Re: [j-nsp] Fwd: mx480 to mx240 port channel ae

[Alex Arseniev]

What JUNOS version and linecard HW?
interface-mode trunk is supported on Trio starting from 11.1.
Thanks
Alex 

- Original Message - 
From: Mohammad Khalil eng.m...@gmail.com

To: juniper-nsp@puck.nether.net
Sent: Thursday, July 19, 2012 6:48 AM
Subject: [j-nsp] Fwd: mx480 to mx240 port channel ae



-- Forwarded message --
From: Mohammad Khalil eng.m...@gmail.com
Date: Wed, Jul 18, 2012 at 11:45 AM
Subject: mx480 to mx240 port channel ae
To: juniper-nsp@puck.nether.net


Hi all , I have mx480 and mx240 routers
I tried to connect them via ether channel (port aggregation) , but there
was remarkable packet loss

CR04# show interfaces ae1
flexible-vlan-tagging;
mtu 1600;
encapsulation flexible-ethernet-services;
aggregated-ether-options {
   lacp {
   active;
   }
}
unit 0 {
   family bridge {
   interface-mode trunk;
   }
}
unit 10 {
   vlan-id 10;
   family inet {
   address 10.0.0.17/30;

Any ideas ?

Thanks

BR,
Mohammad
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RE : route BGP stall bug

[Tim Vollebregt]

Hi,

I have 11 groups configured, mostly eBGP. No alert messages.
Also not sure if we are hitting PR722890, as we don't see the error in 
our logs:


Cannot perform nh operation DELETE nhop (null) type unicast index 717 errno 1

As RAS confirmed the bug is still there, I'll have to work on getting as 
much as Multihop loopback sessions as possible and configuring a static 
default route towards cores to prevent blackholing (bleh...)


Turns out that my ultra expensive boxes / linecards are worth rubbish in 
some cases :(


Tim

On 18-07-12 21:37, david@orange.com wrote:

Hi

How many groups do you have?

David Roy
NOC Engineer at Orange France
JNCIE-SP #703 ; JNCIE-ENT #305

De : juniper-nsp-boun...@puck.nether.net [juniper-nsp-boun...@puck.nether.net] 
de la part de Richard A Steenbergen [r...@e-gerbil.net]
Date d'envoi : mercredi 18 juillet 2012 20:15
À : Tim Vollebregt
Cc : Juniper-NSP
Objet : Re: [j-nsp] route BGP stall bug

On Wed, Jul 18, 2012 at 12:03:39AM +0200, Tim Vollebregt wrote:

Hi All,

This morning during a maintenance I experienced the route stall bug
Richard mentioned a few times already on j-nsp.

Hardware kit:
-MX480 with SCB (non-e)
-2 x RE-S-1800x4
-4 x MPC 3D 16x 10GE
Software version: 10.4R8.5
During this maintenance I was placing 2 new routing engines into the
router, replacing the 'old' RE-S-2000. This router is pushing a lot of
traffic and receiving 14 x full BGP tables from eBGP peers/1 RR
session to it's 'mate'/several iBGP peers with partial tables

Rest assured this issue is still alive and well in every piece of code
I've ever looked at. I've basically just given up and accepted that
Juniper can't actually handle a large number of routes, and nobody seems
capable of fixing it. EX's are especially bad, I can't get a full fib
installed from a reboot in anything less than an hour, even if I turn
off most of the BGP sessions so it converges faster. Either stop
carrying so many routes (14x full tables = you're screwed), or go buy a
Cisco. :(

--
Richard A Steenbergen r...@e-gerbil.net   http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

_

Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete 
altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, France Telecom - Orange is not liable for messages 
that have been modified, changed or falsified.
Thank you.




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MX80 poor monitoring, packet loss to RE, SNMP not responding

[Morgan McLean]

So I actually don't use the FXP interface. I basically have four OSPF
connections coming into my edge firewall srx cluster, and I use the
loopback address advertised over OSPF to manage all of my devices. The
MX80's are the only ones that seem to have a problem...am I S.O.L if I'm
not using the FXP interface?

Morgan

On Wed, Jul 18, 2012 at 9:14 AM, Xu Hu jstuxuhu0...@gmail.com wrote:

 Does the Juniper RE not the same as Cisco RSP. I think the control plane
 information all need to go to the RE, if RE had any issue, why the traffic
 don't have any issue?

 Thanks and regards,
 Xu Hu

 On 18 Jul, 2012, at 22:32, OBrien, Will obri...@missouri.edu wrote:

  Check your fxp0 configuration. You may be shipping return traffic out
 random interfaces...
  We are leaning toward putting all production traffic inside a virtual
 routing instance/chassis and using the main routing instance just for
 management.
  
  From: juniper-nsp-boun...@puck.nether.net [
 juniper-nsp-boun...@puck.nether.net] on behalf of Morgan McLean [
 wrx...@gmail.com]
  Sent: Wednesday, July 18, 2012 1:34 AM
  To: juniper-nsp@puck.nether.net
  Subject: [j-nsp] MX80 poor monitoring, packet loss to RE, SNMP not
 responding
 
  I have a pair of MX80's that both are very unreliable in terms of trying
 to
  monitor them. Any traffic destined to the RE, be it ICMP or SNMP seems to
  be very hit or miss. Sometimes SNMP won't respond, pinging it gives me
  maybe 50% loss on average, but it passes traffic fine.
 
  This causes issues with monitoring, false alerts, etc. I realize the
  traffic destined for the RE is not as important, but the box is hardly
  loaded and among maybe 50 other juniper devices I have, EX, SRX, only
 these
  are giving me issues.
 
  Can anybody give me any insight?
 
  Thanks,
  Morgan
  ___
  juniper-nsp mailing list juniper-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/juniper-nsp
 
  ___
  juniper-nsp mailing list juniper-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MX80 poor monitoring, packet loss to RE, SNMP not responding

[David Miller]

On 7/19/2012 5:56 PM, Morgan McLean wrote:
 So I actually don't use the FXP interface. I basically have four OSPF
 connections coming into my edge firewall srx cluster, and I use the
 loopback address advertised over OSPF to manage all of my devices. The
 MX80's are the only ones that seem to have a problem...am I S.O.L if I'm
 not using the FXP interface?

 Morgan

Not at all.  Management and monitoring over the loopback (in-band) is a
perfectly valid and workable configuration.

Knowing nothing at all about the config on your gear, I would think that
the first places to look for the source of intermittent failures would
be route stability and RE firewalls/policers.

You said that you get intermittent ping failures to the box.  Can you
ssh into the box reliably?  Can you ping from the box reliably to the
destination that has issues pinging to the box? ...and so on...

-DMM


 On Wed, Jul 18, 2012 at 9:14 AM, Xu Hu jstuxuhu0...@gmail.com wrote:

 Does the Juniper RE not the same as Cisco RSP. I think the control plane
 information all need to go to the RE, if RE had any issue, why the traffic
 don't have any issue?

 Thanks and regards,
 Xu Hu

 On 18 Jul, 2012, at 22:32, OBrien, Will obri...@missouri.edu wrote:

 Check your fxp0 configuration. You may be shipping return traffic out
 random interfaces...
 We are leaning toward putting all production traffic inside a virtual
 routing instance/chassis and using the main routing instance just for
 management.
 
 From: juniper-nsp-boun...@puck.nether.net [
 juniper-nsp-boun...@puck.nether.net] on behalf of Morgan McLean [
 wrx...@gmail.com]
 Sent: Wednesday, July 18, 2012 1:34 AM
 To: juniper-nsp@puck.nether.net
 Subject: [j-nsp] MX80 poor monitoring, packet loss to RE, SNMP not
 responding
 I have a pair of MX80's that both are very unreliable in terms of trying
 to
 monitor them. Any traffic destined to the RE, be it ICMP or SNMP seems to
 be very hit or miss. Sometimes SNMP won't respond, pinging it gives me
 maybe 50% loss on average, but it passes traffic fine.

 This causes issues with monitoring, false alerts, etc. I realize the
 traffic destined for the RE is not as important, but the box is hardly
 loaded and among maybe 50 other juniper devices I have, EX, SRX, only
 these
 are giving me issues.

 Can anybody give me any insight?

 Thanks,
 Morgan
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MX80 poor monitoring, packet loss to RE, SNMP not responding

[Atif Saleem]

Hi David,
Do you have any firewall filter to protect RE or doing any policing of
the traffic destined to RE? If, you have the filter, is it applied to
loopback interface lo0.0? You need to check whether it is configured
properly or applied properly or not.

Best,
Atif Saleem

On Fri, Jul 20, 2012 at 3:54 AM, David Miller dmil...@tiggee.com wrote:
 On 7/19/2012 5:56 PM, Morgan McLean wrote:
 So I actually don't use the FXP interface. I basically have four OSPF
 connections coming into my edge firewall srx cluster, and I use the
 loopback address advertised over OSPF to manage all of my devices. The
 MX80's are the only ones that seem to have a problem...am I S.O.L if I'm
 not using the FXP interface?

 Morgan

 Not at all.  Management and monitoring over the loopback (in-band) is a
 perfectly valid and workable configuration.

 Knowing nothing at all about the config on your gear, I would think that
 the first places to look for the source of intermittent failures would
 be route stability and RE firewalls/policers.

 You said that you get intermittent ping failures to the box.  Can you
 ssh into the box reliably?  Can you ping from the box reliably to the
 destination that has issues pinging to the box? ...and so on...

 -DMM


 On Wed, Jul 18, 2012 at 9:14 AM, Xu Hu jstuxuhu0...@gmail.com wrote:

 Does the Juniper RE not the same as Cisco RSP. I think the control plane
 information all need to go to the RE, if RE had any issue, why the traffic
 don't have any issue?

 Thanks and regards,
 Xu Hu

 On 18 Jul, 2012, at 22:32, OBrien, Will obri...@missouri.edu wrote:

 Check your fxp0 configuration. You may be shipping return traffic out
 random interfaces...
 We are leaning toward putting all production traffic inside a virtual
 routing instance/chassis and using the main routing instance just for
 management.
 
 From: juniper-nsp-boun...@puck.nether.net [
 juniper-nsp-boun...@puck.nether.net] on behalf of Morgan McLean [
 wrx...@gmail.com]
 Sent: Wednesday, July 18, 2012 1:34 AM
 To: juniper-nsp@puck.nether.net
 Subject: [j-nsp] MX80 poor monitoring, packet loss to RE, SNMP not
 responding
 I have a pair of MX80's that both are very unreliable in terms of trying
 to
 monitor them. Any traffic destined to the RE, be it ICMP or SNMP seems to
 be very hit or miss. Sometimes SNMP won't respond, pinging it gives me
 maybe 50% loss on average, but it passes traffic fine.

 This causes issues with monitoring, false alerts, etc. I realize the
 traffic destined for the RE is not as important, but the box is hardly
 loaded and among maybe 50 other juniper devices I have, EX, SRX, only
 these
 are giving me issues.

 Can anybody give me any insight?

 Thanks,
 Morgan
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp



-- 
Atif
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp