 0 GIGE 1000LX10 SMMRV COMM, INC. SFP-GD-LX 1310 nm 1 GIGE 1000SX MMMRVSFP-DGD-SX850 nm 2 GIGE 1000Tn/a MRVSFP-GA-R n/a 3 GIGE 1000Tn/a MRVSFP-GA-R n/a The uptime is not a good sign as I upgraded this box and rebooted both RE's: System booted: 2011-03-17 13:31:12 PDT (22:54:34 ago) Going through the messages log it appears an CHASSISD_SNMP_TRAP10: FRU Power-On is being generated then a whole lot of messages that looks like a whack of processes are restarting. Can't go into production like this. That means the DPC in question was rebooted 5 hours ago. If you weren't adding or restarting the card then, go look through the logs and figure out why. Scroll back starting at that FRU Power-On message. As for the MRV optics, yes they are non-Juniper branded. Juniper (or any other router vendor for that matter) doesn't actually make their own optics, they just slap a label on optics from a variety of other suppliers. Fortunately Juniper doesn't play games with vendor locking of optics, so you shouldn't have any problems. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SFPs in MX.
Did you buy them from Juniper? Each SFP has a EPROM with a vendor ID encoded on it and this information is displayed on the sh chassis hardware. They are compatible if everything is working but they are non-Juniper and not supported by JTAC. If you actually bought them from Juniper I'd say this is a bug. If not then you are just in new territory. I've done this a couple of times and it's been fine. I do it in the lab regularly if there are no Juniper sfp's available. I've even used cisco sfp's during an outage until the RMA arrived. YMMV though. On Fri, Mar 18, 2011 at 3:40 PM, Keith kwo...@citywest.ca wrote: On 3/18/2011 12:02 PM, Chuck Anderson wrote: What does: show chassis pic fpc-slot 0 pic-slot 0 show chassis pic fpc-slot 0 pic-slot 0 FPC slot 0, PIC slot 0 information: Type 10x 1GE(LAN) SFP StateOnline PIC version 2.22 Uptime 4 hours, 58 minutes, 49 seconds PIC port information: FiberXcvr vendor Port Cable typetype Xcvr vendorpart number Wavelength 0 GIGE 1000LX10 SMMRV COMM, INC. SFP-GD-LX 1310 nm 1 GIGE 1000SX MMMRVSFP-DGD-SX850 nm 2 GIGE 1000Tn/a MRVSFP-GA-R n/a 3 GIGE 1000Tn/a MRVSFP-GA-R n/a The uptime is not a good sign as I upgraded this box and rebooted both RE's: System booted: 2011-03-17 13:31:12 PDT (22:54:34 ago) Going through the messages log it appears an CHASSISD_SNMP_TRAP10: FRU Power-On is being generated then a whole lot of messages that looks like a whack of processes are restarting. Can't go into production like this. Thanks, Keith ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SFPs in MX.
On 3/18/2011 1:18 PM, Richard A Steenbergen wrote: That means the DPC in question was rebooted 5 hours ago. If you weren't adding or restarting the card then, go look through the logs and figure out why. Scroll back starting at that FRU Power-On message. Yes thats what I gathered. It happened to me on Tues when I was actually in the router on the console. Now I just noticed it again now that I'm 100 miles away from it. Its an MPC Trio. That is different than an DPC I think? I have a JTAC case open already and they are checking out the logs. At first glance the fellow thinks its hardware. I'm still too green on Juniper to know what I am looking at. I have dug through the knowledge base a *lot* the last few months but new stuff keeps popping up, like this current issue. As for the MRV optics, yes they are non-Juniper branded. Juniper (or any other router vendor for that matter) doesn't actually make their own optics, they just slap a label on optics from a variety of other suppliers. Fortunately Juniper doesn't play games with vendor locking of optics, so you shouldn't have any problems. Ah, thanks for that. Regards, Keith ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX100
I posted something on J-Net a while back comparing IOS and Junos VLAN configuration - the config examples will work just fine on the SRX100: http://forums.juniper.net/t5/Routing/VLANs-confusing/m-p/55740#M3340 On 18/03/2011, at 10:43 PM, harbor235 wrote: Does anyone have an example config for an SRX100 they could share? I understand JUNOS a bit but the vlan configuration is a bit confusing. harbor235 ;} ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX policy action to inject a route in a table??
I'm not aware of any roadmap features that will do this, as we have an existing method to do this today. It's easy enough to divert ingress traffic into a different routing-instance with FBF, then just apply stateful policy to it. Doug -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Clarke Morledge Sent: Friday, March 18, 2011 6:57 AM To: Stefan Fouant Cc: 'juniper-nsp' Subject: Re: [j-nsp] SRX policy action to inject a route in a table?? On Thu, 17 Mar 2011, Stefan Fouant wrote: Hi Clarke, Doug's suggestion of using a firewall-filter with an action of then routing-instance is probably the cleanest way to do this. We call this Filter-Based Forwarding or FBF in Juniper speak but this is no different from Policy-Based Routing (PBR) on other vendor platforms. Firewall-filters (stateless) are processed before stateful services so this wouldn't be an action that you find under the 'security policies' stanza of the configuration hierarchy, but rather would be configured under 'firewall-filters'. Hi, Stefan, Yes, the firewall filter idea is a good one, but I was hoping to leverage some of the more stateful and/or screen functions that the SRX has to achieve the same thing. The event script concept is intriguing, but the challenge is how to trigger the event appropriately. Clarke Morledge College of William and Mary Information Technology - Network Engineering Jones Hall (Room 18) Williamsburg VA 23187 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Load balancing using Ethernet Aggregate interface ae0
Hi Doug, All Since I have 6509 but without VSS I decided to expand my links using the same existing model which use one primary link connected to switch and another backup link to another switch both of them in the same Ethernet aggregate interface ae0. so please confirm this new setup to increase the links I will add one more primary and one backup links and configure in both switches ether channel ports but still from the juniper side the same ether aggregate interface will contain FOUR physical interfaces. Juniper R1 --- ae0 two primary interfaces -- two interfaces in one layer-2 ether channel port Po1 Cisco SW1 Juniper R1 --- ae0 two backup interfaces -- two interfaces in one layer-2 ether channel port Po1 Cisco SW2 -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of medrees Sent: Wednesday, March 16, 2011 11:02 AM To: 'Doug Hanks'; juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Load balancing using Ethernet Aggregate interface ae0 Thanks Doug a lot. -Original Message- From: Doug Hanks [mailto:dha...@juniper.net] Sent: Wednesday, March 16, 2011 9:35 AM To: medrees; juniper-nsp@puck.nether.net Subject: RE: [j-nsp] Load balancing using Ethernet Aggregate interface ae0 Is the Cisco switch you're connecting to a 6509 with VSS? If so, yes you can do that. If not, you won't be able to. -Original Message- From: medrees [mailto:medr...@isu.net.sa] Sent: Tuesday, March 15, 2011 11:31 PM To: Doug Hanks; juniper-nsp@puck.nether.net Subject: RE: [j-nsp] Load balancing using Ethernet Aggregate interface ae0 Hi Doug Thanks for your reply, my question is that is it possible to make aggregation in two links from juniper side and the other side is connected to two different Layer-2 Cisco switches for load balance? currently I'm connected this setup but one physical interface as primary and the other as backup inside the ae0. -Original Message- From: Doug Hanks [mailto:dha...@juniper.net] Sent: Wednesday, March 16, 2011 9:17 AM To: medrees; juniper-nsp@puck.nether.net Subject: RE: [j-nsp] Load balancing using Ethernet Aggregate interface ae0 If I understand your question correctly ... LACP requires a single signaling plane, so the remote devices need to be a virtual-chassis, mc-lag, VSS or some other virtualization technology. If you use a static LAG, there's no signaling at all, and the above still applies, as the packets have to be reassembled on the remote device. If the remote devices truly are separate, you will just end up black holing the traffic. In this case just using a routing protocol. Doug -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of medrees Sent: Tuesday, March 15, 2011 11:06 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] Load balancing using Ethernet Aggregate interface ae0 Hi Expertise I'm going to create new Aggregate Ethernet for M10i router to load balance the traffic among these interfaces and I know that juniper router can do this aggregation even if the remote side is connected to two different devices, so in this case I won't deploy LACP and will use the ON mode , but I'm confused if it will work correctly and what is the operation mechanism the router use to can force the other side devices to load share the downstream traffic on aggregated physical interfaces. So if anyone can help me with documentation or his experience for this task send to me. Thanks in advance. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp