[j-nsp] AS-PIC for flow export licensing requirement
Hello all, I am planning to buy an AS-PIC from ebay for my M7i , but I am confused do I need to buy the additional Jflow license along with the PIC from Juniper in order to export the flows? or buying just PIC will suffice? Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Missing interface ID in RE based sflow export from M7i
Hi,
I am testing the RE based flow export from my Juniper M7i running
9.2R2.15 , for some reason my flow analyzer wrapped up all the flows in
instance 0 interface for all the flows exported, at the same time all
the export from all the Cisco is working and showing up perfectly.
Upon investigating the sflow packets through wireshark, it is found that
all the captured sflow frames from M7i has Input interface and Output
interface information id is "0" thus Interface ID is not exported. Is
this the know issue or are there any configuration miss? any workaround
or fix?
###
Wireshark output:
> pdu 1/29
SrcAddr: 202.xx.xx.xx (202.xx.xx.xx)
DstAddr: 195.xx.xx.xx (195.xx.xx.xx)
NextHop: 125.xx.xx.xx (125.xx.xx.xx)
InputInt: 0 <-- here...
OutputInt: 0 <-- here...
Packets: 1
Octets: 48
> [Duration:0.0 seconds]
SrcPort: 48129
DstPort: 28158
padding
TCP Flags: 0x00
Protocol: 17
IP Tos: 0x00
interfaces {
ge-1/3/0 {
unit 0 {
family inet {
filter {
input all;
output all;
}
address 202.xx.xx.xx/26;
address 202.xx.xx.xx/27;
}
}
}
}
firewall {
filter all {
term all {
then {
sample;
accept;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
}
}
output {
cflowd 202.xxx.xxx.xxx{
port 2055;
version 5;
}
flow-inactive-timeout 15;
flow-active-timeout 60;
}
}
}
###
Chassis M7i
Midplane REV 05 M7i Midplane
Power Supply 0 Rev 05AC Power Supply
Routing EngineREV 01 RE-850
CFEB REV 08 Internet Processor II
FPC 0 E-FPC
PIC 0 REV 09 1x G/E, 1000 BASE-SX
FPC 1 E-FPC
PIC 2 BUILTIN 1x Tunnel
PIC 3REV 08 1x G/E, 1000 BASE
Xcvr 0 SFP-SX
Fan Tray Rear Fan Tray
###
--
Regards
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Mix of AC and Dc power supply in M7i
hello all, Does the combination of one AC and DC power supply input supported in M7i? I found that M120 and Mx960 doesn't support from juniper docs but not for M7i . Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] AS pic for M7i any license required for flow monitoring?
Hello, I am planning to use PE-AS or PE-AS-II specifically for flow export and monitoring in my M7i. Do I need any license to activate it ? or only just the AS pic is enough? Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] AS pic for M7i any license required for flow monitoring?
Hello, I am planning to use PE-AS or PE-AS-II specifically for flow export and monitoring in my M7i. Do I need any license to activate it ? or only just the AS pic is enough? Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Cisco 7206 replacement
We upgraded from NPE-G1s to M7i couple of years back , we are highly impressed and highly recommenced..! Perhaps you should also explore Foundry XMR-4 . Samit On 12/28/10 8:49 AM, Dwater wrote: > I was thinking on M10i with ECFEB and related PIC. Any comments or > recommendations? > > On Dec 27, 2010, at 9:34 PM, Jonathan Lassoff wrote: > >> I guess that would depend on the hardware configuration that you have >> in your 7206? What NPE are you using? >> >> Assuming you're using an NPE-G1, which can run a few GigE ports at 1 >> Mpps, some comparable routers might be: >> >> Juniper J6350 -- A CPU-based router (more inexpensive) that'll route >> 400 Kpps and connect a decent amount of GigE ports (52 GigE copper, >> but probably not full duplex) >> >> Juniper M7i -- A real hardware-based router that'll do 10 GbE / 16 >> Mpps (half-duplex). >> >> Juniper MX -- A nice mixed Ethernet / IP router that comes in several >> configurations, but can support 48 GigE ports and will do 55 Mpps. >> >> Honestly, I would say that an MX would be the best long-term >> investment if you're interested in checking out Juniper, want a robust >> DOS-hardy edge router, but will also probably be the most expensive of >> these suggestions. >> >> Get in contact with an awesome reseller and ask around about who has >> the best deals as the "list price" is often way inflated. >> >> Many resellers will give you a good deal if you're checking out >> Juniper for the first time, since they usually have way better >> products that Cisco but cost a little more. It's easy to get hooked on >> well-made routers :p >> >> Cheers, >> jof > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] dropped packet counter and stat of traffic policer
Thanks Alex for the pointer...
>> test-police-test-limit-prefix 290558 <=== this is
>> counter of packets discarded by policer
Regards,
Samit
Alex wrote:
> Samit,
>> sa...@gw-router> show firewall filter test-traffic-limit
>>
>> Filter: test-traffic-limit
>> Counters:
>> NameBytes
>> Packets
>> test-count173823870 4588919
>> Policers:
>> Name Packets
>> test-police-test-limit-prefix 290558 <=== this is
>> counter of packets discarded by policer
>
> There is no built-in counter for dicarded bytes. You have to rewrite a
> policer and add a special filter term like this:
> policer test-police {
> if-exceeding {
>bandwidth-limit XXXM;
>burst-size-limit YYYM;
> }
> then forwarding-class assured-forwarding; ## any unused forwarding-class
> }
>
> term test-limit-prefix-FCtag {
>then {
>policer test-police;
>next term;
>}
> }
> term test-limit-prefix-discard {
> from forwarding-class {
>assured-forwarding;
>}
>then {
>discard;
>count test-count-bytes+packets;
>}
> }
>
> This will _only_ work on T-series/M320/M120 and MX. It will _not_ work
> on any regular M-series M5/M10/M20/M160/M7i/M10i.
> HTH
> Regards
> Alex
>
>
>
> - Original Message - From: "Samit"
> To: "juniper-nsp"
> Sent: Thursday, July 01, 2010 8:50 AM
> Subject: [j-nsp] dropped packet counter and stat of traffic policer
>
>
>> Hi,
>>
>> I am testing the rate limiting in junos 9.2, M7i series. Everything is
>> working as expected but, I could not find and figure out the command
>> which can show the statistics specially the dropped/discard packets
>> counter by the traffic police rules. Any tips would be appreciated.
>>
>> sa...@gw-router# show
>> term test-limit-prefix {
>>from {
>>destination-address {
>>0.0.0.0/0;
>>}
>>}
>>then {
>>policer test-police;
>>count test-count;
>>accept;
>>}
>> }
>>
>> [edit firewall filter test-traffic-limit]
>>
>> sa...@gw-router#
>>
>> sa...@gw-router# show firewall policer test-police
>> if-exceeding {
>>bandwidth-limit 256k;
>>burst-size-limit 16k;
>> }
>> then discard;
>>
>> [edit]
>>
>>
>> sa...@gw-router> show policer ?
>> Possible completions:
>> <[Enter]>Execute this command
>> Policer name
>> __auto_policer_template_1__
>> __auto_policer_template_2__
>> __auto_policer_template_3__
>> __auto_policer_template_4__
>> __auto_policer_template__
>> __default_arp_policer__
>> |Pipe through a command
>> sa...@gw-router> show policer
>>
>>
>> sa...@gw-router> show firewall filter test-traffic-limit
>>
>> Filter: test-traffic-limit
>> Counters:
>> NameBytes
>> Packets
>> test-count173823870 4588919
>> Policers:
>> Name Packets
>> test-police-test-limit-prefix 290558
>>
>> sa...@gw-router>
>>
>>
>> sa...@gw-router# show interfaces ge-0/0/0
>> description "sw-test Gi0/1";
>> vlan-tagging;
>> unit 0 {
>>vlan-id 12;
>>family inet {
>>filter {
>>output test-traffic-limit;
>>}
>>address 192.168.0.1/24;
>>}
>> }
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] dropped packet counter and stat of traffic policer
Hi,
I am testing the rate limiting in junos 9.2, M7i series. Everything is
working as expected but, I could not find and figure out the command
which can show the statistics specially the dropped/discard packets
counter by the traffic police rules. Any tips would be appreciated.
sa...@gw-router# show
term test-limit-prefix {
from {
destination-address {
0.0.0.0/0;
}
}
then {
policer test-police;
count test-count;
accept;
}
}
[edit firewall filter test-traffic-limit]
sa...@gw-router#
sa...@gw-router# show firewall policer test-police
if-exceeding {
bandwidth-limit 256k;
burst-size-limit 16k;
}
then discard;
[edit]
sa...@gw-router> show policer ?
Possible completions:
<[Enter]>Execute this command
Policer name
__auto_policer_template_1__
__auto_policer_template_2__
__auto_policer_template_3__
__auto_policer_template_4__
__auto_policer_template__
__default_arp_policer__
|Pipe through a command
sa...@gw-router> show policer
sa...@gw-router> show firewall filter test-traffic-limit
Filter: test-traffic-limit
Counters:
NameBytes
Packets
test-count173823870 4588919
Policers:
Name Packets
test-police-test-limit-prefix 290558
sa...@gw-router>
sa...@gw-router# show interfaces ge-0/0/0
description "sw-test Gi0/1";
vlan-tagging;
unit 0 {
vlan-id 12;
family inet {
filter {
output test-traffic-limit;
}
address 192.168.0.1/24;
}
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] PBR config help
Hi gurus,
I am looking for following cisco PBR example equivalent config for junos
and work.
interface GigabitEthernet0/0
description WAN1-primary
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/1
description WAN2-secondary
ip address 192.168.2.1 255.255.255.0
interface GigabitEthernet0/2
description To LAN
ip address 192.168.0.1 255.255.255.192
ip policy route-map via-wan2
ip access-list extended pbr-test
permit ip 192.168.10.0 0.0.0.255 any
route-map via-wan2 permit 10
match ip address pppoe
set ip next-hop 192.168.2.1
ip route 0.0.0.0 0.0.0.0 192.168.1.2
All traffic with source Ip address 192.168.10.0/24 will go via
192.168.2.1 secondary link remaining traffic will go via default route
192.168.1.2 primary link .
I tried the following in junos but it is not working and all traffic
just stuck, any tips would be appreciated..
[edit interfaces ge-0/0/0]
unit 0 {
description "WAN1-primary";
family inet {
address 192.168.1.1/24;
}
}
[edit interfaces ge-0/0/1]
unit 0 {
description "WAN2-secondary";
family inet {
address 192.168.2.1/24;
}
}
[edit interfaces ge-0/0/2]
unit 0 {
description "LAN";
family inet {
filter {
input via-WAN2;
}
address 192.168.0.1/24;
}
}
[edit routing-options static]
route 0.0.0.0/0 next-hop 192.168.1.2;
[edit firewall filter via-WAN2]
term 1 {
from {
source-address {
192.168.10.0/24;
}
}
then {
routing-instance pbr-test;
}
}
[edit routing-instances]
pbr-test {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 {
next-hop 192.168.2.1;
resolve;
}
}
}
}
Regards,
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Maximum no. of static arp entries in M7i
So, do you think if i acquire IQ2 Pic should I be able to insert
thousands of filter lines like below:
/sbin/iptables -i eth2 -m mac --mac-source 00:60:47:40:f0:72 -s
192.168.0.1/24 -m limi
t --limit 100/second -j ACCEPT
Regards,
Samit
Patrik Olsson wrote:
> Hello,
>
> Too bad!
> With IQ2 PIC and possibly ISE features on an I chip upgraded M series
> you probably could have fixed it without static ARP:s
>
> Cheers
> Patrik
>
>
> Samit wrote:
>> Hi Tarique,
>>
>> Thanks, but I am not running mpls/vpls nor do I have a IQ pic.
>>
>> Regards,
>> Samit
>>
>>
>> Nalkhande Tarique Abbas wrote:
>>> Samit
>>>
>>> Something similar to limit source-mac should help...you can try to fine
>>> tune it further!
>>>
>>>
>>> l...@m120# show interfaces ge-1/3/0
>>> encapsulation flexible-ethernet-services;
>>> gigether-options { <===
>>> source-filtering;
>>>
>>> }
>>>
>>> }
>>>
>>>
>>>
>>>
>>> vlan-id 1001;
>>> encapsulation vlan-vpls
>>> accept-source-mac {
>>>mac-address 00:17:9a:00:73:91; <===
>>>
>>>
>>>
>>>
>>>
>>> Thanks & Regards,
>>> Tarique
>>>
>>> -Original Message-
>>> From: juniper-nsp-boun...@puck.nether.net
>>> [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Samit
>>> Sent: Friday, June 26, 2009 10:50 AM
>>> To: Patrik Olsson
>>> Cc: juniper-nsp
>>> Subject: Re: [j-nsp] Maximum no. of static arp entries in M7i
>>>
>>> In a static IP address allocation to the customers scenario, is there
>>> any other way other to discourage the users to abuse another subscribers
>>> IP or MAC address and access/abuse the internet in a L2 switched network
>>> (wire/wireless) where you do not have capabilities to control this from
>>> a switch port?
>>>
>>> Currently am using linux router and doing IP+Mac filtering using
>>> iptables, and now wondering if I can replace it with Juniper M7i do the
>>> same but I believe it is not possible to run such filtering.
>>>
>>> Samit
>>>
>>> Patrik Olsson wrote:
>>>> Out of sheer curiosity, why static arp:s?
>>>>
>>>> Patrik
>>>>
>>>>> Hi,
>>>>>
>>>>> Any idea how many no. of static arp entries M7i interfaces/junos will
>>>>> accept and work?
>>>>>
>>>>> interfaces ge-1/3/0 {
>>>>> unit 0 {
>>>>> family inet {
>>>>> address 192.168.0.1/24 {
>>>>> arp 192.168.0.2 mac 00:17:f2:cb:89:43;
>>>>> }
>>>>> }
>>>>> }
>>>>> }
>>>>>
>>>>> Regards,
>>>>> Samit
>>>>> ___
>>>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>> ___
>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>>
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Maximum no. of static arp entries in M7i
Hi Tarique,
Thanks, but I am not running mpls/vpls nor do I have a IQ pic.
Regards,
Samit
Nalkhande Tarique Abbas wrote:
> Samit
>
> Something similar to limit source-mac should help...you can try to fine
> tune it further!
>
>
> l...@m120# show interfaces ge-1/3/0
> encapsulation flexible-ethernet-services;
> gigether-options { <===
> source-filtering;
>
> }
>
> }
>
>
>
>
> vlan-id 1001;
> encapsulation vlan-vpls
> accept-source-mac {
>mac-address 00:17:9a:00:73:91; <===
>
>
>
>
>
> Thanks & Regards,
> Tarique
>
> -Original Message-
> From: juniper-nsp-boun...@puck.nether.net
> [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Samit
> Sent: Friday, June 26, 2009 10:50 AM
> To: Patrik Olsson
> Cc: juniper-nsp
> Subject: Re: [j-nsp] Maximum no. of static arp entries in M7i
>
> In a static IP address allocation to the customers scenario, is there
> any other way other to discourage the users to abuse another subscribers
> IP or MAC address and access/abuse the internet in a L2 switched network
> (wire/wireless) where you do not have capabilities to control this from
> a switch port?
>
> Currently am using linux router and doing IP+Mac filtering using
> iptables, and now wondering if I can replace it with Juniper M7i do the
> same but I believe it is not possible to run such filtering.
>
> Samit
>
> Patrik Olsson wrote:
>> Out of sheer curiosity, why static arp:s?
>>
>> Patrik
>>
>>> Hi,
>>>
>>> Any idea how many no. of static arp entries M7i interfaces/junos will
>>> accept and work?
>>>
>>> interfaces ge-1/3/0 {
>>> unit 0 {
>>> family inet {
>>> address 192.168.0.1/24 {
>>> arp 192.168.0.2 mac 00:17:f2:cb:89:43;
>>> }
>>> }
>>> }
>>> }
>>>
>>> Regards,
>>> Samit
>>> ___
>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Maximum no. of static arp entries in M7i
In a static IP address allocation to the customers scenario, is there
any other way other to discourage the users to abuse another subscribers
IP or MAC address and access/abuse the internet in a L2 switched network
(wire/wireless) where you do not have capabilities to control this from
a switch port?
Currently am using linux router and doing IP+Mac filtering using
iptables, and now wondering if I can replace it with Juniper M7i do the
same but I believe it is not possible to run such filtering.
Samit
Patrik Olsson wrote:
> Out of sheer curiosity, why static arp:s?
>
> Patrik
>
>> Hi,
>>
>> Any idea how many no. of static arp entries M7i interfaces/junos will
>> accept and work?
>>
>> interfaces ge-1/3/0 {
>> unit 0 {
>> family inet {
>> address 192.168.0.1/24 {
>> arp 192.168.0.2 mac 00:17:f2:cb:89:43;
>> }
>> }
>> }
>> }
>>
>> Regards,
>> Samit
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Maximum no. of static arp entries in M7i
Hi,
Any idea how many no. of static arp entries M7i interfaces/junos will
accept and work?
interfaces ge-1/3/0 {
unit 0 {
family inet {
address 192.168.0.1/24 {
arp 192.168.0.2 mac 00:17:f2:cb:89:43;
}
}
}
}
Regards,
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] as-path filtering
Works..!
Thanks for you help.
Samit
Nalkhande Tarique Abbas wrote:
> Try this..
>
>
> set policy-options as-path a ".*1234"
> set policy-options as-path b ".*5678"
>
>
> Thanks & Regards,
> Tarique A. Nalkhande
>
>
> -Original Message-
> From: Samit [mailto:janasa...@wlink.com.np]
> Sent: Monday, June 22, 2009 10:47 AM
> To: Nalkhande Tarique Abbas
> Cc: juniper-nsp
> Subject: Re: [j-nsp] as-path filtering
>
> Thanks Scott/Tarique, changed the rule as per your advice but for some
> reason it is not working...and could not figure out either.
>
> protocols {
> bgp {
> group "ebgp-test" {
> type external;
> import test-in;
> peer-as 200;
> neighbor 192.168.0.1
> }
> }
>
> policy-options {
> policy-statement test-in {
> from as-path [a b];
> then reject;
> }
> as-path a "_1234$";
> as-path b "_5678$";
> }
> }
>
>
> Still seeing routes originated from AS1234 and 5678 in the routing
> table.
>
> Regards,
> Samit
>
>
> Nalkhande Tarique Abbas wrote:
>> Pls make appropriate changes as below & it should work !
>>
>>
>> lab# show | compare
>> [edit policy-options]
>> + policy-statement test {
>> + from as-path [ test test1 ];
>> + then reject;
>> + }
>> [edit policy-options]
>> + as-path test "_1234$";
>> + as-path test1 "_5678$";
>>
>>
>>
>> Thanks & Regards,
>> Tarique A. Nalkhande
>>
>>
>> -Original Message-
>> From: juniper-nsp-boun...@puck.nether.net
>> [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Samit
>> Sent: Sunday, June 21, 2009 6:47 PM
>> To: juniper-nsp
>> Subject: [j-nsp] as-path filtering
>>
>> Hi,
>>
>> How to do this in junos?
>>
>> Cisco config example:
>>
>> ip as-path access-list 1 deny _1234$
>> ip as-path access-list 1 deny _5678$
>> ip as-path access-list 1 permit .*
>>
>> router bgp 100
>> neighbor 192.168.0.1 remote-as 200
>> neighbor 192.168.0.1 des ebgp-test
>> neighbor 192.168.0.1 filter-list 1 in
>>
>> Tried but not working..
>>
>> protocols {
>> bgp {
>> group "ebgp-test" {
>> type external;
>> import test-in;
>> peer-as 200;
>> neighbor 192.168.0.1 {
>> }
>> }
>> policy-options {
>> policy-statement test-in {
>> term 1 {
>> from as-path-group test;
>> then reject;
>> }
>> term 2 {
>> then accept;
>> }
>> }
>> as-path-group test {
>> as-path a "_1234$";
>> as-path b "_5678$";
>> }
>> }
>>
>>
>> Regards,
>> Samit
>>
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] as-path filtering
Thanks Scott/Tarique, changed the rule as per your advice but for some
reason it is not working...and could not figure out either.
protocols {
bgp {
group "ebgp-test" {
type external;
import test-in;
peer-as 200;
neighbor 192.168.0.1
}
}
policy-options {
policy-statement test-in {
from as-path [a b];
then reject;
}
as-path a "_1234$";
as-path b "_5678$";
}
}
Still seeing routes originated from AS1234 and 5678 in the routing table.
Regards,
Samit
Nalkhande Tarique Abbas wrote:
> Pls make appropriate changes as below & it should work !
>
>
> lab# show | compare
> [edit policy-options]
> + policy-statement test {
> + from as-path [ test test1 ];
> + then reject;
> + }
> [edit policy-options]
> + as-path test "_1234$";
> + as-path test1 "_5678$";
>
>
>
> Thanks & Regards,
> Tarique A. Nalkhande
>
>
> -Original Message-
> From: juniper-nsp-boun...@puck.nether.net
> [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Samit
> Sent: Sunday, June 21, 2009 6:47 PM
> To: juniper-nsp
> Subject: [j-nsp] as-path filtering
>
> Hi,
>
> How to do this in junos?
>
> Cisco config example:
>
> ip as-path access-list 1 deny _1234$
> ip as-path access-list 1 deny _5678$
> ip as-path access-list 1 permit .*
>
> router bgp 100
> neighbor 192.168.0.1 remote-as 200
> neighbor 192.168.0.1 des ebgp-test
> neighbor 192.168.0.1 filter-list 1 in
>
> Tried but not working..
>
> protocols {
> bgp {
> group "ebgp-test" {
> type external;
> import test-in;
> peer-as 200;
> neighbor 192.168.0.1 {
> }
> }
> policy-options {
> policy-statement test-in {
> term 1 {
> from as-path-group test;
> then reject;
> }
> term 2 {
> then accept;
> }
> }
> as-path-group test {
> as-path a "_1234$";
> as-path b "_5678$";
> }
> }
>
>
> Regards,
> Samit
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] neighbor allowas-in
Solved: # set routing-options autonomous-system xxx loops 2 Regards, Samit Samit wrote: > Hi, > > How to enable this in junos 9.2 running on M7i ? > > Regards, > Samit > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] neighbor allowas-in
Hi, How to enable this in junos 9.2 running on M7i ? Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] as-path filtering
Hi,
How to do this in junos?
Cisco config example:
ip as-path access-list 1 deny _1234$
ip as-path access-list 1 deny _5678$
ip as-path access-list 1 permit .*
router bgp 100
neighbor 192.168.0.1 remote-as 200
neighbor 192.168.0.1 des ebgp-test
neighbor 192.168.0.1 filter-list 1 in
Tried but not working..
protocols {
bgp {
group "ebgp-test" {
type external;
import test-in;
peer-as 200;
neighbor 192.168.0.1 {
}
}
policy-options {
policy-statement test-in {
term 1 {
from as-path-group test;
then reject;
}
term 2 {
then accept;
}
}
as-path-group test {
as-path a "_1234$";
as-path b "_5678$";
}
}
Regards,
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Logging interface flaps
Hi,
How do I log the interface flap logs similar to cisco log attached
below, in Juniper M7i?
Dec 3 18:26:04.155 NST: %LINEPROTO-5-UPDOWN: Line protocol on Interface
POS2/0, changed state to down
Dec 3 18:26:04.375 NST: %LINEPROTO-5-UPDOWN: Line protocol on Interface
POS3/0, changed state to down
Dec 3 18:26:05.711 NST: %LINEPROTO-5-UPDOWN: Line protocol on Interface
POS1/0, changed state to down
Dec 3 18:29:04.551 NST: %LINEPROTO-5-UPDOWN: Line protocol on Interface
POS2/0, changed state to up
Dec 3 18:29:04.551 NST: %LINEPROTO-5-UPDOWN: Line protocol on Interface
POS3/0, changed state to up
Dec 3 18:29:05.835 NST: %LINEPROTO-5-UPDOWN: Line protocol on Interface
POS1/0, changed state to up
I tried this but not getting any logs during the link flap.
[edit interfaces]
traceoptions {
file int-log size 1m files 5;
flag change-events;
flag config-states;
}
so-0/1/0 {
description "Link1 ";
traceoptions {
flag all;
}
so-0/1/1 {
description "Link2 ";
traceoptions {
flag all;
}
so-0/1/2 {
description "Link3 ";
traceoptions {
flag all;
}
Regards,
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] L2TPv3
Hi, I read some old post in this list regarding L2TPv3 not being supported on M series, it is still not supported am I right? Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Bgp peer sessions flap in 165k-245k pps/sec DoS
After doing further investigation, I found that in-fact my Cisco-vxr Npe-g2 and g1 in the path (between M7i and customer router) suffered the Dos and due to cpu saturation the bgp flapped. Earlier I did not noticed because the cpu utilization graph of Cisco showed only 50% in npe-g2 and 80% in npe-g1 and straightened perhaps it was not responding mrtg polling, however "show proc cpu history" showed the different story. M7i was not affected...bravo Juniper..! Thanks everyone. Regards, Samit Nilesh Khambal wrote: > I don't see any drops in the sofware or hardware queues towards RE. So > it does not look like it was this router that was affected by DOS attack > and caused BGP flap. As Stefan mentioned, check the logs for the BGP > notification reason and to find out if we sent or received the > Notification. > > For your M7i, this traffic is the transit traffic and should be handled > in the PFE itself. It is possible that this router may get affected by > DoS, if the BGP peer that flapped during DOS and the destination of DOS > are both reachable via same egress interface and the egress interface > does not have enough bandwidth to handle the traffic. As you mentioned, > the DOS traffic was seen at the rate of 90 Mbps. It can saturate egress > interface's queues if it is an FE interfaces, with other production > traffic in the background. Check the egress interface queues and > evidence of drops in either best-effort or network-control queue. > > Did you have a filter on ingress or egress interface to drop such > traffic with filter action "reject"? > > Thanks, > Nilesh. > > > > > > > On Feb 15, 2009, at 2:50 AM, "Samit" wrote: > >> I do have filter in placed to protect the RE. But the attack is not >> targeted or directed to any interfaces of my router. My customer network >> as under DoS attacked , tcpdump snapshot attached below "x" is source >> and "y" is target. >> >> 04:16:18.225986 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, >> length 36 >> 04:16:18.226063 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, >> length 36 >> 04:16:18.226072 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, >> length 36 >> 04:16:18.226091 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, >> length 36 >> 04:16:18.226095 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, >> length 36 >> 04:16:18.226112 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, >> length 36 >> 04:16:18.226115 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, >> length 36 >> 04:16:18.226131 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, >> >> I don't have pfe stat during Dos but this is how it the output look like >> now. >> >> Packet Forwarding Engine traffic statistics: >>Input packets: 40918149601 102324 pps >>Output packets: 40903880367 102281 pps >> Packet Forwarding Engine local traffic statistics: >>Local packets input : 4603616 >>Local packets output: 5077330 >>Software input control plane drops :0 >>Software input high drops :0 >>Software input medium drops :0 >>Software input low drops:0 >>Software output drops :0 >>Hardware input drops:0 >> Packet Forwarding Engine local protocol statistics: >>HDLC keepalives: 143360 >>ATM OAM:0 >>Frame Relay LMI:0 >>PPP LCP/NCP:0 >>OSPF hello :0 >>OSPF3 hello:0 >>RSVP hello :0 >>LDP hello :0 >>BFD:0 >>IS-IS IIH :0 >> Packet Forwarding Engine hardware discard statistics: >>Timeout:0 >>Truncated key :0 >>Bits to test :0 >>Data error :0 >>Stack underflow:0 >>Stack overflow :0 >>Normal discard : 14002963 >>Extended discard : 41297 >>Invalid interface :
Re: [j-nsp] Bgp peer sessions flap in 165k-245k pps/sec DoS
I do have filter in placed to protect the RE. But the attack is not targeted or directed to any interfaces of my router. My customer network as under DoS attacked , tcpdump snapshot attached below "x" is source and "y" is target. 04:16:18.225986 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, length 36 04:16:18.226063 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, length 36 04:16:18.226072 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, length 36 04:16:18.226091 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, length 36 04:16:18.226095 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, length 36 04:16:18.226112 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, length 36 04:16:18.226115 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, length 36 04:16:18.226131 IP x.x.x.x.12372 > y.y.y.y.18990: UDP, I don't have pfe stat during Dos but this is how it the output look like now. Packet Forwarding Engine traffic statistics: Input packets: 40918149601 102324 pps Output packets: 40903880367 102281 pps Packet Forwarding Engine local traffic statistics: Local packets input : 4603616 Local packets output: 5077330 Software input control plane drops :0 Software input high drops :0 Software input medium drops :0 Software input low drops:0 Software output drops :0 Hardware input drops:0 Packet Forwarding Engine local protocol statistics: HDLC keepalives: 143360 ATM OAM:0 Frame Relay LMI:0 PPP LCP/NCP:0 OSPF hello :0 OSPF3 hello:0 RSVP hello :0 LDP hello :0 BFD:0 IS-IS IIH :0 Packet Forwarding Engine hardware discard statistics: Timeout:0 Truncated key :0 Bits to test :0 Data error :0 Stack underflow:0 Stack overflow :0 Normal discard : 14002963 Extended discard :41297 Invalid interface :0 Info cell drops:0 Fabric drops :0 Packet Forwarding Engine Input IPv4 Header Checksum Error and Output MTU Error statistics: Input Checksum : 196 Output MTU :0 I don't have JTAC support access.. :) Regards, Samit Nilesh Khambal wrote: > Hi Samit, > > Do you have the output of "show pfe statistics traffic" from this router? > > What was the type of DoS attack traffic? Was it directed to any of the > interfaces on the router? Did you have any filter applied to loopback > interface to drop such traffic? If yes, did any of the filters that were > applied to the interface matching DoS traffic had reject action in them? > Is any syslogging enabled in any of the filter terms that were matching > the attack traffic? > > Also, I would recommend involving JTAC during such incidents in future. > They can help you figure out the problem. > > Thanks, > Nilesh > > > On Feb 14, 2009, at 11:19 PM, "Samit" wrote: > >> Hi, >> >> Today early in the morning around 4am we had a udp based DoS from the >> Internet destinate to one of my customer network for about over 1.5hr. >> The pps rate was from 165k to 245k peak and at the rate of around 90Mbps >> as per the mrtg graphs. I don't have any Qos running, but I noticed >> later that all Bgp peer sessions flapped during that period though I >> have plenty of capacity in my upstream as well as in downstream links, >> therefore I don't call it M7i fully survived and handled it. M7i is >> capable of forwarding 16million pps and additionally I have plenty of >> free bandwidth available, so there should not be any interface buffer >> exhaustion or link saturation. Therefore, I failed to understood the >> reason of the BGP flaps. Can anyone help me explain to understand? >> >> >> Regards, >> Samit >> >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Bgp peer sessions flap in 165k-245k pps/sec DoS
Hi, Today early in the morning around 4am we had a udp based DoS from the Internet destinate to one of my customer network for about over 1.5hr. The pps rate was from 165k to 245k peak and at the rate of around 90Mbps as per the mrtg graphs. I don't have any Qos running, but I noticed later that all Bgp peer sessions flapped during that period though I have plenty of capacity in my upstream as well as in downstream links, therefore I don't call it M7i fully survived and handled it. M7i is capable of forwarding 16million pps and additionally I have plenty of free bandwidth available, so there should not be any interface buffer exhaustion or link saturation. Therefore, I failed to understood the reason of the BGP flaps. Can anyone help me explain to understand? Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Policed discards
Hi Nilesh/Jeff
My Cisco config
spanning-tree portfast bpdufilter default
interface GigabitEthernet0/1
description To Juniper ge-0/0/0 PE-1GE-SX-B
port-type nni
switchport access vlan 2
no keepalive
media-type sfp
speed nonegotiate
no cdp enable
spanning-tree portfast
end
interface GigabitEthernet0/5
description To Juniper ge-1/3/0 inbuilt
port-type nni
switchport access vlan 3
media-type sfp
speed nonegotiate
no cdp enable
no keepalive
spanning-tree portfast
end
The Police discards counter now increases by 1 in every 30-40secs
interval in ge-0/0/0 but I still see it. But I don't think i really need
to worry much, do I? because I don't see any packet loss.
Regards,
Samit
Nilesh Khambal wrote:
> Please disable cdp and keepalives on Cisco port connected to this M7i.
> Also, disable spanning tree on this port by configuring it as an access
> port.
>
> Thanks,
> Nilesh.
>
> Samit wrote:
>> Hi, I just installed my first juniper M7i in the production couple of
>> hour back and after resolving few routing issue so far it is running
>> smoothly. I noticed that my PE-1GE-SX-B interface is showing only
>> "Policed discards", the counter which increases by 1 in every 1-2 secs
>> but the inbuilt GE is showing no errors. As I am not running any
>> qos/policing in the interface I was wondering what does it means..and
>> how to fix this error? the router's both interface is connected with a
>> Cisco 3400ME in different Vlan.
>>
>> interfaces {
>> ge-0/0/0 {
>> description " Cisco3400-ME Gi0/1 Vlan2";
>> unit 0 {
>> family inet {
>> address 192.168.0.1/28;
>> }
>> }
>> }
>>
>> Delay: 1/0/1
>> Interface: ge-0/0/0, Enabled, Link is Up
>> Encapsulation: Ethernet, Speed: 1000mbps
>> Traffic statistics: Current
>> delta
>> Input bytes:3589144576 (34951312 bps)
>> [26149611]
>> Output bytes: 4117970233 (36219936 bps)
>> [27659648]
>> Input packets:12654493 (15073 pps)
>> [90668]
>> Output packets: 13058310 (15834 pps)
>> [94510]
>> Error statistics:
>> Input errors:
>> 0[0]
>> Input drops:
>> 0[0]
>> Input framing errors:
>> 0[0]
>> Policed discards:
>> 558[4]
>> L3 incompletes:
>> 0[0]
>> L2 channel errors:
>> 0[0]
>> L2 mismatch timeouts:
>> 0[0]
>> Carrier transitions: 0 Output
>> errors:[0]
>>
>>
>>
>> Regards,
>> Samit
>>
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Policed discards
Hi, I just installed my first juniper M7i in the production couple of
hour back and after resolving few routing issue so far it is running
smoothly. I noticed that my PE-1GE-SX-B interface is showing only
"Policed discards", the counter which increases by 1 in every 1-2 secs
but the inbuilt GE is showing no errors. As I am not running any
qos/policing in the interface I was wondering what does it means..and
how to fix this error? the router's both interface is connected with a
Cisco 3400ME in different Vlan.
interfaces {
ge-0/0/0 {
description " Cisco3400-ME Gi0/1 Vlan2";
unit 0 {
family inet {
address 192.168.0.1/28;
}
}
}
Delay: 1/0/1
Interface: ge-0/0/0, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 1000mbps
Traffic statistics: Current delta
Input bytes:3589144576 (34951312 bps) [26149611]
Output bytes: 4117970233 (36219936 bps) [27659648]
Input packets:12654493 (15073 pps)[90668]
Output packets: 13058310 (15834 pps)[94510]
Error statistics:
Input errors:0[0]
Input drops: 0[0]
Input framing errors:0[0]
Policed discards: 558[4]
L3 incompletes: 0[0]
L2 channel errors: 0[0]
L2 mismatch timeouts:0[0]
Carrier transitions: 0 Output errors: [0]
Regards,
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] switching to superuser after a logging in as a normal user
Hi, Is there any way I can login to the router as a normal user and then switch to superuser by doing "su " something similar like in unix systems? with tacacs+ or without tacacs+. Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] M7i and equal cost static routes
Hi,
My upstream has Cisco router and I have 2xSTM-1 connected with my Cisco
router. We have 2 equal cost static routes in loopback address in order
to load balance the traffic, I believe it is "per-destination" both
side. I want to replace my end Cisco router with M7i and below is my
interface and static routes config. Unfortunately I don't have any Cisco
router with STM interfaces to test. As I don't want my upstream to make
any changes are there any thing I need to look at? I can only see
"per-packet" load balancing option in policy? Do I need "multipath" in
bgp as well?
Current Cisco config:
interface POS1/0
description 1st Link
ip address 172.16.0.1 255.255.255.252
interface POS2/0
description 2nd Link
ip address 172.16.1.1 255.255.255.252
ip route 192.168.1.1 255.255.255.255 POS1/0
ip route 192.168.1.1 255.255.255.255 POS2/0
192.168.1.1 is my remote peer's loopback doing eBgp
My juniper config:
so-0/1/0 {
description "1st Link ";
encapsulation cisco-hdlc;
sonet-options {
no-payload-scrambler;
}
unit 0 {
family inet {
address 172.16.0.1/30;
}
}
so-0/1/1 {
description "2nd Link ";
encapsulation cisco-hdlc;
sonet-options {
no-payload-scrambler;
}
unit 0 {
family inet {
address 172.16.1.1/30;
}
}
routing-options {
static {
route 192.168.1.1/32 next-hop [ so-0/1/0.0 so-0/1/1.0 ];
Regards,
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VPLS and M7i
Samit wrote: > Hi list, > > I am beginner in terms of MPLS/VPLS technology and Junos. I was just > exploring the possibilities of configuring,testing simulating VPLS using > couple of M7i with PE-1GE-SX-B interfaces with Catalyst 3400ME doing > QnQ and/or 802.1q (both scenario). As per the doc the built in Gig > cannot be used for MPLS but I was just wondering whould there are any > limitation in features/configuration while using PE-1GE-SX-B and/or any > FE interface for VPLS in below scenario. Furthermore how many VPLS > tunnel M7i will support and how stable would it be? > > Customer---3400ME<-->M7i--M7i<--->3400ME--Customer > > Any pointer would be a great help. > > Regards, > Samit > > > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] VPLS and M7i
Hi list, I am beginner in terms of MPLS/VPLS technology and Junos. I was just exploring the possibilities of configuring,testing simulating VPLS using couple of M7i with PE-1GE-SX-B interfaces with Catalyst 3400ME doing QnQ and/or 802.1q (both scenario). As per the doc the built in Gig cannot be used for MPLS but I was just wondering whould there are any limitation in features/configuration while using PE-1GE-SX-B and/or any FE interface for VPLS in below scenario. Furthermore how many VPLS tunnel M7i will support and how stable would it be? Customer---3400ME<-->M7i--M7i<--->3400ME--Customer Any pointer would be a great help. Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Juniper M7i, Junos9.2 w/ PE-1GE-SX-B , 802.1Q inter vlan routing
Hi, I am quite elated that we are now moving into Juniper from Cisco (Npe-g1) for our border gateway deployment w/ 2 full bgp feed. We are getting couple of used M7i with Junos 9.2 w/ PE-1GE-SX-B next week. I have a very simple questiondue to lack of junos knowledge, The M7i Gig interface will be connected with Catalyst 3400 802.1Q trunk port and I need to do a intervlan routing from M7i box . How do I do it, any config tips will be appreciated. Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Junos 9.2 and few old PICs support
Hi list, I just want to know whether Junos 9.2 running in M10i/M7i support and valid for following PICs: 1. PE-2OC3-SON-SMIR 2. PE-2OC3-SON-MM 3. PE-1GE-SX-B Which version is the valid and supported for above PICs? Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Ethernet router suggestion required
Hi list, I am looking for a L2/L3 capable ethernet router with 20Gig ports in my core, that should do full bgp feeds from multiple upstreams w/ , IPv6 and multicast routing, MPLS and 4byte Asn in future. I am currently looking into 4 products from 4 vendor. 1. Extreme BD 1280xR 2. Force10 E300 (don't have MPLS but might do in future) 3. Foundry NetIron MLX-4 4. Juniper Mx240. Suggestion: 1. Price the killer 2. Stability and reliability 4. Performance 3. Support Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Full routing table feed on M7i and M10i
Hi list, With RE-850 can juniper M7i or M10i can effectively handle 3+ full routing table feed from multiple upstreams? Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] exporting flows from juniper router M7i/10i/20
Hi list, Like in Cisco router, in order to export flows from Juniper router to external flow collector/analyzer and visualizer, does the adaptive service pic or monitoring service pic is required compulsory? Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] STM-4 and Gig LACP Connectivity between Juniper and Ciscogear
I don't know , that is something I would also wanted to know. Is it possible to run MLPPP on concatenated STM/POS interfaces? Regards, Samit Benny Sumitro wrote: > Hi, > > Can you bundle STM-1 using MLPPP? AFAIK bundling STM-4 can only be > done by using aggregated sonet and is prop to Juniper. > If you succeeded, could you paste the config and share it with me? > > Thanks, > Benny > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] STM-4 and Gig LACP Connectivity between Juniper and Ciscogear
I just went through some older post which states that even AS-PIC also requires FPC-E. Does Multilink Services PIC also requires FPC-E PIC ? Regards, Samit Richard A Steenbergen wrote: > On Fri, Nov 09, 2007 at 06:02:29PM +0100, Jeff Tantsura wrote: >> Hi Samit, >> >> No, LACP is supported on any ethernet (not sure about really old ones) >> interfaces. >> Any relatively new Catalist should support LACP as well, if you are going to >> use SX optic on juniper, use SX on cisco as well :) > > LACP is supported everywhere, but if you're doing to do LACP + > vlan-tagging on the AE you need at least an FPC-E. Original FPCs on > classic martini architecture (M5-M160) will do one or the other, but not > both simultaniously. > > Also, my random tidbit of advice for the day... Don't configure native > vlan tagging on a Cisco and then try to speak LACP to a Juniper, it will > try to tag the LACP control packets with the native vlan ID and confuse > the hell out of the Juniper. :) > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] STM-4 and Gig LACP Connectivity between Juniper and Ciscogear
Hi Jeff, Since multilink ppp require adaptive service pic, Do I need any specific interface or junos ver for LACP in Juniper? I am planning to get P-1GE-SX interface so what type of gbic do it need in the Catalyst switch? Regards, Samit Jeff Tantsura wrote: > Hi Samit, > > Not all of Cisco's support LACP, some PAGP only which is Cisco proprietary. > In this case you should configure Cisco in on mode and deactivate LACP on > Juniper. > > Regards, > Jeff > >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:juniper-nsp- >> [EMAIL PROTECTED] On Behalf Of Samit >> Sent: woensdag 7 november 2007 12:36 >> To: juniper-nsp@puck.nether.net >> Subject: [j-nsp] STM-4 and Gig LACP Connectivity between Juniper and >> Ciscogear >> >> Hi, >> >> I am planning to get Juniper router and fit between two Cisco gear. >> Since I don't have any practical knowledge in juniper gear and junos, >> I would like to know expert opinion on any known issues working between >> Cisco and Juniper, STM and Gig interface and configs as per below figure. >> >> stm-4 -stm-4 Gig---Gig >> / \ / \ >> Cisco(Multilink PPP) Juniper (LACP) Catalyst >> \ / \ / >> stm-4 --stm-4 Gig---Gig >> >> Thanks in advance. >> >> Regards, >> Samit >> >> >> >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] STM-4 and Gig LACP Connectivity between Juniper and Cisco gear
Hi, I am planning to get Juniper router and fit between two Cisco gear. Since I don't have any practical knowledge in juniper gear and junos, I would like to know expert opinion on any known issues working between Cisco and Juniper, STM and Gig interface and configs as per below figure. stm-4 -stm-4 Gig---Gig / \ / \ Cisco(Multilink PPP) Juniper (LACP) Catalyst \ / \ / stm-4 --stm-4 Gig---Gig Thanks in advance. Regards, Samit ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
