Re: [j-nsp] Full table inside VRF - J Series
Hi Rolf, Truman is correct. I just found that the J4350 you are referring to (Just so that the forum knows, Rolf and I work for the same company) has 1Gig RAM installed on it but is already 81% Utilized. ...@> show chassis routing-engine Routing Engine status: Temperature 30 degrees C / 86 degrees F CPU temperature 46 degrees C / 114 degrees F DRAM 1024 MB Memory utilization 81 percent CPU utilization: User 1 percent Real-time threads 15 percent Kernel13 percent Idle 71 percent Model RE-J4350-2540 Serial ID ! Start time 2010-04-27 22:12:59 CAT Uptime 54 days, 17 hours, 25 minutes, 47 seconds Last reboot reason 0x8:power-button hard power off Load averages: 1 minute 5 minute 15 minute 0.04 0.06 0.07 ...@> According to Juniper Datasheet (http://www.juniper.net/us/en/local/pdf/datasheets/1000206-en.pdf) the J4350 and 6350 can only upgrade to max of 2Gig RAM. The best is to LAB this and then see what the performance is after having a full table in an (internet) VRF. Kind Regards Deon Vermeulen On Jun 21, 2010, at 5:53 AM, Truman Boyes wrote: > Yes you can do this on a J-series. If you can handle the full table in > inet.0, you can handle this full table in a VRF. Just make sure you have > enough RAM to hold a full table (regardless of the type of routing-instance) > ... > > Truman > > > On 20/06/2010, at 4:53 PM, Rolf Mendelsohn wrote: > >> Hi All, >> >> Note that my J experience is limited, I've mainly been exposed to lots of C >> over the years... :>). >> >> We are looking to try and squeeze a Full table into a vrf on the J Series. >> >> Is this possible, or is the only bet to go for an M Series or C7200/NPE-G1 >> or >> 2? >> >> cheers >> /rolf >> >> >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Olive Qemu/GNS3 networking issue on Snow Leopard
Thanks I've picked up that I need quite a bit of Memory to get JUNOS installed. I used 1534 for installing 10.2. I'm sure 1024 is more then enough for this. I'm running my qemus with 96MB RAM in GNS3 as I don't want to boot the LAB every time I want to use it, but I also still want to be able to use my machine as normal without the lack of Memory. Images do take a long time to boot up, but once up and running they work like a charm. Thanks again for the Notes. Really Appreciate it. Kind Regards Deon Vermeulen On Jun 17, 2010, at 4:28 PM, Stefan Fouant wrote: >> -Original Message----- >> From: Deon Vermeulen [mailto:vermeulen.d...@gmail.com] >> Sent: Thursday, June 17, 2010 5:05 AM >> To: Tommy Perniciaro; Giany; Stefan Fouant >> Cc: juniper-nsp@puck.nether.net >> Subject: Re: [j-nsp] Olive Qemu/GNS3 networking issue on Snow Leopard >> >> I have a MBPro with 4Gig RAM, so I'll be setting up my LAB with the >> 182559er interfaces and see if my qemu instance crashes when running the >> EBGP case study on my machine. > > FYI, I've successfully managed to run my Olives with as little as 96 MB of > memory allocated to each VM, but only AFTER installation was complete. It > seems for whatever reason the memory check function only exists during > initial installation, but once its installed it can be run with effectively > a lot less memory. I've even managed to get my Olives to run with as little > as 48 MB of memory allocated to the VM but it was painfully slow. > > 4 GB of memory should be more than adequate to get yourself a decent virtual > lab going... > > Stefan Fouant, CISSP, JNCIEx2 > www.shortestpathfirst.net > GPG Key ID: 0xB5E3803D > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Olive Qemu/GNS3 networking issue on Snow Leopard
Hi Tommy, Giany, Stefan I manage to find the problem. I created a qemu base image with Junos 10.2R1.8, but instead of using the 182559er NIC I used the e1000 for my JUNOS Routers. I reconfigured all interfaces for JUNOS Routers 1 to 4. I got this error when committing my configs: ! root# commit Interrupt storm detected on "irq11:"; throttling interrupt source ! I also got this error after all my configs where done and I started testing connectivity with pings: ! r...@r1# em2: watchdog timeout -- resetting ! I googled the above error and found the solution to my problem on this page http://www.gns3.net/phpBB/topic2147.html?sid=0a8b808d046a2697efc844a92cd1e45a The problem seems to be with fxp3,em2,etc... So I just adjust my Router connectivity to not use Interface 2 and my LAB is working. According to Nacho ( who posted 19:13, 28 April 2010 on http://blog.gns3.net/2009/10/olive-juniper/) IPv6 and multicast (PIM) is not supported on the e1000 but on the i82559er interfaces. I have a MBPro with 4Gig RAM, so I'll be setting up my LAB with the 182559er interfaces and see if my qemu instance crashes when running the EBGP case study on my machine. Kind Regards Deon Vermeulen On Jun 16, 2010, at 7:34 AM, Deon Vermeulen wrote: > Hi Tommy, > > Perhaps we can work on this together. > > I used the below ink to get GNS3 and qemu working on my Machine. > http://www.networkfoo.org/cisco-articles/running-cisco-asa-firewall-gns3-os-x > > I used this site only to help with the creating/installing of the JUNOS Olive > Base Image and the networking part. > http://blog.gns3.net/2009/10/olive-juniper/ > > I really need to get this working specifically as I want to use this to Lab > real life scenarios where I use a mix of Cisco and Juniper Equipment. > > I really have limited OS X cli (BSD) experience which makes it a bit > challenging for me. > > > Kind Regards > > Deon > > On Jun 15, 2010, at 6:30 PM, Tommy Perniciaro wrote: > >> If you get that working let me know :) >> >> That would be awesome >> >> -Original Message- >> From: juniper-nsp-boun...@puck.nether.net >> [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Deon Vermeulen >> Sent: Tuesday, June 15, 2010 5:24 AM >> To: juniper-nsp@puck.nether.net >> Subject: [j-nsp] Olive Qemu/GNS3 networking issue on Snow Leopard >> >> Hi Forum, >> >> I have been trying to get the JNCIP LAB >> (www.juniper.net/training/certification/JNCIP_studyguide.pdf) up and running >> on my MacBook Pro running Snow Leopard 10.6.3. >> I've manage to get it working with qemu using UNIX sockets and UDP tunnels, >> but only 2 Juniper routers (R1 & R2) could network with each other. >> >> After 5 months of back and forth I eventually got GNS3 running for Juniper >> under Snow Leopard 10.6.3. >> I manage to get the JNCIP LAB setup and start all routers just as with qemu, >> but still experience the same networking issues. >> >> I can only ping between R1 and R2. >> I see the arp entry on R1 and R2 for R3 but can not ping to R3 from R1 or R2. >> On R3, I can ping the local address of the interface connecting to R1 and >> R2, but cannot ping to R1 or R2 from R3. >> >> I disabled my MAC Firewall, but still no luck. >> >> My LAB Topology is based on the Official JNCIP Study Guide from Juniper. >> www.juniper.net/training/certification/JNCIP_studyguide.pdf >> >> >> Any help/guidance will really be appreciated. >> >> Thank you in advance >> >> Kind Regards >> >> Deon Vermeulen >> Fax2Email: 088628731 >> email: vermeulen.d...@gmail.com >> >> >> >> >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Olive Qemu/GNS3 networking issue on Snow Leopard
Hi Tommy, Perhaps we can work on this together. I used the below ink to get GNS3 and qemu working on my Machine. http://www.networkfoo.org/cisco-articles/running-cisco-asa-firewall-gns3-os-x I used this site only to help with the creating/installing of the JUNOS Olive Base Image and the networking part. http://blog.gns3.net/2009/10/olive-juniper/ I really need to get this working specifically as I want to use this to Lab real life scenarios where I use a mix of Cisco and Juniper Equipment. I really have limited OS X cli (BSD) experience which makes it a bit challenging for me. Kind Regards Deon On Jun 15, 2010, at 6:30 PM, Tommy Perniciaro wrote: > If you get that working let me know :) > > That would be awesome > > -Original Message- > From: juniper-nsp-boun...@puck.nether.net > [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Deon Vermeulen > Sent: Tuesday, June 15, 2010 5:24 AM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] Olive Qemu/GNS3 networking issue on Snow Leopard > > Hi Forum, > > I have been trying to get the JNCIP LAB > (www.juniper.net/training/certification/JNCIP_studyguide.pdf) up and running > on my MacBook Pro running Snow Leopard 10.6.3. > I've manage to get it working with qemu using UNIX sockets and UDP tunnels, > but only 2 Juniper routers (R1 & R2) could network with each other. > > After 5 months of back and forth I eventually got GNS3 running for Juniper > under Snow Leopard 10.6.3. > I manage to get the JNCIP LAB setup and start all routers just as with qemu, > but still experience the same networking issues. > > I can only ping between R1 and R2. > I see the arp entry on R1 and R2 for R3 but can not ping to R3 from R1 or R2. > On R3, I can ping the local address of the interface connecting to R1 and R2, > but cannot ping to R1 or R2 from R3. > > I disabled my MAC Firewall, but still no luck. > > My LAB Topology is based on the Official JNCIP Study Guide from Juniper. > www.juniper.net/training/certification/JNCIP_studyguide.pdf > > > Any help/guidance will really be appreciated. > > Thank you in advance > > Kind Regards > > Deon Vermeulen > Fax2Email:088628731 > email: vermeulen.d...@gmail.com > > > > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Olive Qemu/GNS3 networking issue on Snow Leopard
Hi Giany, Stefan, Thank you both for getting back to me and for your input. I really appreciate it. I will consider the VMWare configurations as my last and quickest resort, but I still would like to get the qemu/GNS working as I would like to do LAB testing between Cisco and Juniper without having to Tab between GNS and VMware etc.. Giany, Can you perhaps give me a qemu config for what you have just explained? I have tried going the tap route but for some reason TAP interfaces just doesn't want to work on my machine. I have TunTap package from http://tuntaposx.sourceforge.net/ installed on my machine, but still no luck. Here is output I get when running image with tap: DeonV-MBPro:JNCIP DeonV$ qemu R1.img -m 96 -nographic -daemonize -serial telnet::2001,server,nowait -localtime -net nic,vlan=1,macaddr=00:aa:00:60:00:01,model=e1000 -net tap,vlan=1,ifname=tap0,script=no warning: could not open /dev/tap: no virtual network emulation qemu: Could not initialize device 'tap' DeonV-MBPro:JNCIP DeonV$ ls /dev/tap tap0 tap1 tap10 tap11 tap12 tap13 tap14 tap15 tap2 tap3 tap4 tap5 tap6 tap7 tap8 tap9 DeonV-MBPro:JNCIP DeonV$ ls /dev/tap Thank you again for your guidance. Kind Regards Deon Vermeulen Fax2Email: 088628731 email: vermeulen.d...@gmail.com On Jun 15, 2010, at 3:46 PM, Giany wrote: > Hello, > > If you say that you see the ARP packets there then most likely you did not > set the udp tunnels properly and the packets are not sent to the right router > interface. A while ago when I was playing with that topology I've used the > net=tap option from qemu and I was able to ping between routers. > > > > --- On Tue, 6/15/10, Deon Vermeulen wrote: > >> From: Deon Vermeulen >> Subject: [j-nsp] Olive Qemu/GNS3 networking issue on Snow Leopard >> To: juniper-nsp@puck.nether.net >> Date: Tuesday, June 15, 2010, 5:24 AM >> Hi Forum, >> >> I have been trying to get the JNCIP LAB >> (www.juniper.net/training/certification/JNCIP_studyguide.pdf) >> up and running on my MacBook Pro running Snow Leopard >> 10.6.3. >> I've manage to get it working with qemu using UNIX sockets >> and UDP tunnels, but only 2 Juniper routers (R1 & R2) >> could network with each other. >> >> After 5 months of back and forth I eventually got GNS3 >> running for Juniper under Snow Leopard 10.6.3. >> I manage to get the JNCIP LAB setup and start all routers >> just as with qemu, but still experience the same networking >> issues. >> >> I can only ping between R1 and R2. >> I see the arp entry on R1 and R2 for R3 but can not ping to >> R3 from R1 or R2. >> On R3, I can ping the local address of the interface >> connecting to R1 and R2, but cannot ping to R1 or R2 from >> R3. >> >> I disabled my MAC Firewall, but still no luck. >> >> My LAB Topology is based on the Official JNCIP Study Guide >> from Juniper. >> www.juniper.net/training/certification/JNCIP_studyguide.pdf >> >> >> Any help/guidance will really be appreciated. >> >> Thank you in advance >> >> Kind Regards >> >> Deon Vermeulen >> Fax2Email:088628731 >> email: vermeulen.d...@gmail.com >> >> >> >> >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Olive Qemu/GNS3 networking issue on Snow Leopard
Hi Forum, I have been trying to get the JNCIP LAB (www.juniper.net/training/certification/JNCIP_studyguide.pdf) up and running on my MacBook Pro running Snow Leopard 10.6.3. I've manage to get it working with qemu using UNIX sockets and UDP tunnels, but only 2 Juniper routers (R1 & R2) could network with each other. After 5 months of back and forth I eventually got GNS3 running for Juniper under Snow Leopard 10.6.3. I manage to get the JNCIP LAB setup and start all routers just as with qemu, but still experience the same networking issues. I can only ping between R1 and R2. I see the arp entry on R1 and R2 for R3 but can not ping to R3 from R1 or R2. On R3, I can ping the local address of the interface connecting to R1 and R2, but cannot ping to R1 or R2 from R3. I disabled my MAC Firewall, but still no luck. My LAB Topology is based on the Official JNCIP Study Guide from Juniper. www.juniper.net/training/certification/JNCIP_studyguide.pdf Any help/guidance will really be appreciated. Thank you in advance Kind Regards Deon Vermeulen Fax2Email: 088628731 email: vermeulen.d...@gmail.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX Configuration guidance
Hi, I am setting up an SRX firewall for the first time and need some advice with a specific configuration solution. Solution overview: /> Trusted Interface VLAN X. Custer X Private Network Untrusted Traffic ---> / > Trusted Interface VLAN Y. Custer Y Private Network / -> Trusted Interface VLAN Z. Custer Z Private Network INTERFACES: 1x Physical Untrusted Interface (No VLANs). Has to stay one Physical Interface. Multiple Trusted VLAN Interfaces. VLANs allocated per customer. No traffic to be passed between customers. NAT: Do Public to private NAT from Untrusted to trusted, i.e Traffic initiated from Untrusted connecting to 196.x.x.1 translating to 192.x.x.1 sitting behind a trusted interface. Some translations need to be source NATted. ROUTING (ISSUE): Route customer private IPs to customer VLAN Trusted Interface. ISSUE: Conflicting Private IPs between customers. To configure the security zones with their respective policies and NAT is not an issue. The Issue is the conflicting Customer Ips. I was thinking of using Virtual Routers for each Trusted Interface, but how do I route traffic from the Physical Untrusted Interface to the relevant Virtual Router without splitting the Untrusted Interface into multiple VLANs? I am thinking of a feature that Cisco has of doing routing based on the Interface but not sure if this can be done on an SRX, i.e route outside 0.0.0.0 0.0.0.0 196.x.x.x ; route CUST-A 192.168.2.0 255.255.255.0 192.168.0.2 ; route CUST-B 192.168.2.0 255.255.255.0 192.168.1.2 Will really appreciate any guidance or advise with this. Thank you in advance NOTE: This e-mail message and all attachments thereto contain confidential information intended for a specific addressee and purpose. If you are not the addressee (a) you may not disclose, copy, distribute or take any action based on the contents hereof; (b) kindly inform the sender immediately and destroy all copies hereof. Any copying, publication or disclosure of this message, or part hereof, in any form whatsoever, without the sender's express written consent, is prohibited. No opinion expressed or implied by the sender necessarily constitutes the opinion of MTN. This message does not constitute a guarantee or proof of the facts mentioned herein. No Employee or intermediary is authorised to conclude a binding agreement on behalf of MTN Group Limited, or any of its subsidiary companies, by e-mail without the express written confirmation by a duly authorised representative of MTN Group Limited. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
