Re: [j-nsp] Need suggestions..
Per FIB, CEFB-E is same as MX80's TRIO, either has 1M FIB for IPv4. Per RIB, Yes, MX80 will be more powerful than RE400 or RE850. On Thu, Feb 4, 2010 at 2:27 PM, Richard A Steenbergen wrote: > On Thu, Feb 04, 2010 at 12:01:18AM -0600, TCIS List Acct wrote: > > No, we are not spaced constrained. > > > > I forgot to mention we are looking to spend as little money as possible, > > and are OK with older gear :-) We've got 4 M7i's at the edge in > production > > now and could probably buy a few more to use for this, but the # of Gig-E > > interfaces in the M7i might constrain us eventually (will not be a > > throughput constraint at all). > > > > Maybe a M10i or even some of the J-series might work? These devices will > > be gateway devices for our distribution switches and not sit at the edge > of > > the network. They just need to be able to hold at least a full routing > > table (when I said 4 full tables before, that was the # of upstreams we > > take routes from, but I know we have only ~300K or so routes actually > > active in the router) > > Existing M7i/M10i boxes are pretty darn old, and IMHO are getting very > close to the end of their useful lifespans. Even with the new CFEB-E > boards (which bring I-chip capabilities and put the old ABC-chip design > out to pasture), RE-400 or even an upgraded RE-850 are not exactly > modern or stellar performers on the control-plane, especially given the > rate that JUNOS is bloating itself. For about the same price as a > redundant M10i with 4xGE you could wait and get an MX80 with 4x10GE and > 48x10/100/1000, and have a throughly modern platform which is FAR more > likely to still be useable in 2-5 years from now. Unless you're putting > this up against a $4k ebay special, you should really be far better off > buying an MX80 when they come out. > > -- > Richard A Steenbergenhttp://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Need suggestions..
M10i + EX3200 will be another option except they are 2 devices. On Thu, Feb 4, 2010 at 1:07 AM, TCIS List Acct wrote: > Hi folks, > > I need a device that: > > - Can handle 4 full routing tables > - Has full layer 3 capability, including OSPF/BGP > - Has at least 4 Gigabit Ethernet ports > - Can handle switch-like functions like VLANs/trunking > - Has redundant A/C power supplies > > Suggestions welcome. > > TIA. > > --Mike > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] RE-400 memory upgrade
RE400 is a standard PC running on Intel Celeron400 and 82443BX mainboard. Your could check SPEC of Intel 82443BX how much DRAM it supported. And I don't think there is any limitation in JUNOS. On Sat, Jan 30, 2010 at 4:01 AM, Kevin Wormington wrote: > Hi, > > I know the official max memory on the RE-400 is 768MB but I was wondering > if anyone has tried using 3 x 512MB modules versus the 3 x 256MB modules? I > assume that it could be bios limited or JunOS limited even if the hardware > accepted it. > > Kevin > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] pppoe mx
hi! PPPoE is only supported by the new TRIO based line card in MX that will be released in 2010Q1. Now MX DPC only support DHCP based subscriber management. On Tue, Jan 5, 2010 at 6:06 PM, SunnyDay wrote: > Hello does anyone have any configs on how to terminate pppoe to an MX > router? > Thank You > > > __ Information from ESET NOD32 Antivirus, version of virus > signature database 4743 (20100104) __ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-series RVI/IRB functionality
hi!
"family bridge" is not supported in J series, it's only supported in
SRX3K/5K to support transpearent firewall.
In J series, there is only "family bridge" and "vlan" interface. But if you
replace the "family ethernet-switching" with "family bridge", and "interface
vlan" with "interface irb", "vlan" with "bridge-domian", it almost works in
an MX.
On Thu, Dec 10, 2009 at 11:16 PM, Ross Vandegrift wrote:
> On Thu, Dec 10, 2009 at 09:55:13PM +0800, ?? wrote:
> > you need trun on enhanced switching mode in coresponding uPIM.
>
> Yea, I have that - the config example you give is the EX-like version
> of JUNOS's switching config (it works, and I like it better).
>
> But, if the J-series don't support the MX-style config, then I guess
> I'm not going to be able to develop MX automation against these boxes.
>
> Ross
>
>
>
> >
> > chassis:
> > *
> >
> > fpc 5 {
> > pic 0 {
> > ethernet {
> > pic-mode enhanced-switching;
> > }
> > }
> > }
> >
> > interfaces:
> >
> >
> > ge-5/0/0 {
> > unit 0 {
> > family ethernet-switching {
> > port-mode access;
> > vlan {
> > members VLAN899;
> > }
> > }
> > }
> > }
> >
> >
> > vlans
> >
> > **
> > VLAN899 {
> > vlan-id 899;
> > }
> >
> >
> > On Thu, Dec 10, 2009 at 4:44 AM, Ross Vandegrift
> wrote:
> >
> > > Hey everyone,
> > >
> > > I'm working on developing JUNOS support for the existing features in
> > > our automation software. We are purchasing two MXes next quarter and
> > > don't have lab MXes for me to develop against.
> > >
> > > Instead, I have setup a pair of J2360s with the GigE uPIM. I was
> > > hoping to develop exactly the same software that will one day talk to
> > > the MXes. Unfortunately, it seems that the layer 2 feature set of the
> > > J and MX are very different.
> > >
> > > All of the documentation claims that the J-series support the
> > > bridge-domains and family bridge style of layer 2 service [1]. But
> these
> > > won't take any of that config - no bridge-domains, no family bridge.
> > >
> > > However, I can configure EX-style layer 2 config with family
> > > ethernet-switching and vlans. I kinda prefer this, but it looks like
> > > my production MXes don't have this support.
> > >
> > > I'm running JUNOS 10.0 on these J-series boxes. I've read some things
> > > [2] that indicate the CLI is changing. Is the EX- way of doing things
> > > the way it's all going to go moving forward? If so, this is a major
> > > omission from the release notes - could break a lot of config.
> > >
> > > I mostly want to make sure I'm automating the right target. :)
> > >
> > > Ross
> > >
> > > [1] -
> > >
> http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-interfaces-and-routing/config-l2-bridging-transparent-mode-chapter.html
> > >
> > > [2] - http://www.gossamer-threads.com/lists/nsp/juniper/19161
> > >
> > >
> > > --
> > > Ross Vandegrift
> > > r...@kallisti.us
> > >
> > > "If the fight gets hot, the songs get hotter. If the going gets tough,
> > > the songs get tougher."
> > >--Woody Guthrie
> > >
> > > -BEGIN PGP SIGNATURE-
> > > Version: GnuPG v1.4.9 (GNU/Linux)
> > >
> > > iEYEARECAAYFAksgDCEACgkQMlMoONfO+HCXPwCbBzuk1XuicemMsS4GiTaMB2/y
> > > l0MAnRySnaE8/b/tFR2yllDkSybylS8d
> > > =Oj7+
> > > -END PGP SIGNATURE-
> > >
> > > ___
> > > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> >
> >
> >
> > --
> > BR!
> >
> >
> >
> > James Chen
>
> --
> Ross Vandegrift
> r...@kallisti.us
>
> "If the fight gets hot, the songs get hotter. If the going gets tough,
> the songs get tougher."
>--Woody Guthrie
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkshEOsACgkQMlMoONfO+HBbkACfTiO2WeoyxT0yiQwIpNTGykdI
> /WcAnjSMzXUTmKOmQhD73rw8hGqUGIBj
> =Ue0s
> -END PGP SIGNATURE-
>
>
--
BR!
James Chen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] per-unit-scheduling on J-Series
Yes, it supported. On Thu, Dec 10, 2009 at 3:30 AM, Eric Van Tol wrote: > Hello, > Is per-unit-scheduling available on VLANs in the J2320 routers? I am > getting conflicting information from the documentation I am reading. > > Thanks, > evt > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-series RVI/IRB functionality
hi!
you need trun on enhanced switching mode in coresponding uPIM.
chassis:
*
fpc 5 {
pic 0 {
ethernet {
pic-mode enhanced-switching;
}
}
}
interfaces:
ge-5/0/0 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members VLAN899;
}
}
}
}
vlans
**
VLAN899 {
vlan-id 899;
}
On Thu, Dec 10, 2009 at 4:44 AM, Ross Vandegrift wrote:
> Hey everyone,
>
> I'm working on developing JUNOS support for the existing features in
> our automation software. We are purchasing two MXes next quarter and
> don't have lab MXes for me to develop against.
>
> Instead, I have setup a pair of J2360s with the GigE uPIM. I was
> hoping to develop exactly the same software that will one day talk to
> the MXes. Unfortunately, it seems that the layer 2 feature set of the
> J and MX are very different.
>
> All of the documentation claims that the J-series support the
> bridge-domains and family bridge style of layer 2 service [1]. But these
> won't take any of that config - no bridge-domains, no family bridge.
>
> However, I can configure EX-style layer 2 config with family
> ethernet-switching and vlans. I kinda prefer this, but it looks like
> my production MXes don't have this support.
>
> I'm running JUNOS 10.0 on these J-series boxes. I've read some things
> [2] that indicate the CLI is changing. Is the EX- way of doing things
> the way it's all going to go moving forward? If so, this is a major
> omission from the release notes - could break a lot of config.
>
> I mostly want to make sure I'm automating the right target. :)
>
> Ross
>
> [1] -
> http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-interfaces-and-routing/config-l2-bridging-transparent-mode-chapter.html
>
> [2] - http://www.gossamer-threads.com/lists/nsp/juniper/19161
>
>
> --
> Ross Vandegrift
> r...@kallisti.us
>
> "If the fight gets hot, the songs get hotter. If the going gets tough,
> the songs get tougher."
>--Woody Guthrie
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAksgDCEACgkQMlMoONfO+HCXPwCbBzuk1XuicemMsS4GiTaMB2/y
> l0MAnRySnaE8/b/tFR2yllDkSybylS8d
> =Oj7+
> -END PGP SIGNATURE-
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
BR!
James Chen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Web Interface
It's true that J-web is slowly in low-end SRX cause the low CPU power in SRX branch and the big footprint with JUNOS, and Juniper have a roadmap to improve it in JUNOS10.1/10.2... On Mon, Nov 9, 2009 at 7:28 AM, Gamino, Rogelio (OCTO-Contractor) < rogelio.gam...@dc.gov> wrote: > Have you tried a different browser? We have a few SRX's we are testing and > I haven't seen the problems you are reporting. > > > > > Make a difference in your community. > Watch your US mail for your 2010 Census Form. > www.census.dc.gov-Original Message- > From: juniper-nsp-boun...@puck.nether.net [mailto: > juniper-nsp-boun...@puck.nether.net] On Behalf Of Michael Dale > Sent: Friday, November 06, 2009 11:35 PM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] Web Interface > > Hi All, > > I've just started using an SRX210 to learn JunOS, so that when the time > comes we can easily replace our existing SSG devices but one thing that I > don't understand is why the web interface on JunOS is so bad. > > Does anyone else think this? > > On the SRX210 is it significantly slower that the old SSG5s interface, and > it is really really buggy. It is basically unusable. > > My main issues: > > 1) Slower, probably half the speed of the old SSG range of devices. > 2) Buggy, for example I get the following errors: > +"Error in client:system-identification" in the messages log section > (Dashboard) > + The sessions count simply displays "NaN" (Dashboard) > + Under System Identification I get serial number "Unknown" and none of the > other fields are populated. (Dashboard) > + I get "The data refresh failed" error in a number of different sections. > > This is using the latest version of Firefox and JunOS 10.0. > > It really feels like a step back from ScreenOS. > > I do really like the command line, and it is better than ScreenOS. By why > is the web interface so bad? Is it just me? > > I fired up my old J2300 router running 9.3 and it is much much faster and > less buggy, so what is going on?! > > /end rant :) > > Thanks, > Michael. > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Experience with J series
if you running flow based JUNOS , you could try this knob to turn it into
packet based mode:
security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
}
On Sat, Sep 26, 2009 at 7:09 PM, Pavel Lunin wrote:
> 2009/9/24 Chris Kawchuk
>
> Yep. 30 ACL's with no issues (assuming straightforward things). Full BGP
> > Tables, OSPF area 0.0.0.0 inside, QoS, IPSEC.
>
>
> I'd warn you guys of running peers with full BGP on J series with 1 Gig of
> RAM. It was not a problem till 9.4. But since 9.4 JUNOS for J-series is
> flow
> based only thus fwwd daemon preallocates plenty of memory for stateful
> sessions tracking just like ScreenOS does. Even if you switch it to packet
> context.
>
> Here is some output from a J2350 runiing 9.6 in a lab enviroment.
>
> =
> p...@j2350> show system processes extensive
> [...]
> PID USERNAMETHR PRI NICE SIZERES STATETIME WCPU COMMAND
> 11 root 1 171 52 0K12K RUN1069.4 95.80% idle
> 778 root 1 960 482M 482M select 71.0H 0.98% fwdd
> [...]
> =
>
> 482MB ! 9.5R1 eats even a bit more (some 60 megs plus).
>
> I myself tried to run 2 peers with fullview on J2320 JUNOS 9.4/9.5 with 1
> Gig and bumped into BGP session dropping with LowMem event.
>
> Moreover keep in mind that J2320/2350 are less valuable than SRX240 in
> price/performace terms.
>
> --
> Regards,
> Pavel
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
BR!
James Chen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] LX SFP Question
You mean DOM(Digital Optical Monitoring)? it will be added to EX in 10.0(2009Q4) On Fri, Sep 25, 2009 at 6:47 PM, Mike Mainer wrote: > on M&T routers you always have the command list below to give you light > rx/tx levels/thresholds but Juniper removed this command from the EX version > of JUNOS. They actually had the command in early releases (9.2) but it did > not provide any output. I know in 9.4r3.5 Juniper just removed that command > altogether. We had asked our SE to have this added as a "feature request" > but nothing so far... > > /*/show interfaces diagnostics/ optics > > */-Mike > > > Paul Stewart wrote: > >> Hi folks... >> >> Does anyone know the tolerance of the LH SFP's from Juniper? We are >> trying >> to get an EX3200 switch configured and ready for production - have a case >> open at JTAC but haven't been able to resolve. In fairness to the JTAC >> engineer, I haven't had a lot of time to troubleshoot except for >> performing >> a software upgrade which has been completed (9.4) >> >> The link is up/up from the EX3200 to a Cisco 6500 but the distance at the >> moment (while testing) is literally 15' or so. In the Cisco world we have >> no problem on such short distances but wondering if something is different >> or causing a problem for the Juniper. >> >> We see up/up and at one point were seeing a MAC address but unable to >> access >> the Management VLAN on the switch (only VLAN configured at the moment). >> Since the software upgrade we cannot see a MAC address even which has me >> wondering about the connection running too hot >> >> JTAC verified that the configuration is correct - Cisco TAC has verified >> that the IOS configuration is correct. >> >> Many thanks, >> >> Paul >> >> >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> >> > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] question about user access to logical router
hi!
example below:
login {
class r1 {
idle-timeout 3;
logical-system r1;
login-tip;
permissions all;
}
class r2 {
idle-timeout 3;
logical-system r2;
login-tip;
permissions all;
}
class r3 {
idle-timeout 3;
logical-system r3;
login-tip;
permissions all;
}
user r1 {
uid 2001;
class r1;
authentication {
encrypted-password "$1$oqTRaFSC$tqHZZza/YLa.VBgILcH7f."; ##
SECRET-DATA
}
}
user r2 {
uid 2002;
class r2;
authentication {
encrypted-password "$1$n/GK8VMf$jaVuuKCxl4t4fNjJZL2G9/"; ##
SECRET-DATA
}
}
user r3 {
uid 2003;
class r3;
authentication {
encrypted-password "$1$YF1/tq4Z$OPcXmCWLowY1xLsj8LLn90"; ##
SECRET-DATA
}
}
}
this feature is introduced from JUNOS 8.5.
On Sun, Sep 6, 2009 at 3:41 AM, Yue Min wrote:
> logical router is a great feature. however, I have some questions
> about how more efficiently user can access to logical router. here's
> the senario:
>
> r1, r2 , and r3 are three logical router. I want define three classes
> and users, each with full control of its logical router efficiently.
> it means, when r1 user login with its user account, it should see
> these things:
>
> 1. r1 will be able to see only "logical-routers r1" configure, and
> make configure changes only to r1.
> 2. when user r1 get into configure mode, it won't be warned "there's
> other user in configuration mode" if other user is r2 and/or r3, not a
> "global" user.
> 3. r1 should be able to issue command like "ping" "show route" "show
> isis database" etc. without speicifying logical router name.
>
> anyone has a good sample to do this? thanks.
>
> Min
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
BR!
James Chen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960
interfaces {
ge-0/0/0 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 10;
}
}
}
ge-0/0/1 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 1-4000;
}
}
}
irb {
unit 10 {
family inet {
address 10.0.0.3/29
}
}
}
}
}
}
}
bridge-domains {
vlan10 {
vlan-id 10;
routing-interface irb.10;
}
}
On Sat, Aug 22, 2009 at 12:23 AM, Michael Phung wrote:
> Hello everyone,
>
> I just got my hands on a Juniper mx router and I'm starting the
> initial config in preparation to convert from Cisco. As I configure
> the interfaces, I can't seem to figure our how to create a routed vlan
> interface and have the ability to trunk it down multiple physical
> interfaces. I've looked up on the the web but was unable to find
> anything that direct describes what I'm trying to achieve.
>
> Below is a sample config from a Cisco;
>
> !
> spanning-tree mode pvst
> spanning-tree vlan 200 priority 8192
> !
> interface GigabitEthernet2/1
> switchport
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 200
> switchport mode trunk
> switchport nonegotiate
> !
> interface GigabitEthernet2/10
> switchport
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 200
> switchport mode trunk
> switchport nonegotiate
> !
> interface Vlan200
> ip address 10.10.10.2 255.255.255.192
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> standby ip 10.10.10.1
> !
>
> Can this be done on a MX router? if so, can a sample config be provided?
>
> Any help would be much appreciated.
>
> Michael
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
BR!
James Chen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Questions about count in firewall filter
hi!
I think the answer is "NO" in Cisco high-end platforms, because Cisco use
TCAM to do firewall filter(ACL) and due to firewall filters are typically
optimized (compiled) before being downloaded to CAM, causes the filter lines
to no longer be associated with unique or single CAM cells and so you cannot
count packets per firewall filter term.
And in low-end platforms Cisco use software to do ACL, it may achieve that
but I have no experience with that.
On Fri, Jun 19, 2009 at 9:43 AM, Li Zhu wrote:
> All,
>
> In the firewall filter, the counter can count number of packets match the
> term. In the simple firewall filter below, the counter AF11_NUM and EF_NUM
> can count number packets with af11 and ef, respectively. My question is:
> can
> Cisco achieve similar goal? I know this may be a Cisco question, but I want
> to try my luck here also.
>
> Thanks,
>
> Li
>
> firewall {
>filter f1 {
>term t1 {
>from {
>dscp af11;
>}
>then {
>count AF11_NUM;
>accept;
>}
>term t2
> from {
> dscp ef
> then {
>count EF_NUM;
>accept;
> }
>}
>}
> }
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
BR!
James Chen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Destination NAT with Junos 9.5
JUNOS 9.6 will increase the limitation to 256 and even more in future release. On Thu, Jun 11, 2009 at 10:55 AM, Ben Dale wrote: > I have run into this issue in the past - one hack I have used to work > around it is to configure for example 8 rules of destination NAT and then 8 > rules of static NAT. The static NAT takes away your ability to specify > port, but you could use policies to limit the traffic allowed through (but > not perform PAT though). > > Cheers, > > Ben > > > > > On 10/06/2009, at 11:10 PM, Alexander Shikoff wrote: > > Hello! > > I have J2320 with JunOS 9.5, one external interface with one IP-address. > I wish to make destination NAT for 12 different hosts in my internal > network, > for example > port 5000 -> port 5000 > port 5001 -> port 5001 > [...] > > But one rule-set can contain only 8 rules. If I split all 12 rules in some > rule-sets, then I get an error > "error: Destination NAT rule-set NAT-Prime and NAT-DOM have same context." > > Is there a way to solve this? Thanks. > > -- > MINO-RIPE > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Cisco equivalent IP SLA feature
you can try the RPM feature in JUNOS, you may need the service PIC for hardware time stamp. On Tue, Jun 2, 2009 at 12:12 AM, Marlon Duksa wrote: > I don't think there is support for packet loss in Juniper JUNOS platforms > as > part of Y.1731. Y.1731 supports it but Juniper does not implement it as far > as I know.Thanks, > Marlon > > On Sat, May 30, 2009 at 7:20 AM, David Ball wrote: > > > You may also want to check out the release notes for 9.5 (?), which > > I believe mention support of 802.1ag (end-to-end continuity check) and > > ITU-T Y.1731 (delay, jitter, packetloss measurement). > > > > David > > > > > > 2009/5/30 Felix Nkansah : > > > Hi team, > > > I would like to know if there are equivalent features of Cisco's IP SLA > > and > > > Object Tracking in Junos? > > > > > > Many thanks, > > > > > > Felix > > > ___ > > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
