Re: [j-nsp] VRRP aware IGMP/PIM

2014-05-13 Thread Misak Khachatryan 

Hello,

I did at first place, but maybe something wrong went into config, so I 
thought that PIM shouldn't be UP over that link, so as security measure 
i set hello interval to 0 to prevent undesired neighbors to appear.


But after Your remark I did it again, with higher priority configured on 
main link, now everything fine. Thank You very much !


Misak.

Krasimir Avramski wrote:

Hello,

Why you use the hello-interval of 0 on PE1 PIM configuration?
While I'm not 100% sure this probably prevents sending hello messages on
segment so potentially  PIM DR election is broken - there is possibility
both PE routers to believe they are DRs for the segment.(PE1 seeing P2'S
hellos elects himself because of highest IP address and PE2 not seeing
neighbor hellos elect himself as one and only pim router on segment)

HTH,
Krasi


On 13 May 2014 15:09, Misak Khachatryan mailto:m.khachatr...@gnc.am>> wrote:

Hello,

i have following scheme:


PE1  CE  PE2
   |
Multicast Receiver

PE1 - MX480
PE2 - MX80
CE  - EX4200

VLAN with IGMP snooping configured on CE. VRRP and VRF with NG-MVPN
configured on PE1 and PE2. IGMP enabled on both CE facing interfaces.

Now both PEs sending multicast streams to receiver, despite on that
one VRRP peer is active, second - passive, which causes unpredicted
results on receiver side. Disabling IGMP or interface from any side
makes everything to work perfect.

I think there should be a way to tell IGMP that it should accept
register messages until router is not VRRP master, but I can't find it.

Any thoughts?

Config parts:


misak@PE1# show interfaces ge-0/0/1 unit 3093
description IPTV_Ashtarak_OLT1;
vlan-id 3093;
family inet {
 address 10.12.0.1/20  {
 vrrp-group 112 {
 virtual-address 10.12.0.1;
 priority 255;
 fast-interval 100;
 preempt;
 }
 }
}

misak@PE1# show protocols igmp interface ge-0/0/1.3093
version 3;

misak@PE1# show routing-instances IPTV
instance-type vrf;
interface ge-0/0/1.3093;
interface vt-1/3/0.0 {
 multicast;
}
interface lo0.1;
route-distinguisher 65500:3093;
provider-tunnel {
 selective {
 group 239.255.0.0/24  {
 source 10.0.242.0/23  {
 ldp-p2mp;
 }
 }
 }
}
vrf-target target:65500:3093;
vrf-table-label;
forwarding-options {
 dhcp-relay {
 forward-snooped-clients all-interfaces;
 server-group {
 IPTV_DHCP {
 10.0.237.2;
 }
 }
 group Abovyan {
 active-server-group IPTV_DHCP;
 relay-option-82 {
 circuit-id {
 use-interface-description logical;
 }
 }
 interface ge-0/0/1.3093 {
 overrides {
 allow-snooped-clients;
 always-write-giaddr;
 always-write-option-82;
 }
 }
 }
 }
}
protocols {
 pim {
 rp {
 local {
 family inet {
 address 10.0.238.6;
 }
 }
 }
 interface all {
 mode sparse;
 version 2;
 hello-interval 0;
 }
 }
 mvpn;
}

misak@PE2# show interfaces ge-1/0/9 unit 3093
description IPTV_Ashtarak_OLT1;
vlan-id 3093;
family inet {
 address 10.12.0.9/20  {
 vrrp-group 112 {
 virtual-address 10.12.0.1;
 priority 100;
 fast-interval 100;
 }
 }
}

misak@PE2# show protocols igmp interface ge-1/0/9.3093
version 3;

misak@PE2# show routing-instances IPTV
instance-type vrf;
interface ge-1/0/9.3093;
interface lo0.1;
route-distinguisher 10.255.255.8:3093 ;
vrf-target target:65500:3093;
vrf-table-label;
forwarding-options {
 dhcp-relay {
 forward-snooped-clients all-interfaces;
 server-group {
 IPTV_DHCP {
 10.0.237.2;
 }
 }
 group Abovyan {
 relay-option-82 {
 circuit-id {
 use-interface-description logical;
 }
 }
 interface ge-1/0/9.3093 {
 overrides {
 allow-snooped-clients;

Re: [j-nsp] ACX Series Technical Information

2014-05-13 Thread Tim Jackson 
ACX is Broadcom Enduro inside. Basically a Cisco ASR901 (or Ciena 39xx).

Route scaling for all ACX is somewhere around 12k routes (give or take, its
11p on Bourbon Street)..

Licensing is only for ptp as far as I know. I had talks about reducing
price on units and per-port licensing was talked abou.t but no general
licensing is in place.

Runs 12.3X code.. Limited DHCP, most shit works.. I've deployed many 10s of
units so far as edge PEs with good success.
On May 13, 2014 10:02 PM, "Skeeve Stevens" <
skeeve+juniper...@eintellegonetworks.com> wrote:

> Hi all,
>
> The Juniper website is very light on technical information and capabilities
> of the ACX platform.
>
> Things such as throughput comparisons between models, routing protocols,
> number of routes per routing protocols supported, etc.
>
> There also is no mention of licensing on the base datasheet, so I am
> assuming everything it mentions, it is licensed for.
>
> Does anyone know of more detailed information?
>
> ...Skeeve
>
> *Skeeve Stevens - *eintellego Networks Pty Ltd
> ske...@eintellegonetworks.com ; www.eintellegonetworks.com
>
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>
> facebook.com/eintellegonetworks ;  
> linkedin.com/in/skeeve
>
> twitter.com/theispguy ; blog: www.theispguy.com
>
>
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] ACX Series Technical Information

2014-05-13 Thread Skeeve Stevens 
Hi all,

The Juniper website is very light on technical information and capabilities
of the ACX platform.

Things such as throughput comparisons between models, routing protocols,
number of routes per routing protocols supported, etc.

There also is no mention of licensing on the base datasheet, so I am
assuming everything it mentions, it is licensed for.

Does anyone know of more detailed information?

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
ske...@eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] MTBF of EX4300 (48 ports, PoE)

2014-05-13 Thread Robert Hass 
HI
I'm looking of MTBF value for EX4300 (48 ports, PoE) switch.
I cannot find it in JNPR datasheets

Rob
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Dynamic VPN on SRX - Non-Split Tunneling

2014-05-13 Thread Skeeve Stevens 
Hey all,

We've happily got dynamic VPN working on the SRX550 Cluster backed into AD
authenticated by Groups.

But, we're struggling to get non-split tunnel working.

We want the default gateway to be the VPN but still be able to maintain
connectivity to the VPN server itself.

Anyone got any idea on how to achieve this with the SRX dynamic VPN?

Thanks all.

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
ske...@eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] ACX1xxx Images

2014-05-13 Thread Skeeve Stevens 
Awesome, thanks mate.

Seems the ACX1000 is only available in DC, and the ACX1100 is available in
either so no wonder I was having issues.


...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
ske...@eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering


On Wed, May 14, 2014 at 9:35 AM, Ben Dale  wrote:

> Hi Skeeve,
>
> The ACX1100 AC units have dual PSUs built-in - there are two C16 sockets
> on the front left of the unit.
>
> I can send you a photo, but there is a nice drawing on Page 4 (and 43) of
> the hardware guide:
>
>
> http://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/topic-collections/hardware/acx-series/acx1000/hwguide/acx1000-hwguide.pdf
>
> Cheers,
>
> Ben
>
> On 14 May 2014, at 8:56 am, Skeeve Stevens <
> skeeve+juniper...@eintellegonetworks.com> wrote:
>
> > Hey all,
> >
> > I am trying to find a picture of the ACX1000 and ACX1100 so I can see how
> > they do the redundant power that they claim in the sales information, but
> > all the images on the Juniper Image Library and google are of DC units.
> >
> > If anyone could shoot me a couple of photos, that would be awesome.
> >
> > If someone could also confirm they do redundant power, that would be
> > fantastic.
> >
> > ...Skeeve
> >
> > *Skeeve Stevens - *eintellego Networks Pty Ltd
> > ske...@eintellegonetworks.com ; www.eintellegonetworks.com
> >
> > Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> >
> > facebook.com/eintellegonetworks ;  
> > linkedin.com/in/skeeve
> >
> > twitter.com/theispguy ; blog: www.theispguy.com
> >
> >
> > The Experts Who The Experts Call
> > Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> > ___
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] ACX1xxx Images

2014-05-13 Thread Ben Dale 
Hi Skeeve,

The ACX1100 AC units have dual PSUs built-in - there are two C16 sockets on the 
front left of the unit.

I can send you a photo, but there is a nice drawing on Page 4 (and 43) of the 
hardware guide:

http://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/topic-collections/hardware/acx-series/acx1000/hwguide/acx1000-hwguide.pdf

Cheers,

Ben

On 14 May 2014, at 8:56 am, Skeeve Stevens 
 wrote:

> Hey all,
> 
> I am trying to find a picture of the ACX1000 and ACX1100 so I can see how
> they do the redundant power that they claim in the sales information, but
> all the images on the Juniper Image Library and google are of DC units.
> 
> If anyone could shoot me a couple of photos, that would be awesome.
> 
> If someone could also confirm they do redundant power, that would be
> fantastic.
> 
> ...Skeeve
> 
> *Skeeve Stevens - *eintellego Networks Pty Ltd
> ske...@eintellegonetworks.com ; www.eintellegonetworks.com
> 
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> 
> facebook.com/eintellegonetworks ;  
> linkedin.com/in/skeeve
> 
> twitter.com/theispguy ; blog: www.theispguy.com
> 
> 
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] ACX1xxx Images

2014-05-13 Thread Andrew Jones 

Hi Skeeve,
There's a line drawing on this page, which illustrates what you're 
asking:

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/task/installation/acx1100-power-connecting-ac.html



On 14.05.2014 08:56, Skeeve Stevens wrote:

Hey all,

I am trying to find a picture of the ACX1000 and ACX1100 so I can see 
how
they do the redundant power that they claim in the sales information, 
but
all the images on the Juniper Image Library and google are of DC 
units.


If anyone could shoot me a couple of photos, that would be awesome.

If someone could also confirm they do redundant power, that would be
fantastic.

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
ske...@eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] ACX1xxx Images

2014-05-13 Thread Skeeve Stevens 
Hey all,

I am trying to find a picture of the ACX1000 and ACX1100 so I can see how
they do the redundant power that they claim in the sales information, but
all the images on the Juniper Image Library and google are of DC units.

If anyone could shoot me a couple of photos, that would be awesome.

If someone could also confirm they do redundant power, that would be
fantastic.

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
ske...@eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] VRRP aware IGMP/PIM

2014-05-13 Thread Krasimir Avramski 
Hello,

Why you use the hello-interval of 0 on PE1 PIM configuration?
While I'm not 100% sure this probably prevents sending hello messages on
segment so potentially  PIM DR election is broken - there is possibility
both PE routers to believe they are DRs for the segment.(PE1 seeing P2'S
hellos elects himself because of highest IP address and PE2 not seeing
neighbor hellos elect himself as one and only pim router on segment)

HTH,
Krasi


On 13 May 2014 15:09, Misak Khachatryan  wrote:

> Hello,
>
> i have following scheme:
>
>
> PE1  CE  PE2
>   |
>Multicast Receiver
>
> PE1 - MX480
> PE2 - MX80
> CE  - EX4200
>
> VLAN with IGMP snooping configured on CE. VRRP and VRF with NG-MVPN
> configured on PE1 and PE2. IGMP enabled on both CE facing interfaces.
>
> Now both PEs sending multicast streams to receiver, despite on that one
> VRRP peer is active, second - passive, which causes unpredicted results on
> receiver side. Disabling IGMP or interface from any side makes everything
> to work perfect.
>
> I think there should be a way to tell IGMP that it should accept register
> messages until router is not VRRP master, but I can't find it.
>
> Any thoughts?
>
> Config parts:
>
>
> misak@PE1# show interfaces ge-0/0/1 unit 3093
> description IPTV_Ashtarak_OLT1;
> vlan-id 3093;
> family inet {
> address 10.12.0.1/20 {
> vrrp-group 112 {
> virtual-address 10.12.0.1;
> priority 255;
> fast-interval 100;
> preempt;
> }
> }
> }
>
> misak@PE1# show protocols igmp interface ge-0/0/1.3093
> version 3;
>
> misak@PE1# show routing-instances IPTV
> instance-type vrf;
> interface ge-0/0/1.3093;
> interface vt-1/3/0.0 {
> multicast;
> }
> interface lo0.1;
> route-distinguisher 65500:3093;
> provider-tunnel {
> selective {
> group 239.255.0.0/24 {
> source 10.0.242.0/23 {
> ldp-p2mp;
> }
> }
> }
> }
> vrf-target target:65500:3093;
> vrf-table-label;
> forwarding-options {
> dhcp-relay {
> forward-snooped-clients all-interfaces;
> server-group {
> IPTV_DHCP {
> 10.0.237.2;
> }
> }
> group Abovyan {
> active-server-group IPTV_DHCP;
> relay-option-82 {
> circuit-id {
> use-interface-description logical;
> }
> }
> interface ge-0/0/1.3093 {
> overrides {
> allow-snooped-clients;
> always-write-giaddr;
> always-write-option-82;
> }
> }
> }
> }
> }
> protocols {
> pim {
> rp {
> local {
> family inet {
> address 10.0.238.6;
> }
> }
> }
> interface all {
> mode sparse;
> version 2;
> hello-interval 0;
> }
> }
> mvpn;
> }
>
> misak@PE2# show interfaces ge-1/0/9 unit 3093
> description IPTV_Ashtarak_OLT1;
> vlan-id 3093;
> family inet {
> address 10.12.0.9/20 {
> vrrp-group 112 {
> virtual-address 10.12.0.1;
> priority 100;
> fast-interval 100;
> }
> }
> }
>
> misak@PE2# show protocols igmp interface ge-1/0/9.3093
> version 3;
>
> misak@PE2# show routing-instances IPTV
> instance-type vrf;
> interface ge-1/0/9.3093;
> interface lo0.1;
> route-distinguisher 10.255.255.8:3093;
> vrf-target target:65500:3093;
> vrf-table-label;
> forwarding-options {
> dhcp-relay {
> forward-snooped-clients all-interfaces;
> server-group {
> IPTV_DHCP {
> 10.0.237.2;
> }
> }
> group Abovyan {
> relay-option-82 {
> circuit-id {
> use-interface-description logical;
> }
> }
> interface ge-1/0/9.3093 {
> overrides {
> allow-snooped-clients;
> always-write-giaddr;
> always-write-option-82;
> }
> }
> }
> }
> }
> protocols {
> pim {
> rp {
> static {
> address 10.0.238.6;
> }
> }
> interface all {
> mode sparse;
> version 2;
> }
> }
> mvpn {
> receiver-site;
> }
> }
>
> Junos version 12.3
>
> --
> Best regards,
> Misak Khachatryan,
> Network Administration and
> Monitoring Department Manager,
> GNC-Alfa CJSC.
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/

[j-nsp] VRRP aware IGMP/PIM

2014-05-13 Thread Misak Khachatryan 

Hello,

i have following scheme:


PE1  CE  PE2
  |
   Multicast Receiver

PE1 - MX480
PE2 - MX80
CE  - EX4200

VLAN with IGMP snooping configured on CE. VRRP and VRF with NG-MVPN 
configured on PE1 and PE2. IGMP enabled on both CE facing interfaces.


Now both PEs sending multicast streams to receiver, despite on that one 
VRRP peer is active, second - passive, which causes unpredicted results 
on receiver side. Disabling IGMP or interface from any side makes 
everything to work perfect.


I think there should be a way to tell IGMP that it should accept 
register messages until router is not VRRP master, but I can't find it.


Any thoughts?

Config parts:


misak@PE1# show interfaces ge-0/0/1 unit 3093
description IPTV_Ashtarak_OLT1;
vlan-id 3093;
family inet {
address 10.12.0.1/20 {
vrrp-group 112 {
virtual-address 10.12.0.1;
priority 255;
fast-interval 100;
preempt;
}
}
}

misak@PE1# show protocols igmp interface ge-0/0/1.3093
version 3;

misak@PE1# show routing-instances IPTV
instance-type vrf;
interface ge-0/0/1.3093;
interface vt-1/3/0.0 {
multicast;
}
interface lo0.1;
route-distinguisher 65500:3093;
provider-tunnel {
selective {
group 239.255.0.0/24 {
source 10.0.242.0/23 {
ldp-p2mp;
}
}
}
}
vrf-target target:65500:3093;
vrf-table-label;
forwarding-options {
dhcp-relay {
forward-snooped-clients all-interfaces;
server-group {
IPTV_DHCP {
10.0.237.2;
}
}
group Abovyan {
active-server-group IPTV_DHCP;
relay-option-82 {
circuit-id {
use-interface-description logical;
}
}
interface ge-0/0/1.3093 {
overrides {
allow-snooped-clients;
always-write-giaddr;
always-write-option-82;
}
}
}
}
}
protocols {
pim {
rp {
local {
family inet {
address 10.0.238.6;
}
}
}
interface all {
mode sparse;
version 2;
hello-interval 0;
}
}
mvpn;
}

misak@PE2# show interfaces ge-1/0/9 unit 3093
description IPTV_Ashtarak_OLT1;
vlan-id 3093;
family inet {
address 10.12.0.9/20 {
vrrp-group 112 {
virtual-address 10.12.0.1;
priority 100;
fast-interval 100;
}
}
}

misak@PE2# show protocols igmp interface ge-1/0/9.3093
version 3;

misak@PE2# show routing-instances IPTV
instance-type vrf;
interface ge-1/0/9.3093;
interface lo0.1;
route-distinguisher 10.255.255.8:3093;
vrf-target target:65500:3093;
vrf-table-label;
forwarding-options {
dhcp-relay {
forward-snooped-clients all-interfaces;
server-group {
IPTV_DHCP {
10.0.237.2;
}
}
group Abovyan {
relay-option-82 {
circuit-id {
use-interface-description logical;
}
}
interface ge-1/0/9.3093 {
overrides {
allow-snooped-clients;
always-write-giaddr;
always-write-option-82;
}
}
}
}
}
protocols {
pim {
rp {
static {
address 10.0.238.6;
}
}
interface all {
mode sparse;
version 2;
}
}
mvpn {
receiver-site;
}
}

Junos version 12.3

--
Best regards,
Misak Khachatryan,
Network Administration and
Monitoring Department Manager,
GNC-Alfa CJSC.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp