[j-nsp] Using IDP/AppFW on SRX for preventing DNSSEC Amplification Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear all, as I believe most of us have encountered some DNS (DNSSEC) amplification attacks, I wonder if any of you had some success of stopping these using a SRX device. My current approach would be to write an IDP signature which detects ANY requests on UDP and just throw them away - but this is surely not the most elegant solution. Does anyone have some other ideas or maybe even solutions? I have seen some implementations on the DNS-server side - but as always, if there is some closed source server behind you need to find another way.. Thanks, Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBS5V4ACgkQrUvjMoak8ZdIKQCfZOGEpltfUajoYWFMYlQPf2sG JmQAn1MOIsbnO3nACqUIRBZDEfDdhisB =sW4V -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] GPL licensed software in juniper products
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, they have much more than junos boxes: - - IVE / UAC - booting a linux kernel - - Space - booting a CentOS - - NSM xpress, also linux based And in all of them there is some GPL - and even on the junos boxes - isn't the ntpd GPL-licensed? Tom Am 07.06.2012 22:47, schrieb Rubens Kuhl: On Thu, Jun 7, 2012 at 4:27 PM, Thomas Eichhorn t...@te3networks.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear all, has anybody here asked JNPR for the source code of the GPL-licensed parts in their products? I currently just wonder which all parts they have used and maybe if there is some hidden web page containing that stuff. Juniper control-plane operating system is *BSD, so carrying a Berkeley license, not GPL. Routing code is their own, and it wouldn't make such sense to add something GPL to that mix... may be they did, is there a component you think could be GPL ? Rubens ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/RYagACgkQrUvjMoak8Ze8IgCgnQ/DJ64Z246hKoD/pZUDv3OL P/sAnjfK5RdsVI9+FjojU3yAKCFBeuLB =yViy -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Document Update - EX Features
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There will never be an EX2500 in that document. This is a junos document, and the ex2500 doesn't run junos. Tom Am 04.05.2012 06:18, schrieb Skeeve Stevens: Hey, Does anyone know who we hassle to get a document updated? Specifically: http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/concept/ex-series-software-features-overview.html With the EX2500's in it. *Skeeve Stevens, CEO* eintellego Pty Ltd ske...@eintellego.net ; www.eintellego.net http://www.eintellego.net.au Phone: 1300 753 383 ; Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellego twitter.com/networkceoau ; www.linkedin.com/in/skeeve PO Box 7726, Baulkham Hills, NSW 1755 Australia The Experts Who The Experts Call Juniper - Cisco – IBM ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+jnJgACgkQrUvjMoak8ZeCwwCdGnsVWGhqa5pd6pBuL8LzSUzH o0gAn2d9Vv80ZGJLpjqowdt8Zpa5dkNw =lRwW -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Qos on branch SRX
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear all, I just wonder if I missed something or I just look in the wrong direction: I would like to have some QoS stuff on a SRX100, and if I trust http://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic-collections/security/software-all/feature-support-reference/index.html almost any features are there. But it seems I neither have classes (ingress or egress) on vlan-interfaces nor on pp interfaces, eg. te@gw.ber2 show interfaces queue pp0 Egress queue statistics are not applicable to this interface. Maybe I am stuck with the concept, but how do I achieve to control traffic leaving a pp0 interface? I have some DSL with PPPoE on this box and would like to prioritize ssh. Any tips? Thanks, Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk92DccACgkQrUvjMoak8Zdp9ACfe5EYmLEciNbIv+Nr/6a6pbmY /mIAn0FL0yIKe9ljEVOEyX2WIln63Vq/ =xSUg -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Hash algorithms for LAG
Dear all, I just had some discussions with our SE about the hashing algorithms used in different devices for packet distribution on LAG. This seems to be a horrible complexe topic, with much sensible information behind - the exact algorithm seems to be much of a secret. I just wonder why, maybe my idea ist just a little bit naive, but I hope somebody here can bring some clarification into it: If I were to implement such a distribution algorithm, I would just define a range of bits of the headers, and do a modulo (number of member links) with it. The range of bits could say: Only from Byte 9 to 20 for using the mac-adresses, or a longer part of the header if including MPLS-labels. Am I completely wrong and there is much more magic behind? Has somebody here an deep insight and might share it with us? Thanks Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] pfe-x/x/x and pfh-a/a/a
Dear all, I just saw some interfaces named pfe- and pfh- on a trio based MX960: teichhorn@R10-et show interfaces pfh-7/0/0 Physical interface: pfh-7/0/0, Enabled, Physical link is Up Interface index: 135, SNMP ifIndex: 549 Speed: 800mbps Device flags : Present Running Link flags : None Last flapped : Never Input packets : 0 Output packets: 0 Logical interface pfh-7/0/0.16383 (Index 328) (SNMP ifIndex 552) Flags: SNMP-Traps Encapsulation: ENET2 Bandwidth: 0 Input packets : 0 Output packets: 0 Protocol inet, MTU: Unlimited teichhorn@R10-et show interfaces pfe-7/0/0 Physical interface: pfe-7/0/0, Enabled, Physical link is Up Interface index: 136, SNMP ifIndex: 550 Speed: 800mbps Device flags : Present Running Link flags : None Last flapped : Never Input packets : 0 Output packets: 0 Logical interface pfe-7/0/0.16383 (Index 327) (SNMP ifIndex 553) Flags: SNMP-Traps Encapsulation: ENET2 Bandwidth: 0 Input packets : 0 Output packets: 0 Protocol inet, MTU: Unlimited Protocol inet6, MTU: Unlimited My best guess would be that pfe-x/x/x has something to do with the pfe, but pfh is completely unclear... Has someone here a little bit more information about the purpose of these ifaces? Thanks, Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] 32-Bit JunOS on the 64-Bit Routing Engines
Hi all, I just discussed the following with my SE: I wanted to get new 64Bit REs with some new gear, but run the 32-Bit JunOS on them - he denied that this is possible. I tried to research that, but have not yet found something in the docs - does anybody here have some clue about that? As the REs are 'only' standard PCs, I do not see any reason for them to be not capable of running 'legacy' 32Bit JunOS. I would be really glad if someone has some clue about that and could unearth the truth. Thanks, Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 32-Bit JunOS on the 64-Bit Routing Engines
Yeah, that is clear - my original point is: I do not trust the 64bit software - I have more faith in the 32bit software. As per now, it has equal cost to order an MX960 with 32b-4G-RE or 64b-16G-RE. So of course I would order the bigger RE but only if I can use the the matured software... Tom Am 24.08.2011 14:19, schrieb Keegan Holley: Interestingly enough my SE told us this is possible at lease on our Mx480 and MX960 boxes. Our lab boxes are otherwise engaged at the moment so we havent tested. One note regarding general computing though. The processor can only address 4G (3.8 or so actually) of ram with a 32 bit word size. So even if you get the re's running the 32 bit code they will only register 4G of the precious 16G. Sent from my iPhone On Aug 24, 2011, at 3:12 AM, Thomas Eichhornt...@te3networks.de wrote: Hi all, I just discussed the following with my SE: I wanted to get new 64Bit REs with some new gear, but run the 32-Bit JunOS on them - he denied that this is possible. I tried to research that, but have not yet found something in the docs - does anybody here have some clue about that? As the REs are 'only' standard PCs, I do not see any reason for them to be not capable of running 'legacy' 32Bit JunOS. I would be really glad if someone has some clue about that and could unearth the truth. Thanks, Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SSH/Telnet session hanging
Do you have MPCs in the MX240? I have seen similiar issues, which had been caused by software bugs - if so, try restarting the linecards and do the software update. Some small packets go through but bigger ones are sometimes dropped... Regards, Tom Am 01.06.2011 15:21, schrieb Alexander Frolkin: Hi, I have found that the maximum PING size is 1870. If the value is 1871 I get a message ping: sendto: Message too long. But at size 1870...I am getting ping drops. The success rate is around 60%. Is it normal to get ping drops? Anyways I have set the MTU to 1870+28=1898 and still observing the BGP sessions. Ping drops usually indicate that something is seriously wrong. Just to completely rule out MTU issues, do you still see drops if you just say pinghostname? (I'm just wondering if you have some kind of multipathing going on somewhere, with the different paths having different MTUs.) Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Changing SSH port on EX switches, M routers
On 02.04.2011 14:22, Chuck Anderson wrote: I wonder if you could create an /etc/ssh/sshd_config file and set the port number in there... Not exactly, because the sshd is started by inetd - you can as root change that file - but you have to ensure it doesn't get changed by mgd. So a cron script checking for what is in there once an hour does the trick.. Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VPLS scalability question.. OTV answer?
Hi, On MX-Series you do not need any kind of tunnel services, nor deactivating any port. The LSIs are created on the run, and there is no limit - I have run a MX960 with 400 VPLS-Instances (independent, not vlan in a virtual switch) without any matter. Performance was almost linerate. Tom On 28.03.2011 00:53, Chris Evans wrote: All the communication that we've received from Juniper is that they perceive MPLS and VPLS to be their answer to Cisco's OTV. I've been researching VPLS on the Juniper platforms and I cannot find any definite information as to how much it can scale performance/bandwidth wise. VPLS requires either a VT interface or a LSI interface on that hardware. The VT interfaces can only be obtained by hardware that can do tunnel services, and the LSI interface is only on the MX platforms from what I can read. As tunnel PICs have limited performance and LSI interfaces 'steal' physical 10Gig interfaces on the 10Gig MX blades (I know it won't on the GigE blades) how does Juniper expect to be able to provide high bandwidth VPLS while still providing high port density? The TRIO cards have some inline services, but does they offer these services? It seems like Juniper is expecting to throw another half baked solution out there to compete with Cisco and I'm not sure how they're going to scale the infrastructure. The Cisco solution uses the built in ASIC hardware to do this and do not require ports to be stolen, etc.. It really bothers me that you have to lose interfaces and/or install special hardware to do inline services, which only increases the cost of the platforms drastically. Anyone have some insight? Thanks Chris ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Using apply-path for generating prefix lists
Hi all, I usually use something like that to generate a prefix-list of all known bgp-speakers on our boxes: [edit policy-options prefix-list BGP-Speaker] teichhorn@router# show apply-path protocols bgp group * neighbor *; That works almost fine - but of course it includes v4 and v6 neighbors. That is not of a problem if using this prefix list in an IPv4 firewall - the v6 entries are simply ignored. But when using this prefix-list in an IPv6 firewall, it breaks because only the v4-IPs seems to be considered. So my idea was to filter down to specific groups - all IPv6 bgp groups end with -6, so I tried: apply-path protocols bgp group *-6 neighbor * and apply-path protocols bgp group *-6 neighbor * But none worked - and I haven't found some examples for mixing wildcard with specific strings in here. Has anybody any hint for me or even a better solution than my approach? Thanks, Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] PSN-2010-12-112
Well, not really, I have had the problems on MPC-Only systems, and they still have some quirks in it - I'm really waiting for 10.2R4 in which they promised to have fixed all of 'my' bugs.. Tom Am Fri, 28 Jan 2011 16:22:06 -0600 schrieb Richard A Steenbergen r...@e-gerbil.net: On Fri, Jan 28, 2011 at 04:32:06PM +, Bill Blackford wrote: Anyone on list know whether this only applies to DPC MPC line cards on chassis-based MX's (240, 480, 960) or would this include the MX80 as well? They're talking specifically about bugs related to the interoperation of DPC (I-chip) and MPC (Trio) cards. MX80 is all Trio, so you don't have those bugs specifically, but there are many other issues not covered by this bulletin which should send you running from 10.2R1/R2/R3 and 10.3R1 on Trio in general. As I just said in another email, 10.3R2 has been much better than all of our 10.2 MX/Trio deployment experiences, though it's far from perfect. I can't speak to 10.2S5, but I do know 10.2S6 has a major issue that makes it easy to kernel panic. :) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Having the same interface in multiple routing instances
Hi, I'm currently facing the following problem: I have one interface towards some kind of 'peering lan', and multiple customer virtual-routers on a MX-series. I want to have this interface (of course with multiple ips - one per VRF) into some of my virtual-routers. Is there some trick to do so? Thanks, Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SNMP counters on physical if vs. ppp-if
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi dear all, I just discovered a oddity on a SRX100, maybe someone could explain this to me: I have fe-0/0/0, on which I bound pppoe. If I graph fe-0/0/0, I see about 200bits/s - but on pp0.0, I see 8 MBit/s. Due to my understanding, I should see a little bit more on fe-0/0/0 as on pp0.0 due to overhead, but not just that small amount of traffic as I currently do. Is this normal? I only have on JunOS-box with pppoe, so I can't crosscheck, or do you recommend opening a case with JNPR to clarify and eventually fix this? Thanks, Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxBjvYACgkQrUvjMoak8ZcL3wCgxqy6d7jdPe5fx3/7tdlZ2aWI Y2MAoLMc+OUruykxS9Tw9Bk84C5XsPdJ =tOpV -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Hidden and invisible routes
Hi all, I just had a strange moment on one of my EXes: I had configured a static route, but entered a next-hop which simply doesn't exist. I expected to see the route as hidden marked with 'invalid next-hop' or something like that, but the route simply wasn't shown anywhere except the configuration. Is this a bug of any kind or did I just had a wrong expectation of junos behaviour? Thanks, Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Hidden and invisible routes
Yes, I did. The route is not hidden - it simply doesn't exist in any routing table, which is my problem - I see this as a false behaviour... Tom On 08.07.2010 12:22, Phill Jolliffe wrote: did you type show route hidden? The is a hidden route counter for each table, inet.x, itn the top right output of show route On Thu, Jul 8, 2010 at 10:11 AM, Thomas Eichhorn t...@te3networks.de wrote: Hi all, I just had a strange moment on one of my EXes: I had configured a static route, but entered a next-hop which simply doesn't exist. I expected to see the route as hidden marked with 'invalid next-hop' or something like that, but the route simply wasn't shown anywhere except the configuration. Is this a bug of any kind or did I just had a wrong expectation of junos behaviour? Thanks, Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i crash with strage log entry
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the disabling of the hard drive did not change the behaviour, so I would like trying to disable adaptive standby - but I can't find it anywhere in the manual... Is this a hidden knob somebody could point me to? Thanks Tom Am 30.06.2010 12:57, schrieb Thomas Eichhorn: If you could give me a hint where to find it I would be really glad! Tom Am 30.06.2010 12:43, schrieb Jared Mauch: Have you disabled adaptive standby? I can look up the configuration in a few if you don't have it. Sent from my iThing On Jun 30, 2010, at 5:46 AM, Thomas Eichhorn t...@te3networks.de wrote: Thanks for all your help, I cannot simply remove the disk nor the cf card, the box is to far away. I now tried to remove the disk from the boot list, so it does not get initialized and the box completely runs from CF - If that doesn't work I will try the other way (disabling cf and enabling disk). If this works I will give feedback here so that people also running into that problem will find it. Tom Am 30.06.2010 10:51, schrieb Marcin Kucharczyk: On Wednesday 30 of June 2010 10:10:24 Akhmedd Aly wrote: Hi Marcin, we have the same problems with M7Is in the may: *M7i panic: ad_ioctl:1275539168: ad1: Standby not armed but state is in valid: state=ARMED* And all of this problems come after installing (we never did not use internal CF in its before) Compact Flash 1GB (not from official Juniper upgrade kit), its also rebooted every 3-4 hours with the same PANIC message. After removing CFs we do not have this problems. So I think that it was not problems with internal disks... Hi, our router had rebooted every 4 hours and 21 minutes (exactly). As I wrote to Thomas we had removed HDD, and now router runs on CF only. Our CF isn't from official Juniper upgrade kit, it's regular Kingston Standard 4GB CF Type 1. It's a pity that CF and HDD can't run together. Regards, Marcin 2010/6/22 Marcin Kucharczyk m.kucharc...@net.icm.edu.pl Hello, tonight one of ours M7i crashed with strange log entry: savecore: reboot after panic: ad_ioctl:1277186066: ad1: Standby not armed but state is invalid: state=ARMED Disk was replaced 2 weeks ago. Yesterday we inserted new compact flash card (there wasn't any before). We upgraded Junos to 10.0R3.10 also. Do you have any idea what could happened? Regards, Marcin Kucharczyk ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwsPNwACgkQrUvjMoak8Zd5cgCdHwUD5c8kvjCZ/vt8giRjZoSW Lm4AnR5mvVIHS7pMbKvclh/r4TFrOMIo =Y3kW -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i crash with strage log entry
Thanks for all your help, I cannot simply remove the disk nor the cf card, the box is to far away. I now tried to remove the disk from the boot list, so it does not get initialized and the box completely runs from CF - If that doesn't work I will try the other way (disabling cf and enabling disk). If this works I will give feedback here so that people also running into that problem will find it. Tom Am 30.06.2010 10:51, schrieb Marcin Kucharczyk: On Wednesday 30 of June 2010 10:10:24 Akhmedd Aly wrote: Hi Marcin, we have the same problems with M7Is in the may: *M7i panic: ad_ioctl:1275539168: ad1: Standby not armed but state is in valid: state=ARMED* And all of this problems come after installing (we never did not use internal CF in its before) Compact Flash 1GB (not from official Juniper upgrade kit), its also rebooted every 3-4 hours with the same PANIC message. After removing CFs we do not have this problems. So I think that it was not problems with internal disks... Hi, our router had rebooted every 4 hours and 21 minutes (exactly). As I wrote to Thomas we had removed HDD, and now router runs on CF only. Our CF isn't from official Juniper upgrade kit, it's regular Kingston Standard 4GB CF Type 1. It's a pity that CF and HDD can't run together. Regards, Marcin 2010/6/22 Marcin Kucharczyk m.kucharc...@net.icm.edu.pl Hello, tonight one of ours M7i crashed with strange log entry: savecore: reboot after panic: ad_ioctl:1277186066: ad1: Standby not armed but state is invalid: state=ARMED Disk was replaced 2 weeks ago. Yesterday we inserted new compact flash card (there wasn't any before). We upgraded Junos to 10.0R3.10 also. Do you have any idea what could happened? Regards, Marcin Kucharczyk ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] M7i crash with strage log entry
If you could give me a hint where to find it I would be really glad! Tom Am 30.06.2010 12:43, schrieb Jared Mauch: Have you disabled adaptive standby? I can look up the configuration in a few if you don't have it. Sent from my iThing On Jun 30, 2010, at 5:46 AM, Thomas Eichhorn t...@te3networks.de wrote: Thanks for all your help, I cannot simply remove the disk nor the cf card, the box is to far away. I now tried to remove the disk from the boot list, so it does not get initialized and the box completely runs from CF - If that doesn't work I will try the other way (disabling cf and enabling disk). If this works I will give feedback here so that people also running into that problem will find it. Tom Am 30.06.2010 10:51, schrieb Marcin Kucharczyk: On Wednesday 30 of June 2010 10:10:24 Akhmedd Aly wrote: Hi Marcin, we have the same problems with M7Is in the may: *M7i panic: ad_ioctl:1275539168: ad1: Standby not armed but state is in valid: state=ARMED* And all of this problems come after installing (we never did not use internal CF in its before) Compact Flash 1GB (not from official Juniper upgrade kit), its also rebooted every 3-4 hours with the same PANIC message. After removing CFs we do not have this problems. So I think that it was not problems with internal disks... Hi, our router had rebooted every 4 hours and 21 minutes (exactly). As I wrote to Thomas we had removed HDD, and now router runs on CF only. Our CF isn't from official Juniper upgrade kit, it's regular Kingston Standard 4GB CF Type 1. It's a pity that CF and HDD can't run together. Regards, Marcin 2010/6/22 Marcin Kucharczyk m.kucharc...@net.icm.edu.pl Hello, tonight one of ours M7i crashed with strange log entry: savecore: reboot after panic: ad_ioctl:1277186066: ad1: Standby not armed but state is invalid: state=ARMED Disk was replaced 2 weeks ago. Yesterday we inserted new compact flash card (there wasn't any before). We upgraded Junos to 10.0R3.10 also. Do you have any idea what could happened? Regards, Marcin Kucharczyk ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] unabel to archive to ftp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What is about this in show log messages? Usually the router logs what he has done or if not what has gone wrong... What is your platform and release you are trying this? Tom Am 24.06.2010 17:42, schrieb Nick Ryce: Hi Guys, I have transfer-on-commit to an ftp site bit it just doesn't seem to work. The username and password have been tested as working archival { configuration { transfer-on-commit; archive-sites { ftp://xxx:y...@ftp.domain.com/juniper/;; } } When running the commit with | display detail is does not look like it is trying to connect. Im running 9.6R3.8 Below is the output of the commit 2010-06-24 16:34:58 BST: no commit script changes 2010-06-24 16:34:58 BST: no transient commit script changes 2010-06-24 16:34:58 BST: finished loading commit script changes 2010-06-24 16:34:58 BST: exporting juniper.conf 2010-06-24 16:34:58 BST: expanding groups 2010-06-24 16:34:58 BST: finished expanding groups 2010-06-24 16:34:58 BST: setup foreign files 2010-06-24 16:34:58 BST: update license counters 2010-06-24 16:34:58 BST: finish license counters 2010-06-24 16:34:58 BST: propagating foreign files 2010-06-24 16:34:58 BST: complete foreign files 2010-06-24 16:34:58 BST: dropping unchanged foreign files 2010-06-24 16:34:58 BST: executing 'ffp propagate' 2010-06-24 16:34:58 BST: daemons checking new configuration 2010-06-24 16:34:58 BST: Routing protocols process checking new configuration 2010-06-24 16:34:58 BST: IPSec Key Management daemon checking new configuration 2010-06-24 16:34:58 BST: Interface control process checking new configuration 2010-06-24 16:34:58 BST: Management Information Base II process checking new configuration 2010-06-24 16:34:58 BST: Virtual Router Redundancy Protocol process checking new configuration 2010-06-24 16:34:58 BST: Packet Forwarding Engine management process checking new configuration 2010-06-24 16:34:58 BST: Traffic sampling control process checking new configuration 2010-06-24 16:34:59 BST: Port forwarding process checking new configuration 2010-06-24 16:34:59 BST: Dynamic Host Configuration Protocol process checking new configuration 2010-06-24 16:34:59 BST: Redundancy interface management process checking new configuration 2010-06-24 16:34:59 BST: Connectivity fault management process checking new configuration 2010-06-24 16:34:59 BST: Dial-Out On Demand process checking new configuration 2010-06-24 16:34:59 BST: Integrated Services Digital Network process checking new configuration 2010-06-24 16:34:59 BST: Autoinstallation process checking new configuration 2010-06-24 16:34:59 BST: Network security daemon checking new configuration 2010-06-24 16:34:59 BST: WAN acceleration process checking new configuration 2010-06-24 16:34:59 BST: Layer 2 address flooding and learning process checking new configuration 2010-06-24 16:34:59 BST: Multicast Snooping process checking new configuration 2010-06-24 16:34:59 BST: Ethernet Switching Process checking new configuration 2010-06-24 16:34:59 BST: commit wrapup... 2010-06-24 16:34:59 BST: activating '/var/etc/keyadmin.conf' 2010-06-24 16:34:59 BST: activating '/var/etc/ifinfo.conf' 2010-06-24 16:34:59 BST: activating '/var/etc/certs' 2010-06-24 16:34:59 BST: activating '/var/etc/cosd.conf.id' 2010-06-24 16:34:59 BST: executing foreign_commands 2010-06-24 16:34:59 BST: /bin/sh /etc/rc.ui ui_setup_users (sh) 2010-06-24 16:34:59 BST: executing ui_commit in rc.ui 2010-06-24 16:35:02 BST: executing 'ffp activate' 2010-06-24 16:35:02 BST: copying configuration to juniper.save 2010-06-24 16:35:02 BST: activating '/var/run/db/juniper.data' 2010-06-24 16:35:02 BST: notifying daemons of new configuration 2010-06-24 16:35:02 BST: notifying rpd(2) 2010-06-24 16:35:02 BST: signaling 'Routing protocols process', pid 845, signal 1, status 0 with notification errors enabled 2010-06-24 16:35:02 BST: notifying kmd(8) 2010-06-24 16:35:02 BST: signaling 'IPSec Key Management daemon', pid 853, signal 1, status 0 with notification errors enabled 2010-06-24 16:35:02 BST: notifying dcd(12) 2010-06-24 16:35:02 BST: signaling 'Interface control process', pid 872, signal 1, status 0 with notification errors enabled 2010-06-24 16:35:02 BST: notifying mib2d(14) 2010-06-24 16:35:02 BST: signaling 'Management Information Base II process', pid 870, signal 1, status 0 with notification errors enabled 2010-06-24 16:35:02 BST: notifying vrrpd(16) 2010-06-24 16:35:02 BST: cannot signal 'Virtual Router Redundancy Protocol process', signal 1, no pid 2010-06-24 16:35:02 BST: notifying pfed(18) 2010-06-24 16:35:02 BST: signaling 'Packet Forwarding Engine management process', pid 869, signal 1, status 0 with notification errors enabled 2010-06-24 16:35:02 BST: notifying sampled(21) 2010-06-24 16:35:02 BST: signaling 'Traffic
[j-nsp] Firewall Filters and BFD
Hi all, I currently try to protect my lo0 interface by dropping all unknown traffic - which usually works very well - but now I have BFD enabled - but nor as protocol or port it is defined in the well-known options neither I can make out a specific port it uses - I've seen 97,98 and 3784, but even allowing all these ports didn't make BFD work. Has somebody here an idea what to allow or maybe even a working configuration for this? Thanks, Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] no family inet6 for vlan.*-interfaces on 10.1R2.8?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Volker, on what kind of device? teichh...@testbox.fra# set interfaces vlan.333 family ? Possible completions: + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups inet IPv4 parameters inet6IPv6 protocol parameters iso OSI ISO protocol parameters mpls MPLS protocol parameters [edit] I have it on JUNOS Base OS boot [10.1R2.8]... Tom Volker D. Pallas schrieb: Hi, I just realized that there seems to be no family inet6 anymore for vlan-interfaces since upgrading to junos 10.1R2.8. Fortunately my old config is still active and working, but I cannot modify it: # show interfaces vlan unit 10 family inet { address 172.23.5.1/25; } family inet6 { address 2001:4dd0:ff08:10::1/64; } # set interfaces vlan unit 10 family ? Possible completions: + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups inet IPv4 parameters mpls MPLS protocol parameters tcc Translational cross-connect parameters vpls Virtual private LAN service parameters Is this a new feature or a bug? For interfaces other than vlan.* this is still working as expected. Thanks, Volker ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkv8y9oACgkQrUvjMoak8Zd9dACeMwcj6IHDj5ISpZ/xJ9VS89ga 550AoKdz9GOrL227IkHxAKNhlPyVg6jv =G2uE -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] XNM Reverse DNS lookup
Hi all, I currently run into the next problem with xnm, maybe you have an idea: If I do a login via xnm, the login takes about 30 secs - which is a little bit long. My idea behind this is, that the router tries to do a reverse lookup of the connecting ip. This fails/runs into an timeout because the router uses the nearest-by nameserver, but the xnm connect comes from a RFC1918 IP on the management interface - the nameserver usually don't know about this and tries to resolve it - up to a timeout. Do you have any idea howto disable reverse lookups on the router? I have no problem to do it globally - but I do not want to remove the nameservers completely.. Thanks for you help, Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] XNM and match
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I'am again stuck with XNM/JunoScript, maybe you have an idea: I try to get the arp cache from the router, but only a specific arp entry - but this seems not to work. The get-arp-table xml command doesn't have any filtering command, and if I try: rpccommandshow arp no-resolve | match $ip /command/rpc there are two results: If it doesn't match (the ARP entry is not in the table), I get no result - if the entry is in the table I get the full table. Is there any possibility to get only one specific entry or must I filter within my application? This is quite unperformant, because some of the ARP-tables on my router are VERY big... Thanks, Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkvMK/wACgkQrUvjMoak8ZdPgACfa6W6AmZ27KvDnIa7jqiFltDY HbUAoIcCTr7Hq2My96S9cxJ3ZDArzKRu =wn+E -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Low power warning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can graph it via XNM and some RRDTool magic - I have written some examples for this and will put them public within the next weeks. This is basically to graph everything which you can see on the CLI. Tom Bjørn Tore Paulen schrieb: Richard A Steenbergen skrev: (...) Hrm... The lack of ability to do show interfaces diagnostic optics and see all interfaces has been on my bitch-list for the last 3+ years. I had just given up hope that they were ever going to do anything to fix it (or support the reverse order show interface xe-0/0/0 diagnostics optics for that matter), so I had stopped even checking... But after reading this email I just went back and checked a bunch of boxes, and it actually IS working on MX on every version of code we're running (9.4R3 being the oldest). Guess they slipped it in when we weren't looking. But still not possible to graph this? I.e. any working OID? /BT ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAku+zxUACgkQrUvjMoak8ZfONQCfQG11ssK74ipAsEfI1pyb6OK2 JtgAnRXBaFJKq52maw6mQl54R6qCRM3l =OWO4 -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Juniper Powerpoint Templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I know there is anywhere a powerpoint icon library (the 3d icons), but mine is very old and has no MX-series or EX-series - does someone here maybe have a current version and could share it with me? Sorry for a non-technical question here - but I dunno where to ask elsewhere.. Thanks, Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktXReoACgkQrUvjMoak8ZdY9QCgi7HrpIXQI2rruul9wTPWj0fG l9IAnR8pDkr6Mc9KjPymkrKU5o1xYYN+ =pyfL -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-Series JUNOS in Olive?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Simply edit the fstab and switch it to the right paths, this is the only voodoo to do to get it running. Tom Stevanus schrieb: I tried JUNOS J9.3 and booting always stop on this part : mount: /dev/bo0s1e: No such file or directory local filesystem mount failed, startup aborted Booting single-user WARNING: system watchdog timer still running, use '/junos/sbin/watchdog -off' to disable Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: NOTE: to go to multi-user operation, exit the single-user shell (with ^D) To run the rest of rc manually (after the above): chroot /junos /bin/sh /etc/rc.chroot and to run a shell with a normal view of the system: chroot /junos /bin/sh # Never know how to workaround that thing until now :( ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktJwA4ACgkQrUvjMoak8ZdsxQCgxOrz52/QaPrtMTiIJu44T/rT ghgAmwarn7u0ztva9Vi6oTmEJ5axHKOY =IJUB -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] J-Series JUNOS in Olive?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well - not really, there are things which are in M/T but not in J and the other way around. The other main factor is that J-Series has a software-PFE, so it should be possible to have 'real' interfaces, not only em0s, on which some things don't work. But - as per now I don't know if anybody ever managed to get an J-Series image to take the NICS as ge-0/0/x... Tom Patrik Olsson schrieb: Then again , JUNOS for M/T and JUNOS for J series have feature parity... no? Only JUNOS-ES and JUNOS on SRX are different from JUNOS on M/T right? Patrik Thomas Eichhorn wrote: Simply edit the fstab and switch it to the right paths, this is the only voodoo to do to get it running. Tom Stevanus schrieb: I tried JUNOS J9.3 and booting always stop on this part : mount: /dev/bo0s1e: No such file or directory local filesystem mount failed, startup aborted Booting single-user WARNING: system watchdog timer still running, use '/junos/sbin/watchdog -off' to disable Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: NOTE: to go to multi-user operation, exit the single-user shell (with ^D) To run the rest of rc manually (after the above): chroot /junos /bin/sh /etc/rc.chroot and to run a shell with a normal view of the system: chroot /junos /bin/sh # Never know how to workaround that thing until now :( ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktJzh4ACgkQrUvjMoak8ZckAACfVsDTN0xmrdsRtcolfzYMlH+c 5B8An0eQ3mYne+zLcHbUivZ2apjuJgdi =vsLh -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Event / OP Script
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Ahmad, have a look at http://www.juniper.net/us/en/training/elearning/junos_scripting.html they have a nice online course for this. This just gives only a small introduction towards this topic, but should be a first step. I hope that there will be a real training course for this topic in the future. Tom Cheikh-Moussa, Ahmad schrieb: Hi Guys, I try to write an event script, but the documentation I have found is not really well. Did someone wrote an event/op script ? Can someone point me out, how can I write an op script, which is triggered by an event (timer) ? I try something like show chassis fpc and search for a special string within the output. Has someone an example ? Thanks in advance, Ahmad Ahmad Cheikh-Moussa Consultant Business Unit Carrier Service Provider AXIANS NK Networks Services GmbH Fischertwiete 2, Chilehaus A 20095 Hamburg Tel.: +49 40 237 899 - 72 Fax: +49 40 237 899 - 69 ahmad.cheikh-mou...@axians.de acheikh-mou...@axians.de a...@axians.de www.axians.com Sitz der NK Networks Services GmbH: Von-der-Wettern-Straße 15, 51149 Köln Registergericht: Amtsgericht Köln, Registernummer HRB 30805 Geschäftsführer: Tonis Rüsche ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkq/uVEACgkQrUvjMoak8Zfs7gCggjiAX+hXBQuu7V+mbemvMwjr Zf0An2Qn5MAu3HKVIngPMCrjqBs85vD1 =2lKY -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Interest in a (european) Juniper User Group
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I just thought that a Juniper User Group would be quiet cool - if someone else also has interest in it. Due to my latest experiences with Juniper, this could maybe change the way with problems is dealt with and how customers are heard. I believe that a Open PR database founded on the knowledge of the group could be quiet helpful - at least I have been confrontated with many confidential PRs, who killed our network, as we switched over to EX. The communication done by Juniper is not very helpful in these cases, and maybe we would be heard better, if we unite in our interests as Juniper users... What do you think? Do you believe this could make any sense? Thanks, Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqOWQ0ACgkQrUvjMoak8ZdOVwCdGQIXk33ljnRiHmXDClRaeC14 BD0AnjDvYwPZ0bVEJk6gAH1Kskah/p2B =pG53 -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX3200 Interface Strangeness
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, the 10G ports are really new ones, and you have all ports available - on 3200 and 4200. Don't have the SFP-Uplink module, so I can't check on those boxes... Tom Brendan Mannella schrieb: What happens if a 10g card is installed? Do you lose the last two ports? And is this behavior the same on the 4200? On 8/17/09 10:41 AM, Bill Blackford bblackf...@nwresd.k12.or.us wrote: That makes sense. I'm not at all happy with it, but it makes sense. I'm am using ge-0/1/0 which must correspond to ge-0/0/20. Thanks. -b -Original Message- From: Mike Mainer [mailto:mmai...@tekinside.com] Sent: Monday, August 17, 2009 7:39 AM To: Bill Blackford Subject: Re: [j-nsp] EX3200 Interface Strangeness The 3200 is setup so that if an uplink Mod is installed you loose the last X ports. Example: you have a 24x10/100/1000 with 4x1GigE card. If/when ports are active on this 4x1GigE card ports 20-23 become INACTIVE. They are mutely exclusive. -Mike Mainer Bill Blackford wrote: I'm experiencing a weird issue with an interface that seems to have vanished. (see below 1.) I also have a general question on how the EX platform indexes interfaces. (see below 2.) = 1. Vanishing Interface I have several ex3200's in production and noticed that ge-0/0/20 shows up in the config, but doesn't appear to exist. bblackf...@wsc-sw-ex3200-1 show chassis hardware Hardware inventory: Item Version Part number Serial number Description ChassisBH0208188142 EX3200-24T FPC 0REV 07 750-021261 BH0208188142 EX3200-24T, 8 POE CPU BUILTIN BUILTIN FPC CPU PIC 0 BUILTIN BUILTIN 24x 10/100/1000 Base-T PIC 1 REV 04 711-021270 AR0209216364 4x GE SFP Xcvr 0NON-JNPR FFX20H700284 SFP-SX Power Supply 0 REV 02 740-020957 AT0508119769 PS 320W AC Fan Tray Fan Tray bblackf...@wsc-sw-ex3200-1 show version Hostname: wsc-sw-ex3200-1 Model: ex3200-24t JUNOS Base OS boot [9.5R2.7] bblackf...@wsc-sw-ex3200-1 show chassis fpc pic-status Slot 0 Online EX3200-24T, 8 POE PIC 0 Online 24x 10/100/1000 Base-T PIC 1 Online 4x GE SFP Now, bblackf...@wsc-sw-ex3200-1 show configuration interfaces ge-0/0/20 unit 0 { family ethernet-switching { vlan { members VOIP; } } } bblackf...@wsc-sw-ex3200-1 show interfaces ge-0/0/20 error: device ge-0/0/20 not found snmpwalk from a host: ifDescr.148 = STRING: ge-0/0/18 ifDescr.149 = STRING: ge-0/0/18.0 ifDescr.150 = STRING: ge-0/0/19 ifDescr.151 = STRING: ge-0/0/19.0 == 152 and 153 are missing ifDescr.154 = STRING: ge-0/0/21 ifDescr.155 = STRING: ge-0/0/21.0 ifDescr.156 = STRING: ge-0/0/22 ifDescr.157 = STRING: ge-0/0/22.0 ifDescr.158 = STRING: ge-0/0/1.0 ifDescr.159 = STRING: ge-0/0/23 ifDescr.160 = STRING: ge-0/0/0 ifDescr.161 = STRING: ge-0/0/0.0 ifDescr.162 = STRING: ge-0/0/1 ifDescr.163 = STRING: vlan ifDescr.164 = STRING: vlan.0 ifDescr.165 = STRING: vlan.1 ifDescr.166 = STRING: ge-0/1/0 ifDescr.167 = STRING: ge-0/1/0.0 ifDescr.170 = STRING: ge-0/0/23.0 == 2. Indexing question During the gathering of data for issue 1 above, I ran some walks against other ex3200's I have and noticed that the indexing is not consistent. Here's another ex3200 running the same code rev as above: ifDescr.148 = STRING: ge-0/0/18 ifDescr.149 = STRING: ge-0/0/18.0 ifDescr.150 = STRING: ge-0/0/19 ifDescr.151 = STRING: ge-0/0/19.0 ifDescr.152 = STRING: ge-0/0/20 ifDescr.153 = STRING: ge-0/0/20.0 ifDescr.154 = STRING: ge-0/0/21 ifDescr.155 = STRING: ge-0/0/21.0 ifDescr.156 = STRING: ge-0/0/22 ifDescr.157 = STRING: ge-0/0/22.0 ifDescr.158 = STRING: ge-0/0/23 ifDescr.159 = STRING: ge-0/0/23.0 ifDescr.160 = STRING: vlan ifDescr.163 = STRING: ge-0/0/0 ifDescr.164 = STRING: ge-0/0/0.0 ifDescr.165 = STRING: ge-0/0/1 ifDescr.166 = STRING: ge-0/0/11.69 ifDescr.167 = STRING: ge-0/0/11.70 ifDescr.168 = STRING: ge-0/0/1.0 There seems to be no correlation between the ifDescr seq numbers and the interface names. Now, the switch above has a 4x GE SFP PIC and the one below does not, but I find it strange that interfaces show up all over the place as if they were dynamically populated into a table. == Sorry for the length of this post. Thank you for any input. -b -- Bill Blackford Senior Network Engineer Technology Systems Group Northwest Regional ESD my /home away from home ___ juniper-nsp mailing list juniper-nsp@puck.nether.net
Re: [j-nsp] Multiple usage of VRRP-Groups (JunOS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Hendrik, this should be no problem, having the same vrrp-group in different vlans. Kind regards to Oldenburg ;) Tom Hendrik Kahmann schrieb: Hello, is it okay to use the same VRRP-group (i.e. 20) multiple times on the same physical interface? We want to use more than 255 VLANs on an physical interface so we have to use the same group several times or use the same VRRP-group (i.e. 1) on every VLAN subunit. Kind regards, Hendrik ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpUh5gACgkQrUvjMoak8Zdx8ACaAlcBsIZiHTbEPquH1AGxFUdY G1kAn3QNiscpz53KSXQC5atvrAU4NPtr =2jJz -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ex4200 log message question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Malte, Cord, according to our SE this is just debugcode - which should have been fixed in the 9.3 service release and also 9.3R3 - but at a current state I would really recommend not to upgrade to this version - I'm not yet really sure, but under some cirumstances the whole routing seems to fail. I really recommend to everyone to test all the needed features first in a lab. Tom Malte von dem Hagen schrieb: Cord, Am 21.05.2009 02:23 Uhr, Cord MacLeod schrieb: Every now and again I'm seeing the following log message: May 20 22:23:34 gsw1 fpc1 Resolve request came for an address matching on Wrong nh nh:1499, type:Hold...? May 20 23:08:03 gsw1 fpc1 Resolve request came for an address matching on Wrong nh nh:1501, type:Hold...? Any ideas what this could mean? JUNOS Base OS boot [9.3R3.8] this matches PR/412240 and can be ignored (according to JTAC, which I asked about that in 9.3R2.8). I was not able to get information about the root cause out of them. Kind regards, Malte ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoVGycACgkQrUvjMoak8ZdLpQCeK1djeTn5hYxGVeZ2uj9nvMv7 moIAoKI8yhIZpCE6jyChN+1MSrkdJYOd =QDGS -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] XNM-Client Implementation on Python
Hi all, just wanted to know, if somebody already has implementen a JunoScript/XNM implementation on python - before I do the work someone else has already done ;) Thanks Tom ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] ScreenOS on ISG2000 and MGT Interface
Hi, I'm just wondering if it is possible to change the vrouter behind the MGT Zone - I want to have specific routes just for the MGT Interface, is their maybe another alternative? Thanks for any ideas, Tom signature.asc Description: OpenPGP digital signature ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] XNM/JunoScript Implementations
Hi all, I'm currently searching for a JunoScript/XNM Implementation for python, has maybe someone here worked on that? I just found the Perl APIs, and some efforts on implementing in in PHP, but I prefer to not reinvent the wheel... Thanks for your help! Tom -- te3 Networks Thomas Eichhorn Hans-Boeckler-Straße 52-54 50354 Huerth Tel: +49 1805 / 833 63 88 Fax: +49 1805 / 833 63 83 signature.asc Description: OpenPGP digital signature ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp