Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
Le 11/11/2014 21:08, Karl Brumund - lists a écrit : EX (and QFX) have limited MPLS capabilities. The data sheet is rather optimistic about the capabilities, and a bit misleading about such things as route limits Expecting a cheap switch with merchant silicon to do the same as an expensive MX with custom ASICs is asking for trouble. Seriously, just do L2. Customer port is access, MX80 is trunked. You’re just asking for trouble with MPLS and L2VPN. Much of the same opinion, from quite recent exposure. Cheers, mh Agreed on cheaper switch. High end EX series seems a bit different tought. Some big IX (Linx, FranceIX) run with vpls topologies on EX9200 series (with some issues :) ). Anyway. Redesigning my network at this stage might be challenging. I will try to let this work, and think about a new design in //. Thks. -- Raphael Mazelier ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Zabbix Monitoring VLAN on MX80
Hi all, Does anyone know if it is possible to use Zabbix to graph traffic on a layer 2 VLAN on an MX80 as it passes through (no layer 3) Thanks. ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd ske...@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; http://twitter.com/networkceoau linkedin.com/in/skeeve twitter.com/theispguy ; blog: www.theispguy.com The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
Le 12/11/2014 12:11, Raphael Mazelier a écrit : Le 11/11/2014 21:08, Karl Brumund - lists a écrit : EX (and QFX) have limited MPLS capabilities. The data sheet is rather optimistic about the capabilities, and a bit misleading about such things as route limits Expecting a cheap switch with merchant silicon to do the same as an expensive MX with custom ASICs is asking for trouble. Seriously, just do L2. Customer port is access, MX80 is trunked. You’re just asking for trouble with MPLS and L2VPN. Much of the same opinion, from quite recent exposure. Cheers, mh Agreed on cheaper switch. High end EX series seems a bit different tought. Some big IX (Linx, FranceIX) run with vpls topologies on EX9200 series (with some issues :) ). Yep, the higher end ones have richer spec's, right. Anyway. Redesigning my network at this stage might be challenging. I will try to let this work, and think about a new design in //. I know. Maybe Chip's way? TTYS, mh Thks. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] VSTP info
Do anybody know how many vlans and virtual ports are supported for PVSTP on MX960 ? Greetings ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
On Nov 12, 2014, at 7:34 AM, Michael Hallgren m.hallg...@free.fr wrote: Le 12/11/2014 12:11, Raphael Mazelier a écrit : Le 11/11/2014 21:08, Karl Brumund - lists a écrit : EX (and QFX) have limited MPLS capabilities. The data sheet is rather optimistic about the capabilities, and a bit misleading about such things as route limits Expecting a cheap switch with merchant silicon to do the same as an expensive MX with custom ASICs is asking for trouble. Seriously, just do L2. Customer port is access, MX80 is trunked. You’re just asking for trouble with MPLS and L2VPN. Much of the same opinion, from quite recent exposure. Cheers, mh Agreed on cheaper switch. High end EX series seems a bit different tought. Some big IX (Linx, FranceIX) run with vpls topologies on EX9200 series (with some issues :) ). Yep, the higher end ones have richer spec's, right. They are still limited. Merchant silicon. Not even close to MX capabilities. Proceed with caution. We tried using them as full PEs in $previous_job and it was just trouble. Limited routes, can’t leak connected routes to another RI, and basically dead when J killed the next-gen cards. Good, fast, cheap. Pick any 2. And on a bad day, you’re lucky to get one. Anyway. Redesigning my network at this stage might be challenging. I will try to let this work, and think about a new design in //. I know. Maybe Chip's way? As Randy Bush said, “I strongly encourage all of my competitors to do the above. TTYS, mh Thks. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
On Wednesday, November 12, 2014 04:44:21 PM Karl Brumund - lists wrote: They are still limited. Merchant silicon. Not even close to MX capabilities. Proceed with caution. We tried using them as full PEs in $previous_job and it was just trouble. Limited routes, can’t leak connected routes to another RI, and basically dead when J killed the next-gen cards. Good, fast, cheap. Pick any 2. And on a bad day, you’re lucky to get one. If you're trying to make a router out of something that looks like a switch, the Cisco ME3600X is hard to beat. Brocade's NetIron's were very promising when I last tested them. ALU have a good product, but hardware layout is still an issue for me in this space. Juniper have continued to come short in this area. And no, the ACX doesn't cut it. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
On Wed, Nov 12, 2014 at 10:04 AM, Mark Tinka mark.ti...@seacom.mu wrote: If you're trying to make a router out of something that looks like a switch, the Cisco ME3600X is hard to beat. ME3600X is wonderful, but very expensive once you get the full feature set. We are waiting (rather impatiently at this point) for our first ASR920 to arrive to test out. This is supposed to be the replacement for the ME3400, but with MPLS. It fits us nicer than the ME3600X, as the footprint is much smaller and there are various models for port density. ALU have a good product, but hardware layout is still an issue for me in this space. Odd - we tried to engage ALU and they said all their gear is layer-2 only. They were supposed to come to our office for a meet-and-greet, but never came. This is the second time we've tried to engage them with no success. Guess they are not interested in our business. Juniper have continued to come short in this area. And no, the ACX doesn't cut it. Agreed. ACX is just not there. It baffles me why Juniper has left this market untapped. The mid-range MX is just too expensive and too big for our deployments and the lack of LSR functionality in the EX won't work for us. Now, to get back on topic: OP - we have some L2circuits on LT interfaces, but not with an EX on the other end. Is there any way you can try this by hairpinning a couple of GE ports on the MX80? Also, what's the reason behind using 'l2vpn' instead of 'l2circuit'? I see you are using private addressing on your interface - is there any chance that there are blanket filters applied to your interface using configuration groups or perhaps a forwarding table filter to prevent 1918 space from traversing your network? Mark. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
Le 11/11/14 22:29, chip a écrit : http://pastebin.com/YYfHk9M2 That should get you. *Caveats apply* but it does work =) --chip Thks you chip. With your configuration I've made some progress. Now I've got some arp replies on the CE connected to the EX : 2.1.1.5 2.1.1.6: ICMP echo request, id 26654, seq 11, length 64 17:42:39.031721 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 2.1.1.5 tell 2.1.1.6, length 46 17:42:39.031731 ARP, Ethernet (len 6), IPv4 (len 4), Reply 2.1.1.5 is-at 78:2b:cb:28:2d:55, length 28 The lt mac is correctly learn on the CE. But for one reason or another the mac address of the ce is not learn on the mx80 side ?! I'm just out of luck for this setup :( -- Raphael Mazelier ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
There is a line missing on MX side: set interfaces lt-0/0/0.0 family ccc Thanks Alex 12/11/2014 16:51, Raphael Mazelier wrote: Le 11/11/14 22:29, chip a écrit : http://pastebin.com/YYfHk9M2 That should get you. *Caveats apply* but it does work =) --chip Thks you chip. With your configuration I've made some progress. Now I've got some arp replies on the CE connected to the EX : 2.1.1.5 2.1.1.6: ICMP echo request, id 26654, seq 11, length 64 17:42:39.031721 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 2.1.1.5 tell 2.1.1.6, length 46 17:42:39.031731 ARP, Ethernet (len 6), IPv4 (len 4), Reply 2.1.1.5 is-at 78:2b:cb:28:2d:55, length 28 The lt mac is correctly learn on the CE. But for one reason or another the mac address of the ce is not learn on the mx80 side ?! I'm just out of luck for this setup :( ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
On Wednesday, November 12, 2014 05:38:54 PM Eric Van Tol wrote: ME3600X is wonderful, but very expensive once you get the full feature set. Agree. We are waiting (rather impatiently at this point) for our first ASR920 to arrive to test out. This is supposed to be the replacement for the ME3400, but with MPLS. It fits us nicer than the ME3600X, as the footprint is much smaller and there are various models for port density. Interesting. I'm speaking with the SPAG BU on this platform, to see where it falls short of (or outperforms) the ME3600X/3800X. Odd - we tried to engage ALU and they said all their gear is layer-2 only. They were supposed to come to our office for a meet-and-greet, but never came. This is the second time we've tried to engage them with no success. Guess they are not interested in our business. ALU have some pretty good routers, actually. Their 7xxx series routers and switches are up there with the best. In fact, I find their subscriber management solutions to be quite interesting compared to Cisco and Juniper. I did some testing at their lab in Antwerp a few months ago, and was mighty impressed with some of the work they've done in mobile to wi-fi hand-off. Very good boxes and solutions, to be honest. It's just that in the metro, they still don't have anything close to the ME3600X (or ASR920). Agreed. ACX is just not there. It baffles me why Juniper has left this market untapped. The mid-range MX is just too expensive and too big for our deployments and the lack of LSR functionality in the EX won't work for us. Back when the MX80 was launching (c. 2009), I was speaking to the Juniper folk heading the project, and they promised a 1U MX80 with 20x or 40x Gig-E ports, and 2x or 4x 10Gbps uplinks, with all MX software features. How I still wish for such a box. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
Le 12/11/2014 16:38, Eric Van Tol a écrit : Now, to get back on topic: OP - we have some L2circuits on LT interfaces, but not with an EX on the other end. Is there any way you can try this by hairpinning a couple of GE ports on the MX80? Also, what's the reason behind using 'l2vpn' instead of 'l2circuit'? I see you are using private addressing on your interface - is there any chance that there are blanket filters applied to your interface using configuration groups or perhaps a forwarding table filter to prevent 1918 space from traversing your network? I have only 10G port on my mx80, but since there are not totally in prod, I will test that using a XFP DAC (and I finaly find an utitility for this cable :) No reason to use l2vpn, I've tried l2circuit too, and now connections (rsvp based ccc). I would prefer using l2vpn if it work since I think it's smarter to use bgp signalling; but l2circuit are acceptable. And no; no filter (I deactivate all filter...) With chip's configuration I've have some traffic (arp in one way), but nothing more. I think there is definitively something wrong with EX and l2vpn. -- Raphael Mazelier ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
There's no need to run protocols ldp ? -- Eduardo Schoedler 2014-11-12 17:18 GMT-02:00 Alexander Arseniev arsen...@btinternet.com: There is a line missing on MX side: set interfaces lt-0/0/0.0 family ccc Thanks Alex 12/11/2014 16:51, Raphael Mazelier wrote: Le 11/11/14 22:29, chip a écrit : http://pastebin.com/YYfHk9M2 That should get you. *Caveats apply* but it does work =) --chip Thks you chip. With your configuration I've made some progress. Now I've got some arp replies on the CE connected to the EX : 2.1.1.5 2.1.1.6: ICMP echo request, id 26654, seq 11, length 64 17:42:39.031721 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 2.1.1.5 tell 2.1.1.6, length 46 17:42:39.031731 ARP, Ethernet (len 6), IPv4 (len 4), Reply 2.1.1.5 is-at 78:2b:cb:28:2d:55, length 28 The lt mac is correctly learn on the CE. But for one reason or another the mac address of the ce is not learn on the mx80 side ?! I'm just out of luck for this setup :( ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Eduardo Schoedler ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
I was using RSVP at the time, sorry I left that part out. If you're getting one-way traffic it might be that one of the LSPs isn't up. --chip Sent from my mobile device, please excuse any typos. On Nov 12, 2014, at 5:16 PM, Eduardo Schoedler lis...@esds.com.br wrote: There's no need to run protocols ldp ? -- Eduardo Schoedler 2014-11-12 17:18 GMT-02:00 Alexander Arseniev arsen...@btinternet.com: There is a line missing on MX side: set interfaces lt-0/0/0.0 family ccc Thanks Alex 12/11/2014 16:51, Raphael Mazelier wrote: Le 11/11/14 22:29, chip a écrit : http://pastebin.com/YYfHk9M2 That should get you. *Caveats apply* but it does work =) --chip Thks you chip. With your configuration I've made some progress. Now I've got some arp replies on the CE connected to the EX : 2.1.1.5 2.1.1.6: ICMP echo request, id 26654, seq 11, length 64 17:42:39.031721 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 2.1.1.5 tell 2.1.1.6, length 46 17:42:39.031731 ARP, Ethernet (len 6), IPv4 (len 4), Reply 2.1.1.5 is-at 78:2b:cb:28:2d:55, length 28 The lt mac is correctly learn on the CE. But for one reason or another the mac address of the ce is not learn on the mx80 side ?! I'm just out of luck for this setup :( ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Eduardo Schoedler ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
The ALU 7210 line is very similar to the 3600X and 920. 24x1G and 2x10G or 4x10G, support full MPLS, L2VPN, L3VPN, CES. I’ve posted about them before, we have thousands of them deployed in MPLS rings. They have a 2.5RU modular one now with 6 slots with 2x10G, 10x1G, and 1/10 combo modules. Its not all that impressive but will do 6x10G and 60x1G and has redundant control boards. I agree that Juniper never really pursued the market, the MX isn't a great fit and the ACX/BX are underwhelming. Phil From: Mark Tinka Sent: Wednesday, November 12, 2014 3:53 PM To: Eric Van Tol Cc: m...@xalto.net, juniper-nsp@puck.nether.net List On Wednesday, November 12, 2014 05:38:54 PM Eric Van Tol wrote: ME3600X is wonderful, but very expensive once you get the full feature set. Agree. We are waiting (rather impatiently at this point) for our first ASR920 to arrive to test out. This is supposed to be the replacement for the ME3400, but with MPLS. It fits us nicer than the ME3600X, as the footprint is much smaller and there are various models for port density. Interesting. I'm speaking with the SPAG BU on this platform, to see where it falls short of (or outperforms) the ME3600X/3800X. Odd - we tried to engage ALU and they said all their gear is layer-2 only. They were supposed to come to our office for a meet-and-greet, but never came. This is the second time we've tried to engage them with no success. Guess they are not interested in our business. ALU have some pretty good routers, actually. Their 7xxx series routers and switches are up there with the best. In fact, I find their subscriber management solutions to be quite interesting compared to Cisco and Juniper. I did some testing at their lab in Antwerp a few months ago, and was mighty impressed with some of the work they've done in mobile to wi-fi hand-off. Very good boxes and solutions, to be honest. It's just that in the metro, they still don't have anything close to the ME3600X (or ASR920). Agreed. ACX is just not there. It baffles me why Juniper has left this market untapped. The mid-range MX is just too expensive and too big for our deployments and the lack of LSR functionality in the EX won't work for us. Back when the MX80 was launching (c. 2009), I was speaking to the Juniper folk heading the project, and they promised a 1U MX80 with 20x or 40x Gig-E ports, and 2x or 4x 10Gbps uplinks, with all MX software features. How I still wish for such a box. Mark. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
On Thursday, November 13, 2014 06:00:23 AM phil...@gmail.com wrote: The ALU 7210 line is very similar to the 3600X and 920. 24x1G and 2x10G or 4x10G, support full MPLS, L2VPN, L3VPN, CES. I’ve posted about them before, we have thousands of them deployed in MPLS rings. They have a 2.5RU modular one now with 6 slots with 2x10G, 10x1G, and 1/10 combo modules. Its not all that impressive but will do 6x10G and 60x1G and has redundant control boards. My issue with them is we wanted a 1U version of the 7210. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
