Re: [j-nsp] What's the latest code you're running on a mx?
Hello,
I for one am happy to hear this. We're very close to deploying a new MPLS
network all on MX960s. We did heavy testing on 10.0R2 earlier this year. Our
lab gear has all been updated to 10.0R3 and so far everything seems to work.
We're running:
-IGP: OSPF (1 area 0, no TED) with OSPF LFA
-L2VPN, VPLS, L3VPN with BGP signaling
-LDP for transport LSPs
-No RSVP
-Simple Core QoS model with edge BA pbit classifiers
Some interesting things to note:
-OSPF LFA: I had to open a case with JTAC on this. The "traceroute mpls ldp"
command uses both the primary and backup LFA paths. JTAC thinks this is a
problem with the traceroute command and not OSPF LFA. When I simulate traffic
through the network, it does always appear to use the primary LFA path only. I
wish I new their ECMP algorithm to know for sure...
-no-tunnel-services: I can consistently get the box to core dump by creating a
VPLS Routing Instance without no-tunnel-services, adding no-tunnel-services and
then doing a commit full. Case pending. Work around: using groups to make sure
parameters like no-tunnel-services are always on first time around.
-l3vpn-composite: This is suppose to add efficiencies for L3VPN but it breaks
VPLS & L2VPN. PR opened in 10.0R2. I don't think it's fixed yet.
-Egress PE custom MPLS exp Classifier is broke for VPLS & L3VPN. As a
workaround, you have to apply your classifier like so:
show configuration class-of-service routing-instances
all {
classifiers {
exp mpls-core-classifier;
}
}
Otherwise the default MPLS exp classifier is used.
-We wanted to put fxp0 in a dedicated Logical System to solve return route
problems (some traffic is InBand, some is Out of Band via fxp0 - don't ask).
This solves the routing problem but breaks NSR.
Everything else seems to be working as expected. The problems listed above are
somewhat minor and we can work around them. 10.0R3 did core dump a few times
during a training session. We had 8 people all making config changes at the
same time in the same "edit". JTAC is analyzing. It's the only item that's
making me a bit nervous. I'm hoping to limit simultaneous access (edit
exclusive) in Prod to limit this.
Does anyone else have anything to share? I'd certain like to know if there's
anybody else beating up 10.0R3 in the lab or running it in Prod. If we have a
similar setup, I'd even be willing to replicate a problem anyone else might be
having. Ping me off list if necessary.
Thanks,
Serge
- Original Message
From: David Ball
To: mti...@globaltransit.net
Cc: Richard A Steenbergen ; juniper-nsp@puck.nether.net
Sent: Tue, May 25, 2010 12:58:06 PM
Subject: Re: [j-nsp] What's the latest code you're running on a mx?
Just a followup on this thread. I've been testing 10.0R3.10 in the
lab with MX240, 480 and T640 and have had (somewhat surprisingly) good
results. L2VPN, L2ckt, BGP-signalled VPLS (all w/QoS), L3VPN, LDP &
RSVP w/FRR (haven't tested much TE yet, mind you), even dabbled in
loop-free alternates (on the MX240 only), and haven't hit any
show-stoppers *yet*. We're definitely SP-focused, not enterprise, so
YMMV. They've even fixed (?) the functionality which broke (?) around
late 9.2 to early 9.3 timeframe which prevented you from doing 802.1p
BA classification on an outer VLAN tag if you were removing the outer
tag on ingress (they added a flag somewhere where you can specify
'inner' if you need to).
It's said to have several fixes for the now infamous KRT Queue
issues as well, which have been discussed at length on the list. I'm
cautiously optimistic about that one.
That saideverything works in the lab, right?
David
On 1 May 2010 12:57, Mark Tinka wrote:
> On Sunday 02 May 2010 01:31:44 am Richard A Steenbergen
> wrote:
>
>> Don't try to compare code between platforms, they're
>> entirely different beasts. :) In my experience the
>> answer for EX is almost always "run the latest and
>> greatest", and our deployment tests w/EX8216s and 10.1S1
>> have actually been much better than I expected.
>>
>> In the end it all comes down to which features are you
>> using, and what expectations do you have from your
>> router. Layer 2 is dirt simple, hell even Foundry
>> managed to mostly get that one right, so I have no doubt
>> that if your configuration and network are simple enough
>> you'll probably never see an issue. Try running a full
>> routing service provider config with bgp isis mpls rsvp
>> l2circuits firewalls etc and it's completely different
>> story. :)
>
> I probably should have stated that "any platform" was
> confined to the latter case you describe, service provider
> routing and friends.
>
>
Re: [j-nsp] What's the latest code you're running on a mx?
Just a followup on this thread. I've been testing 10.0R3.10 in the lab with MX240, 480 and T640 and have had (somewhat surprisingly) good results. L2VPN, L2ckt, BGP-signalled VPLS (all w/QoS), L3VPN, LDP & RSVP w/FRR (haven't tested much TE yet, mind you), even dabbled in loop-free alternates (on the MX240 only), and haven't hit any show-stoppers *yet*. We're definitely SP-focused, not enterprise, so YMMV. They've even fixed (?) the functionality which broke (?) around late 9.2 to early 9.3 timeframe which prevented you from doing 802.1p BA classification on an outer VLAN tag if you were removing the outer tag on ingress (they added a flag somewhere where you can specify 'inner' if you need to). It's said to have several fixes for the now infamous KRT Queue issues as well, which have been discussed at length on the list. I'm cautiously optimistic about that one. That saideverything works in the lab, right? David On 1 May 2010 12:57, Mark Tinka wrote: > On Sunday 02 May 2010 01:31:44 am Richard A Steenbergen > wrote: > >> Don't try to compare code between platforms, they're >> entirely different beasts. :) In my experience the >> answer for EX is almost always "run the latest and >> greatest", and our deployment tests w/EX8216s and 10.1S1 >> have actually been much better than I expected. >> >> In the end it all comes down to which features are you >> using, and what expectations do you have from your >> router. Layer 2 is dirt simple, hell even Foundry >> managed to mostly get that one right, so I have no doubt >> that if your configuration and network are simple enough >> you'll probably never see an issue. Try running a full >> routing service provider config with bgp isis mpls rsvp >> l2circuits firewalls etc and it's completely different >> story. :) > > I probably should have stated that "any platform" was > confined to the latter case you describe, service provider > routing and friends. > > We've had luck running code on core and edge switches in > pure Layer 2 mode that have brought other networks to tears > when Layer 3 services are turned on. Code stability > requirements between either paradigm is sufficiently > distinguishable, most times :-). > > Even though the platforms have some key differences, I'd be > just as cautious running JUNOS 10.x on the M320, T640, M10i, > e.t.c., as much as I would on the MX. But I guess this goes > without saying for many :-). > > Cheers, > > Mark. > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
On Sunday 02 May 2010 01:31:44 am Richard A Steenbergen wrote: > Don't try to compare code between platforms, they're > entirely different beasts. :) In my experience the > answer for EX is almost always "run the latest and > greatest", and our deployment tests w/EX8216s and 10.1S1 > have actually been much better than I expected. > > In the end it all comes down to which features are you > using, and what expectations do you have from your > router. Layer 2 is dirt simple, hell even Foundry > managed to mostly get that one right, so I have no doubt > that if your configuration and network are simple enough > you'll probably never see an issue. Try running a full > routing service provider config with bgp isis mpls rsvp > l2circuits firewalls etc and it's completely different > story. :) I probably should have stated that "any platform" was confined to the latter case you describe, service provider routing and friends. We've had luck running code on core and edge switches in pure Layer 2 mode that have brought other networks to tears when Layer 3 services are turned on. Code stability requirements between either paradigm is sufficiently distinguishable, most times :-). Even though the platforms have some key differences, I'd be just as cautious running JUNOS 10.x on the M320, T640, M10i, e.t.c., as much as I would on the MX. But I guess this goes without saying for many :-). Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
On Sat, May 01, 2010 at 12:32:08PM -0400, Chuck Anderson wrote: > On Sun, May 02, 2010 at 12:24:53AM +0800, Mark Tinka wrote: > > > Until trio cards start getting deployed, there is pretty > > > much no reason why any sensible network would be running > > > 10.x on an MX today. > > > > Or any platform, for that matter, I say. > > Well, I've had pretty good luck with 10.x on EX4200. I'm only > using Layer2 features though. Don't try to compare code between platforms, they're entirely different beasts. :) In my experience the answer for EX is almost always "run the latest and greatest", and our deployment tests w/EX8216s and 10.1S1 have actually been much better than I expected. In the end it all comes down to which features are you using, and what expectations do you have from your router. Layer 2 is dirt simple, hell even Foundry managed to mostly get that one right, so I have no doubt that if your configuration and network are simple enough you'll probably never see an issue. Try running a full routing service provider config with bgp isis mpls rsvp l2circuits firewalls etc and it's completely different story. :) On Sat, May 01, 2010 at 12:56:17PM -0400, Richmond, Jeff wrote: > We have had pretty good luck so far with 9.5R4.3 on MX960s with DPCE-Rs. 9.5R4 is absolutely one of the best overall images for MX I've seen in ages, i highly recommend it for people looking for general overall stability. The problem is 9.5 went EOL a few days before 9.5R4 was even released, and the bugs we did find in it (some very serious) Juniper refused to fix in the 9.5 branch. It would have been nice if they'd made 9.5 an extended support release, but alas no such luck. -- Richard A Steenbergenhttp://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
We have had pretty good luck so far with 9.5R4.3 on MX960s with DPCE-Rs. On May 1, 2010, at 9:32 AM, Chuck Anderson wrote: > On Sun, May 02, 2010 at 12:24:53AM +0800, Mark Tinka wrote: >>> Until trio cards start getting deployed, there is pretty >>> much no reason why any sensible network would be running >>> 10.x on an MX today. >> >> Or any platform, for that matter, I say. > > Well, I've had pretty good luck with 10.x on EX4200. I'm only > using Layer2 features though. > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
On Sun, May 02, 2010 at 12:24:53AM +0800, Mark Tinka wrote: > > Until trio cards start getting deployed, there is pretty > > much no reason why any sensible network would be running > > 10.x on an MX today. > > Or any platform, for that matter, I say. Well, I've had pretty good luck with 10.x on EX4200. I'm only using Layer2 features though. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
On Saturday 01 May 2010 07:56:32 pm Richard A Steenbergen wrote: > Hrm odd, the first we saw it was in 9.6S5, didn't see it > in any previous version. The box that spat the data I sent in my previous is (still) running JUNOS 9.3R2.8, so it's definitely been in there for a while. Granted, although both our configurations are under the "[forwarding-options]" hierarchy, mine is in the "[forwarding-options family inet6 filter]" sub-directory. Not sure if that makes any difference. My guess is it's all related to IPv6. > Juniper said it was a cosmetic > issue... Looks like it, since we don't see any impact to normal operations. > and the PR was fixed in 9.6R4, which doesn't sound > like it should be related to a 9.3 issue. But who knows. Indeed. I've chased problems like this (but admittedly, in IOS, not JUNOS - yet), where the next release claims to fix the issue, but it doesn't, and each subsequent release after that says "It has fixed the issue", and still hasn't. Oh well... > Until trio cards start getting deployed, there is pretty > much no reason why any sensible network would be running > 10.x on an MX today. Or any platform, for that matter, I say. I have some MX80's coming in for testing - let's see how that goes. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
On Sat, May 01, 2010 at 06:41:05PM +0800, Mark Tinka wrote: > On Saturday 01 May 2010 04:01:38 am Richard A Steenbergen wrote: > > > chassisd[1305]: %DAEMON-3-UI_CONFIGURATION_ERROR: > > Process: chassisd, path: [edit groups BASE-FORWARDING > > forwarding-options hash-key family], statement: inet6, > > Could not retrieve the route-accounting setting > > We've been getting this error for a while now (well, we've > seen it since JUNOS 9.3R2.8), although if you're still seeing > it now, it's possible it could have appeared much earlier. Hrm odd, the first we saw it was in 9.6S5, didn't see it in any previous version. Juniper said it was a cosmetic issue and the PR was fixed in 9.6R4, which doesn't sound like it should be related to a 9.3 issue. But who knows. > One of the reasons I'm wary about buying an MX80 now, given > that it requires the JUNOS 10.x family of code, which still > appears moody, for all intents and purposes - but what can > you do? Until trio cards start getting deployed, there is pretty much no reason why any sensible network would be running 10.x on an MX today. The code clearly isn't getting enough exposure to complex environments, as proved by the number of serious issues still found in an R3 release. Honestly this 10.0R3 experience is probably going to slow our rollout plans for MX80 and MPCs, I don't want to even imagine how bad 10.2R1 is going to be at this rate. :) Probably the best thing that can happen here is some very large accounts buy trio cards for their MXs, are forced to run new code to support them, hit every one of these bugs, and scream bloody murder about it. But hey I can think of at least a few large networks who are currently *VERY* backordered on ports because they're waiting for trio cards, so this has at least a fighting chance of happening. :) -- Richard A Steenbergenhttp://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
On Saturday 01 May 2010 04:01:38 am Richard A Steenbergen wrote: > chassisd[1305]: %DAEMON-3-UI_CONFIGURATION_ERROR: > Process: chassisd, path: [edit groups BASE-FORWARDING > forwarding-options hash-key family], statement: inet6, > Could not retrieve the route-accounting setting We've been getting this error for a while now (well, we've seen it since JUNOS 9.3R2.8), although if you're still seeing it now, it's possible it could have appeared much earlier. This is what we get on commit: ti...@lab# commit [edit forwarding-options family] 'inet6' Could not retrieve the route-accounting setting commit complete [edit] ti...@lab# The following goes into the log file: May 1 18:29:58 lab chassisd[4452]: UI_CONFIGURATION_ERROR: Process: chassisd, path: [edit forwarding-options family], statement: inet6, Could not retrieve the route-accounting setting We started seeing this ever since we decided to have some 'forwarding options' for the IPv6 protocol, as the log also indicates. It doesn't cause any problems, but needs explaining to new NOC folk who think they've thrown the network into a hole when they update router configurations. In hindsight, I probably should have opened a JTAC case for this :-). > Which would just be annoying/log filling, if not for the > fact that netconf interprets it as a hard error and > rolls back the remotely triggered commit. Ouch! > Considering you need 10.1 to run the new MX Trio cards, > and 10.2 to make them interoperate with older DPCs in > the same chassis, I expect a lot of people are going to > be very unhappy very soon when they're forced to > upgrade. :) One of the reasons I'm wary about buying an MX80 now, given that it requires the JUNOS 10.x family of code, which still appears moody, for all intents and purposes - but what can you do? Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
I am using 10.1R1.8 and it's been very stable but using it primarily for L2-bridging on none 3D Trio hardware. -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Derick Winkworth Sent: Friday, April 30, 2010 5:15 PM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] What's the latest code you're running on a mx? Ahh, so 10.1 is needed then for the MX80 I'm guessing... We'll be testing those soon in a POC where they will run VPLS, RSVP, COS, BGP, and L3VPNs... From: Richard A Steenbergen To: Bj?rn Tore Cc: "juniper-nsp@puck.nether.net" Sent: Fri, April 30, 2010 3:01:38 PM Subject: Re: [j-nsp] What's the latest code you're running on a mx? On Fri, Apr 30, 2010 at 09:55:23AM +0200, Bj?rn Tore wrote: > We're running 10.0R2.10 on MX. Works quite well. We just tested 10.0R3 on MX and it was a giant hot steaming mess. Among other problems, they broke "| last" in cli, isis overload timeout no longer functions (would never time out, stayed overloaded forever), and there was some as yet undetermined issue with RSVP/call admission where LSPs could not transit through the 10.0R3 device even though there was plenty of bandwidth available and no policy preventing it. We ended up downgrading back to 9.6S5 (which instantly solved all of the above), where the biggest problem we've had so far is a chassisd bug which causes this false warning every time you commit: chassisd[1305]: %DAEMON-3-UI_CONFIGURATION_ERROR: Process: chassisd, path: [edit groups BASE-FORWARDING forwarding-options hash-key family], statement: inet6, Could not retrieve the route-accounting setting Which would just be annoying/log filling, if not for the fact that netconf interprets it as a hard error and rolls back the remotely triggered commit. Considering you need 10.1 to run the new MX Trio cards, and 10.2 to make them interoperate with older DPCs in the same chassis, I expect a lot of people are going to be very unhappy very soon when they're forced to upgrade. :) -- Richard A Steenbergen http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
Ahh, so 10.1 is needed then for the MX80 I'm guessing... We'll be testing those soon in a POC where they will run VPLS, RSVP, COS, BGP, and L3VPNs... From: Richard A Steenbergen To: Bj?rn Tore Cc: "juniper-nsp@puck.nether.net" Sent: Fri, April 30, 2010 3:01:38 PM Subject: Re: [j-nsp] What's the latest code you're running on a mx? On Fri, Apr 30, 2010 at 09:55:23AM +0200, Bj?rn Tore wrote: > We're running 10.0R2.10 on MX. Works quite well. We just tested 10.0R3 on MX and it was a giant hot steaming mess. Among other problems, they broke "| last" in cli, isis overload timeout no longer functions (would never time out, stayed overloaded forever), and there was some as yet undetermined issue with RSVP/call admission where LSPs could not transit through the 10.0R3 device even though there was plenty of bandwidth available and no policy preventing it. We ended up downgrading back to 9.6S5 (which instantly solved all of the above), where the biggest problem we've had so far is a chassisd bug which causes this false warning every time you commit: chassisd[1305]: %DAEMON-3-UI_CONFIGURATION_ERROR: Process: chassisd, path: [edit groups BASE-FORWARDING forwarding-options hash-key family], statement: inet6, Could not retrieve the route-accounting setting Which would just be annoying/log filling, if not for the fact that netconf interprets it as a hard error and rolls back the remotely triggered commit. Considering you need 10.1 to run the new MX Trio cards, and 10.2 to make them interoperate with older DPCs in the same chassis, I expect a lot of people are going to be very unhappy very soon when they're forced to upgrade. :) -- Richard A Steenbergen http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
On Fri, Apr 30, 2010 at 09:55:23AM +0200, Bj?rn Tore wrote: > We're running 10.0R2.10 on MX. Works quite well. We just tested 10.0R3 on MX and it was a giant hot steaming mess. Among other problems, they broke "| last" in cli, isis overload timeout no longer functions (would never time out, stayed overloaded forever), and there was some as yet undetermined issue with RSVP/call admission where LSPs could not transit through the 10.0R3 device even though there was plenty of bandwidth available and no policy preventing it. We ended up downgrading back to 9.6S5 (which instantly solved all of the above), where the biggest problem we've had so far is a chassisd bug which causes this false warning every time you commit: chassisd[1305]: %DAEMON-3-UI_CONFIGURATION_ERROR: Process: chassisd, path: [edit groups BASE-FORWARDING forwarding-options hash-key family], statement: inet6, Could not retrieve the route-accounting setting Which would just be annoying/log filling, if not for the fact that netconf interprets it as a hard error and rolls back the remotely triggered commit. Considering you need 10.1 to run the new MX Trio cards, and 10.2 to make them interoperate with older DPCs in the same chassis, I expect a lot of people are going to be very unhappy very soon when they're forced to upgrade. :) -- Richard A Steenbergenhttp://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] What's the latest code you're running on a mx?
OBrien, Will skrev: Anyone using any 10. Code yet? I get to annoy my juniper reps later so input is appreciated. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp We're running 10.0R2.10 on MX. Works quite well. -- Bjørn Tore Paulen Holsjordet 45 Tlf 95981603 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] What's the latest code you're running on a mx?
Anyone using any 10. Code yet? I get to annoy my juniper reps later so input is appreciated. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
