Re: [j-nsp] MX5 - Subscriber Management
On 09/12/2012 04:55 PM, GIULIANO (WZTECH) wrote: People, Dow anyone on list is using MX series as a BRAS box ? We are looking forward some samples of configurations to apply shapping rate using only radius variables. We have found the configuration bellow ... but we did not find any RADIUS dictionary to apply it. See http://www.juniper.net/techpubs/en_US/junos/topics/reference/general/aaa-subscriber-access-radius-vsa.html To set cos shaping parameters from radius, use Juniper VSA 26-108. -- Trond ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] MX Design
Hi, I have two mx and two ex connected as follows, L2 on the EX and L2/L3 on MX, MX handles all the routing. MX -- MX | \ / | | / \ | EX -- EX \/ Access-sw What is the best way to tie everything together? MSTP all the way up to MX or is there a better way? How do I transport VLAN's between the MX, with just tagging the interfaces between or is some kind of MPLS better? Regards Johan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX - multipoint st0 tunnel interface and static route
Hi all,
I'm running junos 11.4r5 on an SRX210 device.
I configured a multipoint tunnel interface to bind two IPSEC tunnels to
the same gateway (as multiple proxy IDs are
not supported yet). The remote gateway is an old sonicwall, and is not
capable of route based VPNs.
I tried to setup a static route to the remote network, but the route
doesn't show up.
I found some threads on juniper forums indicating I was not the nly one
to experience this.
Did anyone find a solution to add a static route via a multipoint tunnel
interface ?
Is this working on 12.1 ? (I'd like to keep the 11.4, but if 12.1 could
help ...).
my interface configuration :
root@SRX240# show interfaces st0 unit 0
multipoint;
family inet;
my vpn configurations :
root@SRX240# show security ipsec vpn vpn1
bind-interface st0.0;
ike {
gateway gw1
proxy-identity {
local 10.1.1.0/24;
remote 192.168.1.0/28;
}
ipsec-policy policy1;
}
root@SRX240# show security ipsec vpn vpn2
bind-interface st0.0;
ike {
gateway gw1
proxy-identity {
local 10.1.2.0/24;
remote 192.168.1.0/28;
}
ipsec-policy policy1;
}
does anyone know how to configure multiple proxy id or have a static
route with a multipoint tunnel interface ?
thanks.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX 5800 cluster reports 100% of CPU through snmpget
This is a known software defect, where the SNMP OID is incorrectly reporting RE utilization. I know that it's fixed in the latest 11.4 release (R4 as of today). I don't know the PR associated with this bug, but I ran into into it myself a while back. -- Eric Cables On Tue, Sep 11, 2012 at 8:41 PM, Alberto Santos albertofsan...@gmail.comwrote: Hey everyone, I'm facing difficult times with srx5800 and snmpget. I have a cluster which reports it is running over 100% CPU for it's RE0, but it is not. Have someone ever seen this before? Routing Engine status: Slot 0: Current state Master Election priority Master (default) Temperature 33 degrees C / 91 degrees F CPU temperature 29 degrees C / 84 degrees F DRAM 2048 MB Memory utilization 20 percent CPU utilization: User 0 percent Background 0 percent Kernel 3 percent Interrupt 0 percent Idle 97 percent Model RE-S-1300 Serial ID 9009074896 Start time 2012-05-10 18:01:28 BRT Uptime 124 days, 6 hours, 35 minutes, 35 seconds Last reboot reason Router rebooted after a normal shutdown. Load averages: 1 minute 5 minute 15 minute 0.10 0.04 0.01 JUNOS Software Release [11.2R6.3] jnxOperatingCPU.9.1.0.0 = 100 jnxOperatingCPU.9.3.0.0 = 100 -- *BR/Alberto* ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX IPSEC performance
Hi All, Has anyone here done IPSEC performance tests for SRX3k and share your results? Juniper claims that with 1400bytes of packet with 2SPC and 1NPC VPN throughput is 3Gbps. How much have you achieved? Ashish ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX Design
Running MC-LAG A/A on the two MXs works pretty well. That will provide a single, logical link using LACP to the EXs. On 9/13/12 1:55 AM, Johan Borch johan.bo...@gmail.com wrote: Hi, I have two mx and two ex connected as follows, L2 on the EX and L2/L3 on MX, MX handles all the routing. MX -- MX | \ / | | / \ | EX -- EX \/ Access-sw What is the best way to tie everything together? MSTP all the way up to MX or is there a better way? How do I transport VLAN's between the MX, with just tagging the interfaces between or is some kind of MPLS better? Regards Johan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SNMP interface counters ... not counting
Hi all. I upgraded my SRX100 to 12.1 (specifically R2.9) about a month and a half ago. On Sunday I went to look at my mrtg graphs and noticed that for about the past 5 weeks or so no traffic has been recorded. I looked into my mrtg config to make sure it was ok (Im using interface name instead of ifIndex to reference my interfaces), and tried a couple of snmpwalk's from the CLI, and all seems ok, and I can return data. Then I noticed something odd. Although the interface counters have values, indicating they must have been counting at some stage, the values are basically stuck in time. Running successive snmpget's for one particular interface just returns the same values over and over, despite the fact it is carrying data for the snmp query. I tried to restart the snmp daemon, but no change. So I rebooted the device and it started working again. Now, exactly 3 days later, it has stopped again. Has anyone else experienced this and know of a fix besides reboot or perhaps a downgrade? Theres nothing in particular that I need from this release, but it would still be annoying. Thanks, Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
