[j-nsp] Steel-Belted RADIUS backups
Hi all, Does anyone out there use SBR? We have the Global Enterprise Edition (GEE) version v6.1.7 running on Linux. I'm putting something in place to back up SBR itself; currently we just tar up /opt/JNPRsbr/radius (after stopping sbrd) but it's occurred to me that we have never tested a recovery using this method. JTAC are telling me there is no automated way to perform the XML export function normally performed in the GUI. The product docs don't make it clear whether taking a copy of everything in /opt/JNPRsbr/radius/ is enough, or whether the XML export is also required. Looking at what the supplied install/upgrade scripts do, it's just a recursive 'cp' with some unnecessary folders excluded. We also take backups of the VM guest that's running SBR but I'm not familiar enough with SBR's back-end databases to know whether that results in a recoverable data set; there'll be open files for sure (hence the stop;tar;start method described above). What do you do? use FreeRADIUS instead is a valid but unwelcome response :-)) Cheers, Dale ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX's dynamic vpn
Hi all: I have some questions about srx’s dynamic vpn. Suppose two user connected throught dynamic vpn, is there a configuration could make them access each other? I know the default setting can’t. If can’t do, is there office explain about the thory? And what about ssl vpn? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX5800 - Security-Profile for Logical Systems
Dear All, I configured couple of logical systems and there are going to be 10 to 15 more in future. I want to know what is the best practice when assign the resources e.g. policies, flow session etc. to logical systems. I am more concerned about CPU. Lets say i will enable only basic firewalling (security policies) and static routes. One important question, If i make any change in resource allocation of working , does it interrupt/affect the traversing traffic? I would be thankful if someone share security-profile config as a sample and/or any document that helps. Regards ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] MPLS PEs out in the last-mile
I have found recently that we are pushing MPLE PE's closer and closer out towards some customers, which means sometimes across flaky RF and DSL last-mile type connections. Usually this is with small SRX's, to provide a managed-endpoint for L2VPN over nasty last-mile topology. Is there some way to have a PE hanging out in the breeze without setting it up directly in my IGP? I don't really want last-mile IGP churn from hundreds of micro-PEs in my network. Does it work to build the MPLS LSPs to endpoints learned over BGP instead of an IGP, since I need BGP to the local POP's RRs for L2VPN NLRI anyway? I'm waiting on some junosphere credits to test this out but thought I'd ask what others are doing. -Will ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Steel-Belted RADIUS backups
How about a MAG running IC + RADIUS License? It's not FreeRADIUS :) In all seriousness perhaps you can script an export using the LDAP tools, and import that back in? http://www.juniper.net/techpubs/software/aaa_802/sbrc/sbrc70/sw-sbrc-admin/ html/LDAPConfig6.html#334279 On 8/29/13 5:10 AM, Dale Shaw dale.shaw+j-...@gmail.com wrote: Hi all, Does anyone out there use SBR? We have the Global Enterprise Edition (GEE) version v6.1.7 running on Linux. I'm putting something in place to back up SBR itself; currently we just tar up /opt/JNPRsbr/radius (after stopping sbrd) but it's occurred to me that we have never tested a recovery using this method. JTAC are telling me there is no automated way to perform the XML export function normally performed in the GUI. The product docs don't make it clear whether taking a copy of everything in /opt/JNPRsbr/radius/ is enough, or whether the XML export is also required. Looking at what the supplied install/upgrade scripts do, it's just a recursive 'cp' with some unnecessary folders excluded. We also take backups of the VM guest that's running SBR but I'm not familiar enough with SBR's back-end databases to know whether that results in a recoverable data set; there'll be open files for sure (hence the stop;tar;start method described above). What do you do? use FreeRADIUS instead is a valid but unwelcome response :-)) Cheers, Dale ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MPLS PEs out in the last-mile
On Thursday, August 29, 2013 08:27:42 PM Will Orton wrote: Does it work to build the MPLS LSPs to endpoints learned over BGP instead of an IGP, since I need BGP to the local POP's RRs for L2VPN NLRI anyway? RFC 3107. But I'm not sure whether the SRX's support this. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SNMP Polling
Hi, Does polling many interface on Juniper MX will impact CPU/SYSTEM performance? We are using MX as BRAS and would like to pool all the subsciber interface utilization directly from PP0 interface. Can someone share interm of scaling, how many interface we can pool for traffic utilization before it impact performance. /Kamal ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Throughput monitoring on pp0 units (Branch SRX)
Hi, I'm trying to monitor throughput on individual pppoe connections on a branch SRX, using SNMP. For example, SRX110 with a PPP dialer on the DSL port and another PPPoE connection on an ethernet interface. If I monitor pp0, I seem to get the aggregate throughput, but if I monitor pp0.0, for instance, I hardly see any traffic at all, even though the link is being heavily used. Am I doing something incorrectly, or is this a junos bug/limitation? How are others monitoring this type of thing? Thanks, Andrew ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp