Re: [j-nsp] JunOS on EX4550?

2019-10-16 Thread Josh Baird 
Thanks, Richard.  Any particular reason why I would be better off using
12.3R12?

On Wed, Oct 16, 2019 at 5:53 PM Richard McGovern 
wrote:

> No.  For legacy EX switches, for which EX4500/EX4550 fall into, 15.1 is
> last release.  At the same time, I think you might have best results using
> 12.3R12-S[latest] instead.  Both 12.3 and 15.1 will be maintained for life
> of legacy EX switches.
>
> HTH, Rich
>
> Richard McGovern
> Sr Sales Engineer, Juniper Networks
> 978-618-3342
>
> I’d rather be lucky than good, as I know I am not good
> I don’t make the news, I just report it
>
>
> On 10/16/19, 1:50 PM, "Josh Baird"  wrote:
>
> Is it possible (and recommended) to run anything newer than 15.1 on
> EX4550
> (which is what the JTAC-recommended version currently is).
>
>
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] JunOS on EX4550?

2019-10-16 Thread Richard McGovern via juniper-nsp 
--- Begin Message ---
No.  For legacy EX switches, for which EX4500/EX4550 fall into, 15.1 is last 
release.  At the same time, I think you might have best results using 
12.3R12-S[latest] instead.  Both 12.3 and 15.1 will be maintained for life of 
legacy EX switches.

HTH, Rich

Richard McGovern
Sr Sales Engineer, Juniper Networks 
978-618-3342
 
I’d rather be lucky than good, as I know I am not good
I don’t make the news, I just report it
 

On 10/16/19, 1:50 PM, "Josh Baird"  wrote:

Is it possible (and recommended) to run anything newer than 15.1 on EX4550
(which is what the JTAC-recommended version currently is).



--- End Message ---
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] rfc8097 (rpki) communities ?

2019-10-16 Thread Jeff Haas via juniper-nsp 
--- Begin Message ---


> On Mar 5, 2019, at 02:04, Job Snijders  wrote:
> 
> On Thu, Feb 28, 2019 at 04:17:19PM +0300, Alexandre Snarskii wrote:
>> Somewhat stupid question: while experimenting with rpki, I found that
>> while rfc8097 declares origin validation state as extended community
>> (0x4300:0.0.0.0:N in juniper configuration terms), Juniper documentation 
>> uses standard communities 0x4300:N for this purpose:
>> 
>> https://www.juniper.net/documentation/en_US/junos/topics/topic-map/bgp-origin-as-validation.html
> 
> I suspect this is a documentation bug, they probably meant to use
> 'arbitrary extended community' syntax.

FWIW, I don't see non-extended community syntax in this documentation page.  
It'd be a doc bug.

> 
>> Question: is it just a bit outdated documentaton and I shall follow
>> RFC and use extended communities, or there are some other reasons to
>> use standard ones ?
> 
> The "0x4300:1" syntax squats on AS 17152's community space, so that's
> not nice.
> 
> I think a nice feature of the RFC 8097 communities is that they aren't
> transitive, and you can reference the RFC for the documentation aspect
> of assigning those communities.

At some point we need to get named communities in place here.  I had the start 
of a patch a while back, but it rotted due to not getting worked on in a timely 
fashion.

-- Jeff

--- End Message ---
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] FlowSpec and RTBH

2019-10-16 Thread Jeff Haas via juniper-nsp 
--- Begin Message ---
Marcin,


> On Oct 9, 2019, at 07:26, Marcin Głuc  wrote:
> I was wondering is there a way to export family flow routes (from
> inetflow.0) to non flowspec BGP speaker?
> For example tag Flowspec route with community and advertise this route with
> different community to blackhole on upstream network (selective RTBH).

I'm having difficulty following your use case.

Flowspec is its own address family with its own AFI/SAFI and a rather nasty 
format.

Are you asking that some internal component of a flowspec filter, like 
destination, is leaked into another address family?

-- Jeff

--- End Message ---
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Junos Telemetry Interface (JTI)

2019-10-16 Thread Aaron Gould 
Response to old thread and referencing my new thread… 

 

“[j-nsp] telemetry analytics - mx960 - npu packet rate concerns”

 

My JTI/OpenNTI systems seems to be continuing to run nicely.  I use it when I 
really need to know some details.

 

In the new thread I mentioned above, I was curious about my CGNat MS-MPC-128G 
resource utilization and starting digging around in those sensor agent and 
their data I’ve been receiving in my telem station.

 

I’ll copy and paste from that other thread for convienience.

 

Using my JTI/Chronograf/Grafana web interface I'm trying to understand some of 
the telemetry analytics data I'm seeing coming from what appears to be the 
sensor resource of my MX960 corresponding to 
/junos/system/linecard/npu/utilization/ .. The field seen on chronograf that 
I'm watching is "npu_util_stats.packets.rate"

 

When using the Chronograf data explorer and picking one MX960 and a certain 
_seq number (0-14 , I don't know what these are) I'm seeing some significant 
drops in the graph during peak time (approx. 7 - 10 p.m.) watching 
"npu_util_stats.packets.rate" with mean function (as opposed to median, count, 
min, max, etc, etc).  In other words, the graph shows a typical ramp-up 
approaching peak times, and ramp-down during the late night hours..

But about a week ago, I started seeing dramatic drops/sags in the graph during 
those 7-10 p.m. hours.

 

I'd like to try to figure out what those drops are related to. I'm wondering if 
this is the MS-MPC-128G npu's in-use for my cgnat.. I've been loading it up 
quite a bit lately with thousands more subscribers behind it, and am trying to 
watch how it scales. and if I have any reason for concerns regarding resource 
load, etc.

 

If you unicast email me, I’ll send you screen shots of my telem graphs that are 
giving me concern and the sensor agent strings that I’m looking at.

 

Thanks y’all

 

- Aaron

 

 

 

 

 

From: Colton Conor [mailto:colton.co...@gmail.com] 
Sent: Monday, November 12, 2018 6:47 AM
To: Aaron
Cc: beec...@beecher.cc; Juniper List; james.burn...@geant.org
Subject: Re: [j-nsp] Junos Telemetry Interface (JTI)

 

Guys,

 

I wanted to follow up and see how things are going with JTI?

 

Also, it has been brought to my attention that OpenNMS supports JTI. I was not 
aware of that, so I figured I would share with others: 
https://docs.opennms.org/opennms/branches/develop/guide-admin/guide-admin.html#ga-telemetryd

 

 

On Thu, Oct 11, 2018 at 12:24 PM Aaron1  wrote:

Yes Niall, lets stay in touch.

Thanks Tom, I’ll have to look at Panoptes

Aaron

> On Oct 11, 2018, at 8:18 AM, Tom Beecher  wrote:
> 
> Related, my company open sourced a tool we've been working on for network 
> telemetry at NANOG in Vancouver. I'm 95% sure that a JTI receiver is 
> functional on our internal builds, but they're still working on a few things 
> with streaming receivers generally, so it's not yet in the public repo. May 
> be something that can meet your needs at some point if you wanted to keep an 
> eye on it. 
> 
> https://github.com/yahoo/panoptes
> 
>> On Thu, Oct 11, 2018 at 9:02 AM Niall Donaghy  
>> wrote:
>> Fantastic news Aaron!
>> 
>> That tallies with our experience of deploying the 'bundle' version of 
>> OpenNTI 
>> for Junos ST.
>> 
>> We look forward to your shared experiences as you kick the tyres and - 
>> hopefully - incorporate this into your NMS/procedures. :)
>> 
>> Many thanks,
>> Niall
>> 
>> 
>> -Original Message-
>> From: Aaron Gould [mailto:aar...@gvtc.com]
>> Sent: 11 October 2018 13:59
>> To: juniper-nsp@puck.nether.net
>> Cc: James Burnett ; Niall Donaghy 
>> ; 'Colton Conor' 
>> Subject: RE: [j-nsp] Junos Telemetry Interface (JTI)
>> 
>> Wanted to circle back with y'all... I finally got this working...thanks to 
>> techmocha10 (see below) and my linux coworker genius (Dave),
>> 
>> I'll just copy/paste a post I just made...
>> 
>> https://forums.juniper.net/t5/vMX/Telemetry-data-is-not-streaming-from-Juniper-vMX-17-4R1-16/m-p/375996#M923
>> 
>> 
>> I got telemetry streaming working using this site ... I have a couple 
>> MX960's 
>> streaming telemetry to the suite of software provided in this Open-NTI 
>> project 
>> spoken of on this techmocha blog site.  I think my previous problems were 
>> related to conflicting installs as myself and my coworker had loaded 
>> individual items and then the open-nti suite (which i understand is a docker 
>> container with all the items like grafana, fluentd, chronograf, influxdb, 
>> etc) anyway, we started with a fresh install Ubunto virtual machine and 
>> *only* loaded Open-NTI and it works.
>> 
>> 
>> I do not know or understand all of the innerworkings of it at this point, 
>> but 
>> am quickly learning, even while writing this post... I'm currently using 
>> Chronograf hosted at port  and browsing the Data Explorer function and 
>> seeing some nice graphs.  (I'm wondering if Chrongraf is simply an 
>> alternative 
>> to Grafana gui

[j-nsp] JunOS on EX4550?

2019-10-16 Thread Josh Baird 
Is it possible (and recommended) to run anything newer than 15.1 on EX4550
(which is what the JTAC-recommended version currently is).
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp