Re: [j-nsp] EX2300 Supply Delays?

[Giuliano Medalha]

Harald

What kind of bugs did you find in EX2300 ?

Is it critical ?

Some basic functions not working at all ?

Thanks a lot

Giuliano

Sent from my iPhone

> On 27 Aug 2016, at 13:59, Harald F. Karlsen  wrote:
> 
>> On 26.08.2016 15:31, Skeeve Stevens wrote:
>> Does anyone know if the EX2300 has been delayed?
> Not sure about the other switches in the series, but I recieved my order of 
> three EX2300-Cs for lab-use two weeks ago.
> 
> Quite a lot of bugs in the software though.
> 
> -- 
> Harald
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EVPN/VXLAN on QFX5100

[Giuliano Medalha]

Joe

Qfx5100 does not supoort vpls at least in last 14.1 release

Only L2circuit point to point !!!

I will double check but it is almost sure ...

The correct equipment would be ACX5048 for it

EVPN with VXLAN is supoorted but this is a datacenter features that will not 
transport protocols bpdu ... most like a pdu feature

Following the public document that shows how to configure it ...

http://www.juniper.net/techpubs/en_US/junos14.1/information-products/pathway-pages/junos-sdn/evpn-vxlan.pdf

Att

Giuliano



Sent from my iPhone
> On 3 Aug 2016, at 18:19, Joe Freeman  wrote:
> 
> Does anyone have working sample config they can share?
> 
> Our SE recommended trying to use EVPN on our 5100's in place of VPLS since
> it's not supported on the 5100's. I'm having trouble getting it to work
> between two QFX's in my lab.
> 
> The QFX's are connected via an MPLS/IP connection with LDP/RSVP/ISIS, and
> MP-IBGP.
> 
> A show evpn instance extensive command shows that the two switches see each
> other, but I am unable to learn mac addresses between them.
> 
> Thanks-
> Joe
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] juniper router reccomendations

[Giuliano Medalha]

Hello James

What do you mean with turbo fib ?

Is a new config from 15.1 ?

Thanks a lot

Giuliano 

>   
> 
> I saw test results from the latest 15.1 with "turbo fib" on RE-1800 that can 
> do convergence of multiple feed full table in about 55 seconds. And that is 
> still a single core RPD process. 
> 
>> On Jul 28, 2016, at 2:34 PM, Matthew Crocker  
>> wrote:
>> 
>> 
>> Mike,
>> 
>> Here is the view of my MX80.   This router has a couple full tables and a 
>> bunch of peers through various IXes.   I have an MX480 on order to replace 
>> this MX80.   I’ll use this a dedicated IX peering router so I won’t have 
>> full tables on my IX border later this year.
>> 
>> The MX80 has horrific full table convergence (8 minutes +/-).  The MX104 is 
>> a bit better.  You would need to go to a MX240 with a real RE to get decent 
>> convergence times.
>> 
>> matthew@MX80> show bgp summary 
>> Groups: 10 Peers: 15 Down peers: 0
>> 
>> matthew@MX80> show route summary 
>> Autonomous system number: 
>> Router ID: A.B.C.D
>> 
>> inet.0: 614169 destinations, 1807913 routes (614160 active, 10 holddown, 0 
>> hidden)
>> Restart Complete
>> Direct:  7 routes,  7 active
>>  Local:  6 routes,  6 active
>>   OSPF:511 routes,508 active
>>BGP: 1807386 routes, 613636 active
>> Static:  1 routes,  1 active
>>LDP:  2 routes,  2 active
>> 
>> inet6.0: 14443 destinations, 28877 routes (14443 active, 0 holddown, 0 
>> hidden)
>> Restart Complete
>> Direct:  6 routes,  4 active
>>  Local:  6 routes,  6 active
>>BGP:  28865 routes,  14433 active
>> 
>> 
>> matthew@MX80> show system memory 
>> System memory usage distribution:
>>  Total memory: 2072576 Kbytes (100%)
>>   Reserved memory:   36896 Kbytes (  1%)
>>  Wired memory:  302092 Kbytes ( 14%)
>> Active memory: 1399432 Kbytes ( 67%)
>>   Inactive memory:  12 Kbytes (  5%)
>>  Cache memory:   69720 Kbytes (  3%)
>>   Free memory:  143680 Kbytes (  6%)
>> Memory disk resident memory:  349640 Kbytes
>> VM-Kbytes(  %  ) Resident(  %  ) Map-name
>>  913972(87.16)   343424(16.56) kernel
>> 
>> matthew@MX80> show system processes summary 
>> last pid: 34226;  load averages:  0.24,  0.31,  0.23  up 477+00:51:09
>> 18:31:50
>> 142 processes: 4 running, 110 sleeping, 28 waiting
>> 
>> Mem: 1367M Active, 117M Inact, 295M Wired, 68M Cache, 112M Buf, 140M Free
>> Swap: 2915M Total, 2915M Free
>> 
>> 
>> —
>> 
>> Matthew Crocker
>> President - Crocker Communications, Inc.
>> Managing Partner - Crocker Telecommunications, LLC
>> E: matt...@corp.crocker.com
>> E: matt...@crocker.com
>> 
>> 
>>> On Jul 28, 2016, at 12:09 PM, Mike  wrote:
>>> 
>>> On 07/28/2016 12:50 AM, Adam Vitkovsky wrote:
 
 And on how effective is the NPU's lookup process, that is how effective is 
 the actual lookup algorithm with CPU cycles and memory accesses, some NPUs 
 can even offload complex lookup tasks to a specialized chip.
>>> 
>>> I appreciate your presence on other forums, but I'm pretty sure nobody here 
>>> needs a basic explanation of how modern router platforms work. If you 
>>> missed it, the question was specifically about juniper and bang for the 
>>> buck and routing bgp on 10g and filtering.
>>> 
>>> Some folks helpfully suggested using strategies to to decrease the required 
>>> size of the FIB, potentially meaning a lower box could do that job. That 
>>> has some merit, as the OP was right in that for this job I don't really 
>>> care about timbuktu more as whats 'close' to my two ip transit providers. I 
>>> know nothing of juniper and I'm just wondering if MX80 is enough box for 
>>> this or if I need to go higher up in the food chain. The one iptransit 
>>> provider at my 'A' location appears to originate about 20 networks from 
>>> various netblocks and this would be easy to statically enter into config 
>>> while accepting defaults from both, achieving the same net result.
>>> 
>>> Mike-
>>> ___
>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
>> 
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] ACX50xx l2circuit counters

[Giuliano Medalha]

Very good !!!

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/



​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2016 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.


CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Tue, Jun 21, 2016 at 3:29 PM, Aaron  wrote:

> So far my acx5048's are working nicely... I just swung a dual 10 gig
> connected Cisco uBR10K with 4,000+ cable modem subscribers behind a pair of
> my acx5048's...  been running nice for a few weeks now... pumping
> multi-gigabits of traffic through there during peak time
>
> - Aaron
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] ACX50xx l2circuit counters

[Giuliano Medalha]

Good !!!

Lets share here on this list any new details about configuration, ok ?

Are you using D50 version ?  It is pretty stable right now to us.

But we are asking for the development a lot of new features and they are
listening to us.

Thanks a lot,

Att,

Giuliano

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/



​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2016 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.


CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Tue, Jun 21, 2016 at 3:24 PM, Aaron  wrote:

>
>
> Hey , that worked , thanks !  seems that I have to do it at the unit
> level, I didn’t see that I could do it on the phy int level.
>
>
>
> {master:0}
>
> agould@blcn-h-5048> show interfaces ge-0/0/36 | grep pack
>
> Input packets : 33
>
> Output packets: 0
>
>
>
> {master:0}
>
> agould@blcn-h-5048> show interfaces ge-0/0/36 | grep pack
>
> Input packets : 33
>
> Output packets: 0
>
>
>
> {master:0}
>
> agould@blcn-h-5048> show interfaces ge-0/0/36 | grep pack
>
> Input packets : 33
>
> Output packets: 0
>
>
>
> {master:0}
>
> agould@blcn-h-5048> show interfaces ge-0/0/36 | grep pack
>
> Input packets : 33
>
> Output packets: 0
>
>
>
> {master:0}
>
> agould@blcn-h-5048> show interfaces ge-0/0/36 | grep pack
>
> Input packets : 33
>
> Output packets: 0
>
>
>
> {master:0}
>
> agould@blcn-h-5048> configure
>
> Entering configuration mode
>
>
>
> {master:0}[edit]
>
> agould@blcn-h-5048# set interfaces ge-0/0/36 unit 0 statistics
>
>
>
> {master:0}[edit]
>
> agould@blcn-h-5048# commit
>
> configuration check succeeds
>
> commit complete
>
>
>
> {master:0}[edit]
>
> agould@blcn-h-5048# exit
>
> Exiting configuration mode
>
>
>
> {master:0}
>
> agould@blcn-h-5048> show interfaces ge-0/0/36.0 | grep pack
>
> Input packets : 18232
>
> Output packets: 2
>
>
>
> {master:0}
>
> agould@blcn-h-5048> show interfaces ge-0/0/36.0 | grep pack
>
> Input packets : 20857
>
> Output packets: 2
>
>
>
>
>
>
>
>
>
>
>
> *From:* Giuliano Medalha [mailto:giuli...@wztech.com.br]
> *Sent:* Monday, June 20, 2016 4:40 PM
> *To:* Aaron 
> *Cc:* Nathan Ward ; jnsp list <
> juniper-nsp@puck.nether.net>
> *Subject:* Re: [j-nsp] ACX50xx l2circuit counters
>
>
>
> Hum ... I think in ACX you will need to explicit use statistics command ...
>
> set interfaces xe-0/0/1 statistics
>
>
> Giuliano Cardozo Medalha
> Systems Engineer
> +55 (17) 3011-3811
>
> +55 (17) 98112-5394
> JUNIPER J-PARTNER ELITE
> giuli...@wztech.com.br
> http://www.wztech.com.br/
>
>
> ​
>
> WZTECH is registered trademark of WZTECH NETWORKS.
> Copyright © 2016 WZTECH NETWORKS. All Rights Reserved.
>
> IMPORTANTE:
> As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
> são confidenciais e para conhecimento exclusivo do destinatário. Se o
> leitor  desta  mensagem  não  for o seu destinatário,
> fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
> qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
> dos documentos anexos. Neste caso, favor comunicar imediatamente
> o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
> apague-o.
>
>
> CONFIDENTIALITY NOTICE:
>
> The information transmitted in this email message and any attachments are
> solely for the intended recipient and may contain confidential or
> privileged information. If you are not the intended recipient, any review,
>

Re: [j-nsp] ACX50xx l2circuit counters

[Giuliano Medalha]

Hum ... I think in ACX you will need to explicit use statistics command ...


set interfaces xe-0/0/1 statistics



Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/



​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2016 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.


CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Mon, Jun 20, 2016 at 6:37 PM, Aaron  wrote:

> Yeah, strange my subinterface doesn't show any packets out, but the phy
> int shows currently 17 mbps going out right now...
>
> Maybe these counters are broken on the subint... I tried walking with snmp
> but I still didn't see any traffic for the subinterface used on the
> l2circuit
>
> agould@blcn-h-5048> show interfaces ge-0/0/12 statistics
> Physical interface: ge-0/0/12, Enabled, Physical link is Up
>   Interface index: 650, SNMP ifIndex: 521
>   Link-level type: Ethernet-CCC, MTU: 1514, LAN-PHY mode, Speed: 1000mbps,
> BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
>   Source filtering: Disabled, Flow control: Disabled, Auto-negotiation:
> Enabled, Remote fault: Online, Media type: Copper
>   Device flags   : Present Running
>   Interface flags: SNMP-Traps Internal: 0x4000
>   Link flags : None
>   CoS queues : 8 supported, 8 maximum usable queues
>   Current address: 20:4e:71:45:12:34, Hardware address: 20:4e:71:45:12:34
>   Last flapped   : 2016-05-25 14:38:24 CDT (3w5d 01:55 ago)
>   Statistics last cleared: Never
>   Input rate : 17802616 bps (1633 pps)
>   Output rate: 0 bps (0 pps)
>   Input errors: 0, Output errors: 0
>   Active alarms  : None
>   Active defects : None
>   Interface transmit statistics: Disabled
>
>   Logical interface ge-0/0/12.0 (Index 557) (SNMP ifIndex 523)
> Flags: Up SNMP-Traps 0x4004000 Encapsulation: Ethernet-CCC
> Input packets : 68
> Output packets: 0
> Protocol ccc, MTU: 1514
>   Flags: Is-Primary
>
> {master:0}
>
> agould@blcn-h-5048> show l2circuit connections brief
> Layer-2 Circuit Connections:
>
> Legend for connection status (St)
> 
>
> Legend for interface status
> Up -- operational
> Dn -- down
> Neighbor: 10.101.0.1
> Interface Type  St Time last up  # Up trans
> ge-0/0/12.0(vc 1) rmt   Up May 25 14:38:24 2016   1
>
>
> - Aaron
>
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] ACX5048 - Virtual Chassis

[Giuliano Medalha]

Think this think is not available yet for acx5048

Only september ... I will check for you



Sent from my iPhone

> On May 12, 2016, at 18:22, Aaron  wrote:
> 
> Anyone ever try to virtual chassis (2) ACX5048's together into one ?
> 
> 
> 
> -Aaron
> 
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MX80 base model

[Giuliano Medalha]

It is an excelent option

We are testing it like metro router righ now

It has a lot of good mpls/vpls implementation ( packet mode ) and works fine

Good interfaces layout

But the problem is related to the business unit ... Of this box

The main function is ng firewall and not metro router

When the mpls functions have some problems of junos code the juniper business 
and development tesm unit could not help so much ... Or put it to solve in a 
low priority development queue in function to solve security problems first

But we will try ... It is an excelent box for that 

Thanks a lot

Giuliano

Sent from my iPhone

> On May 12, 2016, at 11:33, Roger Wiklund  wrote:
> 
> What about the new SRX1500, x86 platform, 2m routes:
> 
> https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000551-en.pdf
> 
> On Thu, May 12, 2016 at 3:25 PM, Adam Vitkovsky
>  wrote:
>>> From: Colton Conor [mailto:colton.co...@gmail.com]
>>> Sent: Tuesday, May 10, 2016 7:30 PM
>>> To: Adam Vitkovsky
>>> Cc: Satish Patel; Aaron; jnsp list; Vincent Bernat
>>> Subject: Re: [j-nsp] MX80 base model
>>> 
>>> I don't think that is correct Adam. The ASR903 does not hold full routes, 
>>> and
>>> the MX104 does.
>> Yes you're correct, especially since OP is looking for a peering box, 
>> unfortunately ASR903 can hold max 256K routes in FIB.
>> But other than the # of prefixes that FIB can hold i.e. comparing these as 
>> PE routers these boxes are pretty similar.
>> 
>> adam
>> 
>> 
>>Adam Vitkovsky
>>IP Engineer
>> 
>> T:  0333 006 5936
>> E:  adam.vitkov...@gamma.co.uk
>> W:  www.gamma.co.uk
>> 
>> This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of 
>> this email are confidential to the ordinary user of the email address to 
>> which it was addressed. This email is not intended to create any legal 
>> relationship. No one else may place any reliance upon it, or copy or forward 
>> all or any of it in any form (unless otherwise notified). If you receive 
>> this email in error, please accept our apologies, we would be obliged if you 
>> would telephone our postmaster on +44 (0) 808 178 9652 or email 
>> postmas...@gamma.co.uk
>> 
>> Gamma Telecom Limited, a company incorporated in England and Wales, with 
>> limited liability, with registered number 04340834, and whose registered 
>> office is at 5 Fleet Place London EC4M 7RD and whose principal place of 
>> business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.
>> 
>> 
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] B-RAS services

[Giuliano Medalha]

Would be better to buy MX104 instead of MX80.

Do you need 10G interfaces or not ?

If you need only 20 x 1G SFP is better option to use MX104 (MX5 option)
because of 4GB DRAM option.

Do not forget the to buy SSM license (for CoA) optional ok ?

Att,

Giuliano





Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/



​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2016 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.


CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Mon, May 9, 2016 at 3:45 PM, Jason Warren via juniper-nsp <
juniper-nsp@puck.nether.net> wrote:

> I have a Cisco 7206VXR that I am wanting to replace with a Juniper MX80
> (purchased as an MX5) or similar. The main core function is just Ethernet
> routing... but it also is acting as a B-RAS router for about 400 PPPoE
> sessions. I know the license cost on the MX80 for subscriber services is
> close to $15k.. which honestly puts it out of budget and pushes me back to
> a re-manufactured Cisco ASR.. Does anyone have some recommendations as to
> how to pull this off in a Juniper world? I was told by a VAR that on some
> of the larger Juniper chassis, this is not an issue as it is commonly
> included but unfortunately he was not positive which chassis this would be.
> My current thought is to maybe put a Cisco 7301 to service this function
> if nothing else...
> Thank you in advance for any experience and advice anyone can offer!
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] QFX10002 as P Router

[Giuliano Medalha]

Qfx10002 uses Q5 it is a juniper asic not ?

Take a look

https://forums.juniper.net/t5/Data-Center-Technologists/Juniper-QFX10002-Technical-Overview/ba-p/270358

It is a small monster !!!



> On Apr 16, 2016, at 13:40, Mark Tinka  wrote:
> 
> 
> 
>> On 16/Apr/16 17:58, Richard Hicks wrote:
>> 
>> Thoughts on using the QFX10002 as a P only router?
>> WIll be our first big investment into Juniper hardware.
>> 
>> All PE functionally will live elsewhere.  Mainly Cisco ASR9k and ASR1k for
>> now.
> 
> Multicast could be an issue, assuming this box is also running the
> Broadcom chipset (I'm not sure).
> 
> Mark.
> 
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MX80 vs MX40?

[Giuliano Medalha]

Are you going to receive full routing ?

Maybe mx104 could be better ... 4GB dram ( important ) with better RE 1.83GHz I 
think ... ppc ( redundant RE optional)

Buy mx104 with 4 sfp+ onboad ports and buy mic modules

Same specs i think  ... 80 gbps with 55 mpps

But you can populate with 4 x mics ( 2 x XFP each ) and have 12 x 10gbps 

Lighter and smaller router

Only for mpls transport maybe acx5048 would be better too of qfx5100 for L2 only

> On Apr 16, 2016, at 13:30, Satish Patel  wrote:
> 
> My requirement is 10G fiber link terminate on router but in future we
> can go with 20G link so should i consider MX80 or MX40 (cost wise
> also)
> 
> If we buy MX80 so in base model it comes with 4x10G fiber ports right?
> or do i need to buy them separately after buying MX80 chassis?
> 
> Additionally do i need to buy license separately to activate 10G port?
> because in Cisco ASR1000 chassis you need to buy fiber module
> extension, plue Activation license.. Very costly..
> 
> 
> I have check some website they are also selling refurbished or used
> which which in good deal should i think about that because buying to
> MX80 for hardware redundancy will almost bankrupt us ;)
> 
> what do you suggest?
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Acx5048 ecmp feature and usage

[Giuliano Medalha]

Engineering team for QFX5100 BU (same Tridend2 box as ACX5048) released a
new version with ECMP for MPLS:

See the release notes bellow:

http://www.juniper.net/techpubs/en_US/junos14.1/information-products/topic-collections/ex-qfx-series/release-notes/ex-ocx-qfx-series-junos-release-notes-14.1X53-D35.pdf

Page 46.

I really does not know about the ACX5048 BU team ... but I think there is a
good chance to work too ...

Att,

Giuliano

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/



​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2016 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.


CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Mon, Mar 28, 2016 at 11:12 PM, Tim Jackson  wrote:

> For L3 and L3VPN ECMP should work fine. For any L2oMPLS you're gonna be
> SOL.
> On Mar 28, 2016 9:08 PM, "Alexandre Guimaraes" <
> alexandre.guimar...@ascenty.com> wrote:
>
> > Gents,
> >
> > I had a demand where the equipment that best fits is an ACX5048 for N
> > reasons
> >
> > I use some vpls and l2circuits, but there is a feature that i need to
> use,
> > ecmp.
> >
> > Someone had knownledge about the ecmp feature using ACX5048?
> >
> > Att.
> > AŁexandre
> >
> > > Em 28 de mar de 2016, às 22:34, Mark Tees 
> escreveu:
> > >
> > >> On 27 March 2016 at 22:02, Saku Ytti  wrote:
> > >> On 27 March 2016 at 13:37, Mark Tinka  wrote:
> > >>
> > >> Hey,
> > >>
> > >>> As costs and management got out of control, they run l3vpn's and
> > >>> Internet in the same chassis, but on different line cards.
> > >>>
> > >>> Eventually, everything converged.
> > >>
> > >> I tend to agree. If there is significant CAPEX delta buying L3 MPLS
> > >> VPN + HQoS capable boxes and Internet transit capable boxes, then it
> > >> might make sense to buy two networks, as likely L3 MPLS VPN traffic
> > >> rates are very minor but service requires much higher touch hardware.
> > >> But I don't suspect the delta is high these days and more importantly
> > >> I don't think the IP device CAPEX is very large part of TCO.
> > >>
> > >> Another justification might be, if the software stack is very
> > >> different, but for L3 MPLS VPN will need all services IP Transit uses,
> > >> so having IP Transit on same devices does not require turning on
> > >> additional services, so it is not really creating additional risk on
> > >> the premium services.
> > >> If your bread and butter would be L2 VPN, then separating IP transit
> > >> on another edge device might be very prudent, as you could do away
> > >> with BGP and IP lookups completely on the edge.
> > >>
> > >> I am fan of Internet-in-VRF, mainly because global-table is special
> > >> case and it's hard to import/export route between global and VRF, and
> > >> this complexity has forced me to do some really bad/ugly solutions,
> > >> which would have been clean and simple if Internet was in VRF. It does
> > >> not have to mean ugly traceroutes, you can configure device on TTL
> > >> exceeded to pop labels and do IP lookup in transit for returning TTL
> > >> exceeded messages. This does not even exclude BGP free core, as your
> > >> core can have static route pointing to anycast IGP loopback added to
> > >> all edge devices with full BGP, so TTL exceeded message goes to
> > >> closest edge device for lookup, probably creating less than
> > >> millisecond additional delay on traceroute.
> > >
> > > Yes, ICMP tunnelling possibly seems to be what I need for that.
> > >
> > >>
> > >> OP states that mistakes in IGP do not affect each other, but mistakes
> > >> in the 'core' network IGP where the L2 circuits run, still break
> > >> everything.
> > >
> > > True, there is shared risk here but not in all cases for us.
> > >
> > >>
> > >> I'd say you need solid arguments to separate  the networks, state
> > >> exact specific problems and how it solves them, default to converged
> > >> network in absence of such arguments. For background it might be
> > >> interesting to hear what problems

Re: [j-nsp] MX960 2x MS-MPC-128

[Giuliano Medalha]

The PS are in high power mode ?  Position 0 

Sent from my iPhone

> On Feb 26, 2016, at 17:19, Josh Reynolds  wrote:
> 
> 4 High Output AC supplies, only 3 16x10Gbps cards installed with no
> optics in them yet
> 
> Power is okay, it's not doing anything yet :P Good idea though!
> 
>> On Fri, Feb 26, 2016 at 2:14 PM, Chuck Anderson  wrote:
>> Not enough power to power up the card?
>> 
>> show chassis power
>> 
>>> On Fri, Feb 26, 2016 at 01:50:44PM -0600, Josh Reynolds wrote:
>>> Hi all.
>>> 
>>> Pair of MS-MPC-128's. 1st card boots, second card doesn't. Swapped FPC
>>> locations, now the 2nd card boots in the first card's spot, but the
>>> 1st card won't boot in the previous spot of the 2nd card. Have tried
>>> several other slots for the 2nd card the with same results.
>>> 
>>> show chassis hardware recognizes the MS-MPC-128 is installed, but no
>>> power. request chassis fpc online slot X shows: "Online initiated, use
>>> "show chassis fpc" to verify", but "show chassis fpc" still shows it's
>>> powered off.
>>> 
>>> What gives?
>>> 
>>> Thanks
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] BGP session down MX104

[Giuliano Medalha]

People

Do you have any recent problems with BGP sessions ( going down ) using MX104 
and redundant routing engines ?

We have a couple of mx104 and from 30 days ago ( simce we changed the mx80 for 
mx104 on our network) we have suffering with some oscilations on the network 
... because the bgp sessions become unstable ... Sometimes all sessions goes 
down and sometimes only some sessions goes down

We have using JUNOS 13.3R8 or 14.2R5 with the same results ... 

And the sessions are alternating ... Not the same session at event time ...

We have tried traceoptions for sessions, interfaces, protocols, logs, without 
any information that can show to us the root cause of the problem

Do you have any experience with this kind of problem or at least similar to it ?

Thanks a lot

Giuliano



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Throughput testing tools on Juniper?

[Giuliano Medalha]

But for MX240, MX480 and MX960 you will need to combine SCB, MPC and MIC to
test the chassis ...

There is a lot of combinations and possibilities ... SCBE, SCBE2, MPC1,
MPC2, MPC3, MPC4, MPC5, NG-MPC-2 and NG-MPC-3. A lot of MIC types ... gig,
10gig, 40gig and 100gig ...

Are you going to test performance Gbps and PPS ?  Using TCP and UDP ?
Mixed mode and 64 bytes ?

Att,

Giuliano

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/



​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2015 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.


CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Sun, Feb 7, 2016 at 9:11 PM, Shanawaz  wrote:

> Hi Tomasz,
>
> We are looking to run the test on a few different MX platforms (5, 80, 240,
> 480, 960)
>
>
>
> On Thu, Feb 4, 2016 at 6:43 PM, Tomasz Mikołajek 
> wrote:
>
> > Hi.
> > You can configure rfc 2544 test. What Juniper device you have?
> >
> >
> > W dniu czwartek, 4 lutego 2016 Shanawaz  napisał(a):
> >
> >> Hey Folks,
> >>
> >> Are there any tools similar to iperf (or ttcp on cisco) that we can run
> >> between 2 Juniper routers (from the CLI or the shell) to test throughput
> >> between the 2 devices?
> >>
> >> We are suspecting a hard rate-limit placed in an upstream ISP segment
> >> between the 2 devices. It would be nice just to test between the routers
> >> at
> >> both ends of the ISP segment rather than using machines that are a few
> >> more
> >> subnets away.
> >>
> >> Thanks,
> >> Shan
> >> ___
> >> juniper-nsp mailing list juniper-nsp@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>
> >
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Acx5048 vpls vlan-id

[Giuliano Medalha]

Aaron

Thanks a lot

Our problem is related to pass more than one vlan to the same vpls instance.

We have some projects here that depends of it

We will talk with juniper TAC and PLM to see the software roadmap of this box

There is no chance to use this box in projects with this limitation, because 
other vendors with the same chipset have this feature running ok.

It looks like to be a junos feature missing not a technical limitation ... Hope 
so !!!

Thanks a lot anyway

Att

Giuliano



Sent from my iPhone

> On Feb 5, 2016, at 02:07, Aaron  wrote:
> 
> Hi Giuliano, 
> 
> I'm new to Juniper and learning as I gobut I'll at least show you what
> is in my lab.  I have a functioning vpls routing-instance that is working
> with ... ACX5048, MX104, Cisco ASR9006, Cisco ME3600...
> 
> My acx5048 looks like this... here's some bits from the config...
> 
> gvtc@eng-lab-acx5048-1> show version
> fpc0:
> --
> Hostname: eng-lab-acx5048-1
> Model: acx5048
> Junos: 15.1X54-D20.7
> 
> set interfaces ge-0/0/1 speed 100m
> set interfaces ge-0/0/1 encapsulation ethernet-vpls
> set interfaces ge-0/0/1 unit 0 family vpls
> 
> (not shown here is the required, IGP (ospf), MPLS, ldp... that was simple)
> 
> set protocols bgp group ibgp type internal
> set protocols bgp group ibgp local-address 10.101.12.245
> set protocols bgp group ibgp family inet-vpn unicast
> set protocols bgp group ibgp family l2vpn auto-discovery-only
> set protocols bgp group ibgp neighbor 10.101.0.254 local-as 64512
> 
> gvtc@eng-lab-acx5048-1> show configuration | display set | match
> "routing-instances vlan100"
> set routing-instances vlan100 instance-type vpls
> set routing-instances vlan100 interface ge-0/0/1.0
> set routing-instances vlan100 route-distinguisher 10.101.12.245:32768
> set routing-instances vlan100 l2vpn-id l2vpn-id:65535:10100
> set routing-instances vlan100 vrf-target target:65535:10100
> set routing-instances vlan100 protocols vpls no-tunnel-services
> 
> gvtc@eng-lab-acx5048-1> show vpls connections brief
> Layer-2 VPN connections:
> 
> Instance: vlan100
>  L2vpn-id: 65535:10100
>  Local-id: 10.101.12.245
>Remote-id Type  St Time last up  # Up trans
>10.101.0.254  rmt   Up Feb  5 05:59:29 2016   1
>10.101.12.246 rmt   Up Feb  5 05:59:29 2016   1
>10.101.12.248 rmt   Up Feb  5 05:59:29 2016   1
>10.101.12.250 rmt   Up Feb  5 05:59:29 2016   1
>10.101.12.251     rmt   Up Feb  5 05:59:29 2016   1
> 
> Aaron
> 
> -Original Message-
> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
> Giuliano Medalha
> Sent: Thursday, February 4, 2016 9:17 PM
> To: juniper-nsp@puck.nether.net
> Subject: [j-nsp] Acx5048 vpls vlan-id
> 
> People
> 
> We are trying to configure vpls routing-instance in a ACX5048 box
> 
> But the following command does not work after commit ...
> 
> Routing-instances {
>   VPLS-1 {
>   instance-type vpls;
>   ##
>   ## Warning: statement ignored: unsupported platform (acx5048)
>   ##
>   vlan-id all;
>   ##
>   ## Warning: vlan-id-range is specified for this logical interface;
> 'vlan-id all' should also be enabled
>   ##
>   interface ae0.50;
>   route-distinguisher 
> 
> 
> Is there another way to configure this feature ?
> 
> Because on MX works OK and it is pretty simple
> 
> Thanks a lot
> 
> Giuliano
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Acx5048 vpls vlan-id

[Giuliano Medalha]

People

We are trying to configure vpls routing-instance in a ACX5048 box

But the following command does not work after commit ...

Routing-instances {
   VPLS-1 {
   instance-type vpls;
   ##
   ## Warning: statement ignored: unsupported platform (acx5048)
   ##
   vlan-id all;
   ##
   ## Warning: vlan-id-range is specified for this logical
interface; 'vlan-id all' should also be enabled
   ##
   interface ae0.50;
   route-distinguisher 


Is there another way to configure this feature ?

Because on MX works OK and it is pretty simple

Thanks a lot

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] licence keys for MX104

[Giuliano Medalha]

You will need to install the license to use the onboard SFP+ ports (2 o 4
options)



Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/



​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2015 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.


CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Mon, Nov 23, 2015 at 11:56 AM, Matthias Brumm  wrote:

> Hi!
>
> now, that is also a strange thing:
>
> License usage:   Licenses Licenses
> LicensesExpiry   Feature name usedinstalled  needed
> scale-subscriber  0 1000   0 permanent
>  scale-l2tp0 1000   0permanent
> scale-mobile-ip   0 1000   0 permanent
> Licenses installed: none
>
> Am 23.11.2015 um 14:54 schrieb Saku Ytti:
>
>> On 23 November 2015 at 15:51, Matthias Brumm  wrote:
>>
>>> After struggling a week with JTAC they have told me, it may be a licence
>>> issue and I have to install the key. How should I got the keyon purchase?
>>> paper, email?
>>>
>> It should be in envelope shipped with the kit. Keys are not bound to
>> chassis and same key is shipped quite long time. You can also just
>> google for the keys, even juniper.net site has examples with working
>> key.
>> But what does 'show system license' tell, it should confirm if or not
>> it's licensing issue.
>>
>>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] licence keys for MX104

[Giuliano Medalha]

The keys came together with the box inside a letter in a box.

Did you check the manuals ?

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/



​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2015 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.


CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Mon, Nov 23, 2015 at 11:51 AM, Matthias Brumm  wrote:

> Hi!
>
> We have purchased a promotional bundle of the MX104 with 2x 10G built-on
> ports and after upgrading to Junos 13.3R6.5 the built-in ports seem to be
> deactivated.
>
> After struggling a week with JTAC they have told me, it may be a licence
> issue and I have to install the key. How should I got the keyon purchase?
> paper, email?
>
> Regards,
>
> Matthias
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Question about 100 Gbps MPC4E

[Giuliano Medalha]

Paul, we didnt do this test.

We can do it ...

But we will need to run in ae5, because the traffic is very high today 90
Gbps and will rise a lot for the next few months.

The junos version is 13.3R2.

Do you think that ae5 configuration is not helping ?

We did the same test, on the same box, with 12 x 10G SFPP (MPC4E) and it
works fine.

Thanks a lot,

Giuliano

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2014 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.

CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Fri, Feb 6, 2015 at 3:01 PM, Paul Stewart  wrote:

> If you take the 100G port out of LAG does it have any impact on the issue
> you are seeing?  Can you share software version you are running?
>
> Thanks,
> Paul
>
>
> -Original Message-
> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf
> Of Giuliano Medalha
> Sent: Friday, February 6, 2015 4:35 AM
> To: Adam Vitkovsky
> Cc: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] Question about 100 Gbps MPC4E
>
> Adam,
>
> Sorry about delay to answer this post.
>
> We are trying to connect our JUNIPER MX960 router to a IX (Internet
> Exchange Point).
>
> Once you are connected for the first time, the guys from the IX did a
> simple test (linux script) .. similar to an limited ARP Spoofing on every
> single physical port to evaluate the number of MAC answers supported for
> the router (minimum accepted is 1200). They will connect you to L2 main
> matrix.
>
> We have another board on this router ... same MPC4E with 32 x 10G SFPP
> interfaces.  When we did the same ARP Spoofing test using a LAG with 8 x
> 10G interfaces ... it works fine.
>
> With the new MPC4E board (2 x 100G + 8 x 10G SFPP) the test is not working.
> The 100G (et-x/x/x) interface configured inside an AEx logical interface
> does not answer more than 80 MACs ...
>
> We did every single configuration possible on this board ... but nothing
> is working.
>
> The router learns the 1200 MACs ... but the answer does not return to the
> pc machine tester.
>
> I was thinking about some special configuration for this board to do it to
> work. JUNIPER said that there is not any special configuration needed.
>
> Today we will do a simple test using ettercap and a switch with 10G
> connections directly to the new board to see if we got something different.
>
> Thanks a lot,
>
> Giuliano
>
> Giuliano Cardozo Medalha
> Systems Engineer
> +55 (17) 3011-3811
> +55 (17) 98112-5394
> JUNIPER J-PARTNER ELITE
> giuli...@wztech.com.br
> http://www.wztech.com.br/
>
>
>
>
>
> WZTECH is registered trademark of WZTECH NETWORKS.
> Copyright © 2014 WZTECH NETWORKS. All Rights Reserved.
>
> IMPORTANTE:
> As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
> são confidenciais e para conhecimento exclusivo do destinatário. Se o
> leitor  desta  mensagem  não  for o seu destinatário, fica desde já
> notificado de que não poderá  divulgar,  distribuir ou, sob qualquer forma,
> dar conhecimento a terceiros das informações e do conteúdo dos documentos
> anexos. Neste caso, favor comunicar imediatamente o remetente, respondendo
> este e-mail ou telefonando ao mesmo, e em seguida apague-o.
>
> CONFIDENTIALITY NOTICE:
> The information transmitted in this email message and any attachments are
> solely for the intended recipient and may contain confidential or
> privileged information. If you are not the intended recipient, any review,
> transmission,  dissemination or other use of this information is
> prohibited. If you have received this communication in error, please notify
> the sender immediately and delete the material from any computer,

Re: [j-nsp] Question about 100 Gbps MPC4E

[Giuliano Medalha]

Adam,

Sorry about delay to answer this post.

We are trying to connect our JUNIPER MX960 router to a IX (Internet
Exchange Point).

Once you are connected for the first time, the guys from the IX did a
simple test (linux script) .. similar to an limited ARP Spoofing on every
single physical port to evaluate the number of MAC answers supported for
the router (minimum accepted is 1200). They will connect you to L2 main
matrix.

We have another board on this router ... same MPC4E with 32 x 10G SFPP
interfaces.  When we did the same ARP Spoofing test using a LAG with 8 x
10G interfaces ... it works fine.

With the new MPC4E board (2 x 100G + 8 x 10G SFPP) the test is not working.
The 100G (et-x/x/x) interface configured inside an AEx logical interface
does not answer more than 80 MACs ...

We did every single configuration possible on this board ... but nothing is
working.

The router learns the 1200 MACs ... but the answer does not return to the
pc machine tester.

I was thinking about some special configuration for this board to do it to
work. JUNIPER said that there is not any special configuration needed.

Today we will do a simple test using ettercap and a switch with 10G
connections directly to the new board to see if we got something different.

Thanks a lot,

Giuliano

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2014 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.

CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Fri, Jan 30, 2015 at 6:53 AM, Adam Vitkovsky  wrote:

> Hello Giuliano,
>
> I somehow did not get what is not working exactly?
> Are the ports not coming up? Is the LACP not coming up? Or you can't pass
> frames between the VLANs?
>
> adam
> > -Original Message-
> > From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf
> > Of Giuliano Medalha
> > Sent: 30 January 2015 01:13
> > To: juniper-nsp@puck.nether.net
> > Subject: [j-nsp] Question about 100 Gbps MPC4E
> >
> > ​People,
> >
> > We have a router (MX960) with the following MPC4E board (with SCBE2):
> >
> > http://www.juniper.net/documentation/en_US/release-
> > independent/junos/topics/reference/general/mpc4e-2x100ge-8x10ge.html
> > ​
> >
> > We are using it configured as aggregated ethernet AE3 (with LACP)
> > connecting to a CISCO ASR9000 router (minimum-links 1 and link-speed 100g
> > with MTU 9192) using flexible-vlan-tagging and 2 vlans (unit 100 and unit
> > 200).
> >
> > I have found some specific documents about running this board on a
> special
> > way called SA-MULTICAST.
> >
> > http://www.juniper.net/techpubs/en_US/junos14.2/topics/task/configurati
> > on/interfaces-mpc4e-100-ge-interop-sa-multicast.html
> >
> > My question is ... there is some special way to configure this board to
> > talk with CISCO ASR9000 board ? Does cisco needs this king of
> > configuration on juniper to work ?
> >
> > Something like 2 aggregated of 50 Gbps interfaces ? et-4/0/1:0 et-4/0/1:1
> >
> > Do you have something similar in your backbones ? Its necessary to do
> > some special config or adjustment ?
> >
> > There is some MAC-LEARNING limit configured by default on this board ?
> >
> > Could you please help me how to find the correct way to put it to work ?
> >
> > Thanks a lot,
> >
> > Giuliano
> > ___
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> --
> This email has been scanned for email related threats and delivered safely
> by Mimecast.
> For more information please visit http://www.mimecast.com
> --
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Question about 100 Gbps MPC4E

[Giuliano Medalha]

​People,

We have a router (MX960) with the following MPC4E board (with SCBE2):

http://www.juniper.net/documentation/en_US/release-independent/junos/topics/reference/general/mpc4e-2x100ge-8x10ge.html
​

We are using it configured as aggregated ethernet AE3 (with LACP)
connecting to a CISCO ASR9000 router (minimum-links 1 and link-speed 100g
with MTU 9192) using flexible-vlan-tagging and 2 vlans (unit 100 and unit
200).

I have found some specific documents about running this board on a special
way called SA-MULTICAST.

http://www.juniper.net/techpubs/en_US/junos14.2/topics/task/configuration/interfaces-mpc4e-100-ge-interop-sa-multicast.html

My question is ... there is some special way to configure this board to
talk with CISCO ASR9000 board ?  Does cisco needs this king of
configuration  on juniper to work ?

Something like 2 aggregated of 50 Gbps interfaces ?  et-4/0/1:0  et-4/0/1:1

Do you have something similar in your backbones ?   Its necessary to do
some special config or adjustment ?

There is some MAC-LEARNING limit configured by default on this board ?

Could you please help me how to find the correct way to put it to work ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] QFX5100 question

[Giuliano Medalha]

Joe,

Starting with 14.1X53-D10, QFX5100 supports L2VPN, but only the Martini
draft(LDP based), not Kompella(BGP based).

See the release notes:

Ethernet-over-MPLS (L2 circuit) (QFX5100)—Starting with Junos OS Release
14.1X53-D10, Ethernet-over-MPLS is supported on QFX5100 switches.


Ethernet-over-MPLS enables you to send Layer 2 Ethernet frames
transparently over an MPLS cloud. Ethernet-over-MPLS uses a tunneling
mechanism for Ethernet traffic through an MPLS-enabled Layer 3 core. It
encapsulates Ethernet protocol data units (PDUs) inside MPLS packets and
forwards the packets, using label stacking, across the MPLS network.


QFX5100 is a very good machine, with a lot of new features and good
performance, but you need to take care about the new CLI (L2NG) and how to
configure things (qinq for instance is different from EX).


I think that, if the actual implementation of L2VPN feature can support
your network, and you SE helps you and your tem with the correct scripts or
the correct way to configure (testing before) ... you will NOT have any
problems to buy it and to deploly it.


Att,


Giuliano

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2014 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.

CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.

On Thu, Dec 18, 2014 at 10:07 PM, Joe Freeman  wrote:
>
> Before we go out and spend a large amount of money to replace some gear
> we're not happy with in our network, I thought I'd check to see what
> opinions I could get on the QFX5100.
>
> We are looking at using them in an MPLS PE role, with the new code release
> that has added support for L2VPN's (according to our SE). Each of these
> 5100's would be connected to at least one MX router (preferably two for
> redundancy) via one or more 10Ge LAG groups. Our CO's are too far apart for
> 40Gbe at the moment.
>
> Any thoughts or opinions would be helpful.
>
> Thanks-
> Joe
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] QinQ in QFX5100

[Giuliano Medalha]

Not possible.

We have a J-TAC case about it ...

You will need to change the way you configure the trunk port ... only in a
new BRIDGE way ... will work.



We did the same think using EX4300 here ... same ELS software and new way
to configure:








Topology:





X__CE1__X ge-0/0/0 -- ge-0/0/0 X__PE1__X ge-0/2/0 -- ge-0/0/32
X__PE2__X ge-0/0/0 -- ge-0/0/0 X__CE2__X



=

X__CE1__X:

=



root@X__CE1__X# show interfaces ge-0/0/0

unit 0 {

family ethernet-switching {

port-mode trunk;

vlan {

members 10;



root@X__CE1__X# show vlans v10

vlan-id 10;

l3-interface vlan.10;



root@X__CE1__X# run show vlans v10

Name   Tag Interfaces

v1010

   ge-0/0/0.0*



root@X__CE1__X# run show interfaces terse vlan

Interface   Admin Link ProtoLocal Remote

vlan upup

vlan.10 upup   inet 10.10.10.1/24



root@X__CE1__X# run ping 10.10.10.2 source 10.10.10.1

PING 10.10.10.2 (10.10.10.2): 56 data bytes

64 bytes from 10.10.10.2: icmp_seq=0 ttl=64 time=2.300 ms

64 bytes from 10.10.10.2: icmp_seq=1 ttl=64 time=1.674 ms

64 bytes from 10.10.10.2: icmp_seq=2 ttl=64 time=2.453 ms

64 bytes from 10.10.10.2: icmp_seq=3 ttl=64 time=1.566 ms

64 bytes from 10.10.10.2: icmp_seq=4 ttl=64 time=1.772 ms



--- 10.10.10.2 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max/stddev = 1.566/1.953/2.453/0.355 ms



=

X__PE1__X:

=



root@X__PE1__X# run show version

fpc0:

--

Hostname: X__PE1__X

Model: ex4300-24t

JUNOS EX  Software Suite [13.2X51-D25.2]

JUNOS FIPS mode utilities [13.2X51-D25.2]

JUNOS Online Documentation [13.2X51-D25.2]

JUNOS EX 4300 Software Suite [13.2X51-D25.2]

JUNOS Web Management [13.2X51-D25.2]

JUNOS py-base-powerpc [13.2X51-D25.2]



root@X__PE1__X# show interfaces ge-0/0/0  < CE1 Port

flexible-vlan-tagging;

encapsulation extended-vlan-bridge;

unit 20 {

vlan-id-list 10;

   input-vlan-map push;

output-vlan-map pop;



root@X__PE1__X# show interfaces ge-0/2/0  < PE2 Port

flexible-vlan-tagging;

encapsulation extended-vlan-bridge;

ether-options {

ethernet-switch-profile {

tag-protocol-id 0x88a8;

}

}

unit 20 {

vlan-id 20;

}



{master:0}[edit]

root@X__PE1__X# show vlans

default {

vlan-id 1;

}

v20 {

interface ge-0/0/0.20;

interface ge-0/2/0.20;



root@X__PE1__X# run show vlans v20



Routing instanceVLAN name Tag  Interfaces

default-switchv20  NA

   ge-0/0/0.20*

   ge-0/2/0.20*






=

X__PE2__X:

=



root@X__PE2__X# run show version

fpc0:

--

Hostname: X__PE2__X

Model: ex4300-32f

JUNOS EX  Software Suite [13.2X51-D25.2]

JUNOS FIPS mode utilities [13.2X51-D25.2]

JUNOS Online Documentation [13.2X51-D25.2]

JUNOS EX 4300 Software Suite [13.2X51-D25.2]

JUNOS Web Management [13.2X51-D25.2]

JUNOS py-base-powerpc [13.2X51-D25.2]



root@X__PE2__X# show interfaces ge-0/0/32  < PE1 Port

flexible-vlan-tagging;

encapsulation extended-vlan-bridge;

ether-options {

ethernet-switch-profile {

tag-protocol-id 0x88a8;

}

}

unit 20 {

vlan-id 20;



root@X__PE2__X# show interfaces ge-0/0/0  < CE2 Port

flexible-vlan-tagging;

encapsulation extended-vlan-bridge;

unit 20 {

vlan-id-list 10;

input-vlan-map push;

output-vlan-map pop;



root@X__PE2__X# show vlans v20

interface ge-0/0/32.20;

interface ge-0/0/0.20;



root@X__PE2__X# run show vlans v20



Routing instanceVLAN name Tag  Interfaces

default-switch  v20   NA

 ge-0/0/0.20*

 ge-0/0/32.20*






=

X__CE2__X:

=



root@X__CE2__X# show interfaces ge-0/0/0

unit 0 {

family ethernet-switching {

port-mode trunk;

vlan {

members all;



root@X__CE2__X# show vlans v10

vlan-id 10;

l3-interface vlan.10;



root@X__CE2__X# run show vlans v10

Name   Tag Interfaces

v1010

   ge-0/0/0.0*



root@X__CE2__X# run show interfaces terse vlan

Interface   Admin Link ProtoLocal Remote

vlan upup

vlan.10 upup   inet 10.10.10.2/24



root@X__CE2__X# run ping 10.10.10.1 source 10.10.10.2

PING 10.10.10.1 (10.10.10.1): 56 data bytes

64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=2.253 ms

64 bytes from 

[j-nsp] Q-in-Q - QFX5100 [ new ELS CLI ]

[Giuliano Medalha]

​P
​eople,

We have a simple environment where we need to configure q-in-q using
QFX5100 boxes:


   T TT
QFX5100(A)  QFX5100(B)--QFX5100(C) - QFX5100(D)



T = trunk (interface-mode) 802.1Q

A and D elements need to push and pop C-VLANS.

​C-VLANs on this simple case are:​
​ list between [2500-2600]​


​S-VLAN would be vlan-id 2000​


​We have configured the following:​


​giuliano@CORE-SW-A# show interfaces ge-0/0/23
flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
unit 2000 {
vlan-id-list 2500-2600;
input-vlan-map push;
output-vlan-map pop;
}

 set vlans S-VLAN interfaces ge-0/0/23.2000  < here is not possible to
configure vlan-id 2000

No problem until now.

But the question now is ...

How can we transport the S-VLAN to a trunk port with familiy
ethernet-swtiching ?


Is it possible ?  We need to create another vlan with vlan-id 2000 ?


set vlans V2000 vlan-id 2000

set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode
trunk vlan-members V2000


It will work in this environment ?

Anyone had tested it with the last recommended release ?  13.2X51-D26

It works ?


Thanks a lot,


Giuliano





​
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Juniper ex9200

[Giuliano Medalha]

Santiago we have a pair of EX9200 working very well with virtual chassis
mode.

The new SF2 can provide 460 Gbps per slot but there are no modules capable
yet to provide it for you (I think)

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 98112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




​
WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2014 WZTECH NETWORKS. All Rights Reserved.

IMPORTANTE:
As informações deste e-mail e o conteúdo dos  eventuais  documentos anexos
são confidenciais e para conhecimento exclusivo do destinatário. Se o
leitor  desta  mensagem  não  for o seu destinatário,
fica desde já notificado de que não poderá  divulgar,  distribuir ou, sob
qualquer forma, dar conhecimento a terceiros das informações e do conteúdo
dos documentos anexos. Neste caso, favor comunicar imediatamente
o remetente, respondendo este e-mail ou telefonando ao mesmo, e em seguida
apague-o.

CONFIDENTIALITY NOTICE:
The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.


On Fri, Jul 11, 2014 at 12:17 PM, Santiago Martinez <
santiago.martinez...@gmail.com> wrote:

> Hi guys,
>
> Just wondering if anyone out there is already using the ex9200 switches.
> Im interested on knowing about stability in virtual chassis mode.
>
> Also, does anyone have idea about the bw per slot with the new SF2?
>
> Thanks in advance.
>
> Have a great weekend.
>
> Santiago
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] JUNIPER L3VPN MPLS LAB - MTU

[Giuliano Medalha]

​Hello everyone,

Doing some lab tests with JUNIPER SRX100H2 equipments (packet-mode).

Basically we have:

  --- P3 --- P4 ---
   - -
 PE-1 - - PE-2
   - -
  --- P1 --- P3 ---


All fast interfaces are configured like:

set interfaces fe-0/0/0 mtu 1534
set interfaces fe-0/0/0 unit 0 family inet mtu 1500
set interfaces fe-0/0/0 unit 0 family inet6 mtu 1500
set interfaces fe-0/0/0 unit 0 family mpls mtu 1520


MPLS MTU = IP MTU + 20 byte

After commit the system asks to configure Interface MTU with 1534 bytes
(MPLS MTU + MTU overhead = 14 bytes)

The VRF can converge and everything works fine.

The questions about this configuration are:

- When we access P1 ... it cannot run ssh to P3 directly.  SSH do not work.

- If we remove fe-0/0/0 unit 0  family inet mtu it works fine.


This configuration is correct for fast ethernet using RSX ?

We do not test VRF with applications (FTP, HTTP, etc) ... it will work ?

Inside VRF we have another interfaces (PE routers) ... Do we need to
configure interface MTU for VRF too ?



Anyone knows why SSH is not working  between boxes ?   Could be
fragmentation ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] ACX Series Routers (BGP MPLS L3 VPN RFC 2547bis)

[Giuliano Medalha]

​People,

Does anyone using ACX Series considering BGP MPLS L3 VPN (RFC 2547 bis) ?

It has some limitation ?   Any feature not available ?

And about the scalability ?   It works fine ?​

Could you please share some practical and real experience ?

How many VRF ?   Max PPS ?

The ASX does use any ASIC ?  Like TRIO ?  The control plane is PPC  ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] DWDM SFP+ Finisar

[Giuliano Medalha]

People,

Does anyone has some experience using SFP+ (10G) DWDM Finisar (3 party
optics) in JUNIPER products ?  For 40Km or 80 Km ?

Following:

http://www.finisar.com/sites/default/files/pdf/FINISAR_WDM_Reference_Guide_Jun2008.pdf

It works normally in MX240/480/960 or EX4550 ?

Did you test it ?  It works normally ?

Any other reference on Mini-Gbic SFP+ DWDM 10G that works ?

thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX PPPoE experience and scaling values.

[Giuliano Medalha]

I think that is not possible until now to use SRX as a BRAS element, only
MX family.

You could use MX5 with SM license for PPPoE users.

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2013 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.


On Wed, Apr 2, 2014 at 12:30 AM, Шепелев Андрей wrote:

> Good day everyone.
>
> so far i was thinking about using SRX model as cheap PPPoE subscriber
> device, with radius authorization and accounting, so have anyone tried
> using it like this? any experience or options?
>
> thx.
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] VLAN's on EX4300 with 13.2X50-D15.3

[Giuliano Medalha]

I think the following link can answer it for you:

http://www.juniper.net/techpubs/en_US/junos13.2/topics/task/configuration/getting-started-els.html

Enhanced Layer 2 Software

EX4300 switches

13.2X50-D10

EX9200 switches

12.3R2

QFX3500 switches

13.2X50-D15

QFX3600 switches

13.2X50-D15

QFX5100 switches

13.2X51-D10




Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2013 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.


On Wed, Feb 19, 2014 at 3:15 PM, Bill Blackford wrote:

> Next Gen CLI for layer2. This is the same format as the Layer2 Functions
> on the MX. Is this a trend for all EX products or just the NG hardware?
>
>
> On Wed, Feb 19, 2014 at 2:25 AM, Giuliano Cardozo Medalha <
> giuli...@wztech.com.br> wrote:
>
>> ex4300 uses next generation cli for L2
>>
>> instead of use interface vlan you need to use interface irb
>>
>> set vlan TEST vlan-id 20 l3-interface irb.20
>>
>> set interface irb unit 20 family inet address 192.168.20.100/24
>>
>> and now for port mode ( access x trunk ) you need to use
>>
>> interface-mode ...
>>
>> dhcp-relay and rstp changed too ...
>>
>> set forwarding-options dhcp-relay ... and not helpers anymore
>>
>> set protocols rstp interface ge-0/0/0
>>
>> you need to declare every interface under rstp ...
>>
>> wildcard range set protocols ... helps
>>
>> wildcard range set interfaces ... too
>>
>> to see trunk ports
>>
>> >  show ethernet-switching interface | except untagged |  match tagged
>>
>>
>>
>> Sent from my iPhone
>>
>> > On 19/02/2014, at 00:44, Janusz Wełna  wrote:
>> >
>> > Hi,
>> >
>> >
>> > Why when I have below config:
>> >
>> >  ge-0/0/44 {
>> >description test;
>> >unit 0 {
>> >family ethernet-switching {
>> >vlan {
>> >members vlan103;
>> >}
>> >storm-control default;
>> >
>> >   unit 103 {
>> >description test;
>> >family inet {
>> >address 10.46.163.1/29;
>> >
>> >
>> >vlan103 {
>> >description test;
>> >vlan-id 103;
>> >l3-interface vlan.103;
>> >
>> >
>> >
>> >
>> > I cannot ping from EX4300 10.46.163.1 and I cannot ping 10.46.163.1 from
>> > server connected to ge-0/0/44
>> >
>> >
>> >
>> >
>> > But when I add below:
>> >
>> >
>> > irb {
>> >unit 103 {
>> >family inet {
>> >address 10.46.163.1/29;
>> >
>> >
>> > and delete :
>> >
>> >
>> > vlan103 {
>> >description SGI;
>> >vlan-id 103;
>> >l3-interface vlan.103
>> >
>> >
>> >
>> >
>> > ping works correctly.
>> >
>> >
>> > On EX3300, EX4200 and EX2200 I not need setup irb interface, why I need
>> on
>> > EX4300 ?
>> >
>> >
>> >
>> > Br,
>> >
>> >
>> > Janusz
>> > ___
>> > juniper-nsp mailing list juniper-nsp@puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Bill Blackford
>
> Logged into reality and abusing my sudo privileges.
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] MX960 - Release 12.3R4

[Giuliano Medalha]

​People,

Does anyone used JUNOS 12.3R4 on MX960 gear ?

Is this a stable release ?

Could you please send some feedback about it ?

We have a recommendation of using it but we need to know if is stable or
not in production environment ... considering BGP and MPLS.

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX8200 EoS / EoL ?

[Giuliano Medalha]

Much better to spend more $$$ in 9200 because it scales to 40G and
100G and because it uses a king if TRIO ASIC (other name and limited
FIB/RIB only) ... and it is prepared to SDN ... integrated to QFX5100
... so on ...
Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2013 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments
are solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any
review, transmission,  dissemination or other use of this information
is prohibited. If you have received this communication in error,
please notify the sender immediately and delete the material from any
computer, including any copies.


On Fri, Nov 8, 2013 at 12:01 AM, Robert Hass  wrote:
> Hi
> As I would like to buy bunch of EX8200 + XRE I have question will EX8200 go
> EoS or EoL in near time as it looks that EX9200 is good successor of this
> platform.
>
> Can anyone comment is good choice to still go for EX8200 or maybe better
> spend few more $$$ for EX9200 ?
>
> Rob
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] AFL license for EX8200 VirtualChassis

[Giuliano Medalha]

Robert,

We did a bad experience buying only  EX-XRE200-AFL.

After the installation and after a commit ... the system continues to
ask the EX8208 licenses showing warning messages at console.

We bought the licenses and we need to install it by hand using shell ...

The JUNOS version was 12.3R3.

We recommend that you buy to feel free from log messages every commit.

But remember that you will need to create the correct files by hand
and install it using "vi" by shell only.

If you need more information I can help.

Att,

Giuliano
Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2013 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments
are solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any
review, transmission,  dissemination or other use of this information
is prohibited. If you have received this communication in error,
please notify the sender immediately and delete the material from any
computer, including any copies.


On Thu, Nov 7, 2013 at 7:08 AM, Robert Hass  wrote:
> Hi
> I'm planning to buy AFL licenses for my 2xEX8200 + 2xXRE200
> (VirtualChassis) setup.
>
> Do you need to buy :
>
> 2 x EX-XRE200-AFL
> 2 x EX8208-AFL
>
> or just is enough as I'm running setup with XRE/VirtualChassis
>
> 2 x EX-XRE200-AFL
>
> ?
>
> Rob
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MX80 Route table Size

[Giuliano Medalha]

Luca,

The information we have he is:

~4M RIB - (1 BGP session test only)
~1M FIB

We have some cases here with 6 full routing tables from 6 different carriers

Other cases include more than 60 sessions with 4 routes each.

The number of sessions itself can change the numbers too.

Att,

Giuliano
Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2013 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments
are solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any
review, transmission,  dissemination or other use of this information
is prohibited. If you have received this communication in error,
please notify the sender immediately and delete the material from any
computer, including any copies.


On Sun, Sep 22, 2013 at 10:24 PM, Luca Salvatore  wrote:
> Hi,
> I can't seem to find how many IPv4/IPv6 routes the MX80 range can support.  I 
> know it can do the full BGP table but the info does not seem to be anywhere 
> on juniper.net.
> I'm sure it used to be…. Perhaps I'm blind.  I can find it for EX switches 
> but not MX gear.
>
> Does anyone have a like to official juniper doco that states the max route 
> table for MX80?
> --
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX8208 - Virtual Chassis with AFL License

[Giuliano Medalha]

The AFL License is used to activate BGP.

Any feature related to AFL License ... BGP, IS-IS, MPLS  ... have the
same problem.

Looks like that JUNOS 12.3R3 (recommended release for J-TAC) does not
recognize that AFL licenses are correctly installed in XRE200 boxes.

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2013 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments
are solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any
review, transmission,  dissemination or other use of this information
is prohibited. If you have received this communication in error,
please notify the sender immediately and delete the material from any
computer, including any copies.


On Thu, Sep 5, 2013 at 10:13 PM, Diogo Montagner
 wrote:
> It seems your problem is related to the BGP license and not to the VC
> license.
>
> Can you double confirm this ?
>
> If you deactivate the entire BGP configuration, does your problem get solved
> ?
>
> Thanks
>
> On Friday, 6 September 2013, Giuliano Medalha wrote:
>>
>> People,
>>
>> We have a virtual chassis environment using:
>>
>> 2 x XRE200 (routing engines)
>> 2 x EX8208 (linecards)
>>
>> We have bought AFL license for XRE200 boxes, following the JUNIPER
>> recommendation for this environment:
>>
>> You do not need additional license keys for Virtual Chassis member
>> switches that are in the linecard role or for the redundant Routing
>> Engine (RE) modules or the redundant Switch Fabric and Routing Engine
>> (SRE) modules in an EX8200 member switch. [1]
>>
>>
>> After the installation of the 2 licenses in XRE200 boxes ... we still
>> have problems after commit.
>>
>> After 27 days trying J-TAC, A-TAC, PLM, etc ... we do not have our
>> problem solved.
>>
>> Does anyone on this list has some related problem with that ?
>>
>> Thanks a lot,
>>
>> Giuliano
>>
>>
>> member8:
>> configuration check succeeds
>>
>> member0-re0:
>> [edit protocols]
>>   'bgp'
>> warning: requires 'bgp' license
>> member0-re1:
>> configuration check succeeds
>>
>> member1-re0:
>> [edit protocols]
>>   'bgp'
>> warning: requires 'bgp' license
>> member1:
>> member1-re1:
>> configuration check succeeds
>>
>> member9:
>> configuration check succeeds
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
> --
> ./diogo -montagner
> JNCIE-SP 0x41A

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] EX8208 - Virtual Chassis with AFL License

[Giuliano Medalha]

People,

We have a virtual chassis environment using:

2 x XRE200 (routing engines)
2 x EX8208 (linecards)

We have bought AFL license for XRE200 boxes, following the JUNIPER
recommendation for this environment:

You do not need additional license keys for Virtual Chassis member
switches that are in the linecard role or for the redundant Routing
Engine (RE) modules or the redundant Switch Fabric and Routing Engine
(SRE) modules in an EX8200 member switch. [1]


After the installation of the 2 licenses in XRE200 boxes ... we still
have problems after commit.

After 27 days trying J-TAC, A-TAC, PLM, etc ... we do not have our
problem solved.

Does anyone on this list has some related problem with that ?

Thanks a lot,

Giuliano


member8:
configuration check succeeds

member0-re0:
[edit protocols]
  'bgp'
warning: requires 'bgp' license
member0-re1:
configuration check succeeds

member1-re0:
[edit protocols]
  'bgp'
warning: requires 'bgp' license
member1:
member1-re1:
configuration check succeeds

member9:
configuration check succeeds
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] L2Circuit VLAN-CCC EX4550

[Giuliano Medalha]

People,

We have an issue when implementing vlan-CCC in JUNIPER EX4550 switches.

When we put the port like the following mode:

set interfaces xe-0/0/10 encapsulation vlan-ccc
set interfaces xe-0/0/10 vlan-tagging
set interfaces xe-0/0/10 unit 600 vlan-id 600

When we close L2Circuit with non-JUNIPER switches (like cisco or extreme)
the EX4550 is doing a kind of POP in Ethernet framing removing the VLAN-ID
(frames incoming xe-0/0/10 port).

The communication cannot be established with the neighbor switch.

Using MX series at the same environment there is no problems and the
behavior is correct (the 802.1Q label entering the port is not altered).

Do you think there is some kind of bug on JUNOS code for EX4550 ?

Or this behavior can be modified ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Netconf for VCP - EX4550

[Giuliano Medalha]

There is no option for:


show interface queue vcp-x/y/z


It does not support it.


I think that the following KB solved the problem for EX8208 and
EX4200/4500/4550:


http://kb.juniper.net/InfoCenter/index?page=content&id=KB27711&actp=RSS


Thanks a lot,

Giuliano




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2013 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.


On Fri, Aug 16, 2013 at 8:32 PM, Diogo Montagner
wrote:

> The problem of this approach is that you are assuming all packets will
> have the same size.
>
> You could use the timestamp of each collection to calculate how many
> packets traversed the interface in that period. It doesn't have a good
> accuracy but will give something very close.
>
> What about getting the pps and bps from the show interface queue vcp-x/y/z
> ?
>
> Thanks
>
> On Saturday, 17 August 2013, Giuliano Medalha wrote:
>
>> People,
>>
>> We are doing a custom management system for VCP interfaces monitoring
>> using
>> NETCONF in JUNOS.
>>
>> The following stats are the only one reported to us:
>>
>> T2
>> 3966099
>> 3985901
>>
>> T1
>> 3966000
>> 3985850
>>
>>
>> How is possible to calculate the input rate and the ouput rate ?
>>
>> The MTU for the interface is 1514.
>>
>> Can we consider something like:
>>
>> 1514 x 8 x (3966099-3966000) / (T2 - T1)
>>
>> It can be considering a goog mean value ?  Or we will have so much
>> variations for packet size  ?
>>
>> packet size for JUNOS (VCP interface) is the same as ethernet frame-size ?
>>
>> Thanks a lot,
>>
>> Giuliano
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
> --
> ./diogo -montagner
> JNCIE-SP 0x41A
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] EX8208 Virtual Chassis Protection

[Giuliano Medalha]

People,

Someone on the list have implemented virtual chassis using EX8208 before ?

We are looking for some sample of configuration related to a firewall
filter (Ex. PROTECT-RE) for EX8208 in a Virtual Chassis Environment ?

Is it possible to use the same loopback address ?  It will protect the
external XRE200 at the same way ?  Is it correct ?

I am looking for some reference inside JUNIPER web site without sucess.

The VCP ports must be configured with any kind of filter ?

The input policer is not permited in loopback 0 ... how is possible to
policer ICMP packets for example ?

Does anyone on list has some experience with that ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Netconf for VCP - EX4550

[Giuliano Medalha]

People,

We are doing a custom management system for VCP interfaces monitoring using
NETCONF in JUNOS.

The following stats are the only one reported to us:

T2
3966099
3985901

T1
3966000
3985850


How is possible to calculate the input rate and the ouput rate ?

The MTU for the interface is 1514.

Can we consider something like:

1514 x 8 x (3966099-3966000) / (T2 - T1)

It can be considering a goog mean value ?  Or we will have so much
variations for packet size  ?

packet size for JUNOS (VCP interface) is the same as ethernet frame-size ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] JUNOS CLI

[Giuliano Medalha]

People,

When you start using configuration mode on JUNOS it shows the following
output:

user@ROUTER# set ?
Possible completions:
> access   Network access configuration
> access-profile   Access profile for this instance
> accounting-options   Accounting data configuration
> applications Define applications by protocol characteristics
+ apply-groups Groups from which to inherit configuration data
> bridge-domains   Bridge domain configuration
> chassis  Chassis configuration
> class-of-service Class-of-service configuration
> ethernet-switching-options  Ethernet-switching configuration options

Why apply-groups appears with a + instead of > signal ?

Do you have the explanation for that ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] RIB and FIB - Memory for MX with LR

[Giuliano Medalha]

People,

Thinking about configuring 2 Logical Systems in a MX480 box with RE1800X4,
how can we provide control for memory allocation ?

The box has the following configuration:

2 x RE1800X4-16GB
1 x MPC-3D-16XGE-SFPP-R-B
2 x SCBE-MX

Is it possible to control the RIB and the FIB size using JUNOS for each
Logical System ?

Or is it automatic by the system ?

How much routes is possible in FIB for MX480 ?  2.5M ?  For this board when
create logical system it divide by two ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX550 Mode Packet Based for BGP Full Routing

[Giuliano Medalha]

People,


Has anyone used the SRX550 in packet based mode for border router with BGP ?

Considering the datasheet it only supports 712k BGP routes.

I would like to know if this data is the amount of RIB or the converged
routes.

Is it possible to install 2 full routing using this box ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] RPM Probes with Event Options

[Giuliano Medalha]

Hi All,

We need to create a test condition to integrate JUNIPER with a PeerAPP
proxy appliance.

The server has 4 giga interfaces (four IP blocks /30) and we need to test
them (using rpm ping probes) to generate the conditions for a event-options
script.

Is there some way to generate an event-options script that consider more
than one condition (4 rpm icmp probes tested) mixed togheter using AND
logic ?

We need only to turn off the firewall filter for redirect the traffic, when
the 4 interfaces went donw ...

I have found the following sample config:

http://www.juniper.net/techpubs/en_US/junos12.2/topics/topic-map/junos-script-automation-event-policy-change-configuration.html

But  there is only some examples considering one interface and one match
condition inside the policy-options.

Do you know some options to considering more that one test probe from RPM ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] EX4550 MPLS CCC

[Giuliano Medalha]

Hello, Good evening,

We bought some JUNIPER EX4550 and put in a simple topology and simple
configuration, trying to use MPLS CCC togheter with tagged Vlans (ethernet
switching). We come with JUNIPER and they said not to be possible in this
case, use two encapsulation types on the same interface (like MX ...).

We then made ​​the separation of types of traffic and transportation using
physical ports. However, when we set up the interface for support VLANs mode
CCC (vlan tagging encapsulation vlan-ccc) ... after the commit it's a
warning that will only support vlan-id 1 to 511.

Is there any way to not have this limitation? The other way to
encapsulamente and ethernet-ccc.

Anyone ever used the EX4550 switches to this functionality? Could you help
us? The most documents also refers to EX8200.

Thank you,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Switch Log Message

[Giuliano Medalha]

Hi,

Does anyone has seen this type of log before (EX2200 switches ?)


Mar 23 03:01:02.204  SW-CORE /kernel: tcp_timer_keep: Dropping socket
connection due to keepalive timer expiration

Do you think is something critical ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] CoS Configuration

[Giuliano Medalha]

Hi,

Does anyone has some experience implementing CoS using Radius for MX Series
with PPPoE License ?

We are looking for a specific solution that:

- Can allocate bandwidth of 1 Mbps for a subscriber user (PPPoE dynamic
interface) for the first 1MB.

- After the first 1MB  we will need to reduce the bandwidth for 512
kbps.

Witch mechanism or configuration we could use to do something similar to
that ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Q-in-Q of Untagged Frames Transport

[Giuliano Medalha]

People,

Is it possible to transport untagged ethernet frames using Q-in-Q in EX2200
switches ?

The client port is ever untagged ... but we would like to transport
untagged frames, like a direct computer frames from one side to other side
(access client port)

Is it possible to do it using EX2200 ?

Does anyone have used   customer native vlan-id  ?

Any example of configuration ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] New MX Product Family - Is it true ?

[Giuliano Medalha]

Hello,

Does anyone knows something about the new MX family ?

I have been read on this list about the new products to replace MX80, MX5,
etc.

Is it true ?   Juniper will release the new family this year ?

Something new ?  More RE CPU ?  More RE memory ? More PFE performance ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Lab gear to mimic MX80?

[Giuliano Medalha]

Hi Saku,

Considering the previous discussion ... do you know the correct capacity of
ACX series routers ?

Juniper said that it will support 7000 MAC Address and 60 Gbps with 35 Mpps.

How is it possible without TRIO ?

Is it asic based router for MPLS ?

ACX1100 has a very good price and it has a good configuration.

Thanks a lot,

Giuliano



WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2012 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.


On Sat, Mar 2, 2013 at 6:00 AM, Saku Ytti  wrote:

> On (2013-03-01 15:12 -0800), Morgan McLean wrote:
>
> > I'd like to pick up a few pieces of gear to simulate our MX80's in
> > production. We wouldn't necessarily need the same amount of memory,
> > throughput etc just feature set and general config.
> >
> > Would it be safe to say I could pickup the relatively cheap J2350 boxes
> and
> > stick the same version of JunOS on them and have a pretty similar
> > experience? Not like the MX80 has any processing cards or anything
> special
> > like the higher end MX boxes can take.
>
> I'm sorry but this won't fly. Either feature is platform independent where
> SRX, J, Olive is fine. Or it is platform specific, in which case you'd need
> Trio box (which ACX is not)
>
> On top of my head you can pretty much forget QoS testing on other than Trio
> box as well as you can't test 'ddos-protection', I'm sure there are many
> examples where test results won't transfer.
>
> Cheapest Trio box is MX5, you can get your lab gear discounted further than
> your production gear.
>
> --
>   ++ytti
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] MX5 BGP Problems (BGP and/or IPFX)

[Giuliano Medalha]

People,

We have read the last messages of this list related to problems with MX80
routers.

We have twi open cases with J-TAC for 2 different routers.

- One of the MX5 routers has the same problem reported on this list: is
takes too slow to start forwarding packets.
  (only 3 full routing table and five partial routing sessions). It tooks
something like 20 to 30 minutos for BGP to announce the downstream prefixes
to upstream routers
  Without IPFX (inline j-flow) configured.

- Another box has some more sessions (1 full routing from iBGP session and
136 BGP sessions (1.5M routes RIB) to provide full routing to downstream
and receiveing 1 or 2 prefixes).
  When the box restart the memory goes to 84%.  It took 30 minutos to start
forwarding all packtes from all sessions.  7 Gbps total traffic.
  The problem is when some routing policy need to be modified ... the first
commit  level up the memory to 89%  ... the second one to 91 ... so on ...
until 94%
  The box starts to flap some sessions and suddenly it looses all sessions
...
  Any other commit on this box must be a dead shot.  We have open a case
and explain to JUNIPER what happening. They have asked us
  When IPFX is not working the situation is  better  BGP sessions more
stable ... but 94% of the memory after 2 or 3 commits after reboot ...same
situation without BGP session flaps.

I saw that you create a case with a PR number PR 836197 ...  my SE told me
today that it must be addressed to  the next  13.1 release.

My simple question is ... maybe they can solve the RPD process problems ..
.related to BGP convergence too slow.

But what about to have and IPFX problem  ?   Maybe we have another problem
when IPFX is turned ON (in-line j-flow) ... togheter with BGP.

This two problems could have some relationship ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] JunOS version for MX40?

[Giuliano Medalha]

we are using here 11.4R6.6 and  it was a good choice.






WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2012 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.


On Thu, Feb 7, 2013 at 6:56 PM, james jones  wrote:

> if you can, I would go with at least the latest 12.1R. lots of bug fixes.
>
> On Thu, Feb 7, 2013 at 3:45 PM, Gabriel Blanchard 
> wrote:
>
> > If it's for a lab...why not run greatest and latest? if not, run the
> > recommended.
> >
> > On 13-02-07 03:08 PM, Steve Feldman wrote:
> > > I have a couple of shiny new MX40s in my lab, and need to do some
> > testing before we deploy them.
> > >
> > > They will be doing fairly vanilla BGP (~2 full feeds), IS-IS and/or
> > OSPF, and some interface filtering.  No MPLS for now, but possibly in the
> > future to support L2VPN/L3VPN services.
> > >
> > > What is your favorite version of JunOS for the MX5/10/40?  Juniper is
> > recommending 11.2R5.5 this week.
> > >
> > >
> > > Thanks,
> > > Steve
> > > ___
> > > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> > ___
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SFP+ Cooper Option (not DAC)

[Giuliano Medalha]

People,

Is there any option to use together with EX Series Switches with SFP+ using
cooper CAT6 cable ?

Or the only cooper option will be the DAC cable ?

Do you know any available option for SFP+ with RJ45 port for 10Gig ?

Juniper accepts it ?  It works ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] J-Flow Configuration on MX5

[Giuliano Medalha]

A friend use the following config for 1:1 inline j-flow IPFIX


set chassis tfeb slot 0 sampling-instance ifix
set interfaces ge-1/1/0 unit 0 family inet sampling input
set interfaces ge-1/1/0 unit 0 family inet sampling output
set forwarding-options sampling instance ifix input rate 1
set services flow-monitoring version-ipfix template ipv4 flow-active-timeout
60
set services flow-monitoring version-ipfix template ipv4 flow-inactive-timeout
60
set services flow-monitoring version-ipfix template ipv4
template-refresh-rate packets 1000
set services flow-monitoring version-ipfix template ipv4
template-refresh-rate seconds 10
set services flow-monitoring version-ipfix template ipv4
option-refresh-rate packets 1000
set services flow-monitoring version-ipfix template ipv4
option-refresh-rate seconds 10
set services flow-monitoring version-ipfix template ipv4 ipv4-template
set forwarding-options sampling instance ifix family inet output flow-server
 port 
set forwarding-options sampling instance ifix family inet output flow-server
 version-ipfix template ipv4
set forwarding-options sampling instance ifix family inet output inline-
jflow source-address 
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MX5 with bras?

[Giuliano Medalha]

It was 12.2R2, not ?



WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2012 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.



On Sat, Dec 8, 2012 at 12:28 AM, Skeeve Stevens <
skeeve+juniper...@eintellego.net> wrote:

> Yes, you need to log a case and they will provide you with a download link.
>
> The code MAY be in 12.2R4 which was released 2 weeks ago... I have not had
> time to check.
> *
>
> *
> *Skeeve Stevens, CEO - *eintellego Pty Ltd
> ske...@eintellego.net ; www.eintellego.net
>
> Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve
>
> facebook.com/eintellego ;  <http://twitter.com/networkceoau>
> linkedin.com/in/skeeve
>
> twitter.com/networkceoau ; blog: www.network-ceo.net
>
> The Experts Who The Experts Call
> Juniper - Cisco – IBM - Brocade - Cloud
> -
> Check out our Juniper promotion website for Oct/Nov!  eintellego.mx
> Free Apple products during this promotion!!!
>
>
>
> On Sat, Dec 8, 2012 at 12:29 PM, Giuliano Medalha 
> wrote:
>
>> How can we get the X27 code ?  We need to ask to J-TAC ?
>>
>>
>>
>>
>> WZTECH is registered trademark of WZTECH NETWORKS.
>> Copyright © 2012 WZTECH NETWORKS. All Rights Reserved.
>>
>> The information transmitted in this email message and any attachments are
>> solely for the intended recipient and may contain confidential or
>> privileged information. If you are not the intended recipient, any review,
>> transmission,  dissemination or other use of this information is
>> prohibited. If you have received this communication in error, please notify
>> the sender immediately and delete the material from any computer, including
>> any copies.
>>
>>
>>
>> On Fri, Dec 7, 2012 at 11:22 PM, Paul Stewart wrote:
>>
>>> Just to clarify - latest X27 code is recommended for BRAS however you do
>>> not require an X release for the functionality.
>>>
>>> Paul
>>>
>>> Sent from my iPhone
>>>
>>> On 2012-12-07, at 6:32 PM, Skeeve Stevens <
>>> skeeve+juniper...@eintellego.net> wrote:
>>>
>>> > Yes it can.  But you need an X code of Junos to do it.
>>> >
>>> > You also need to buy the licenses for it as well.
>>> >
>>> > It supports up to 4000 users.
>>> >
>>> > Licenses needed:
>>> >
>>> > - LNS License
>>> > - Subscriber Management Feature Pack
>>> > - 4000 User License
>>> > *
>>> >
>>> > *
>>> > *Skeeve Stevens, CEO - *eintellego Pty Ltd
>>> > ske...@eintellego.net ; www.eintellego.net
>>> >
>>> > Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve
>>> >
>>> > facebook.com/eintellego ;  <http://twitter.com/networkceoau>
>>> > linkedin.com/in/skeeve
>>> >
>>> > twitter.com/networkceoau ; blog: www.network-ceo.net
>>> >
>>> > The Experts Who The Experts Call
>>> > Juniper - Cisco – IBM - Brocade - Cloud
>>> > -
>>> > Check out our Juniper promotion website for Oct/Nov!  eintellego.mx
>>> > Free Apple products during this promotion!!!
>>> >
>>> >
>>> >
>>> > On Sat, Dec 8, 2012 at 10:19 AM, Gavin Henry 
>>> wrote:
>>> >
>>> >> Hi all,
>>> >>
>>> >> Can an MX5 do BRAS?
>>> >>
>>> >> Thanks.
>>> >>
>>> >> On 22 November 2012 20:50, Gavin Henry  wrote:
>>> >>> Hi all,
>>> >>>
>>> >>> Is anyone running this or any MX series with wholesale ADSL services
>>> in
>>> >> the UK?
>>> >>>
>>> >>> Any issues, gotchas or recommendations?
>>> >>>
>>> >>> This is for an entry level broadband sp focused on VoIP but to scale
>>> up.
>>> >>>
>>> >>> Thanks.
>>> >>>
>>> >>> --
>>> >>> Kind Regards,
>>> >>>
>>> >

Re: [j-nsp] MX5 with bras?

[Giuliano Medalha]

How can we get the X27 code ?  We need to ask to J-TAC ?




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2012 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.



On Fri, Dec 7, 2012 at 11:22 PM, Paul Stewart  wrote:

> Just to clarify - latest X27 code is recommended for BRAS however you do
> not require an X release for the functionality.
>
> Paul
>
> Sent from my iPhone
>
> On 2012-12-07, at 6:32 PM, Skeeve Stevens <
> skeeve+juniper...@eintellego.net> wrote:
>
> > Yes it can.  But you need an X code of Junos to do it.
> >
> > You also need to buy the licenses for it as well.
> >
> > It supports up to 4000 users.
> >
> > Licenses needed:
> >
> > - LNS License
> > - Subscriber Management Feature Pack
> > - 4000 User License
> > *
> >
> > *
> > *Skeeve Stevens, CEO - *eintellego Pty Ltd
> > ske...@eintellego.net ; www.eintellego.net
> >
> > Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve
> >
> > facebook.com/eintellego ;  
> > linkedin.com/in/skeeve
> >
> > twitter.com/networkceoau ; blog: www.network-ceo.net
> >
> > The Experts Who The Experts Call
> > Juniper - Cisco – IBM - Brocade - Cloud
> > -
> > Check out our Juniper promotion website for Oct/Nov!  eintellego.mx
> > Free Apple products during this promotion!!!
> >
> >
> >
> > On Sat, Dec 8, 2012 at 10:19 AM, Gavin Henry 
> wrote:
> >
> >> Hi all,
> >>
> >> Can an MX5 do BRAS?
> >>
> >> Thanks.
> >>
> >> On 22 November 2012 20:50, Gavin Henry  wrote:
> >>> Hi all,
> >>>
> >>> Is anyone running this or any MX series with wholesale ADSL services in
> >> the UK?
> >>>
> >>> Any issues, gotchas or recommendations?
> >>>
> >>> This is for an entry level broadband sp focused on VoIP but to scale
> up.
> >>>
> >>> Thanks.
> >>>
> >>> --
> >>> Kind Regards,
> >>>
> >>> Gavin Henry.
> >>> Managing Director.
> >>>
> >>> T +44 (0) 1224 279484
> >>> M +44 (0) 7930 323266
> >>> F +44 (0) 1224 824887
> >>> E ghe...@suretec.co.uk
> >>>
> >>> Open Source. Open Solutions(tm).
> >>>
> >>> http://www.suretecsystems.com/
> >>>
> >>> Suretec Systems is a limited company registered in Scotland. Registered
> >>> number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
> >> Inverurie,
> >>> Aberdeenshire, AB51 8GL.
> >>>
> >>> Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html
> >>>
> >>> Do you know we have our own VoIP provider called SureVoIP? See
> >>> http://www.surevoip.co.uk
> >>
> >>
> >>
> >> --
> >> Kind Regards,
> >>
> >> Gavin Henry.
> >> Managing Director.
> >>
> >> T +44 (0) 1224 279484
> >> M +44 (0) 7930 323266
> >> F +44 (0) 1224 824887
> >> E ghe...@suretec.co.uk
> >>
> >> Open Source. Open Solutions(tm).
> >>
> >> http://www.suretecsystems.com/
> >>
> >> Suretec Systems is a limited company registered in Scotland. Registered
> >> number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
> >> Inverurie,
> >> Aberdeenshire, AB51 8GL.
> >>
> >> Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html
> >>
> >> Do you know we have our own VoIP provider called SureVoIP? See
> >> http://www.surevoip.co.uk
> >>
> >> Did you see our API? http://www.surevoip.co.uk/api
> >> ___
> >> juniper-nsp mailing list juniper-nsp@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> > ___
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] R: Routing Instance BGP Full Routing High Memory persists

[Giuliano Medalha]

Maybe if we restart the RPD process for master instance it could free
memory ?




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2012 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.



On Sat, Dec 1, 2012 at 2:08 PM, Yannick LE TEIGNER <
yannick.leteig...@gmail.com> wrote:

> Memory allocation is complex topic. The memory may have been released by
> RPD but the kernel still keeps it allocated for RPD - really releasing it
> only if another process needs it.
> One way to check would be to create a dummy shell script to consume a
> large part of memory and then kill it. It would then be interesting to see
> if your 'show chassing routing-engine' shows the same output.
>
>
>
> On Sat, Dec 1, 2012 at 9:09 AM, Riccardo S  wrote:
>
>> With m7 the only useful action solving the issue was reboot...
>>
>> sent with Android
>>
>> Giuliano Medalha  ha scritto:
>>
>> >People,
>> >
>> >We are doing some BGP tests using routing-instances on MX5-T-DC routers.
>> >
>> >We have created a routing-instance to receive 3 full routing inet.0
>> tables.
>> >
>> >The master routing has 3 majors full routing tables too.
>> >
>> >Before the tests we check the RE percentage of using memory ... using:
>> >
>> >Router> show chassis routing engine
>> >
>> >It show 47% usage.
>> >
>> >After the creation of the routing-instance (type virtual-router) - named
>> >TEST  we could receive more 3 full routing tables on the TEST.inet.0
>> table
>> >
>> >Using the same command is show to us:
>> >
>> >Router> show chassis routing engine
>> >
>> >87% memory utilization
>> >
>> >After we remove the routing-instance configuration with a commit command
>> in
>> >sequence ... it still shows the same 87% of memory utilization
>> >
>> >It this procedure is correct ?Is it any update command to clear the
>> >memory allocation without disrupting forwarding services ?
>> >
>> >Can you please give me some feedback about it ?
>> >
>> >Did anyone see it before ?
>> >
>> >Thanks a lot,
>> >
>> >Giuliano
>> >___
>> >juniper-nsp mailing list juniper-nsp@puck.nether.net
>> >https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>>
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX3600 - Session Logs

[Giuliano Medalha]

People,

Does anyone could set log information about sessions using SRX36xx boxes ?

Could you please send this information for me ?

We have tried to use the following syslog config:

user@host# *set system syslog file traffic-log any any*
user@host# *set system syslog file traffic-log match "RT_FLOW_SESSION"


But it is not working.

There is some special way to do it using high end boxex ?

Thanks a lot,

Giuliano
*
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Routing Instance BGP Full Routing High Memory persists

[Giuliano Medalha]

People,

We are doing some BGP tests using routing-instances on MX5-T-DC routers.

We have created a routing-instance to receive 3 full routing inet.0 tables.

The master routing has 3 majors full routing tables too.

Before the tests we check the RE percentage of using memory ... using:

Router> show chassis routing engine

It show 47% usage.

After the creation of the routing-instance (type virtual-router) - named
TEST  we could receive more 3 full routing tables on the TEST.inet.0 table

Using the same command is show to us:

Router> show chassis routing engine

87% memory utilization

After we remove the routing-instance configuration with a commit command in
sequence ... it still shows the same 87% of memory utilization

It this procedure is correct ?Is it any update command to clear the
memory allocation without disrupting forwarding services ?

Can you please give me some feedback about it ?

Did anyone see it before ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] JUNIPER AXC1100

[Giuliano Medalha]

Thanks a lot for your answer.

As we can see ... version 12.2 is supporting policing (inside firewall
filters) per logical unit.

QoS

Firewall filters (access control list -ACLs) - family
inet

12.2

Standard Firewall Filter Match Conditions for MPLS Traffic on ACX Series
Routers

12.2

Firewall filters - family ccc/any

12.2

Policing - per logical interface

12.2

Policing - per physical interface

12.2

Policing - per family

12.2




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2012 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.



On Thu, Nov 29, 2012 at 3:52 PM, Pavel Lunin  wrote:

> Hi Giuliano,
>
> > Does anyone has some experience using ACX1100 or any other router from
> ACX
> > family ?
> >
> > We are looking for an aggregate router for our network and we are
> thinking
> > to use ACX only with gig ports.
> >
> > There is some specific questions about this router:
>
> As what I know, many things are just not ready yet. While the box is
> supposed to be a low-scale MPLS router with many of the PE features
> needed for real-world including VPLS, L3VPN, policers and stuff, the
> current software supports only Martini circuits and a few other things
> (checkable with the docs:
>
> http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/acx-series-features.html
> ).
> This is the reason why they are targeting ACX to mobile access market
> where PWE3 is more or less enough (base stations aggregation through
> MPLS, SyncE, ect).
>
> In a year or so it should look like a real router but now it's just a
> very specialized thing.
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] JUNIPER AXC1100

[Giuliano Medalha]

People,

Does anyone has some experience using ACX1100 or any other router from ACX
family ?

We are looking for an aggregate router for our network and we are thinking
to use ACX only with gig ports.

There is some specific questions about this router:

- Is it possible to configure policers (in and out) for this box ?

- Policer can be configured thinking in physical interfaces and logical
interfaces (supposing the use of  802.1Q on  phy interfaces)

- Is it possible to configure VPLS using this box ?

If you can give me some feedback.

Thanks a lot,

Giuliano

Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/




WZTECH is registered trademark of WZTECH NETWORKS.
Copyright © 2012 WZTECH NETWORKS. All Rights Reserved.

The information transmitted in this email message and any attachments are
solely for the intended recipient and may contain confidential or
privileged information. If you are not the intended recipient, any review,
transmission,  dissemination or other use of this information is
prohibited. If you have received this communication in error, please notify
the sender immediately and delete the material from any computer, including
any copies.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX4200 Virtual chassis

[Giuliano Medalha]

You can use the following too:

set virtual-chassis preprovisioned
set virtual-chassis no-split-detection
set virtual-chassis member 0 role routing-engine
set virtual-chassis member 0 serial-number [SERIAL-1]
set virtual-chassis member 1 role routing-engine
set virtual-chassis member 1 serial-number [SERIAL-2]


set chassis redundancy graceful-switchover
set ethernet-switching-options nonstop-bridging
set routing-options nonstop-routing
set system commit synchronize




On Tue, Nov 13, 2012 at 1:26 PM, Rachid DHOU  wrote:

> Hi Experts,
>
> If i have a single EX4200 switch and i want to add a new EX4200 switch to
> it using Virtual chassis capability.
>
> i want to let the old switch as a master and the new one as backup.
> i will keep new switch OFF.
>
> on the old switch :
>
> set member 0 mastership-priority 255
> set member 1 mastership-priority 255
>
> reload new switch.
>
> shall i need to reboot also the old switch ?
> did i forget something to create the Virtual Chassis ?
>
>
> *Kind regards,*
> *Rachid DHOU*
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] How reliable is EX multichassis? 3300 and 8200 switches

[Giuliano Medalha]

Robert,

It was released by juniper one or two weeks ago I think.

Take a look:

https://www.juniper.net/us/en/products-services/routing/mx-series/mx2000/

MX2010
MX2020

https://www.juniper.net/us/en/products-services/routing/mx-series/mx2000/#specifications

But I really don't know if it will support virtual chassis without JCS.

Att,

Giuliano


On Sun, Oct 28, 2012 at 3:47 PM, Robert Hass  wrote:

> On Fri, Oct 26, 2012 at 11:44 PM, Giuliano Medalha
>  wrote:
> > Considering the MX family (240, 480 and 960 with TRIO 3D) and the new
> MX-L
>
> Hi
> What is new MX-L - can you write a little mort ? MX80 successor ?
>
> Rob
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] How reliable is EX multichassis? 3300 and 8200 switches

[Giuliano Medalha]

Morgan,

I really dont know why JUNIPER did this kind of crazy environment with
EX8200.

Considering the MX family (240, 480 and 960 with TRIO 3D) and the new MX-L
I think you do not need the external routing engines for virtual chassis.

About the line card ... the information I have is that you need 8 port line
card to interconnect chassis.

Take a look:

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/specifications/line-cards-ex8200.html

You cannot use 40 port 10 gig to interconnect.. maybe in future with a new
JUNOS code you could use it.

I will try to check it.

Att,

Giuliano


On Fri, Oct 26, 2012 at 7:36 PM, Morgan McLean  wrote:

> I know I need the XRE200, but my question would be why? Why is this the
> only EX product requiring external RE's? And also, it looks like you need
> two local RE's to be able to connect to two external RE's? Seems
> unnecessarily expensive.
>
> Also, are the 8XS required for inter connects? Right now I only have two
> 8208's each with an 8XS and the 40 port 10g card, but I plan on adding
> another 40 port and in the future two additional EX8208's at another site
> with two 40 port 10gig cards each, no more 8XS cards. I would like to
> spread the interconnections across two cards to protect against a module
> failure.
>
> Morgan
>
> On Fri, Oct 26, 2012 at 2:19 PM, Giuliano Medalha 
> wrote:
>
>> Morgan,
>>
>> We have some cases running EX8200 as a Virtual Chassis, but you will need
>> the XRE200 External Routing Engines:
>>
>>
>> http://www.juniper.net/in/en/products-services/switching/ex-series/options/xre200/
>>
>> Don't forget that you will need the 8 ports (10 gig)  for chassis inter x
>> connections - EX8200-8XS
>>
>> It is a very good topology and we have very good performance with not bad
>> uptime (196 days) right now.
>>
>> Without STP problems.
>>
>> We have used a lot of EX4200 pairs (48 port) connected by Virtual Chassis
>> for Client Access.
>>
>> 2 x 10 giga fiber (1 for each EX4200) connect using Aggregated Ethernet
>> Interfaces to both EX8200 (10 gig modules)
>>
>> I really recommend it for you.
>>
>> Att,
>>
>> Giuliano
>>
>>
>>
>>
>> On Fri, Oct 26, 2012 at 4:46 PM, Morgan McLean  wrote:
>>
>>> Hey guys,
>>>
>>> So I run SRX as my core firewalls, with EX8200's doing core switching and
>>> EX3300's doing access switching. I have two SRX's, two 8208's, and two
>>> 3300's at every cabinet. Spanning tree is a pain in my ass, especially
>>> since I have other environments setup the same way, just with smaller
>>> switches. Right now the SRX reth interfaces only come down as legs, not
>>> full mesh. The top of rack switches have only one link active at a time,
>>> legs. The interconnects between the core switches of different
>>> environments
>>> are legs, not full mesh due to spanning tree constraints (it closes the
>>> lag
>>> center trunk between the core switches).
>>>
>>> It would be a lot easier if I could just VC the core and VC the access
>>> switch pairs so that multi-chassis lags can be run everywhere and I can
>>> for
>>> the most part cut spanning tree out of the picture and have greater link
>>> fault tolerance. How reliable is VC? I've really done my best to avoid it
>>> up to this point as I try to keep redundant systems as separate as
>>> possible
>>> so one doesn't take down the other. Then again, when it comes down to it
>>> my
>>> edge and core firewalls are all SRX clusters, so... :) lol
>>>
>>> I'm not really sure what kind of information I'm looking for here. I
>>> would
>>> just run 20G lags eveywhere instead of having 10G forward/blocking STP
>>> pairs. I don't really know how things work when a device fails, how fast
>>> convergence is, split brain scenarios etc.
>>>
>>> Any major lessons learned with this technology? I am aware that with the
>>> 8200's I would need the external SRE.
>>>
>>> Thanks,
>>> Morgan
>>> ___
>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>
>>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] How reliable is EX multichassis? 3300 and 8200 switches

[Giuliano Medalha]

Morgan,

We have some cases running EX8200 as a Virtual Chassis, but you will need
the XRE200 External Routing Engines:

http://www.juniper.net/in/en/products-services/switching/ex-series/options/xre200/

Don't forget that you will need the 8 ports (10 gig)  for chassis inter x
connections - EX8200-8XS

It is a very good topology and we have very good performance with not bad
uptime (196 days) right now.

Without STP problems.

We have used a lot of EX4200 pairs (48 port) connected by Virtual Chassis
for Client Access.

2 x 10 giga fiber (1 for each EX4200) connect using Aggregated Ethernet
Interfaces to both EX8200 (10 gig modules)

I really recommend it for you.

Att,

Giuliano




On Fri, Oct 26, 2012 at 4:46 PM, Morgan McLean  wrote:

> Hey guys,
>
> So I run SRX as my core firewalls, with EX8200's doing core switching and
> EX3300's doing access switching. I have two SRX's, two 8208's, and two
> 3300's at every cabinet. Spanning tree is a pain in my ass, especially
> since I have other environments setup the same way, just with smaller
> switches. Right now the SRX reth interfaces only come down as legs, not
> full mesh. The top of rack switches have only one link active at a time,
> legs. The interconnects between the core switches of different environments
> are legs, not full mesh due to spanning tree constraints (it closes the lag
> center trunk between the core switches).
>
> It would be a lot easier if I could just VC the core and VC the access
> switch pairs so that multi-chassis lags can be run everywhere and I can for
> the most part cut spanning tree out of the picture and have greater link
> fault tolerance. How reliable is VC? I've really done my best to avoid it
> up to this point as I try to keep redundant systems as separate as possible
> so one doesn't take down the other. Then again, when it comes down to it my
> edge and core firewalls are all SRX clusters, so... :) lol
>
> I'm not really sure what kind of information I'm looking for here. I would
> just run 20G lags eveywhere instead of having 10G forward/blocking STP
> pairs. I don't really know how things work when a device fails, how fast
> convergence is, split brain scenarios etc.
>
> Any major lessons learned with this technology? I am aware that with the
> 8200's I would need the external SRE.
>
> Thanks,
> Morgan
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Switch EX4200 doing broadcast for all ports from multicast traffic

[Giuliano Medalha]

People,

We have 4 x EX4200 (4200-24F and EX4200-48T) running 12.1R3.5 code
connected using Virtual Chassis configuration.

The configuration is very simple with 2 vlans.  VLAN - LAN vlan id 10.

The problem is related to traffic monitor software (wireshark for instance).

When we connect wireshark on any port of the switch we can see every
connection on the netowork ... not only broadcast and multicast traffic.

Its like the switch port is a Hub port ... or the asic is mirroring all
vlan traffic to all ports.

basically RTSP traffic and unicast traffic ... 80, 22, 25, etc ...

The network is very full and the devices are all down ...

Does anyone saw this kind of problem before ?

Is it any kind of bug ?

VIRTUAL CHASSIS requires any special software ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] [c-nsp] Broadband Model suggestion?

[Giuliano Medalha]

On Wednesday, July 18, 2012 10:17:15 AM Miquel van
Smoorenburg wrote:

> Disadvantage of both PPPoE and VLAN-per-customer: no
> effective multicast (unless you run that in a seperate
> second shared-VLAN).

In our consideration, Multicast would have been a separate
shared VLAN, as it then allows you to run PPPoE for Unicast
access on a separate set of core infrastructure if it were
really necessary, against the same last mile.

But even if Multicast and DHCP Unicast were running on the
same edge router, I'd likely still separate both traffic
types into different VLAN's.

Mark.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX 5800 cluster reports 100% of CPU through snmpget

[Giuliano Medalha]

maybe you can try using another junos release like 10.4r5

we are using here with no problems

On Wednesday, September 12, 2012, Alberto Santos wrote:

> Hey everyone,
>
> I'm facing difficult times with srx5800 and snmpget.
> I have a cluster which reports it is running over 100% CPU for it's RE0,
> but it is not.
>
> Have someone ever seen this before?
>
> Routing Engine status:
>   Slot 0:
> Current state  Master
> Election priority  Master (default)
> Temperature 33 degrees C / 91 degrees F
> CPU temperature 29 degrees C / 84 degrees F
> DRAM  2048 MB
> Memory utilization  20 percent
> CPU utilization:
>   User   0 percent
>   Background 0 percent
>   Kernel 3 percent
>   Interrupt  0 percent
>   Idle  97 percent
> Model  RE-S-1300
> Serial ID  9009074896
> Start time 2012-05-10 18:01:28 BRT
> Uptime 124 days, 6 hours, 35 minutes, 35
> seconds
> Last reboot reason Router rebooted after a normal shutdown.
> Load averages: 1 minute   5 minute  15 minute
>0.10   0.04   0.01
> JUNOS Software Release [11.2R6.3]
>
> jnxOperatingCPU.9.1.0.0 = 100
> jnxOperatingCPU.9.3.0.0 = 100
>
> --
> *BR/Alberto*
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


-- 
Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Multi-Chassis AE

[Giuliano Medalha]

People,

Does anyone on list has some experience in running multichassis LAG using
the following interface ?

MPC-3D-16XGE-SFPP

This interface has some limitations like LAN-PHY only.

Is it possible to configure virtual chassis with it ?

After configuring virtual chassis it is possible to configure MC AE with
ports in different chassis ?

Thanks a lot,

Giuliano


Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Juniper MX5 with MK - VPLS

[Giuliano Medalha]

People,

We are trying to create some VPLS tunnel with MK equipments.

Documentation shows that with some cisco routes it works fine.

We need to finish the tunnel under a MX5 router and re-route the
encapsulate traffic from the MX5 router to give some internet L3 (inet.0
access).

For this we do the following configuration:

set chassis fpc 1 pic 0 tunnel-services bandwidth 1g

set interfaces ge-1/0/3 flexible-vlan-tagging
set interfaces ge-1/0/3 encapsulation flexible-ethernet-services
set interfaces ge-1/0/3 unit 512 encapsulation vlan-vpls
set interfaces ge-1/0/3 unit 512 vlan-id 512
set interfaces ge-1/0/3 unit 512 family vpls

set routing-instances vpls instance-type vpls
set routing-instances vpls interface ge-1/0/3.512
set routing-instances vpls protocols vpls tunnel-services devices vt-1/0/10
set routing-instances vpls protocols vpls vpls-id 100
set routing-instances vpls protocols vpls mtu 1500
set routing-instances vpls protocols vpls ignore-mtu-mismatch
set routing-instances vpls protocols vpls neighbor 192.168.100.2

set interfaces lo0 unit 0 family inet address 192.168.100.1/3
set interfaces vt-1/0/10 unit 0 family inet unnumbered-address lo0

But we cannot see any flow or ping between sides (end tunnel sides).

Does anyone has tried to close a VPLS connection between junos and MK
before ?

Any tip for how to configure it ?

Thanks a lot,

Giuliano


Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
JUNIPER J-PARTNER ELITE
giuli...@wztech.com.br
http://www.wztech.com.br/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Flow analysis question

[Giuliano Medalha]

Show route

Show route forwarding-table

On Sunday, April 8, 2012, Michael Smith wrote:

> Hello:
>
> Is it possible on the MX series to look at the flow logs real time?  In
> Cisco, you can attach to the linecard and do a 'sho ip cache flow' that
> shows you the Netflow data.  I'm looking for something similar on the MX.
>
> Thanks,
>
> Mike
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


-- 
Giuliano Cardozo Medalha
Systems Engineer
+55 (17) 3011-3811
+55 (17) 8112-5394
+55 (17) 9629-2242
giuli...@wztech.com.br
http://www.wztech.com.br/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Juniper MX40 / MX80 as a edge aggregator

[Giuliano Medalha]

You need to ask him to add the following licensed to the QUOTE:

S-SA-8K
S-MX80-SA-FP
S-MX80-SSM-FP


It works fine for me.

Att,

Giuliano


On Wed, Jan 25, 2012 at 12:11, Remco Bressers  wrote:

> Hi list,
>
> We are in the process of selecting an edge platform for the following
> featureset :
>
> - Routing BGP/OSPF with less than 10K routes
> - PPPoE for >5000 ethernet customers
> - >5000 traffic policies on these customers. We want to be able to
> select a traffic profile (2Mbps to GigE) per PPPoE customer on a single
> ethernet port.
> - RADIUS authentication for these PPPoE customers
> - 4K VLAN's per physical port
> - per-VLAN traffic policy's. Define traffic policy (2Mbps to GigE) per
> VLAN per port.
> - 2 or 4 10GigE ports to connect to our core infrastructure (which is
> mainly brocade hardware)
>
> I got the following offers :
>
> MX40-T-AC including MX80-ADV-R, S-MX80-Q & S-ACCT-JFLOW-IN-5G licenses
>
> or the :
>
> MX80-T-AC
> S-MX80-ADV-R
> S-MX80-Q
>
> Our sales rep offered us this box and told us that it fits the
> featureset easily. Are there any people on the list using the MX80 boxes
> as a PPPoE aggregator and what is your opinion? How does
> rate-limiting/policying scale?
>
> Regards,
>
> Remco Bressers
> Signet B.V.
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] bgp under routing instance.

[Giuliano Medalha]

are you using J-Series as a router ?

http://juniper.cluepon.net/Enabling_packet_based_forwarding

On Thu, Dec 1, 2011 at 00:05, ashish verma  wrote:

> Hi All,
>
> I am having trouble turning up BGP under routing-instance. Could someone
> please help?
>
> Here are the relevant configuration of lab setup. It is direct connectivity
> between a J-series and Cisco. Also it works fine if I move the BGP
> configurations out of the routing instance.
>
> show routing-instances | display set
> set routing-instances ri-beyondcorp instance-type virtual-router
> set routing-instances ri-beyondcorp interface ge-0/0/0.113
> set routing-instances ri-beyondcorp routing-options router-id 120.29.219.78
> set routing-instances ri-beyondcorp routing-options autonomous-system 41264
> set routing-instances ri-beyondcorp protocols bgp family inet unicast
> set routing-instances ri-beyondcorp protocols bgp group test type external
> set routing-instances ri-beyondcorp protocols bgp group test traceoptions
> file bgp-trace
> set routing-instances ri-beyondcorp protocols bgp group test traceoptions
> flag all
> set routing-instances ri-beyondcorp protocols bgp group test local-address
> 120.29.219.78
> set routing-instances ri-beyondcorp protocols bgp group test import
> BEYONDCORP-IN
> set routing-instances ri-beyondcorp protocols bgp group test family inet
> unicast
> set routing-instances ri-beyondcorp protocols bgp group test family inet
> any
> set routing-instances ri-beyondcorp protocols bgp group test export
> BEYONDCORP-OUT
> set routing-instances ri-beyondcorp protocols bgp group test peer-as 65003
> set routing-instances ri-beyondcorp protocols bgp group test local-as 41264
> set routing-instances ri-beyondcorp protocols bgp group test neighbor
> 120.29.219.77 description "internet-bc"
>
> set interfaces ge-0/0/0 per-unit-scheduler
> set interfaces ge-0/0/0 vlan-tagging
> set interfaces ge-0/0/0 unit 112 vlan-id 112
> set interfaces ge-0/0/0 unit 112 family inet address 3.3.1.1/24
> set interfaces ge-0/0/0 unit 112 family inet6 address 2002:4860:1:1::2/127
> set interfaces ge-0/0/0 unit 113 vlan-id 113
> set interfaces ge-0/0/0 unit 113 family inet address 120.29.219.78/30
>
> *BGP Trace logs*
>
> Dec  1 02:16:12.200327 task_addr_local: task BGP_65003_41264.120.29.219.77
> address 120.29.219.78
> Dec  1 02:16:12.200373 task_connect: task BGP_65003_41264.120.29.219.77+179
> addr 120.29.219.77+179task_timer_reset: reset
> BGP_65003_41264.120.29.219.77+179_Connect
> Dec  1 02:16:12.200384 task_timer_set_oneshot_latest: timer
> BGP_65003_41264.120.29.219.77+179_Connect interval set to 2:28
> Dec  1 02:16:12.200392 task_timer_dispatch: returned from
> BGP_65003_41264.120.29.219.77+179_Connect, rescheduled in 2:28
> Dec  1 02:17:27.109123 task_process_events: connect ready for
> BGP_65003_41264.120.29.219.77+179
> Dec  1 02:17:27.109161 bgp_connect_complete: error connecting to
> 120.29.219.77 (External AS 65003): Socket is not connected
> Dec  1 02:17:27.109169 bgp_close_socket: peer 120.29.219.77 (External AS
> 65003)
> Dec  1 02:17:27.109177 task_close: close socket 24 task
> BGP_65003_41264.120.29.219.77+179
> Dec  1 02:17:27.109184 task_reset_socket: task
> BGP_65003_41264.120.29.219.77+179 socket 24
> Dec  1 02:17:27.109206 bgp_event: peer 120.29.219.77 (External AS 65003)
> old state Connect event OpenFail new state Idle
> Dec  1 02:17:27.109280 bgp_event: peer 120.29.219.77 (External AS 65003)
> old state Idle event Start new state Active
> Dec  1 02:18:03.038570 120.29.219.77 (External AS 65003): import eval flag
> set (config change)
> Dec  1 02:18:40.200382 task_timer_dispatch: calling
> BGP_65003_41264.120.29.219.77_Connect, late by 0.000
> Dec  1 02:18:40.200423 bgp_connect_timeout:
> BGP_65003_41264.120.29.219.77_Connect
> Dec  1 02:18:40.200432 bgp_connect_start: peer 120.29.219.77 (External AS
> 65003)
> Dec  1 02:18:40.200439 bgp_event: peer 120.29.219.77 (External AS 65003)
> old state Active event ConnectRetry new state Connect
> Dec  1 02:18:40.200525 task_get_socket: domain AF_INET  type SOCK_STREAM
>  protocol 0  socket 28
> Dec  1 02:18:40.200539 task_set_socket: task BGP_65003_41264.120.29.219.77
> socket 28
> Dec  1 02:18:40.200559 task_set_option_internal: task
> BGP_65003_41264.120.29.219.77 socket 28 option NonBlocking(8) value 1
> Dec  1 02:18:40.200569 task_set_option_internal: task
> BGP_65003_41264.120.29.219.77 socket 28 option ReUseAddress(3) value 1
> Dec  1 02:18:40.200619 task_set_option_internal: task
> BGP_65003_41264.120.29.219.77 socket 28 option PathMTUDiscovery(26) value 0
> Dec  1 02:18:40.200630 task_set_option_internal: task
> BGP_65003_41264.120.29.219.77 socket 28 option RoutingTable(27) value 4
> Dec  1 02:18:40.200640 task_set_option_internal: task
> BGP_65003_41264.120.29.219.77 socket 28 option TOS(16) value 192
> Dec  1 02:18:40.200649 task_set_option_internal: task
> BGP_65003_41264.120.29.219.77 socket 28 option DontRoute(5) value 1
> Dec  1 02:18:40.200658 task_set_optio

[j-nsp] SFP Status and Conditions

[Giuliano Medalha]

People,

Is it any possible to monitor the SPF status of an EX switch ?

Is there some commands to see SFP or XFP or SFP+ status ?

- power
- model
- temperature

Some SFP supports DD for verification.  Juniper supports it ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] mitigating dos attack on Juniper M10i

[Giuliano Medalha]

You can create a RE filter to protect the control plane (apply it input in
lo0):

   filter protect-RE {

term bgp {
from {
protocol tcp;
port bgp;
}
then {
policer bgp-policer;
count bgp;
accept;
}
}


term snmp {
from {
source-prefix-list {
snmp-addresses;
}
protocol udp;
destination-port snmp;
}
then {
policer snmp-policer;
count snmp-count;
accept;
}
}

term ntp {
from {
source-prefix-list {
ntp-addresses;
}
protocol udp;
port ntp;
}
then {
policer ntp-policer;
count ntp;
accept;
}
}

term dns {
from {
source-prefix-list {
dns-addresses;
}
protocol udp;
source-port domain;
}
then {
policer dns-policer;
count dns;
accept;
}
}

term traceroute {
from {
protocol udp;
destination-port 33434-33534;
}
then {
count traceroute-traffic;
accept;
}
}

term icmp {
from {
protocol icmp;
icmp-type [ echo-request echo-reply unreachable
time-exceeded ];
}
then {
policer small-bw-policer;
count icmp-traffic;
accept;
}
}


term discard-everything-else {
then {
count deny-everything-else;
log;
discard;
}
}
}


policer

 dns-policer {
if-exceeding {
bandwidth-limit 500k;
burst-size-limit 15k;
}
then discard;
}

policer ntp-policer {
if-exceeding {
bandwidth-limit 250k;
burst-size-limit 15k;
}
then discard;
}

policer snmp-policer {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 15k;
}
then discard;
}

policer bgp-policer {
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 2m;
}
then discard;
}


After that you can use black hole rules with communities to mitigate the attack.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] M7i

[Giuliano Medalha]

You can take more advantage with MX80-5 new promotional bunde.

It supports 20 x SFP Interfaces, came with ADC-R License , TRIO3D chipset
and 2GB DRAM (4m rib routes).

It came with 4 x XFP slots (blocked by software license)


On Thu, Mar 24, 2011 at 13:33, Doug Hanks  wrote:

> I would suggest the MX80.
>
> Doug
>
> -Original Message-
> From: juniper-nsp-boun...@puck.nether.net [mailto:
> juniper-nsp-boun...@puck.nether.net] On Behalf Of cjwstudios
> Sent: Wednesday, March 23, 2011 11:50 PM
> To: juniper-nsp@puck.nether.net
> Subject: [j-nsp] M7i
>
> Hello Juniper folks :)
>
> I'm setting up a remote metro ethernet site (fiber in a closet) that
> will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds.
> The traffic will be service provider transit without inspection, NAT
> or other services.
>
> Since everything is cost sensitive these days I initially planned on
> implementing an ebayish 7206vxr-npe-g1.  Although I was quite happily
> slinging the 7206 around 10 years ago I realized tonight that it has
> been 10 years and the 7206 platform is well aged.   M7i (M7i 2AC 2FE
> w/ RE400,PE-1GE-SFP) are quite common on the secondary market now and
> likely more than enough to get started.  Although trunking multiple
> metro FE feeds to a single GE port will be frowned upon I may consider
> this as an option.
>
> I suppose my questions are whether a base M7i config out of the box
> will support this application or if there are better options out
> there.  Thank you in advance.
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Juniper Subscriber Management

[Giuliano Medalha]

People,

Does anyone on list is using JUNIPER Networks MX Series solution as a
Subscriber Management Solution ?

Can please contact-me in private ?

Thanks a lot,

Giuliano
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp