[j-nsp] IPv6 Filter-based Forwarding on QFX5100

[Jason Healy via juniper-nsp]

Looking for anyone with real-world experience on this.  I've been wanting to do 
filter-based forwarding (aka policy-based routing) on my QFX 5100 for a while.  
It works on IPv4, but didn't on IPv6.  That means you can't have a firewall 
rule with a "routing instance" terminating action in v6.

I'd given up on it ever working, but I noticed the docs were updated to say the 
feature was added for the qfx5100 in 19.1R1:

https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/filter-based-forwarding-qfx-series.html

Well, I happen to be on 20.2R2 so I tried to configure it again and... it still 
doesn't seem to work.

Anybody out there have FBF for IPv6 working on a qfx5100?  Is there any reason 
it would be listed in 19.1 but not work in 20.2?  There wasn't a Feature 
Explorer entry for this specific feature so I can't find any other info on the 
exact releases that support it.

Now that it's EOL, I guess I could just jump to 21.2 (the last supported 
release) and hope for the best...

Thanks,

Jason
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP

[Chuck Anderson via juniper-nsp]

I've done this with perl scripts and the Juniper NETCONF libraries.  I
make the changes inside a configuration group which is inherited into
the actual prefix-list(s), then lock down the account so it is only
able to make changes to that configuration group.

groups {
AUTO-PREFIX-LIST {
policy-options {
prefix-list AUTO-FOO {
...
prefix-list AUTO-BAR {
...
prefix-list AUTO-BAZ {
...
system {
login {
class AUTO-PREFIX-LIST {
permissions [ configure view view-configuration ];
allow-commands junoscript;
allow-configuration "(groups AUTO-PREFIX-LIST policy-options 
.*)";

On Thu, Aug 12, 2021 at 02:41:10PM -0400, Alain Hebert via juniper-nsp wrote:
> Context
> 
>      I'm looking for a *simple* & safe way to manage daily IRR changes 
> from my customers...
> 
>      Right now its a simple script that push changes using command lines 
> thru SSH...
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Looking for Hints: Best Practices to PUSH prefix-list on MX platform with 16.x and UP

[Alain Hebert via juniper-nsp]

Context

    I'm looking for a *simple* & safe way to manage daily IRR changes 
from my customers...


    Right now its a simple script that push changes using command lines 
thru SSH...


    While it is working adequately, I wonder how long it will be 
feasible =D with the current growth.



Solution

    As for there REST API, I remember someone having some issues where 
the RE keep rebooting and took down their entire OP for a few hours...


    . Anyone can testify on the solidity of their RESTful API?

    . Should we bump up the production version to something newer?

    PS: Security wise we're fine, anything related to management is 
tightly pinned to a OOB with MFA and high encryption =D.



    Thanks for your time.

--

-
Alain Hebertaheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] juniper-nsp Digest, Vol 224, Issue 2

[Damon Vaughn via juniper-nsp]

--- Begin Message ---
I see the ports in Plymouth as down

-Original Message-
From: juniper-nsp  On Behalf Of 
juniper-nsp-requ...@puck.nether.net
Sent: Tuesday, August 10, 2021 8:01 AM
To: juniper-nsp@puck.nether.net
Subject: juniper-nsp Digest, Vol 224, Issue 2


Please make sure you trust the sender before responding, clicking links, or 
opening attachments.

__
Send juniper-nsp mailing list submissions to
juniper-nsp@puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit

https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/juniper-nsp__;!!DUHle9IWsHMULw!P-ehjI-ohdHxatA_XeJ6Vl4-2sCjtMzvKvFkfNc5p50slKmLQK844sSuWiC-OjpJFtN2Ndg1$
or, via email, send a message with subject or body 'help' to
juniper-nsp-requ...@puck.nether.net

You can reach the person managing the list at
juniper-nsp-ow...@puck.nether.net

When replying, please edit your Subject line so it is more specific than "Re: 
Contents of juniper-nsp digest..."


Today's Topics:

   1. Re: DHCP server recommendation for subscribers management
  (Andrey Kostin)
   2. Re: DHCP server recommendation for subscribers management
  (Bj?rn Mork)
   3. Re: DHCP server recommendation for subscribers management
  (Andrey Kostin)
   4. Re: DHCP server recommendation for subscribers management
  (Bj?rn Mork)
   5. Re: DHCP server recommendation for subscribers management
  (Andrey Kostin)
   6. Re: DHCP server recommendation for subscribers management
  (Bj?rn Mork)
   7. Re: DHCP server recommendation for subscribers management
  (Nathan Ward)


--

Message: 1
Date: Fri, 06 Aug 2021 09:52:48 -0400
From: Andrey Kostin 
To: Jerry Jones 
Cc: Juniper nsp 
Subject: Re: [j-nsp] DHCP server recommendation for subscribers
management
Message-ID: 
Content-Type: text/plain; charset=UTF-8; format=flowed

Jerry Jones ? 2021-08-06 09:37:
> Strongly suggest having active lease query or bulk active lease query
> 
> I believe kea has this support
> 
>   Jerry Jones?

Thanks for reply, Jerry.
In my understanding active leasequery can be run between routers, so might be 
not needed on DHCP server, am I correct?
Interesting question what happens if we have two routers with synchronized DHCP 
bindings, will be DHCP demux interfaces created on the secondary router based 
on that? My guess is no, but need to test it. If then traffic switches from 
primary to secondary router, will the secondary be able to pass IP traffic 
right away or it will have to wait for next DHCP packet from a client to create 
demux interface?

Kind regards,
Andrey


--

Message: 2
Date: Fri, 06 Aug 2021 18:38:59 +0200
From: Bj?rn Mork 
To: Andrey Kostin via juniper-nsp 
Subject: Re: [j-nsp] DHCP server recommendation for subscribers
management
Message-ID: <87lf5er0ik@miraculix.mork.no>
Content-Type: text/plain; charset=utf-8

Andrey Kostin via juniper-nsp  writes:

> What DHCP server do you use/would recommend to deploy for subscriber 
> management?

The one in JUNOS. Using RADIUS as backend.


Bj?rn


--

Message: 3
Date: Fri, 06 Aug 2021 13:55:22 -0400
From: Andrey Kostin 
To: Bj?rn Mork 
Cc: Andrey Kostin via juniper-nsp 
Subject: Re: [j-nsp] DHCP server recommendation for subscribers
management
Message-ID: <8f322f8aa20fd13170e22e0e56b4e...@podolsk.ru>
Content-Type: text/plain; charset=UTF-8; format=flowed

Bj?rn Mork via juniper-nsp ? 2021-08-06 12:38:
> Andrey Kostin via juniper-nsp  writes:
> 
>> What DHCP server do you use/would recommend to deploy for subscriber 
>> management?
> 
> The one in JUNOS. Using RADIUS as backend.
> 

Thanks, currently using it but looking for a central server for more effective 
IP usage.

Kind regards,
Andrey


--

Message: 4
Date: Fri, 06 Aug 2021 21:27:02 +0200
From: Bj?rn Mork 
To: Andrey Kostin via juniper-nsp 
Subject: Re: [j-nsp] DHCP server recommendation for subscribers
management
Message-ID: <87fsvmqsqh@miraculix.mork.no>
Content-Type: text/plain; charset=utf-8

Andrey Kostin  writes:
> Bj?rn Mork via juniper-nsp ? 2021-08-06 12:38:
>> Andrey Kostin via juniper-nsp  writes:
>> 
>>> What DHCP server do you use/would recommend to deploy for subscriber 
>>> management?
>> The one in JUNOS. Using RADIUS as backend.
>> 
>
> Thanks, currently using it but looking for a central server for more 
> effective IP usage.

Probably stupid question, but here goes... How does a central server make the 
IP usage more effective?  Are you sharing pools between routers?

In any case, you can do that with a sufficiently smart RADIUS server too.  You 
don't have to let JUNOS manage the address pools even if it is providing the 
DHCP frontend.

IMHO, having the DHCP frontend on the edge makes life so