Re: [j-nsp] how to prepare JNCIE-SP lab

[bruno]

hello stefan,
  
 i have check ur doc yestersday.there are two question:
 1.how to check mx box have tunnel service card. 
 2. is it 10 is special for tunnel in  lt-0/0/10 . can we use  8 9 or 7 ?
  
 logical-systems {
dc {
interfaces {
lt-0/0/10 {
unit 0 {
description dc-r7;
encapsulation ethernet;
peer-unit 1;
family inet {
address 10.0.8.13/30;
}
family iso;
}
}
}
}
r7 {
interfaces {
lt-0/0/10 {
unit 1 {
description r7-dc;
encapsulation ethernet;
peer-unit 0;
family inet {
address 10.0.8.14/30;
}   
family iso;
}
}
}
}
}

  
  --
  Best Regards,
Bruno



 
  
  
  
  -- Original --
  From:  brunobruno.juni...@gmail.com;
 Date:  Thu, Oct 27, 2011 02:49 PM
 To:  Stefan Fouantsfou...@shortestpathfirst.net; 
 Cc:  juniper-nspjuniper-nsp@puck.nether.net; 
 Subject:  Re: [j-nsp] how to prepare JNCIE-SP lab

  
 thx stefan,
  
 I have practice JNCIP and JNCIE study guide in olive.  MX box is expensive for 
me .  maybe i can fine some srx. 
  
  --
  Best Regards,
Bruno



  

  
   
  
  -- Original --
  From:  Stefan Fouantsfou...@shortestpathfirst.net;
 Date:  Thu, Oct 27, 2011 11:23 AM
 To:  brunobruno.juni...@gmail.com; 
 Cc:  juniper-nspjuniper-nsp@puck.nether.net; 
 Subject:  Re: [j-nsp] how to prepare JNCIE-SP lab

  
Bruno,

You might want to listen to the certification webinar we put together a few 
weeks ago:

http://www.juniper.net/us/en/community/junos/live/111005/#overview

Bottom line, if you can get yourself a single MX you can use logical-systems 
and logical- tunnel interfaces to emulate a large topology, or in lieu of that 
you can get your hands on some branch SRX devices and convert them to packet 
mode.  The following blog article I wrote for the M series exam a while back 
covers the configuration required if you choose to use MX with Logical Systems.

http://www.shortestpathfirst.net/2010/01/13/preparation-tips-for-the-jncip-mt-and-jncie-mt-exams/

Study material from Junos Class of Service, Junos Multicast Routing, Junos MPLS 
 VPNs, and the Advanced Junos Service Provider Routing curriculum, and do all 
the associated labs as they are highly indicative of the type of things you 
will see on the exam.

Harry Reynold's now out-of-print JNCIP and JNCIE Study Guides are still useful 
for preparation as well... You can find them in PDF format by searching for 
them on Google.

Study hard and practice, practice, practice... Learns those tricks like 'load 
merge terminal relative', 'load patch', copy and paste techniques in 
conjunction with 'show | display set'.

Another little trick that will save you time when determining aggregates for 
summarization:

http://www.shortestpathfirst.net/2011/06/21/jncie-tips-from-the-field-summarization-made-easy/

Good luck and may the force be with you!

Stefan Fouant
JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI
Technical Trainer, Juniper Networks

Follow us on Twitter @JuniperEducate

Sent from my iPad

On Oct 26, 2011, at 10:50 PM, bruno bruno.juni...@gmail.com wrote:

 hello guys,
 
 I have pass jncip-m last year. coz i don't have time to prepare jncie-m ,so i 
 give up. now i am avaible for jncie .juniper said the MX 
 series was added in the lab . how to prepare for it .should i buy mx device? 
 any suggestion?  also need JNCIE peer .
  --
  Best Regards,
 Bruno
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] J-Series Router Options

[R. Benjamin Kessler]

Hello All -

We have a client with a lot of J-Series routers running 9.3 code or earlier.  
We really like the features and functionality of JUNOS as a router and are more 
than a little annoyed that Juniper seems to be forcing us to turn these routers 
into firewalls.

What are others doing to deal with the flow issues associated with more 
recent versions of code?

Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which 
will also cause issues with more modern versions of code.

I'm interested in knowing how others have tackled these challenges for 
customers with hundreds of these in the field.

Thanks,

Ben
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] understanding interface traffic counters of Juniper router

[Martin T]

I made a following setup:

http://img4.imageshack.us/img4/9311/switchvsroutertraffic.png

Setup with Juniper router uses Juniper router and Setup with Cisco
router uses Cisco router. Both computers sent data(Iperf sends 1470
byte datagrams) for 300 seconds at 9Mbps. As you can see, in case of
Cisco router and switch, the difference is 0.3%(actually I did
multiple tests with different bandwidth values and test lengths and
difference was always 0.3%). In case of Juniper router, the difference
between Cisco switch interface traffic counters and Juniper router
interface traffic counters were 1.2% - 1.3%.

What might cause this 0.3% difference in case of Cisco router and
Cisco switch? What might cause 1.2% - 1.3% difference in case of
Juniper router and Cisco switch? Is Cisco switch counting L2 header as
well and Juniper router counts only upto IP header? If yes, then this
1.2% - 1.3% difference is logical..


regards,
martin
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] how to prepare JNCIE-SP lab

[sthaug]

  i have check ur doc yestersday.there are two question:
  1.how to check mx box have tunnel service card. 

It probably doesn't - however, if you have a DPC or MPC you can 
configure the necessary tunnel PIC. E.g. assuming a 20 port GigE
DPC in slot 0,

chassis {
fpc 0 {
pic 0 {
tunnel-services {
bandwidth 1g;
}
}
}
}

will give you the necessary tunnels available at lt-0/0/10, gr-0/1/10,
ip-0/1/10, vt-0/1/10 etc. Yes, it is always 10.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX-650 NAT Questions

[Paulhamus, Jon]

I got clarification from JTAC on this one:  

The 131,072 would be if you were using source NAT without translating the port.

Otherwise source NAT would be for 1024 pools * ~65,000 ports per pool.

Static translations - more than 6000 supported.  I totally read this wrong - I 
hope this helps someone else.

Thanks.


--





Good evening all:



In regards to NAT on the SRX-650:



In the 11.2 release notes there is a table that states NAT Scaling:



SRX650 (High Memory)

MAX Number of IP Address Translations - 131,072

MAX Number of IP Addresses Supporting Port Translations -  IP's 1,024

MAX Number of Source NAT Pools 1,024

MAX Number of  Destination  NAT pools 512



Is this really stating that the 650's only support of to 131,072 source 
translations?  I'm hoping that I'm misunderstanding the working of the release 
notes - this number seems very low if that's the case and I'm afraid that I've 
chosen the wrong box for my needs if so.



Can anyone clarify for me?



Thanks all.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J-Series Router Options

[Tim Eberhard]

Ben,

Nobody is forcing the jseries to become firewalls. They did alter the
default behavior of the packet handling to be flow mode..but you can
configure that.

To enable packet mode junos. Just issue the following commands.

delete security
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based
set security forwarding-options family inet6 mode packet-based

This works on an SRX to turn it into a packet based device just the
same as it does for a jseries.

In regards to the flash size, I honestly can't speak to that. Maybe
buy a couple of larger flash disks in bulk? Otherwise clean up the
file system, load the code from sftp/ftp/tftp and upgrade with
no-copy. That way you don't have to transfer it locally.

Hope this helps,
-Tim Eberhard

On Mon, Nov 7, 2011 at 8:18 AM, R. Benjamin Kessler
ben.kess...@zenetra.com wrote:
 Hello All -

 We have a client with a lot of J-Series routers running 9.3 code or earlier.  
 We really like the features and functionality of JUNOS as a router and are 
 more than a little annoyed that Juniper seems to be forcing us to turn these 
 routers into firewalls.

 What are others doing to deal with the flow issues associated with more 
 recent versions of code?

 Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which 
 will also cause issues with more modern versions of code.

 I'm interested in knowing how others have tackled these challenges for 
 customers with hundreds of these in the field.

 Thanks,

 Ben
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J-Series Router Options

[Michel de Nostredame]

On Mon, Nov 7, 2011 at 6:18 AM, R. Benjamin Kessler
ben.kess...@zenetra.com wrote:
 Hello All -

 We have a client with a lot of J-Series routers running 9.3 code or earlier.  
 We really like the features and functionality of JUNOS as a router and are 
 more than a little annoyed that Juniper seems to be forcing us to turn these 
 routers into firewalls.

 What are others doing to deal with the flow issues associated with more 
 recent versions of code?

 Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which 
 will also cause issues with more modern versions of code.

 I'm interested in knowing how others have tackled these challenges for 
 customers with hundreds of these in the field.

 Thanks,

 Ben

From my observations, Juniper for certain reason does not care about
existing customers on this by forcing everyone moves to flow-mode. And
only provide workaround for customers to run packet-mode by breaking
several functions.

My company has lots of J-series routers with 9.3s13 packet-mode
(legacy) JUNOS. Everything is fine until we need some newer functions
in few specific nodes. After upgrade to newer version, say 10.2r4.8,
we manually turned it into packet-mode. However, we lost some of nice
features such as j-flow and IPSEC. That soon became operation
headache.

The reason we stay in r4.8 for now is because of RAM limitation that
r4.8 is the last release could be installed on 512MB RAM model.

--
Michel~

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?

[Krembs, Jesse]

Has anyone else seen this issue?


 





'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)
http://isc.sans.edu/diary.html?storyid=11965rss 


via SANS Internet Storm Center, InfoCON: green http://isc.sans.edu  on
11/7/11


We're starting to get reports (thanks to both Branson and Darryl) that a
Juniper OS bug with BGP, combined with some specific BGP updates today,
are resulting in some key internet routers being DOS'd due to high CPU
loads. We'll post more data as it comes in.

===
Rob VandenBrink
Metafore (c) SANS Internet Storm Center. http://isc.sans.edu
http://isc.sans.edu  Creative Commons Attribution-Noncommercial 3.0
United States License.



 

Jesse Krembs - Data Network Architecture  Planning

FairPoint Communications | 800 Hinesburg Rd, South Burlington, VT 05403
| jkre...@fairpoint.com mailto:jkre...@fairpoint.com 

www.FairPoint.com http://www.fairpoint.com/ | 802.951.1519 office |
802.735.4886 cell

 


___


This e-mail message and its attachments are for the sole use of the intended 
recipients.  They may contain confidential information, legally privileged 
information or other information subject to legal restrictions.  If you are not 
the intended recipient of this message, please do not read, copy, use or 
disclose this message or its attachments, notify the sender by replying to this 
message and delete or destroy all copies of this message and attachments in all 
media.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J-Series Router Options

[Phil Mayers]

On 11/07/2011 02:18 PM, R. Benjamin Kessler wrote:

Hello All -

We have a client with a lot of J-Series routers running 9.3 code or
earlier.  We really like the features and functionality of JUNOS as a
router and are more than a little annoyed that Juniper seems to be
forcing us to turn these routers into firewalls.


Agreed.


What are others doing to deal with the flow issues associated with
more recent versions of code?


We simply upgraded the RAM and forced packet mode.

Interestingly, we're toying with the idea of using the little SRX2xx 
series devices in place of J-series. They're a LOT smaller than the 
(enormous!) J-Series and seem to us to be no worse. We've got a couple 
in service and they work fine.



I'm interested in knowing how others have tackled these challenges
for customers with hundreds of these in the field.


Well, we don't have hundreds... in that case, the RAM/flash upgrades 
will take a tedious amount of time.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J-Series Router Options

[Timh Bergström]

Hey,

I'd say get a bigger CF and install some 10.4 version and follow this;
http://juniper.cluepon.net/index.php/Enabling_packet_based_forwarding

Disables all that flow stuff you really don't want on a router.

--
Timh Bergström
System Operations
Videoplaza

timh.bergst...@videoplaza.com
+46 727 406 845
S:t Eriksgatan 46
Stockholm
www.videoplaza.com




On Mon, Nov 7, 2011 at 3:18 PM, R. Benjamin Kessler
ben.kess...@zenetra.com wrote:
 Hello All -

 We have a client with a lot of J-Series routers running 9.3 code or earlier.  
 We really like the features and functionality of JUNOS as a router and are 
 more than a little annoyed that Juniper seems to be forcing us to turn these 
 routers into firewalls.

 What are others doing to deal with the flow issues associated with more 
 recent versions of code?

 Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which 
 will also cause issues with more modern versions of code.

 I'm interested in knowing how others have tackled these challenges for 
 customers with hundreds of these in the field.

 Thanks,

 Ben
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J-Series Router Options

[R. Benjamin Kessler]

That would be cool if it didn't also break IPSec VPNs...bummer

-Original Message-
From: Timh Bergström [mailto:timh.bergst...@videoplaza.com] 
Sent: Monday, November 07, 2011 4:28 PM
To: R. Benjamin Kessler
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] J-Series Router Options

Hey,

I'd say get a bigger CF and install some 10.4 version and follow this; 
http://juniper.cluepon.net/index.php/Enabling_packet_based_forwarding

Disables all that flow stuff you really don't want on a router.

--
Timh Bergström
System Operations
Videoplaza

timh.bergst...@videoplaza.com
+46 727 406 845
S:t Eriksgatan 46
Stockholm
www.videoplaza.com




On Mon, Nov 7, 2011 at 3:18 PM, R. Benjamin Kessler ben.kess...@zenetra.com 
wrote:
 Hello All -

 We have a client with a lot of J-Series routers running 9.3 code or earlier.  
 We really like the features and functionality of JUNOS as a router and are 
 more than a little annoyed that Juniper seems to be forcing us to turn these 
 routers into firewalls.


 What are others doing to deal with the flow issues associated with more 
 recent versions of code?

 Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which 
 will also cause issues with more modern versions of code.

 I'm interested in knowing how others have tackled these challenges for 
 customers with hundreds of these in the field.

 Thanks,

 Ben
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net 
 https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J-Series Router Options

[Julien Goodwin]

On 07/11/11 06:18, R. Benjamin Kessler wrote:
 Hello All -
 
 We have a client with a lot of J-Series routers running 9.3 code or earlier.  
 We really like the features and functionality of JUNOS as a router and are 
 more than a little annoyed that Juniper seems to be forcing us to turn these 
 routers into firewalls.
 
 What are others doing to deal with the flow issues associated with more 
 recent versions of code?

You can essentially disable the flow mode, it still sucks up RAM (if
you're doing full BGP tables you need, at minimum 2GB, 3 or 4 is better)
but it can still pretty much do the old throughput.

 Also, many of these routers have small CF cards (e.g. 256MB or 512MB) which 
 will also cause issues with more modern versions of code.

Yep, replace with = 1GB cards. But if you have to open them anyway for
RAM doing both makes sense.

Most likely you'd build the new image  config in the lab and send out
RAM+CF to be upgraded on site.

-- 
Julien Goodwin
Studio442
Blue Sky Solutioneering



signature.asc
Description: OpenPGP digital signature
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?

[Jack Bates]

More importantly, if it was the issue dated in August, how in the heck 
do I get on a list which tells me such a critical bug exists?



Jack

On 11/7/2011 2:03 PM, Krembs, Jesse wrote:

Has anyone else seen this issue?








'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)
http://isc.sans.edu/diary.html?storyid=11965rss


via SANS Internet Storm Center, InfoCON: greenhttp://isc.sans.edu   on
11/7/11


We're starting to get reports (thanks to both Branson and Darryl) that a
Juniper OS bug with BGP, combined with some specific BGP updates today,
are resulting in some key internet routers being DOS'd due to high CPU
loads. We'll post more data as it comes in.

===
Rob VandenBrink
Metafore (c) SANS Internet Storm Center. http://isc.sans.edu
http://isc.sans.edu   Creative Commons Attribution-Noncommercial 3.0
United States License.





Jesse Krembs - Data Network Architecture  Planning

FairPoint Communications | 800 Hinesburg Rd, South Burlington, VT 05403
| jkre...@fairpoint.commailto:jkre...@fairpoint.com

www.FairPoint.comhttp://www.fairpoint.com/  | 802.951.1519 office |
802.735.4886 cell




___


This e-mail message and its attachments are for the sole use of the intended 
recipients.  They may contain confidential information, legally privileged 
information or other information subject to legal restrictions.  If you are not 
the intended recipient of this message, please do not read, copy, use or 
disclose this message or its attachments, notify the sender by replying to this 
message and delete or destroy all copies of this message and attachments in all 
media.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J-Series Router Options

[David Ball]

On 7 November 2011 14:10, Phil Mayers p.may...@imperial.ac.uk wrote:
 What are others doing to deal with the flow issues associated with
 more recent versions of code?

 We simply upgraded the RAM and forced packet mode.

 Interestingly, we're toying with the idea of using the little SRX2xx series
 devices in place of J-series. They're a LOT smaller than the (enormous!)
 J-Series and seem to us to be no worse. We've got a couple in service and
 they work fine.

  I was a little surprised at the throughput of the SRX220 in packet
mode.  Only 496Mbps bidirectional at 1500bytes, and drops to 72Mbps at
64bytes.  It IS a security device of course, not a router strictly
speaking, so I admit my hopes were a little high.


 I'm interested in knowing how others have tackled these challenges
 for customers with hundreds of these in the field.

 Well, we don't have hundreds... in that case, the RAM/flash upgrades will
 take a tedious amount of time.
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?

[Jared Mauch]

Juniper doesn't believe security bugs should be public. You must be a customer 
with support to access their portal. 

Cisco has a good policy. You can view any security bugs and get fixes 
regardless of your contract status. 

Jared Mauch

On Nov 7, 2011, at 6:53 PM, Jack Bates jba...@brightok.net wrote:

 More importantly, if it was the issue dated in August, how in the heck do I 
 get on a list which tells me such a critical bug exists?
 
 
 Jack
 
 On 11/7/2011 2:03 PM, Krembs, Jesse wrote:
 Has anyone else seen this issue?
 
 
 
 
 
 
 
 
 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)
 http://isc.sans.edu/diary.html?storyid=11965rss
 
 
 via SANS Internet Storm Center, InfoCON: greenhttp://isc.sans.edu   on
 11/7/11
 
 
 We're starting to get reports (thanks to both Branson and Darryl) that a
 Juniper OS bug with BGP, combined with some specific BGP updates today,
 are resulting in some key internet routers being DOS'd due to high CPU
 loads. We'll post more data as it comes in.
 
 ===
 Rob VandenBrink
 Metafore (c) SANS Internet Storm Center. http://isc.sans.edu
 http://isc.sans.edu   Creative Commons Attribution-Noncommercial 3.0
 United States License.
 
 
 
 
 
 Jesse Krembs - Data Network Architecture  Planning
 
 FairPoint Communications | 800 Hinesburg Rd, South Burlington, VT 05403
 | jkre...@fairpoint.commailto:jkre...@fairpoint.com
 
 www.FairPoint.comhttp://www.fairpoint.com/  | 802.951.1519 office |
 802.735.4886 cell
 
 
 
 
 ___
 
 
 This e-mail message and its attachments are for the sole use of the intended 
 recipients.  They may contain confidential information, legally privileged 
 information or other information subject to legal restrictions.  If you are 
 not the intended recipient of this message, please do not read, copy, use or 
 disclose this message or its attachments, notify the sender by replying to 
 this message and delete or destroy all copies of this message and 
 attachments in all media.
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J-Series Router Options

[Kurt Bales]

To be fair, you find a Cisco product in the same price range with the same
features that can come even close to that throughput!

K.

On Tue, Nov 8, 2011 at 12:00, David Ball davidtb...@gmail.com wrote:

 On 7 November 2011 14:10, Phil Mayers p.may...@imperial.ac.uk wrote:
  What are others doing to deal with the flow issues associated with
  more recent versions of code?
 
  We simply upgraded the RAM and forced packet mode.
 
  Interestingly, we're toying with the idea of using the little SRX2xx
 series
  devices in place of J-series. They're a LOT smaller than the (enormous!)
  J-Series and seem to us to be no worse. We've got a couple in service and
  they work fine.

   I was a little surprised at the throughput of the SRX220 in packet
 mode.  Only 496Mbps bidirectional at 1500bytes, and drops to 72Mbps at
 64bytes.  It IS a security device of course, not a router strictly
 speaking, so I admit my hopes were a little high.


  I'm interested in knowing how others have tackled these challenges
  for customers with hundreds of these in the field.
 
  Well, we don't have hundreds... in that case, the RAM/flash upgrades will
  take a tedious amount of time.
  ___
  juniper-nsp mailing list juniper-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/juniper-nsp
 
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?

[Chris Adams]

Once upon a time, Jack Bates jba...@brightok.net said:
 More importantly, if it was the issue dated in August, how in the heck 
 do I get on a list which tells me such a critical bug exists?

If you have a Juniper support account, go to www.juniper.net/alerts,
scroll to the bottom, and click on Modify Your Alert Preferences.

-- 
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?

[Jack Bates]

On 11/7/2011 8:28 PM, Chris Adams wrote:

Once upon a time, Jack Batesjba...@brightok.net  said:

More importantly, if it was the issue dated in August, how in the heck
do I get on a list which tells me such a critical bug exists?

If you have a Juniper support account, go to www.juniper.net/alerts,
scroll to the bottom, and click on Modify Your Alert Preferences.



Thanks. So I'm guessing anyone effected by it, shouldn't have been 
(given I'd think large networks would have been notified and have valid 
support contracts).



Jack
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?

[David Ball]

On 7 November 2011 21:46, Jack Bates jba...@brightok.net wrote:
 Thanks. So I'm guessing anyone effected by it, shouldn't have been (given
 I'd think large networks would have been notified and have valid support
 contracts).

  Right, because upon the release of any new PSNs, immediate
network-wide code upgrades are completed.

 Jack
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?

[Jonas Frey (Probe Networks)]

Well...basically yes. The issue (PSN-2011-08-327) is known since august.
I guess the fact that juniper has listed the issue as the 
probability of exploiting this defect is extremely low has led many
networks to not implent a immediate fix for this on a security
perspective.
As you know maintenance usually causes service impact for customers and
(if possible) most networks like to avoid unneccessary downtimes.
Additionally alot of folks like to test new software in a lab
environment first so a simple update to a new JunOS version can
sometimes be quite complex and cost intensive.

-Jonas



Am Montag, den 07.11.2011, 22:46 -0600 schrieb Jack Bates:
 On 11/7/2011 8:28 PM, Chris Adams wrote:
  Once upon a time, Jack Batesjba...@brightok.net  said:
  More importantly, if it was the issue dated in August, how in the heck
  do I get on a list which tells me such a critical bug exists?
  If you have a Juniper support account, go to www.juniper.net/alerts,
  scroll to the bottom, and click on Modify Your Alert Preferences.
 
 
 Thanks. So I'm guessing anyone effected by it, shouldn't have been 
 (given I'd think large networks would have been notified and have valid 
 support contracts).
 
 
 Jack
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp


signature.asc
Description: This is a digitally signed message part
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp