Re: [j-nsp] polishing an antique m7i
>> - old m7i with RE-B-1800X1-4G-S >> - currently running 14.2R7.5 >> - hard disk dying >> - have nice new 1tb sata ssd for it >> - juniper support download is pushing 15.1R7.9 at me >> - should i worry about increased memory use or license changes in 15? >> - if so, where the heck is 14? > > If 14 is missing from the repository, then it's probably because it is > EoL. so is the m7i :) > I can't find 14 for even the MX, so chances are Juniper stopped > maintaining it a while ago. I recall debuting 14 into our network back > in 2014, and it had tons of problems. I'd be surprised if Juniper are > still actively supporting it. i am not expecting active support of 14 or the m7i. i am expecting an archive of historical releases just as application softwares have. > For the M7i, chances are your memory footprint will bulge with 15 exactly my fear. it was running 14 successfully as the disk drive failed. i want to run 14 when the new drive is installed (in the next day or two). this seems a reasonable desire. >> - and with the support portal rearrangement, i can not find >>destructions for making a bootable usb stick from >>install-media-15.1R7.dms (on a mac or an rPi, of course:) `dd in=Desktop/ISOs/install-media-15.1R7.dms of=/dev/disk6 bs=1m` resulted in ryuu.rg.net:/Users/randy> sudo fdisk /dev/disk6 Password: Disk: /dev/disk6geometry: 979/255/63 [15728640 sectors] Signature: 0xAA55 Starting Ending #: id cyl hd sec - cyl hd sec [ start - size] 1: 04 880 0 1 - 879 0 1 [ 1893232 - 20480] DOS FAT-16 *2: A5 680 0 1 - 879 0 1 [ 680 -1892552] FreeBSD 3: 000 0 0 -0 0 0 [ 0 - 0] unused 4: 000 0 0 -0 0 0 [ 0 - 0] unused which is somewhat reassuring, though the start/size of #1 is a bit odd randy ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] polishing an antique m7i
On 7/2/22 20:00, Randy Bush via juniper-nsp wrote: - old m7i with RE-B-1800X1-4G-S - currently running 14.2R7.5 - hard disk dying - have nice new 1tb sata ssd for it - juniper support download is pushing 15.1R7.9 at me - should i worry about increased memory use or license changes in 15? - if so, where the heck is 14? If 14 is missing from the repository, then it's probably because it is EoL. I can't find 14 for even the MX, so chances are Juniper stopped maintaining it a while ago. I recall debuting 14 into our network back in 2014, and it had tons of problems. I'd be surprised if Juniper are still actively supporting it. For the M7i, chances are your memory footprint will bulge with 15, but likely not as much as if you went to higher code (which the M7i doesn't support - it tops out at 15.1). I'd be keen to hear if you can get the SSD drive to boot, though. - and with the support portal rearrangement, i can not find destructions for making a bootable usb stick from install-media-15.1R7.dms (on a mac or an rPi, of course:) This is dated, but might offer some help: http://networkarch.blogspot.com/2013/02/building-bootable-juniper-usb-stick-on.html Mark. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRTBH
In circumstances where the routing table can help you mitigate an attack, including things that use uRPF, it'll usually scale significantly better that flowspec. This is primarily because flowspec is just a distributed way of programming the firewall, and firewalls on transit routers have many dimensions where they don't scale nicely. That said, the firewall on many of our platforms for "block these sources" should scale nicely ... but doesn't in flowspec if you have rules that interleave. The interleaving rules interfere with firewall optimization. The issue above motivates the flowspec v2 work happening in IETF, particularly the user-ordered rules. -- Jeff On 7/7/22, 10:02 AM, "juniper-nsp on behalf of Gert Doering via juniper-nsp" wrote: [External Email. Be cautious of content] Hi, On Thu, Jul 07, 2022 at 08:41:56AM -0400, harbor235 via juniper-nsp wrote: > Since Flowspec arrived, are there any uses for SRTBH? Scaling? My understanding of flowspec is that it is typically implemented by programming ACL TCAM, while SRTBH is routing table lookup, so "some 10.000 lines" vs. "2-4 million". OTOH, SRTBH is all-or-nothing, not "only port 80"... gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de Juniper Business Use Only ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRTBH
Hi, On Thu, Jul 07, 2022 at 08:41:56AM -0400, harbor235 via juniper-nsp wrote: > Since Flowspec arrived, are there any uses for SRTBH? Scaling? My understanding of flowspec is that it is typically implemented by programming ACL TCAM, while SRTBH is routing table lookup, so "some 10.000 lines" vs. "2-4 million". OTOH, SRTBH is all-or-nothing, not "only port 80"... gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRTBH
Since Flowspec arrived, are there any uses for SRTBH? Anyone using TrinityCyber, them use a different approach to IDS and is not strictly signature based but more TTPs? Write up appear to be good, curious if anyone is using their products? Mike ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp