Re: [j-nsp] configuration archival, commit comments
On 11/11/14 8:16 am, "Stefan Cioata" wrote: > >c) I would like to implement git. That will require at minimum to have >the >user on the ".gz transferred file. You can have an event script triggered by UI_COMMIT_COMPLETE and the script can get you this info. Thanks, Pallavi ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
On Thursday, November 13, 2014 08:02:19 PM Daniel Verlouw wrote: > vRR ? We’re about to re-evaluate our RR deployment and > going ‘virtual / PC-based’ is certainly high on our > list. Too bad there's hardly any info on vRR around, or > I'm looking in the wrong place (which is not terribly > hard after yet another poor redesign of jnpr.net) When I was testing it I found it too slow, and most of the coolness we wanted was coming later in 14.x. CSR1000v was a lot quicker (we deployed it in ESXi) and the feature set was where we wanted it. My guess is vRR is good to go now. I'd certainly not be spending money on a real router for route reflection, particularly if you are inclined to only running Junos for this. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
Speaking of RRs, has anyone actually looked at: http://www.metaswitch.com/products/networking/virtual-route-reflector ? On Thu, Nov 13, 2014 at 10:02 AM, Daniel Verlouw wrote: > Hej Mark, > > On Thu, Nov 13, 2014 at 5:10 PM, Mark Tinka wrote: >> I'd deploy vMX as a route reflector. I was actually >> evaluating vRR a few months ago, but it still had a long way >> to go, so went with Cisco's CSR1000v (which is, basically, >> IOS XE) instead. > > would you be able to elaborate on your experience with vRR ? We’re > about to re-evaluate our RR deployment and going ‘virtual / PC-based’ > is certainly high on our list. Too bad there's hardly any info on vRR > around, or I'm looking in the wrong place (which is not terribly hard > after yet another poor redesign of jnpr.net) > > Other than being used as RR, I (so far) fail to see how vMX would be > deployed in carrier networks such as ours. Virtualized DCs, yes, > maybe, but that’s whole different ball game. > > BR, Daniel. > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
Hi, > For starters, at least when we evaluated it last year, there was no switching > or IRB support. there is now, bridge-domains + IRB with L3VPN is what we use without a problem. We have a few hundred ACX deployed for our mobile backhaul and will ramp up that number over the next few months. It does have its quirks related to Broadcom ASIC limitations (indeed CoS is one thing, firewall filters another), but overall, for mobile, it's a nice platform at a low cost point. I could see the ACX work for our L2 metro business as well from a functionality point of view, but there the port density kills it. I echo the sentiment of others, Juniper really dropped the ball here. The gap between ACX and MX is simply far too large. What are others using for let's say MPLS + 12x 1GE + 4x 10GE ? - 7210 SAS-M - 3600X 24CX - higher density ASR920 will be around I understand? - any others to consider presently? BR, Daniel. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
Hej Mark, On Thu, Nov 13, 2014 at 5:10 PM, Mark Tinka wrote: > I'd deploy vMX as a route reflector. I was actually > evaluating vRR a few months ago, but it still had a long way > to go, so went with Cisco's CSR1000v (which is, basically, > IOS XE) instead. would you be able to elaborate on your experience with vRR ? We’re about to re-evaluate our RR deployment and going ‘virtual / PC-based’ is certainly high on our list. Too bad there's hardly any info on vRR around, or I'm looking in the wrong place (which is not terribly hard after yet another poor redesign of jnpr.net) Other than being used as RR, I (so far) fail to see how vMX would be deployed in carrier networks such as ours. Virtualized DCs, yes, maybe, but that’s whole different ball game. BR, Daniel. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
Yes they don't really fit will with metro fiber rings unless everything is indoors, you certainly wouldn't deploy them at a cell tower or outdoor enclosure. Really today the ALU 7210, ACX, ME3600, etc. are cheaper anyways. The vMX really has two flavors, one for low speed and one for high speed. The high speed one uses the Intel DPDK/SR-IOV and can push about 80Gbps half duplex doing normal routing. ALU has the same thing and claims they can do 320Gbps half-duplex but 32x10G ports would need like an 8RU server :). ALU a demo coming up with a bunch of servers in a rack managed as a single router supporting about 2Tbps of throughput. They call those vMX, vSR, etc. but they aren't such that you could run 50 of them on a server. They require direct access to the 10G hardware. Now the caveat is once you start throwing firewall filters, policing, NAT, 64-byte packets, etc. the performance drops significantly, but for 512+ byte packets it's still pretty good unless you are doing a ton of stuff. There are companies like Advantech starting to sell 20" depth NEBS compliant "carrier servers" and servers with more network slots and my guess is you'll see more and more of them. Biggest issue is cooling a general CPU which is beefy enough to support the throughput you may need. The vMX as a vRR works fine now, as does the XRv and vSROS ones from Cisco/ALU. They are all fairly "productized" at this point. I believe starting in 14.2 the vMX uses the same jinstall packages to upgrade as any other MX. Sorry for taking this off-topic. :) Phil On 11/13/14, 4:10 PM, "Mark Tinka" wrote: >On Thursday, November 13, 2014 05:44:16 PM Eric Van Tol >wrote: > >> Or am I misunderstanding the vMX? Not trying to be >> snarky, it's a serious question. I am not sure where I >> would see the vMX in a production service provider >> network, but I am certainly open to ideas. > >I'd deploy vMX as a route reflector. I was actually >evaluating vRR a few months ago, but it still had a long way >to go, so went with Cisco's CSR1000v (which is, basically, >IOS XE) instead. > >We run all our route reflectors on CSR1000v, off 1U HP >servers. Very nice! > >Mark. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
On Thursday, November 13, 2014 05:44:16 PM Eric Van Tol wrote: > Or am I misunderstanding the vMX? Not trying to be > snarky, it's a serious question. I am not sure where I > would see the vMX in a production service provider > network, but I am certainly open to ideas. I'd deploy vMX as a route reflector. I was actually evaluating vRR a few months ago, but it still had a long way to go, so went with Cisco's CSR1000v (which is, basically, IOS XE) instead. We run all our route reflectors on CSR1000v, off 1U HP servers. Very nice! Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
On Thursday, November 13, 2014 05:09:49 PM Phil Bedard wrote: > Maybe vMX is the answer to a 1U MX at this point, > depending on the throughput you really need. This is only useful where you need a cheap router for some routing and port density is of no concern. So route reflectors, simple routing in the data centre, enterprise office routers, e.t.c. The reason we deploy ME3600X's is MPLS in fibre access rings. vMX won't be of any use there. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
-Original Message- From: Phil Bedard [mailto:phil...@gmail.com] >Maybe vMX is the answer to a 1U MX at this point, depending on the >throughput you really need. How do you stuff a minimum of 12x1G and 4x10G interfaces into a 1U server that needs to have a maximum 26" depth and 100F+ degree environments with little to no airflow? Or am I misunderstanding the vMX? Not trying to be snarky, it's a serious question. I am not sure where I would see the vMX in a production service provider network, but I am certainly open to ideas. -evt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
Maybe vMX is the answer to a 1U MX at this point, depending on the throughput you really need. Phil On 11/13/14, 1:49 PM, "Eric Van Tol" wrote: >-Original Message- >From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf >Of Austin Brower >Sent: Thursday, November 13, 2014 6:35 AM >To: juniper-nsp@puck.nether.net >Subject: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to >MX80/lt Interface) > >>So far, Eric, Mark, and Phil have all stated that the ACX is not the >>right >platform for their purposes. > >>Could you elaborate on why? I've been looking at the ACX with some >>curiosity > >For starters, at least when we evaluated it last year, there was no >switching or IRB support. The chips are not Trio-based which means poor >feature parity with our existing MX deployments (it really sucks creating >separate class-of-service configs for every damn type of device). >Firewall filters could not match based upon prefixes, but rather only a >single IP address or port number. There was also no hierarchical >queuing, but I was told that it was on the roadmap for 2014. I have not >checked to see if that goal was met. Finally, the cost to reach only >half the port density of the ME3600X was also an issue. > >It's a nice router, but it simply didn't seem to "fit" within the metro >ethernet deployment model that we have. I echo Mark's statement about >being told that a 1U MX was on the way. That was three years ago and I >can't imagine why Juniper won't make one of these. We have dozens of >ME3600Xs deployed that I would gladly have used MX gear, assuming they >didn't want to charge insane license fees for H-QoS and 10GE port >enabling. > >-evt > >___ >juniper-nsp mailing list juniper-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
It's an odd hardware platform compared to the rest of their offerings. Does not support 10G which is really needed these days. It's one of those platforms you are leery of them dropping at any time, kind of like the EX8200... Phil On 11/13/14, 11:34 AM, "Austin Brower" wrote: >On Nov 12, 2014, at 10:38 AM, Eric Van Tol wrote: >> On Wed, Nov 12, 2014 at 10:04 AM, Mark Tinka >>wrote: >> >>> Juniper have continued to come short in this area. And no, >>> the ACX doesn't cut it. >> >> Agreed. ACX is just not there. It baffles me why Juniper has left >> this market untapped. The mid-range MX is just too expensive and too >> big for our deployments and the lack of LSR functionality in the EX >> won't work for us. > >So far, Eric, Mark, and Phil have all stated that the ACX is not the >right platform for their purposes. > >Could you elaborate on why? I've been looking at the ACX with some >curiosity as a migration tool for some of my fiber constrained sites >where I have low capacity SONET systems (which are very slow to leave the >network) and 1Gbps Ethernet switching (utilizing finicky ERPS). > >Thanks, >Austin >___ >juniper-nsp mailing list juniper-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
-Original Message- From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Austin Brower Sent: Thursday, November 13, 2014 6:35 AM To: juniper-nsp@puck.nether.net Subject: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface) >So far, Eric, Mark, and Phil have all stated that the ACX is not the right >>platform for their purposes. >Could you elaborate on why? I've been looking at the ACX with some curiosity For starters, at least when we evaluated it last year, there was no switching or IRB support. The chips are not Trio-based which means poor feature parity with our existing MX deployments (it really sucks creating separate class-of-service configs for every damn type of device). Firewall filters could not match based upon prefixes, but rather only a single IP address or port number. There was also no hierarchical queuing, but I was told that it was on the roadmap for 2014. I have not checked to see if that goal was met. Finally, the cost to reach only half the port density of the ME3600X was also an issue. It's a nice router, but it simply didn't seem to "fit" within the metro ethernet deployment model that we have. I echo Mark's statement about being told that a 1U MX was on the way. That was three years ago and I can't imagine why Juniper won't make one of these. We have dozens of ME3600Xs deployed that I would gladly have used MX gear, assuming they didn't want to charge insane license fees for H-QoS and 10GE port enabling. -evt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)
On Nov 12, 2014, at 10:38 AM, Eric Van Tol wrote: > On Wed, Nov 12, 2014 at 10:04 AM, Mark Tinka wrote: > >> Juniper have continued to come short in this area. And no, >> the ACX doesn't cut it. > > Agreed. ACX is just not there. It baffles me why Juniper has left > this market untapped. The mid-range MX is just too expensive and too > big for our deployments and the lack of LSR functionality in the EX > won't work for us. So far, Eric, Mark, and Phil have all stated that the ACX is not the right platform for their purposes. Could you elaborate on why? I've been looking at the ACX with some curiosity as a migration tool for some of my fiber constrained sites where I have low capacity SONET systems (which are very slow to leave the network) and 1Gbps Ethernet switching (utilizing finicky ERPS). Thanks, Austin ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX4550 L2Circuit/VPN to MX80/lt Interface
Le 13/11/14 01:29, Chip Gwyn a écrit : I was using RSVP at the time, sorry I left that part out. If you're getting one-way traffic it might be that one of the LSPs isn't up. --chip That's it but I wonder why ? EX side : rancid@sr-dc2-01# run show mpls lsp Ingress LSP: 1 sessions To FromState Rt P ActivePath LSPname 192.58.176.10 192.58.176.13 Up 0 * from-ex-to-mx Total 1 displayed, Up 1, Down 0 Egress LSP: 1 sessions To FromState Rt Style Labelin Labelout LSPname 192.58.176.13 192.58.176.10 Up 0 1 FF 300304- from-mx-to-ex Total 1 displayed, Up 1, Down 0 rancid@sr-dc2-01# run ping mpls rsvp from-ex-to-mx ! --- lsping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss So it's OK this way. MX side : rancid@cr-dc2-01# run show mpls lsp Ingress LSP: 1 sessions To FromState Rt P ActivePath LSPname 192.58.176.13 192.58.176.10 Up 0 * from-mx-to-ex Total 1 displayed, Up 1, Down 0 Egress LSP: 1 sessions To FromState Rt Style Labelin Labelout LSPname 192.58.176.10 192.58.176.13 Up 0 1 FF 300176- from-ex-to-mx Total 1 displayed, Up 1, Down 0 Transit LSP: 0 sessions Total 0 displayed, Up 0, Down 0 rancid@cr-dc2-01# run ping mpls rsvp from-mx-to-ex . --- lsping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss What could be missing ? Here is my config : http://pastebin.com/bHP9FFsp Thks. -- Raphael Mazelier ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp