Re: [j-nsp] Are we under some weird SPAM attack?

2013-05-01 Thread Mark Tinka 
On Thursday, May 02, 2013 05:40:28 AM Michael Loftis wrote:

> And answered my own ? by reading the rest of my inbox.

The posts look legit, but consistently seem to be HTML-based 
e-mail.

Mark.


signature.asc
Description: This is a digitally signed message part.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Are we under some weird SPAM attack?

2013-05-01 Thread Michael Loftis 
Traffic on the list seems absolutely through the roof here...And a lot
of the messages are double posts, or following the same form.  They're
not like a markov generator or anything but they're kind of out of
character for this list.

Did the list posted somewhere new for the GWF crowd?

--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Unable to ping all NE when MAC are learned in Bridge group

2013-05-01 Thread Jason Fortier 
The NE have the correct ARP address of the MX5,   the MX5 on the other hand
does not have an ARP entry.  It does learn a MAC from the NE in the bridge
domain.  for what ever reason the RI is unable to put the two together.

For some reason the link between the Bridge and Routing Instance is
missing/broken for some NE and not others.

JTAC has suggested that there are differences between the MX480 and MX5 in
the way it "routes"  and is checking internal documentation.


On Tue, Apr 30, 2013 at 1:29 PM, Jason Fortier wrote:

> I have tried clearing arp for most of the devices,  I have also moved the
> same config to MX480 PE,  All NE become reachable. Below is a simple
> network layout.
>
> NE-MX5-1--MX5-2MX480C7609--MGMTNETWORK
>
> When MX5-1 becomes a PE some of the NE be come unreachable.
>
> One thing of note it that the MX5-1 mpls interface is on LU 2500 on VLAN
> 2500.  other then that the same FF are plied on the MX480
>
>
>
> On Tue, Apr 30, 2013 at 11:18 AM, Jason Fortier 
> wrote:
>
>> Hey Guys,
>>
>> We are migrating some NE to new MX-5 LER.  I have started with moving
>> mgmt to an IRB,  IRB is in the bridge domain and in the routing instance.
>>  When cut over about half the NE are no longer accessible.
>>
>> When the NE are cut back to old default GW (resides on a c7609 within a
>> RI) and pass through the MX as L2 with in the bridge domain  only it all
>> works fine.  Only when cutover to the NE PE does it break on some devices.
>>
>> All routing appears to be working as some NE with in the subnet
>> are accessible.  not sure why other are not?  any idea would be appreciated.
>>
>> jfortier@routermx5# show
>> description "management irb";
>> mtu 1600;
>> unit 101 {
>> description "Management VLAN101";
>> family inet {
>> address 10.64.0.1/24;
>> }
>> }
>>
>> jfortier@routermx5# show bridge-domains
>> 101 {
>> description "Management VLAN 101";
>> domain-type bridge;
>> vlan-id 101;
>> interface ge-1/0/1.101;
>> interface ge-1/0/2.101;
>> interface ae1.101;
>> interface ae0.101;
>> interface ge-1/0/0.101;
>> routing-interface irb.101;
>> }
>>
>> jfortier@routermx5# show routing-instances mgmt_nes
>> instance-type vrf;
>> interface irb.101;
>> interface irb.102;
>> route-distinguisher 10.92.6.20:3141;
>> vrf-target target:64512:101;
>> vrf-table-label;
>>
>>
>> Jason
>>
>>
>>
>>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 3G/4G on SRX

2013-05-01 Thread Aaron Dewell 
I have a cx111 which I use when the primary connection goes down.  I'm
using usb tethering from my phone which works only if you're willing to
constantly mess with it. I wouldn't recommend that setup.

However, I have a customer using the non rebadged cx111 (aka cradlepoint
cba750) with the paired verizon modem attached. There is an always on ipsec
tunnel running over it from the srx. It goes down about an hour a day
average in each site. As long as that doesn't coincide with a t1 outage...
it's all good. Still investigating the reasons for those drops.

So ymmv but it works decently well.

Note that neither of those experiences are with prepaid or m2m. I imagine
it would be the same until you ran out of credit.

Aaron
On May 1, 2013 10:33 PM, "Jeff Rooney"  wrote:

> Does anyone have any experience using a prepaid or month to month 3G/4G
> connection on a branch SRX? I am looking to replace a dial backup with a
> cellular connection, but the documentation is pretty weak and only
> references a Sierra Wireless AirCard.
>
> Any suggestions? Thanks.
>
> Jeff
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 1000BaseT SFP

2013-05-01 Thread Ben Boyd 
I wonder if you configuration as fe-0/0/2 instead of ge-0/0/2 if that would 
work...

---
Ben Boyd
b...@sinatranetwork.com
http://about.me/benboyd




On May 16, 2011, at 1:32 PM, Keith  wrote:

> 
>  Trying to connect GE copper SFP on MX to a 100meg port on a cisco switch, 
> 3560 actually.
> 
> ge-0/0/2 {
> description "<< Test Link >>";
> enable;
> speed 100m;
> link-mode full-duplex;
> unit 0 {
> family inet {
> address 192.168.1.2/26;
> 
> show interface ge-0/0/2:
> 
> Physical interface: ge-0/0/2, Enabled, Physical link is Up
>   Interface index: 136, SNMP ifIndex: 511
>   Description: << Test Link >>
>   Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, BPDU Error: None, 
> MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow 
> control: Enabled,
>   Auto-negotiation: Enabled, Remote fault: Online
>   Device flags   : Present Running
>   Interface flags: SNMP-Traps Internal: 0x4000
>   Link flags : None
>   CoS queues : 8 supported, 8 maximum usable queues
>   Current address: 80:71:1f:91:10:02, Hardware address: 80:71:1f:91:10:02
>   Last flapped   : 2011-04-28 13:44:09 PDT (1w5d 03:08 ago)
>   Input rate : 0 bps (0 pps)
>   Output rate: 0 bps (0 pps)
>   Active alarms  : None
>   Active defects : None
> 
>   Logical interface ge-0/0/2.0 (Index 74) (SNMP ifIndex 522)
> Flags: SNMP-Traps 0x400 Encapsulation: ENET2
> Input packets : 0
> Output packets: 19
> Protocol inet, MTU: 1500
>   Flags: Sendbcast-pkt-to-re
>   Addresses, Flags: Is-Preferred Is-Primary
> Destination: 192.168.1.0/26, Local: 192.168.1.2, Broadcast: 
> 192.168.1.63
> Protocol multiservice, MTU: Unlimited
> 
> Swapped cables, xover and straight. Setup the cisco port as access/vlan and a 
> routed port 
> hardcoding the speed/duplex and auto and I can not get a link between the 
> devices. 
> 
> My question is can these 1000BaseT SFP's work at 100M? I can configure them 
> as such
> but do they actually work at 100M?
> 
> Thanks,
> Keith
> 
> 
> 
> 
> 
> 
> 
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Juniper Foundry MPLS interoperability

2013-05-01 Thread David Ball 
  I can't comment on your specific requirement, but I've done L2VPN
(Martini l2ckt, actually) and L3VPN between a Brocade MLX4 and Juniper MX
and T-series in the past.  Required a small amount of fiddling (if I recall
correctly, MLX couldn't support the consolidated RSVP message dump that
Junipers did, so I just disabled it on the Juniper side).  There were some
other issues with respect to the way the MLX handled QinQ (outer tag
required different ethertype) for some transparent services, but it
eventually worked.  This was all in a lab, thoughwhere EVERYthing
works.  :)

David



On 20 June 2011 16:11, Armin Kask  wrote:

>
> Hi All,
>
>
> we have a network consisting of FESX/SuperX and CES/CER switches in a ring
> formation
> FESX/SuperX are used for L2 forwarding and CES/CER are also connected to
> the ring doing L2 and L2VPN on top.
> We have an idea to break up the large L2 domain kept together by MSTP with
> some MPLS routers so that the MSTP domains will be between any two routers.
> The routers will need to do something like MSTAG or mac flush on VPLS
> topology change.
> I was wondering if we could/should use MX-80 or 240 for this. I am pretty
> sure that simple L2 with MSTP will be interoperable between the vendors but
> I am not so sure about L2VPN and VPLS and L3VPN in the future.
>
> Can anybody comment on this
> *
>
> --
>
> Käesolev kiri võib sisaldada konfidentsiaalset informatsiooni ja on
> mõeldud kasutamiseks ainult selle adressaadile. Kui antud sõnum ei ole
> suunatud Teile, siis selle avaldamine, kopeerimine, levitamine või muul
> viisil kasutamine on rangelt keelatud ning võib olla ebaseaduslik. Kui
> saite selle kirja ekslikult, palun teavitage sellest koheselt
> informatsiooni saatjat ning kustutage kiri oma süsteemidest.
>
> The information in this communication may be confidential and is intended
> solely for the use of the addressee. If you are not the intended recipient
> you are hereby notified that any use, disclosure, copying, distribution or
> taking any other action in reliance on the contents of this information is
> strictly prohibited and may be unlawful. If you received this e-mail in
> error, please contact the sender and delete the material from your systems.
> *
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 3G/4G on SRX

2013-05-01 Thread Ben Dale 
Hi Jeff,

To use the USB port on the branch SRX 100,110 or 210 as 3G/4G backup you need a 
sierra wireless modem.

There are very few listed on Juniper's supported list, but at least here in 
Australia I've found that most available Sierra 3G modems tend to work 
including:

USB306
SW312U
AC326U
AC310U
SW319U

4G is a different story thanks to new chipsets/drivers and only the Sierra 320U 
seems to work.

Depending on your carrier and the frequency that they operate at, you should be 
able to pick up unlocked SW cards on ebay or aliexpress pretty easily, then 
just drop your SIM in.

The alternative is grabbing a Juniper CX111 wireless bridge (which is a 
Cradlepoint CBA750 OEM) - they support a much bigger range of cards and will 
work with pretty much any router.  

http://www.cradlepoint.com/compatibility

Choose CBA750 in the Select Your Product menu on the right and you'll get the 
complete list:

Ben

On 02/05/2013, at 12:53 AM, Jeff Rooney  wrote:

> Does anyone have any experience using a prepaid or month to month 3G/4G
> connection on a branch SRX? I am looking to replace a dial backup with a
> cellular connection, but the documentation is pretty weak and only
> references a Sierra Wireless AirCard.
> 
> Any suggestions? Thanks.
> 
> Jeff
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Are we under some weird SPAM attack?

2013-05-01 Thread Michael Loftis 
And answered my own ? by reading the rest of my inbox.

Back under my rock now.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] 3G/4G on SRX

2013-05-01 Thread Jeff Rooney 
Does anyone have any experience using a prepaid or month to month 3G/4G
connection on a branch SRX? I am looking to replace a dial backup with a
cellular connection, but the documentation is pretty weak and only
references a Sierra Wireless AirCard.

Any suggestions? Thanks.

Jeff
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] any guidance on JNCIP-M

2013-05-01 Thread Diogo Montagner 
Don't forget to go through the topics that are not covered in the Sybex
guides but are present in the exam.

Thanks

./diogo -montagner
JNCIE-SP 0x41A


On Mon, Apr 26, 2010 at 11:15 PM, Scott Morris  wrote:

> **
> I believe the Sybex books are still available on Juniper's web site as
> PDFs.  That would be excellent study material to start with!  Lab up
> everything in them and play around/change things, and you'll gain lots of
> insight for the lab!
>
>
>
>
>  *Scott Morris*, CCIE*x4* (R&S/ISP-Dial/Security/Service Provider) #4713,
>
> CCDE #2009::D, JNCIE-M #153, JNCIS-ER, CISSP, et al.
>
> CCSI #21903, JNCI-M, JNCI-ER
>
> s...@emanon.com
>
>
>  Knowledge is power.
>
> Power corrupts.
>
> Study hard and be Eeeevl..
>
>
> Cristian Frizziero wrote:
>
> Hi All,
> I´m studying too for the JNCIP-M certification. I´m using the Study Guide,
> but I´d like to get more material, such as examples of lab schemes to
> configures as training.
> Please, send me some of them if you have.
> Thanks
>
> Cristian
>
>
>
>
>
>
> Dilip Srivastava escribió:
>
> Please send me study material
>
> On Sun, Apr 25, 2010 at 8:18 PM, David water 
> wrote:
>
>
>
> How to prepare for JNCIP M exam?
>
> --
> David W.
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 1000BaseT SFP

2013-05-01 Thread Paul Stewart 
We have some but as someone else pointed out, they are tri-rate we are
usingŠ.
Paul


On 2013-05-01 1:35 PM, "OBrien, Will"  wrote:

>I've yet to see any gig copper sfp talk at 100mb. Ever.
>
>Will O'Brien
>
>On May 1, 2013, at 12:32 PM, "Keith"  wrote:
>
>> Trying to connect GE copper SFP on MX to a 100meg port on a cisco
>>switch, 3560 actually.
>> 
>> ge-0/0/2 {
>> description "<< Test Link >>";
>> enable;
>> speed 100m;
>> link-mode full-duplex;
>> unit 0 {
>> family inet {
>> address 192.168.1.2/26;
>> 
>> show interface ge-0/0/2:
>> 
>> Physical interface: ge-0/0/2, Enabled, Physical link is Up
>>   Interface index: 136, SNMP ifIndex: 511
>>   Description: << Test Link >>
>>   Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, BPDU Error:
>>None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering:
>>Disabled, Flow control: Enabled,
>>   Auto-negotiation: Enabled, Remote fault: Online
>>   Device flags   : Present Running
>>   Interface flags: SNMP-Traps Internal: 0x4000
>>   Link flags : None
>>   CoS queues : 8 supported, 8 maximum usable queues
>>   Current address: 80:71:1f:91:10:02, Hardware address:
>>80:71:1f:91:10:02
>>   Last flapped   : 2011-04-28 13:44:09 PDT (1w5d 03:08 ago)
>>   Input rate : 0 bps (0 pps)
>>   Output rate: 0 bps (0 pps)
>>   Active alarms  : None
>>   Active defects : None
>> 
>>   Logical interface ge-0/0/2.0 (Index 74) (SNMP ifIndex 522)
>> Flags: SNMP-Traps 0x400 Encapsulation: ENET2
>> Input packets : 0
>> Output packets: 19
>> Protocol inet, MTU: 1500
>>   Flags: Sendbcast-pkt-to-re
>>   Addresses, Flags: Is-Preferred Is-Primary
>> Destination: 192.168.1.0/26, Local: 192.168.1.2, Broadcast:
>>192.168.1.63
>> Protocol multiservice, MTU: Unlimited
>> 
>> Swapped cables etc, my question is can these 1000BaseT SFP's work at
>>100M? I can configure them as such
>> but do they actually work at 100M?
>> 
>> Thanks,
>> Keith
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>___
>juniper-nsp mailing list juniper-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 1000BaseT SFP

2013-05-01 Thread Jerry Jones 
I think you need to specifically use the tri-state SFPs for this to work

SFP-1GE-FE-E-T  SFP capable of support 10/100/1000 speeds


On May 10, 2011, at 6:59 PM, Keith  wrote:

Trying to connect GE copper SFP on MX to a 100meg port on a cisco switch, 3560 
actually.

ge-0/0/2 {
description "<< Test Link >>";
enable;
speed 100m;
link-mode full-duplex;
unit 0 {
family inet {
address 192.168.1.2/26;

show interface ge-0/0/2:

Physical interface: ge-0/0/2, Enabled, Physical link is Up
  Interface index: 136, SNMP ifIndex: 511
  Description: << Test Link >>
  Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, BPDU Error: None, 
MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow 
control: Enabled,
  Auto-negotiation: Enabled, Remote fault: Online
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Link flags : None
  CoS queues : 8 supported, 8 maximum usable queues
  Current address: 80:71:1f:91:10:02, Hardware address: 80:71:1f:91:10:02
  Last flapped   : 2011-04-28 13:44:09 PDT (1w5d 03:08 ago)
  Input rate : 0 bps (0 pps)
  Output rate: 0 bps (0 pps)
  Active alarms  : None
  Active defects : None

  Logical interface ge-0/0/2.0 (Index 74) (SNMP ifIndex 522)
Flags: SNMP-Traps 0x400 Encapsulation: ENET2
Input packets : 0
Output packets: 19
Protocol inet, MTU: 1500
  Flags: Sendbcast-pkt-to-re
  Addresses, Flags: Is-Preferred Is-Primary
Destination: 192.168.1.0/26, Local: 192.168.1.2, Broadcast: 192.168.1.63
Protocol multiservice, MTU: Unlimited

Swapped cables etc, my question is can these 1000BaseT SFP's work at 100M? I 
can configure them as such
but do they actually work at 100M?

Thanks,
Keith







___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] (no subject)

2013-05-01 Thread Ivan Ivanov 
Jailbreaked iPhone, even you can use RDP in ssh tunnel.

Upcoming iPhone OS 4 will support SSL VPN from Juniper.

I haven't tried Android, but iPhone is good enough when you used to use
shell with touch screen.

[?]

2010/6/5 Tomasz Mikołajek 

> Ok, so if we are talking about mobile phones/smartphones, which one in the
> best for network engineer? I am befor changing my phone to new one. I need
> SSH and VPN.
>
> W dniu 4 czerwca 2010 13:55 użytkownik Chris Evans <
> chrisccnpsp...@gmail.com
> > napisał:
>
> > You know how to tell when someone has an apple product?
> >
> > They tell you they do. :)
> >
> > On Jun 4, 2010 7:34 AM, "Tomasz Mikołajek"  wrote:
> >
> > Someone has IPhone.
> > Sent from my MacBook. ;-)
> >
> > 2010/6/4 Shane Short 
> >
> >
> > > It's the answer to the universe!
> > >
> > >
> > > *faints*
> > >
> > > On 04/06/2010, at 11:08 AM, Tommy Pernici...
> >
> >
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Best Regards!

Ivan Ivanov
<<330.gif>>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] PFE Drops

2013-05-01 Thread Paul Stewart 
Can anyone point me to documentation on the specifics of the following
output?  I'm trying to understand specifically "Software input medium drops"
I believe at this pointŠ.

What's happening is the device becomes non-pingable (ICMP) for a few hours
about once a week and I'm trying to figure out why.  It only becomes
non-pingable from our monitoring system which as you can imagine is causing
us some grief ;)  The monitoring system relies on ping to test reachability.
It's important to note that during times that the device (EX or SRX
specifically) is not pingable, we can continue to collect SNMP data with no
issues.

Thanks,

Paul


Packet Forwarding Engine traffic statistics:

Input  packets: 41503426   35 pps

Output packets: 38415378   33 pps

Packet Forwarding Engine local traffic statistics:

Local packets input :  2039823

Local packets output:   230307

Software input control plane drops  :0

Software input high drops   :0

Software input medium drops :  843

Software input low drops:0

Software output drops   :0

Hardware input drops:0

Packet Forwarding Engine local protocol statistics:

HDLC keepalives:0

ATM OAM:0

Frame Relay LMI:0

PPP LCP/NCP:0

OSPF hello :0

OSPF3 hello:0

RSVP hello :0

LDP hello  :0

BFD:0

IS-IS IIH  :0

LACP   :0

ARP:  1922846

ETHER OAM  :0

Unknown:0

Packet Forwarding Engine hardware discard statistics:

Timeout:0

Truncated key  :0

Bits to test   :0

Data error :0

Stack underflow:0

Stack overflow :0

Normal discard :  1503184

Extended discard   :  204

Invalid interface  :0

Info cell drops:0

Fabric drops   :0

Packet Forwarding Engine Input IPv4 Header Checksum Error and Output MTU
Error statistics:

Input Checksum :0

Output MTU :0




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SSG20 & PBR to Web Proxy

2013-05-01 Thread Ben Dale 
Hi Josh,

I would recommend putting the proxy in it's own subnet and zone (even just a 
/30 off to the side).  Then you can apply policy routing on your external 
interface for inbound traffic, and the LAN interface for your outbound traffic.

If you let return connections go directly back to the client, I suspect that 
you're proxy won't end up being able to cache anything.

Cheers,

Ben

On 01/05/2012, at 2:08 PM, Josh Farrelly  wrote:

> Hi guys.
>  
> We have a customer who’d like to implement a transparent web proxy 
> configuration using a Sophos Web Appliance. They sit behind an SSG20 that 
> connects them to the Internet. I’m suggesting the proxy will have an IP in 
> the LAN range.
>  
> I’ve confirmed with Sophos that the proxy will correctly handle connections 
> if we policy-route any packets matching a destination port of TCP 80 & 443 to 
> it using the firewall, however I’m a little confused about how the return 
> traffic should be handled.
>  
> I don’t believe the proxy will rewrite the layer 3 address of the packets it 
> sends out, so return traffic back from the external web servers will be 
> (theoretically) sent back to the internal IP address, which is the client 
> directly.
>  
> Does anyone have any experience in implementing this, or any suggestions how 
> we go about returning the traffic to the proxy and not directly to the end 
> client? Any suggestions otherwise? Explicit mode on the proxy is not an 
> option.
>  
> Regards,
>  
> Josh Farrelly
> Senior Project Engineer
> 
> P +64 9 630 4095 
> M +64 21 919 885 
> E j...@base-2.co.nz
> 
> PO Box 24666, Royal Oak, Auckland 1345.
> 126 Valley Rd, Mt Eden, Auckland 1024.
> 
> www.base-2.co.nz
> 
> 
> 
>  
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Fwd: MX80 Q-in-Q

2013-05-01 Thread lppmaster 
There is a solution.Here is a working configuration. MX is not used as BRAS, it terminated Q-in-Q Distribution of IP addresses via DHCP relay.  ge-1/1/0 {        flexible-vlan-tagging;        encapsulation flexible ethernet services;        unit 890 {            proxy-arp restricted;            vlan tags outer 890 inner-range 801-845;            family inet {                mac-validate strict;                address Y.Y.Y.Y;                address X.X.X.X;            }        }    }     dhcp-relay {        forward-snooped-clients configured-interfaces;        server-group {            test {                Z.Z.Z.Z;            }        }        active-server-group test;        group test {            active-server-group test;            overrides {                allow-snooped-clients;                layer2-unicast replies;                trust-option-82;                proxy mode;            }            interfaces ge-1/1/0 .890;        }    }Junos version 11.4R6.5   22.01.2013, 17:57, "Bjørn Skovlund" :> Your question is still a bit ambiguous.>> If you have an inner-list and want to bind it to a L3 interface, then you need to make a bridge domain and attach the IRB to that.>> Alternatively, depending on what you want, we're doing something along the lines of the below, where we bind the customers together in DHCP groups and relay them to a DHCP server with option-82, so we know which customer gets what IP - again, not sure if it's customers or what that you're trying to stitch together ;-)>> Cheers, Bjørn>> unit 301 {> proxy-arp restricted;> vlan tags outer 1198 inner 42;> family inet {> mac-validate strict;> unnumbered-address lo0.0 preferred-source-address x.x.x.x;> }> }>> and under forwarding-options the dhcp relay:> group data {> active-server-group data;> overrides {> always-write-option-82;> }> relay-option-82 {> circuit-id {> use-interface-description logical;> }> }> interface ge-0/0/0 .301;> ..> }>> On Mon, Jan 21, 2013 at 11:23 PM lppmas...@yandex.ru  wrote:>> Thanks for the reply.>> I need to terminate Q-in-Q with multiple internal tags.>> inner-list>> Junos 11.4R1.14>> Allows you to create only if the interface will be family bridge,>> I need a L3 interface. 21.01.2013, 18:55, "sth...@nethelp.no" :>> Does MX ambiguous vlan?>>> Please rephrase the question.>> If you're asking whether the MX80 supports dual port Ethernet>>> traffic, the answer is yes. E.g.>> ge-1/0/0 {>>> flexible-vlan-tagging;>>> encapsulation flexible ethernet services;>>> unit 11 {>>> vlan tags outer 1063 inner 900;>>> family inet {>>> address 10.9.130.1/30;>>> }>>> }>>> }>> Steinar Haug, Nethelp consulting, sth...@nethelp.no  End forwarded message >> ___>> juniper-nsp mailing list juniper-nsp@puck.nether.net>> https://puck.nether.net/mailman/listinfo/juniper-nsp___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Industrial Socket for EX8208??

2013-05-01 Thread Keegan.Holley 
Both switches depend on the type of power supply ordered and the country 
you install it in.  For example you can have a 6500 with power supplies 
that use the normal sockets.  A fully populated 6509 will consume most of 
the power on a 220/208V AC circuit so it is easier to order it with the 
"industrial" (usually L6-30 for US 220/208 VAC) and connect the power 
supplies directly to the power feed instead of wasting money on a outlet 
strip.  However, the same switch with one or two blades can easily share 
the circuit with other equipment and maybe ordered with "normal" 
connectors and plugged into an outlet strip/PDU.  The easiest thing to do 
would be to get the part number for the power supplies and look them up or 
get your power requirements and make sure you order the correct part no.

HTH,

Keegan







[j-nsp] Industrial Socket for EX8208??

Fahad Khan 
to:
juniper-nsp
05/02/10 11:38 AM


Sent by:








Hi Folks,


Does EX 8208 require Industril Socket for Power , just like Cisco 6500 ??

Please reply urgently

Thanks in adv

Muhammad Fahad Khan
JNCIP - M/T # 834
IT Specialist
Global Technology Services, IBM
fa...@pk.ibm.com
+92-321-2370510
+92-301-8247638
Skype: fahad-ibm
http://www.linkedin.com/in/muhammadfahadkhan
http://fahad-internetworker.blogspot.com
http://www.visualcv.com/g46ptnd
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] any guidance on JNCIP-M

2013-05-01 Thread Scott Morris 




I believe the Sybex books are still available on Juniper's web site as
PDFs.  That would be excellent study material to start with!  Lab up
everything in them and play around/change things, and you'll gain lots
of insight for the lab!







 


Scott Morris, CCIEx4
(R&S/ISP-Dial/Security/Service Provider) #4713,
CCDE #2009::D, JNCIE-M #153, JNCIS-ER, CISSP, et al.
CCSI #21903, JNCI-M, JNCI-ER
s...@emanon.com


Knowledge is power.
Power corrupts.
Study hard and be Eeeevl..



Cristian Frizziero wrote:
Hi All,
  
I´m studying too for the JNCIP-M certification. I´m using the Study
Guide, but I´d like to get more material, such as examples of lab
schemes to configures as training.
  
Please, send me some of them if you have.
  
Thanks
  
  
Cristian
  
  
  
  
  
  
  
Dilip Srivastava escribió:
  
  Please send me study material


On Sun, Apr 25, 2010 at 8:18 PM, David water
 wrote:


 
How to prepare for JNCIP M exam?
  
  
--
  
David W.
  
___
  
juniper-nsp mailing list juniper-nsp@puck.nether.net
  
https://puck.nether.net/mailman/listinfo/juniper-nsp
  
  
    



  
  
  
  
  
  
___
  
juniper-nsp mailing list juniper-nsp@puck.nether.net
  
https://puck.nether.net/mailman/listinfo/juniper-nsp
  
  



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Load Balancing on 2x MSPIC 100 for NAT

2013-05-01 Thread Pajlatek 
Title: Re: [j-nsp] Load Balancing on 2x MSPIC 100 for NAT


Very nice trick:)
Even found on juniper-nsp
http://puck.nether.net/pipermail/juniper-nsp/2006-February/006094.html

Thanks guys!

Peter





5) Create the service-filters:

set firewall family inet service-filter SS_PART1_FILTER term part1 from source-
address 10.100.0.0/17
set firewall family inet service-filter SS_PART1_FILTER term part1 then service
set firewall family inet service-filter SS_PART1_FILTER term default then skip
set firewall family inet service-filter SS_PART2_FILTER term part2 from source-
address 10.100.128.0/17
set firewall family inet service-filter SS_PART2_FILTER term part2 then service
set firewall family inet service-filter SS_PART2_FILTER term default then skip


There's a trick to reach more accurate manual LB. Something like:

set firewall family inet service-filter SS_PART1_FILTER term part1 from source-address 10.100.0.0/255.255.0.1
...
set firewall family inet service-filter SS_PART2_FILTER term part1 from source-address 10.100.0.1/255.255.0.1

Even addresses go left, odd ones go right. Does not matter how your 10.100/16 is divided into subnets, how many subscribers you have in each half or whatever.





-- 
Best regards,
 Pajlatek                            mailto:pajla...@widzew.net

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Aggregate interface AE issue

2013-05-01 Thread Ala' Amira 
Dear Friends,

 

I have applied AE interface between 2 MXs and it is working fine  but I have
lost the connectivity to the Media Management units only which is behind AE
interface  although the Management Vlan already exist in the trunk,

 

Description: cid:image001.png@01CD23AB.F0196BB0

 

This is the configuration on one of the routers  :

set interfaces ge-2/0/0 gigether-options 802.3ad ae1

set interfaces ge-2/1/3 gigether-options 802.3ad ae1

set interfaces ae1 flexible-vlan-tagging

set interfaces ae1 mtu 1600

set interfaces ae1 encapsulation flexible-ethernet-services

set interfaces ae1 unit 0 family bridge interface-mode trunk

set interfaces ae1 unit 0 family bridge vlan-id-list 11

set protocols vstp vlan 11 interface ae1

 

 

what I have missed here to access the management units?

 



oledata.mso
Description: Binary data
<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Automated software upgrade on massive EX4200 deployment method advice

2013-05-01 Thread Jerry Jaquith 
I'm tasked with upgrading about 600 EX4200 switches to the latest recommended 
OS.  My first thought is to begin writing perl scripts, but wonder if anyone 
has already been down this road and can offer some help?  These are fresh out 
of the box with no initial configuration.  Thanks!

Jerry Jaquith  |  Data Center Solutions Engineer

Redapt, Inc. e: jer...@redapt.com d: 425.605.7923 
  f: 425.882.0320


[cid:image001.jpg@01CC30E5.365A66C0]

Building Information Technology that Propels Business
Cloud Strategy, Business Technology Consulting, Capacity Management and 
Planning, Network Design and Implementation, Storage Capacity Management, 
Custom Fulfillment, Asset Lifecycle Management

Find us on:

[cid:image002.jpg@01CC30E5.365A66C0][cid:image003.jpg@01CC30E5.365A66C0][cid:image004.jpg@01CC30E5.365A66C0]


This electronic mail transmission and any accompanying documents contain 
information belonging to the sender which may be confidential.  This 
information is intended only for the use of the individual or entity to whom 
this electronic mail transmission was sent as indicated above. If you are not 
the intended recipient, any disclosure, copying, distribution, or action taken 
in reliance on the contents of the information contained in this transmission 
is strictly prohibited.  If you have received this transmission in error, 
please delete the message.  Thank you.

<><><><>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Per packet load balancing with Juniper ERX ?

2013-05-01 Thread guan wang 
Hi  Stevanus,

i  cannot use " ip multipath round robin " for ADSL(PPPoE) interfaces
(interface gigabitEthernet 11/0.622.xxx),
Any ERX Radius attribute can do this ?

interface gigabitEthernet 11/0.622
!
 vlan id 622
 ip multipath round-robin
 pppoe
 pppoe auto-configure
 pppoe profile any "ABCD_pppoe"
!
2009/10/13 Stevanus 

> I think you can use *ip multipath round robin* command. Explanation below
> :
>
> *Configuring Equal-Cost Multipath Load Sharing
> *
> Equal-cost multipath (ECMP) sets are formed when the system finds routing
> table entries for the same destination with equal cost. You can add routing
> table entries manually (as static routes), or they are formed as routers
> discover their neighbors and exchange routing tables (via OSPF, BGP, and
> other routing protocols). The system then balances traffic across these sets
> of equal-cost paths using one of the following ECMP modes:
>
> * Hashed - uses hashing of source and destination addresses to
> determine which of the available paths in the ECMP set to use
> * Round-robin - distributes packets equally among the available paths
> in the ECMP set
>
> *  ip multipath round-robin*
>
> * Use to specify round-robin as the mode for ECMP load sharing on an
> interface.
> * ECMP uses the round-robin mode when you have configured all
> interfaces in the set to round-robin. Otherwise, ECMP defaults to hashed
> mode because round-robin mode could cause reordering of packets. You must
> explicitly ensure that the possible reordering is acceptable on all the
> member interfaces by setting them to round-robin mode.
> * Use the no version to set the ECMP mode to the default, hashed.
>
> Example :
>
> host1(config)#virtual-router router_0
> host1:router_0(config)#interface serial 4/0:1/22.22
> host1:router_0(config-subif)#ip multipath round-robin
> host1:router_0(config-subif)#exit
>
> CMIIW :)
>
> - Stevanus -
>
> guan wang wrote:
>
> Hi All,
>
> Does juniper ERX support per packet load balancing ?
> Is there a way to force this behavior?
>
> Thanks
> gdxnfx
> ___
> juniper-nsp mailing list 
> juniper-nsp@puck.nether.nethttps://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
> --
>
<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX 100 as TFTP Server

2013-05-01 Thread Bruce Buchanan 
Hi Everyone,

 

Does anyone know if the SRX100 can act as a local TFTP Server?

 

I've got a small remote office site with some IP phones, and I would
like to set option 66 on the dhcp server (dhcp server is the srx).  This
would allow a zero touch install of the IP phones (along with LLDP-MED),
and tell the phone to go to the main provisioning server to download the
full config.

 

I tried a set system services tftp, and it took it, but it says that it
is deprecated.

 

Thanks,

Bruce

 

Bruce Buchanan
Senior Network Technician
Nexicom
5 King St. E., Millbrook, ON, LOA 1GO
Phone: 705-932-4147
FAX: 705-932-3027
Cell: 705-750-7705
Web: http://www.nexicom.net  
Nexicom - Connected. Naturally.

 
 

 

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J6350 Jumbo frame MTU and OSPF setting

2013-05-01 Thread Harris Hui 

Hi Ben,

Thanks for your suggestion.

I had performed the iPerf UDP test, do you think is it normal for the
100Mbps link?

Host A (10.16.xx.58)  <-> EX 4200 Switch  <--> J6350 (MTU 9018)
<- Fiber circuit 100Mbps (from West to East coast ~80ms) --> (MTU
9018) J6350 <-- EX 4200 Switch --> Host B (10.26.xx.60)


root@xxx bin]# ./iperf -c 10.26.xx.60 -t 60 -u -b 100M

Client connecting to 10.26.xx.60, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size:  126 KByte (default)

[  3] local 10.16.xx.58 port 48543 connected with 10.26.xx.60 port 5001
[ ID] Interval   Transfer Bandwidth
[  3]  0.0-60.0 sec   719 MBytes   101 Mbits/sec
[  3] Sent 512816 datagrams
[  3] Server Report:
[  3]  0.0-60.0 sec   656 MBytes  91.7 Mbits/sec   0.206 ms 45108/512815
(8.8%)
[  3]  0.0-60.0 sec  1 datagrams received out-of-order

[root@xxx bin]# ./iperf -c 10.26.xx.60 -t 60 -u -b 70M

Client connecting to 10.26.xx.60, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size:  126 KByte (default)

[  3] local 10.16.xx.58 port 25968 connected with 10.26.xx.60 port 5001
[ ID] Interval   Transfer Bandwidth
[  3]  0.0-60.0 sec   501 MBytes  70.0 Mbits/sec
[  3] Sent 357143 datagrams
[  3] Server Report:
[  3]  0.0-60.0 sec   501 MBytes  70.0 Mbits/sec   0.276 ms0/357142
(0%)
[  3]  0.0-60.0 sec  1 datagrams received out-of-order

[root@xxx bin]# ./iperf -c 10.26.xx.60 -t 60 -u -b 80M

Client connecting to 10.26.xx.60, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size:  126 KByte (default)

[  3] local 10.16.xx.58 port 31085 connected with 10.26.xx.60 port 5001
[ ID] Interval   Transfer Bandwidth
[  3]  0.0-60.0 sec   572 MBytes  80.0 Mbits/sec
[  3] Sent 408164 datagrams
[  3] Server Report:
[  3]  0.0-60.0 sec   568 MBytes  79.4 Mbits/sec   0.221 ms 2961/408163
(0.73%)
[  3]  0.0-60.0 sec  1 datagrams received out-of-order

Thanks
- Harris


|>
| From:  |
|>
  
>--|
  |Ben Dale   
 |
  
>--|
|>
| To:|
|>
  
>--|
  |Harris Hui/Hong Kong/IBM@IBMHK   
 |
  
>--|
|>
| Cc:|
|>
  
>--|
  |juniper-nsp@puck.nether.net  
 |
  
>--|
|>
| Date:  |
|>
  
>--|
  |04/10/2010 07:56 AM  
 |
  
>--|
|>
| Subject:   |
|>
  
>--|
  |Re: [j-nsp] J6350 Jumbo frame MTU and OSPF setting   
 |
  
>--|





Hi Harris,


  However, increasing the MTU size on both the J6350s may not be able
  to get a better TCP throughput, because the Host NICs and Switchport
  are also using MTU 1500 right? Should I change the MTU si

[j-nsp] help

2013-05-01 Thread Daniel.Hilj 



Daniel Hilj   JNCIE, CCIP
M: 07920 202534 | T: 01252 500 751 | F: 01252 405 605
E: daniel.h...@synetrix.co.uk
[cid:image001.jpg@01C9FA35.3FA41B60]
Synetrix House, 49-51 Victoria Rd
Farnborough, Hampshire, GU14 7PA
www.synetrix.co.uk

--
Synetrix Holdings Limited
Tel: +44 (0)1252 405 600
www.synetrix.co.uk

Synetrix (Holdings) Limited is a limited company registered in England and 
Wales. Registered number: 0349 1956. VAT number: GB776 1259 07. Registered 
office: Synetrix House, 49-51 Victoria Road, Farnborough, Hampshire, GU14 7PA.

IMPORTANT NOTICE:
This message is intended solely for the use of the Individual or organisation 
to whom it is addressed. It may contain privileged or confidential information. 
If you have received this message in error, please notify the originator 
immediately. If you are not the intended recipient, you should not use, copy, 
alter, or disclose the contents of this message. All information or opinions 
expressed in this message and/or any attachments are those of the author and 
are not necessarily those of Synetrix Holdings Limited. Synetrix Holdings 
Limited accepts no responsibility for loss or damage arising from its use, 
including damage from virus. 
<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] TFTP Server on SRX100

2013-05-01 Thread Bruce Buchanan 
Hi Everyone,

 

Does anyone know if the SRX100 can act as a local TFTP Server?

 

I've got a small remote office site with some IP phones, and I would
like to set option 66 on the dhcp server (dhcp server is the srx).  This
would allow a zero touch install of the IP phones (along with LLDP-MED),
and tell the phone to go to the main provisioning server to download the
full config.

 

I tried a set system services tftp, and it took it, but it says that it
is deprecated.

 

Thanks,

Bruce

 

 

Bruce Buchanan
Senior Network Technician
Nexicom
5 King St. E., Millbrook, ON, LOA 1GO
Phone: 705-932-4147
FAX: 705-932-3027
Cell: 705-750-7705
Web: http://www.nexicom.net  
Nexicom - Connected. Naturally.

 
 

 

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] sflow on switch

2013-05-01 Thread Pappas, AJ 
Does anyone know what the performance hit would be on an ex4200 POE
switch if you enable the following on all interfaces?  Would there be
problems?

 

  sflow {

polling-interval 20;

sample-rate 500;

collector 10.169.68.15;

interfaces ge-0/0/0.0;

interfaces ge-0/0/1.0;

}

 

 

AJ Pappas   |   Network Administrator 

Ottawa Regional Hospital & Healthcare Center
 


www.ottawaregional.org    |  
apap...@ottawaregional.org   
phone: 815.431.5180 | mobile line: 815.993.8522 
1100 East Norris Drive, Ottawa, IL 61350 USA

 

P  Please consider the environment before printing this e-mail. 

 

 

Confidentiality Notice: This e-mail may contain confidential
information.  The information is intended only for the use of the
recipient named above.  If you are not the intended recipient, you are
hereby notified that any disclosure, copying, distribution, or the
taking of any action in reliance on the contents of this information,
except its direct delivery to the intended recipient named above, is
strictly prohibited.  If you have received this e-mail in error, please
notify the sender of this and also delete the e-mail from all systems
this message is stored on.

 

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J6350 Jumbo frame MTU and OSPF setting

2013-05-01 Thread Harris Hui 

Hi Ben,

Thanks for your reply. I am using JUNOS 10.0R4.7.

harris@> show version
node0:
--
Hostname:
Model: j6350
JUNOS Software Release [10.0R4.7]

node1:
--
Hostname:
Model: j6350
JUNOS Software Release [10.0R4.7]

{primary:node0}


For the OSPF setting, do you mean that if I am using the same MTU values
eg. 9192 on both Routers, it should be fine without telling the OSPF to
ignore the MTU value?

However, I am also running OSPF on several secure-tunnel interfaces (st0.0
and st0.1), I have to configure the MTU value to 1500 on those
secure-tunnel logical unit in order to form a FULL state of OSPF neighbour
with the peers.




|>
| From:  |
|>
  
>--|
  |Ben Dale   
 |
  
>--|
|>
| To:|
|>
  
>--|
  |Harris Hui/Hong Kong/IBM@IBMHK   
 |
  
>--|
|>
| Cc:|
|>
  
>--|
  |juniper-nsp@puck.nether.net  
 |
  
>--|
|>
| Date:  |
|>
  
>--|
  |10/01/2010 PM 02:11  
 |
  
>--|
|>
| Subject:   |
|>
  
>--|
  |Re: [j-nsp] J6350 Jumbo frame MTU and OSPF setting   
 |
  
>--|





Hi Harris

On 01/10/2010, at 3:35 PM, Harris Hui wrote:

> I am trying to configure our J6350 fiber interface to MTU 9192 to get a
> better TCP throughput. However, I can only able to configure the MTU size
> below 1500, when I configure the MTU to 9192 and commit the changes, it
> still shows MTU 1500 on the physical interface.

I've only got a 2320 in front of me right now, but your configuration below
works fine (and the MTU changes) - what version of JUNOS are you running?


> Do you have any experience on using Jumbo frame MTU size on the J6350? We
> are also running OSPF across the private circuit, is JUNOS support "OSPF
> ignore-mtu" like cisco?

No and we've been bitten by this before - I have raised an ER with my SE
regarding this, but who knows how far away that will be.  You shouldn't
need to use it if you control the routers on both ends (and the issue you
are having with MTU goes away).

Cheers,

Ben
<><>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J6350 Jumbo frame MTU and OSPF setting

2013-05-01 Thread Harris Hui 

Hi Ben,

Looks like I can apply the MTU setting on the reth interface but cannot
apply it on the fiber modules.

show interfaces reth4
Physical interface: reth4, Enabled, Physical link is Up
  Interface index: 132, SNMP ifIndex: 180
  Link-level type: Ethernet, MTU: 9192, Speed: 1000mbps, BPDU Error: None,
MAC-REWRITE Error: None, Loopback: Disabled,
  Source filtering: Disabled, Flow control: Disabled, Minimum links needed:
1, Minimum bandwidth needed: 0
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Current address: 00:10:db:ff:70:04, Hardware address: 00:10:db:ff:70:04
  Last flapped   : 2010-10-01 10:24:25 UTC (00:03:48 ago)
  Input rate : 264 bps (0 pps)
  Output rate: 480 bps (0 pps)

Thanks
Harris


|>
| From:  |
|>
  
>--|
  |Ben Dale   
 |
  
>--|
|>
| To:|
|>
  
>--|
  |Harris Hui/Hong Kong/IBM@IBMHK   
 |
  
>--|
|>
| Cc:|
|>
  
>--|
  |juniper-nsp@puck.nether.net  
 |
  
>--|
|>
| Date:  |
|>
  
>--|
  |10/01/2010 PM 02:11  
 |
  
>--|
|>
| Subject:   |
|>
  
>--|
  |Re: [j-nsp] J6350 Jumbo frame MTU and OSPF setting   
 |
  
>--|





Hi Harris

On 01/10/2010, at 3:35 PM, Harris Hui wrote:

> I am trying to configure our J6350 fiber interface to MTU 9192 to get a
> better TCP throughput. However, I can only able to configure the MTU size
> below 1500, when I configure the MTU to 9192 and commit the changes, it
> still shows MTU 1500 on the physical interface.

I've only got a 2320 in front of me right now, but your configuration below
works fine (and the MTU changes) - what version of JUNOS are you running?


> Do you have any experience on using Jumbo frame MTU size on the J6350? We
> are also running OSPF across the private circuit, is JUNOS support "OSPF
> ignore-mtu" like cisco?

No and we've been bitten by this before - I have raised an ER with my SE
regarding this, but who knows how far away that will be.  You shouldn't
need to use it if you control the routers on both ends (and the issue you
are having with MTU goes away).

Cheers,

Ben
<><>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Calea

2013-05-01 Thread Chris Gapske 
I was asking or polling what people are doing to be Calea compliant the service 
we are using just doubled the price for their service and we are not looking to 
move.

Chris Gapske
Network Analyst
Paducah Power System
Office 270-575-4005
Fax 270-408-4005
1500 Broadway
P.O. Box 180
Paducah, Ky 42002-0180
[Description: Description: Description:
cid:image004.gif@01C7CDC2.E217AB60]


__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__



__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Is the J-6350 in Chassis Cluster mode support Router Context (IPv4 Packet-based forwarding)

2013-05-01 Thread Harris Hui 

Yes, I disabled all the security { } related features in my single J-6350
for testing as well.

Thanks
Harris



|>
| From:  |
|>
  
>--|
  |Jonathan Lassoff
  |
  
>--|
|>
| To:|
|>
  
>--|
  |Harris Hui/Hong Kong/IBM@IBMHK   
 |
  
>--|
|>
| Cc:|
|>
  
>--|
  |juniper-nsp@puck.nether.net  
 |
  
>--|
|>
| Date:  |
|>
  
>--|
  |03/09/2010 01:26 PM  
 |
  
>--|
|>
| Subject:   |
|>
  
>--|
  |Re: [j-nsp] Is the J-6350 in Chassis Cluster mode support Router Context 
(IPv4 Packet-based forwarding)   |
  
>--|





On Thu, Sep 2, 2010 at 9:21 PM, Harris Hui  wrote:
>
> Hi all,
>
> The J-6350 in JUNOS 10.0R3.1 can disable the security context (flow-based
> forwarding) and use it as a Router Context (IPv4 Packet-based
forwarding).
> I had tested this on a single J-6350 box.
>
> Did anyone tested to disable the security context and enable the router
> context in a chassis cluster configuration? If yes, could you share the
> experience with me? Thanks a lot!

I would imagine that this can be done, but admittedly, I've never run
"router mode" in a chassis cluster.

Check out the factory-included
/etc/config/jsr-series-routermode-factory.conf file. It sets some
other things under security { } as well, like disabling TCP SYN and
sequence checking.

Cheers,
jof

<><>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] JNCIP-SP latest dumps

2013-05-01 Thread Scott Morris 

  
  
And because high school exams allows calculators explains why people
can't figure out how to make change today after hitting the wrong
keys on the cash register...

Because the education system in general is catering to the lowest
common denominator doesn't mean that a certification exam needs to.

Let's see how exciting that is when you figure our that your doctor
passed his/her boards because WebMD was there to help on those
"difficult" things that are more obscure.

An electrician who doesn't understand amperage, or a plumber who
doesn't understand water flow...  Absolutely useless.

Are you telling me that the "experts who the experts call" don't
understand fundamental mathematical concepts, or can't do this stuff
off the top of their heads?

Is there stuff you don't use every day?  Perhaps.  I suppose that
depends on what you do.  If you work in an IS-IS world, then
correct, you could care less about OSPF LSAs.  Learn it.  It's a
multiple choice exam, so statistically, even a monkey has a chance
of passing.  In theory, that should be higher if you understand
things.

My two cents for the day.  (or 3.5 in case the register failed)  ;)

  
  
  
  
  
  
   
  
  
  Scott Morris, CCIEx4
(R&S/ISP-Dial/Security/Service Provider) #4713,
  CCDE #2009::D, CCNP-Voice, JNCIE-SP #153, JNCIE-ER
#102, CISSP, et al.
  CCSI #21903, JNCI-SP, JNCI-ER
  s...@emanon.com
  
  
  Knowledge is power.
  Power corrupts.
  Study hard and be Eeeevl..


On 3/30/12 8:59 AM, Skeeve Stevens wrote:

  I am not saying braindumps are good at all, but...

What engineer when architecting/building/supporting a solution doesn't have
access to the internet or reference tools?

I architect all day long and the Juniper and Cisco websites are my bible
for product knowledge, features, part numbers, etc etc.

It is like an electrician or plumber without their tools... absolutely
useless.

I would like to see exams include man pages, or at least an approved
reference book that would let you look up obscure crap you almost never
need to know off the top of your head.

Binary<->Hex<->Decimal math... bullshit, I can't believe we're not able to
use even a calculator these days... even highschool exams allow calculators!

 *Skeeve Stevens, CEO*
eintellego Pty Ltd
ske...@eintellego.net ; www.eintellego.net 

Phone: 1300 753 383 ; Fax: (+612) 8572 9954

Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellego

twitter.com/networkceoau ; www.linkedin.com/in/skeeve

PO Box 7726, Baulkham Hills, NSW 1755 Australia

The Experts Who The Experts Call
Juniper - Cisco – Brocade - IBM



On Fri, Mar 30, 2012 at 23:25, Sascha Luck  wrote:


  
On Fri, Mar 30, 2012 at 05:03:54AM -0700, Jared Gull wrote:



  I'm with Graham. Sack up and have some integrity, learn the material, and
take the test pass or fail.




of course this is true generally, but the exams are not always
very compatible with practical networking experience. Srsly, you need to
know every property of every OSPF LSA type or STP BPDU by heart? That's
what the Internet is for...
I did JNCIS the old-skool way and it was a lot of grinding useless
information that I've forgotten again already...

rgds,
s.
__**_
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/**mailman/listinfo/juniper-nsp


  
  ___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp




  


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 1000BaseT SFP

2013-05-01 Thread Serge Vautour 
Very likely no. What's the SFP model number and the line card type you're using 
on the MX?

Serge




 From: Keith 
To: juniper-nsp@puck.nether.net 
Sent: Tuesday, May 10, 2011 8:59:06 PM
Subject: [j-nsp] 1000BaseT SFP
 


Trying to connect GE copper SFP on MX to a 100meg port on a cisco switch, 3560 
actually.


ge-0/0/2 { description "<< Test Link >>"; enable; speed 100m; link-mode 
full-duplex; unit 0 { family inet { address 192.168.1.2/26; show interface 
ge-0/0/2: Physical interface: ge-0/0/2, Enabled, Physical link is Up Interface 
index: 136, SNMP ifIndex: 511 Description: << Test Link >> Link-level type: 
Ethernet, MTU: 1514, Speed: 100mbps, BPDU Error: None, MAC-REWRITE Error: None, 
Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, 
Auto-negotiation: Enabled, Remote fault: Online Device flags   : Present 
Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None CoS 
queues : 8 supported, 8 maximum usable queues Current address: 
80:71:1f:91:10:02, Hardware address: 80:71:1f:91:10:02 Last flapped   : 
2011-04-28 13:44:09 PDT (1w5d 03:08 ago) Input rate : 0 bps (0 pps) Output 
rate: 0 bps (0 pps) Active alarms  : None Active defects : None Logical 
interface ge-0/0/2.0 (Index 74) (SNMP ifIndex 522) Flags: SNMP-Traps
 0x400 Encapsulation: ENET2 Input packets : 0 Output packets: 19 Protocol 
inet, MTU: 1500 Flags: Sendbcast-pkt-to-re Addresses, Flags: Is-Preferred 
Is-Primary Destination: 192.168.1.0/26, Local: 192.168.1.2, Broadcast: 
192.168.1.63 Protocol multiservice, MTU: Unlimited Swapped cables etc, my 
question is can these 1000BaseT SFP's work at 100M? I can configure them as such
but do they actually work at 100M? Thanks,
Keith 



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 10.0 or 10.4?

2013-05-01 Thread Dusan Avbreht 
Junos 10.4R2.6 is one of the most stabile version in las few years! [?]

2011/3/16 Bjørn Tore Paulen 

> Den 15.03.2011 23:19, skrev Doug Hanks:
>
>  I can confirm this as well.  Junos Transformation/Ironman started with
>> 10.4R2.  There should be a meaningful difference.  I know they've increased
>> the regression testing scripts by nearly 500%.
>>
>>  Here is one meaningful difference - DHCP relay used to work.  ;-p
>
> --
>
>  Bjørn Tore
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 

Dušan Avbreht
Professional Service Consultant

AVDUS d.o.o.

Mobile: +386 41 340546
E: d.avbr...@gmail.com
E: du...@avdus.net
<<328.png>>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] M5 RE in M20 (lab -> production)

2013-05-01 Thread Tom 
Hello,
I just faced a problem where I put a former production RE (junos 8.5) from M160 
into our lab M5.

Boot was from cfcard, no hdd installed. Junos bootup msgs were showing “packet 
mismatch” for pfe packages.
Normally it seems that junos is loading this from a full software image on hdd 
if not found on cfcard.

Everything working except the pfe, that’s bad for production 

As my cfcard is 2g, is there a possiblity to install a “complete” image for all 
m-series pfe or at least copy m20 pfe packages additional on cfcard?

I would like to upgrade this re to junos 10.x on m5 and swap it to m20.


Many thanks and best regards,

Tom<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] log in M20

2013-05-01 Thread iber-x 




Hello there,
this
message has appeared in the log of our M20. It is not the first time
it occurs and we are quite worried.  The
average CPU consumption is 4% and just at the time the message appeared
on the
log, we found increases up to 100% and an increase in temperature of 6
º in the
routing-engine 0. This router works with two logical routers and
receive
full-routing of three different providers. We also have configured and
IS_IS  and IBGP sessions.



May  4 11:43:03 xxx01.yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 7 sec scheduler slip, user: 3 sec 306043 usec, system: 0 sec, 5732 usec



We
do not know what could
be the problem because we have not detected  any event bgp, routing update,
addition of new
machines, an so on,..

Do you have any idea what may be the reason for
this high
cpu usage?

Thanks in advanced

 
 


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Log in M20

2013-05-01 Thread iber-x 




Hello there,
this
message has appeared in the log of our M20. It is not the first time
it occurs and we are quite worried.  The
average CPU consumption is 4% and just at the time the message appeared
on the
log, we found increases up to 100% and an increase in temperature of 6
º in the
routing-engine 0. This router works with two logical routers and
receive
full-routing of three different providers. We also have configured and
IS_IS  and IBGP sessions.


May  4 11:43:03 xxx01.yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 7 sec scheduler slip, user: 3 sec 306043 usec, system: 0 sec, 5732 usec



We
do not know what could
be the problem because we have not detected  any event bgp, routing update,
addition of new
machines, an so on,..

Do you have any idea what may be the reason for
this high
cpu usage?

Thanks in advanced

 
 


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX 3200 - no arp entries after power failure

2013-05-01 Thread Kyle Evans 




We had a problem with 10.0r2 where the switch would stop learning mac
addresses under certain conditions (major problem).  We are currently
using 10.0S1.1, but I don't know if we've been using it long enough for
me to feel comfortable recommending it.


Kyle



Dan Farrell wrote:

  Believe it or not, 10.0.r2 is working like a charm for us so far. So far.

Dan Farrell

-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Malte von dem Hagen
Sent: Monday, February 08, 2010 3:57 PM
To: Paul Waller
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] EX 3200 - no arp entries after power failure

Hi,

Am 08.02.10 21:33 schrieb Paul Waller:
  
  
We have a EX 3200 running JunOS 9.2R2 release.

  
  
you really should upgrade. 9.2R2 is really old, and early versions of JunOS for EX series contained lots of nasty bugs. 9.6R3 seems quite stable so far...

rgds,

Malte
--
Malte v. dem Hagen
Teamleitung Network Engineering & Operation Abteilung Technik
---
Host Europe GmbH - http://www.hosteurope.de Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*) HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer:
Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller

(*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend



__ Information from ESET NOD32 Antivirus, version of virus signature database 4849 (20100208) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



__ Information from ESET NOD32 Antivirus, version of virus signature database 4849 (20100208) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

  



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Log in M20

2013-05-01 Thread iber-x 




This
message has appeared in the log of our M20. It
is not the first time it occurs and we are quite concerned. The
average CPU consumption is 4% and just at the time the message appeared
on the log, we found increases up to 100% and an increase in
temperature of 6 º in the routing-engine 0. This
router works with two logical routers and receive full-routing of three
different suppliers. We also
have configured and IS_IS  and IBGP sessions.


May  4 11:43:03 xxx01.yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 7 sec scheduler slip, user: 3 sec 306043 usec, system: 0 sec, 5732 usec


We
have not detected any event bgp, routing update, addition of new
machines, an so on, that makes us think that was because the increase
of temperature and CPU consumption. 

Someone knows what can be?

Thanks




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] srx240 VPN Question

2013-05-01 Thread Aaron Dewell 

I use this for backup connectivity on dynamic endpoints and they are quite 
happy.  One end must be fixed (which I assume is yours).

Their configuration:

set security ike gateway gateway-name local-identity inet their-vpn-ip-address
set security ike gateway gateway-name remote-identity inet your-vpn-ip-address

Yours:

set security ike gateway gateway-name local-identity inet your-vpn-ip-address
set security ike gateway gateway-name dynamic inet their-vpn-ip-address
delete security ike gateway gateway-name address

I believe this requires 11.3+ but I'm not exactly sure.  The remote-identity 
command is not there in earlier versions.

Aaron

On May 11, 2011, at 8:53 AM, Pappas, AJ wrote:

> I have a srx240.  I have someone who has a vpn with us who wants to change 
> from a static IP address on an ipsec tunnel to a FQDN.  Is there any 
> documentation on how to do this or if it is possible?  He is able to provide 
> the two ip’s to me that it will be coming from.  This is for a failover from 
> them.  Two separate providers / ip’s.
>  
> AJ Pappas   |   Network Administrator 
> 
> Ottawa Regional Hospital & Healthcare Center
> 
> 
> 
> www.ottawaregional.org  |  apap...@ottawaregional.org 
> phone: 815.431.5180 | mobile line: 815.993.8522 
> 1100 East Norris Drive, Ottawa, IL 61350 USA
>  
> P  Please consider the environment before printing this e-mail.
>  
>  
> Confidentiality Notice: This e-mail may contain confidential information.  
> The information is intended only for the use of the recipient named above.  
> If you are not the intended recipient, you are hereby notified that any 
> disclosure, copying, distribution, or the taking of any action in reliance on 
> the contents of this information, except its direct delivery to the intended 
> recipient named above, is strictly prohibited.  If you have received this 
> e-mail in error, please notify the sender of this and also delete the e-mail 
> from all systems this message is stored on.
>  
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Juniper Foundry MPLS interoperability

2013-05-01 Thread Armin Kask 
 Hi All, we have a network consisting of FESX/SuperX and CES/CER switches in a ring formationFESX/SuperX are used for L2 forwarding and CES/CER are also connected to the ring doing L2 and L2VPN on top.We have an idea to break up the large L2 domain kept together by MSTP with some MPLS routers so that the MSTP domains will be between any two routers.The routers will need to do something like MSTAG or mac flush on VPLS topology change.I was wondering if we could/should use MX-80 or 240 for this. I am pretty sure that simple L2 with MSTP will be interoperable between the vendors but I am not so sure about L2VPN and VPLS and L3VPN in the future.Can anybody comment on this
Käesolev kiri võib sisaldada konfidentsiaalset informatsiooni ja on mõeldud kasutamiseks ainult selle adressaadile. Kui antud sõnum ei ole suunatud Teile, siis selle avaldamine, kopeerimine, levitamine või muul viisil kasutamine on rangelt keelatud ning võib olla ebaseaduslik. Kui saite selle kirja ekslikult, palun teavitage sellest koheselt informatsiooni saatjat ning kustutage kiri oma süsteemidest.
The information in this communication may be confidential and is intended solely for the use of the addressee. If you are not the intended recipient you are hereby notified that any use, disclosure, copying, distribution or taking any other action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender and delete the material from your systems.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Aggregate interface AE issue

2013-05-01 Thread Ala' Amira 
Dear Friends,

 

I have applied AE interface between 2 MXs and it is working fine  but I have
lost the connectivity to the Media Management units only which is behind AE
interface  although the Management Vlan already exist in the trunk,

 



 

This is the configuration on one of the routers  :

set interfaces ge-2/0/0 gigether-options 802.3ad ae1

set interfaces ge-2/1/3 gigether-options 802.3ad ae1

set interfaces ae1 flexible-vlan-tagging

set interfaces ae1 mtu 1600

set interfaces ae1 encapsulation flexible-ethernet-services

set interfaces ae1 unit 0 family bridge interface-mode trunk

set interfaces ae1 unit 0 family bridge vlan-id-list 11

set protocols vstp vlan 11 interface ae1

 

 

what I have missed here to access the management units?

 



oledata.mso
Description: Binary data
<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] JNCIS

2013-05-01 Thread Scott Morris 




E is for the BRAS systems (ERX)
M is for the SP systems (M7i, M10i, M320, etc.)
ER is for the Enterprise systems (J series now, SRX to be included)

Right now all written exams are $125.  Shortly that will change.  $100
for A-level, $200 for S-level.

Right now, you can go direct to S-level.  With a refresh, I believe you
will be forced to go for A, then S.







 


Scott Morris, CCIEx4
(R&S/ISP-Dial/Security/Service Provider) #4713,
JNCIE-M #153, JNCIS-ER, CISSP, et al.
CCSI #21903, JNCI-M, JNCI-ER
s...@emanon.com


Knowledge is power.
Power corrupts.
Study hard and be Eeeevl..



Taqdir Singh wrote:

  Hi All,
   could anyone please clear me what is the actual diff between

JNCIS-E and JNCIS-M

I know M stands for M series routers.

which one is most latest ?

what is the exam fee for JNCIS ? can we do it directly without giving JNCIA
?



  



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Class E IP addresses

2013-05-01 Thread joel jaeggli 

On 3/8/10 1:53 PM, keegan.hol...@sungard.com wrote:
As with most other "dirty" address ranges these will inevitably be 
used for something. It's just a fact of life as IPv4 space becomes 
more and more scarce. For example APNIC has begun assigning addresses 
in the previously reserved and often hijacked 1.0/8 range.
1/8 assignments were made 4 years ago (1/8 and 27/8 were assigned to 
apnic on jan 2010)


regarding 240/4 I'm pretty sure that's been a feature request for a 
while.I probably wouldn't put those on any interface facing hosts.



- wrote: -

To: juniper-nsp@puck.nether.net
From: Chuck Anderson 
Sent by: 
Date: 03/08/2010 04:08PM
Subject: [j-nsp] Class E IP addresses

From 9.6 release notes:

Class E addresses—The JUNOS Software now allows Class E addresses
to be
configured on interfaces. To allow Class E addresses to be
configured on
interfaces, remove the Class E prefix from the list of martian
addresses by
including the [edit routing-options martians 240/4 orlonger allow]
configuration
statement.

Whoa. What is the use of this? While it sounds like a neat idea to
reclaim Class E for actual use in this age of IPv4 depletion, the
idea
loses its appeal once you realize the huge numbers of legacy devices
that won't want to have anything to do with Class E.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 1000BaseT SFP

2013-05-01 Thread OBrien, Will 
I've yet to see any gig copper sfp talk at 100mb. Ever.

Will O'Brien

On May 1, 2013, at 12:32 PM, "Keith"  wrote:

> Trying to connect GE copper SFP on MX to a 100meg port on a cisco switch, 
> 3560 actually.
> 
> ge-0/0/2 {
> description "<< Test Link >>";
> enable;
> speed 100m;
> link-mode full-duplex;
> unit 0 {
> family inet {
> address 192.168.1.2/26;
> 
> show interface ge-0/0/2:
> 
> Physical interface: ge-0/0/2, Enabled, Physical link is Up
>   Interface index: 136, SNMP ifIndex: 511
>   Description: << Test Link >>
>   Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, BPDU Error: None, 
> MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow 
> control: Enabled,
>   Auto-negotiation: Enabled, Remote fault: Online
>   Device flags   : Present Running
>   Interface flags: SNMP-Traps Internal: 0x4000
>   Link flags : None
>   CoS queues : 8 supported, 8 maximum usable queues
>   Current address: 80:71:1f:91:10:02, Hardware address: 80:71:1f:91:10:02
>   Last flapped   : 2011-04-28 13:44:09 PDT (1w5d 03:08 ago)
>   Input rate : 0 bps (0 pps)
>   Output rate: 0 bps (0 pps)
>   Active alarms  : None
>   Active defects : None
> 
>   Logical interface ge-0/0/2.0 (Index 74) (SNMP ifIndex 522)
> Flags: SNMP-Traps 0x400 Encapsulation: ENET2
> Input packets : 0
> Output packets: 19
> Protocol inet, MTU: 1500
>   Flags: Sendbcast-pkt-to-re
>   Addresses, Flags: Is-Preferred Is-Primary
> Destination: 192.168.1.0/26, Local: 192.168.1.2, Broadcast: 
> 192.168.1.63
> Protocol multiservice, MTU: Unlimited
> 
> Swapped cables etc, my question is can these 1000BaseT SFP's work at 100M? I 
> can configure them as such
> but do they actually work at 100M?
> 
> Thanks,
> Keith
> 
> 
> 
> 
> 
> 
> 
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] 1000BaseT SFP

2013-05-01 Thread Keith 


  
  
Trying to connect GE copper SFP on MX to a 100meg port on a cisco
switch, 3560 actually.

ge-0/0/2 {
description "<< Test Link >>";
enable;
speed 100m;
link-mode full-duplex;
unit 0 {
family inet {
address 192.168.1.2/26;

show interface ge-0/0/2:

Physical interface: ge-0/0/2, Enabled, Physical link is Up
  Interface index: 136, SNMP ifIndex: 511
  Description: << Test Link >>
  Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
  Auto-negotiation: Enabled, Remote fault: Online
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Link flags : None
  CoS queues : 8 supported, 8 maximum usable queues
  Current address: 80:71:1f:91:10:02, Hardware address: 80:71:1f:91:10:02
  Last flapped   : 2011-04-28 13:44:09 PDT (1w5d 03:08 ago)
  Input rate : 0 bps (0 pps)
  Output rate: 0 bps (0 pps)
  Active alarms  : None
  Active defects : None

  Logical interface ge-0/0/2.0 (Index 74) (SNMP ifIndex 522)
Flags: SNMP-Traps 0x400 Encapsulation: ENET2
Input packets : 0
Output packets: 19
Protocol inet, MTU: 1500
  Flags: Sendbcast-pkt-to-re
  Addresses, Flags: Is-Preferred Is-Primary
Destination: 192.168.1.0/26, Local: 192.168.1.2, Broadcast: 192.168.1.63
Protocol multiservice, MTU: Unlimited

Swapped cables etc, my question is can these 1000BaseT SFP's work at 100M? I can configure them as such
but do they actually work at 100M?

Thanks,
Keith








  

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Log Juniper M20

2013-05-01 Thread iber-x 




Hi all,

anyone
knows what could be the reason that this message appears on the log of
our juniper M20?


Apr  6 06:00:15 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 5 sec scheduler slip, user: 4 sec 940542 usec, system: 0 sec, 14925 usec
Apr  6 05:58:07 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 4 sec 75182 usec, system: 0 sec, 0 usec
Apr  6 05:57:52 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 3 sec 976823 usec, system: 0 sec, 0 usec
Apr  6 05:57:05 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 4 sec 7157 usec, system: 0 sec, 0 usec
Apr  6 05:56:09 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 3 sec 991475 usec, system: 0 sec, 0 usec
Apr  6 05:45:33 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 5 sec scheduler slip, user: 4 sec 972022 usec, system: 0 sec, 7041 usec
Apr  6 05:45:23 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 4 sec 112812 usec, system: 0 sec, 0 usec
Apr  6 05:44:42 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 4 sec 332330 usec, system: 0 
Mathew


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Log Juniper M20

2013-05-01 Thread iber-x 




Hi all,

anyone
knows what could be the reason that this message appears on the log of
our juniper M20?


Apr  6 06:00:15 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 5 sec scheduler slip, user: 4 sec 940542 usec, system: 0 sec, 14925 usec
Apr  6 05:58:07 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 4 sec 75182 usec, system: 0 sec, 0 usec
Apr  6 05:57:52 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 3 sec 976823 usec, system: 0 sec, 0 usec
Apr  6 05:57:05 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 4 sec 7157 usec, system: 0 sec, 0 usec
Apr  6 05:56:09 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 3 sec 991475 usec, system: 0 sec, 0 usec
Apr  6 05:45:33 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 5 sec scheduler slip, user: 4 sec 972022 usec, system: 0 sec, 7041 usec
Apr  6 05:45:23 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 4 sec 112812 usec, system: 0 sec, 0 usec
Apr  6 05:44:42 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec scheduler slip, user: 4 sec 332330 usec, system: 0 
Mathew


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Lost adjacency in ISIS

2013-05-01 Thread iber-x 




Hi all,

anyone
knows what could be the reason that this message appears on the log of
our juniper M20?


Mar 25 05:58:54 xxXX.yyy2.abc-x.net rpd[2604]: RPD_ISIS_ADJDOWN: IS-IS lost L2 adjacency to xxXX.yyy1 on ae0.153, reason: Aged Out

Thanks

Mathew



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Lost adjacency in IS-IS

2013-05-01 Thread iber-x 




Hi all,

anyone
knows what could be the reason that this message appears on the log of
our juniper M20?


Mar 25 05:58:54 xxXX.yyy2.abc-x.net rpd[2604]: RPD_ISIS_ADJDOWN: IS-IS lost L2 adjacency to xxXX.yyy1 on ae0.153, reason: Aged Out

Thanks

Mathew




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Load Balancing on 2x MSPIC 100 for NAT

2013-05-01 Thread Pajlatek 
Title: Re: [j-nsp] Load Balancing on 2x MSPIC 100 for NAT


The config that Artur proposed works great on M10i/M7i with 2xMSPIC + 1x ADV II PIC, without any problems or licenses.


Peter Okupski

-- 
Best regards,
 Pajlatek                            mailto:pajla...@widzew.net

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Absence [Message automatique]

2013-05-01 Thread grousseau 

Bonjour,

Je suis absent du 26/03 au 30/03

Cordialement,
Guillaume ROUSSEAU

Hello,

I'am ooo from 26/03 to 30/03

Regards,
Guillaume ROUSSEAU
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Aggregate interface AE issue

2013-05-01 Thread Ala' Amira 
Dear Friends,

 

I have applied AE interface between 2 MXs and it is working fine  but I have
lost the connectivity to the Media Management units only which is behind AE
interface  although the Management Vlan already exist in the trunk,

 



 

This is the configuration on one of the routers  :

set interfaces ge-2/0/0 gigether-options 802.3ad ae1

set interfaces ge-2/1/3 gigether-options 802.3ad ae1

set interfaces ae1 flexible-vlan-tagging

set interfaces ae1 mtu 1600

set interfaces ae1 encapsulation flexible-ethernet-services

set interfaces ae1 unit 0 family bridge interface-mode trunk

set interfaces ae1 unit 0 family bridge vlan-id-list 11

set protocols vstp vlan 11 interface ae1

 

 

what I have missed here to access the management units?

 



oledata.mso
Description: Binary data


image003.emz
Description: Binary data
<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX - Static Routing Out Same Interface

2013-05-01 Thread Andrew Jones 
If the SRX is in flow mode, make sure that the return traffic takes the 
same path back, including passing through the SRX. Otherwise the SRX may 
only see half the conversation and time out connections due to it not 
seeing the full TCP handshake.



On 02.05.2013 01:01, OBrien, Will wrote:

Do you have a policy allowing traffic from that zone to that zone?

On Nov 3, 2010, at 7:33 AM, Bruce Buchanan wrote:

Hi List –

Can anyone give any suggestion/guidance on the following.

I’m trying to do a static route *out* the same interface that the
traffic came *in* on.  This is on an SRX-240

Here are the details:
“Private”: 192.168.20.0/24
“Public”: 216.168.x.x/32
Static route: 172.30.200.0/24 to  to 
192.168.20.121


192.168.20.121 is the IP on a VPN appliance.

Traffic from a client computer never gets routed to the VPN
appliance.  This works on a Cisco 2800 without a problem, but I can’t
get it working on the SRX.

Thanks,
Bruce

Bruce Buchanan
Senior Network Technician
Nexicom
5 King St. E., Millbrook, ON, LOA 1GO
Phone: 705-932-4147
FAX: 705-932-3027
Cell: 705-750-7705
Web: http://www.nexicom.net
Nexicom – Connected. Naturally.



___
juniper-nsp mailing list
juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SSG20 & PBR to Web Proxy

2013-05-01 Thread Josh Farrelly 
Hi guys.

 

We have a customer who'd like to implement a transparent web proxy
configuration using a Sophos Web Appliance. They sit behind an SSG20
that connects them to the Internet. I'm suggesting the proxy will have
an IP in the LAN range.

 

I've confirmed with Sophos that the proxy will correctly handle
connections if we policy-route any packets matching a destination port
of TCP 80 & 443 to it using the firewall, however I'm a little confused
about how the return traffic should be handled.

 

I don't believe the proxy will rewrite the layer 3 address of the
packets it sends out, so return traffic back from the external web
servers will be (theoretically) sent back to the internal IP address,
which is the client directly.

 

Does anyone have any experience in implementing this, or any suggestions
how we go about returning the traffic to the proxy and not directly to
the end client? Any suggestions otherwise? Explicit mode on the proxy is
not an option.

 

Regards,

 

Josh Farrelly
Senior Project Engineer

P +64 9 630 4095 
M +64 21 919 885 
E j...@base-2.co.nz  

PO Box 24666, Royal Oak, Auckland 1345.
126 Valley Rd, Mt Eden, Auckland 1024.

www.base-2.co.nz   

 

 

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] private referral network

2013-05-01 Thread Delian Delchev 
I'd like to include you in my private referral network.

Please accept my invitation below. Thanks!

Best,
Delian Delchev
Dsmarter

View invitation from Delian Delchev





"The new, fast growing networking website is using the power of communication 
to help small businesses build powerful referral networks online." - Boston 
Business Journal

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 1000BaseT SFP

2013-05-01 Thread Paul Stewart 
We haven't had any issues using Prolabs 3rd party SFP's in MX platform
before at 100meg at least on DPCE cards - can't remember if we ever tried
with Juniper "authentic" before or notŠ  Also we have used them on MX80
platform (20x1 GE MIC card)

Paul


On 2013-05-01 2:20 PM, "Serge Vautour"  wrote:

>Very likely no. What's the SFP model number and the line card type you're
>using on the MX?
>
>Serge
>
>
>
>
> From: Keith 
>To: juniper-nsp@puck.nether.net
>Sent: Tuesday, May 10, 2011 8:59:06 PM
>Subject: [j-nsp] 1000BaseT SFP
> 
>
>
>Trying to connect GE copper SFP on MX to a 100meg port on a cisco switch,
>3560 actually.
>
>
>ge-0/0/2 { description "<< Test Link >>"; enable; speed 100m; link-mode
>full-duplex; unit 0 { family inet { address 192.168.1.2/26; show
>interface ge-0/0/2: Physical interface: ge-0/0/2, Enabled, Physical link
>is Up Interface index: 136, SNMP ifIndex: 511 Description: << Test Link
>>> Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, BPDU Error:
>>>None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering:
>>>Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote
>>>fault: Online Device flags   : Present Running Interface flags:
>>>SNMP-Traps Internal: 0x4000 Link flags : None CoS queues : 8
>>>supported, 8 maximum usable queues Current address: 80:71:1f:91:10:02,
>>>Hardware address: 80:71:1f:91:10:02 Last flapped   : 2011-04-28
>>>13:44:09 PDT (1w5d 03:08 ago) Input rate : 0 bps (0 pps) Output
>>>rate: 0 bps (0 pps) Active alarms  : None Active defects : None
>>>Logical interface ge-0/0/2.0 (Index 74) (SNMP ifIndex 522) Flags:
>>>SNMP-Traps
> 0x400 Encapsulation: ENET2 Input packets : 0 Output packets: 19
>Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re Addresses, Flags:
>Is-Preferred Is-Primary Destination: 192.168.1.0/26, Local: 192.168.1.2,
>Broadcast: 192.168.1.63 Protocol multiservice, MTU: Unlimited Swapped
>cables etc, my question is can these 1000BaseT SFP's work at 100M? I can
>configure them as such
>but do they actually work at 100M? Thanks,
>Keith 
>
>
>
>___
>juniper-nsp mailing list juniper-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>___
>juniper-nsp mailing list juniper-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Cisco VSS vs Juniper Virtual Chassis

2013-05-01 Thread Fernando Pascual 


Hi, anyone know if the cisco`s vss (virtual switching system) technology can be replaced with Juniper`s "Virtual Chassis" feature ?, as I know this is not possible (I mean, VSS is better than virtual chassis), could it be replaced with another juniper`s junos feature with the same vss performance ?.
 
Thanks in advance
 
FernandoAVISO LEGAL:
Esta información es privada y confidencial y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha información por favor elimine el mensaje. La distribución o copia de este mensaje está estrictamente prohibida. Esta comunicación es sólo para propósitos de información y no debe ser considerada como propuesta comercial, aceptación ni como una declaración de voluntad oficial de HYNET S.A. La transmisión de e-mails no garantiza que el correo electrónico sea seguro, ni comunicación fehaciente o libre de error. Por consiguiente, no manifestamos que esta información sea completa o precisa. Toda información está sujeta a alterarse sin previo aviso.

This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, comercial proposal, acceptance nor as a statement of will or official statement from HYNET S.A. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX - Static Routing Out Same Interface

2013-05-01 Thread OBrien, Will 
Do you have a policy allowing traffic from that zone to that zone?

On Nov 3, 2010, at 7:33 AM, Bruce Buchanan wrote:

Hi List –

Can anyone give any suggestion/guidance on the following.

I’m trying to do a static route *out* the same interface that the traffic came 
*in* on.  This is on an SRX-240

Here are the details:
“Private”: 192.168.20.0/24
“Public”: 216.168.x.x/32
Static route: 172.30.200.0/24 to  to 192.168.20.121

192.168.20.121 is the IP on a VPN appliance.

Traffic from a client computer never gets routed to the VPN appliance.  This 
works on a Cisco 2800 without a problem, but I can’t get it working on the SRX.

Thanks,
Bruce

Bruce Buchanan
Senior Network Technician
Nexicom
5 King St. E., Millbrook, ON, LOA 1GO
Phone: 705-932-4147
FAX: 705-932-3027
Cell: 705-750-7705
Web: http://www.nexicom.net
Nexicom – Connected. Naturally.


___
juniper-nsp mailing list 
juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] port forwarding howto

2013-05-01 Thread Pappas, AJ 
Hello,

I am still new to Juniper.  I am running a SRX240H and want to port
forward for a specific IP address that is listed in our Proxy ARP range.

I am also running 10.2 as the code for the firewall.

 

209.175.161.137 - External address of our server (server A)

 

Message exchange between the internal application and the provider
external application Hub is bi-directional.

 

-  The internal server (server Aint = 10.200.5.5)

-  This message exchange happens over HTTPS using SSL
encryption on Port 55443

-  These connections are constrained to the application
providers network ip's 69.166.141.130 & 216.27.66.130 

per your firewall configuration, meaning anyone attempting to connect to
your system on port 55443 MUST 

originate from 69.166.141.130 & 216.27.66.130 else they are denied
access.

 

I have already created an application port for tcp 55443.

Any help would be greatly appreciated.

 

AJ Pappas   |   Network Administrator 

Ottawa Regional Hospital & Healthcare Center
 


www.ottawaregional.org    |  
apap...@ottawaregional.org   
phone: 815.431.5180 | mobile line: 815.993.8522 
1100 East Norris Drive, Ottawa, IL 61350 USA

 

P  Please consider the environment before printing this e-mail. 

 

 

Confidentiality Notice: This e-mail may contain confidential
information.  The information is intended only for the use of the
recipient named above.  If you are not the intended recipient, you are
hereby notified that any disclosure, copying, distribution, or the
taking of any action in reliance on the contents of this information,
except its direct delivery to the intended recipient named above, is
strictly prohibited.  If you have received this e-mail in error, please
notify the sender of this and also delete the e-mail from all systems
this message is stored on.

 

 

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Log in M20

2013-05-01 Thread iber-x 




Hello there,
 
this
message has appeared in the log of our M20. It is not the first time
it occurs and we are quite worried.  The
average CPU consumption is 4% and just at the time the message appeared
on the
log, we found increases up to 100% and an increase in temperature of 6
º in the
routing-engine 0. This router works with two logical routers and
receive
full-routing of three different providers. We also have configured and
IS_IS  and IBGP sessions.


May  4 11:43:03 xxx01.yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 7 sec scheduler slip, user: 3 sec 306043 usec, system: 0 sec, 5732 usec


We
do not know what could
be the problem because we have not detected  any event bgp, routing update,
addition of new
machines, an so on,..

Do you have any idea what may be the reason for
this high
cpu usage?

Thanks in advanced

 
 


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Inserting security policies on SRX

2013-05-01 Thread Giuliano Cardozo Medalha 
before using insert i think you need to create the policy !!!

insert is an entry more related to moving policy objects or firewall terms and 
not creation (set)

Sent from my iPhone

On 18/07/2011, at 17:07, "James S. Smith"  wrote:

> I have an SRX240 running 11.1R2.3, and occasionally I have to add new 
> policies.  The obvious choice would seem to be use the insert command but I’m 
> getting some weird errors.  For example, I have a number of policies for the 
> different protocols going between the IT staff and the untrust zone.  When 
> trying to insert a new policy the SRX complains the policy does not exist.
>  
> jsmith@fw01# insert security policies from-zone it_staff to-zone untrust 
> policy it_staff-untrust-windows-rdp before policy it_staff-untrust-default
> error: statement 'it_staff-untrust-windows-rdp' not found
>  
>  
>  
> James S. Smith Network Architect
> WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
>  
> Email: jsm...@windmobile.ca
> Direct: 416-640-9792
>  
> Fax: 416-987-1203  
>  
> 
> 
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Juniper Switch Packet Buffer Matrix

2013-05-01 Thread Skeeve Stevens 
Hey all,

I am doing some iSCSI implementations are the moment and are looking at which 
switch models are best for different iSCSI rollouts we're doing.

I am wanting to know about the following for the EX2200/3200/4300 series 
switches:


-  Size of packet buffering per model

-  If the PB is per port or shared

-  Is there one or more classes of PB classification

-  If the PB is shared, is it per switching module (i.e. 8/12 port 
block) or across the entire switch

-  If the 10GB model is plugged in, does it have its own PB, or does it 
share the main boards?

I looked in the Juniper website specifications and Google and found very 
little.  Any help would be appreciative as we're just starting to get into 
Juniper switching (and loving it)

...Skeeve




--
Skeeve Stevens, CEO/Technical Director
eintellego Pty Ltd - The Networking Specialists
ske...@eintellego.net / www.eintellego.net
Phone: 1300 753 383, Fax: (+612) 8572 9954
Cell +61 (0)414 753 383 / skype://skeeve
www.linkedin.com/in/skeeve ; facebook.com/eintellego
--
[cid:image001.gif@01CAF159.55254650]

Visit us at CeBIT 2010 stand T5 - visit http://www.mycebit.com.au/ and register 
with promo code realca10

Disclaimer: Limits of Liability and Disclaimer: This message is for the named 
person's use only. It may contain sensitive and private proprietary or legally 
privileged information. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. eintellego Pty Ltd and each legal entity in the Tefilah Pty Ltd 
group of companies reserve the right to monitor all e-mail communications 
through its networks.  Any views expressed in this message are those of the 
individual sender, except where the message states otherwise and the sender is 
authorised to state them to be the views of any such entity. Any reference to 
costs, fee quotations, contractual transactions and variations to contract 
terms is subject to separate confirmation in writing signed by an authorised 
representative of eintellego. Whilst all efforts are made to safeguard inbound 
and outbound e-mails, we cannot guarantee that attachments are virus-free or 
compatible with your systems and do not accept any liability in respect of 
viruses or computer problems experienced.

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] JUNOS - TACACS - Cisco ACS Allowed Commands

2013-05-01 Thread Serrano Samaca, Edinson (EXT-Other - MX/Mexico City) 
Hello Ralpah, did you get a solution for your issue? 

 

I am using a m10i junos 10.0, with ACS version 4.4, and the behavior is the 
same. The user authenticated by tacacs does not take the paremeter configured, 
just take the class in remote template.

 

Best Regards,

 

 

 

Edinson M. Serrano Samacá 
Mobile: 5544483952

 

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Issues with LACP and Microsoft

2013-05-01 Thread Sipes, Nathan 
Has anyone run into this error message with LACP configured between a EX and a 
Windows 2003 server?  If so any corrections for it ?



Jan 29 15:46:20  CLGRABMI-02-SW1 /kernel: ge-1/0/9: received pdu - length 
mismatch for lacp : len 128, pdu 124
Jan 29 15:46:20  CLGRABMI-02-SW1 /kernel: ge-0/0/26: received pdu - length 
mismatch for lacp : len 128, pdu 124


Configs:



ae3 {
description CGYHYP02;
traceoptions;
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
active;
periodic slow;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ KM_Citrix_Network KM_Server_Network ];
}
}
}
}




Nathan Sipes
Sr. Network Design Specialist
Tel: 303-914-4996
FAX: 303-763-3510

Kinder Morgan
370 Van Gordon St
Lakewood, CO
80228

nathan_si...@kindermorgan.com

[cid:image001.gif@01CAA411.F8FB79B0]



<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] M5 RE in M20 (lab to production)

2013-05-01 Thread Tom Schmidt 
Hello,
I just faced a problem where I put a former production RE (junos 8.5) from M160 
into our lab M5.

Boot was from cfcard, no hdd installed. Junos bootup msgs were showing “packet 
mismatch” for pfe packages.
Normally it seems that junos is loading this from a full software image on hdd 
if not found on cfcard.

Everything working except the pfe, that’s bad for production 

As my cfcard is 2g, is there a possiblity to install a “complete” image for all 
m-series pfe or at least copy m20 pfe packages additional on cfcard?

I would like to upgrade this re to junos 10.x on m5 and swap it to m20.


Many thanks and best regards,

Tom<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J6350 Jumbo frame MTU and OSPF setting

2013-05-01 Thread Harris Hui 

Thanks Jonathan for the good tips. :-)

- Harris


|>
| From:  |
|>
  
>--|
  |Jonathan Lassoff
  |
  
>--|
|>
| To:|
|>
  
>--|
  |Harris Hui/Hong Kong/IBM@IBMHK   
 |
  
>--|
|>
| Cc:|
|>
  
>--|
  |juniper-nsp@puck.nether.net  
 |
  
>--|
|>
| Date:  |
|>
  
>--|
  |10/02/2010 AM 12:14  
 |
  
>--|
|>
| Subject:   |
|>
  
>--|
  |Re: [j-nsp] J6350 Jumbo frame MTU and OSPF setting   
 |
  
>--|





While having an increased MTU across your WAN can improve throughout
greatly, I would suggest tuning your TCP stack for a "Long Fat Pipe", as
many operating systems are not designed to work well with high-throughput,
high-latency links.


There are some good tips here: http://fasterdata.es.net/


Cheers,
jof


  On Sep 30, 2010 10:38 PM, "Harris Hui" 
  wrote:



  Dear all,

  We had subscribed a private line circuit between 2 different data
  center
  for Data Backup and replication. The bandwidth of the private line is
  100Mbps.

  According to the provider, The Circuit is Built across their
   Network as 2 STS1's or High Speed DS3's which equals 100meg.

  Their GE port setting as follows.

  MTU Size - 9600
  Auto Negotiation - OFF
  Remote Client Fail - Disabled.

  The private circuit is connected directly to the fiber module of our
  J6350
  Services router at each Data Center. The Circuit is up and running
  but when
  we perform some TCP throughput test, we only get ~3Mbps for a Single
  TCP
  session with iPerf and the latency between two data center across the
  private circuit is ~80ms.

  I am trying to configure our J6350 fiber interface to MTU 9192 to get
  a
  better TCP throughput. However, I can only able to configure the MTU
  size
  below 1500, when I configure the MTU to 9192 and commit the changes,
  it
  still shows MTU 1500 on the physical interface.

  Do you have any experience on using Jumbo frame MTU size on the
  J6350? We
  are also running OSPF across the private circuit, is JUNOS support
  "OSPF
  ignore-mtu" like cisco?

  Please advise.

  Fiber module
  
  FPC 3            REV 18   750-013599   AAAH7361          FPC
   PIC 0                                                  1x GE SFP
     Xcvr 0       REV 02   740-011614   PG336CS           SFP-LX10

  show interfaces ge-3/0/0
  speed 1g;
  mtu 1400;
  link-mode full-duplex;
  gigether-options {
     no-auto-negotiation;
  }
  unit 0 {
     family inet {
         address xxx.xxx.xxx.253/30;
     }
  }

  harris@J6350# run show interfaces ge-3/0/0
  Physical interface: ge-3/0/0, Enabled, Physical link is Up
   Interface index: 152, SNMP ifIndex: 184
   Link-level

Re: [j-nsp] Inserting security policies on SRX

2013-05-01 Thread James S. Smith 
Never mind, answered my own question.   Didn't realize you have to define the 
policy first and let it be added to the bottom of the list, and then use the 
insert statement to move it.

James S. Smith Network Architect
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7

Email: jsm...@windmobile.ca
Direct: 416-640-9792

Fax: 416-987-1203

[cid:image001.png@01CC4569.14140240][cid:image002.png@01CC4569.14140240][cid:image003.png@01CC4569.14140240]
[cid:image004.png@01CC4569.14140240]
From: James S. Smith
Sent: Monday, July 18, 2011 4:07 PM
To: juniper-nsp@puck.nether.net
Subject: Inserting security policies on SRX

I have an SRX240 running 11.1R2.3, and occasionally I have to add new policies. 
 The obvious choice would seem to be use the insert command but I'm getting 
some weird errors.  For example, I have a number of policies for the different 
protocols going between the IT staff and the untrust zone.  When trying to 
insert a new policy the SRX complains the policy does not exist.

jsmith@fw01# insert security policies from-zone it_staff to-zone untrust policy 
it_staff-untrust-windows-rdp before policy it_staff-untrust-default
error: statement 'it_staff-untrust-windows-rdp' not found



James S. Smith Network Architect
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7

Email: jsm...@windmobile.ca
Direct: 416-640-9792

Fax: 416-987-1203

[cid:image001.png@01CC4569.14140240][cid:image002.png@01CC4569.14140240][cid:image003.png@01CC4569.14140240]
[cid:image004.png@01CC4569.14140240]
<><><><>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Fwd: bgp license mx480 MPC-3D-16XGE-SFPP

2013-05-01 Thread Mark Tinka 
On Tuesday, April 30, 2013 11:47:52 PM Eugeniu Patrascu wrote:
> In the Release Notes for JUNOS 12 something for EX, there
> is an example of commit error when you use a protocol
> without a license and you cannot use it. I am missing
> the right link now but it stood out as it was the first
> time I saw it.

Found this for Junos 12.3R2:

http://www.juniper.net/techpubs/en_US/junos12.3/information-products/topic-collections/release-notes/12.3/index.html

License Warning Messages

For using features that require a license, you must install 
and configure a license key. To obtain a license key, use 
the contact information provided in your certificate.

If you have not purchased the AFL or EFL and installed the 
license key, you receive warnings when you try to commit 
the configuration:

[edit protocols]
  'bgp'
warning: requires 'bgp' license
error: commit failed: (statements constraint check failed)

The system generates system log (syslog) alarm messages notifying 
you that the feature requires a license—for example:

Sep  3 05:59:11   craftd[806]:  Minor alarm set, BGP Routing Protocol usage 
requires a license
Sep  3 05:59:11   alarmd[805]: Alarm set: License color=YELLOW, class=CHASSIS, 
reason=BGP Routing Protocol usage requires a 
license
Sep  3 05:59:11   alarmd[805]: LICENSE_EXPIRED: License for feature bgp(47) 
expired

Output of the show system alarms command displays the active 
alarms:

user@switch> show system alarms

1 alarm currently active
Alarm time   Class  Description
2009-09-03 06:00:11 UTC  Minor  BGP Routing Protocol usage requires a license

Cheers,

Mark.


signature.asc
Description: This is a digitally signed message part.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] srx240 VPN Question

2013-05-01 Thread Pappas, AJ 
I have a srx240.  I have someone who has a vpn with us who wants to
change from a static IP address on an ipsec tunnel to a FQDN.  Is there
any documentation on how to do this or if it is possible?  He is able to
provide the two ip's to me that it will be coming from.  This is for a
failover from them.  Two separate providers / ip's.

 

AJ Pappas   |   Network Administrator 

Ottawa Regional Hospital & Healthcare Center
 


www.ottawaregional.org    |  
apap...@ottawaregional.org   
phone: 815.431.5180 | mobile line: 815.993.8522 
1100 East Norris Drive, Ottawa, IL 61350 USA

 

P  Please consider the environment before printing this e-mail. 

 

 

Confidentiality Notice: This e-mail may contain confidential
information.  The information is intended only for the use of the
recipient named above.  If you are not the intended recipient, you are
hereby notified that any disclosure, copying, distribution, or the
taking of any action in reliance on the contents of this information,
except its direct delivery to the intended recipient named above, is
strictly prohibited.  If you have received this e-mail in error, please
notify the sender of this and also delete the e-mail from all systems
this message is stored on.

 

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Únete a mi red en LinkedIn

2013-05-01 Thread Karthik T S a través de LinkedIn 
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Senior Advanced IP Routing and Switching engineers - multiple locations USA

2013-05-01 Thread Samantha Smith 
Hello,

We are currently recruiting for Senior IP Routing and Switching CCIE/
JNCIE / JNCIP level engineers to join the Advanced Services organisation
for a global networking vendor. 

Responsibilities include complex troubleshooting and problem solving at
a Tier3/ 4 level for select key worldwide Service Provider and
Enterprise customers. The successful candidate will have in-depth
knowledge and experience with MPLS and MPLS VPN's, BGP, ISIS, OSPF,
IPv4, Multicast and Ethernet. With 7+ years networking experience you
will have strong customer service and interpersonal skills. 

 We have positions currently located in the US offices in either
Sunnyvale - San Jose, Westford - Massachusetts, Herndon - near
Washington, West Virginia. Relocation assistance can be provided to
candidates from the US or Canada.

Salary is depending upon skills and experience, plus bonus and flexi
benefits.

For further details and full job description please feel free to contact
me on the contact details below.

Many thanks!

Samantha

 

 



Samantha Smith

Technology Resourcing Ltd

'Professional Telecomms Recruitment' 

Tel:+44 (0)1483 302211

Mob: +44 (0) 7786 628345

Fax:   +44 (0)1483 301222  

Web: www.tech-res.co.uk
 

 
 

 

If you are not an intended recipient and have received this message in error, 
please notify the sender immediately. It is for the intended addressee(s) only. 
This e-mail and the information it contains may be privileged and/or 
confidential. The unauthorised use, disclosure or copying of any information it 
contains is prohibited. The opinions expressed in this mail are those of the 
author and do not necessarily represent the views of the company. Technology 
Resourcing Ltd registered office: Technology Centre, Surrey Research Park, 
Guildford, Surrey. GU2 7YG. UK Reg'd no. 3299861. Switchboard Tel. No. +44 
(0)1483 302211

This message has been scanned by MailController - 
www.MailController.altohiway.com<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] (no subject)

2013-05-01 Thread Tomasz Mikołajek 
Have you ever used Junos Pulse on mobile phone?

W dniu 5 czerwca 2010 22:29 użytkownik Ivan Ivanov
napisał:

> Jailbreaked iPhone, even you can use RDP in ssh tunnel.
>
> Upcoming iPhone OS 4 will support SSL VPN from Juniper.
>
> I haven't tried Android, but iPhone is good enough when you used to use
> shell with touch screen.
>
> [?]
>
> 2010/6/5 Tomasz Mikołajek 
>
>> Ok, so if we are talking about mobile phones/smartphones, which one in the
>> best for network engineer? I am befor changing my phone to new one. I need
>> SSH and VPN.
>>
>> W dniu 4 czerwca 2010 13:55 użytkownik Chris Evans <
>> chrisccnpsp...@gmail.com
>> > napisał:
>>
>> > You know how to tell when someone has an apple product?
>> >
>> > They tell you they do. :)
>> >
>> > On Jun 4, 2010 7:34 AM, "Tomasz Mikołajek" 
>> wrote:
>> >
>> > Someone has IPhone.
>> > Sent from my MacBook. ;-)
>> >
>> > 2010/6/4 Shane Short 
>> >
>> >
>> > > It's the answer to the universe!
>> > >
>> > >
>> > > *faints*
>> > >
>> > > On 04/06/2010, at 11:08 AM, Tommy Pernici...
>> >
>> >
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Best Regards!
>
> Ivan Ivanov
>
<<330.gif>>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] 1000BaseT SFP

2013-05-01 Thread Keith 


  
  

 Trying to connect GE copper SFP on MX to a 100meg port on a cisco
switch, 3560 actually.

ge-0/0/2 {
description "<< Test Link >>";
enable;
speed 100m;
link-mode full-duplex;
unit 0 {
family inet {
address 192.168.1.2/26;

show interface ge-0/0/2:

Physical interface: ge-0/0/2, Enabled, Physical link is Up
  Interface index: 136, SNMP ifIndex: 511
  Description: << Test Link >>
  Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
  Auto-negotiation: Enabled, Remote fault: Online
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Link flags : None
  CoS queues : 8 supported, 8 maximum usable queues
  Current address: 80:71:1f:91:10:02, Hardware address: 80:71:1f:91:10:02
  Last flapped   : 2011-04-28 13:44:09 PDT (1w5d 03:08 ago)
  Input rate : 0 bps (0 pps)
  Output rate: 0 bps (0 pps)
  Active alarms  : None
  Active defects : None

  Logical interface ge-0/0/2.0 (Index 74) (SNMP ifIndex 522)
Flags: SNMP-Traps 0x400 Encapsulation: ENET2
Input packets : 0
Output packets: 19
Protocol inet, MTU: 1500
  Flags: Sendbcast-pkt-to-re
  Addresses, Flags: Is-Preferred Is-Primary
Destination: 192.168.1.0/26, Local: 192.168.1.2, Broadcast: 192.168.1.63
Protocol multiservice, MTU: Unlimited

Swapped cables, xover and straight. Setup the cisco port as access/vlan and a routed port 
hardcoding the speed/duplex and auto and I can not get a link between the devices. 

My question is can these 1000BaseT SFP's work at 100M? I can configure them as such
but do they actually work at 100M?

Thanks,
Keith








  

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Juniper SRX 3400 Clustering

2013-05-01 Thread Altaf Ahmad 
Hi Experts,

 

I did configure the clustering of SRX 3400 chassis without installing
SRX3K-CRM Module and it went successful. Could anyone please let tell me
that then what is the purpose of CRM? Even in Juniper SRX3400 hardware
guide I read that this module is necessary for the clustering.  But I am
achieving the clustering feature without  installing the module. 

 

 

Kind Regards,

 

   Altaf Ahmad | Senior Solutions Designer

   CCIE # 28697 (R&S), CCIE SP (Written), CCSP

 

Business Management Company (BMC)

 

Anouf Building, Ihsaa St. Malaz Dist., P.O. Box 25650, Riyadh 11476, KSA

): +966  561 538336 |  (: +966 1 4793 247 Extension 594   | 7: +966 1
4790 878  
Email:  aah...@bmc.com.sa    | URL:  
www.bmc.com.sa   

 

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Layer 3 sub interfaces on a EX3200

2013-05-01 Thread Bruce Buchanan 
Hi List,

 

Long time lurker, first time poster here.

 

Does anyone know what the maximum number of L3 sub-interfaces is on a
single interface on an EX-3200?

 

Thanks!

Bruce

 

Bruce Buchanan
Senior Network Technician
Nexicom
5 King St. E., Millbrook, ON, LOA 1GO
Phone: 705-932-4147
FAX: 705-932-3027
Cell: 705-750-7705
Web: http://www.nexicom.net  
Nexicom - Connected. Naturally.

 
 

 

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Industrial Socket for EX8208??

2013-05-01 Thread Keegan.Holley 
Have you tried google? :)

Here's a link with pictures.

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/specifications/ac-power-ex8200-series-cord.html







Re: [j-nsp] Industrial Socket for EX8208??

Fahad Khan 
to:
Keegan.Holley
05/02/10 02:32 PM


Cc:
juniper-nsp, juniper-nsp-bounces







In my case, I am going to get BS 1363/A standard. would it be normal 3 pin 
flat??

regards,
Muhammad Fahad Khan
JNCIP - M/T # 834
IT Specialist
Global Technology Services, IBM
fa...@pk.ibm.com
+92-321-2370510
+92-301-8247638
Skype: fahad-ibm
http://www.linkedin.com/in/muhammadfahadkhan
http://fahad-internetworker.blogspot.com
http://www.visualcv.com/g46ptnd


On Sun, May 2, 2010 at 9:18 PM,  wrote:
Both switches depend on the type of power supply ordered and the country 
you install it in.  For example you can have a 6500 with power supplies 
that use the normal sockets.  A fully populated 6509 will consume most of 
the power on a 220/208V AC circuit so it is easier to order it with the 
"industrial" (usually L6-30 for US 220/208 VAC) and connect the power 
supplies directly to the power feed instead of wasting money on a outlet 
strip.  However, the same switch with one or two blades can easily share 
the circuit with other equipment and maybe ordered with "normal" 
connectors and plugged into an outlet strip/PDU.  The easiest thing to do 
would be to get the part number for the power supplies and look them up or 
get your power requirements and make sure you order the correct part no. 
HTH, 
Keegan 






[j-nsp] Industrial Socket for EX8208??


Fahad Khan 
to: 
juniper-nsp 
05/02/10 11:38 AM



Sent by: 









Hi Folks,


Does EX 8208 require Industril Socket for Power , just like Cisco 6500 ??

Please reply urgently

Thanks in adv

Muhammad Fahad Khan
JNCIP - M/T # 834
IT Specialist
Global Technology Services, IBM
fa...@pk.ibm.com
+92-321-2370510
+92-301-8247638
Skype: fahad-ibm
http://www.linkedin.com/in/muhammadfahadkhan
http://fahad-internetworker.blogspot.com
http://www.visualcv.com/g46ptnd
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] (no subject)

2013-05-01 Thread Elayaraja K [ IT ] 



_
7 Switch off as you go   |   qRecycle always   |   P Save Paper - Save Trees   
|  [Description: cid:image003.jpg@01CA8223.3FC8A220]  Go Green




This email and any attached files ("Message") may contain confidential and/or
privileged information. It is intended solely for the addressee(s). If you
receive this Message in error, inform the sender by reply email, delete the
Message and destroy any printed copy.
Any unauthorized use, distribution, or copying of this Message or any part
thereof is prohibited. Emails are susceptible to alteration. Neither NOCL nor
any of its affiliates shall be liable for the Message if altered or falsified.
<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Juniper and Brocade CES/CER interoperability

2013-05-01 Thread Armin Kask 
 Hi All, we have a network consisting of FESX/SuperX and CES/CER switches in a ring formationFESX/SuperX are used for L2 forwarding and CES/CER are also connected to the ring doing L2 and L2VPN on top.We have an idea to break up the large L2 domain kept together by MSTP with some MPLS routers so that the MSTP domains will be between any two routers.The routers will need to do something like MSTAG or mac flush on VPLS topology change.I was wondering if we could/should use MX-80 or 240 for this. I am pretty sure that simple L2 with MSTP will be interoperable between the vendors but I am not so sure about L2VPN and VPLS and L3VPN in the future.Can anybody comment on thisArmin
Käesolev kiri võib sisaldada konfidentsiaalset informatsiooni ja on mõeldud kasutamiseks ainult selle adressaadile. Kui antud sõnum ei ole suunatud Teile, siis selle avaldamine, kopeerimine, levitamine või muul viisil kasutamine on rangelt keelatud ning võib olla ebaseaduslik. Kui saite selle kirja ekslikult, palun teavitage sellest koheselt informatsiooni saatjat ning kustutage kiri oma süsteemidest.
The information in this communication may be confidential and is intended solely for the use of the addressee. If you are not the intended recipient you are hereby notified that any use, disclosure, copying, distribution or taking any other action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender and delete the material from your systems.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] STP Between Cisco and Juniper

2013-05-01 Thread Saba Sumsam 
Hi,
Thanks a lot for your comments.

The topology is pretty simple. A single VLAN between the following devices,
with users connected to the Cisco switches using a VRRP gateway between
SRX100 & SRX210.

[image: Inline image 1]

It's strange that the SRX210 doesn't support MSTP - so can't go for MST
between all devices.

Regards.


On Sat, Nov 10, 2012 at 5:38 PM, Jonathan Lassoff  wrote:

> On Fri, Nov 9, 2012 at 9:57 PM, Saba Sumsam 
> wrote:
> > Hi,
> > I have a Layer 2 network consisting of a Cisco 2970G, SRX210 and SRX100.
> > Following are the STP modes supported on each:
> >
> > Cisco 2970G: mst, pvst, rapid-pvst
> > Juniper SRX100: STP, RSTP. MSTP
> > Juniper SRX210: STP, RSTP
> >
> > My question is: Is Cisco mst interoperable with Juniper RSTP. What mode
> > should I be using on each device in this case?
> >
> > Suggestions highly appreciated.
>
> The best solution will really depend on your environment.
> What is the topology like?
>
> I would avoid MST/MSTP unless you have a good reason to use it. A
> Cisco running MSTP should interoperate with non-MSTP-speaking devices,
> as external to MSTP-speaking boxes, each "region" looks like like a
> big spanning-tree bridge.
>
> If your environment is simple and doesn't have any unusual
> requirements, I would go for rapid-pvst/rstp on each device.
>
> Cheers,
> jof
>
<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Log Juniper M20

2013-05-01 Thread iber-x 




Hi all,

anyone
knows what could be the reason that this message appears on the log of
our juniper M20?

Apr 6 06:00:15 -yyy2.abc-d.net LEV[2625]:
RPD_SCHED_SLIP: 5 sec scheduler slip, user: 4 sec 940542 usec, system:
0 sec, 14925 usec
Apr 6 05:58:07 -yyy2.abc-d.net LEV[2625]: RPD_SCHED_SLIP: 4 sec
scheduler slip, user: 4 sec 75182 usec, system: 0 sec, 0 usec

Thanks

Mathew


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] M5 RE in M20 (lab -> production)

2013-05-01 Thread Tom 
Hello,
I just faced a problem where I put a former production RE (junos 8.5) from M160 
into our lab M5.

Boot was from cfcard, no hdd installed. Junos bootup msgs were showing “packet 
mismatch” for pfe packages.
Normally it seems that junos is loading this from a full software image on hdd 
if not found on cfcard.

Everything working except the pfe, that’s bad for production 

As my cfcard is 2g, is there a possiblity to install a “complete” image for all 
m-series pfe or at least copy m20 pfe packages additional on cfcard?

I would like to upgrade this re to junos 10.x on m5 and swap it to m20.


Many thanks and best regards,

Tom<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Brocade Juniper interoperability

2013-05-01 Thread Armin Kask 
 Hi All, we have a network consisting of FESX/SuperX and CES/CER switches in a ring formationFESX/SuperX are used for L2 forwarding and CES/CER are also connected to the ring doing L2 and L2VPN on top.We have an idea to break up the large L2 domain kept together by MSTP with some MPLS routers so that the MSTP domains will be between any two routers.The routers will need to do something like MSTAG or mac flush on VPLS topology change.I was wondering if we could/should use MX-80 or 240 for this. I am pretty sure that simple L2 with MSTP will be interoperable between the vendors but I am not so sure about L2VPN and VPLS and L3VPN in the future.Can anybody comment on this
Käesolev kiri võib sisaldada konfidentsiaalset informatsiooni ja on mõeldud kasutamiseks ainult selle adressaadile. Kui antud sõnum ei ole suunatud Teile, siis selle avaldamine, kopeerimine, levitamine või muul viisil kasutamine on rangelt keelatud ning võib olla ebaseaduslik. Kui saite selle kirja ekslikult, palun teavitage sellest koheselt informatsiooni saatjat ning kustutage kiri oma süsteemidest.
The information in this communication may be confidential and is intended solely for the use of the addressee. If you are not the intended recipient you are hereby notified that any use, disclosure, copying, distribution or taking any other action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender and delete the material from your systems.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Únete a mi red en LinkedIn

2013-05-01 Thread Karthik T S a través de LinkedIn 
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] DSCP MArking

2013-05-01 Thread Darlington Moyo 


Hi

I have a perimeter router (M320- Software Suite [10.1R2.8]) on which I would 
like to color international traffic differently from National traffic.Kindly 
suggest optimal config  without impacting performance on the device.


Regards[cid:image001.png@01CB564F.C5B46490]

Click here to read the Neotel electronic communications disclaimer.

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] JNCIP/JNCIE new Tracks

2013-05-01 Thread Scott Morris 




Anyone who has confirmed knowledge is under an NDA and not supposed to
say anything.   When Juniper puts the information out to the public,
then we can talk the details.  :)







 


Scott Morris, CCIEx4
(R&S/ISP-Dial/Security/Service Provider) #4713,
CCDE #2009::D, JNCIE-M #153, JNCIS-ER, CISSP, et al.
CCSI #21903, JNCI-M, JNCI-ER
s...@emanon.com


Knowledge is power.
Power corrupts.
Study hard and be Eeeevl..



Fahad Khan wrote:

  Dear folks,

Does any one know about new tracks gonna be launched by Juniper like
JNCIP-Security etc

Any one who has confirmed knowledge, please share

regards,

Muhammad Fahad Khan
JNCIP - M/T # 834
IT Specialist
Global Technology Services, IBM
fa...@pk.ibm.com
+92-321-2370510
+92-301-8247638
Skype: fahad-ibm
http://www.linkedin.com/in/muhammadfahadkhan
http://fahad-internetworker.blogspot.com
http://www.visualcv.com/g46ptnd
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

  



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Two RRs

2013-05-01 Thread Keegan.Holley 
This is more a design question than configuration.  It depends on if you 
need routes reflected to this reflector or if it will receive all the 
necessary routes via it's normal peerings.  It sounds like you don't need 
the second RR to be a client of the first, but again that depends on your 
network.  Cisco has the same functionality such that the RRclient status 
is not configured locally.  It's just done with a different set of 
commands.






[j-nsp] Two RRs

alaerte vidali 
to:
juniper-nsp
04/28/10 02:23 PM


Sent by:








Hi,

When configuring two route reflectors on same clusters for redundancy
purpose, does it matter if the backup reflector is configured inside the
same group for clients?

For example:

group RRclients
type internal
cluster 1.1.1.1
neighbor "client1"
neighbor "client2"
neighbor "RR2"

group NonRRclients
type internal
neighbor "client3"

Or is it mandatory configure the other RR out of the group where cluster 
ID
is configured?

Like this:

group RRclients
type internal
cluster 1.1.1.1
neighbor client1"
neighbor "client2"

group NonRRclients
type internal
neighbor "client3"
neighbor "RR2"


I guess my question/confusion is because on Cisco we have explicity 
command
to define neighbor as RRclient or notRRclient, and the backup RR is not
configured as client.

As Juniper does not have so, I need to know if Juniper will consider the
backup RR as client if I configure it inside the group where "cluster"
command is used.

Comments appreciated.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] IP address

2013-05-01 Thread Murphy, Jay, DOH 

10.8.0.1/31 What are the useable IPs. What is the broadcast and network address 
in this subnetwork?

Thanks.

Daniel

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX - Static Routing Out Same Interface

2013-05-01 Thread Bruce Buchanan 
Hi List -

 

Can anyone give any suggestion/guidance on the following.

 

I'm trying to do a static route *out* the same interface that the
traffic came *in* on.  This is on an SRX-240

 

Here are the details:

"Private": 192.168.20.0/24

"Public": 216.168.x.x/32

Static route: 172.30.200.0/24 to  to
192.168.20.121

 

192.168.20.121 is the IP on a VPN appliance.

 

Traffic from a client computer never gets routed to the VPN appliance.
This works on a Cisco 2800 without a problem, but I can't get it working
on the SRX.

 

Thanks,

Bruce

 

Bruce Buchanan
Senior Network Technician
Nexicom
5 King St. E., Millbrook, ON, LOA 1GO
Phone: 705-932-4147
FAX: 705-932-3027
Cell: 705-750-7705
Web: http://www.nexicom.net  
Nexicom - Connected. Naturally.

 
 

 

<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Inserting security policies on SRX

2013-05-01 Thread James S. Smith 
I have an SRX240 running 11.1R2.3, and occasionally I have to add new policies. 
 The obvious choice would seem to be use the insert command but I'm getting 
some weird errors.  For example, I have a number of policies for the different 
protocols going between the IT staff and the untrust zone.  When trying to 
insert a new policy the SRX complains the policy does not exist.

jsmith@fw01# insert security policies from-zone it_staff to-zone untrust policy 
it_staff-untrust-windows-rdp before policy it_staff-untrust-default
error: statement 'it_staff-untrust-windows-rdp' not found



James S. Smith Network Architect
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7

Email: jsm...@windmobile.ca
Direct: 416-640-9792

Fax: 416-987-1203

[cid:image001.png@01CC4564.9C2EA310][cid:image002.png@01CC4564.9C2EA310][cid:image003.png@01CC4564.9C2EA310]
[cid:image004.png@01CC4564.9C2EA310]
<><><><>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Hardware Failures

2013-05-01 Thread Sipes, Nathan 
All,
Recently I purchased about 60 j2320 routers, out of the first 
~20 that were installed 3-4 were DOA, one had a bad console port, 2 had bad CPU 
fans and one takes about 20 minutes for the T1 card to come up and be 
recognize/start passing traffic from a restart.

These issues are giving me a very quick dislike for the little juniper routers.

Has anyone else run into this or did I just get a bad batch of hardware?



Nathan Sipes
Sr. Network Design Specialist
Tel: 303-914-4996
FAX: 303-763-3510

Kinder Morgan
370 Van Gordon St
Lakewood, CO
80228

nathan_si...@kindermorgan.com

[cid:image001.gif@01CA24B6.CD985200]



<>___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J6350 Jumbo frame MTU and OSPF setting

2013-05-01 Thread Harris Hui 

Hi Ben,

Thanks for your hits. I can configure the fiber PIMs to MTU 9018 and able
to ping other J6350 with ICMP packet over 8000 bytes with do-not-fragment.

Physical interface: ge-3/0/0, Enabled, Physical link is Up
  Interface index: 152, SNMP ifIndex: 184
  Description:
  Link-level type: Ethernet, MTU: 9018, Speed: 1000mbps, BPDU Error: None,
MAC-REWRITE Error: None,
  Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
Auto-negotiation: Disabled,
  Remote fault: Online
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Link flags : None
  CoS queues : 8 supported, 8 maximum usable queues
  Current address: b0:c6:9a:87:35:36, Hardware address: b0:c6:9a:87:35:36
  Last flapped   : 2010-09-27 02:32:24 UTC (5d 01:50 ago)
  Input rate : 0 bps (0 pps)
  Output rate: 1672 bps (3 pps)
  Active alarms  : None
  Active defects : None

ping XXX.XXX.XXX.254 size 8976 do-not-fragment
PING XXX.XXX.XXX.254 (XXX.XXX.XXX.254): 8976 data bytes
8984 bytes from XXX.XXX.XXX.254: icmp_seq=0 ttl=64 time=77.341 ms
8984 bytes from XXX.XXX.XXX.254: icmp_seq=1 ttl=64 time=77.758 ms
8984 bytes from XXX.XXX.XXX.254: icmp_seq=2 ttl=64 time=77.487 ms
^C
--- XXX.XXX.XXX.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 77.341/77.529/77.758/0.173 ms

However, increasing the MTU size on both the J6350s may not be able to get
a better TCP throughput, because the Host NICs and Switchport are also
using MTU 1500 right? Should I change the MTU size on Host NICs and Juniper
EX switches to MTU 9018 in order to prevent the frame fragmentation
happened below 9018?

Please advise.

Thanks
- Harris



|>
| From:  |
|>
  
>--|
  |Ben Dale   
 |
  
>--|
|>
| To:|
|>
  
>--|
  |Harris Hui/Hong Kong/IBM@IBMHK   
 |
  
>--|
|>
| Cc:|
|>
  
>--|
  |juniper-nsp@puck.nether.net  
 |
  
>--|
|>
| Date:  |
|>
  
>--|
  |10/01/2010 PM 07:46  
 |
  
>--|
|>
| Subject:   |
|>
  
>--|
  |Re: [j-nsp] J6350 Jumbo frame MTU and OSPF setting   
 |
  
>--|





Hi Harris

My apologies, I completely missed the fact that you were using fiber PIMs -
maximum MTU for these is 9018 or 9014 if you have the multi-port version:

http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-interfaces-and-routing/interfaces-physical-properties-section.html#interfaces-mtu-section

On 01/10/2010, at 8:36 PM, Harris Hui wrote:



  Hi Ben,

  Looks like I can apply the MTU setting on the reth interface but
  cannot apply it on the fiber modules.

  show interfaces reth4
  Physical interface: reth4, Enabled, Physical link is Up
  Interface index: 132, SNMP ifIndex: 180
  Link-level type: Ethernet, MTU: 9192, Speed: 1000mbps, BPDU Error:
  None, MAC-REWRITE Error: None, Loopback:

Re: [j-nsp] Class E IP addresses

2013-05-01 Thread Keegan.Holley 
As with most other "dirty" address ranges these will inevitably be used for something.  It's just a fact of life as IPv4 space becomes more and more scarce.  For example APNIC has begun assigning addresses in the previously reserved and often hijacked 1.0/8 range.- wrote: -To: juniper-nsp@puck.nether.netFrom: Chuck Anderson Sent by: Date: 03/08/2010 04:08PMSubject: [j-nsp] Class E IP addressesFrom 9.6 release notes:  Class E addresses—The JUNOS Software now allows Class E addresses to be  configured on interfaces. To allow Class E addresses to be configured on  interfaces, remove the Class E prefix from the list of martian addresses by  including the [edit routing-options martians 240/4 orlonger allow] configuration  statement.Whoa.  What is the use of this?  While it sounds like a neat idea to reclaim Class E for actual use in this age of IPv4 depletion, the idea loses its appeal once you realize the huge numbers of legacy devices that won't want to have anything to do with Class E.___juniper-nsp mailing list juniper-nsp@puck.nether.nethttps://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] 13 Tips for Passing Juniper Lab Tests

2013-05-01 Thread Keegan.Holley 
No offense but that example seems a bit hokey to me.  How many quad CCIE's 
are there in the world now 12?  Also, how many of them update route 
filters for a living?  They are usually pretty high up (deserving or no). 
In Scott's case he was just nominated as everyone's favorite routing 
protocol. 








Re: [j-nsp] 13 Tips for Passing Juniper Lab Tests

Scott Morris 
to:
Richard A Steenbergen
06/29/09 05:13 PM


Sent by:
juniper-nsp-boun...@puck.nether.net
Cc:
Juniper Puck
Please respond to swm






I feel a need to jump in here and note that this person noted below was 
most certainly not me (grin).

But yes, you're right, they can't test for stupid.  Any of these tests 
are meant to test technology knowledge.  That's done through 
artificially strange scenarios.

The rest is experience.

 


*Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,

JNCIE-M #153, JNCIS-ER, CISSP, et al.

CCSI #21903, JNCI-M, JNCI-ER

s...@emanon.com


Knowledge is power.

Power corrupts.

Study hard and be Eeeevl..



Richard A Steenbergen wrote:
> On Mon, Jun 29, 2009 at 01:14:52PM -0600, Chris Grundemann wrote:
> 
>> New blog post that folks on this list might find interesting / worth
>> reading:  http://bit.ly/43A7K (13 Tips for Passing Juniper Lab Tests)
>> ~Chris
>> 
>
> Dude, really? Study a lot, read the question thoroughly, manage your
> time carefully? What kind of pussy advice is this? :) I think you forgot
> "eat a balanced breakfast" and "sharpen your #2 pencil". :) Only like
> 20% of the book it actually on the exam, the only thing studying left me
> with was a hurt liver from all the drinking it took to get that QoS crap
> out of my head afterwards.
>
> Seriously though, your best advice is item #1, have some experience. If
> you're new to this but you think you want to be a JNCIE, you will be
> infinitely better served by getting a job at a company with a decent
> network than you will be by putting 1000 olives in your basement and
> memorizing the handful of artificial scenerios that they were able to
> squeeze into an 8 hour lab. And probably have a lot more money at the 
> end of the day too.
>
> I once had a quad CCIE customer who intentionally configured his router
> to leak a full table from their other transit provider to me, because
> (and I really wish I was joking here) "why does it matter, your
> prefix-list will catch it anyways". Alas they haven't figured out a
> comprehensive way to test for stupid yet. :)
>
> 
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] rib group

2013-05-01 Thread Keegan.Holley 
It is basically a way to allow two routing tables to share some or all 
routes without using up extra memory by actually overlapping them and 
copying those routes into each table that needs them.
 





[j-nsp] rib group

David water 
to:
juniper-nsp
04/27/10 12:08 AM


Sent by:








All,

How does rib-group work in JUNOS? How does the import and export works 
using
rib-groups?

-- 
David W.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp