[j-nsp] M7i
Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
On Wed, Mar 23, 2011 at 11:49 PM, cjwstudios cjwstud...@gmail.com wrote: Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. The M7 is an awesome router for small to medium sites. It does have an on-board GigE port, so if you can fit everything in that or a downstream switch it could work. However, it's really starting to show its age and there's not much development happening on the M-series routers anymore (at least it seems that way to me -- I'm sure they're still supported). They're also pretty rock solid with JunOS 9. JunOS code quality and feature-completeness has started to really slip since 10.0. I'm not sure I totally understand from your description what you're trying to build, but it sounds like you're looking for a router that will support up to 200 Mbit/s of routed traffic that can speak BGP and whatever IGP you're running. If your environment is all copper ethernet (seems pretty common these days), I might suggest checking out some of the nicer EX switches. While really targeted at the top of rack market segment, they can route up to 10GigE (with the right modules and platform), and speak a variety of protocols (though some require extra software licensing). With a little negotiating (remember, list price is very inflated), you should be able to get a lot more bang for your buck over an older M-series in an all-Ethernet environment. My two cents. Cheers, jof ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] netflow collector on linux
I like nfcapd/nfdump, it does have a web frontend too, if that's your thing, nfsen. -Jonesy On Tue, 22 Mar 2011 11:03:03 -0700, Michael Lee fwis...@gmail.com wrote: Hello: I am trying to eval netflow collector for multi-vendor hardwares, anyone could suggest any good commercial netflow collector running on Linux? Thanks, ~mike ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
Hi Jonathan, thanks for the reply. The application is a service provider edge, all ethernet, with routed traffic to two carriers. Internal traffic is a mix of IGP and OSPF. I'll have to take a look at the EX series. All of the literature on the juniper site suggests the EX is targeted more toward lan aggregation while the SRX handles the edge. Thank you! On Thu, Mar 24, 2011 at 12:24 AM, Jonathan Lassoff j...@thejof.com wrote: On Wed, Mar 23, 2011 at 11:49 PM, cjwstudios cjwstud...@gmail.com wrote: Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. The M7 is an awesome router for small to medium sites. It does have an on-board GigE port, so if you can fit everything in that or a downstream switch it could work. However, it's really starting to show its age and there's not much development happening on the M-series routers anymore (at least it seems that way to me -- I'm sure they're still supported). They're also pretty rock solid with JunOS 9. JunOS code quality and feature-completeness has started to really slip since 10.0. I'm not sure I totally understand from your description what you're trying to build, but it sounds like you're looking for a router that will support up to 200 Mbit/s of routed traffic that can speak BGP and whatever IGP you're running. If your environment is all copper ethernet (seems pretty common these days), I might suggest checking out some of the nicer EX switches. While really targeted at the top of rack market segment, they can route up to 10GigE (with the right modules and platform), and speak a variety of protocols (though some require extra software licensing). With a little negotiating (remember, list price is very inflated), you should be able to get a lot more bang for your buck over an older M-series in an all-Ethernet environment. My two cents. Cheers, jof ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
On 3/24/11 12:44 AM, cjwstudios wrote: Hi Jonathan, thanks for the reply. The application is a service provider edge, all ethernet, with routed traffic to two carriers. Internal traffic is a mix of IGP and OSPF. I'll have to take a look at the EX series. All of the literature on the juniper site suggests the EX is targeted more toward lan aggregation while the SRX handles the edge. ex doesn't have enough fib for a ful table so If you need to take two feeds and install all those routes, it's the wrong platform. m7i is just ducky at the speed you're talking but the re-400 is a bit underpowered and ramed for the modern era. re-850 with 1.5GB however is tollerable. Thank you! On Thu, Mar 24, 2011 at 12:24 AM, Jonathan Lassoff j...@thejof.com wrote: On Wed, Mar 23, 2011 at 11:49 PM, cjwstudios cjwstud...@gmail.com wrote: Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. The M7 is an awesome router for small to medium sites. It does have an on-board GigE port, so if you can fit everything in that or a downstream switch it could work. However, it's really starting to show its age and there's not much development happening on the M-series routers anymore (at least it seems that way to me -- I'm sure they're still supported). They're also pretty rock solid with JunOS 9. JunOS code quality and feature-completeness has started to really slip since 10.0. I'm not sure I totally understand from your description what you're trying to build, but it sounds like you're looking for a router that will support up to 200 Mbit/s of routed traffic that can speak BGP and whatever IGP you're running. If your environment is all copper ethernet (seems pretty common these days), I might suggest checking out some of the nicer EX switches. While really targeted at the top of rack market segment, they can route up to 10GigE (with the right modules and platform), and speak a variety of protocols (though some require extra software licensing). With a little negotiating (remember, list price is very inflated), you should be able to get a lot more bang for your buck over an older M-series in an all-Ethernet environment. My two cents. Cheers, jof ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
My advice since you are looking at Cisco is to check out the small asr1002 platforms. Best bang bang for your. On Mar 24, 2011 2:56 AM, cjwstudios cjwstud...@gmail.com wrote: Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
-Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- boun...@puck.nether.net] On Behalf Of cjwstudios Sent: Thursday, March 24, 2011 2:50 AM To: juniper-nsp@puck.nether.net Subject: [j-nsp] M7i Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. If your network is all ethernet and you don't plan on doing any TDM/SONET any time soon, I would look at the new MX80 bundles. With the right discount from your sales team, you can get an MX80 with 20 1G SFP-based ports for less than $20K. The MX80 has full internet route capabilities, 4 built-in 10G ports (although on the MX80-5G, they are restricted, meaning you can't use them ;-)), and a restricted extra MIC slot. All these restricted options are enabled by a simple license purchase. The jury is still out on whether said restrictions are actually enforced, though - anyone have any experience with this? The main problem with the M7i you listed is that the PE-1GE-SFP does not have per-VLAN queuing, which is becoming increasingly important in today's metro ethernet networks. The MX80 SFP ports also support 100M SFPs. You'd be much better off getting the MX80 than an M7i, if only for future-proofing your network. Yes, the M7i may be cheap on the secondary market, but if you plan on having this in production and getting software updates, you'll have to have it recertified by Juniper, which is something that can become quite costly. -evt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] XFP-10G-L-OC192-SR1
Hi folks. These are 10KM optics - how short of a run can you use them for? We have several of these spared at the moment and I'd like to use them for connections between MX480's in the same rack. will they run too hot? The specs on the Juniper site show: Transceiver model number XFP-10G-L-OC192-SR1 Optical interface Single-mode Transceiver type XFP Standard IEEE 802.3ae-2002 Maximum distance 9/125 SMF cable: 6.2 miles/10 km Transmitter wavelength 1260 through 1355 nm Average launch power -8.2 through 0.5 dBm Average receive power -14.4 through 0.5 dBm Receiver saturation 0.5 dBm Receiver sensitivity -14.4 dBm Thanks, Paul ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] XFP-10G-L-OC192-SR1
They're fine to run back to back.. Average launch power -8.2 through *0.5 dBm* Average receive power -14.4 through *0.5 dBm* *Receiver saturation 0.5 dBm* You'll never launch hotter than the max RX.. They usually launch @ -2 - -3dbm.. -- Tim On Thu, Mar 24, 2011 at 7:07 AM, Paul Stewart p...@paulstewart.org wrote: Hi folks. These are 10KM optics - how short of a run can you use them for? We have several of these spared at the moment and I'd like to use them for connections between MX480's in the same rack. will they run too hot? The specs on the Juniper site show: Transceiver model number XFP-10G-L-OC192-SR1 Optical interface Single-mode Transceiver type XFP Standard IEEE 802.3ae-2002 Maximum distance 9/125 SMF cable: 6.2 miles/10 km Transmitter wavelength 1260 through 1355 nm Average launch power -8.2 through 0.5 dBm Average receive power -14.4 through 0.5 dBm Receiver saturation 0.5 dBm Receiver sensitivity -14.4 dBm Thanks, Paul ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] XFP-10G-L-OC192-SR1
Thanks Tim for making that much easier to understand ;) Appreciate it.. Paul From: Tim Jackson [mailto:jackson@gmail.com] Sent: Thursday, March 24, 2011 8:18 AM To: Paul Stewart Cc: juniper-nsp Subject: Re: [j-nsp] XFP-10G-L-OC192-SR1 They're fine to run back to back.. Average launch power -8.2 through 0.5 dBm Average receive power -14.4 through 0.5 dBm Receiver saturation 0.5 dBm You'll never launch hotter than the max RX.. They usually launch @ -2 - -3dbm.. -- Tim On Thu, Mar 24, 2011 at 7:07 AM, Paul Stewart p...@paulstewart.org wrote: Hi folks. These are 10KM optics - how short of a run can you use them for? We have several of these spared at the moment and I'd like to use them for connections between MX480's in the same rack. will they run too hot? The specs on the Juniper site show: Transceiver model number XFP-10G-L-OC192-SR1 Optical interface Single-mode Transceiver type XFP Standard IEEE 802.3ae-2002 Maximum distance 9/125 SMF cable: 6.2 miles/10 km Transmitter wavelength 1260 through 1355 nm Average launch power -8.2 through 0.5 dBm Average receive power -14.4 through 0.5 dBm Receiver saturation 0.5 dBm Receiver sensitivity -14.4 dBm Thanks, Paul ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Filter Based Forwarding with bgp import rib
Hi All I have the following setup Internet .1- - - - 1.1.1.0/30 - - - - .2 RouterA .1 - - 10.0.0.0/30 - - .2 RouterB .5 - - 10.0.0.4/30 - - .6 routerC .1 - - - - 5.5.5.5/24 Host RouterA is connected to an access server and the access server has a LAN (172.16.0.2/30) and WAN (172.16.1.2/30) interface. RouterA has a default route from 1.1.1.1 and it is advertised to routerB through ibgp RouterA and routerB are running ibgp between themselves Access Server LAN and WAN interface are advertised from routerA to routerB through ibgp Link between routerB and routerC (10.0.0.4/30) is advertised from routerB to routerA through ibgp 5.5.5.0/24 is advertised from routerB to routerA through ibgp RouterB has a static route to 5.5.5.0/24 pointing to routerC RouterC has a default route pointing to RouterB (10.0.0.5) Access server has a default route pointing to routerA (172.16.1.1/30) Access server has a static route to 5.5.5.0/24 pointing to routerA (172.16.0.1/30) Requirement Traffic from host 5.5.5.5 to the internet shall follow the following path Host à RouterC à RouterB à RouterA à Access Server LAN à Access Server WAN à routerA à Internet Traffic from the internet to host 5.5.5.5 shall follow the following path Internet à routerA à Access Server WAN à Access Server LAN à RouterA à RouterB àRouterC à Host What I’ve done so far to achieve the above requirements: I’ve added a static route on routerA to reach 5.5.5.0/24 go to Access Server LAN (172.16.0.2), this route will be more preferred than the ibgp route advertised by routerB I’ve applied a filter based forwarding on routerA interface that is facing the Access Server LAN interface as following: - Source: 0.0.0.0/0 - Destination: 5.5.5.0/24 - Next-Hop: 10.0.0.6 (RouterC) with the resolve option Since 10.0.0.6 is known to routerA via ibgp I did an import for bgp routes to the routing instance used in the FBF I’ve also applied a filter based forwarding on routerB interface that is facing routerC interface as following: - Source: 5.5.5.0/24 - Destination: 0.0.0.0/0 - Next-Hop: 172.16.0.2 (Access Server LAN) with the resolve option And Since 172.16.0.0/30 is known to routerB via ibgp I did an import for bgp routes to the routing instance used in the FBF The problem Traffic from host 5.5.5.5 to the internet is following the below path: Host à RouterC à RouterB à RouterA à Internet I think this is because when the packet reaches routerA it does normal routing lookup, and it is not aware of the next-hop Traffic from the internet to host 5.5.5.5 is following the below path: Internet à routerA à Access Server WAN à Access Server LAN à RouterA à RouterB à RouterC Which is OK with me and it is as it should be So finally my problem is with the traffic from the host to the internet, I need to force it to go through the access server LAN. Thank you Mohammad Salbad ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Filter Based Forwarding with bgp import rib
Hi, are you basically trying to redirect traffic from host and internet to take a detour box access server not shown on the topo, that is strictly hanging off from router A? All your FBF needs to happen on router A if you're to enforce traffic to take a detour to your local access server. In this case I think you have the host to internet FBF on Router B vs. Router A. Even thought the RI in B forces all traffic to 172.16.0.2 which is in router a, the traffic enters the RI and leaves it arriving at Router A. When Router A gets the packet then the source/destination is still from 5.5.5.5 to 0/0 and forwards that straight out to 1.1.1/x using inet.0. What you need is to move your FBF on B to A and have the firewall input on A's link to B. That way you can force the outbound traffic to take your access server vs. using inet.0. -Doan From:Mohammad Salbad salbad1...@hotmail.com To: juniper-nsp@puck.nether.net Sent: Thu, March 24, 2011 10:19:45 AM Subject: [j-nsp] Filter Based Forwarding with bgp import rib Hi All I have the following setup Internet .1- - - - 1.1.1.0/30 - - - - .2 RouterA .1 - - 10.0.0.0/30 - - .2 RouterB .5 - - 10.0.0.4/30 - - .6 routerC .1 - - - - 5.5.5.5/24 Host RouterA is connected to an access server and the access server has a LAN (172.16.0.2/30) and WAN (172.16.1.2/30) interface. RouterA has a default route from 1.1.1.1 and it is advertised to routerB through ibgp RouterA and routerB are running ibgp between themselves Access Server LAN and WAN interface are advertised from routerA to routerB through ibgp Link between routerB and routerC (10.0.0.4/30) is advertised from routerB to routerA through ibgp 5.5.5.0/24 is advertised from routerB to routerA through ibgp RouterB has a static route to 5.5.5.0/24 pointing to routerC RouterC has a default route pointing to RouterB (10.0.0.5) Access server has a default route pointing to routerA (172.16.1.1/30) Access server has a static route to 5.5.5.0/24 pointing to routerA (172.16.0.1/30) Requirement Traffic from host 5.5.5.5 to the internet shall follow the following path Host à RouterC à RouterB à RouterA à Access Server LAN à Access Server WAN à routerA à Internet Traffic from the internet to host 5.5.5.5 shall follow the following path Internet à routerA à Access Server WAN à Access Server LAN à RouterA à RouterB àRouterC à Host What I’ve done so far to achieve the above requirements: I’ve added a static route on routerA to reach 5.5.5.0/24 go to Access Server LAN (172.16.0.2), this route will be more preferred than the ibgp route advertised by routerB I’ve applied a filter based forwarding on routerA interface that is facing the Access Server LAN interface as following: - Source: 0.0.0.0/0 - Destination: 5.5.5.0/24 - Next-Hop: 10.0.0.6 (RouterC) with the resolve option Since 10.0.0.6 is known to routerA via ibgp I did an import for bgp routes to the routing instance used in the FBF I’ve also applied a filter based forwarding on routerB interface that is facing routerC interface as following: - Source: 5.5.5.0/24 - Destination: 0.0.0.0/0 - Next-Hop: 172.16.0.2 (Access Server LAN) with the resolve option And Since 172.16.0.0/30 is known to routerB via ibgp I did an import for bgp routes to the routing instance used in the FBF The problem Traffic from host 5.5.5.5 to the internet is following the below path: Host à RouterC à RouterB à RouterA à Internet I think this is because when the packet reaches routerA it does normal routing lookup, and it is not aware of the next-hop Traffic from the internet to host 5.5.5.5 is following the below path: Internet à routerA à Access Server WAN à Access Server LAN à RouterA à RouterB à RouterC Which is OK with me and it is as it should be So finally my problem is with the traffic from the host to the internet, I need to force it to go through the access server LAN. Thank you Mohammad Salbad ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] XFP-10G-L-OC192-SR1
On Thu, Mar 24, 2011 at 08:07:57AM -0400, Paul Stewart wrote: Hi folks. These are 10KM optics - how short of a run can you use them for? We have several of these spared at the moment and I'd like to use them for connections between MX480's in the same rack. will they run too hot? http://www.nanog.org/meetings/nanog48/presentations/Sunday/RAS_opticalnet_N48.pdf See page 79. LR and below has no blindness danger even back-to-back, ER has a blindness danger but not a damage danger, and ZR you can actually damage if you don't have enough attenuation before going into the receiver. We don't even bother with shorter reach optics, after way too many issues encountered with SR and the like. It's easier (and cheaper if you have the right sources) to just buy all LR and standardize on SMF than it is to bother maintaining two inventories and mucking with orange cables even for intra-rack stuff. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] XFP-10G-L-OC192-SR1
Excellent.. same logic here - we need some short runs (same cabinet) and have other runs that are within a building (151 Front in this case) ... using same optics in all MX would be really nice. Appreciate it, Paul -Original Message- From: Richard A Steenbergen [mailto:r...@e-gerbil.net] Sent: Thursday, March 24, 2011 11:17 AM To: Paul Stewart Cc: 'juniper-nsp' Subject: Re: [j-nsp] XFP-10G-L-OC192-SR1 On Thu, Mar 24, 2011 at 08:07:57AM -0400, Paul Stewart wrote: Hi folks. These are 10KM optics - how short of a run can you use them for? We have several of these spared at the moment and I'd like to use them for connections between MX480's in the same rack. will they run too hot? http://www.nanog.org/meetings/nanog48/presentations/Sunday/RAS_opticalnet_N4 8.pdf See page 79. LR and below has no blindness danger even back-to-back, ER has a blindness danger but not a damage danger, and ZR you can actually damage if you don't have enough attenuation before going into the receiver. We don't even bother with shorter reach optics, after way too many issues encountered with SR and the like. It's easier (and cheaper if you have the right sources) to just buy all LR and standardize on SMF than it is to bother maintaining two inventories and mucking with orange cables even for intra-rack stuff. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Filter Based Forwarding with bgp import rib
On Thu, 24 Mar 2011, Doan Nguyen wrote: are you basically trying to redirect traffic from host and internet to take a detour box access server not shown on the topo, that is strictly hanging off from router A? All your FBF needs to happen on router A if you're to enforce traffic to take a detour to your local access server. In this case I think you have the host to internet FBF on Router B vs. Router A. Even thought the RI in B forces all traffic to 172.16.0.2 which is in router a, the traffic enters the RI and leaves it arriving at Router A. When Router A gets the packet then the source/destination is still from 5.5.5.5 to 0/0 and forwards that straight out to 1.1.1/x using inet.0. What you need is to move your FBF on B to A and have the firewall input on A's link to B. That way you can force the outbound traffic to take your access server vs. using inet.0. I've been hunting around for a solution to a similar issue - essentially a modified approach to RTBH. I'd like to be able to redirect or optionally port-mirror inbound and outbound traffic to another interface on my border router, and the trigger for determining what traffic would be affected would be a BGP feed from a route server, and the actions to be taken (discard, redirect to another interface, port-mirror to another interface) by the border routers could be dictated by BGP community tags. The issues I've run into with this have been that I couldn't find a way to get a Junos firewall filter to see and react to BGP routes and their associated community tags. jms ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
On Thu, Mar 24, 2011 at 1:24 AM, Jonathan Lassoff j...@thejof.com wrote: On Wed, Mar 23, 2011 at 11:49 PM, cjwstudios cjwstud...@gmail.com wrote: Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. The M7 is an awesome router for small to medium sites. It does have an on-board GigE port, so if you can fit everything in that or a downstream switch it could work. However, it's really starting to show its age and there's not much development happening on the M-series routers anymore (at least it seems that way to me -- I'm sure they're still supported). They're also pretty rock solid with JunOS 9. JunOS code quality and feature-completeness has started to really slip since 10.0. Actually not all M7i's have the on-board GE, it depends on the BASE, the base will either be M7iBASE-AC-2FETX which includes 2x 100mbit copper Fast Ethernet ports on the inboard FPC, or M7iBASE-AC-1GE for a single SFP gig-e port on board. These ports are seperate from the 100mbit management only port on the RE itself, you can NOT route packets through the management port, it is only there to talk to the RE, the RE can talk over it to export flows/etc, OR the RE can use any of the PICs as normal. Those are AC power supply versions, there are DC versions of same (that said I am pretty sure you can trade AC for DC power supplies IIRC). The M7i is a very solid platform itself, even though development is slowing down, I kinda think the main reason for that is the platform has pretty much reached all it can do. It can not support 10GE, the forwarding plane/FPC complex just doesn't have the bandwidth. Even the smallest CFEB shipped for the M7i has enough memory for full BGP feeds. If you plan on feeding it a LOT fo full views you might consider an E series CFEB M7i PIC ports are wire speed (well, almost all Juniper M series ports are, with a few exceptions of oversubscription in some configurations) and will very handily push 200mbit of small packets even. M7i and M10i are essentially the same router, the M10i has redundant everything and four more PIC slots (on an extra FPC), the M7i only has an option for a redundant CFEB. Basically the ONLY time an M7i or M10i might not be able to do wire speed is when you add services from the ASPIC or ASM (M7i only). And if your'e not doing stateful firewalls or NAT (or a handful of other time consuming not-exactly-router things) you'll never be able to hit the limits on an M7i. The M10i if fully packed with Gig-E or other highest speed ports can be marginally oversubscribed. What was said later about EX series is true, if you don't need to support anything but ethernet, and aren't doing advanced services, it'd be a good fit for you, though they're still teething a little bit (see other threads on this list). ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
I would suggest the MX80. Doug -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of cjwstudios Sent: Wednesday, March 23, 2011 11:50 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] M7i Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
You can take more advantage with MX80-5 new promotional bunde. It supports 20 x SFP Interfaces, came with ADC-R License , TRIO3D chipset and 2GB DRAM (4m rib routes). It came with 4 x XFP slots (blocked by software license) On Thu, Mar 24, 2011 at 13:33, Doug Hanks dha...@juniper.net wrote: I would suggest the MX80. Doug -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto: juniper-nsp-boun...@puck.nether.net] On Behalf Of cjwstudios Sent: Wednesday, March 23, 2011 11:50 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] M7i Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
I just reviewed the MX80-5 bundle information. For $20k you get a pretty stellar box. On Thu, Mar 24, 2011 at 9:41 AM, Giuliano Medalha giuli...@wztech.com.br wrote: You can take more advantage with MX80-5 new promotional bunde. It supports 20 x SFP Interfaces, came with ADC-R License , TRIO3D chipset and 2GB DRAM (4m rib routes). It came with 4 x XFP slots (blocked by software license) On Thu, Mar 24, 2011 at 13:33, Doug Hanks dha...@juniper.net wrote: I would suggest the MX80. Doug -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of cjwstudios Sent: Wednesday, March 23, 2011 11:50 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] M7i Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
MX80-5G-AC-ADV-B MX80 Promotional 5G Bundle for channels, Includes MX80 Modular AC, spare AC Power supply, 20x1G MIC including L3-ADV license, Queuing, Inline Jflow, Junos WW. (4x10G fixed ports and 1x front empty MIC slot restricted) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
On Thu, Mar 24, 2011 at 1:02 AM, Joel Jaeggli joe...@bogus.com wrote: On 3/24/11 12:44 AM, cjwstudios wrote: Hi Jonathan, thanks for the reply. The application is a service provider edge, all ethernet, with routed traffic to two carriers. Internal traffic is a mix of IGP and OSPF. I'll have to take a look at the EX series. All of the literature on the juniper site suggests the EX is targeted more toward lan aggregation while the SRX handles the edge. ex doesn't have enough fib for a ful table so If you need to take two feeds and install all those routes, it's the wrong platform. m7i is just ducky at the speed you're talking but the re-400 is a bit underpowered and ramed for the modern era. re-850 with 1.5GB however is tollerable. This is a very good point, and one that I kinda didn't think about. It would probably be fine to take a decently-sized IGP table, but not an external one. Though it could be used to terminate an MPLS path to pin the BGP sessions and traffic elsewhere. There's kinda a hole in Juniper's product line between something small like a J-series or SRX and an M or MX-series box. I suppose the MX80 fills that hole somewhat, but certainly not cost-wise. If you can work some aggressive pricing (which at the end of a quarter or year can be easier), it can be a pretty good deal for an amazing box. If you can afford it, use an MX80 for an all-Ethernet environment. I've got several going, and they're just great. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] XFP-10G-L-OC192-SR1
We do something similar, We pre installed all ports with SM optics and then used in the rack with the router a fibre shelf using MPO connectors. From the fibre shelf we buy premade MPO to LC breakouts and have the router prewired. You can buy trunk cables that contain 12 MPO plugs and these each contain 12 fibres, to wire to your fibre interconnect frame. Then when service needs to be turned up don't need to touch the router rack, just at interconnection frame ( where install relevant attenuators ). Worked so far for us and save a lot of messing around. Best Regards William Jackson -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Paul Stewart Sent: 24 March 2011 16:29 To: 'Richard A Steenbergen' Cc: 'juniper-nsp' Subject: Re: [j-nsp] XFP-10G-L-OC192-SR1 Excellent.. same logic here - we need some short runs (same cabinet) and have other runs that are within a building (151 Front in this case) ... using same optics in all MX would be really nice. Appreciate it, Paul -Original Message- From: Richard A Steenbergen [mailto:r...@e-gerbil.net] Sent: Thursday, March 24, 2011 11:17 AM To: Paul Stewart Cc: 'juniper-nsp' Subject: Re: [j-nsp] XFP-10G-L-OC192-SR1 On Thu, Mar 24, 2011 at 08:07:57AM -0400, Paul Stewart wrote: Hi folks. These are 10KM optics - how short of a run can you use them for? We have several of these spared at the moment and I'd like to use them for connections between MX480's in the same rack. will they run too hot? http://www.nanog.org/meetings/nanog48/presentations/Sunday/RAS_opticalne t_N4 8.pdf See page 79. LR and below has no blindness danger even back-to-back, ER has a blindness danger but not a damage danger, and ZR you can actually damage if you don't have enough attenuation before going into the receiver. We don't even bother with shorter reach optics, after way too many issues encountered with SR and the like. It's easier (and cheaper if you have the right sources) to just buy all LR and standardize on SMF than it is to bother maintaining two inventories and mucking with orange cables even for intra-rack stuff. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] In-band ssh access to Juniper EX
Hello, I have a Juni EX-4200 with an out-of-band management interface configured. It works like a charm. Then I needed to connect to my switch through the Internet so I have treied to connect via ssh to a l3-interface but I failed miserably. Is there a limitation regarding l3-interace or a configuration statement that prevent in-band access? Thanks Henri ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Recommended FW for MX80
Hi everyone, I was just wondering if someone could tell me what the recommended FW for the MX 80 was? I looked on the support site, but I only see recommended releases for EX switches, the J series and the SRX line. Any insight would be appreciated! Thanks in advance, Sven NETWORK SERVICES WILL NEVER ASK FOR YOUR PASSWORD. You should never give out your username or password for any accounts you have, including bank accounts, credit card accounts, and other personal or University accounts. Network Services will never contact you using a return e-mail address that is not @fgcu.edu. If you receive a questionable e-mail or an e-mail asking for passwords and logon information, DO NOT RESPOND, and please contact the Help Desk at 239-590-1188. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i
How much if I may ask? -Gabe On 2011-03-24, at 12:41 PM, Giuliano Medalha wrote: You can take more advantage with MX80-5 new promotional bunde. It supports 20 x SFP Interfaces, came with ADC-R License , TRIO3D chipset and 2GB DRAM (4m rib routes). It came with 4 x XFP slots (blocked by software license) On Thu, Mar 24, 2011 at 13:33, Doug Hanks dha...@juniper.net wrote: I would suggest the MX80. Doug -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto: juniper-nsp-boun...@puck.nether.net] On Behalf Of cjwstudios Sent: Wednesday, March 23, 2011 11:50 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] M7i Hello Juniper folks :) I'm setting up a remote metro ethernet site (fiber in a closet) that will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds. The traffic will be service provider transit without inspection, NAT or other services. Since everything is cost sensitive these days I initially planned on implementing an ebayish 7206vxr-npe-g1. Although I was quite happily slinging the 7206 around 10 years ago I realized tonight that it has been 10 years and the 7206 platform is well aged. M7i (M7i 2AC 2FE w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and likely more than enough to get started. Although trunking multiple metro FE feeds to a single GE port will be frowned upon I may consider this as an option. I suppose my questions are whether a base M7i config out of the box will support this application or if there are better options out there. Thank you in advance. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Recommended FW for MX80
I don't think we give out recommended releases for MX. I personally use 10.4R2.6 with Trio supporting OSPF, ISIS, BGP and MPLS without major issues. Doug -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Hahues, Sven Sent: Thursday, March 24, 2011 10:30 AM To: 'juniper-nsp@puck.nether.net' Subject: [j-nsp] Recommended FW for MX80 Hi everyone, I was just wondering if someone could tell me what the recommended FW for the MX 80 was? I looked on the support site, but I only see recommended releases for EX switches, the J series and the SRX line. Any insight would be appreciated! Thanks in advance, Sven NETWORK SERVICES WILL NEVER ASK FOR YOUR PASSWORD. You should never give out your username or password for any accounts you have, including bank accounts, credit card accounts, and other personal or University accounts. Network Services will never contact you using a return e-mail address that is not @fgcu.edu. If you receive a questionable e-mail or an e-mail asking for passwords and logon information, DO NOT RESPOND, and please contact the Help Desk at 239-590-1188. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 10.0 or 10.4?
Has anyone tried running 10.4R3 on a M working as a MPLS-PE? Reason is I am experiencing an odd issue with an M10i not forwarding CE traffic when I have two DS-3s installed with equal cost. A/JTAC and my SE have been unable to figure this out and are pulling a brand C and saying upgrade code and all your woes will go away. On Tue, Mar 22, 2011 at 12:18 PM, Richard A Steenbergen r...@e-gerbil.netwrote: On Tue, Mar 22, 2011 at 05:18:47PM +0100, bas wrote: From what I read it was; In the field (Ras, Raphael) we see 10.3r3 as the better choice, and people who talk to JTAC say 10.4r2 is the better choice. Oh and btw, I have multiple confirmed reports of YET ANOTHER major memory leak in mib2d in 10.4R2. Hope everyone learned their lesson about trusting JTAC version recommendations. :) From 10.4R3 release notes: The mib2d process leaks memory during SNMP walks. [PR/586074: This issue has been resolved.] I'm going to assume it's that. :) -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Recommended FW for MX80
you can't run anything older than 10.2 on it. given that it's a newish platform I'd go as fresh as is feasible. joel On 3/24/11 10:30 AM, Hahues, Sven wrote: Hi everyone, I was just wondering if someone could tell me what the recommended FW for the MX 80 was? I looked on the support site, but I only see recommended releases for EX switches, the J series and the SRX line. Any insight would be appreciated! Thanks in advance, Sven NETWORK SERVICES WILL NEVER ASK FOR YOUR PASSWORD. You should never give out your username or password for any accounts you have, including bank accounts, credit card accounts, and other personal or University accounts. Network Services will never contact you using a return e-mail address that is not @fgcu.edu. If you receive a questionable e-mail or an e-mail asking for passwords and logon information, DO NOT RESPOND, and please contact the Help Desk at 239-590-1188. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] In-band ssh access to Juniper EX
You need to watch out with routing. Mgmt and inband use the same routing table. On Mar 24, 2011 2:09 PM, Henri Khou henri.k...@ehess.fr wrote: Hello, I have a Juni EX-4200 with an out-of-band management interface configured. It works like a charm. Then I needed to connect to my switch through the Internet so I have treied to connect via ssh to a l3-interface but I failed miserably. Is there a limitation regarding l3-interace or a configuration statement that prevent in-band access? Thanks Henri ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Recommended FW for MX80
We are using the same version (10.4R2.6). Yesterday I have tried to upgrade on 10.4R3.4 and the try was unsuccessful: rpd coredumps every time when auto-bw adjustment occur for example. It crashes every 5-20 minutes :) 24.03.2011 21:22, Doug Hanks пишет: I don't think we give out recommended releases for MX. I personally use 10.4R2.6 with Trio supporting OSPF, ISIS, BGP and MPLS without major issues. Doug -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Hahues, Sven Sent: Thursday, March 24, 2011 10:30 AM To: 'juniper-nsp@puck.nether.net' Subject: [j-nsp] Recommended FW for MX80 Hi everyone, I was just wondering if someone could tell me what the recommended FW for the MX 80 was? I looked on the support site, but I only see recommended releases for EX switches, the J series and the SRX line. Any insight would be appreciated! Thanks in advance, Sven NETWORK SERVICES WILL NEVER ASK FOR YOUR PASSWORD. You should never give out your username or password for any accounts you have, including bank accounts, credit card accounts, and other personal or University accounts. Network Services will never contact you using a return e-mail address that is not @fgcu.edu. If you receive a questionable e-mail or an e-mail asking for passwords and logon information, DO NOT RESPOND, and please contact the Help Desk at 239-590-1188. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Best regards, Egor Zimin ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 10.0 or 10.4?
To reply to my own email. I tried running 10.4R3 on the MX960, but immediately it reported MQCHIP errors. Mar 23 08:10:17 jun-tc2_re0 fpc4 MQCHIP(0) LI Packet length error, pt entry 9 Mar 23 08:10:18 jun-tc2_re0 fpc4 MQCHIP(0) LI Packet length error, pt entry 0 Mar 23 08:10:19 jun-tc2_re0 fpc1 MQCHIP(1) LI Packet length error, pt entry 28 Mar 23 08:10:20 jun-tc2_re0 fpc9 MQCHIP(1) LI Packet length error, pt entry 0 So we are back on 10.3R3 again, this time without rpd at 100% CPU. On the maillist of a large European Internet exchange there was a post of another network that had to downgrade to 10.3 due to a big issue with IPv6 that affects all 10.4 releases. (PR/593849) So it seems 10.4 is certainly a version to avoid for now. Dear Juniper, if you are reading this; Please, please pretty please deliver _one_ single version of Junos that can run plain v4/v6 ospf and bgp with MX/trio in a decent fashion. With sugar on top. ? Bas On Tue, Mar 22, 2011 at 5:18 PM, bas kilo...@gmail.com wrote: Well, after this thread I still didn't know which version I should choose for our 960 with MPC's only. From what I read it was; In the field (Ras, Raphael) we see 10.3r3 as the better choice, and people who talk to JTAC say 10.4r2 is the better choice. (Of course it depends on configuration and config.) But we chose to upgrade to 10.3r3, and installed the version this morning. The upgrade seemed to have gone smooth, but after all BGP sessions had been re-established, and prefixes re-learnt the CPU stayed at 100%. Dropping to shell I saw rpd consuming 99% CPU. Looking at task accounting and rtsockmon I saw no obvious causes. A failover to the backup RE had no effect, the new master RE consumed 100% within a couple of minutes. A colleague of mine did a trace of the process saw that the cycles are being consumed by getrusage system calls. Tomorrow morning we'll try to restart routing, if that has no effect we will try 10.4r2. I'll post tomorrow our findings.. Bas ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 10.0 or 10.4?
On Thu, Mar 24, 2011 at 10:19:59PM +0100, bas wrote: I tried running 10.4R3 on the MX960, but immediately it reported MQCHIP errors. Mar 23 08:10:17 jun-tc2_re0 fpc4 MQCHIP(0) LI Packet length error, pt entry 9 Mar 23 08:10:18 jun-tc2_re0 fpc4 MQCHIP(0) LI Packet length error, pt entry 0 Mar 23 08:10:19 jun-tc2_re0 fpc1 MQCHIP(1) LI Packet length error, pt entry 28 Mar 23 08:10:20 jun-tc2_re0 fpc9 MQCHIP(1) LI Packet length error, pt entry 0 We see that on MX80 too, right since upgrading the (totally idle) box. Pending JTAC response... Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] re-600 RAM
What kind of RAM does the RE-600 take? I assume DDR PC100 ECC or PC133 ECC? Registered or unregistered? -- the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] In-band ssh access to Juniper EX
Try using Telnet maybe it'll work Best Regards, -Masagung Nugroho- Network Engineer Juniper Networks Technical Advisor JNCIS-JPR#111921 PT. Trinet Prima Solusi -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Henri Khou Sent: Friday, March 25, 2011 12:17 AM To: juniper-nsp@puck.nether.net Subject: [j-nsp] In-band ssh access to Juniper EX Hello, I have a Juni EX-4200 with an out-of-band management interface configured. It works like a charm. Then I needed to connect to my switch through the Internet so I have treied to connect via ssh to a l3-interface but I failed miserably. Is there a limitation regarding l3-interace or a configuration statement that prevent in-band access? Thanks Henri ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Filter Based Forwarding with bgp import rib
-Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- boun...@puck.nether.net] On Behalf Of Justin M. Streiner Sent: Thursday, March 24, 2011 7:35 AM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Filter Based Forwarding with bgp import rib I've been hunting around for a solution to a similar issue - essentially a modified approach to RTBH. I'd like to be able to redirect or optionally port-mirror inbound and outbound traffic to another interface on my border router, and the trigger for determining what traffic would be affected would be a BGP feed from a route server, and the actions to be taken (discard, redirect to another interface, port-mirror to another interface) by the border routers could be dictated by BGP community tags. The issues I've run into with this have been that I couldn't find a way to get a Junos firewall filter to see and react to BGP routes and their associated community tags. Hi Justin, I've done just this very thing for various traffic filtering applications. Ping me offline and I can provide you some sample configs that should work. One thing I'd like to point out however, since you mention RTBH, is that I think you would be better served with BGP FlowSpec in this case, because RTBH only serves to provide automated distribution of destination-based filters throughout an environment. Technically you can do S/RTBH if you couple RTBH w/ uRPF... nonetheless there are some limitations to this approach and one of the primary reasons FlowSpec was created in the first place. You can filter on source-address, destination-address, protocol, source-port, and destination-port, or any combination of these. Much more flexible in my opinion than simply RTBH, plus it gives you the flexibility of FBF w/ automation layered on top. Juniper probably has the best working implementation of FlowSpec out of any of the vendors out there so you're in luck here. I have a presentation on the benefits of FlowSpec on my blog - http://www.shortestpathfirst.net/presentations/ Stefan Fouant, CISSP, JNCIEx2 www.shortestpathfirst.net GPG Key ID: 0xB4C956EC ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] In-band ssh access to Juniper EX
-Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- boun...@puck.nether.net] On Behalf Of Henri Khou Sent: Thursday, March 24, 2011 1:17 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] In-band ssh access to Juniper EX Then I needed to connect to my switch through the Internet so I have treied to connect via ssh to a l3-interface but I failed miserably. Is there a limitation regarding l3-interace or a configuration statement that prevent in-band access? Configs or it didn't happen ; Stefan Fouant, CISSP, JNCIEx2 www.shortestpathfirst.net GPG Key ID: 0xB4C956EC ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] In-band ssh access to Juniper EX
On Thu, Mar 24, 2011 at 06:17:08PM +0100, Henri Khou wrote: I have a Juni EX-4200 with an out-of-band management interface configured. It works like a charm. Then I needed to connect to my switch through the Internet so I have treied to connect via ssh to a l3-interface but I failed miserably. Is there a limitation regarding l3-interace or a configuration statement that prevent in-band access? No. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] In-band ssh access to Juniper EX
Should just work. Ensure me0.0 is not defined anywhere in the interfaces {} stanza. i.e.: interfaces { ge-0/0/0 { unit 0 { family ethernet-switching; } } ge-0/0/1 { unit 0 { family ethernet-switching; } } ge-0/0/2 { unit 0 { family ethernet-switching; } } etc vlan { unit 0 { family inet { address your-management-ip-here/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop somewhere-useful-on-your-LAN; } } vlans { default { l3-interface vlan.0; } } - Chris. On 2011-03-25, at 4:17 AM, Henri Khou wrote: Hello, I have a Juni EX-4200 with an out-of-band management interface configured. It works like a charm. Then I needed to connect to my switch through the Internet so I have treied to connect via ssh to a l3-interface but I failed miserably. Is there a limitation regarding l3-interace or a configuration statement that prevent in-band access? Thanks Henri ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] In-band ssh access to Juniper EX
What is in the system services stanza? On Mar 24, 2011, at 10:59 PM, Chris Kawchuk wrote: Should just work. Ensure me0.0 is not defined anywhere in the interfaces {} stanza. i.e.: interfaces { ge-0/0/0 { unit 0 { family ethernet-switching; } } ge-0/0/1 { unit 0 { family ethernet-switching; } } ge-0/0/2 { unit 0 { family ethernet-switching; } } etc vlan { unit 0 { family inet { address your-management-ip-here/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop somewhere-useful-on-your-LAN; } } vlans { default { l3-interface vlan.0; } } - Chris. On 2011-03-25, at 4:17 AM, Henri Khou wrote: Hello, I have a Juni EX-4200 with an out-of-band management interface configured. It works like a charm. Then I needed to connect to my switch through the Internet so I have treied to connect via ssh to a l3-interface but I failed miserably. Is there a limitation regarding l3-interace or a configuration statement that prevent in-band access? Thanks Henri ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] M120 cFPC 10G VLAN SUPPORT
Hi, In a M120 with Compact FPC 10 Gigabit Ethernet [M120-cFPC-1XGE-XFP] module , can we use the 10G interface to terminate multiple customers on different sub-interfaces with 802.1q [vlan tagging enabled] and use it for layer 3 terminations.Also can double tagging be configured on it as well. Please let me if any one has based any restriction on the cFPC 10G interfaces. Sent from my BlackBerry® ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp