Re: [j-nsp] how to prepare JNCIE-SP lab
hello stefan, i have check ur doc yestersday.there are two question: 1.how to check mx box have tunnel service card. 2. is it 10 is special for tunnel in lt-0/0/10 . can we use 8 9 or 7 ? logical-systems { dc { interfaces { lt-0/0/10 { unit 0 { description dc-r7; encapsulation ethernet; peer-unit 1; family inet { address 10.0.8.13/30; } family iso; } } } } r7 { interfaces { lt-0/0/10 { unit 1 { description r7-dc; encapsulation ethernet; peer-unit 0; family inet { address 10.0.8.14/30; } family iso; } } } } } -- Best Regards, Bruno -- Original -- From: brunobruno.juni...@gmail.com; Date: Thu, Oct 27, 2011 02:49 PM To: Stefan Fouantsfou...@shortestpathfirst.net; Cc: juniper-nspjuniper-nsp@puck.nether.net; Subject: Re: [j-nsp] how to prepare JNCIE-SP lab thx stefan, I have practice JNCIP and JNCIE study guide in olive. MX box is expensive for me . maybe i can fine some srx. -- Best Regards, Bruno -- Original -- From: Stefan Fouantsfou...@shortestpathfirst.net; Date: Thu, Oct 27, 2011 11:23 AM To: brunobruno.juni...@gmail.com; Cc: juniper-nspjuniper-nsp@puck.nether.net; Subject: Re: [j-nsp] how to prepare JNCIE-SP lab Bruno, You might want to listen to the certification webinar we put together a few weeks ago: http://www.juniper.net/us/en/community/junos/live/111005/#overview Bottom line, if you can get yourself a single MX you can use logical-systems and logical- tunnel interfaces to emulate a large topology, or in lieu of that you can get your hands on some branch SRX devices and convert them to packet mode. The following blog article I wrote for the M series exam a while back covers the configuration required if you choose to use MX with Logical Systems. http://www.shortestpathfirst.net/2010/01/13/preparation-tips-for-the-jncip-mt-and-jncie-mt-exams/ Study material from Junos Class of Service, Junos Multicast Routing, Junos MPLS VPNs, and the Advanced Junos Service Provider Routing curriculum, and do all the associated labs as they are highly indicative of the type of things you will see on the exam. Harry Reynold's now out-of-print JNCIP and JNCIE Study Guides are still useful for preparation as well... You can find them in PDF format by searching for them on Google. Study hard and practice, practice, practice... Learns those tricks like 'load merge terminal relative', 'load patch', copy and paste techniques in conjunction with 'show | display set'. Another little trick that will save you time when determining aggregates for summarization: http://www.shortestpathfirst.net/2011/06/21/jncie-tips-from-the-field-summarization-made-easy/ Good luck and may the force be with you! Stefan Fouant JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI Technical Trainer, Juniper Networks Follow us on Twitter @JuniperEducate Sent from my iPad On Oct 26, 2011, at 10:50 PM, bruno bruno.juni...@gmail.com wrote: hello guys, I have pass jncip-m last year. coz i don't have time to prepare jncie-m ,so i give up. now i am avaible for jncie .juniper said the MX series was added in the lab . how to prepare for it .should i buy mx device? any suggestion? also need JNCIE peer . -- Best Regards, Bruno ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] J-Series Router Options
Hello All - We have a client with a lot of J-Series routers running 9.3 code or earlier. We really like the features and functionality of JUNOS as a router and are more than a little annoyed that Juniper seems to be forcing us to turn these routers into firewalls. What are others doing to deal with the flow issues associated with more recent versions of code? Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which will also cause issues with more modern versions of code. I'm interested in knowing how others have tackled these challenges for customers with hundreds of these in the field. Thanks, Ben ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] understanding interface traffic counters of Juniper router
I made a following setup: http://img4.imageshack.us/img4/9311/switchvsroutertraffic.png Setup with Juniper router uses Juniper router and Setup with Cisco router uses Cisco router. Both computers sent data(Iperf sends 1470 byte datagrams) for 300 seconds at 9Mbps. As you can see, in case of Cisco router and switch, the difference is 0.3%(actually I did multiple tests with different bandwidth values and test lengths and difference was always 0.3%). In case of Juniper router, the difference between Cisco switch interface traffic counters and Juniper router interface traffic counters were 1.2% - 1.3%. What might cause this 0.3% difference in case of Cisco router and Cisco switch? What might cause 1.2% - 1.3% difference in case of Juniper router and Cisco switch? Is Cisco switch counting L2 header as well and Juniper router counts only upto IP header? If yes, then this 1.2% - 1.3% difference is logical.. regards, martin ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] how to prepare JNCIE-SP lab
i have check ur doc yestersday.there are two question: 1.how to check mx box have tunnel service card. It probably doesn't - however, if you have a DPC or MPC you can configure the necessary tunnel PIC. E.g. assuming a 20 port GigE DPC in slot 0, chassis { fpc 0 { pic 0 { tunnel-services { bandwidth 1g; } } } } will give you the necessary tunnels available at lt-0/0/10, gr-0/1/10, ip-0/1/10, vt-0/1/10 etc. Yes, it is always 10. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX-650 NAT Questions
I got clarification from JTAC on this one: The 131,072 would be if you were using source NAT without translating the port. Otherwise source NAT would be for 1024 pools * ~65,000 ports per pool. Static translations - more than 6000 supported. I totally read this wrong - I hope this helps someone else. Thanks. -- Good evening all: In regards to NAT on the SRX-650: In the 11.2 release notes there is a table that states NAT Scaling: SRX650 (High Memory) MAX Number of IP Address Translations - 131,072 MAX Number of IP Addresses Supporting Port Translations - IP's 1,024 MAX Number of Source NAT Pools 1,024 MAX Number of Destination NAT pools 512 Is this really stating that the 650's only support of to 131,072 source translations? I'm hoping that I'm misunderstanding the working of the release notes - this number seems very low if that's the case and I'm afraid that I've chosen the wrong box for my needs if so. Can anyone clarify for me? Thanks all. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-Series Router Options
Ben, Nobody is forcing the jseries to become firewalls. They did alter the default behavior of the packet handling to be flow mode..but you can configure that. To enable packet mode junos. Just issue the following commands. delete security set security forwarding-options family mpls mode packet-based set security forwarding-options family iso mode packet-based set security forwarding-options family inet6 mode packet-based This works on an SRX to turn it into a packet based device just the same as it does for a jseries. In regards to the flash size, I honestly can't speak to that. Maybe buy a couple of larger flash disks in bulk? Otherwise clean up the file system, load the code from sftp/ftp/tftp and upgrade with no-copy. That way you don't have to transfer it locally. Hope this helps, -Tim Eberhard On Mon, Nov 7, 2011 at 8:18 AM, R. Benjamin Kessler ben.kess...@zenetra.com wrote: Hello All - We have a client with a lot of J-Series routers running 9.3 code or earlier. We really like the features and functionality of JUNOS as a router and are more than a little annoyed that Juniper seems to be forcing us to turn these routers into firewalls. What are others doing to deal with the flow issues associated with more recent versions of code? Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which will also cause issues with more modern versions of code. I'm interested in knowing how others have tackled these challenges for customers with hundreds of these in the field. Thanks, Ben ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-Series Router Options
On Mon, Nov 7, 2011 at 6:18 AM, R. Benjamin Kessler ben.kess...@zenetra.com wrote: Hello All - We have a client with a lot of J-Series routers running 9.3 code or earlier. We really like the features and functionality of JUNOS as a router and are more than a little annoyed that Juniper seems to be forcing us to turn these routers into firewalls. What are others doing to deal with the flow issues associated with more recent versions of code? Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which will also cause issues with more modern versions of code. I'm interested in knowing how others have tackled these challenges for customers with hundreds of these in the field. Thanks, Ben From my observations, Juniper for certain reason does not care about existing customers on this by forcing everyone moves to flow-mode. And only provide workaround for customers to run packet-mode by breaking several functions. My company has lots of J-series routers with 9.3s13 packet-mode (legacy) JUNOS. Everything is fine until we need some newer functions in few specific nodes. After upgrade to newer version, say 10.2r4.8, we manually turned it into packet-mode. However, we lost some of nice features such as j-flow and IPSEC. That soon became operation headache. The reason we stay in r4.8 for now is because of RAM limitation that r4.8 is the last release could be installed on 512MB RAM model. -- Michel~ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?
Has anyone else seen this issue? 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th) http://isc.sans.edu/diary.html?storyid=11965rss via SANS Internet Storm Center, InfoCON: green http://isc.sans.edu on 11/7/11 We're starting to get reports (thanks to both Branson and Darryl) that a Juniper OS bug with BGP, combined with some specific BGP updates today, are resulting in some key internet routers being DOS'd due to high CPU loads. We'll post more data as it comes in. === Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Jesse Krembs - Data Network Architecture Planning FairPoint Communications | 800 Hinesburg Rd, South Burlington, VT 05403 | jkre...@fairpoint.com mailto:jkre...@fairpoint.com www.FairPoint.com http://www.fairpoint.com/ | 802.951.1519 office | 802.735.4886 cell ___ This e-mail message and its attachments are for the sole use of the intended recipients. They may contain confidential information, legally privileged information or other information subject to legal restrictions. If you are not the intended recipient of this message, please do not read, copy, use or disclose this message or its attachments, notify the sender by replying to this message and delete or destroy all copies of this message and attachments in all media. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-Series Router Options
On 11/07/2011 02:18 PM, R. Benjamin Kessler wrote: Hello All - We have a client with a lot of J-Series routers running 9.3 code or earlier. We really like the features and functionality of JUNOS as a router and are more than a little annoyed that Juniper seems to be forcing us to turn these routers into firewalls. Agreed. What are others doing to deal with the flow issues associated with more recent versions of code? We simply upgraded the RAM and forced packet mode. Interestingly, we're toying with the idea of using the little SRX2xx series devices in place of J-series. They're a LOT smaller than the (enormous!) J-Series and seem to us to be no worse. We've got a couple in service and they work fine. I'm interested in knowing how others have tackled these challenges for customers with hundreds of these in the field. Well, we don't have hundreds... in that case, the RAM/flash upgrades will take a tedious amount of time. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-Series Router Options
Hey, I'd say get a bigger CF and install some 10.4 version and follow this; http://juniper.cluepon.net/index.php/Enabling_packet_based_forwarding Disables all that flow stuff you really don't want on a router. -- Timh Bergström System Operations Videoplaza timh.bergst...@videoplaza.com +46 727 406 845 S:t Eriksgatan 46 Stockholm www.videoplaza.com On Mon, Nov 7, 2011 at 3:18 PM, R. Benjamin Kessler ben.kess...@zenetra.com wrote: Hello All - We have a client with a lot of J-Series routers running 9.3 code or earlier. We really like the features and functionality of JUNOS as a router and are more than a little annoyed that Juniper seems to be forcing us to turn these routers into firewalls. What are others doing to deal with the flow issues associated with more recent versions of code? Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which will also cause issues with more modern versions of code. I'm interested in knowing how others have tackled these challenges for customers with hundreds of these in the field. Thanks, Ben ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-Series Router Options
That would be cool if it didn't also break IPSec VPNs...bummer -Original Message- From: Timh Bergström [mailto:timh.bergst...@videoplaza.com] Sent: Monday, November 07, 2011 4:28 PM To: R. Benjamin Kessler Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] J-Series Router Options Hey, I'd say get a bigger CF and install some 10.4 version and follow this; http://juniper.cluepon.net/index.php/Enabling_packet_based_forwarding Disables all that flow stuff you really don't want on a router. -- Timh Bergström System Operations Videoplaza timh.bergst...@videoplaza.com +46 727 406 845 S:t Eriksgatan 46 Stockholm www.videoplaza.com On Mon, Nov 7, 2011 at 3:18 PM, R. Benjamin Kessler ben.kess...@zenetra.com wrote: Hello All - We have a client with a lot of J-Series routers running 9.3 code or earlier. We really like the features and functionality of JUNOS as a router and are more than a little annoyed that Juniper seems to be forcing us to turn these routers into firewalls. What are others doing to deal with the flow issues associated with more recent versions of code? Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which will also cause issues with more modern versions of code. I'm interested in knowing how others have tackled these challenges for customers with hundreds of these in the field. Thanks, Ben ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-Series Router Options
On 07/11/11 06:18, R. Benjamin Kessler wrote: Hello All - We have a client with a lot of J-Series routers running 9.3 code or earlier. We really like the features and functionality of JUNOS as a router and are more than a little annoyed that Juniper seems to be forcing us to turn these routers into firewalls. What are others doing to deal with the flow issues associated with more recent versions of code? You can essentially disable the flow mode, it still sucks up RAM (if you're doing full BGP tables you need, at minimum 2GB, 3 or 4 is better) but it can still pretty much do the old throughput. Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which will also cause issues with more modern versions of code. Yep, replace with = 1GB cards. But if you have to open them anyway for RAM doing both makes sense. Most likely you'd build the new image config in the lab and send out RAM+CF to be upgraded on site. -- Julien Goodwin Studio442 Blue Sky Solutioneering signature.asc Description: OpenPGP digital signature ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?
More importantly, if it was the issue dated in August, how in the heck do I get on a list which tells me such a critical bug exists? Jack On 11/7/2011 2:03 PM, Krembs, Jesse wrote: Has anyone else seen this issue? 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th) http://isc.sans.edu/diary.html?storyid=11965rss via SANS Internet Storm Center, InfoCON: greenhttp://isc.sans.edu on 11/7/11 We're starting to get reports (thanks to both Branson and Darryl) that a Juniper OS bug with BGP, combined with some specific BGP updates today, are resulting in some key internet routers being DOS'd due to high CPU loads. We'll post more data as it comes in. === Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Jesse Krembs - Data Network Architecture Planning FairPoint Communications | 800 Hinesburg Rd, South Burlington, VT 05403 | jkre...@fairpoint.commailto:jkre...@fairpoint.com www.FairPoint.comhttp://www.fairpoint.com/ | 802.951.1519 office | 802.735.4886 cell ___ This e-mail message and its attachments are for the sole use of the intended recipients. They may contain confidential information, legally privileged information or other information subject to legal restrictions. If you are not the intended recipient of this message, please do not read, copy, use or disclose this message or its attachments, notify the sender by replying to this message and delete or destroy all copies of this message and attachments in all media. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-Series Router Options
On 7 November 2011 14:10, Phil Mayers p.may...@imperial.ac.uk wrote: What are others doing to deal with the flow issues associated with more recent versions of code? We simply upgraded the RAM and forced packet mode. Interestingly, we're toying with the idea of using the little SRX2xx series devices in place of J-series. They're a LOT smaller than the (enormous!) J-Series and seem to us to be no worse. We've got a couple in service and they work fine. I was a little surprised at the throughput of the SRX220 in packet mode. Only 496Mbps bidirectional at 1500bytes, and drops to 72Mbps at 64bytes. It IS a security device of course, not a router strictly speaking, so I admit my hopes were a little high. I'm interested in knowing how others have tackled these challenges for customers with hundreds of these in the field. Well, we don't have hundreds... in that case, the RAM/flash upgrades will take a tedious amount of time. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?
Juniper doesn't believe security bugs should be public. You must be a customer with support to access their portal. Cisco has a good policy. You can view any security bugs and get fixes regardless of your contract status. Jared Mauch On Nov 7, 2011, at 6:53 PM, Jack Bates jba...@brightok.net wrote: More importantly, if it was the issue dated in August, how in the heck do I get on a list which tells me such a critical bug exists? Jack On 11/7/2011 2:03 PM, Krembs, Jesse wrote: Has anyone else seen this issue? 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th) http://isc.sans.edu/diary.html?storyid=11965rss via SANS Internet Storm Center, InfoCON: greenhttp://isc.sans.edu on 11/7/11 We're starting to get reports (thanks to both Branson and Darryl) that a Juniper OS bug with BGP, combined with some specific BGP updates today, are resulting in some key internet routers being DOS'd due to high CPU loads. We'll post more data as it comes in. === Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Jesse Krembs - Data Network Architecture Planning FairPoint Communications | 800 Hinesburg Rd, South Burlington, VT 05403 | jkre...@fairpoint.commailto:jkre...@fairpoint.com www.FairPoint.comhttp://www.fairpoint.com/ | 802.951.1519 office | 802.735.4886 cell ___ This e-mail message and its attachments are for the sole use of the intended recipients. They may contain confidential information, legally privileged information or other information subject to legal restrictions. If you are not the intended recipient of this message, please do not read, copy, use or disclose this message or its attachments, notify the sender by replying to this message and delete or destroy all copies of this message and attachments in all media. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-Series Router Options
To be fair, you find a Cisco product in the same price range with the same features that can come even close to that throughput! K. On Tue, Nov 8, 2011 at 12:00, David Ball davidtb...@gmail.com wrote: On 7 November 2011 14:10, Phil Mayers p.may...@imperial.ac.uk wrote: What are others doing to deal with the flow issues associated with more recent versions of code? We simply upgraded the RAM and forced packet mode. Interestingly, we're toying with the idea of using the little SRX2xx series devices in place of J-series. They're a LOT smaller than the (enormous!) J-Series and seem to us to be no worse. We've got a couple in service and they work fine. I was a little surprised at the throughput of the SRX220 in packet mode. Only 496Mbps bidirectional at 1500bytes, and drops to 72Mbps at 64bytes. It IS a security device of course, not a router strictly speaking, so I admit my hopes were a little high. I'm interested in knowing how others have tackled these challenges for customers with hundreds of these in the field. Well, we don't have hundreds... in that case, the RAM/flash upgrades will take a tedious amount of time. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?
Once upon a time, Jack Bates jba...@brightok.net said: More importantly, if it was the issue dated in August, how in the heck do I get on a list which tells me such a critical bug exists? If you have a Juniper support account, go to www.juniper.net/alerts, scroll to the bottom, and click on Modify Your Alert Preferences. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?
On 11/7/2011 8:28 PM, Chris Adams wrote: Once upon a time, Jack Batesjba...@brightok.net said: More importantly, if it was the issue dated in August, how in the heck do I get on a list which tells me such a critical bug exists? If you have a Juniper support account, go to www.juniper.net/alerts, scroll to the bottom, and click on Modify Your Alert Preferences. Thanks. So I'm guessing anyone effected by it, shouldn't have been (given I'd think large networks would have been notified and have valid support contracts). Jack ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?
On 7 November 2011 21:46, Jack Bates jba...@brightok.net wrote: Thanks. So I'm guessing anyone effected by it, shouldn't have been (given I'd think large networks would have been notified and have valid support contracts). Right, because upon the release of any new PSNs, immediate network-wide code upgrades are completed. Jack ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?
Well...basically yes. The issue (PSN-2011-08-327) is known since august. I guess the fact that juniper has listed the issue as the probability of exploiting this defect is extremely low has led many networks to not implent a immediate fix for this on a security perspective. As you know maintenance usually causes service impact for customers and (if possible) most networks like to avoid unneccessary downtimes. Additionally alot of folks like to test new software in a lab environment first so a simple update to a new JunOS version can sometimes be quite complex and cost intensive. -Jonas Am Montag, den 07.11.2011, 22:46 -0600 schrieb Jack Bates: On 11/7/2011 8:28 PM, Chris Adams wrote: Once upon a time, Jack Batesjba...@brightok.net said: More importantly, if it was the issue dated in August, how in the heck do I get on a list which tells me such a critical bug exists? If you have a Juniper support account, go to www.juniper.net/alerts, scroll to the bottom, and click on Modify Your Alert Preferences. Thanks. So I'm guessing anyone effected by it, shouldn't have been (given I'd think large networks would have been notified and have valid support contracts). Jack ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp signature.asc Description: This is a digitally signed message part ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp