Re: [j-nsp] Anyone uses Adaptive Load Balancing?

2017-11-17 Thread Alex K. 
Hello Serge and thank you.

Yes, there are indeed, not that many cases for ALB. That's why I turned to
community.

Thank you for sharing your experience.

בתאריך 18 בנוב' 2017 1:41 AM,‏ "serge vautour" 
כתב:

> Hello,
>
> We have been using it for a while. Works great. We have a few small links
> in a LAG bundle with a small number of fat flows over them. Without
> adaptive LAG the flows would sometimes hash on the same link. With adaptive
> LAG they are always split.
>
> I agree that there probably aren't many use cases for this. We ran into
> one and this solution worked.
>
> Serge
>
>
> On Fri, Nov 17, 2017 at 6:36 PM, Alex K.  wrote:
>
>> Hello everyone,
>>
>> A customer of mine, is looking forward for a technology able to load
>> balance a traffic across a LAG.
>>
>> The LAG in question comprised of Ethernet link and can grow from a few
>> links (4) to say, 20 - as required bandwidth grows. The gear is MX boxes.
>>
>> Since I'm familiar with adaptive load balancing but never used it myself,
>> I'll glad if someone here can share his/her experience using it? Can it
>> deliver pretty good load balancing across a LAG between routers? Is it
>> stable? Is there any caveats one should avoid? Anything else we should
>> consider, before deploying this thing into production? Feel free to share
>> (off list/on list) your experience and everything else you think relevant.
>>
>> Thank you.
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MACsec over a service provider

2017-11-17 Thread Alex K. 
Sure.

But it depends on the exact circuit you have (on the exact equipment and
settings your carrier uses). Since MACSec is true point-to-point protocol,
carriers' equipment may interpret its' packets (say EAPOL), as destined for
itself - instead of forwarding it thru the pseudo wire.

As far as I remember the deployment, most of the circuits were fine with
regular (i.e. LAN) MACSec. But some required the WAN flavor. Hence wouldn't
have worked with J-gear. Anyhow, I glad you were able to sort it out.

Best regards,
Alex.

בתאריך 18 בנוב' 2017 1:43 AM,‏ "Chuck Anderson"  כתב:

In the end I discovered that CCC, l2circuit, etc. work fine for
transporting regular MACsec, no need for "WAN MACsec" or special
commands to forward dot1x frames.

I also got this to work with 2 links at the same time between the same
2 switches.  The problem I was having was related to using 1g SFP's in
EX-UM-4X4SFP in the EX4300-48P.  You have to turn off auto-neg and
force the speed to 1g.  You also have to restart the PIC or reboot
after changing an optic from 10gig to 1gig or vice versa.

On Fri, Nov 17, 2017 at 11:25:23PM +, Alex K. wrote:
> * As long as you have pure p2p links, you should be fine - Juniper gear
> meant.
>
> בתאריך 18 בנוב' 2017 1:20 AM,‏ "Alex K."  כתב:
>
> > Yes,
> >
> > But unfortunately (as far as j-nsp is considered), using Ciscos' gear.
> >
> > Cisco has a special flavor of MACSec, intended to address that issue
> > exactly - they call it WAN MACSes. We was able to use across many
different
> > SP circuits. As long as you have pure p2p links (real or stimulated),
you
> > should be fine. Unfortunately, I'm not aware of any similar Juniper
> > technique.
> >
> > Best regards,
> > Alex.
> >
> > בתאריך 27 באוק' 2017 5:23 PM,‏ "Chuck Anderson"  כתב:
> >
> > Has anyone been able to run MACsec over a service provider's Ethernet
> > Private Line (or even just a 802.1q vlan)?  I'm looking at using 10gig
> > ports on the EX4300 or the EX4600/QFX5100-24Q with the MACsec uplink
> > module.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MACsec over a service provider

2017-11-17 Thread Chuck Anderson 
In the end I discovered that CCC, l2circuit, etc. work fine for
transporting regular MACsec, no need for "WAN MACsec" or special
commands to forward dot1x frames.

I also got this to work with 2 links at the same time between the same
2 switches.  The problem I was having was related to using 1g SFP's in
EX-UM-4X4SFP in the EX4300-48P.  You have to turn off auto-neg and
force the speed to 1g.  You also have to restart the PIC or reboot
after changing an optic from 10gig to 1gig or vice versa.

On Fri, Nov 17, 2017 at 11:25:23PM +, Alex K. wrote:
> * As long as you have pure p2p links, you should be fine - Juniper gear
> meant.
> 
> בתאריך 18 בנוב' 2017 1:20 AM,‏ "Alex K."  כתב:
> 
> > Yes,
> >
> > But unfortunately (as far as j-nsp is considered), using Ciscos' gear.
> >
> > Cisco has a special flavor of MACSec, intended to address that issue
> > exactly - they call it WAN MACSes. We was able to use across many different
> > SP circuits. As long as you have pure p2p links (real or stimulated), you
> > should be fine. Unfortunately, I'm not aware of any similar Juniper
> > technique.
> >
> > Best regards,
> > Alex.
> >
> > בתאריך 27 באוק' 2017 5:23 PM,‏ "Chuck Anderson"  כתב:
> >
> > Has anyone been able to run MACsec over a service provider's Ethernet
> > Private Line (or even just a 802.1q vlan)?  I'm looking at using 10gig
> > ports on the EX4300 or the EX4600/QFX5100-24Q with the MACsec uplink
> > module.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Anyone uses Adaptive Load Balancing?

2017-11-17 Thread serge vautour 
Hello,

We have been using it for a while. Works great. We have a few small links
in a LAG bundle with a small number of fat flows over them. Without
adaptive LAG the flows would sometimes hash on the same link. With adaptive
LAG they are always split.

I agree that there probably aren't many use cases for this. We ran into one
and this solution worked.

Serge


On Fri, Nov 17, 2017 at 6:36 PM, Alex K.  wrote:

> Hello everyone,
>
> A customer of mine, is looking forward for a technology able to load
> balance a traffic across a LAG.
>
> The LAG in question comprised of Ethernet link and can grow from a few
> links (4) to say, 20 - as required bandwidth grows. The gear is MX boxes.
>
> Since I'm familiar with adaptive load balancing but never used it myself,
> I'll glad if someone here can share his/her experience using it? Can it
> deliver pretty good load balancing across a LAG between routers? Is it
> stable? Is there any caveats one should avoid? Anything else we should
> consider, before deploying this thing into production? Feel free to share
> (off list/on list) your experience and everything else you think relevant.
>
> Thank you.
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MACsec over a service provider

2017-11-17 Thread Giuliano C. Medalha 

I think juniper gear has some mics that supoort macsec ... for mx 17.3

JNP-MIC1-MACSEC

https://www.juniper.net/documentation/en_US/junos/topics/concept/macsec-overview-mx-series.html

Or you can use a DCI to do it ... together with your router ... but maybe in 
100G interfaces only ... will check

https://www.infinera.com/technology/optical-network-security/

Att

Giuliano



Giuliano C. Medalha
WZTECH NETWORKS
+55 (17) 98112-5394
giuli...@wztech.com.br

From: juniper-nsp  on behalf of Alex K. 

Sent: Friday, November 17, 2017 9:20:55 PM
To: juniper-nsp
Subject: Re: [j-nsp] MACsec over a service provider

Yes,

But unfortunately (as far as j-nsp is considered), using Ciscos' gear.

Cisco has a special flavor of MACSec, intended to address that issue
exactly - they call it WAN MACSes. We was able to use across many different
SP circuits. As long as you have pure p2p links (real or stimulated), you
should be fine. Unfortunately, I'm not aware of any similar Juniper
technique.

Best regards,
Alex.

בתאריך 27 באוק' 2017 5:23 PM,‏ "Chuck Anderson"  כתב:

Has anyone been able to run MACsec over a service provider's Ethernet
Private Line (or even just a 802.1q vlan)?  I'm looking at using 10gig
ports on the EX4300 or the EX4600/QFX5100-24Q with the MACsec uplink
module.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2017 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos eventuais documentos anexos são 
confidenciais e para conhecimento exclusivo do destinatário. Se o leitor desta 
mensagem não for o seu destinatário, fica desde já notificado de que não poderá 
divulgar, distribuir ou, sob qualquer forma, dar conhecimento a terceiros das 
informações e do conteúdo dos documentos anexos. Neste caso, favor comunicar 
imediatamente o remetente, respondendo este e-mail ou telefonando ao mesmo, e 
em seguida apague-o.

CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are 
solely for the intended recipient and may contain confidential or privileged 
information. If you are not the intended recipient, any review, transmission, 
dissemination or other use of this information is prohibited. If you have 
received this communication in error, please notify the sender immediately and 
delete the material from any computer, including any copies.

WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2017 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos eventuais documentos anexos são 
confidenciais e para conhecimento exclusivo do destinatário. Se o leitor desta 
mensagem não for o seu destinatário, fica desde já notificado de que não poderá 
divulgar, distribuir ou, sob qualquer forma, dar conhecimento a terceiros das 
informações e do conteúdo dos documentos anexos. Neste caso, favor comunicar 
imediatamente o remetente, respondendo este e-mail ou telefonando ao mesmo, e 
em seguida apague-o.

CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are 
solely for the intended recipient and may contain confidential or privileged 
information. If you are not the intended recipient, any review, transmission, 
dissemination or other use of this information is prohibited. If you have 
received this communication in error, please notify the sender immediately and 
delete the material from any computer, including any copies.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Anyone uses Adaptive Load Balancing?

2017-11-17 Thread Alex K. 
Hello Giuliano and thank you.

It would be MPLS traffic and Juniper facing Juniper.

בתאריך 18 בנוב' 2017 1:08 AM,‏ "Giuliano C. Medalha" 
כתב:

> Alex
>
> What type of traffic ?
>
> MX is very good for load balance because of TRIO chipset ... that is able
> to strip down the frames and the packets ... necessary for the hash of LAG
> circuits
>
> Is IP traffic or MPLS traffic ?
>
> Maybe on new boxes like mx10003 and mx204 you can create high capacity LAG
> links using 100G qsfp28 interfaces.
>
> We are using it in a lot os cases ... is very stable ... but is necessary
> to do a deep study fot the correct number of interfaces, config, hash, mpc
> (hw), and junos version that you can find with your SM.
>
> Will be juniper with juniper or other brand ?
>
> Att
>
> Giuliano C. Medalha
> WZTECH NETWORKS
> +55 (17) 98112-5394 <+55%2017%2098112-5394>
> giuli...@wztech.com.br
> _
> From: Alex K. 
> Sent: Friday, November 17, 2017 20:37
> Subject: [j-nsp] Anyone uses Adaptive Load Balancing?
> To: juniper-nsp 
>
>
> Hello everyone,
>
> A customer of mine, is looking forward for a technology able to load
> balance a traffic across a LAG.
>
> The LAG in question comprised of Ethernet link and can grow from a few
> links (4) to say, 20 - as required bandwidth grows. The gear is MX boxes.
>
> Since I'm familiar with adaptive load balancing but never used it myself,
> I'll glad if someone here can share his/her experience using it? Can it
> deliver pretty good load balancing across a LAG between routers? Is it
> stable? Is there any caveats one should avoid? Anything else we should
> consider, before deploying this thing into production? Feel free to share
> (off list/on list) your experience and everything else you think relevant.
>
> Thank you.
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> WZTECH is registered trademark of WZTECH NETWORKS.
> Copyright © 2017 WZTECH NETWORKS. All Rights Reserved.
>
> IMPORTANTE:
> As informações deste e-mail e o conteúdo dos eventuais documentos anexos
> são confidenciais e para conhecimento exclusivo do destinatário. Se o
> leitor desta mensagem não for o seu destinatário, fica desde já notificado
> de que não poderá divulgar, distribuir ou, sob qualquer forma, dar
> conhecimento a terceiros das informações e do conteúdo dos documentos
> anexos. Neste caso, favor comunicar imediatamente o remetente, respondendo
> este e-mail ou telefonando ao mesmo, e em seguida apague-o.
>
> CONFIDENTIALITY NOTICE:
> The information transmitted in this email message and any attachments are
> solely for the intended recipient and may contain confidential or
> privileged information. If you are not the intended recipient, any review,
> transmission, dissemination or other use of this information is prohibited.
> If you have received this communication in error, please notify the sender
> immediately and delete the material from any computer, including any copies.
>
>
>
> WZTECH is registered trademark of WZTECH NETWORKS.
> Copyright © 2017 WZTECH NETWORKS. All Rights Reserved.
>
>
> IMPORTANTE:
> As informações deste e-mail e o conteúdo dos eventuais documentos anexos
> são confidenciais e para conhecimento exclusivo do destinatário. Se o
> leitor desta mensagem não for o seu destinatário, fica desde já notificado
> de que não poderá divulgar, distribuir ou, sob qualquer forma, dar
> conhecimento a terceiros das informações e do conteúdo dos documentos
> anexos. Neste caso, favor comunicar imediatamente o remetente, respondendo
> este e-mail ou telefonando ao mesmo, e em seguida apague-o.
>
>
> CONFIDENTIALITY NOTICE:
> The information transmitted in this email message and any attachments are
> solely for the intended recipient and may contain confidential or
> privileged information. If you are not the intended recipient, any review,
> transmission, dissemination or other use of this information is prohibited.
> If you have received this communication in error, please notify the sender
> immediately and delete the material from any computer, including any copies.
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MACsec over a service provider

2017-11-17 Thread Alex K. 
* As long as you have pure p2p links, you should be fine - Juniper gear
meant.

בתאריך 18 בנוב' 2017 1:20 AM,‏ "Alex K."  כתב:

> Yes,
>
> But unfortunately (as far as j-nsp is considered), using Ciscos' gear.
>
> Cisco has a special flavor of MACSec, intended to address that issue
> exactly - they call it WAN MACSes. We was able to use across many different
> SP circuits. As long as you have pure p2p links (real or stimulated), you
> should be fine. Unfortunately, I'm not aware of any similar Juniper
> technique.
>
> Best regards,
> Alex.
>
> בתאריך 27 באוק' 2017 5:23 PM,‏ "Chuck Anderson"  כתב:
>
> Has anyone been able to run MACsec over a service provider's Ethernet
> Private Line (or even just a 802.1q vlan)?  I'm looking at using 10gig
> ports on the EX4300 or the EX4600/QFX5100-24Q with the MACsec uplink
> module.
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MACsec over a service provider

2017-11-17 Thread Alex K. 
Yes,

But unfortunately (as far as j-nsp is considered), using Ciscos' gear.

Cisco has a special flavor of MACSec, intended to address that issue
exactly - they call it WAN MACSes. We was able to use across many different
SP circuits. As long as you have pure p2p links (real or stimulated), you
should be fine. Unfortunately, I'm not aware of any similar Juniper
technique.

Best regards,
Alex.

בתאריך 27 באוק' 2017 5:23 PM,‏ "Chuck Anderson"  כתב:

Has anyone been able to run MACsec over a service provider's Ethernet
Private Line (or even just a 802.1q vlan)?  I'm looking at using 10gig
ports on the EX4300 or the EX4600/QFX5100-24Q with the MACsec uplink
module.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Anyone uses Adaptive Load Balancing?

2017-11-17 Thread Giuliano C. Medalha 
Alex

What type of traffic ?

MX is very good for load balance because of TRIO chipset ... that is able to 
strip down the frames and the packets ... necessary for the hash of LAG circuits

Is IP traffic or MPLS traffic ?

Maybe on new boxes like mx10003 and mx204 you can create high capacity LAG 
links using 100G qsfp28 interfaces.

We are using it in a lot os cases ... is very stable ... but is necessary to do 
a deep study fot the correct number of interfaces, config, hash, mpc (hw), and 
junos version that you can find with your SM.

Will be juniper with juniper or other brand ?

Att

Giuliano C. Medalha
WZTECH NETWORKS
+55 (17) 98112-5394
giuli...@wztech.com.br
_
From: Alex K. 
Sent: Friday, November 17, 2017 20:37
Subject: [j-nsp] Anyone uses Adaptive Load Balancing?
To: juniper-nsp 


Hello everyone,

A customer of mine, is looking forward for a technology able to load
balance a traffic across a LAG.

The LAG in question comprised of Ethernet link and can grow from a few
links (4) to say, 20 - as required bandwidth grows. The gear is MX boxes.

Since I'm familiar with adaptive load balancing but never used it myself,
I'll glad if someone here can share his/her experience using it? Can it
deliver pretty good load balancing across a LAG between routers? Is it
stable? Is there any caveats one should avoid? Anything else we should
consider, before deploying this thing into production? Feel free to share
(off list/on list) your experience and everything else you think relevant.

Thank you.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2017 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos eventuais documentos anexos são 
confidenciais e para conhecimento exclusivo do destinatário. Se o leitor desta 
mensagem não for o seu destinatário, fica desde já notificado de que não poderá 
divulgar, distribuir ou, sob qualquer forma, dar conhecimento a terceiros das 
informações e do conteúdo dos documentos anexos. Neste caso, favor comunicar 
imediatamente o remetente, respondendo este e-mail ou telefonando ao mesmo, e 
em seguida apague-o.

CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are 
solely for the intended recipient and may contain confidential or privileged 
information. If you are not the intended recipient, any review, transmission, 
dissemination or other use of this information is prohibited. If you have 
received this communication in error, please notify the sender immediately and 
delete the material from any computer, including any copies.



WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2017 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos eventuais documentos anexos são 
confidenciais e para conhecimento exclusivo do destinatário. Se o leitor desta 
mensagem não for o seu destinatário, fica desde já notificado de que não poderá 
divulgar, distribuir ou, sob qualquer forma, dar conhecimento a terceiros das 
informações e do conteúdo dos documentos anexos. Neste caso, favor comunicar 
imediatamente o remetente, respondendo este e-mail ou telefonando ao mesmo, e 
em seguida apague-o.

CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are 
solely for the intended recipient and may contain confidential or privileged 
information. If you are not the intended recipient, any review, transmission, 
dissemination or other use of this information is prohibited. If you have 
received this communication in error, please notify the sender immediately and 
delete the material from any computer, including any copies.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Anyone uses Adaptive Load Balancing?

2017-11-17 Thread Alex K. 
Hello everyone,

A customer of mine, is looking forward for a technology able to load
balance a traffic across a LAG.

The LAG in question comprised of Ethernet link and can grow from a few
links (4) to say, 20 - as required bandwidth grows. The gear is MX boxes.

Since I'm familiar with adaptive load balancing but never used it myself,
I'll glad if someone here can share his/her experience using it? Can it
deliver pretty good load balancing across a LAG between routers? Is it
stable? Is there any caveats one should avoid? Anything else we should
consider, before deploying this thing into production? Feel free to share
(off list/on list) your experience and everything else you think relevant.

Thank you.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp