Re: [j-nsp] Multi Core on JUNOS?

2015-10-08 Thread Giuliano (WZTECH) 
And the change now announced on 15.1 (new release) using freebsd 10 will not 
help to solve it ?

> On Oct 8, 2015, at 12:33, Colton Conor  wrote:
> 
> Saku,
> 
> You seem to be very familiar with the major routing vendors implementations
> on SMP. Do you consider the lack of SMP support on Juniper a reason not to
> go with Juniper until implemented. Particularly interested to hear about
> JunOS vs TimOS.
> 
>> On Thu, Oct 8, 2015 at 10:13 AM, Saku Ytti  wrote:
>> 
>> On 3 October 2015 at 03:41, Olivier Benghozi
>>  wrote:
>> 
>> Hey,
>> 
>>> I have heard that:
>>> 1) forget it about PowerPC CPUs (MX 80/104).
>> 
>> This is shame, but completely understandable, give customers couple
>> more years on old kit or force them to buy new kit? I'm afraid maybe
>> no HW of current generation will get SMP support. I'm sure marketing
>> is pondering lot how many customers would switch vendor versus how
>> many customers would just buy new next-gen hardware when deciding
>> which platforms to target for SMP.
>> 
>> I honestly believe that SMP is weekend project for single developer on
>> JunOS now that they've remedied the underlaying FreeBSD issues. Fixing
>> rpd mess is certainly big deal. But just affinity to put RPD on its
>> own core and rest on the other core on MX80/MX104 should be terribly
>> trivial.
>> 
>> Even radar plans for RPD + threads is far cry from what other vendors
>> are doing already with SMP on XR, EOS and particularly TimOS. But
>> still very nice that JNPR is finally doing something.
>> 
>> --
>>  ++ytti
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX4300-24T and 40GE ports

2015-09-09 Thread Giuliano (WZTECH) 
Yes for sure. We use it like this !!!

You need only to break the virtual chassis initial configuration

> request virtual chassis vc-port delete ...

Dont forget that juniper only will support qsfp+ to 10km

Att



Giuliano Cardozo Medalha
WZTECH NETWORKS
ADVANCED SERVICES
giuli...@wztech.com.br
giuliano@advanced.services
+55 (17) 98112-5394

> On Sep 9, 2015, at 15:38, Robert Hass  wrote:
> 
> Hi
> I have two questions regarding 40GE ports build-in into EX4300-24T switch.
> 
> Can I use these ports as regular line ports / VLANs / 802.1Q - instead of
> VirtualChassis ?
> Are they support Breakout into 4x10GE ?
> 
> Rob
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Breaking an EX cluster?

2015-08-13 Thread Giuliano (WZTECH) 
Request virtual-chassis recycle and renumber you can put the switch as a master 
stand alone

Sent from my iPhone

 On Aug 13, 2015, at 22:23, Scott Granados sc...@granados-llc.net wrote:
 
 Hi,
 Have some EX 4300s that I want to break apart and start like they were 
 factory new and reboot.  I know about the factory default button on the front 
 and the configuration option but no matter how I apply that I still have the 
 node boot thinking it’s a member of the previous chassis.  How do I delete 
 it’s membership when it’s active / a stand alone node?
 
 Any pointers are most appreciated.
 
 Thank you
 Scott
 
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Breaking an EX cluster?

2015-08-13 Thread Giuliano (WZTECH) 
Have you tried to remove the vc-ports ?

Sent from my iPhone

 On Aug 13, 2015, at 23:19, Scott Granados sc...@granados-llc.net wrote:
 
 I tried this one and it errors out because the node was active.
 
 Thanks
 Scott
 
 On Aug 13, 2015, at 9:34 PM, Giuliano (WZTECH) giuli...@wztech.com.br 
 wrote:
 
 Request virtual-chassis recycle and renumber you can put the switch as a 
 master stand alone
 
 Sent from my iPhone
 
 On Aug 13, 2015, at 22:23, Scott Granados sc...@granados-llc.net wrote:
 
 Hi,
 Have some EX 4300s that I want to break apart and start like they were 
 factory new and reboot.  I know about the factory default button on the 
 front and the configuration option but no matter how I apply that I still 
 have the node boot thinking it’s a member of the previous chassis.  How do 
 I delete it’s membership when it’s active / a stand alone node?
 
 Any pointers are most appreciated.
 
 Thank you
 Scott
 
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Juniper 10G Switch Options

2015-06-04 Thread Giuliano (WZTECH) 
I think the better option is to use ACX5048

Same qfx hardware with a different software 

It will support vpls and evpn

But I think you will need license for 10G interfaces and L3vpn



Sent from my iPhone

 On Jun 4, 2015, at 10:38, Tim Jackson jackson@gmail.com wrote:
 
 It should support EVPN shortly.
 
 On Thu, Jun 4, 2015, 6:38 AM Joe Freeman j...@netbyjoe.com wrote:
 
 Keep in mind the QFX5100 doesn't support evpn or vpls. To do vpls right
 now, we're having to l2vpn back to an MX tunnel interface and stitch into a
 bridge domain. It's not pretty but so far it has worked. We've got our
 fingers crossed that evpn is coming soon.
 
 Also, the 5100's apparently aren't using ASICs, or at least aren't using
 an ASIC on the interfaces that will support flexible-ethernet-services.
 What this means is that I can't L2 switch a customer on the same QFX
 interface that I'm either A) Terminating another customer at L3 (l3 vpn for
 example), or B) Doing a vlan-ccc/l2circuit/l2vpn connection on. This means
 there are some use cases (p2p ethernet circuits between olt's in the same
 CO for instance) that may require more than 1 port between the QFX and the
 olt.
 
 Joe
 
 On Thu, Jun 4, 2015 at 8:26 AM, Tim Jackson jackson@gmail.com wrote:
 
 I'd recommend QFX5100 or EX4600. Same hardware inside for both.
 
 Beware that there are a few issues with DHCP and DHCPv6 pass through on
 them, but that seems to be resolved now.
 On Jun 4, 2015 6:22 AM, Colton Conor colton.co...@gmail.com wrote:
 
 We need a Juniper switch with at least 24 built in SFP+ ports. Looks
 like
 Juniper has a ton of options including the EX4500, EX4550, EX4600, and
 the
 QFX line which I don't know much about. This switch will be for
 aggregation
 purposes for an access network that has GPON OLT's with 10G uplinks on
 them. What do you recommend? Which has the latest hardware? Which is the
 most cost effective? Any limitations to be aware of?
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MX80 BGP Convergence

2015-03-20 Thread Giuliano (WZTECH) 
13.3R5 or 14.1R4 are better options

Sent from my iPhone

 On Mar 20, 2015, at 14:09, Tan Heng Chai ad...@sg.gs wrote:
 
 Hi J-NSP,
 
Just wondering if anyone has benchmark/feedback on BGP convergence 
 times on the MX80 with and without sampling on versions higher than 11.4R7.5, 
 especially with reference to PR836197 and the sampling issue?
 -- 
 
 Yours Sincerely,
 
 Tan Heng Chai
 Chief Technical Officer - SG.GS
 http://www.sg.gs
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MPLS EX4550

2015-03-06 Thread Giuliano (WZTECH) 
We didnt find a solution because ex4550 (junos) code does not support 2 
different families for the same interface (yet) ... Using 12.3R8

I think the new switches ex4600, ex4300 fiber and qfx5100 will support it 
considering junos ELS and it new hardware

Sent from my iPhone

 On Mar 6, 2015, at 18:01, Levi Pederson levipeder...@mankatonetworks.net 
 wrote:
 
 Giuliano,
 
 I thank you for the prompt reply.  I had originally thought that would create 
 a loop on the switch, but I believe you are right in that it will just shunt 
 the VLAN as anticipated.  However,  I was wondering if there was a a solution 
 that can be accomplished without having to use a loop-cable?
 
 Thank you,
 
 
 Levi Pederson
 Mankato Networks LLC
 cell | 612.481.0769
 work | 612.787.7392
 levipeder...@mankatonetworks.net
 
 
 On Fri, Mar 6, 2015 at 2:57 PM, Giuliano (WZTECH) giuli...@wztech.com.br 
 wrote:
 We have a situation here and we find a way ... We connect 2 interfaces in a 
 optical cable loop ... One that came from a trunk interface ... Family 
 ethernet-switching and other family mpls with L2-circuit to do a vlan 
 traffic to enter in a mpls interface
 
 Sent from my iPhone
 
  On Mar 6, 2015, at 17:51, Levi Pederson levipeder...@mankatonetworks.net 
  wrote:
 
  All,
 
  I've got a simple MPLS setup with 4 EX4550's.
 
  They are currently in an incomplete ring but will soon have a full ring
  situation.
 
  I've currently got 3 circuits on the transport working wonderfully.
  However I'm trying to add another alas I'm a bit confused as how to 
  proceed.
 
  Previous other circuits were easier in the fact they were simply saying the
  port on MPLS1-1 is equivalent to this port on MPLS 3-1.
 
  The new circuit is different in that I have to take a VLAN recieved on a
  trunk port and send it through the MPLS network to 3-1 and then into a
  vlan-tagged MX-10.
 
  I was wondering if anyone has attempted this and has any pointers.
 
  Thank you,
 
  *Levi Pederson*
  Mankato Networks LLC
  cell | 612.481.0769
  work | 612.787.7392
  levipeder...@mankatonetworks.net
  ___
  juniper-nsp mailing list juniper-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/juniper-nsp
 
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MPLS EX4550

2015-03-06 Thread Giuliano (WZTECH) 
We have a situation here and we find a way ... We connect 2 interfaces in a 
optical cable loop ... One that came from a trunk interface ... Family 
ethernet-switching and other family mpls with L2-circuit to do a vlan traffic 
to enter in a mpls interface

Sent from my iPhone

 On Mar 6, 2015, at 17:51, Levi Pederson levipeder...@mankatonetworks.net 
 wrote:
 
 All,
 
 I've got a simple MPLS setup with 4 EX4550's.
 
 They are currently in an incomplete ring but will soon have a full ring
 situation.
 
 I've currently got 3 circuits on the transport working wonderfully.
 However I'm trying to add another alas I'm a bit confused as how to proceed.
 
 Previous other circuits were easier in the fact they were simply saying the
 port on MPLS1-1 is equivalent to this port on MPLS 3-1.
 
 The new circuit is different in that I have to take a VLAN recieved on a
 trunk port and send it through the MPLS network to 3-1 and then into a
 vlan-tagged MX-10.
 
 I was wondering if anyone has attempted this and has any pointers.
 
 Thank you,
 
 *Levi Pederson*
 Mankato Networks LLC
 cell | 612.481.0769
 work | 612.787.7392
 levipeder...@mankatonetworks.net
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] DDOS_PROTOCOL_VIOLATION_SET: Protocol Reject:aggregate

2014-12-10 Thread Giuliano (WZTECH) 
Chris

The best option is to disable the feature ?

And about to configure it ?

If you have a protect-re firewall filter applied in loopback ... Can this be 
done ?

Is it safe ?

Some documents from juniper showing the best way ?

And about to disable the process ?

Thanks a lot



Sent from my iPhone

 On Dec 11, 2014, at 01:20, Chris Morrow morr...@ops-netman.net wrote:
 
 
 
 On 12/10/2014 09:54 PM, Wojciech Janiszewski wrote:
 Hi,
 
 Make sure that you have a discard next-hop instead of default reject in
 your aggregate routes.
 That should help.
 
 ick, that ddos protection stuff in JunOS is broken...you should just
 disable it:
 system {
ddos-protection {
global {
disable-routing-engine;
disable-fpc;
disable-logging;
}
}
 }
 
 
 
 2014-12-10 23:16 GMT+01:00 Brendan Mannella bmanne...@teraswitch.com:
 
 Just wondering if anyone has ever seen these DDOS messages before and
 what i should be looking at to resolve.
 
 Dec 10 11:10:24  re0.edge2 jddosd[2710]:
 DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
 to normal. Violated at fpc 1 for 931 times, from 2014-12-10 11:05:23
 EST to 2014-12-10 11:05:23 EST
 
 Dec 10 11:23:44  re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET:
 Protocol Reject:aggregate is violated at fpc 1 for 932 times, started
 at 2014-12-10 11:23:43 EST
 
 Dec 10 11:28:49  re0.edge2 jddosd[2710]:
 DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
 to normal. Violated at fpc 1 for 932 times, from 2014-12-10 11:23:43
 EST to 2014-12-10 11:23:43 EST
 
 Dec 10 12:50:55  re0.edge2 xntpd[2681]: kernel time sync enabled 6001
 
 Dec 10 13:08:00  re0.edge2 xntpd[2681]: kernel time sync enabled 2001
 
 Dec 10 15:01:34  re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET:
 Protocol Reject:aggregate is violated at fpc 1 for 933 times, started
 at 2014-12-10 15:01:33 EST
 
 Dec 10 15:06:34  re0.edge2 jddosd[2710]:
 DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
 to normal. Violated at fpc 1 for 933 times, from 2014-12-10 15:01:33
 EST to 2014-12-10 15:01:33 EST
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] MX Memory Allocation Problems

2013-01-24 Thread GIULIANO (WZTECH) 

Hi,

We have an MX80-5 router with 108 BGP sessions.

All the BGP sessions for less than few routes.

Only 2 BGP is full routing.

We are running 12.2R2 version ... of JUNOS Software.

After a reboot this morning putting the box in the following mode:


set chassis network-services enhanced-ip ...


The chassis starts to allocate memory without any reason.

Along the day it was 82%, 84% and now is beating a critical limit of 95%.

I thing that we will need to restart the box again to cleanup memory 
allocation.


Did you ever see this kind of issue before ?

The total number of routes is not been suffering any update.

And the box is running J-Flow IPFX mode.

We have started a conversation with J-TAC but still remaining as no 
solution for the problem.


Does anyone can give some update about it ?  Any similar issue like this 
before ?


Thanks a lot,

Giuliano

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX240 as VPLS Backbone

2012-12-17 Thread GIULIANO (WZTECH) 

Hi,

Does anyone has some experience using SRX240 for VPLS Backbone ?

How much clients and mac address it scale ?  Is it simple to configure ?

How much bandwidth is possible to pass ... considering a rectangular 
topology (4 points).


Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] JUNIPER POLICER and CoS Shaping Rate

2012-10-03 Thread GIULIANO (WZTECH) 

People,

Some topics where questioned today about how to limit traffic for vlan 
subscribers using MX5 routers.


The main question is related to system architecture related to the main 
gear (internal machine) to control and limiting packets.


Using policers (input or output) or shaping-rate we have quite the same 
result: miscalculating or error.


If we create a rule like the following:


set class-of-service interfaces ge-0/0/1 unit 530 shaping-rate 20m


The output traffic rates 19.2~ Mbps only (using MRTG and SNMP statistics 
and graphics).


We ever needs to allocate more bandwidth for the subscriber like.

set class-of-service interfaces ge-0/0/1 unit 530 shaping-rate 22m

To get the correct result ...

Using policers generate almost the same result for output traffic.

Is this because of system architecture or this is a graphic's mistake ?

The burst size limit influence this result ? It must be calculated using 
what kind of parameter ?


For example (same physical interface, same MTU, etc):

Interface ge-0/0/0 unit 10 - VLAN 10 - 30 Mbps What is the correct burst ?

Interface ge-0/0/0 unit 20 - VLAN 20 - 50 Mbps What is the correct burst ?

Interface ge-0/0/0 unit 30 - VLAN 30 - 150 Mbps What is the correct burst ?

Interface ge-0/0/0 unit 30 - VLAN 30 - 4 Mbps What is the correct burst ?

Does anyone has solved this problems ?

Is it possible to get a correct parameter and points to a correct limit 
for the contracted bandwidth ?


Thanks a lot,

Giuliano


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] MX5 - Subscriber Management

2012-09-12 Thread GIULIANO (WZTECH) 

People,

Dow anyone on list is using MX series as a BRAS box ?

We are looking forward some samples of configurations to apply shapping 
rate using only radius variables.


We have found the configuration bellow ... but we did not find any 
RADIUS dictionary to apply it.


The only way we found to controle the subscriber (PPP.) interface 
bandwidth was using firewall filters and policers.


But with firewall filter and policers ... we need to create it 
statically before apply using radius.


We are lookig for a soltuion where we can apply only one configuration 
directly on radius server only (without have to create a policer or a 
firewall filter).


If anyone has the experience with this kind of config, could share about 
it ?


Thanks a lot,

Giuliano




dynamic-profiles {subscriber_profile {interfaces 
{$junos-interface-ifd-name {unit $junos-underlying-interface-unit 
{family inet;}}}class-of-service {traffic-control-profiles 
{subscriber_tcp {shaping-rate $shaping-rate;guaranteed-rate 
$guaranteed-rate;}}interfaces {$junos-interface-ifd-name {unit 
$junos-underlying-interface-unit {output-traffic-control-profile 
subscriber_tcp;

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX MPLS

2012-08-15 Thread GIULIANO (WZTECH) 

Phill,

Could ou please share some juniper links or configurations on how about 
to configure SRX boxes with MPLS in a RING topology ?


Are you using L3 MPLS VPN or L2 VPLS or EoMPLS ?

Is it possible to share some configurations or links ?

Thanks a lot,

Giuliano



On 15/08/12 15:29, Johan Borch wrote:

Hi,

I have a design question regarding MPLS.

I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet
mode
and the main purpose is L3VPN/VPLS

p1-p2-p3-p4-p5-p1 (p5 connects back to p1)

My budget is low for this and the srx240 is cheap, we will push max
1Gbps.


That should be ok. I've had hundreds of megabits of MPLS out of the SRX210.



For example in some sites there will be two SRX and the plan is to use
these two as P/PE and use VRRP for customer equipment. At the same time
they will be P routers for other sites.

Example site:

P1P3-P4--P5
  \  /
 (vrrp)
 Customer equipment

Do I make any sense? Will this work? :)


Should do. We use them in similar (but not identical) configurations.

I've never tested VRRP on them, however.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] How to restart a JUNOS process using Shell and CRONTAB

2012-08-12 Thread GIULIANO (WZTECH) 

Hi everyone,

Does anyone know how to restart a JUNOS process using Shell and CRONTAB ?

Do we need to create some kind of shell script to do that ?

This seems not to be working for me:

ps -ax | grep dfwd
 1146  ??  I  0:00.27 /usr/sbin/dfwd -N
kill -s HUP 1146

Does anyone uses the CRONTAB for that ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] How to restart a JUNOS process using Shell and CRONTAB

2012-08-12 Thread GIULIANO (WZTECH) 

Looks like is better to use event-options:

set event-options generate-event TestEvent time-of-day 09:05:00 -0300
set event-options policy Policy1 events TestEvent
set event-options policy Policy1 then execute-commands commands run 
restart firewall

set event-options policy Policy1 then execute-commands output-filename test1
set event-options policy Policy1 then execute-commands destination 
local-directory

set event-options destinations local-directory archive-sites /var/tmp/




Hi everyone,

Does anyone know how to restart a JUNOS process using Shell and CRONTAB ?

Do we need to create some kind of shell script to do that ?

This seems not to be working for me:

ps -ax | grep dfwd
 1146  ??  I  0:00.27 /usr/sbin/dfwd -N
kill -s HUP 1146

Does anyone uses the CRONTAB for that ?

Thanks a lot,

Giuliano


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Static Route Names

2012-08-10 Thread GIULIANO (WZTECH) 

People,

Besides the use of groups feature on JUNOS, how can name a static route ?

IOS has an option 'name' for static routes ... how can we do the same 
thing in junos ?


Is it possible ?

There is some kind of description ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] M-Series DHCP Server

2012-02-02 Thread GIULIANO (WZTECH) 

Hi,

We are trying to configure JUNIPER M-Series with dhcp-local-server 
without any good results.


Basically we are configuring:  set system services dhcp-local-server and 
set access address-assignment


It is not working and the router is dropping the DHCP Requests ...

Does anyone has some experience with this ?  How can I make it work ?

Thanks a lot,

Giuliano

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX650 Dual SRE6

2011-11-19 Thread GIULIANO (WZTECH) 

People,

Does anyone knows if SRX650 box supports dual SRE6 (Services and Routing 
Engine 6) ?


It is possible with JUNOS 11.4 (last version available) to use both 
routing engines ?


Any special configuration to do ... for this both SRE6 to work ?

We have tried dual SRE6 ... but what happen is that system do not 
recognizes second routing engine.


The second SRE stays in shutdown mode ... or inactive mode.

Can you please give to me some feedback ?  Anyone experience sometinh 
similar ?


Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Securing management access to Juniper gear

2011-09-02 Thread GIULIANO (WZTECH) 
You can use a firewall filter to avoid or to permit the correct ip 
address to your gear.


There is a good document at Juniper web site explaining how you can do 
that (best practices) ... beside others:


http://www.cymru.com/gillsr/documents/junos-template.pdf

http://www.juniper.net/us/en/community/junos/training-certification/day-one/

http://www.juniper.net/us/en/community/junos/training-certification/day-one/fundamentals-series/securing-routing-engine/


What is the recommend/preferred way to secure the SSH  Web access to a piece 
of JunOS gear?  I have a couple routers (MX80) and switches (EX4200) that are 
remote.   Can I attach packet filters to the system services (HTTP,SSH)?  Do I 
attach the packet filter to the lo0 interface?

Thanks

-Matt



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] JUNIPER EX8208 - Redundant RE Option

2011-08-29 Thread GIULIANO (WZTECH) 

People,

Does anyone knows about how much advances licenses are necessary for a 
EX8208 chassis

configured with 2 Routing Engines ?

EX8208-AFL EX8208 Advanced Feature License

It will be necessary 1 or 2 licenses ?

Theses licenses are available for chassis or for RE ?

If we use OSPFv3 ... considering 1 single licenses ... if the main RE 
fails ... the backup RE will stop doing OSPFv3 because lack of license ?


Does anyone have experienced this before ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp