Re: [j-nsp] MX80 port numbering

[apurva modh]

Are you looking for this >
http://kb.juniper.net/InfoCenter/index?page=content&id=KB25588&actp=RSS


On Fri, Mar 15, 2013 at 4:11 PM, Sebastian Wiesinger <
juniper-...@ml.karotte.org> wrote:

> Has anyone here an easily understandable graphic for port numbering on
> MX80 mic slot(s)? I can't get it right half of the time and support
> staff on-site never knows which port is which. Even the labels on the
> box are not really helpful.
>
> Regards
>
> Sebastian
>
> --
> GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
> 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
> SCYTHE.
> -- Terry Pratchett, The Fifth Elephant
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] LACP Load Balance

[apurva modh]

Yes, you can enable it for family mpls as well ... you need family mpls
label-1, label-2 and payload ip under hash keys ...

https://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/nog-mpls-frr/mpls-load-balancing-hash-key.html


Remember, hash-keys are only affected on outgoing direction and works on
per node basis. So you need to configure same hashing in all the nodes of
network for effective load balancing ...

Regards,

On Wed, Aug 29, 2012 at 12:55 PM, Mohammad Khalil wrote:

> I have small question , should i implement this on family mpls as well ?
>
> Router# show interfaces ae1
> flexible-vlan-tagging;
> mtu 1600;
> encapsulation flexible-ethernet-services;
> aggregated-ether-options {
> lacp {
> active;
> }
> }
> unit 0 {
> family bridge {
> interface-mode trunk;
> vlan-id-list [ 14 114 204 104 214 ];
> }
> }
> unit 10 {
> vlan-id 10;
> family inet {
> address 10.0.0.17/30;
> }
> family iso;
> family mpls;
> }
>
> And this should be done on both sides ?
> BR,
> Mohammad
>
>
> On Wed, Aug 29, 2012 at 10:11 AM, apurva modh wrote:
>
>> Hi,
>>
>> You will not require symmetrical hashing. Just configure,
>>
>> set forwarding-options hash-key family inet layer-3
>> set forwarding-options hash-key family inet layer-4
>>
>> Regards,
>>
>>
>> On Wed, Aug 29, 2012 at 12:33 PM, Mohammad Khalil wrote:
>>
>>> Hi , Thanks all for the replies
>>> Regarding the version
>>> Router# run show version
>>> Hostname: Router
>>> Model: mx240
>>> JUNOS Base OS boot [10.0R3.10]
>>> JUNOS Base OS Software Suite [10.0R3.10]
>>> JUNOS Kernel Software Suite [10.0R3.10]
>>> JUNOS Crypto Software Suite [10.0R3.10]
>>> JUNOS Packet Forwarding Engine Support (M/T Common) [10.0R3.10]
>>> JUNOS Packet Forwarding Engine Support (MX Common) [10.0R3.10]
>>> JUNOS Online Documentation [10.0R3.10]
>>> JUNOS Voice Services Container package [10.0R3.10]
>>> JUNOS Border Gateway Function package [10.0R3.10]
>>> JUNOS Services AACL Container package [10.0R3.10]
>>> JUNOS Services LL-PDF Container package [10.0R3.10]
>>> JUNOS Services Stateful Firewall [10.0R3.10]
>>> JUNOS AppId Services [10.0R3.10]
>>> JUNOS IDP Services [10.0R3.10]
>>> JUNOS Routing Software Suite [10.0R3.10]
>>>
>>> Should i configure something like the below?
>>> set forwarding-options hash-key family inet symmetric-hash
>>>
>>> How does the router know which ae group will apply to ?
>>> In my case its ae0 and ae1
>>>
>>> Thanks in advance for the great help
>>>
>>> BR,
>>> Mohammad
>>>
>>>
>>> On Tue, Aug 28, 2012 at 4:02 PM, Stefan Fouant <
>>> sfou...@shortestpathfirst.net> wrote:
>>>
>>> > Also, you need to send a sizable number of flows to effect a proper
>>> > distribution. A handful of flows is just not going to cut it, based on
>>> the
>>> > below mentioned hash.
>>> >
>>> > Stefan Fouant
>>> > JNCIE-SEC, JNCIE-SP, JNCIE-ENT, JNCI
>>> > Technical Trainer, Juniper Networks
>>> >
>>> > Follow us on Twitter @JuniperEducate
>>> >
>>> > Sent from my iPad
>>> >
>>> > On Aug 28, 2012, at 3:32 AM, Julien Goodwin >> >
>>> > wrote:
>>> >
>>> > > On 28/08/12 17:20, Mohammad Khalil wrote:
>>> > >> I am trying to make load balancing on the links as I checked the
>>> traffic
>>> > >> and its not balanced
>>> > >> Any ideas will be highly appreciated
>>> > >
>>> > > Depending on what traffic you're sending it may not be evenly
>>> hashable
>>> > > across the links.
>>> > >
>>> > > Depending on which side is uneven you might find help in:
>>> > >
>>> > > EX:
>>> > >
>>> >
>>> http://kb.juniper.net/InfoCenter/index?page=content&id=KB22943&smlogin=true
>>> > >
>>> > > MX:
>>> > >
>>> >
>>> http://www.juniper.net/techpubs/en_US/junos10.3/topics/concept/layer-2-services-load-balancing-and-link-aggregation.html
>>> > >
>>> > > --
>>> > > Julien Goodwin
>>> > > Studio442
>>> > > "Blue Sky Solutioneering"
>>> > >
>>> > > ___
>>> > > juniper-nsp mailing list juniper-nsp@puck.nether.net
>>> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
>>> >
>>> ___
>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>
>>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] LACP Load Balance

[apurva modh]

Hi,

You will not require symmetrical hashing. Just configure,

set forwarding-options hash-key family inet layer-3
set forwarding-options hash-key family inet layer-4

Regards,

On Wed, Aug 29, 2012 at 12:33 PM, Mohammad Khalil wrote:

> Hi , Thanks all for the replies
> Regarding the version
> Router# run show version
> Hostname: Router
> Model: mx240
> JUNOS Base OS boot [10.0R3.10]
> JUNOS Base OS Software Suite [10.0R3.10]
> JUNOS Kernel Software Suite [10.0R3.10]
> JUNOS Crypto Software Suite [10.0R3.10]
> JUNOS Packet Forwarding Engine Support (M/T Common) [10.0R3.10]
> JUNOS Packet Forwarding Engine Support (MX Common) [10.0R3.10]
> JUNOS Online Documentation [10.0R3.10]
> JUNOS Voice Services Container package [10.0R3.10]
> JUNOS Border Gateway Function package [10.0R3.10]
> JUNOS Services AACL Container package [10.0R3.10]
> JUNOS Services LL-PDF Container package [10.0R3.10]
> JUNOS Services Stateful Firewall [10.0R3.10]
> JUNOS AppId Services [10.0R3.10]
> JUNOS IDP Services [10.0R3.10]
> JUNOS Routing Software Suite [10.0R3.10]
>
> Should i configure something like the below?
> set forwarding-options hash-key family inet symmetric-hash
>
> How does the router know which ae group will apply to ?
> In my case its ae0 and ae1
>
> Thanks in advance for the great help
>
> BR,
> Mohammad
>
>
> On Tue, Aug 28, 2012 at 4:02 PM, Stefan Fouant <
> sfou...@shortestpathfirst.net> wrote:
>
> > Also, you need to send a sizable number of flows to effect a proper
> > distribution. A handful of flows is just not going to cut it, based on
> the
> > below mentioned hash.
> >
> > Stefan Fouant
> > JNCIE-SEC, JNCIE-SP, JNCIE-ENT, JNCI
> > Technical Trainer, Juniper Networks
> >
> > Follow us on Twitter @JuniperEducate
> >
> > Sent from my iPad
> >
> > On Aug 28, 2012, at 3:32 AM, Julien Goodwin 
> > wrote:
> >
> > > On 28/08/12 17:20, Mohammad Khalil wrote:
> > >> I am trying to make load balancing on the links as I checked the
> traffic
> > >> and its not balanced
> > >> Any ideas will be highly appreciated
> > >
> > > Depending on what traffic you're sending it may not be evenly hashable
> > > across the links.
> > >
> > > Depending on which side is uneven you might find help in:
> > >
> > > EX:
> > >
> >
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB22943&smlogin=true
> > >
> > > MX:
> > >
> >
> http://www.juniper.net/techpubs/en_US/junos10.3/topics/concept/layer-2-services-load-balancing-and-link-aggregation.html
> > >
> > > --
> > > Julien Goodwin
> > > Studio442
> > > "Blue Sky Solutioneering"
> > >
> > > ___
> > > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX4200 Virtual chassis ??

[apurva modh]

I would also suggest virtual chassis option ...

Here is the best practices guide for VC ..
http://www.juniper.net/us/en/local/pdf/implementation-guides/8010018-en.pdf

On Wed, Aug 22, 2012 at 11:18 PM, Rachid DHOU  wrote:

> Dear experts,
>
> We have two EX4200 switches, mainly used for L2 functionalities.
> We want to add two new EX4200 Switches and we want to connect them with the
> old switches.
>
> i have two possibilities :
>
> * Either, interconnect them and control everything with STP.
> * or use Virtual chassis.
>
>
> Please advise, what is the best way ? did you try Virtual chassis in EX ?
> Do you have other options ?
>
>
> *Kind regards,*
> *Rachid DHOU*
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] About Juniper Control Plan Policy (CoPP)

[apurva modh]

All the Routing engine bound traffic into Juniper is handled through the
loopback interface. So if you apply the input direction filter on the
loopback interface, it would simulate the exact behavior of the control
plane filter of cisco. You dont need to apply "protect routing-engine"
filter to physical interfaces.

Hope this solves your query.

Regards,


On Thu, Aug 23, 2012 at 9:05 AM, Md. Jahangir Hossain
wrote:

> Dear all friend:
>
> Wishes all are fine.
>
> I quit new in juniper OS platform . i need some information about juniper
> Control Plan Policy (CoPP). i read  the RFC 6192 of  Protect Router Control
> Plane which is:
>
>
> http://tools.ietf.org/html/rfc6192#appendix-A.2
>
>
>
> After reading the RFC 6192 i have a  little query as like,In cisco router
> we put input policy on control plan.
>
> as like;
>
> control-plane service-policy input COPPBut in Juniper router we put input
> policy into loopback interface according to this RFC .
>
> Here this is:
>
> interfaces { lo0 { unit 0 { family inet { filter input
> protect-router-control-plane; }Based on my question is, how
> juniper router loopback interface control all router control plan ? or i
> need to put this input filter policy individually on different
> interfaces as like:
>
>
> interfaces{ em0 { unit 0 { family inet { filter input
> protect-router-control-plane; }
>
> interfaces { em1 { unit 0 { family inet { filter input
> protect-router-control-plane; }
> it would be nice for me can anyone please confirm me about this
> configuration .
>
>
>
>
>
>
>
>
> Thanks
> Jahangir Hossain
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Strange ARP issue on M7i

[apurva modh]

it represents that the default arp pollicer is dropping the arp packets.
You dont need to apply this filter on any interface. It is applied on all
interfaces by default ... Default values of the arp policer is fine-tuned
such that it does not interrupt normal arp mechanism .. the counter in the
"show policer" should not increment in ideal scenarios ... check if there
is any machine is spoofing/flooding arp or not ...

btw, Your junos is very old .. try changing to new junos ,, there are many
improvements since then ...

On Wed, Aug 15, 2012 at 11:44 PM, Markus  wrote:

> Hi JP and all,
>
> thanks for all the replies. "show policer" shows:
>
> ad...@ffm01.rt> show policer
> Policers:
> Name  Packets
> __default_arp_policer__   1140304
> __policer_tmpl__-term   0
> __policer_tmpl__-fc00
> __policer_tmpl__-fc00
> __policer_tmpl__-fc10
> __policer_tmpl__-fc00
> __policer_tmpl__-fc10
> __policer_tmpl__-fc20
> __policer_tmpl__-fc00
> __policer_tmpl__-fc10
> __policer_tmpl__-fc20
> __policer_tmpl__-fc30
>
> What does that mean?
>
> I don't seem to have anything configured related to that:
>
> ad...@ffm01.rt> show configuration | grep arp
> < empty >
>
> Thank you!
> Markus
>
>
> Am 14.08.2012 21:37, schrieb JP Senior:
>
>> Hi, Markus.
>> I have experienced issues in previous deployments that have involved
>> built-in ARP policers.
>>
>> Hit up 'show policer', and look for __default_arp_policer__.
>>
>> JP Senior
>>
>>
>> -Original Message-
>> From: 
>> juniper-nsp-bounces@puck.**nether.net[mailto:
>> juniper-nsp-bounces@**puck.nether.net]
>> On Behalf Of Markus
>> Sent: 14 August 2012 7:13 AM
>> To: juniper-nsp@puck.nether.net
>> Subject: [j-nsp] Strange ARP issue on M7i
>>
>> Hi all,
>>
>> last night I encountered something weird (in my opinion). Not sure if
>> Juniper related but maybe someone here has seen something like this?
>>
>> I was experiencing a strange effect that several websites hosted on a
>> Linux KVM VM didn't load properly. They would load but 90% of the time hang
>> in some strange way, the browser displaying "Waiting for
>> www.sitename.com..." after all the page has loaded, or even before anything
>> of the page was displayed. A minute later it would work sometimes, but only
>> for a short period of time. After eliminating all MySQL, Apache, KVM etc.
>> as the source of the problem I logged into the M7i in front of that host
>> and saw:
>>
>> ad...@ffm01.rt> show arp no-resolve |grep 195.100.100.7
>> 00:25:90:38:66:c6 195.100.100.7ge-0/0/0.0none
>> 00:25:90:38:66:c6 195.100.101.34   ge-0/0/0.0none
>>
>> With 195.100.100.7 being the KVM host. So I thought: why is 101.34 up?
>> It's an IP that wasn't in use for years. And in the Juniper config a
>> whole /24 was still getting routed to it. I thought, OK, the KVM host got
>> hax0red or something and the intruder assigned 101.34, but couldnt find
>> anything. 101.34 wasn't reachable from any machine in the same LAN and the
>> MAC could not be seen either. No traffic to/from it on the Switch
>> monitoring port either. All I saw was traffic (port scans I
>> think) to the /24 which ended up on the KVM host (195.100.100.7). That
>> was an indicator that the KVM host was really also saying "I have
>> 195.100.101.34". Or the Juniper insisted that the IP is at that MAC. I
>> suspect the latter. I shutdown the KVM host physically and cleared the ARP
>> cache on the Juniper, 195.100.100.7 was gone, but 195.100.101.34 was still
>> there with the identical MAC, as before.
>> I then removed the static route entry for the /24 which was pointing to
>> 195.100.101.34 and only then the arp entry for 195.100.101.34 disappeared!
>>
>> Isn't that weird? Where did that arp entry come from and why was it saved
>> on the Juniper for so long, and only got removed after I removed the static
>> routing of that /24?
>>
>> I'm running JUNOS 8.0R2.8. :)
>>
>> This didn't eliminate the problem with the websites reachability, I think
>> it is something local with my dialup connection as I see a lot of TCP
>> retransmission errors when accessing all sites on any of the VMs hosted on
>> that KVM host. Through an alternative dialup provider everything is fine.
>> Other sites on other boxes in the same LAN work just fine though via the
>> first provider. The problem comes and goes now.
>> Really puzzled!
>>
>> Anyway, can't stop thinking about the ARP thing so I thought I would ask
>> here! Thank you very much!
>>
>> Regards
>> Markus
>>
>>
>>
>> __**_
>> juniper-ns