[j-nsp] MX80 max MAC addresses
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, does the general limit of 1 million MAC addresses per MX chassis hold true for the MX80 as well? Cheers, sven03 Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAkzSXm8ACgkQnEU7erAt4TJZegCeLFZk6dwxnNehs3C51ZhCHyfn AOsAoLM+N0i0Kr7s/sOJPRReygc+hXZW =X9sF -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX80 max MAC addresses
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Hendrik, you put it exactly right: according to the documentation. I am not sure about how much trust can be put into a general specsheet when it comes to this matter. Erroneous copypaste jobs, lack of communication etc potentially fubar things up real fast. Also, to be glared upon by one's peers and executives because one took this datasheet for real (especially after the initially very thin information about the MX80 platform in general), only to stumble across some hidden restriction *after* deploying a sizeable amount of those boxes seems, well, risky. Guess I'll forward this to our sales reps. Thanks and cheers, sven03 On 11/4/10 10:51 AM, Hendrik Kahmann wrote: Hi Sven, according to the documentation there is no difference between the different MX-Platforms: They all hold up to 1 Million MAC-Addresses. With support for up to 1 million MAC addresses and 64,000 VLANs, the MX Series delivers industry-leading scale for Layer 2 VPNs. Source: http://www.juniper.net/us/en/local/pdf/datasheets/1000208-en.pdf Kind regards from Oldenburg, Hendrik i. A. Hendrik Kahmann B.Sc. Wirtschaftsinformatik Planung - Technische Produktentwicklung Telefon: +49 441 8000 2778 mailto:hendrik.kahm...@ewetel.de ___ EWE TEL GmbH Cloppenburger Str. 310 26133 Oldenburg Handelsregister Amtsgericht Oldenburg HRB 3723 Vorsitzender des Aufsichtsrates: Heiko Harms Geschäftsführung: Hans-Joachim Iken (Vorsitzender), Dr. Norbert Schulz, Dirk Thole, Ulf Heggenberger Homepage: http://www.ewetel.de Am 04.11.2010 um 08:19 schrieb Sven Juergensen (KielNET): Hi list, does the general limit of 1 million MAC addresses per MX chassis hold true for the MX80 as well? Cheers, sven03 Mit freundlichen Gruessen, i. A. Sven Juergensen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAkzSidAACgkQnEU7erAt4TJ3PQCgp6yxFyqyNBmb/Yq9epAhH6Eq vlIAmgMD43Z0I7Hwj4yfyK/xIqFNw5H2 =J5cq -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SSG520 and SSG520M with NSRP a/p?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, does anyone of you have an active/passive NSRP cluster with an SSG520 and SSG520M running? I wonder if it works between M and non-M models. Thanks and regards, Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAkwphfEACgkQnEU7erAt4TJy+QCfdkB6qhy/ZE5CNvI7zSBpefHP I1IAoOuJKtcXXeEXBNKKEK5lgjih4JW1 =MWz3 -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] MX80 = vaporware?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, does anybody have the slightest clue about the availability or hold-up of those boxes? Our sales representatives are shrugging, MX80 demonstrations are lacking the boxes etc pp. Make way for the 2010 awards? http://www.wired.com/epicenter/2009/12/vaporware-2009-inhale-the-fail/ Boggling regards, Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAkwfRAsACgkQnEU7erAt4TI7SgCfQBPnw4WET20S2O6h7TTntERZ JQoAn2tvuq+yqxJofG9hFip710P8pFhF =7bfb -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] EX4200-24f lo0 filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, according to http://bit.ly/9Xn1u9 loopback filters on EX switches are supported since 9.2R1. My box is running 9.5R3.7 and conf- iguring something at the [edit firewall] context, ends me up with firewall { ## ## Warning: configuration block ignored: unsupported platform (ex4200-24f) ## filter REF { term snmp { from { Applying that to lo0 and committing bombs like [edit interfaces lo0 unit 0 family inet] 'filter' Referenced filter 'REF' is not defined [edit] 'interfaces' error parsing interfaces object error: configuration check-out failed Does this generally not work on the EX-series or just not for the -24f? Thanks and regards, Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (Darwin) iEYEARECAAYFAktilpQACgkQnEU7erAt4TKswQCguTWFiMIsZFUOXnzgg9apbwJj 8LQAnj/Q1znCm4DJqSE6VZsn/Lgo7509 =LFqx -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] arp logs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maybe you're looking for this: no-gratuitous-arp-reply no-gratuitous-arp-request in an interface context. This may prevent some scenarios using HA though. sven03 On 1/28/10 8:51 AM, mohamed attia wrote: Dear All, hope you are doing well. last week i received the below log from juniper box M320 could you help me to prevent my box feom this log kernel: KERN_ARP_ADDR_CHANGE: arp info overwritten for 95.100.26.214 from 00:30:48:b9:60:77 to 00:30:48:b9:b2:1f _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/196390710/direct/01/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (Darwin) iEYEARECAAYFAkthRfMACgkQnEU7erAt4TIqMgCfbYLUGLx+jKAyi/HJNR+FK5iA aG0AnRUiUx70vEtK+288fn1VS7PgdQU3 =sO2o -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] arp logs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, given the amount of information about your configs, network etc, it's hard make any relevant calls. The issue could be a duplicate IP address, a HA-setup fubaring your router, VRRP playing tricks like giving you unsolicited/gratuitous arps and the like. Are the MAC-adresses part of that one box? Is that interface directed towards your own infrastructure or externally? Any VRRP configured? Are servers using redundant setups connected to that segment? Shrug, Sven On 1/28/10 9:23 AM, mohamed attia wrote: Hi Seven, thanks for your attention, but if its possible could you keep me updated with more details Best Regards, --- Eng. : Mohamed Attia mailto:mohamed.at...@tedata.net Tel: +2 010 2039799 Date: Thu, 28 Jan 2010 09:08:19 +0100 From: s.juergen...@kielnet.de CC: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] arp logs Maybe you're looking for this: no-gratuitous-arp-reply no-gratuitous-arp-request in an interface context. This may prevent some scenarios using HA though. sven03 On 1/28/10 8:51 AM, mohamed attia wrote: Dear All, hope you are doing well. last week i received the below log from juniper box M320 could you help me to prevent my box feom this log kernel: KERN_ARP_ADDR_CHANGE: arp info overwritten for 95.100.26.214 from 00:30:48:b9:60:77 to 00:30:48:b9:b2:1f _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/196390710/direct/01/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Mit freundlichen Gruessen, i. A. Sven Juergensen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.http://clk.atdmt.com/GBL/go/196390709/direct/01/ Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (Darwin) iEYEARECAAYFAkthfc4ACgkQnEU7erAt4TKc3QCg9YED0IIpJwrZS7iNdTqBMf5n seYAnjA/7kOX5ruodpfp4W9fAc38Bvn7 =j/GI -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX and any policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, in ScreenOS-lingo, the 'any' for a zone does just that. in JUNOS on the branch-SRX firewalls, there apparently isn't an equi- valent. So, one might think that it's poss- ible to define an 'any' zone and put every interface into it. Well, the interfaces poof when assigned to a different zone. Is there any way to have an 'any' zone on the SRX boxes? Surely I am missing something. Thanks and regards, Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (Darwin) iEYEARECAAYFAktUFLwACgkQnEU7erAt4TIORACfYeC8whDkIg4hbiDK0QIEreGS 14cAn0svLkHof8o0YrcOJeXW5PDjf6OI =QV1i -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ScreenOS and forced PPPoE-Disconnect
Hi Ben, thanks, I probably was unclear about what I am trying to achieve: the SSG should dis- and reconnect the PPPoE session at say 0600 in the morning. Cheers, sven03 On Dec 3, 2009, at 1:03 PM, Ben Dale wrote: Hi Sven, Under ScreenOS just drop the following into your configuration: set pppoe name MyISP auto-connect 10 That will reconnect after 10 seconds of the connection going down. Cheers, Ben On 03/12/2009, at 7:54 PM, Sven Juergensen wrote: Hi list, is there any feature that allows one to configure a time period that forces a PPPoE session to re- connect? 24h disconnects initiated by providers in combination with flaky dsl lines could be some- what effectively worked around with that way. Thanks and regards, Mit freundlichen Gruessen, i. A. Sven Juergensen -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Mit freundlichen Gruessen, i. A. Sven Juergensen -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Update to 9.4R1.8 gone bad
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tommy, I am aware of what this command does up to the point where it changes something on the compact flash which makes it bootable again. I reckon it repartitions it and copies the necessary files? Until now, that command struck me as a backup mechanism. I presume there's more behind it. Digging a bit further I stumbled across https://www.juniper.net/techpubs/software/junos/junos94/swcmdref-basics-services/request-system-snapshot.html Below Options the partition parameter is listed. Wild guess: this is run automatically when the CF is faulty? (still assuming that it actually was the problem) For the upgrade I went through what's des- cribed at http://www.juniper.net/techpubs/software/junos/junos94/swconfig-install/installing-the-software.html At the bottom it tells me to 'request system snapshot' but that looks like optional not mandatory to me, at least when it comes to getting the router back to an operational status. For now, I will just remember that command as magic knob which fixes things. To avoid this happening in the future: is there a best practice to upgrade the soft- ware or does the documented procedure usu- ally work? Cheers, sven03 Tommy Perniciaro wrote: RTFM - Original Message - From: juniper-nsp-boun...@puck.nether.net juniper-nsp-boun...@puck.nether.net To: juniper-nsp@puck.nether.net juniper-nsp@puck.nether.net Cc: Stacy W. Smith s...@juniper.net Sent: Wed Feb 18 23:48:50 2009 Subject: Re: [j-nsp] Update to 9.4R1.8 gone bad Hi, they asked me to do a 'request system snapshot' and miraculously the box is now able to boot from flash. Care to clue me in on what happened here? Thanks, sven03 Stacy W. Smith wrote: Sven, Can you provide me with your JTAC case number? Thanks, --Stacy On Feb 18, 2009, at 1:34 AM, Sven Juergensen (KielNET) wrote: I got a case up with Juniper but they're taking their time... Mit freundlichen Gruessen, i. A. Sven Juergensen ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmdEOsACgkQnEU7erAt4TKxOwCgyCT+Y8HjPmmFGKPfLgcRQAAe 9eYAn2jJB5pypb5FDYA2iGIQ+/i09WiA =5WQe -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Update to 9.4R1.8 gone bad
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, I recently updated one MX router from 9.3 to 9.4. What shows up after that is - -- Alarm time Class Description 2009-02-18 07:46:34 UTC Minor Host 0 Boot from alternate media - -- and after logging in to that RE - -- - --- NOTICE: System is running on alternate media device (/dev/ad2s1a). - -- Checking the boxes console while rebooting after a 'request system reboot media compact-flash' it goes like - -- === Bootstrap installer starting === Initialized the environment Routing engine model is RE-S-2000 error opening /var/run/usbd.pid for writing: Read-only file system usbd: Unable to lock PID file: Read-only file system Discovered that flash disk = ad0 , hard disk = ad2 ERROR: discover_install_drive: tmp/preinstall/install.conf not found - -- and dumps me to some sort of recovery console. Upon entering 'reboot', the system apparently falls back to the hdd and comes up with the state the hdd is providing. Interestingly, this only happens to RE0, the second one still boots from flash. After doing the same to another MX, this behaviour also shows up so I'm kind of ruling a faulty flash out. Did 9.4. bork things up for anyone else? The archives spew out the following, but didn't come up with a solution http://puck.nether.net/pipermail/juniper-nsp/2007-December/009388.html I got a case up with Juniper but they're taking their time... Any pointers appreciated. Best regards, Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmbyC8ACgkQnEU7erAt4TIWngCffGcYQqBkBNbAZBap+0n+UcyF YBMAoI49Dj4vzTqjBdzswoivO0g5+uRF =yutI -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Update to 9.4R1.8 gone bad
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dave Humphrey wrote: Is RE0 still running 9.3 when it boots from the hard drive? Yes, it was. Cheers, sven03 -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Sven Juergensen (KielNET) Sent: 18 February 2009 08:35 To: juniper-nsp@puck.nether.net Subject: [j-nsp] Update to 9.4R1.8 gone bad Hi list, I recently updated one MX router from 9.3 to 9.4. What shows up after that is ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmdAEwACgkQnEU7erAt4TJhUwCeO3xELfiLFAE7faAzTJxzCpf3 VdgAn3WtoISVByvWYkuPohWJHYMIOkMr =e/5p -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Update to 9.4R1.8 gone bad
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, they asked me to do a 'request system snapshot' and miraculously the box is now able to boot from flash. Care to clue me in on what happened here? Thanks, sven03 Stacy W. Smith wrote: Sven, Can you provide me with your JTAC case number? Thanks, --Stacy On Feb 18, 2009, at 1:34 AM, Sven Juergensen (KielNET) wrote: I got a case up with Juniper but they're taking their time... Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmdANIACgkQnEU7erAt4TLPhwCeITk4TV7j0OhjQY9yEb2RRauN DLYAniJPIzt8/lSCE16QHSQE2H7Rma+V =mz+T -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX Series issue - Update!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hm, nothing I can correlate regarding those issues showing up on the 9.4 release notes: http://www.juniper.net/techpubs/en_US/junos9.4/information-products/topic-collections/release-notes/9.4/frameset.html Perhaps a stealth fix ;) Any news from JTAC? Cheers, sven03 Mark Tinka wrote: On Monday 29 December 2008 06:26:42 pm Felix Schueren wrote: which version of JUNOS-EX did you use? We saw similiar effects with 9.1 and (to a lesser extent) with 9.2. Debugged for a good while, everything 100% correct, reboot, everything worked. We later learned that restart ethernet-switching would probably have been sufficient. There are quite a few entries regarding vlan RVIs not learning MACs in the recent release notes, most of them are cleared by restarting the ethernet-switching-daemon. You should definetely install 9.3R2.8 if you haven't already. Okay, so we experienced a somewhat similar issue today with our EX3200's, and remembered this thread - I thought I'd pick up on it. We are running JunOS 9.3R2.8 on our unit, some 38 days now. We changed the name of a VLAN under '[edit vlans]', say from 'a' to 'b'. The actual VLAN ID remained the same. Upon a 'commit', traffic to the end-user was no longer being forwarded by the switch. After a bit of debugging, we decided to try a different VLAN, say 'c', with a different VLAN ID. That worked! Re-trying the original VLAN ID with its modified VLAN name, 'b', and committing, still blocked traffic from being forwarded to the end-user. We then re-traced this thread, and gracefully restarted the 'ethernet-switching' process on the switch. This took about 30 seconds to work (these EX boxes are really slow), and everything was back to normal. The modified VLAN name and the original VLAN ID was working, forwarding traffic to the end-user. This is a very nasty bug, and really needs to be fixed. It makes recycling VLAN ID's a nightmare, should they become available and need to be assigned to other users. I'm going to log a case with JTAC. Cheers, Mark. Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze und Rechenzentren KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmTybIACgkQnEU7erAt4TI7WACg3CojrnsEpgzNKTaPe+7UxPRb xx4AoMCx2xAmv39RxIG657cqXbKm4I8g =XlJW -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] MX-series Virtual switch transport
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, is it possible to transport a virtual switch and it's complete ethernet transparency (VLANs, layer 2 protocols etc) between different MXes without the need of MPLS? Thanks and best regards, Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze/Projekte KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP details at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmL76UACgkQnEU7erAt4TLIDgCgyuNJufkwHn5/GsljP4Kd7WYT lsIAoObEwilHVdQ2cSftquZPo1DUXdEh =rCy8 -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] EX-Series experiences
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, once again I had a strange occurrence with one EX420048T switch running JUNOS 9.3R2.8. Several VLANs and layer3 routing are confi- gured on it. The symptom was that directly connected (access-) VLANs x and y couldn't talk to an address range, which is routed through a trunk to VLAN x's IP on another switch. Mind you, there is nothing fancy configured on the switches and they're not bogged down to their knees. Perhaps it's an interoper- ability problem but I wouldn't know that. All this is basic functionality that tends to go haywire though, preferably when people are busy not being awake. Things happened without any human intervention or after recent configuration changes. This time, the logs actually provided something which I can't make heads or tails from the logs so here goes: - ---8--- Jan 30 22:26:33 some.switch fpc0 Resolve request came for an address matching on Wrong nh nh:1317, type:Unicast...? Jan 30 22:26:45 some.switch last message repeated 8 times Jan 30 22:28:45 some.switch last message repeated 167 times Jan 30 22:38:46 some.switch last message repeated 913 times Jan 30 22:48:44 some.switch last message repeated 713 times Jan 30 22:55:02 some.switch last message repeated 262 times Jan 30 22:55:30 some.switch fpc0 Resolve request came for an address matching on Wrong nh nh:1317, type:Unicast...? Jan 30 22:55:45 some.switch last message repeated 7 times Jan 30 22:57:46 some.switch last message repeated 179 times - ---8--- The MAC and ARP table at that time looked just fine and I doubt it's related to the spanning-tree, since so far it's a dual star topology without any loops. Neither restarting the switching nor rou- ting daemon helped anything; a complete reboot of the switch did the trick. Perhaps this is of interest to Juniper, I don't really expect any help with it. Maybe one of the future JUNOS releases will remedy that. Nonetheless, I'm kind of disappointed with those switches. This isn't the first time they spat out mysterious behavior to basic functions (MAC learning, populating the ARP table). I ranted on the j-nsp mailinglist about this earlier and apparently I'm not the only one having these issues. Someone from Hosteurope confirmed having similar problems. A couple of cheap HP procurve 3400cl-24G switches using the preinstalled firmware worked for about 3 years in the same scenario and did not need to be re- started even once. After replacing them with the EX-series things started to, well, behave irrationally. I truly hope that Juniper is going to put some extra effort into bugfixing their EX-series. I really like the usability of JUNOS and would look forward to replacing more of our legacy switching equipment with the EX-series. Being aware that switching is a relatively new field in the portfolio of Juniper, I acknowledge that stuff like this is likely to happen to the early adopters. Still, it leaves some sort of bad aftertaste if the basics are prone to being flaky. Or it's just me again... For some reason unbeknownst to me, I tend to stumble across bugs more often than other people ;) If the lurking devs or SE's from Juniper could provide some debugging mechanisms so that useful information could be gather- ed for you folks, I am all ears (yes, the hardware sports an active support contract). Thanks for enduring my ramblings. Best regards, Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze/Projekte KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 2219-053 Mobil : 0170 403 5600 Telefax : 0431 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmGrNMACgkQnEU7erAt4TIQUwCg9FdkIaxPd9PDDA6l6lSqfNZ7 B1QAnjea4uZWW2pA3O2znhy0Vvph3xOU =sKyz -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SSG5: Blocking domains w/o WF feature license?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, is it possible to define a mechanism that prohibits access to domains? Mal-URL apparently is considered out of date and possibly deprecated (doesn't work for me anyway) and doing something like set address Untrust block www.google.de plus putting a policy like set policy id 2 from Trust to Untrust Any block ANY deny on top of the list does exactly squat, I can still ping/browse etc to the Empire. Yes, the DNS-Servers are con- figured and setting the domain-based address was successfully looked up. Now, what am I doing wrong? Thanks for clueing me in. Best regards, Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze/Projekte KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkltvhMACgkQnEU7erAt4TKMZACcDGeBNwXzVZ9I9YDvtJvCGpHu VrQAniDd8bMPNb4nOP5NTcHcBqxlMntN =Btsx -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] EX Series issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, this I had previously discussed, but I'd like to warm it up once again. Tonight, I wanted to migrate from an old HP Procurve to an EX4200-48T. The config was basically mirrored. Configured were a bunch of access (untagged) ports and a l3-interface on the corresponding VLAN. The VLAN-assignment was done at the VLAN- context instead of the interface context. After plugging in a host to an untagged port (or any port belonging to that VLAN), neither the switch, nor the connected hosts could ping each other or forward any traffic. The links were physically up but nothing happened on the MAC/ARP table for the relevant ports either (mind you, the trunk functionality worked, just untagged ports were a no go). After playing around with the configuration (e.g. assigning the VLAN on the interface level, removing the config stanzas and redoing them, plugging into different ports), I went and rebooted the switch et voila, it worked... (This was FreeBSD-based and not some undercover Windows operating system, right? :P ) I consider this basic functionality with no bells and whistles, so either I mis- configured something or happened to find something flaky once again. So, did this happen to anyone else, am I too dense or do you need to reboot every new switch once after plugging things in? ;) rant Opening a case with JTAC will probably end in something like shrugging on the World Class Support (tm) part again /rant so some experiences from the field would be appreciated. Thanks for any input. Best regards, Mit freundlichen Gruessen, i. A. Sven Juergensen - -- Fachbereich Netze/Projekte KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : s.juergen...@kielnet.de Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) PGP at http://pgp.kielnet.de/sjuergensen/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklYVTYACgkQnEU7erAt4TJuJACcDhQBApoTdoPQlG6I0vnN2u6s UjoAoLRJsKaxDUTr4ermYMlJ3o26AYOS =mEW4 -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper MX documentation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ah, yes, it seems pretty spread all across the general documentation. Thanks for the heads up. Which leads me to another thought: is it possible to 'shutdown' a VLAN, like in IOS, where you can just blackhole traffic destined for a specific VLAN? Cheers, sven03 [EMAIL PROTECTED] wrote: is there any other documentation than http://www.juniper.net/techpubs/software/junos/junos92/mx-solutions-guide/frameset.html for the MEF ethernet specific capa- bilities of the MX series? I'm miss- ing a documentation e.g.. of the diff- erent interface modi concerning the L2 features, popping/pushing VLAN ids and the like. I don't believe you'll find it all in one place. But as an example, popping, pushing and rewriting VLAN tags is documented under Ethernet interfaces. See http://www.juniper.net/techpubs/software/junos/junos92/swconfig-network-interfaces/stacking-and-rewriting-gigabit-ethernet-iq-vlan-tags.html#id-12141009 Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Netze/Projekte KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkcC2kACgkQnEU7erAt4TK44gCgzSU8YGvplZ9Q+KCLqYauDpNU tkYAoKIFal8fYTOJCwQCZM8DN/qy/8RU =NutO -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Juniper MX documentation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi List, is there any other documentation than http://www.juniper.net/techpubs/software/junos/junos92/mx-solutions-guide/frameset.html for the MEF ethernet specific capa- bilities of the MX series? I'm miss- ing a documentation e.g.. of the diff- erent interface modi concerning the L2 features, popping/pushing VLAN ids and the like. Thanks and regards, Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Netze/Projekte KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkb14IACgkQnEU7erAt4TItAgCfevb1udQ8TwYSJZPVDDgNewHw pm8AoK2S/3nxuFcIYyZTm9JJRzNHQoEj =9ReU -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] J2320 redundancy
Hi list, is it possible to have the J2320 track IP addresses and activate or deactivate interfaces and/or have a VRRP VIP move to a secon- dary router based on the availa- bility of the target address? Thanks in advance. Cheers, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen -- Fachbereich Netze/Projekte KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] 802.1ah/802.1ad on MX-Series
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, did anyone get to play with 802.1ah/802.1ad on the MX-Series yet? I would like to know if the implementation is stable and can be de- ployed in production environments. Thanks and best regards, Sven Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Netze KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkjPTtsACgkQnEU7erAt4TJiJQCgjMZ0RRSGHvd+olH2XLLrGE+k XTYAoPKILm1GTotS6U2eC0D1EHEmcd1a =F5Lx -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SSG XAUTH
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear list, is it possible to seperate the auth and settings done through XAUTH? I'm trying to authenticate against an LDAP-Server but want to assign the IP-settings for the client from local definitions. Thanks and regards, Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Netze/Projekte KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkiWrsQACgkQnEU7erAt4TKuTwCgv80KMZPjNrjE9Vdeee5rV//V DrEAoKrA+KJ5kvWEIFXcJziuApt6juE9 =VtSw -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] M10i performance
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear list, doing some mindgames with deploying additional BGP routers that need to sport the following features: - - full BGP table - - 6 SFP GE wirespeed slots (no over- ~ subscription) That's the basic idea. Is a fully re- dundant setup of a M10i using - - RE-850-1536-R able to do this or is it like walking on the edge when it comes to the BGP- capacity? Also, will (2) PE-4GE-TYPE1-SFP-IQ2 feature full duplex wirespeed ports or are they oversubscribed? Considering the specsheet, the M10i is able to deliver 12.8 Gbps - are there any back- plane considerations or is this a shared bandwidth between all eight slots? Is using (6) PE-1GE-SFP an alternative that actually provides every port with wirespeed? Thanks for any clues and best regards, Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkiSqP8ACgkQnEU7erAt4TJLkgCdH0sm8Ifvv9w8cQmqbsCuUaqA U50AoNOeH6DwTuMB7iQaY4XWuajHs4lf =Te8l -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] PAT on a single external IP Address?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hm, there is one problem with this though: If you want to VIP port 80, the box tells you that this port is used for management purposes and won't work: Firewall- set int e0/0 vip interface-ip 80 http 1.2.3.4 manual Not supported service: (ip:2.2.2.2/port:80) is for management of the box. Is there a way to switch this off so that port 80 from the external inter- face can be used? Disabling the management for that interface either completely or just 80/443 doesn't change the above message. Thanks and regards, sven03 Sven Juergensen (KielNET) wrote | Nice, | | that actually works and seems quite flexible. | Perhaps I should check the webfrontend every | now and then since it offers that kind of | configuration ;) | | Thanks! | | Regards, | | sven03 | | | GIULIANO (UOL) wrote: | You can use VIP and the option: use the IP from the external interface | | And you can use and external DynDNS service to map the dynamic address | to a fixed name. | | Well, | | although not documented to my knowledge, | assigning a static IP via ppp to a pppoe | interface and referencing it in a mip | seems to work. ScreenOS somehow holds | the last ppp-assigned IP sticky in the | config so the MIP is valid even after | a reboot. Surely this is a dirty hack | though ;) Is there some official way | to do this? | | Thanks and regards, | | sven03 | | | Sven Juergensen (KielNET) wrote: | | Hi list, | | | | is it possible to have a static PAT on | | ScreenOS when the external (public/WAN) | | IP-Address is dynamic and point-to-point? | | | | E.g. have port 25 on the external IP map | | to a single private (1918) internal host? | | | | VIPs seem to always reference a static IP | | (destination PAT) and, like MIPs, require a | | subnet on the external interface. | | | | Could someone suggest whether this works | | and/or direct me to some sort of documen- | | tation? | | | | Many thanks and regards, | | | | sven03 | | | | | | Mit freundlichen Gruessen | | | | i. A. Sven Juergensen | | | | Mit freundlichen Gruessen | | i. A. Sven Juergensen | | | | | Mit freundlichen Gruessen | | i. A. Sven Juergensen | Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkiG6OsACgkQnEU7erAt4TL5WQCfbrF7R39tg6cT31m91mc8j/Wo FN4An1gW+fXRlfalvyxb2PsolMYEMcyv =rDJS -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] PAT on a single external IP Address?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aha, reconfiguring the HTTP-adminport does the trick. Could someone document this please? ;) Cheers, sven03 Sven Juergensen (KielNET) wrote: | Hm, | | there is one problem with this though: | If you want to VIP port 80, the box | tells you that this port is used for | management purposes and won't work: | | Firewall- set int e0/0 vip interface-ip 80 http 1.2.3.4 manual | Not supported service: (ip:2.2.2.2/port:80) is for management of the box. | | Is there a way to switch this off so | that port 80 from the external inter- | face can be used? Disabling the | management for that interface either | completely or just 80/443 doesn't | change the above message. | | Thanks and regards, | | sven03 | | | Sven Juergensen (KielNET) wrote | | Nice, | | | | that actually works and seems quite flexible. | | Perhaps I should check the webfrontend every | | now and then since it offers that kind of | | configuration ;) | | | | Thanks! | | | | Regards, | | | | sven03 | | | | | | GIULIANO (UOL) wrote: | | You can use VIP and the option: use the IP from the external interface | | | | And you can use and external DynDNS service to map the dynamic address | | to a fixed name. | | | | Well, | | | | although not documented to my knowledge, | | assigning a static IP via ppp to a pppoe | | interface and referencing it in a mip | | seems to work. ScreenOS somehow holds | | the last ppp-assigned IP sticky in the | | config so the MIP is valid even after | | a reboot. Surely this is a dirty hack | | though ;) Is there some official way | | to do this? | | | | Thanks and regards, | | | | sven03 | | | | | | Sven Juergensen (KielNET) wrote: | | | Hi list, | | | | | | is it possible to have a static PAT on | | | ScreenOS when the external (public/WAN) | | | IP-Address is dynamic and point-to-point? | | | | | | E.g. have port 25 on the external IP map | | | to a single private (1918) internal host? | | | | | | VIPs seem to always reference a static IP | | | (destination PAT) and, like MIPs, require a | | | subnet on the external interface. | | | | | | Could someone suggest whether this works | | | and/or direct me to some sort of documen- | | | tation? | | | | | | Many thanks and regards, | | | | | | sven03 | | | | | | | | | Mit freundlichen Gruessen | | | | | | i. A. Sven Juergensen | | | | | | | Mit freundlichen Gruessen | | | | i. A. Sven Juergensen | | | | | | | | | | Mit freundlichen Gruessen | | | | i. A. Sven Juergensen | | | | | Mit freundlichen Gruessen | | i. A. Sven Juergensen | ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkiG9g8ACgkQnEU7erAt4TIRPQCgs3CfgpMbTtl5rCe8OJOHkSpS +B4An24TaxyuzW6kCnhqvoqXWQwbr2oh =3neA -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] PAT on a single external IP Address?
Well, although not documented to my knowledge, assigning a static IP via ppp to a pppoe interface and referencing it in a mip seems to work. ScreenOS somehow holds the last ppp-assigned IP sticky in the config so the MIP is valid even after a reboot. Surely this is a dirty hack though ;) Is there some official way to do this? Thanks and regards, sven03 Sven Juergensen (KielNET) wrote: | Hi list, | | is it possible to have a static PAT on | ScreenOS when the external (public/WAN) | IP-Address is dynamic and point-to-point? | | E.g. have port 25 on the external IP map | to a single private (1918) internal host? | | VIPs seem to always reference a static IP | (destination PAT) and, like MIPs, require a | subnet on the external interface. | | Could someone suggest whether this works | and/or direct me to some sort of documen- | tation? | | Many thanks and regards, | | sven03 | | | Mit freundlichen Gruessen | | i. A. Sven Juergensen | Mit freundlichen Gruessen i. A. Sven Juergensen -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] PAT on a single external IP Address?
Hi list, is it possible to have a static PAT on ScreenOS when the external (public/WAN) IP-Address is dynamic and point-to-point? E.g. have port 25 on the external IP map to a single private (1918) internal host? VIPs seem to always reference a static IP (destination PAT) and, like MIPs, require a subnet on the external interface. Could someone suggest whether this works and/or direct me to some sort of documen- tation? Many thanks and regards, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] NetScreen-Remote issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, I'm facing recurring issues with the NetScreen-Remote under Windows XP SP2. $SOMETHING every now and then fubars the installation and a formerly working VPN out of the sudden won't budge anymore. Most of the time the client installed something and this happens. Some older installations of windows also seem to disallow the software to work entirely. I went through the resolution path outlined in [1] but to no avail. Several machines were set up completely new and those w/o that option were cleansed registry- and filewise. On some machines this works, on others it's sucks to be you. Are there any free or commercial VPN Clients under active development anyone can confirm to work with the ScreenOS 6.x tree? Being aware that more than one VPN client on the same machine usually results in conflicts, I'm looking for something less prone to issues. I miss the client from Cisco, which was way more stable and less susceptible to conflicts than the Safenet client is. Any pointers appreciated. Cheers, sven03 [1] http://kb.juniper.net/kb/documents/public/resolution_path/J_FW_VPN_Config_or_Trblsh.htm Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkgxWIMACgkQnEU7erAt4TJDEACZAV+Ow46uWpC038mAaKzO7UjL wtUAoKDNNpCOt2iSCtJhn3QitVQm42aq =UeJy -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] lcp timeout for junose?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, if a pppoe-session gets terminated by a power outage, a pulled plug or something other that goes along with physical interaction of e.g. the modem, the junos docs tell that the ppp keepalive notices this after 90-120s and terminates the session. even when setting the keepalive to the minimum of one second, this still keeps the session up in the box and due to duplicate address checks, consecutive authentications fail until the threshold is reached, the session gets terminated and the new session is up. deactivating the duplicate address checks results in a dual session which, even after the first one times out, apparently can't route any traffic. is there a knob where this can be tweaked further? screenos does this with lcp-echo-retries and it works quite well. does junose provide something similar with me failing to scrounge it up from the documentation? thanks and best regards, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 221 2.7.0 Error: I can break rules, too. Goodbye. Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHwrnLnEU7erAt4TIRApwJAKDu2rbGAqMfaix/45rwx/HcYRlVjgCffXnH fcMpD/Z7tJF4Zw4P8Fxnsw8= =w/vf -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SSG5 tunnel can't be bound to ip-less interface?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, using a route-based vpn and binding the tunnel.x unnumbered interface to the untrust interface e0/0 fails unless it has a (dummy) ip address. when trying to bind it like this: ~ set interface tunnel.1 ip unnumbered interface ethernet0/0 the e0/0 doesn't show up. This is somewhat disturbing when using PPPoE to get an ip address assigned. What seems to work is to just connect the pppoe session or put a dummy ip address onto e0/0 and configure the tunnel binding afterwards but this can't be the way it is done - or is it? Thanks and regards, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 221 2.7.0 Error: I can break rules, too. Goodbye. Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHq/ZpnEU7erAt4TIRAhrkAKCXgCd1hgq1QPXraDHcgpcJv+bLQgCg6k3h e9QLdmltnFEN37tx67Z4JVQ= =DmVw -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] OSPF Bug or feature?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, I am curious as if the following is caused by some sort of misconfig- uration or possible bug. Using JUNOSE 8.2 on two E320s. They are talking OSPF to a Cisco GSR and two ERX-Routers in a redundant setup. Maybe the information from the logs isn't exhaustive but perhaps someone has an idea about how this could have happened. Also, the replace keyword can also be substituted with add. A while after this, the 'ospfRoute'-daemon (?) failed to add the routes in question. The following happened every now and then as well, whereas the nexthop-id was variable: - ---8--- ipEngine: IpEngine 1024: DeleteNextHop 99136 was deleted multiple times. - ---8--- For the issue itself: - ---8--- Feb 4 10:19:58 1.1.1.1 02/04/2008 09:19:50 cliCommand: address 2.2.2.2 area 0.0.0.0, 10.200.21.198 Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: DeleteNextHop 99101 was deleted multiple times. Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): Failed to replace INTRA route 3.3.3.3/255.255.255.255, area Id 0.0.0.0 Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: DeleteNextHop 99104 was deleted multiple times. Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): Failed to replace INTRA route 5.5.5.5/255.255.255.255, area Id 0.0.0.0 Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: DeleteNextHop 99106 was deleted multiple times. Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): Failed to replace INTRA route 4.4.4.4/255.255.255.255, area Id 0.0.0.0 Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: DeleteNextHop 99109 was deleted multiple times. Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): Failed to replace INTRA route 6.6.6.6/255.255.255.240, area Id 0.0.0.0 Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: DeleteNextHop 99111 was deleted multiple times. Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): Failed to replace INTRA route 7.7.7.7/255.255.255.240, area Id 0.0.0.0 Feb 4 10:20:03 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: DeleteNextHop 99113 was deleted multiple times. Feb 4 10:20:03 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): Failed to replace INTRA route 8.8.8.8/255.255.255.0, area Id 0.0.0.0 Feb 4 10:20:03 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: DeleteNextHop 99115 was deleted multiple times. Feb 4 10:20:03 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): Failed to replace EXT 9.9.9.9/255.255.255.0, area Id 0.0.0.0 - ---8--- So: could this be a bug, hiccup, inter- operability issue or something from outer space? Any thoughts or pointers appreciated. Many thanks and best regards, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 221 2.7.0 Error: I can break rules, too. Goodbye. Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHqCgmnEU7erAt4TIRAkzgAJ47Vb5JKLL2YrGWwHO6V3Q5o2KSjwCg2bm3 IZygW7gntrja5bEUQB6C/4M= =sZJf -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] OSPF Bug or feature?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Nitin, this is exactly the issue. Thank you. Best regards, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 221 2.7.0 Error: I can break rules, too. Goodbye. Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) Nitin Vig wrote: | Hi Sven, | What is the exact rel that you are using? You may be hitting a bug | (84449). | | http://www.juniper.net/kb/viewka.jsp?txtKANumber=30190 | | Regards, | Nitin | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED] On Behalf Of Sven | Juergensen (KielNET) | Sent: Tuesday, February 05, 2008 2:41 PM | To: juniper-nsp@puck.nether.net | Subject: [j-nsp] OSPF Bug or feature? | | Hi list, | | I am curious as if the following is | caused by some sort of misconfig- | uration or possible bug. | | Using JUNOSE 8.2 on two E320s. They | are talking OSPF to a Cisco GSR and | two ERX-Routers in a redundant setup. | | Maybe the information from the logs | isn't exhaustive but perhaps someone | has an idea about how this could | have happened. | | Also, the replace keyword can also | be substituted with add. A while | after this, the 'ospfRoute'-daemon | (?) failed to add the routes in | question. | | The following happened every now | and then as well, whereas the | nexthop-id was variable: | | ---8--- | ipEngine: IpEngine 1024: DeleteNextHop 99136 was deleted multiple times. | ---8--- | | For the issue itself: | | ---8--- | Feb 4 10:19:58 1.1.1.1 02/04/2008 09:19:50 cliCommand: address | 2.2.2.2 area 0.0.0.0, 10.200.21.198 | Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: | DeleteNextHop 99101 was deleted multiple times. | Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): | Failed to replace INTRA route 3.3.3.3/255.255.255.255, area Id 0.0.0.0 | Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: | DeleteNextHop 99104 was deleted multiple times. | Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): | Failed to replace INTRA route 5.5.5.5/255.255.255.255, area Id 0.0.0.0 | Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: | DeleteNextHop 99106 was deleted multiple times. | Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): | Failed to replace INTRA route 4.4.4.4/255.255.255.255, area Id 0.0.0.0 | Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: | DeleteNextHop 99109 was deleted multiple times. | Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): | Failed to replace INTRA route 6.6.6.6/255.255.255.240, area Id 0.0.0.0 | Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: | DeleteNextHop 99111 was deleted multiple times. | Feb 4 10:20:02 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): | Failed to replace INTRA route 7.7.7.7/255.255.255.240, area Id 0.0.0.0 | Feb 4 10:20:03 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: | DeleteNextHop 99113 was deleted multiple times. | Feb 4 10:20:03 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): | Failed to replace INTRA route 8.8.8.8/255.255.255.0, area Id 0.0.0.0 | Feb 4 10:20:03 1.1.1.1 02/04/2008 09:19:55 ipEngine: IpEngine 1024: | DeleteNextHop 99115 was deleted multiple times. | Feb 4 10:20:03 1.1.1.1 02/04/2008 09:19:55 ospfRoute (internet): | Failed to replace EXT 9.9.9.9/255.255.255.0, area Id 0.0.0.0 | ---8--- | | So: could this be a bug, hiccup, inter- | operability issue or something from | outer space? Any thoughts or pointers | appreciated. | | Many thanks and best regards, | | sven03 | | Mit freundlichen Gruessen | | i. A. Sven Juergensen | ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHqFT1nEU7erAt4TIRAuocAJ9HqDSqqQ2UNdXedLWZTLENUP1OKQCgk/fj cEl1TcgHy1UaVraVZbPD140= =C4SX -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] JUNOSe and ECMP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, warming up the topic once again ;) Scenario: two routers connected using 2x GIGE. Both of them having a loopback interface. Now, either router has two static routes for the loopback interface of the opposite router. I understand that the default hashed mode is distributing the sessions roughly even across both links. Perhaps my way of judging on this lacks something but when I'm pinging the far end loopback across the router with the other loopback from a firewall, the traffic always picks the next hop which is listed first in the routing table, even when using multiple pings from different source adresses. This also happens when announcing the loopback interface via OSPF w/ a maximum-paths of 4. Am I missing something? Is there a switch that enables ECMP globally for static routing or in general? Does the implementation of ECMP consider ICMP as something else? Thanks and best regards, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 221 2.7.0 Error: I can break rules, too. Goodbye. Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHnd6FnEU7erAt4TIRAqKCAJ0ZiqMPmDoI+eEJuR+cat6X1cxMqQCeJx1+ /OK+rUN15FwrToc7F8EsTiE= =3oXi -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SSG Loadbalancing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, is it possible to have an SSG5 connected to two xDSL modems loadbalance traffic across both of them? Redundancy works but it appears that a loadbalancing mechanism does not exist. Thanks in advance. Regards, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 221 2.7.0 Error: I can break rules, too. Goodbye. Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHggVrnEU7erAt4TIRAuEtAKDs1ApdO0/X/uEPTUml16xgRliDiwCgqz+p T3iw3IZeKPhb8URM5n1+vM8= =D7Zp -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Redistributing local pools through OSPF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, if you are working in an ISP- environment, using OSPF you might have some input for me: what is a good practice for redistributing defined address pools through OSPF? Right now I'm redistributing static routes from the core routers but this has me cornered on several other occassions, e.g. metrics and routing irritations with metrics and static routes. Ideally, the machines bearing the /32 routes should be the ones announcing a summary route through OSPF, at least that's what I *believe* makes sense. Working with 'redistribute access[-internal]' is a nifty feature, but I do not fancy the idea of having tens of thousands hostroutes using up router ressources throughout. Any clues appreciated. Thanks and best regards, Sven Juergensen Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHaNponEU7erAt4TIRAnKCAJ0Zj3WUckswDG+lbWMLfgP4WL7+7wCaAgOb q9sGOmnA/Z4mlvvhAHnVfH8= =pViU -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] JUNOSe Cross-LM LACP?
Hi Rafał, so in essence there is no way to use a 2GBps LAG on an ERX700 or 1400? Thanks again, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) Rafał Szarecki wrote: Sven, All memeber of LAG has to be on same Line Module. Line module is front card - this wihtout interfaces. In exception of E320 and E120, LM has 1:1 relationship to LM. So, members of LAG has to be on single IOA. For E320 and E120, LM can host two half-high IOA. Then LAG can span between this two IOA, but not between LMs. in other words, slot number in memeber-link name has to be same for all LAG memebers. 2007/9/4, Sven Juergensen (KielNET) [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: Hi list, the JUNOSe 8.1 documentation at http://tinyurl.com/2aclxy section Configuring Ethernet Interfaces states: To create the links in the LAG bundles, you can add one or more Ethernet physical interfaces to it. The LACP detects Ethernet interfaces as links if they are configured on the same line module and have the same physical layer characteristics. The LACP also assigns to the LAG bundle the same MAC address of the Ethernet link with the highest port priority, which is the lowest value. Does this mean that i can use the transceiver of two ERX-GIGESFP-IOAs each to create a 2GBps Full Duplex LAG? Thanks and best regards, sven03 -- Mit freundlichen Gruessen i. A. Sven Juergensen Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net mailto:juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Rafał Szarecki JNCIE-M/T, JNCIP-E +48602418971 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] JUNOSe Cross-LM LACP?
Hi list, the JUNOSe 8.1 documentation at http://tinyurl.com/2aclxy section Configuring Ethernet Interfaces states: To create the links in the LAG bundles, you can add one or more Ethernet physical interfaces to it. The LACP detects Ethernet interfaces as links if they are configured on the same line module and have the same physical layer characteristics. The LACP also assigns to the LAG bundle the same MAC address of the Ethernet link with the highest port priority, which is the lowest value. Does this mean that i can use the transceiver of two ERX-GIGESFP-IOAs each to create a 2GBps Full Duplex LAG? Thanks and best regards, sven03 -- Mit freundlichen Gruessen i. A. Sven Juergensen Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] E-Series MPLS Interoperability with Cisco 12k
Dear list, looking at the Ethernet Forum and devices using standards to talk MPLS, I am missing Cisco there. They probably have a reason to do so but that is also the catch: does the E-Series MPLS implementation work with the one Cisco uses for their 12000 series? Any insights appreciated. Best regards, sven03 -- Mit freundlichen Gruessen i. A. Sven Juergensen Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp