date:20110322

Re: [j-nsp] Tower top switch/router recommendation..

2011-03-22 Thread Doug Hanks

I would have to look into it, but you should be able to set a max 
bandwidth/transmit under cos then use filters + policers per customer.

-Original Message-
From: Peter Kranz [mailto:pkr...@unwiredltd.com] 
Sent: Tuesday, March 22, 2011 5:49 PM
To: Doug Hanks; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Tower top switch/router recommendation..

Hi Doug,
Thanks for responding..

I need to be able to do something like this;

Customer BW Pool of 20 Mbps up and down
Customer A, 5 Mbps committed information rate CIR, burstable to 15
Mbps as long as resources are available
Customer B, 5 Mbps committed information rate CIR, burstable to 15
Mbps as long as resources are available..

If both customers attempt 15 Mbps at the same time, the switch should give
each 10 Mbps..

Easy to do in HTB using RATE= and CEIL= statements, but I can't figure out
how to do it in JunOS..

Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com

-Original Message-
From: Doug Hanks [mailto:dha...@juniper.net] 
Sent: Tuesday, March 22, 2011 5:13 PM
To: Peter Kranz; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Tower top switch/router recommendation..

Maybe someone else can chime in, as I'm not an expert with MIR.

Junos policers use the token bucket algorithm and allow you to configure a
bandwidth-limit and burst-size-limit.

You can create firewall filters to match traffic and apply these filters as
coarse or as granular as you need.

Here's an example of a 1m policer:

policer 1m {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 125k;
}
then discard;

Doug

-Original Message-
From: Peter Kranz [mailto:pkr...@unwiredltd.com]
Sent: Tuesday, March 22, 2011 4:43 PM
To: Doug Hanks; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Tower top switch/router recommendation..

It seems like on the EX platform, I would need each customer in a separate
VLAN for this to work (All customers on one port are on the same VLAN, and
only split by subnets).. Also don't see how one goes about setting up a
MIR.. CIR seems straight forward..

Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com

-Original Message-
From: Doug Hanks [mailto:dha...@juniper.net]
Sent: Tuesday, March 22, 2011 4:29 PM
To: Peter Kranz; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Tower top switch/router recommendation..

The EX4200-48P - supports virtual-chassis[1] - or the EX3200-48P can do
this, although is requires an advanced license for BGP (EX-48-AFL).

CoS is pretty much the same for all Junos devices.  Take a look at the
technical documentation for the EX and CoS.

http://www.juniper.net/techpubs/en_US/junos10.4/information-products/pathway
-pages/ex-series/cos.html

[1] http://www.juniper.net/us/en/local/pdf/datasheets/1000215-en.pdf

Doug

-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Peter Kranz
Sent: Tuesday, March 22, 2011 3:20 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Tower top switch/router recommendation..

I'm wondering if this is something that could be done with Junipers;

On our mountain top sites, we currently have dual 48 port POE switches, and
dual Dell 1950's running Quagga/Zebra routing suites..
The sites support wimax access points and redundant microwave backhauls to
other towers or our data centers..
OSPF/BGP is used to mesh the sites with Quagga/Zebra handling the route
failover..
Each access point (one per port on the switch) can have up to 75 customers
on them, and we use HTB on Linux to apply CIR and MIR rules to each customer
at a subnet level..

Over the years, this solution has proven to be reliable, and surprisingly
high performance, but as traffic volumes to the towers grow with
next-generation products, we are starting to push 400-600 Mbps to the
towers. Additionally, it's a bit of a pain to rebuild failed linux routers
in the field, or replace power supplies, hard drives, etc..

So, I'm looking for some form of stacking router/switch solution that could
handle BGP/OSPF/~75 MIR and CIR rules per interface with enforcement by
customer subnet (they are all on the same interface and vlan)/and tcpdump
for easy debug of customer connectivity problems..

Possible with Juniper? Is so, what device, and what QOS rules? 

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Tower top switch/router recommendation..

2011-03-22 Thread Peter Kranz

Hi Doug,
Thanks for responding..

I need to be able to do something like this;

Customer BW Pool of 20 Mbps up and down
Customer A, 5 Mbps committed information rate CIR, burstable to 15
Mbps as long as resources are available
Customer B, 5 Mbps committed information rate CIR, burstable to 15
Mbps as long as resources are available..

If both customers attempt 15 Mbps at the same time, the switch should give
each 10 Mbps..

Easy to do in HTB using RATE= and CEIL= statements, but I can't figure out
how to do it in JunOS..

Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com

-Original Message-
From: Doug Hanks [mailto:dha...@juniper.net] 
Sent: Tuesday, March 22, 2011 5:13 PM
To: Peter Kranz; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Tower top switch/router recommendation..

Maybe someone else can chime in, as I'm not an expert with MIR.

Junos policers use the token bucket algorithm and allow you to configure a
bandwidth-limit and burst-size-limit.

You can create firewall filters to match traffic and apply these filters as
coarse or as granular as you need.

Here's an example of a 1m policer:

policer 1m {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 125k;
}
then discard;

Doug

-Original Message-
From: Peter Kranz [mailto:pkr...@unwiredltd.com]
Sent: Tuesday, March 22, 2011 4:43 PM
To: Doug Hanks; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Tower top switch/router recommendation..

It seems like on the EX platform, I would need each customer in a separate
VLAN for this to work (All customers on one port are on the same VLAN, and
only split by subnets).. Also don't see how one goes about setting up a
MIR.. CIR seems straight forward..

Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com



-Original Message-
From: Doug Hanks [mailto:dha...@juniper.net]
Sent: Tuesday, March 22, 2011 4:29 PM
To: Peter Kranz; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Tower top switch/router recommendation..

The EX4200-48P - supports virtual-chassis[1] - or the EX3200-48P can do
this, although is requires an advanced license for BGP (EX-48-AFL).

CoS is pretty much the same for all Junos devices.  Take a look at the
technical documentation for the EX and CoS.

http://www.juniper.net/techpubs/en_US/junos10.4/information-products/pathway
-pages/ex-series/cos.html

[1] http://www.juniper.net/us/en/local/pdf/datasheets/1000215-en.pdf

Doug

-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Peter Kranz
Sent: Tuesday, March 22, 2011 3:20 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Tower top switch/router recommendation..

I'm wondering if this is something that could be done with Junipers;

On our mountain top sites, we currently have dual 48 port POE switches, and
dual Dell 1950's running Quagga/Zebra routing suites..
The sites support wimax access points and redundant microwave backhauls to
other towers or our data centers..
OSPF/BGP is used to mesh the sites with Quagga/Zebra handling the route
failover..
Each access point (one per port on the switch) can have up to 75 customers
on them, and we use HTB on Linux to apply CIR and MIR rules to each customer
at a subnet level..

Over the years, this solution has proven to be reliable, and surprisingly
high performance, but as traffic volumes to the towers grow with
next-generation products, we are starting to push 400-600 Mbps to the
towers. Additionally, it's a bit of a pain to rebuild failed linux routers
in the field, or replace power supplies, hard drives, etc..

So, I'm looking for some form of stacking router/switch solution that could
handle BGP/OSPF/~75 MIR and CIR rules per interface with enforcement by
customer subnet (they are all on the same interface and vlan)/and tcpdump
for easy debug of customer connectivity problems..

Possible with Juniper? Is so, what device, and what QOS rules? 

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX650 Failover Test Issue

2011-03-22 Thread Michael Lee

Sounds like the interface did not put into group, and should use fxp0 ip instead

Regards

-mike

On Mar 22, 2011, at 12:05, Pavel Lunin  wrote:

>> 
>> While testing the failover in SRX650 cluster. I have removed the control
>> link between the primary and secondary. The secondary node went to
>> ineligible mode. The secondry FW is still accessible through OoB
>> interface. When I returned back the control link I couldn't reach the FW
>> through OoB interface "ge-0/0/0". The only way to access the box is
>> through console and found the secondary firewall is in disable mode.
>> Then when I rebooted the whole firewall, it worked normally. Is it
>> normal? And how to reach the secondary firewall remotely in case of
>> control link flap? I have faced the same issue when removing the fab
>> link.
>> 
>> 
>> 
> Looks like a routing issue. Try to check it out with "show route a.b.c.d"
> command, when you access the disabled box through the console port, where
> a.b.c.d is IP address of the machine, you are trying to get remote access
> form. Most probably it will show you something different from a route
> pointing through fxp0. If this is the case, you need to configure a backup
> router, which would make the disabled node (which does not run rpd) to route
> packets to the management station through fxp0.
> 
> http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-system-basics/backup-router-configuring.html
> 
> BTW, next time you want the public to guess the solution for your issue, try
> to be a bit more informative in providing basic troubleshooting details. E.
> g. instead of just saying "I couldn't reach the FW through OoB interface
> "ge-0/0/0"", it would've been better to say something like "I checked the
> whole path from my machine a.b.c.d/24 to the fxp0 interface of the node1,
> which has address w.x.y.z/24 and… I see the packets coming to the
> penultimate hop router, but the FW's fxp0 interface, which is the next and
> last hop, does [not] respond to ARP requests… Than I tried to ping my
> machine back from the FW with "ping a.b.c.d interface fxp0", and got the
> following output… than I performed a traceroute… I checked what comes to the
> fxp0 interface with "monitor traffic interface fxp0" and saw…", etc.
> 
> Otherwise, I'm afraid, this sort of gambling-style troubleshooting, in which
> you ask us to help you, will not be much effective anyway. Monte-Carlo is a
> good method but it's too slow in convergence.
> 
> --
> Pavel
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Tower top switch/router recommendation..

2011-03-22 Thread Doug Hanks

Maybe someone else can chime in, as I'm not an expert with MIR.

Junos policers use the token bucket algorithm and allow you to configure a 
bandwidth-limit and burst-size-limit.

You can create firewall filters to match traffic and apply these filters as 
coarse or as granular as you need.

Here's an example of a 1m policer:

policer 1m {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 125k;
}
then discard;

Doug

-Original Message-
From: Peter Kranz [mailto:pkr...@unwiredltd.com] 
Sent: Tuesday, March 22, 2011 4:43 PM
To: Doug Hanks; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Tower top switch/router recommendation..

It seems like on the EX platform, I would need each customer in a separate
VLAN for this to work (All customers on one port are on the same VLAN, and
only split by subnets).. Also don't see how one goes about setting up a
MIR.. CIR seems straight forward..

Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com



-Original Message-
From: Doug Hanks [mailto:dha...@juniper.net] 
Sent: Tuesday, March 22, 2011 4:29 PM
To: Peter Kranz; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Tower top switch/router recommendation..

The EX4200-48P - supports virtual-chassis[1] - or the EX3200-48P can do
this, although is requires an advanced license for BGP (EX-48-AFL).

CoS is pretty much the same for all Junos devices.  Take a look at the
technical documentation for the EX and CoS.

http://www.juniper.net/techpubs/en_US/junos10.4/information-products/pathway
-pages/ex-series/cos.html

[1] http://www.juniper.net/us/en/local/pdf/datasheets/1000215-en.pdf

Doug

-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Peter Kranz
Sent: Tuesday, March 22, 2011 3:20 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Tower top switch/router recommendation..

I'm wondering if this is something that could be done with Junipers;

On our mountain top sites, we currently have dual 48 port POE switches, and
dual Dell 1950's running Quagga/Zebra routing suites..
The sites support wimax access points and redundant microwave backhauls to
other towers or our data centers..
OSPF/BGP is used to mesh the sites with Quagga/Zebra handling the route
failover..
Each access point (one per port on the switch) can have up to 75 customers
on them, and we use HTB on Linux to apply CIR and MIR rules to each customer
at a subnet level..

Over the years, this solution has proven to be reliable, and surprisingly
high performance, but as traffic volumes to the towers grow with
next-generation products, we are starting to push 400-600 Mbps to the
towers. Additionally, it's a bit of a pain to rebuild failed linux routers
in the field, or replace power supplies, hard drives, etc..

So, I'm looking for some form of stacking router/switch solution that could
handle BGP/OSPF/~75 MIR and CIR rules per interface with enforcement by
customer subnet (they are all on the same interface and vlan)/and tcpdump
for easy debug of customer connectivity problems..

Possible with Juniper? Is so, what device, and what QOS rules? 

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Tower top switch/router recommendation..

2011-03-22 Thread Peter Kranz

It seems like on the EX platform, I would need each customer in a separate
VLAN for this to work (All customers on one port are on the same VLAN, and
only split by subnets).. Also don't see how one goes about setting up a
MIR.. CIR seems straight forward..

Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com



-Original Message-
From: Doug Hanks [mailto:dha...@juniper.net] 
Sent: Tuesday, March 22, 2011 4:29 PM
To: Peter Kranz; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Tower top switch/router recommendation..

The EX4200-48P - supports virtual-chassis[1] - or the EX3200-48P can do
this, although is requires an advanced license for BGP (EX-48-AFL).

CoS is pretty much the same for all Junos devices.  Take a look at the
technical documentation for the EX and CoS.

http://www.juniper.net/techpubs/en_US/junos10.4/information-products/pathway
-pages/ex-series/cos.html

[1] http://www.juniper.net/us/en/local/pdf/datasheets/1000215-en.pdf

Doug

-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Peter Kranz
Sent: Tuesday, March 22, 2011 3:20 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Tower top switch/router recommendation..

I'm wondering if this is something that could be done with Junipers;

On our mountain top sites, we currently have dual 48 port POE switches, and
dual Dell 1950's running Quagga/Zebra routing suites..
The sites support wimax access points and redundant microwave backhauls to
other towers or our data centers..
OSPF/BGP is used to mesh the sites with Quagga/Zebra handling the route
failover..
Each access point (one per port on the switch) can have up to 75 customers
on them, and we use HTB on Linux to apply CIR and MIR rules to each customer
at a subnet level..

Over the years, this solution has proven to be reliable, and surprisingly
high performance, but as traffic volumes to the towers grow with
next-generation products, we are starting to push 400-600 Mbps to the
towers. Additionally, it's a bit of a pain to rebuild failed linux routers
in the field, or replace power supplies, hard drives, etc..

So, I'm looking for some form of stacking router/switch solution that could
handle BGP/OSPF/~75 MIR and CIR rules per interface with enforcement by
customer subnet (they are all on the same interface and vlan)/and tcpdump
for easy debug of customer connectivity problems..

Possible with Juniper? Is so, what device, and what QOS rules? 

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Tower top switch/router recommendation..

2011-03-22 Thread Doug Hanks

The EX4200-48P - supports virtual-chassis[1] - or the EX3200-48P can do this, 
although is requires an advanced license for BGP (EX-48-AFL).

CoS is pretty much the same for all Junos devices.  Take a look at the 
technical documentation for the EX and CoS.

http://www.juniper.net/techpubs/en_US/junos10.4/information-products/pathway-pages/ex-series/cos.html

[1] http://www.juniper.net/us/en/local/pdf/datasheets/1000215-en.pdf

Doug

-Original Message-
From: juniper-nsp-boun...@puck.nether.net 
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Peter Kranz
Sent: Tuesday, March 22, 2011 3:20 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Tower top switch/router recommendation..

I'm wondering if this is something that could be done with Junipers;

On our mountain top sites, we currently have dual 48 port POE switches, and
dual Dell 1950's running Quagga/Zebra routing suites..
The sites support wimax access points and redundant microwave backhauls to
other towers or our data centers..
OSPF/BGP is used to mesh the sites with Quagga/Zebra handling the route
failover..
Each access point (one per port on the switch) can have up to 75 customers
on them, and we use HTB on Linux to apply CIR and MIR rules to each customer
at a subnet level..

Over the years, this solution has proven to be reliable, and surprisingly
high performance, but as traffic volumes to the towers grow with
next-generation products, we are starting to push 400-600 Mbps to the
towers. Additionally, it's a bit of a pain to rebuild failed linux routers
in the field, or replace power supplies, hard drives, etc..

So, I'm looking for some form of stacking router/switch solution that could
handle BGP/OSPF/~75 MIR and CIR rules per interface with enforcement by
customer subnet (they are all on the same interface and vlan)/and tcpdump
for easy debug of customer connectivity problems..

Possible with Juniper? Is so, what device, and what QOS rules? 

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] about 10.4R3 on EX

2011-03-22 Thread Richard A Steenbergen

On Tue, Mar 22, 2011 at 03:46:36PM -0500, Richard A Steenbergen wrote:
> The process of upgrading to a resilient dual-root partitions release 
> takes longer due to the additional step of upgrading the loader software 
> and a longer reboot time while the disk is reformattedto four partitions 
> during the reboot of the switch that completes the Junos OS upgrade. The 
> reformat increases the reboot time for EX2200, EX3200, EX4200, and 
> EX4500 switches by 5 to 10 minutes. For EX8200 switches, the reboot time 
> increases by 10 to 25 minutes per Routing Engine, and additional reboots 
> are required.

Also, in reading the upgrade process for the new boot loader, it says:

For an EX8200 switch with redundant Routing Engines, you must upgrade 
the loader software on both Routing Engines. You can upgrade the loader 
software on a Routing Engine only when it is master. Make sure that 
graceful Routing Engine switchover (GRES) and nonstop active routing 
(NSR) are disabled before you begin the upgrade.

The requirement that you can only upgrade it when the RE is the master 
is a pretty serious issue. This means you can't just pre-stage the 
upgrade on the backup RE and then switch over to it in a single move, 
you've got to take down the entire device for the duration of multiple 
reloads (4 apparently, 2 per RE * 2 REs) to complete the upgrade. Is 
there some other interpretation of this that I'm missing? From my quick 
lab testing it looks like you can at least get the jinstall and 25 
minute reformatting out of the way beforehand, but you've still got to 
be master to upgrade the actual loader.

-- 
Richard A Steenbergenhttp://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Tower top switch/router recommendation..

2011-03-22 Thread Peter Kranz

I'm wondering if this is something that could be done with Junipers;

On our mountain top sites, we currently have dual 48 port POE switches, and
dual Dell 1950's running Quagga/Zebra routing suites..
The sites support wimax access points and redundant microwave backhauls to
other towers or our data centers..
OSPF/BGP is used to mesh the sites with Quagga/Zebra handling the route
failover..
Each access point (one per port on the switch) can have up to 75 customers
on them, and we use HTB on Linux to apply CIR and MIR rules to each customer
at a subnet level..

Over the years, this solution has proven to be reliable, and surprisingly
high performance, but as traffic volumes to the towers grow with
next-generation products, we are starting to push 400-600 Mbps to the
towers. Additionally, it's a bit of a pain to rebuild failed linux routers
in the field, or replace power supplies, hard drives, etc..

So, I'm looking for some form of stacking router/switch solution that could
handle BGP/OSPF/~75 MIR and CIR rules per interface with enforcement by
customer subnet (they are all on the same interface and vlan)/and tcpdump
for easy debug of customer connectivity problems..

Possible with Juniper? Is so, what device, and what QOS rules? 

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX4200 BPDU on access port

2011-03-22 Thread Ben Dale

This is perfectly normal spanning-tree behaviour - if edge ports didn't send 
BPDUs and you looped a cable between two edge ports then broadcast storm 
hilarity would ensue.

If you want to stop this from occurring (and have a good understanding of the 
implications of doing this between two switches), disable RSTP on the interface:

set protocols rstp interface ge-0/0/0 disable

If you're just trying to keep your RSTP topology separate but want to keep the 
protection mechanisms in place, use root-guard:

set protocols rstp interface ge-0/0/0.0 mode point-to-point
set protocols rstp interface ge-0/0/0.0 no-root-port

If you're carrying traffic for your customer from one site to another (Q-in-Q) 
and they need their spanning-tree topology maintained transparently across your 
network, then you'll need to use dot1q-tunneling:

set vlans CUST-A-OUTER dot1q-tunneling layer2-protocol-tunneling stp
set vlans CUST-A-OUTER dot1q-tunneling layer2-protocol-tunneling vstp

On 23/03/2011, at 8:10 AM, Pavel Dimow wrote:

> Hi,
> 
> I have strange situation where my customer receives bpdu's on his
> cisco switch from my ex4200 despite the fact that I have configured my
> port as access (default in JUNOS)
> and as edge on rstp configuration. Is this normal or I don't have luck
> with 10.3 version?
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX4200 BPDU on access port

2011-03-22 Thread Doug Hanks

All the edge knob does is transition the port directly to the FWD state.

{master:0}[edit]
dhanks@EX4500-2# run show spanning-tree interface xe-0/0/38

Spanning tree interface parameters for instance 0

InterfacePort IDDesignated  Designated PortState  Role
 port IDbridge ID  Cost
xe-0/0/38.0128:551  128:551  32768.50c58ea24540  2000  FWDROOT

{master:0}[edit]
dhanks@EX4500-2# set protocols rstp interface xe-0/0/38 edge

{master:0}[edit]
dhanks@EX4500-2# commit
configuration check succeeds commit complete

{master:0}[edit]
dhanks@EX4500-2# run show spanning-tree interface xe-0/0/38

Spanning tree interface parameters for instance 0

InterfacePort IDDesignated  Designated PortState  Role
 port IDbridge ID  Cost
xe-0/0/38.0128:551  128:551  32768.50c58ea24540  2000  FWDROOT

{master:0}[edit]
dhanks@EX4500-2#

-Original Message-
From: juniper-nsp-boun...@puck.nether.net 
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Pavel Dimow
Sent: Tuesday, March 22, 2011 3:11 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] EX4200 BPDU on access port

Hi,

I have strange situation where my customer receives bpdu's on his
cisco switch from my ex4200 despite the fact that I have configured my
port as access (default in JUNOS)
and as edge on rstp configuration. Is this normal or I don't have luck
with 10.3 version?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] about 10.4R3 on EX

2011-03-22 Thread Doug Hanks

Another feature of the dual root partition is that it will allow you to switch 
between software versions using "request system software rollback" without 
reinstalling the image.  Don't forget in production to keep both the partitions 
in sync with "request system snapshot slice"

You can check to see what versions are installed on each partition with "show 
system snapshot media internal"

Doug

-Original Message-
From: juniper-nsp-boun...@puck.nether.net 
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Doug Hanks
Sent: Tuesday, March 22, 2011 2:45 PM
To: t...@muppetz.com; Kaj Niemi
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] about 10.4R3 on EX

Yes the resilient dual root partition was implemented to deal with this issue 
on the EX.  I believe this is pretty similar to what the branch SRX do today.

Doug

-Original Message-
From: juniper-nsp-boun...@puck.nether.net 
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of TiM
Sent: Tuesday, March 22, 2011 1:15 PM
To: Kaj Niemi
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] about 10.4R3 on EX

On Wed, March 23, 2011 8:54 am, Kaj Niemi wrote:
> Hi,
>
> 
> To whomever who decided to introduce new features in a R3 release, thanks
> ;-( Specifically installing jloader separately is highly appreciated.
> 

You'll probably be thanking them when your switch loses power* and when
you restore it, you find your bootable filesystem isn't corrupted.

At least I'm _hoping_ that's what this 4th partition is designed to fix.

Context: http://www.gossamer-threads.com/lists/nsp/juniper/25513

Tim

*Yes, I know you should have a working UPS etc.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] EX4200 BPDU on access port

2011-03-22 Thread Pavel Dimow

Hi,

I have strange situation where my customer receives bpdu's on his
cisco switch from my ex4200 despite the fact that I have configured my
port as access (default in JUNOS)
and as edge on rstp configuration. Is this normal or I don't have luck
with 10.3 version?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] about 10.4R3 on EX

2011-03-22 Thread Doug Hanks

Yes the resilient dual root partition was implemented to deal with this issue 
on the EX.  I believe this is pretty similar to what the branch SRX do today.

Doug

-Original Message-
From: juniper-nsp-boun...@puck.nether.net 
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of TiM
Sent: Tuesday, March 22, 2011 1:15 PM
To: Kaj Niemi
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] about 10.4R3 on EX

On Wed, March 23, 2011 8:54 am, Kaj Niemi wrote:
> Hi,
>
> 
> To whomever who decided to introduce new features in a R3 release, thanks
> ;-( Specifically installing jloader separately is highly appreciated.
> 

You'll probably be thanking them when your switch loses power* and when
you restore it, you find your bootable filesystem isn't corrupted.

At least I'm _hoping_ that's what this 4th partition is designed to fix.

Context: http://www.gossamer-threads.com/lists/nsp/juniper/25513

Tim

*Yes, I know you should have a working UPS etc.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] snmp fan bug? and are environmental thresholds configurable?

2011-03-22 Thread Dale Shaw

Hi,

On Sun, Mar 20, 2011 at 9:50 PM, bas  wrote:
>
> We have a bunch of mx480's running either 10.3r3 and 10.4r2
> About 20 times a day the fans in these boxes switch from normal speed
> to intermediate speed.

Sorry for hijacking your thread, but do you (or does anyone) know why
the fan speed changes like this?

I've noticed on EX-series, the fans go from 'spinning at normal speed'
to 'spinning at high speed' on a regular schedule even when the
ambient temperature hasn't significantly changed and the box isn't
doing much in particular.

We've got some EX2200 switches in physical spaces where the jet
engine-like noise the EX4200 generates isn't desirable. Unfortunately
the EX2200s make quite a racket when their fans spin at high speed as
well.

Cheers,
Dale
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] about 10.4R3 on EX

2011-03-22 Thread Dale Shaw

Hi,

On Wed, Mar 23, 2011 at 7:48 AM, Kaj Niemi  wrote:
> It took 838 seconds on a 2 member EX4200 VC bundle. Yes, I did time it. ;-)

That does sound a bit painful, but not as painful as the file system
corruption this feature aims to fix.

I wonder what happened to the idea of implementing NANDFS?

Cheers,
Dale
(..looking forward to putting 10.4R3 in the lab.)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] netflow collector on linux

2011-03-22 Thread Gabriel Blanchard

flow-tools

On 2011-03-22, at 2:03 PM, Michael Lee wrote:

> Hello:
> 
> I am trying to eval netflow collector for multi-vendor hardwares, anyone
> could suggest any good commercial netflow collector running on Linux?
> 
> Thanks,
> 
> ~mike
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] about 10.4R3 on EX

2011-03-22 Thread Keegan Holley

On Tue, Mar 22, 2011 at 3:54 PM, Kaj Niemi  wrote:

> Hi,
>
> 
> To whomever who decided to introduce new features in a R3 release, thanks
> ;-( Specifically installing jloader separately is highly appreciated.
> 
>
>
> 

  I think they've begun outsourcing their dev to microsoft.
   

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] about 10.4R3 on EX

2011-03-22 Thread TiM

On Wed, March 23, 2011 8:54 am, Kaj Niemi wrote:
> Hi,
>
> 
> To whomever who decided to introduce new features in a R3 release, thanks
> ;-( Specifically installing jloader separately is highly appreciated.
> 

You'll probably be thanking them when your switch loses power* and when
you restore it, you find your bootable filesystem isn't corrupted.

At least I'm _hoping_ that's what this 4th partition is designed to fix.

Context: http://www.gossamer-threads.com/lists/nsp/juniper/25513

Tim

*Yes, I know you should have a working UPS etc.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] about 10.4R3 on EX

2011-03-22 Thread Kaj Niemi

It took 838 seconds on a 2 member EX4200 VC bundle. Yes, I did time it. ;-)



Kaj




On 22/3/2011 22:46, "Richard A Steenbergen"  wrote:

>On Tue, Mar 22, 2011 at 12:54:25PM -0700, Kaj Niemi wrote:
>> Hi,
>> 
>> 
>> To whomever who decided to introduce new features in a R3 release,
>>thanks
>> ;-( Specifically installing jloader separately is highly appreciated.
>> 
>
>Sadly, they've been silently introducing new features in the middle of a
>bug fix release (and introducing new bugs too, which is how I find out
>about them) for a while now. But for extra bonus points, be prepared for
>the upgrade to take a REALLY long time to complete too. :)
>
>From the release notes:
>
>How Long Will the Upgrade Process Take?
>
>The process of upgrading to a resilient dual-root partitions release
>takes longer due to the additional step of upgrading the loader software
>and a longer reboot time while the disk is reformattedto four partitions
>during the reboot of the switch that completes the Junos OS upgrade. The
>reformat increases the reboot time for EX2200, EX3200, EX4200, and
>EX4500 switches by 5 to 10 minutes. For EX8200 switches, the reboot time
>increases by 10 to 25 minutes per Routing Engine, and additional reboots
>are required.
>
>-- 
>Richard A Steenbergenhttp://www.e-gerbil.net/ras
>GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] about 10.4R3 on EX

2011-03-22 Thread Richard A Steenbergen

On Tue, Mar 22, 2011 at 12:54:25PM -0700, Kaj Niemi wrote:
> Hi,
> 
> 
> To whomever who decided to introduce new features in a R3 release, thanks
> ;-( Specifically installing jloader separately is highly appreciated.
> 

Sadly, they've been silently introducing new features in the middle of a 
bug fix release (and introducing new bugs too, which is how I find out 
about them) for a while now. But for extra bonus points, be prepared for 
the upgrade to take a REALLY long time to complete too. :)

>From the release notes:

How Long Will the Upgrade Process Take?

The process of upgrading to a resilient dual-root partitions release 
takes longer due to the additional step of upgrading the loader software 
and a longer reboot time while the disk is reformattedto four partitions 
during the reboot of the switch that completes the Junos OS upgrade. The 
reformat increases the reboot time for EX2200, EX3200, EX4200, and 
EX4500 switches by 5 to 10 minutes. For EX8200 switches, the reboot time 
increases by 10 to 25 minutes per Routing Engine, and additional reboots 
are required.

-- 
Richard A Steenbergenhttp://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] about 10.4R3 on EX

2011-03-22 Thread Kaj Niemi

Hi,


To whomever who decided to introduce new features in a R3 release, thanks
;-( Specifically installing jloader separately is highly appreciated.



Kaj


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX650 Failover Test Issue

2011-03-22 Thread Pavel Lunin

>
> While testing the failover in SRX650 cluster. I have removed the control
> link between the primary and secondary. The secondary node went to
> ineligible mode. The secondry FW is still accessible through OoB
> interface. When I returned back the control link I couldn't reach the FW
> through OoB interface "ge-0/0/0". The only way to access the box is
> through console and found the secondary firewall is in disable mode.
> Then when I rebooted the whole firewall, it worked normally. Is it
> normal? And how to reach the secondary firewall remotely in case of
> control link flap? I have faced the same issue when removing the fab
> link.
>
>
>
Looks like a routing issue. Try to check it out with "show route a.b.c.d"
command, when you access the disabled box through the console port, where
a.b.c.d is IP address of the machine, you are trying to get remote access
form. Most probably it will show you something different from a route
pointing through fxp0. If this is the case, you need to configure a backup
router, which would make the disabled node (which does not run rpd) to route
packets to the management station through fxp0.

http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-system-basics/backup-router-configuring.html

BTW, next time you want the public to guess the solution for your issue, try
to be a bit more informative in providing basic troubleshooting details. E.
g. instead of just saying "I couldn't reach the FW through OoB interface
"ge-0/0/0"", it would've been better to say something like "I checked the
whole path from my machine a.b.c.d/24 to the fxp0 interface of the node1,
which has address w.x.y.z/24 and… I see the packets coming to the
penultimate hop router, but the FW's fxp0 interface, which is the next and
last hop, does [not] respond to ARP requests… Than I tried to ping my
machine back from the FW with "ping a.b.c.d interface fxp0", and got the
following output… than I performed a traceroute… I checked what comes to the
fxp0 interface with "monitor traffic interface fxp0" and saw…", etc.

Otherwise, I'm afraid, this sort of gambling-style troubleshooting, in which
you ask us to help you, will not be much effective anyway. Monte-Carlo is a
good method but it's too slow in convergence.

--
Pavel
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX650 Failover Test Issue

2011-03-22 Thread Walaa Abdel razzak

Hi Experts

 

While testing the failover in SRX650 cluster. I have removed the control
link between the primary and secondary. The secondary node went to
ineligible mode. The secondry FW is still accessible through OoB
interface. When I returned back the control link I couldn't reach the FW
through OoB interface "ge-0/0/0". The only way to access the box is
through console and found the secondary firewall is in disable mode.
Then when I rebooted the whole firewall, it worked normally. Is it
normal? And how to reach the secondary firewall remotely in case of
control link flap? I have faced the same issue when removing the fab
link.

 

BR,

 

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 10.0 or 10.4?

2011-03-22 Thread Richard A Steenbergen

On Tue, Mar 22, 2011 at 05:18:47PM +0100, bas wrote:
> >From what I read it was; In the field (Ras, Raphael) we see 10.3r3 as
> the better choice, and people who talk to JTAC say 10.4r2 is the
> better choice.

Oh and btw, I have multiple confirmed reports of YET ANOTHER major 
memory leak in mib2d in 10.4R2. Hope everyone learned their lesson about 
trusting JTAC version recommendations. :)

>From 10.4R3 release notes:

The mib2d process leaks memory during SNMP walks. [PR/586074: This issue 
has been resolved.]

I'm going to assume it's that. :)

-- 
Richard A Steenbergenhttp://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 10.0 or 10.4?

2011-03-22 Thread Richard A Steenbergen

On Tue, Mar 22, 2011 at 05:18:47PM +0100, bas wrote:
> Hi All,
> 
> Well, after this thread I still didn't know which version I should
> choose for our 960 with MPC's only.
> >From what I read it was; In the field (Ras, Raphael) we see 10.3r3 as
> the better choice, and people who talk to JTAC say 10.4r2 is the
> better choice.
> 
> (Of course it depends on configuration and config.)
> 
> But we chose to upgrade to 10.3r3, and installed the version this morning.
> The upgrade seemed to have gone smooth, but after all BGP sessions had
> been re-established, and prefixes re-learnt the CPU stayed at 100%.
> 
> Dropping to shell I saw rpd consuming 99% CPU.
> Looking at task accounting and rtsockmon I saw no obvious causes.
> A failover to the backup RE had no effect, the new master RE consumed
> 100% within a couple of minutes.
> 
> A colleague of mine did a trace of the process saw that the cycles are
> being consumed by "getrusage" system calls.
> 
> Tomorrow morning we'll try to restart routing, if that has no effect
> we will try 10.4r2.

Haven't seen that here. Both 10.3R3 and 10.4R2 picked up a very similar 
set of fixes (they have very close release dates) for major PRs which 
were giving us grief, but 10.3R3 seemed to introduce less new ones in 
the process. 10.4R3 just came out yesterday, so feel free to give it a 
shot and report back, but most of our 10.3R3 issues have been relatively 
"less bad" than normal.

Occasional logging of these junk messages:

Mar 22 11:47:12.629  re1.xx1.xxx1 /kernel: %KERN-3: Unlist request: unilist(nh 
index = 1049538) found on the rnhlist_deleted_root patnode, hence returning

Logging of these junk messages (note the incorrect timestamps too, these 
were actually logged AFTER the Mar 22 output above :P):

Mar  4 10:29:50.527  re1.cr1.xxx1 rpd[89570]: %DAEMON-4: , hold timer 
1:07.860442
Mar  4 10:47:22.577  re1.cr1.xxx1 rpd[89570]: %DAEMON-4: , hold timer 
1:22.570405
Mar  4 10:55:44.479  re1.cr1.xxx1 rpd[89570]: %DAEMON-4: , hold timer 
1:21.765648
Mar  4 10:59:59.056  re1.cr1.xxx1 rpd[89570]: %DAEMON-4: , hold timer 
1:19.371199
Mar  4 11:02:04.228  re1.cr1.xxx1 rpd[89570]: %DAEMON-4: , hold timer 
1:18.704278

Weird stuff like that. Probably the worst issue we've seen so far is 
that on MX w/MPC cards (not sure if its the sw or hw) doing an l2circuit 
to a vlan-ccc endpoint and then confusing vlan-maps to push/pop the vlan 
tag off of the packet before encapsulating in the pseudowire (so you can 
mismatch vlan IDs on the endpoints) seems to block ISIS packets from 
being transported (most likely blocking 802.3 LLC frames is my guess). 

On EX there is a definite problem with the power supplies getting stuck 
110v "low power" mode as far as the chassis is concerned, which is an 
issue if you need 220v power to fully and redundantly power your FPCs. 
But at least this code hasn't crashed or blown up massively yet (or 
failed to do some really important operation like say correctly counting 
packets in SNMP so you can bill your customers), which is definitely an 
improvement over a lot of other recent JUNOS code. :)

-- 
Richard A Steenbergenhttp://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] netflow collector on linux

2011-03-22 Thread Michael Lee

Hello:

 I am trying to eval netflow collector for multi-vendor hardwares, anyone
could suggest any good commercial netflow collector running on Linux?

Thanks,

~mike
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SXR 650 Redundancy Group Problem

2011-03-22 Thread Walaa Abdel razzak

Thanks, the problem was in the router interface configuration that is facing 
the firewall, now its working fine.

BR,
-Original Message-
From: ben b [mailto:benboyd.li...@gmail.com] 
Sent: Monday, March 21, 2011 12:25 AM
To: Walaa Abdel razzak
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] SXR 650 Redundancy Group Problem

Try removing preempt. I've seen issues with preemption.

On Saturday, March 19, 2011, Walaa Abdel razzak  wrote:
> Hi Experts
>
>
>
> I am configuring redundancy group to trigger failover in case of interface 
> failure. I have reth interface for trust zone that has two physical 
> interfaces, one interface on the active node and the other on the passive and 
> the same for reth1 on untrust zone. The target is to make traffic go through 
> the passive node in case of any physical interface failure in the active 
> node. The problem I am facing is that the failover happen normally when any 
> interface goes down but there is no traffic from trust to untrust or vice 
> versa, when the down interface comes to up again, the traffic flows without 
> problems.
>
>
>
> The RG configuration is as follows:
>
>
>
> test@FW1# show chassis
>
> cluster {
>
>     reth-count 2;
>
>     redundancy-group 0 {
>
>         node 0 priority 100;
>
>         node 1 priority 1;
>
>     }
>
>     redundancy-group 1 {
>
>         node 0 priority 100;
>
>         node 1 priority 1;
>
>         preempt;
>
>         gratuitous-arp-count 4;
>
>         interface-monitor {
>
>             ge-2/0/0 weight 255;  à Interface on the active node
>
>             ge-2/0/1 weight 255; à Interface on the active node
>
>         }
>
>     }
>
> }
>
>
>
> When the active interface goes down:
>
>
>
> Mar 20 03:43:51  FW1 jsrpd[1085]: JSRPD_RG_STATE_CHANGE: 
> Redundancy-group 1 transitioned from 'primary' to 'secondary-hold' 
> state due to Monitor failed: IF
>
> Mar 20 03:43:52  FW1 jsrpd[1085]: JSRPD_RG_STATE_CHANGE: 
> Redundancy-group 1 transitioned from 'secondary-hold' to 'secondary' 
> state due to Back to back failover interval expired
>
>
>
>
>
> Interface belonging to the reth:
>
>
>
> test@ FW1# show interfaces ge-2/0/0  à active node
>
> gigether-options {
>
>     redundant-parent reth1;
>
> }
>
>
>
> {primary:node0}[edit]
>
> test@ FW1# show interfaces ge-2/0/1    à active node
>
> gigether-options {
>
>     redundant-parent reth0;
>
> }
>
>
>
> {primary:node0}[edit]
>
> test@ FW1# show interfaces ge-11/0/0   à passive node
>
> gigether-options {
>
>     redundant-parent reth1;
>
> }
>
>
>
> {primary:node0}[edit]
>
> test@ FW1# show interfaces ge-11/0/1    à passive node
>
> gigether-options {
>
>     redundant-parent reth0;
>
> }
>
>
>
> test@FW1# run show interfaces terse | match reth
>
> ge-2/0/0.15             up    down aenet    --> reth1.15   à active 
> interface down
>
> ge-2/0/0.20             up    down aenet    --> reth1.20
>
> ge-2/0/0.32767          up    down aenet    --> reth1.32767
>
> ge-2/0/1.5              up    up   aenet    --> reth0.5
>
> ge-2/0/1.32767          up    up   aenet    --> reth0.32767
>
> ge-11/0/0.15            up    up   aenet    --> reth1.15
>
> ge-11/0/0.20            up    up   aenet    --> reth1.20
>
> ge-11/0/0.32767         up    up   aenet    --> reth1.32767
>
> ge-11/0/1.5             up    up   aenet    --> reth0.5
>
> ge-11/0/1.32767         up    up   aenet    --> reth0.32767
>
> reth0                   up    down
>
> reth0.5                 up    down inet     172.16.0.2/30
>
> reth0.32767             up    down
>
> reth1                   up    down
>
> reth1.15                up    down inet     192.168.0.2/30
>
> reth1.20                up    down inet     192.168.1.2/30
>
> reth1.32767             up    down
>
>
>
> Any suggestions?
>
>
>
> BR,
>
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 10.0 or 10.4?

2011-03-22 Thread bas

Hi All,

Well, after this thread I still didn't know which version I should
choose for our 960 with MPC's only.
>From what I read it was; In the field (Ras, Raphael) we see 10.3r3 as
the better choice, and people who talk to JTAC say 10.4r2 is the
better choice.

(Of course it depends on configuration and config.)

But we chose to upgrade to 10.3r3, and installed the version this morning.
The upgrade seemed to have gone smooth, but after all BGP sessions had
been re-established, and prefixes re-learnt the CPU stayed at 100%.

Dropping to shell I saw rpd consuming 99% CPU.
Looking at task accounting and rtsockmon I saw no obvious causes.
A failover to the backup RE had no effect, the new master RE consumed
100% within a couple of minutes.

A colleague of mine did a trace of the process saw that the cycles are
being consumed by "getrusage" system calls.

Tomorrow morning we'll try to restart routing, if that has no effect
we will try 10.4r2.

I'll post tomorrow our findings..

Bas
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] vpls and virtual switches (vlan-id none) not supported

2011-03-22 Thread Krasimir Avramski

If vlan tags are to be removed in VPLS PW how to demultiplex b/w bridge
domains in a virtual switch ?

Krasi

On Tue, Mar 22, 2011 at 1:28 PM,  wrote:

> Hi there,
>
> I have the following issue:
>
> switch1--(ciscoPE)-(MX80)switch2
>  switch3
>
> Switch1 is connected to a Cisco PE
> Switch2 and switch 2 are connected to a MX80 in the same bridge domain.
>
> The bridge-domain is configured in the virtual-switch and VPLS is
> activated.
>
> Now the problem is, previously when I did not needed bridging for VPLS
> (and this virtual-switches) I had enabled the command "vlan-id none" under
> the VPLS routing-instance.
>
> This command ensures that packets send over the VPLS cloud have their
> vlan-tag removed.This ensures interop with Cisco.
>
> Now with virtual switches this command is not supported. This means that
> the switches behind the MX have connectiviy but not towards the switch
> behind the Cisco PE.
>
> How can I resolve this issue?
>
> My config looks like:
>
> ge-1/0/0 {
>native-vlan-id 500;
>speed 100m;
>mtu 1504;
>unit 0 {
>family bridge {
>interface-mode trunk;
>vlan-id-list 500;
>}
>}
> }
> ge-1/0/1 {
>native-vlan-id 500;
>speed 100m;
>mtu 1504;
>unit 0 {
>family bridge {
>interface-mode trunk;
>vlan-id-list 500;
>}
>}
> }
>
> vpls1 {
>instance-type virtual-switch;
>interface ge-1/0/0.0;
>interface ge-1/0/1.0;
>protocols {
>vpls {
>no-tunnel-services;
>vpls-id 500;
>mtu 1600;
>neighbor 10.110.0.2;
>  }
>}
>bridge-domains {
>vpls1 {
>domain-type bridge;
>vlan-id 500;
>}
>}
> }
>
>
> Thanks
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] vpls and virtual switches (vlan-id none) not supported

2011-03-22 Thread jbuesink

Hi there,

I have the following issue:

switch1--(ciscoPE)-(MX80)switch2
  switch3

Switch1 is connected to a Cisco PE
Switch2 and switch 2 are connected to a MX80 in the same bridge domain.

The bridge-domain is configured in the virtual-switch and VPLS is activated.

Now the problem is, previously when I did not needed bridging for VPLS
(and this virtual-switches) I had enabled the command "vlan-id none" under
the VPLS routing-instance.

This command ensures that packets send over the VPLS cloud have their
vlan-tag removed.This ensures interop with Cisco.

Now with virtual switches this command is not supported. This means that
the switches behind the MX have connectiviy but not towards the switch
behind the Cisco PE.

How can I resolve this issue?

My config looks like:

ge-1/0/0 {
native-vlan-id 500;
speed 100m;
mtu 1504;
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 500;
}
}
}
ge-1/0/1 {
native-vlan-id 500;
speed 100m;
mtu 1504;
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 500;
}
}
}

vpls1 {
instance-type virtual-switch;
interface ge-1/0/0.0;
interface ge-1/0/1.0;
protocols {
vpls {
no-tunnel-services;
vpls-id 500;
mtu 1600;
neighbor 10.110.0.2;
  }
}
bridge-domains {
vpls1 {
domain-type bridge;
vlan-id 500;
}
}
}


Thanks

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Tower top switch/router recommendation..

Re: [j-nsp] Tower top switch/router recommendation..

Re: [j-nsp] SRX650 Failover Test Issue

Re: [j-nsp] Tower top switch/router recommendation..

Re: [j-nsp] Tower top switch/router recommendation..

Re: [j-nsp] Tower top switch/router recommendation..

Re: [j-nsp] about 10.4R3 on EX

[j-nsp] Tower top switch/router recommendation..

Re: [j-nsp] EX4200 BPDU on access port

Re: [j-nsp] EX4200 BPDU on access port

Re: [j-nsp] about 10.4R3 on EX

[j-nsp] EX4200 BPDU on access port

Re: [j-nsp] about 10.4R3 on EX

Re: [j-nsp] snmp fan bug? and are environmental thresholds configurable?

Re: [j-nsp] about 10.4R3 on EX

Re: [j-nsp] netflow collector on linux

Re: [j-nsp] about 10.4R3 on EX

Re: [j-nsp] about 10.4R3 on EX

Re: [j-nsp] about 10.4R3 on EX

Re: [j-nsp] about 10.4R3 on EX

[j-nsp] about 10.4R3 on EX

Re: [j-nsp] SRX650 Failover Test Issue

[j-nsp] SRX650 Failover Test Issue

Re: [j-nsp] 10.0 or 10.4?

Re: [j-nsp] 10.0 or 10.4?

[j-nsp] netflow collector on linux

Re: [j-nsp] SXR 650 Redundancy Group Problem

Re: [j-nsp] 10.0 or 10.4?

Re: [j-nsp] vpls and virtual switches (vlan-id none) not supported

[j-nsp] vpls and virtual switches (vlan-id none) not supported

30 matches

Site Navigation

Mail list logo

Footer information