Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-28 Thread Chris Burton 
I will take a look.  I have tested on a number of different versions, 
but nothing as new as 4.11, only been tracking the shipped kernel with 
Ubuntu 14.04 and 16.04, in the 3.1 and 4.4 versions respectively, but 
pulling from upstream and compiling from source instead of Ubuntu src 
packages.


-C


On 06/28/2017 12:09 AM, Vincent Bernat wrote:

  ❦ 27 juin 2017 23:26 -0700, Chris Burton  :


Interesting, in the kernel versions I tested I was not able to get it
to work by just passing in the runtime changes to
/sys/class/net//bridge/group_fwd_mask, I actually had to make
changes to virtual bridge header file and recompile the kernel as
there are/were safeguards in place to prevent someone from just making
the runtime changes, which makes sense because this is a potentially
dangerous change.  Recompiling is not a big deal, but would be
interested to know which kernel versions you were able to get that to
work with just runtime changes as that would save some time.

The different cases are handled here:
  
http://elixir.free-electrons.com/linux/v4.11.5/source/net/bridge/br_input.c#L275

fwd_mask_required is not tunable by the user. Unless you are using
VLAN-aware bridges _and_ QinQ, its value is 0. group_fwd_mask is the
live value you put in sysfs, so it should work. There is a safeguard
mechanism to deny acceptance of 01-80-C2-00-00-[00,0B,0C,0D,0F] when
setting the group_fwd_mask value.

I didn't test recently, but I have used this mechanism in the past for
LLDP. Which kernel are you using?


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-28 Thread Vincent Bernat 
 ❦ 27 juin 2017 23:26 -0700, Chris Burton  :

> Interesting, in the kernel versions I tested I was not able to get it
> to work by just passing in the runtime changes to
> /sys/class/net//bridge/group_fwd_mask, I actually had to make
> changes to virtual bridge header file and recompile the kernel as
> there are/were safeguards in place to prevent someone from just making
> the runtime changes, which makes sense because this is a potentially
> dangerous change.  Recompiling is not a big deal, but would be
> interested to know which kernel versions you were able to get that to
> work with just runtime changes as that would save some time.

The different cases are handled here:
 
http://elixir.free-electrons.com/linux/v4.11.5/source/net/bridge/br_input.c#L275

fwd_mask_required is not tunable by the user. Unless you are using
VLAN-aware bridges _and_ QinQ, its value is 0. group_fwd_mask is the
live value you put in sysfs, so it should work. There is a safeguard
mechanism to deny acceptance of 01-80-C2-00-00-[00,0B,0C,0D,0F] when
setting the group_fwd_mask value.

I didn't test recently, but I have used this mechanism in the past for
LLDP. Which kernel are you using?
-- 
10.0 times 0.1 is hardly ever 1.0.
- The Elements of Programming Style (Kernighan & Plauger)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-28 Thread Chris Burton 
Interesting, in the kernel versions I tested I was not able to get it to 
work by just passing in the runtime changes to 
/sys/class/net//bridge/group_fwd_mask, I actually had to make 
changes to virtual bridge header file and recompile the kernel as there 
are/were safeguards in place to prevent someone from just making the 
runtime changes, which makes sense because this is a potentially 
dangerous change.  Recompiling is not a big deal, but would be 
interested to know which kernel versions you were able to get that to 
work with just runtime changes as that would save some time.


Cheers,

-C


On 06/27/2017 11:05 PM, Vincent Bernat wrote:

  ❦ 27 juin 2017 22:40 -0700, Chris Burton  :


Also, if you use KVM and linux bridge you can bypass the issues with
the bridges not forwarding LLDP and LACP traffic, but you have to
willing to dive into modifying certain parts of the virtual bridge
network drivers and compile your own custom kernel, as by standards
bridges are not supposed to forward the traffic related to LCAP and
LLDP.  I have also heard that this can be bypassed by using Open
vSwitch, but I have not tested that.  The only items I have not yet
been able to get working are related to Ethernet OAM, but so far
everything else I have tested has worked either directly or with some
modification.

On Linux, you can tell the bridge to let LLDP and LACP traffic without
recompiling. This is done by altering the value of
/sys/class/net/brXX/bridge/group_fwd_mask. To let LLDP pass, you need to
put 0x4000 in it. For LACP, this is 0x4. So 0x4004 should let both of
them pass the bridge.


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-28 Thread Vincent Bernat 
 ❦ 27 juin 2017 22:40 -0700, Chris Burton  :

> Also, if you use KVM and linux bridge you can bypass the issues with
> the bridges not forwarding LLDP and LACP traffic, but you have to
> willing to dive into modifying certain parts of the virtual bridge
> network drivers and compile your own custom kernel, as by standards
> bridges are not supposed to forward the traffic related to LCAP and
> LLDP.  I have also heard that this can be bypassed by using Open
> vSwitch, but I have not tested that.  The only items I have not yet
> been able to get working are related to Ethernet OAM, but so far
> everything else I have tested has worked either directly or with some
> modification.

On Linux, you can tell the bridge to let LLDP and LACP traffic without
recompiling. This is done by altering the value of
/sys/class/net/brXX/bridge/group_fwd_mask. To let LLDP pass, you need to
put 0x4000 in it. For LACP, this is 0x4. So 0x4004 should let both of
them pass the bridge.
-- 
Don't stop at one bug.
- The Elements of Programming Style (Kernighan & Plauger)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Chris Burton 
I can't speak to Vmware (workstation or vSphere) or Virtualbox, but with 
a few of the vMX licenses and a cheap server off of eBay running Ubuntu 
14.04 or 16.04 and KVM you can run several instances of vMX on a single 
machine.   On a dual Xeon E5-2670 equipped  with 128GB of memory I am 
able to boot and run a total of 7 vMX instances and build a rather 
massive working topologies. Based on the available memory left and CPU 
cycles left I could probably boot several additional instances, but 
because of the aforementioned CPU usage of the data-plane (even with 
lite-mode enabled) I start running into cooling issues on the CPU (temps 
creep into the critical range).


That being said, unless you want to test items that do not work in 
logical systems (for instances EVPN) you can happily run a single 
instance of vMX using multiple logical systems (I have tested up to 12, 
but I think you can go to 15 logical-systems, possibly more), using 
either lt- interfaces or can modify the configuration and run a lot more 
of the built-in interfaces, depending upon version you can get up to 96 
interfaces, though I have only successfully booted up with 48 interfaces 
(things start getting dicey passed 48 interfaces, and it can take 10-15m 
to boot the entire system assuming it does not crash, both control and 
data plane).


Also, if you use KVM and linux bridge you can bypass the issues with the 
bridges not forwarding LLDP and LACP traffic, but you have to willing to 
dive into modifying certain parts of the virtual bridge network drivers 
and compile your own custom kernel, as by standards bridges are not 
supposed to forward the traffic related to LCAP and LLDP.  I have also 
heard that this can be bypassed by using Open vSwitch, but I have not 
tested that.  The only items I have not yet been able to get working are 
related to Ethernet OAM, but so far everything else I have tested has 
worked either directly or with some modification.


Cheers,

-C


On 06/27/2017 02:41 PM, Aaron Gould wrote:

I know, but I'm pretty sure that 15.1F3.11 that I run in my virtual box was a 
vMX download from juniper.net

-Aaron

-Original Message-
From: Valentini Lucio [mailto:lucio.valent...@bvg-systemhaus.it]
Sent: Tuesday, June 27, 2017 3:51 PM
To: Aaron Gould <aar...@gvtc.com>; 'Vincent Bernat' <ber...@luffy.cx>
Cc: juniper-nsp@puck.nether.net
Subject: AW: [j-nsp] cheapest juniper router capable of lsys

Olive ist he free version of Junos, tolerated but not supported by Juniper as 
far as I know. It´s made for research and educational purposes, not production.

Hope this helps,

Cheers

LV



-Ursprüngliche Nachricht-
Von: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] Im Auftrag von 
Aaron Gould
Gesendet: Dienstag, 27. Juni 2017 22:02
An: 'Vincent Bernat'
Cc: juniper-nsp@puck.nether.net
Betreff: Re: [j-nsp] cheapest juniper router capable of lsys

Mine says...

I thought this was vMX.  Is it?

root@r8-j> show version
Hostname: r8-jF3.11 built 2015-10-27 19:44:47 UTC
Model: olive
Junos: 15.1F3.11
JUNOS Base OS boot [15.1F3.11]
JUNOS Base OS Software Suite [15.1F3.11]

- Aaron

-Original Message-
From: Vincent Bernat [mailto:ber...@luffy.cx]
Sent: Tuesday, June 27, 2017 1:42 PM
To: Aaron Gould <aar...@gvtc.com>
Cc: 'Youssef Bengelloun-Zahr' <benge...@gmail.com>; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] cheapest juniper router capable of lsys

  ❦ 27 juin 2017 13:33 -0500, "Aaron Gould" <aar...@gvtc.com> :


I think on my vMX when I type "show version" it says "olive"  :|

For me, it looks like that:

juniper@vMX> show version
Hostname: vMX
Model: vmx
Junos: 16.1R1.7
JUNOS OS Kernel 64-bit  [20160624.329953_builder_stable_10]
JUNOS OS libs [20160624.329953_builder_stable_10]
JUNOS OS runtime [20160624.329953_builder_stable_10]
[...]

Maybe you have an early version (something before 14.1)?
--
The Public is merely a multiplied "me."
-- Mark Twain

___
juniper-nsp mailing list juniper-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Vincent Bernat 
 ❦ 28 juin 2017 09:56 +1000, Dale Shaw  :

>> The downside of the vMX for experimentation is that it is very CPU
>> hungry. The dataplane VMs are using a busy loop to catch packets and
>> they will use 100% of the CPU you allocate to them. They also need a lot
>> of memory.
>
> For vMX, there is a "lite" flavour of the PFE image that uses DPDK in
> interrupt mode instead of poll mode.
>
> See:
> https://www.juniper.net/documentation/en_US/vmx15.1f6/topics/task/configuration/vmx-chassis-flow-caching-enabling.html

Good to know!

Unfortunately, when switching to lite-mode, the vFPC restarts but still
uses 100% CPU. I'll try to update to a more recent version.
-- 
If one cannot enjoy reading a book over and over again, there is no use
in reading it at all.
-- Oscar Wilde
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Dale Shaw 
Hi Vincent,

On Wed, Jun 28, 2017 at 2:46 AM, Vincent Bernat  wrote:
> The downside of the vMX for experimentation is that it is very CPU
> hungry. The dataplane VMs are using a busy loop to catch packets and
> they will use 100% of the CPU you allocate to them. They also need a lot
> of memory.

For vMX, there is a "lite" flavour of the PFE image that uses DPDK in
interrupt mode instead of poll mode.

See:
https://www.juniper.net/documentation/en_US/vmx15.1f6/topics/task/configuration/vmx-chassis-flow-caching-enabling.html

This option doesn't exist for vSRX yet, AFAIK, but I heard it - or
something similar - is coming.

Cheers,
Dale
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Aaron Gould 
A, that helps!  Thanks Doug

-Aaron

-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Doug McIntyre
Sent: Tuesday, June 27, 2017 4:25 PM
To: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] cheapest juniper router capable of lsys

On Tue, Jun 27, 2017 at 08:57:10PM +, Simone Spinelli wrote:
> For study/personal lab I would also take a look at firefly image for 
> vagrant.

FWIW: firefly == vSRX, already mentioned in this thread. 


Somebody else writes (sorry, too much quoting cruft to keep it all
straight).
> > I thought this was vMX.  Is it?
> >
> > root@r8-j> show version
> > Hostname: r8-jF3.11 built 2015-10-27 19:44:47 UTC
> > Model: olive
> > Junos: 15.1F3.11

Yes, this is an early testing version of vMX. They changed it considerably
about a year ago and made it production worthy.

The earliest versions did report olive (which really is just what any
regular JunOS supervisor engine code reports if it is running on a FreeBSD
box of anykind without the special hardware that makes real things go).

When the new version of vMX was released about a year ago, it no longer
reported that way, so try upgrading it to the latest code?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Aaron Gould 
I know, but I'm pretty sure that 15.1F3.11 that I run in my virtual box was a 
vMX download from juniper.net

-Aaron

-Original Message-
From: Valentini Lucio [mailto:lucio.valent...@bvg-systemhaus.it] 
Sent: Tuesday, June 27, 2017 3:51 PM
To: Aaron Gould <aar...@gvtc.com>; 'Vincent Bernat' <ber...@luffy.cx>
Cc: juniper-nsp@puck.nether.net
Subject: AW: [j-nsp] cheapest juniper router capable of lsys

Olive ist he free version of Junos, tolerated but not supported by Juniper as 
far as I know. It´s made for research and educational purposes, not production.

Hope this helps,

Cheers 

LV



-Ursprüngliche Nachricht-
Von: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] Im Auftrag von 
Aaron Gould
Gesendet: Dienstag, 27. Juni 2017 22:02
An: 'Vincent Bernat'
Cc: juniper-nsp@puck.nether.net
Betreff: Re: [j-nsp] cheapest juniper router capable of lsys

Mine says... 

I thought this was vMX.  Is it?

root@r8-j> show version
Hostname: r8-jF3.11 built 2015-10-27 19:44:47 UTC
Model: olive
Junos: 15.1F3.11
JUNOS Base OS boot [15.1F3.11]
JUNOS Base OS Software Suite [15.1F3.11]

- Aaron

-Original Message-
From: Vincent Bernat [mailto:ber...@luffy.cx]
Sent: Tuesday, June 27, 2017 1:42 PM
To: Aaron Gould <aar...@gvtc.com>
Cc: 'Youssef Bengelloun-Zahr' <benge...@gmail.com>; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] cheapest juniper router capable of lsys

 ❦ 27 juin 2017 13:33 -0500, "Aaron Gould" <aar...@gvtc.com> :

> I think on my vMX when I type "show version" it says "olive"  :|

For me, it looks like that:

juniper@vMX> show version
Hostname: vMX
Model: vmx
Junos: 16.1R1.7
JUNOS OS Kernel 64-bit  [20160624.329953_builder_stable_10]
JUNOS OS libs [20160624.329953_builder_stable_10]
JUNOS OS runtime [20160624.329953_builder_stable_10]
[...]

Maybe you have an early version (something before 14.1)?
--
The Public is merely a multiplied "me."
-- Mark Twain

___
juniper-nsp mailing list juniper-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Roger Wiklund 
Spend your money on a decent server instead and run Wistar + vRR

https://github.com/Juniper/wistar

/Roger

On Tue, Jun 27, 2017 at 11:24 PM, Doug McIntyre  wrote:
> On Tue, Jun 27, 2017 at 08:57:10PM +, Simone Spinelli wrote:
>> For study/personal lab I would also take a look at firefly image for
>> vagrant.
>
> FWIW: firefly == vSRX, already mentioned in this thread.
>
>
> Somebody else writes (sorry, too much quoting cruft to keep it all straight).
>> > I thought this was vMX.  Is it?
>> >
>> > root@r8-j> show version
>> > Hostname: r8-jF3.11 built 2015-10-27 19:44:47 UTC
>> > Model: olive
>> > Junos: 15.1F3.11
>
> Yes, this is an early testing version of vMX. They changed it
> considerably about a year ago and made it production worthy.
>
> The earliest versions did report olive (which really is just what
> any regular JunOS supervisor engine code reports if it is running
> on a FreeBSD box of anykind without the special hardware that makes
> real things go).
>
> When the new version of vMX was released about a year ago, it no
> longer reported that way, so try upgrading it to the latest code?
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Doug McIntyre 
On Tue, Jun 27, 2017 at 08:57:10PM +, Simone Spinelli wrote:
> For study/personal lab I would also take a look at firefly image for
> vagrant.

FWIW: firefly == vSRX, already mentioned in this thread. 


Somebody else writes (sorry, too much quoting cruft to keep it all straight).
> > I thought this was vMX.  Is it?
> >
> > root@r8-j> show version
> > Hostname: r8-jF3.11 built 2015-10-27 19:44:47 UTC
> > Model: olive
> > Junos: 15.1F3.11

Yes, this is an early testing version of vMX. They changed it
considerably about a year ago and made it production worthy.

The earliest versions did report olive (which really is just what
any regular JunOS supervisor engine code reports if it is running
on a FreeBSD box of anykind without the special hardware that makes
real things go).

When the new version of vMX was released about a year ago, it no
longer reported that way, so try upgrading it to the latest code?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Simone Spinelli 
Hi all,

For study/personal lab I would also take a look at firefly image for
vagrant.
https://atlas.hashicorp.com/juniper

It is free at my knowledge and you can use vagrant to define entire
topologies.
You can use it with virtual box as hypervisor and maybe play with a
ansible.

What I don't know is if it supports all the features you said.

My 2cents.

Simone

On Tue, 27 Jun 2017 at 22:51, Valentini Lucio <
lucio.valent...@bvg-systemhaus.it> wrote:

> Olive ist he free version of Junos, tolerated but not supported by Juniper
> as far as I know. It´s made for research and educational purposes, not
> production.
>
> Hope this helps,
>
> Cheers
>
> LV
>
>
>
> -Ursprüngliche Nachricht-
> Von: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] Im Auftrag
> von Aaron Gould
> Gesendet: Dienstag, 27. Juni 2017 22:02
> An: 'Vincent Bernat'
> Cc: juniper-nsp@puck.nether.net
> Betreff: Re: [j-nsp] cheapest juniper router capable of lsys
>
> Mine says...
>
> I thought this was vMX.  Is it?
>
> root@r8-j> show version
> Hostname: r8-jF3.11 built 2015-10-27 19:44:47 UTC
> Model: olive
> Junos: 15.1F3.11
> JUNOS Base OS boot [15.1F3.11]
> JUNOS Base OS Software Suite [15.1F3.11]
>
> - Aaron
>
> -Original Message-
> From: Vincent Bernat [mailto:ber...@luffy.cx]
> Sent: Tuesday, June 27, 2017 1:42 PM
> To: Aaron Gould <aar...@gvtc.com>
> Cc: 'Youssef Bengelloun-Zahr' <benge...@gmail.com>;
> juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] cheapest juniper router capable of lsys
>
>  ❦ 27 juin 2017 13:33 -0500, "Aaron Gould" <aar...@gvtc.com> :
>
> > I think on my vMX when I type "show version" it says "olive"  :|
>
> For me, it looks like that:
>
> juniper@vMX> show version
> Hostname: vMX
> Model: vmx
> Junos: 16.1R1.7
> JUNOS OS Kernel 64-bit  [20160624.329953_builder_stable_10]
> JUNOS OS libs [20160624.329953_builder_stable_10]
> JUNOS OS runtime [20160624.329953_builder_stable_10]
> [...]
>
> Maybe you have an early version (something before 14.1)?
> --
> The Public is merely a multiplied "me."
> -- Mark Twain
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Valentini Lucio 
Olive ist he free version of Junos, tolerated but not supported by Juniper as 
far as I know. It´s made for research and educational purposes, not production.

Hope this helps,

Cheers 

LV



-Ursprüngliche Nachricht-
Von: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] Im Auftrag von 
Aaron Gould
Gesendet: Dienstag, 27. Juni 2017 22:02
An: 'Vincent Bernat'
Cc: juniper-nsp@puck.nether.net
Betreff: Re: [j-nsp] cheapest juniper router capable of lsys

Mine says... 

I thought this was vMX.  Is it?

root@r8-j> show version
Hostname: r8-jF3.11 built 2015-10-27 19:44:47 UTC
Model: olive
Junos: 15.1F3.11
JUNOS Base OS boot [15.1F3.11]
JUNOS Base OS Software Suite [15.1F3.11]

- Aaron

-Original Message-
From: Vincent Bernat [mailto:ber...@luffy.cx]
Sent: Tuesday, June 27, 2017 1:42 PM
To: Aaron Gould <aar...@gvtc.com>
Cc: 'Youssef Bengelloun-Zahr' <benge...@gmail.com>; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] cheapest juniper router capable of lsys

 ❦ 27 juin 2017 13:33 -0500, "Aaron Gould" <aar...@gvtc.com> :

> I think on my vMX when I type "show version" it says "olive"  :|

For me, it looks like that:

juniper@vMX> show version
Hostname: vMX
Model: vmx
Junos: 16.1R1.7
JUNOS OS Kernel 64-bit  [20160624.329953_builder_stable_10]
JUNOS OS libs [20160624.329953_builder_stable_10]
JUNOS OS runtime [20160624.329953_builder_stable_10]
[...]

Maybe you have an early version (something before 14.1)?
--
The Public is merely a multiplied "me."
-- Mark Twain

___
juniper-nsp mailing list juniper-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Aaron Gould 
Mine says... 

I thought this was vMX.  Is it?

root@r8-j> show version
Hostname: r8-jF3.11 built 2015-10-27 19:44:47 UTC
Model: olive
Junos: 15.1F3.11
JUNOS Base OS boot [15.1F3.11]
JUNOS Base OS Software Suite [15.1F3.11]

- Aaron

-Original Message-
From: Vincent Bernat [mailto:ber...@luffy.cx] 
Sent: Tuesday, June 27, 2017 1:42 PM
To: Aaron Gould <aar...@gvtc.com>
Cc: 'Youssef Bengelloun-Zahr' <benge...@gmail.com>; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] cheapest juniper router capable of lsys

 ❦ 27 juin 2017 13:33 -0500, "Aaron Gould" <aar...@gvtc.com> :

> I think on my vMX when I type "show version" it says "olive"  :|

For me, it looks like that:

juniper@vMX> show version
Hostname: vMX
Model: vmx
Junos: 16.1R1.7
JUNOS OS Kernel 64-bit  [20160624.329953_builder_stable_10]
JUNOS OS libs [20160624.329953_builder_stable_10]
JUNOS OS runtime [20160624.329953_builder_stable_10]
[...]

Maybe you have an early version (something before 14.1)?
-- 
The Public is merely a multiplied "me."
-- Mark Twain

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Saku Ytti 
On 27 June 2017 at 21:37, Aaron Gould  wrote:
> Thanks Farid,  I think I heard of something like the Junos slicing
> recently... like it allows you to run different Junos software revs in
> things like lsys's...

routing-instance is separate RIB/FIB (potentially)
lsys is separate RPD
'slicing' is separate FreeBSD KVM (on top of Linux hypervisor).

-- 
  ++ytti
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Vincent Bernat 
 ❦ 27 juin 2017 13:33 -0500, "Aaron Gould"  :

> I think on my vMX when I type "show version" it says "olive"  :|

For me, it looks like that:

juniper@vMX> show version
Hostname: vMX
Model: vmx
Junos: 16.1R1.7
JUNOS OS Kernel 64-bit  [20160624.329953_builder_stable_10]
JUNOS OS libs [20160624.329953_builder_stable_10]
JUNOS OS runtime [20160624.329953_builder_stable_10]
[...]

Maybe you have an early version (something before 14.1)?
-- 
The Public is merely a multiplied "me."
-- Mark Twain
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Aaron Gould 
Thanks Farid,  I think I heard of something like the Junos slicing
recently... like it allows you to run different Junos software revs in
things like lsys's... 

-Aaron Gould


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Aaron Gould 
Thanks Vincent, My vMX and older Olives seem to operate similarly... but I will 
say, that neither of them have I ever been able to forward layer 2 traffic over 
bridging or mpls l2vpn/vpls

I am probably not doing something right, especially if you are telling me the 
vMX should be able to forward L2

I think on my vMX when I type "show version" it says "olive"  :|

You mentioned "I didn't try anything fancy myself, but IRB is running without 
any problem."  But that's still routing right ?  ...via IRB ?

My vMX and also older Olives do routing and MPLS L3VPN's nicely.

My Cisco XRv, Junos Olive, Junos vMX, runs on a virtual computer sitting in a 
data center with lots of cpu and mem assigned to it.

I'd love to try to figure out why my vMX won't forward layer 2 bridging and 
mpls l2circuts and vpls...

...but at the moment I'm satisfied with my MX104 in my lab running 15 lsys's.  
Quite Nice.

- Aaron Gould


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Vincent Bernat 
 ❦ 27 juin 2017 10:53 -0500, "Aaron Gould"  :

> Thanks Vincent, a coworker and myself were able to fire up a few lsys's on 
> olive/vmx
>
> The problem I have the vmx/olive on my gns3 box is that I have
> forwarding issues with layer 2 type stuff.  I used GNS3/olive/vmx for
> lots of routing/mpls l3vpn testing, but layer 2 stuff never worked for
> me.  Is there a way to get l2circuit and bridging and vpls to work and
> actually pass traffic in vmx/olive ?

You seem to assume Olive and vMX are the same thing. I believe Olive was
a hack to run JunOS using FreeBSD. You got a control plane and no real
dataplane (all data forwarding was delegated to JunOS which I suppose
was able to do IP routing, but not bridging).

On the other hand, vMX comes with a supported JunOS VM as a control
plane and one or several VM acting as data plane. Those VM translate
instructions for the Trio chipset into x86 instructions. All features
available in a real MX should be available in the vMX. I didn't try
anything fancy myself, but IRB is running without any problem.

The downside of the vMX for experimentation is that it is very CPU
hungry. The dataplane VMs are using a busy loop to catch packets and
they will use 100% of the CPU you allocate to them. They also need a lot
of memory. The same applies for all other similar products from Juniper
(vSRX, vQFX). Older versions of the vSRX are lighter, notably the
Firefly appliance (vSRX 12.something).
-- 
Make sure all variables are initialised before use.
- The Elements of Programming Style (Kernighan & Plauger)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Aaron Gould 
Thanks Vincent, a coworker and myself were able to fire up a few lsys's on 
olive/vmx

The problem I have the vmx/olive on my gns3 box is that I have forwarding 
issues with layer 2 type stuff.  I used GNS3/olive/vmx for lots of routing/mpls 
l3vpn testing, but layer 2 stuff never worked for me.  Is there a way to get 
l2circuit and bridging and vpls to work and actually pass traffic in vmx/olive ?

-Aaron


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Aaron Gould 
Thanks Mike, SRX210 will do lsys too ?

 

-Aaron 

 

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Aaron Gould 
Thanks Giuliano , Is contrail free ?  I have juniper contracts with my gear,
could I get contrail?

Is contrail a cloud-based  thing ?

-Aaron 


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Tomasz Mikołajek 
Bow many CPU and RAM You use?

W dniu wt., 27.06.2017 o 16:51 Giuliano C. Medalha <giuli...@wztech.com.br>
napisał(a):

> You can use JUNIPER CONTRAIL with a lot of VSRX.  One per client.
>
> It is a better solution.
>
> We are using here with lots of success together with our automation tool.
>
> Att
>
> Giuliano
>
> -Original Message-
> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf
> Of Mike Azevedo
> Sent: terça-feira, 27 de junho de 2017 11:37
> To: Aaron Gould <aar...@gvtc.com>
> Cc: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] cheapest juniper router capable of lsys
>
> SRX210 will do it all.
>
>
>
> On Tue, Jun 27, 2017 at 6:52 AM, Aaron Gould <aar...@gvtc.com> wrote:
>
> > What is the cheapest juniper router I could get on ebay or whatever
> > site you all suggest as a home/personal lab router that would be able
> > to do 10 or 15 logical systems for lab testing, and some of the
> > following SP features ?
> >
> >
> >
> > I don't care if it's old, obsolete and fairly slow. I just want it to
> > be able to be used for things like pursuing juniper certifications
> > along the SP track, JNCIS-SP, JNCIP-SP, etc.
> >
> >
> >
> > ISIS
> >
> > OSPF
> >
> > BGP
> >
> > MPLS
> >
> > LDP
> >
> > L2VPN/VPLS
> >
> > L3VPN
> >
> >
> >
> > -Aaron Gould
> >
> > ___
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Giuliano C. Medalha 
You can use JUNIPER CONTRAIL with a lot of VSRX.  One per client. 

It is a better solution.

We are using here with lots of success together with our automation tool.

Att

Giuliano

-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of 
Mike Azevedo
Sent: terça-feira, 27 de junho de 2017 11:37
To: Aaron Gould <aar...@gvtc.com>
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] cheapest juniper router capable of lsys

SRX210 will do it all.



On Tue, Jun 27, 2017 at 6:52 AM, Aaron Gould <aar...@gvtc.com> wrote:

> What is the cheapest juniper router I could get on ebay or whatever 
> site you all suggest as a home/personal lab router that would be able 
> to do 10 or 15 logical systems for lab testing, and some of the 
> following SP features ?
>
>
>
> I don't care if it's old, obsolete and fairly slow. I just want it to 
> be able to be used for things like pursuing juniper certifications 
> along the SP track, JNCIS-SP, JNCIP-SP, etc.
>
>
>
> ISIS
>
> OSPF
>
> BGP
>
> MPLS
>
> LDP
>
> L2VPN/VPLS
>
> L3VPN
>
>
>
> -Aaron Gould
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Tomasz Mikołajek 
You can configure routing-instance with type virtual-router. I am not sure
ig You can configure L3VPN.

W dniu wt., 27.06.2017 o 14:43 Vincent Bernat  napisał(a):

>  ❦ 27 juin 2017 14:07 +0200, Youssef Bengelloun-Zahr  > :
>
> > Did you take a look at vMX or vSRX ? Not sure about l-sys support on
> > those ?
>
> vMX evaluation version supports l-sys. Didn't checked for vSRX. If there
> is no need to forward packets, vRR is a nice alternative as it won't use
> 100% of the CPU.
> --
> Don't stop at one bug.
> - The Elements of Programming Style (Kernighan & Plauger)
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Mike Azevedo 
SRX210 will do it all.



On Tue, Jun 27, 2017 at 6:52 AM, Aaron Gould  wrote:

> What is the cheapest juniper router I could get on ebay or whatever site
> you
> all suggest as a home/personal lab router that would be able to do 10 or 15
> logical systems for lab testing, and some of the following SP features ?
>
>
>
> I don't care if it's old, obsolete and fairly slow. I just want it to be
> able to be used for things like pursuing juniper certifications along the
> SP
> track, JNCIS-SP, JNCIP-SP, etc.
>
>
>
> ISIS
>
> OSPF
>
> BGP
>
> MPLS
>
> LDP
>
> L2VPN/VPLS
>
> L3VPN
>
>
>
> -Aaron Gould
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Vincent Bernat 
 ❦ 27 juin 2017 14:07 +0200, Youssef Bengelloun-Zahr  :

> Did you take a look at vMX or vSRX ? Not sure about l-sys support on
> those ?

vMX evaluation version supports l-sys. Didn't checked for vSRX. If there
is no need to forward packets, vRR is a nice alternative as it won't use
100% of the CPU.
-- 
Don't stop at one bug.
- The Elements of Programming Style (Kernighan & Plauger)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Youssef Bengelloun-Zahr 
Dear Aaron,

Did you take a look at vMX or vSRX ? Not sure about l-sys support on those ?

Best regards.



2017-06-27 13:52 GMT+02:00 Aaron Gould :

> What is the cheapest juniper router I could get on ebay or whatever site
> you
> all suggest as a home/personal lab router that would be able to do 10 or 15
> logical systems for lab testing, and some of the following SP features ?
>
>
>
> I don't care if it's old, obsolete and fairly slow. I just want it to be
> able to be used for things like pursuing juniper certifications along the
> SP
> track, JNCIS-SP, JNCIP-SP, etc.
>
>
>
> ISIS
>
> OSPF
>
> BGP
>
> MPLS
>
> LDP
>
> L2VPN/VPLS
>
> L3VPN
>
>
>
> -Aaron Gould
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] cheapest juniper router capable of lsys

2017-06-27 Thread Aaron Gould 
What is the cheapest juniper router I could get on ebay or whatever site you
all suggest as a home/personal lab router that would be able to do 10 or 15
logical systems for lab testing, and some of the following SP features ?

 

I don't care if it's old, obsolete and fairly slow. I just want it to be
able to be used for things like pursuing juniper certifications along the SP
track, JNCIS-SP, JNCIP-SP, etc.

 

ISIS

OSPF

BGP

MPLS

LDP

L2VPN/VPLS

L3VPN

 

-Aaron Gould

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp