Re: [j-nsp] J-Flow seems to not exporting all the traffic
On 01/07/2013 02:27 AM, Samol wrote: Hi Matjaz, Here is the configuration: sampling { input { rate 100; } Erm... I'm not really familiar with jflow on MX, but isn't this the reason? You're sampling 1/100 of the traffic, so you shouldn't expect to see everything. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] IP SLA + Tracking on JunOS
Have a look at the High Availability scripts here: http://www.juniper.net/us/en/community/junos/script-automation/library/event/ -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Robert Hass Sent: Monday, January 07, 2013 9:18 AM To: juniper-nsp@puck.nether.net Subject: [j-nsp] IP SLA + Tracking on JunOS Hi On Cisco I used IP SLA + Tracking feature to ping remote host and inject static route if I've got response from remote host. Ping was send each minute. Can I have same configuration doing the same on JunOS ? (10.4 or 11.4 - SRX and MX series) My goal: Ping 10.0.0.4 with source-ip 10.0.1.1 If I have response inject static route 192.168.0.0/24 via 10.0.1.2, if no ping response then static route shouldn't be injected Rob ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] DDOS and MX-240's
On Mon, Jan 07, 2013 at 05:41:06AM +, Dobbins, Roland wrote: On Jan 6, 2013, at 11:14 PM, Richard Gross wrote: I am seeking advise. If you wanted to block 800K /32's from your inbound pipes, how would you do it? You don't need nor want to do this. Flowspec and S/RTBH are very useful tools for blocking, as Chris indicated, but nobody needs to block 800K /32s. http://mailman.nanog.org/pipermail/nanog/2011-January/030051.html Still has the same issue. Juniper has basically let Flowspec bit-rot into complete uselessness since Pedro left. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] DDOS and MX-240's
On Mon, Jan 7, 2013 at 2:48 PM, Richard A Steenbergen r...@e-gerbil.net wrote: On Mon, Jan 07, 2013 at 05:41:06AM +, Dobbins, Roland wrote: On Jan 6, 2013, at 11:14 PM, Richard Gross wrote: I am seeking advise. If you wanted to block 800K /32's from your inbound pipes, how would you do it? You don't need nor want to do this. Flowspec and S/RTBH are very useful tools for blocking, as Chris indicated, but nobody needs to block 800K /32s. http://mailman.nanog.org/pipermail/nanog/2011-January/030051.html Still has the same issue. Juniper has basically let Flowspec bit-rot into complete uselessness since Pedro left. It really sucks to hear that the performance didn't improve on Trio. Flowspec is /the/ way to make DoS mitigation possible for companies not big enough to buy a boatload of edge capacity, it's too bad that it's not implemented by anyone but Juniper, and Juniper is letting it rot. (It's also too bad that, AFAIK, nLayer is the only transit provider that actually offers it to customers.) I think this is one of the things that the people building on top of OpenFlow can use to wipe the floor with classical vendors (a good MPLS-TE implementation being the other thing). -- Darius Jahandarie ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] MLD snooping and IPv6 ND
Could any of the Juniper folks mail me off-list regarding some MLD snooping and IPv6 ND interactions? Thanks -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] DDOS and MX-240's
It's interesting that Flowspec was one of the presentations at the Bay Area Juniper User's Group in October, and heavily used by CloudFlare. http://www.slideshare.net/junipernetworks/flowspec-bay-area-juniper-user-group-bajug -- Eric Cables On Mon, Jan 7, 2013 at 12:41 PM, Darius Jahandarie djahanda...@gmail.comwrote: On Mon, Jan 7, 2013 at 2:48 PM, Richard A Steenbergen r...@e-gerbil.net wrote: On Mon, Jan 07, 2013 at 05:41:06AM +, Dobbins, Roland wrote: On Jan 6, 2013, at 11:14 PM, Richard Gross wrote: I am seeking advise. If you wanted to block 800K /32's from your inbound pipes, how would you do it? You don't need nor want to do this. Flowspec and S/RTBH are very useful tools for blocking, as Chris indicated, but nobody needs to block 800K /32s. http://mailman.nanog.org/pipermail/nanog/2011-January/030051.html Still has the same issue. Juniper has basically let Flowspec bit-rot into complete uselessness since Pedro left. It really sucks to hear that the performance didn't improve on Trio. Flowspec is /the/ way to make DoS mitigation possible for companies not big enough to buy a boatload of edge capacity, it's too bad that it's not implemented by anyone but Juniper, and Juniper is letting it rot. (It's also too bad that, AFAIK, nLayer is the only transit provider that actually offers it to customers.) I think this is one of the things that the people building on top of OpenFlow can use to wipe the floor with classical vendors (a good MPLS-TE implementation being the other thing). -- Darius Jahandarie ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp