Re: [j-nsp] CGNAT on a MX240 acting as BNG
Thank you, all for sharing your experience. I really appreciate your help. Now I have several things to work on: MS-MPC vs MS-DPC, best service-set approach for our scenario, ... ;-)) Thank you Kind regards Octavio On Fri, Sep 19, 2014 at 3:53 AM, Dung.tran wrote: > Hi Octavio! > CGNAT on MX can run two mode : > Option 1) an interface (interface-style service-set) > Option 2) a routing next hop (next-hop service-set) > You can check network topology and choose option 1 or option 2. > Thanks! > > Best regards, > > TRAN QUANG DUNG > Network Engineering > > t (84-4) 39 42 71 00 (ext: 128) > f (84-8) 39 42 71 02 > m(84) 979423570 > > > Ha noi Rep. Office: > R 307, Sky City Tower A, 88 Lang Ha Str., > Dong Da Dist., Ha noi, Vietnam > www.svtech.com.vn > > > > -Original Message- > From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf > Of > Octavio Alfageme > Sent: Thursday, September 18, 2014 2:26 PM > To: juniper-nsp > Subject: [j-nsp] CGNAT on a MX240 acting as BNG > > Hi everyone, > > I have several MX240s acting as BNGs for PPPoE subscribers. Due to IPv4 > scarcity I need to start running CGNAT on them (both NAT444 and DS-Lite) > with dedicated MS-DPC cards. I've searching for information about this > scenario and I was unable to find it. Do you know if there are restrictions > to run BNG function and CGNAT for these PPPoE subscribers in the same > MX240? > Does any of you have MX series routers acting as CGNAT/BNGs in your > network? > > Thanks in advance > > Octavio > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
SELECTING means that an OFFER has been sent to the client (or at least the
switch thinks it has relayed it), but the REQUEST hasn't come back from the
client.
I have seen this in some instances where the client is expecting a Unicast
reply from the relay agent rather than a broadcast or vice-versa - fix with:
set forwarding-options dhcp-relay overrides layer2-unicast-replies
Nice tip on the route-suppression statement William - that one has been
annoying me for a while with JDHCPd on the SRX...
Cheers,
Ben
On 19 Sep 2014, at 12:01 am, Chris Jones wrote:
> My DHCP clients are all stuck in SELECTING state. Has anyone ever seen that,
> or maybe know what causes it?
>
> root@DVT-EX9200> show dhcp relay binding
>
> IP addressSession Id Hardware address Expires State
> Interface
> 0.0.0.0 18 00:25:90:3d:76:34 0 SELECTING irb.30
> 0.0.0.0 19 00:25:90:3d:e5:13 0 SELECTING irb.30
> 0.0.0.0 17 00:25:90:6d:f0:c3 0 SELECTING irb.30
> 0.0.0.0 23 d4:be:d9:95:b6:4f 0 SELECTING irb.16
>
>
>
>
>> On Sep 16, 2014, at 3:13 PM, William McLendon wrote:
>>
>> this is a working DHCP config on EX9200s — make sure you include the
>> forward-snooped-clients all-interfaces statement, or any transit DHCP packet
>> that traverses an interface without DHCP relay configured will be eaten by
>> the EX9200 — its the most asinine thing in the world to have (a carryover
>> from MX some sort of DHCP security i’m sure), but its completely
>> undocumented it does this from what i’ve seen.
>>
>> dhcp-relay {
>> forward-snooped-clients all-interfaces;
>> server-group {
>> CAMPUS {
>> 192.168.168.168;
>> }
>> }
>> active-server-group CAMPUS;
>> route-suppression {
>> destination;
>> }
>> group LOCAL-NETS {
>> interface ge-5/0/0.304;
>> interface irb.9;
>> }
>> }
>> }
>>
>>
>> the route-suppression destination statement also prevents it from installing
>> access-internal host routes and permanent ARP entries for every DHCP lease.
>>
>>
>> will
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> Chris Jones, JNCIE-ENT #272 / JNCIP-SP
> SDN Engineer
> www.sdnessentials.com
> Cell: 858-888-0373
> E-Mail: ch...@sdnessentials.com
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VPN into M7i
No Panny, the only VPN support on M-Series is IPSEC. I would recommend a 3rd-party client like Shrewsoft On 17 Sep 2014, at 8:55 pm, Panny Malialis wrote: > Hello, > > I'm looking for a simple example of a VPN into a Junos device with an ASII > pic from a Mac or PC (L2TP/PPTP) but can't seem to find anything? > > Is this even possible? > > Many Thanks > > Panny Malialis > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] CGNAT on a MX240 acting as BNG
Hi Octavio! CGNAT on MX can run two mode : Option 1) an interface (interface-style service-set) Option 2) a routing next hop (next-hop service-set) You can check network topology and choose option 1 or option 2. Thanks! Best regards, TRAN QUANG DUNG Network Engineering t (84-4) 39 42 71 00 (ext: 128) f (84-8) 39 42 71 02 m (84) 979423570 Ha noi Rep. Office: R 307, Sky City Tower A, 88 Lang Ha Str., Dong Da Dist., Ha noi, Vietnam www.svtech.com.vn -Original Message- From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Octavio Alfageme Sent: Thursday, September 18, 2014 2:26 PM To: juniper-nsp Subject: [j-nsp] CGNAT on a MX240 acting as BNG Hi everyone, I have several MX240s acting as BNGs for PPPoE subscribers. Due to IPv4 scarcity I need to start running CGNAT on them (both NAT444 and DS-Lite) with dedicated MS-DPC cards. I've searching for information about this scenario and I was unable to find it. Do you know if there are restrictions to run BNG function and CGNAT for these PPPoE subscribers in the same MX240? Does any of you have MX series routers acting as CGNAT/BNGs in your network? Thanks in advance Octavio ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Virtual Chassis RPD/BGP Rsync high CPU
Has anyone had a issue with MX units in a VC where BGP rsync was consuming a boatload of CPU? Master chassis shows: Task StartedUser Time System Time Longest Run BGP rsync 9650 10. 0.8 0.0 ( BGP rsync is the only task with any user time during high user CPU for rpd ) now, that's only like 20% CPU on the master but on the slave it's 90% This seems to have happened when our total paths exceeded 2MM but does not seem to be a memory issue: Dynamically allocated memory: 411009024 Maximum: 808517632 Program data+BSS memory:5537792 Maximum: 5537792 Page data overhead:1196032 Maximum: 1196032 Page directory size: 212992 Maximum:212992 -- Total bytes in use: 417955840 (12% of available memory) -- Scott H. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
http://www.utdallas.edu/~ravip/cs6390/fall01/dhcp.figure.pdf
On Thu, Sep 18, 2014 at 7:01 AM, Chris Jones wrote:
> My DHCP clients are all stuck in SELECTING state. Has anyone ever seen that,
> or maybe know what causes it?
>
> root@DVT-EX9200> show dhcp relay binding
>
> IP addressSession Id Hardware address Expires State
> Interface
> 0.0.0.0 18 00:25:90:3d:76:34 0 SELECTING irb.30
> 0.0.0.0 19 00:25:90:3d:e5:13 0 SELECTING irb.30
> 0.0.0.0 17 00:25:90:6d:f0:c3 0 SELECTING irb.30
> 0.0.0.0 23 d4:be:d9:95:b6:4f 0 SELECTING irb.16
>
>
>
>
>> On Sep 16, 2014, at 3:13 PM, William McLendon wrote:
>>
>> this is a working DHCP config on EX9200s — make sure you include the
>> forward-snooped-clients all-interfaces statement, or any transit DHCP packet
>> that traverses an interface without DHCP relay configured will be eaten by
>> the EX9200 — its the most asinine thing in the world to have (a carryover
>> from MX some sort of DHCP security i’m sure), but its completely
>> undocumented it does this from what i’ve seen.
>>
>>dhcp-relay {
>>forward-snooped-clients all-interfaces;
>>server-group {
>>CAMPUS {
>>192.168.168.168;
>>}
>>}
>>active-server-group CAMPUS;
>>route-suppression {
>>destination;
>>}
>>group LOCAL-NETS {
>>interface ge-5/0/0.304;
>>interface irb.9;
>>}
>>}
>> }
>>
>>
>> the route-suppression destination statement also prevents it from installing
>> access-internal host routes and permanent ARP entries for every DHCP lease.
>>
>>
>> will
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> Chris Jones, JNCIE-ENT #272 / JNCIP-SP
> SDN Engineer
> www.sdnessentials.com
> Cell: 858-888-0373
> E-Mail: ch...@sdnessentials.com
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
My DHCP clients are all stuck in SELECTING state. Has anyone ever seen that, or
maybe know what causes it?
root@DVT-EX9200> show dhcp relay binding
IP addressSession Id Hardware address Expires State
Interface
0.0.0.0 18 00:25:90:3d:76:34 0 SELECTING irb.30
0.0.0.0 19 00:25:90:3d:e5:13 0 SELECTING irb.30
0.0.0.0 17 00:25:90:6d:f0:c3 0 SELECTING irb.30
0.0.0.0 23 d4:be:d9:95:b6:4f 0 SELECTING irb.16
> On Sep 16, 2014, at 3:13 PM, William McLendon wrote:
>
> this is a working DHCP config on EX9200s — make sure you include the
> forward-snooped-clients all-interfaces statement, or any transit DHCP packet
> that traverses an interface without DHCP relay configured will be eaten by
> the EX9200 — its the most asinine thing in the world to have (a carryover
> from MX some sort of DHCP security i’m sure), but its completely undocumented
> it does this from what i’ve seen.
>
>dhcp-relay {
>forward-snooped-clients all-interfaces;
>server-group {
>CAMPUS {
>192.168.168.168;
>}
>}
>active-server-group CAMPUS;
>route-suppression {
>destination;
>}
>group LOCAL-NETS {
>interface ge-5/0/0.304;
>interface irb.9;
>}
>}
> }
>
>
> the route-suppression destination statement also prevents it from installing
> access-internal host routes and permanent ARP entries for every DHCP lease.
>
>
> will
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: ch...@sdnessentials.com
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] CGNAT on a MX240 acting as BNG
MS-DPC is not very cost effetive at our days. have you looked at new MS-MPC? if i`m not mistaken it is cheaper and has more perfomance... 2014-09-18 14:14 GMT+06:00 Shu Li : > Yes, you can run both on the same box, but need to pick a JUNOS > officially support both. > > > On 9/18/14, 4:25 PM, Octavio Alfageme wrote: > >> Hi everyone, >> >> I have several MX240s acting as BNGs for PPPoE subscribers. Due to IPv4 >> scarcity I need to start running CGNAT on them (both NAT444 and DS-Lite) >> with dedicated MS-DPC cards. I've searching for information about this >> scenario and I was unable to find it. Do you know if there are >> restrictions >> to run BNG function and CGNAT for these PPPoE subscribers in the same >> MX240? Does any of you have MX series routers acting as CGNAT/BNGs in your >> network? >> >> Thanks in advance >> >> Octavio >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Juniper, añádeme a tu red de LinkedIn
Hola, Juniper: Me gustaría conectar contigo en LinkedIn. Dana Konkin (dkonkin-at-formadata.net) TDA at Atos IT Solutions and Services Limited Aceptar: http://www.linkedin.com/blink?simpleRedirect=c30Uc3wVdP0Nc3wPe34Pe34VdjR4imVLqnhxt6BSrCACp3BNkRhes58Zumlbp6lOomxP9zwOnT9BoCRBrlZBt6BSrCAZqSkCpnhFtCVFtSlKbnhMpmdzoiRybmRSrCBvrmRLoORIrmkZpSVFqSdxsDgCtP5MolsQelFhinp7kk4ZrClHrRhAqmQCpnhFtCV9sClyrmlJfm4CpzkJemJxcnETc6AJtnxKrSYZpjYOtyZBbSRLoOVKqmhBqSVFr2VTtTsLbPFMt7hE&msgID=I547074809_40&markAsRead= Ver el perfil de Dana Konkin (dkonkin-at-formadata.net): http://www.linkedin.com/blink?simpleRedirect=dz8OczkSdP4Zh4BOpm9JpmQCdS5Dm3RKpmJLl6xQtm4CpmRxrzRBs7Bkq7hRoioMd5YVc3wQdP0Td3l9nPgRdj4Sd34QfnhMpmdzgmVLqnhxt6BSrCACe39vsClyrmlJnSlQqnpKqjRHpipBt6BSrCBTpmUJpmRxryRybmRSrCBvrmRLoORIrmkZpSVFqSdxsDgCtP5MolsQelFhinp7kk4ZrClHrRhAqmQCtD1KfngCpzkJemJxcnETc6AJtnxKrSYZpjYOtyZBbSRLoOVKqmhBqSVFr2VTtTsLbPFMt7hE&msgID=I547074809_40&markAsRead= Estás recibiendo mensajes sobre Invitación. Date de baja aquí: http://www.linkedin.com/blink?simpleRedirect=pzkJemJxcnETc6AJtnxKrSYZp6BB9A57uBFCoAt4e7B3tT0QlA5MpkVgk31mjSNMhlx1uktLgz9zr2R5qlt4hRpTe5BjlSFEnRASi6FkhCMVhBxmu4FeblZvm5x9qll1gk5DkAdPmBBjh4pGnQthgjRAqmZI9zwOnT9BoCRBrlZBt6BSrCAZqSkCpnhFtCVFtSlKbm9RsSVRbmoJrnpKqlZJrmZzbmNJpjRDrCBHoS5Ot2pTcn1xlPgVmB59tAthgjRKpmJLl6hFripPtmkZt2pCdiQVqS4NuzsMqiRRu6VLrPRBfP9SbSkLrmZzbCVFp6lHrCBIbDtTtOYLeDdMt7hE&msgID=I547074809_40&markAsRead= Este mensaje de correo electrónico estaba dirigido a Juniper List (soporte y capacitacion en iquall networks). Averigua por qué incluimos esto en este enlace: http://www.linkedin.com/blink?simpleRedirect=3wUdPgZp4BBr6dFt79x9zwOnT9BoCRBrlZBt6BSrCAZqSkCtP5MolsQelFhinp7kk4ZrClHrRhAqmQCr79lpmdFtD9BkT9BrmZQsTlzfm4CpzkJemJxcnETc6AJtnxKrSYZpjYOtyZBbSRLoOVKqmhBqSVFr2VTtTsLbPFMt7hE&msgID=I547074809_40&markAsRead= ©2014 LinkedIn Ireland Limited, registrada en Irlanda como sociedad anónima, número de identificación 477441; oficina registradora: 70 Sir John Roberson’s Quay, Dublín 2 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] CGNAT on a MX240 acting as BNG
Yes, you can run both on the same box, but need to pick a JUNOS officially support both. On 9/18/14, 4:25 PM, Octavio Alfageme wrote: Hi everyone, I have several MX240s acting as BNGs for PPPoE subscribers. Due to IPv4 scarcity I need to start running CGNAT on them (both NAT444 and DS-Lite) with dedicated MS-DPC cards. I've searching for information about this scenario and I was unable to find it. Do you know if there are restrictions to run BNG function and CGNAT for these PPPoE subscribers in the same MX240? Does any of you have MX series routers acting as CGNAT/BNGs in your network? Thanks in advance Octavio ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] CGNAT on a MX240 acting as BNG
Hi everyone, I have several MX240s acting as BNGs for PPPoE subscribers. Due to IPv4 scarcity I need to start running CGNAT on them (both NAT444 and DS-Lite) with dedicated MS-DPC cards. I've searching for information about this scenario and I was unable to find it. Do you know if there are restrictions to run BNG function and CGNAT for these PPPoE subscribers in the same MX240? Does any of you have MX series routers acting as CGNAT/BNGs in your network? Thanks in advance Octavio ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
