Re: Cheap Juniper Gear for Lab

[Bret Clark]

On 04/10/2012 12:31 AM, Steven King wrote:

Hello All,

I am tasked with replacing an old linux router setup with Juniper gear
in the near future. Though I am a Cisco guy myself.

Does anyone know of any older cheap Juniper gear I might find on Ebay so
that I may build a home lab without going broke?

Thanks!

http://www.ebay.com/sch/Networking-Communications-/11176/i.html?_from=R40&_nkw=juniper 
 

Re: AT&T DSL bypass first line

[Faisal Imtiaz]

Yes, you can ask them to change the 'profile', which can make things 
more stable.


Or you can dump you switch your DSL out for Uverse (Internet Only)...
Which is sold online (only) without any bundle.
In most cases you can end up with more bandwidth at the same or lower cost.

http://www.att.com/u-verse/shop/index.jsp?shopFilterId=51#fbid=y_8VIHP6LWJ

Faisal Imtiaz
Snappy Internet&  Telecom
7266 SW 48 Street
Miami, Fl 33155
Tel: 305 663 5518 x 232
Helpdesk: 305 663 5518 option 2 Email: supp...@snappydsl.net


On 4/10/2012 1:45 AM, Seth Mattinen wrote:

On 4/9/12 8:21 PM, Brandon Ewing wrote:

I've been an AT&T DSL customer for 3+ years, with no issues until
they started sending people into my neighborhood to "start
retrofitting for UVerse".  Since they've visited, my PPPoE has
dropped once an hour, many times requiring me to restart my router
(Cisco 877) to get my virtual interface to come back up.

Speaking with the front line on the phone has given me nothing but
problems (in their defense, I do have a non-standard modem) --
could someone with knowledge provide me with a way to bypass the
CSRs and speak to someone with clue to work out debug logs and
figure out why I am suddenly an unhappy AT&T customer?



The same thing happened to me. You can try asking them to simply
change the line from "fastpath" to "interleaved" or lower the sync
rate. I was transferred to someone who made the changes live on the phone.

After they retrofitted my neighborhood for Uverse, fastpath would no
longer hold sync. I ultimately had to give up ADSL via my 877W because
AT&T coincidentally no longer offered anything better than 2Mbps ADSL
after the Uverse changes rolled through.

~Seth

Re: Cheap Juniper Gear for Lab

[Julien Goodwin]

On 10/04/12 14:31, Steven King wrote:
> I am tasked with replacing an old linux router setup with Juniper gear
> in the near future. Though I am a Cisco guy myself.
> 
> Does anyone know of any older cheap Juniper gear I might find on Ebay so
> that I may build a home lab without going broke?

A slightly more useful way of answering this then just pointing to eBay
is to give some candidates.

Routing/switching *config*, firewalling - Branch SRX / J

The lower end SRX, and J series devices are nice as they take nearly all
the config (except MX-type bridging, and some EX bits), including MPLS.

Switching - EX [34]200

The 4200 & 3200 are essentially the flagship, and if you can only buy
one switch for a lab make it one of those

Routing - M5/10/7i/10i/20

A bunch of the smaller and older M series kit is now fairly cheaply
available. These are still quite nice boxes, and support SONET and ATM
unlike the platforms above should you need them.

MX Routing - MX 80 (new)

The MX80 (or as locked 5/10/40 variants) is by far the cheapest way to
test the MX-specific ethernet services, as long as you don't want BRAS
functionality.

Juniper do have a bunch more lines, but those are the most common
(there's also the E/ERX BRAS boxes and ScreenOS firewalls, but both are
not long for this world).

If you just want one box to get to know the OS an SRX2X0 (or possibly a
100) is by far the most flexible way, and can be had for < $500 used).

Re: Cheap Juniper Gear for Lab

[Dan Brisson]

I think GNS3 can emulate Juniper devices.

http://www.gns3.net/

-dan


Dan Brisson
Network Engineer
University of Vermont
(Ph) 802.656.8111
dbris...@uvm.edu


On 4/10/12 12:31 AM, Steven King wrote:

Hello All,

I am tasked with replacing an old linux router setup with Juniper gear 
in the near future. Though I am a Cisco guy myself.


Does anyone know of any older cheap Juniper gear I might find on Ebay 
so that I may build a home lab without going broke?


Thanks!

Re: AT&T DSL bypass first line

[Jonathan Rogers]

I can vouch for Uverse being excellent service, at least in my area
(Atlanta). It's fast, it hasn't gone down once in over a year since I got
it, and I went ahead and got the Uverse TV service as well which has proven
to be a better deal than cable offerings in my area (satellite isn't an
option due to the arrangement of my property). The 2WIRE gateway they
provide is surprisingly capable. Port forwarding, the ability to scan the
wifi spectrum to see what channels are occupied, and a lot more. I haven't
found the need to replace it although it doesn't support 802.11n so I'm
going to add an AP at some point.

Jonathan


On Tue, Apr 10, 2012 at 8:38 AM, Faisal Imtiaz  wrote:

> Yes, you can ask them to change the 'profile', which can make things more
> stable.
>
> Or you can dump you switch your DSL out for Uverse (Internet Only)...
> Which is sold online (only) without any bundle.
> In most cases you can end up with more bandwidth at the same or lower cost.
>
> http://www.att.com/u-verse/**shop/index.jsp?shopFilterId=**
> 51#fbid=y_8VIHP6LWJ
>
> Faisal Imtiaz
> Snappy Internet&  Telecom
> 7266 SW 48 Street
> Miami, Fl 33155
> Tel: 305 663 5518 x 232
> Helpdesk: 305 663 5518 option 2 Email: supp...@snappydsl.net
>
>
>
> On 4/10/2012 1:45 AM, Seth Mattinen wrote:
>
>> On 4/9/12 8:21 PM, Brandon Ewing wrote:
>>
>>> I've been an AT&T DSL customer for 3+ years, with no issues until
>>> they started sending people into my neighborhood to "start
>>> retrofitting for UVerse".  Since they've visited, my PPPoE has
>>> dropped once an hour, many times requiring me to restart my router
>>> (Cisco 877) to get my virtual interface to come back up.
>>>
>>> Speaking with the front line on the phone has given me nothing but
>>> problems (in their defense, I do have a non-standard modem) --
>>> could someone with knowledge provide me with a way to bypass the
>>> CSRs and speak to someone with clue to work out debug logs and
>>> figure out why I am suddenly an unhappy AT&T customer?
>>>
>>>
>> The same thing happened to me. You can try asking them to simply
>> change the line from "fastpath" to "interleaved" or lower the sync
>> rate. I was transferred to someone who made the changes live on the phone.
>>
>> After they retrofitted my neighborhood for Uverse, fastpath would no
>> longer hold sync. I ultimately had to give up ADSL via my 877W because
>> AT&T coincidentally no longer offered anything better than 2Mbps ADSL
>> after the Uverse changes rolled through.
>>
>> ~Seth
>>
>>
>>
>
>

Re: Cheap Juniper Gear for Lab

[Owen DeLong]

On Apr 10, 2012, at 5:58 AM, Julien Goodwin wrote:

> On 10/04/12 14:31, Steven King wrote:
>> I am tasked with replacing an old linux router setup with Juniper gear
>> in the near future. Though I am a Cisco guy myself.
>> 
>> Does anyone know of any older cheap Juniper gear I might find on Ebay so
>> that I may build a home lab without going broke?
> 
> A slightly more useful way of answering this then just pointing to eBay
> is to give some candidates.
> 
> Routing/switching *config*, firewalling - Branch SRX / J
> 
> The lower end SRX, and J series devices are nice as they take nearly all
> the config (except MX-type bridging, and some EX bits), including MPLS.
> 

But not so nice in that they run Services JunOS instead of real JunOS meaning 
that they behave like Netscreens with a JunOS style configuration file instead 
of behaving like Junipers.

If you're wanting to model Services JunOS, then, yes, the SRX-100 is a good 
candidate and dirt cheap.

If you want real JunOS, avoid SRX or J series at all costs.

> Juniper do have a bunch more lines, but those are the most common
> (there's also the E/ERX BRAS boxes and ScreenOS firewalls, but both are
> not long for this world).
> 

Don't forget their SSL VPN boxes which are an acquired doesn't behave at all 
like a Juniper device line of products.

> If you just want one box to get to know the OS an SRX2X0 (or possibly a
> 100) is by far the most flexible way, and can be had for < $500 used).

With the caveat about Services JunOS above.

Owen

Re: Cheap Juniper Gear for Lab

[Tim Eberhard]

I find it humorous that you think J/SRX junos isn't real junos.

So what makes it not real junos? The fact it has a flowd process? Lets
technically talk about this for a moment.

Realistically one of the only differences between "flow based junos"
and the legacy "packet based junos" is the flowd process. Which can be
easily bypassed by issuing a couple of configuration commands. So what
exactly makes this platform/code so horrible and not "real" junos?

If anything to me it's a better platform to deploy and learn on. It's
more flexible as it comes with more advanced flow based features but
they are optional. There are certain limitations as mentioned
previously around the switching and class of service however these
same feature limitations were also in the "real" junos low end
devices.

If there are other differences that I am unaware of then by all means
feel free to educate me. I am well aware that branch devices don't
have the capabilities of the MX/M series in regards to ATM and other
such specific platforms, but you called this "not real junos". So lets
keep any responses limited to that aspect.

-Tim Eberhard



On Tue, Apr 10, 2012 at 1:33 PM, Owen DeLong  wrote:

> If you want real JunOS, avoid SRX or J series at all costs.
>
>> Juniper do have a bunch more lines, but those are the most common
>> (there's also the E/ERX BRAS boxes and ScreenOS firewalls, but both are
>> not long for this world).
>>
>
> Don't forget their SSL VPN boxes which are an acquired doesn't behave at all 
> like a Juniper device line of products.
>
>> If you just want one box to get to know the OS an SRX2X0 (or possibly a
>> 100) is by far the most flexible way, and can be had for < $500 used).
>
> With the caveat about Services JunOS above.
>
> Owen
>
>

Re: AT&T DSL bypass first line

[Seth Mattinen]

On 4/10/12 5:38 AM, Faisal Imtiaz wrote:
> Yes, you can ask them to change the 'profile', which can make things
> more stable.
> 
> Or you can dump you switch your DSL out for Uverse (Internet Only)...
> Which is sold online (only) without any bundle.
> In most cases you can end up with more bandwidth at the same or lower cost.
> 

I did indeed end up switching to Uverse because it was the same price as
ADSL. The Uverse CPE can hand off its public address to a connected
device as well, so it doesn't preclude running your own router if you
have a need to do so.

~Seth

Re: Cheap Juniper Gear for Lab

[lorddoskias]

On 4/10/2012 5:31 AM, Steven King wrote:

Hello All,

I am tasked with replacing an old linux router setup with Juniper gear 
in the near future. Though I am a Cisco guy myself.


Does anyone know of any older cheap Juniper gear I might find on Ebay 
so that I may build a home lab without going broke?


Thanks!

Have you considered this 
http://www.juniper.net/us/en/products-services/software/junos-platform/junosphere/lab/ 




Regards,
N.

Re: AT&T DSL bypass first line

[harold barker]

Can uverse do Proxy ARP?  Last time i tried, it made such a mess that i moved 
to Comcast.

Re: Cheap Juniper Gear for Lab

[Owen DeLong]

On Apr 10, 2012, at 7:24 AM, Tim Eberhard wrote:

> I find it humorous that you think J/SRX junos isn't real junos.
> 
> So what makes it not real junos? The fact it has a flowd process? Lets
> technically talk about this for a moment.
> 

The fact that you can't put it into flow mode.

> Realistically one of the only differences between "flow based junos"
> and the legacy "packet based junos" is the flowd process. Which can be
> easily bypassed by issuing a couple of configuration commands. So what
> exactly makes this platform/code so horrible and not "real" junos?

Actually, not. Try again. It can be partially bypassed. There are real and
serious differences in how forwarding works in flow-based JunOS and
how it behaves under many circumstances.

> If anything to me it's a better platform to deploy and learn on. It's
> more flexible as it comes with more advanced flow based features but
> they are optional. There are certain limitations as mentioned
> previously around the switching and class of service however these
> same feature limitations were also in the "real" junos low end
> devices.

They aren't entirely optional and that is the problem. You can't actually
completely bypass them and they do sometimes get in the way.

> If there are other differences that I am unaware of then by all means
> feel free to educate me. I am well aware that branch devices don't
> have the capabilities of the MX/M series in regards to ATM and other
> such specific platforms, but you called this "not real junos". So lets
> keep any responses limited to that aspect.

I believe that the flow-based routing goes quite a bit deeper than
just having a flowd. It causes a number of problems with tunnel
recursion among other things.

Sure, if you want a firewall, flow-based JunOS is a pretty nice set of
firewall features. However, if you just want to forward packets, it can
really suck to have to work around it's flow-based "features".

Owen

> 
> -Tim Eberhard
> 
> 
> 
> On Tue, Apr 10, 2012 at 1:33 PM, Owen DeLong  wrote:
> 
>> If you want real JunOS, avoid SRX or J series at all costs.
>> 
>>> Juniper do have a bunch more lines, but those are the most common
>>> (there's also the E/ERX BRAS boxes and ScreenOS firewalls, but both are
>>> not long for this world).
>>> 
>> 
>> Don't forget their SSL VPN boxes which are an acquired doesn't behave at all 
>> like a Juniper device line of products.
>> 
>>> If you just want one box to get to know the OS an SRX2X0 (or possibly a
>>> 100) is by far the most flexible way, and can be had for < $500 used).
>> 
>> With the caveat about Services JunOS above.
>> 
>> Owen
>> 
>> 

Re: Cheap Juniper Gear for Lab

[brian nikell]

http://www.juniper.net/us/en/products-services/software/junos-platform/junosphere/lab/



On Mon, Apr 9, 2012 at 10:31 PM, Steven King  wrote:

> Hello All,
>
> I am tasked with replacing an old linux router setup with Juniper gear in
> the near future. Though I am a Cisco guy myself.
>
> Does anyone know of any older cheap Juniper gear I might find on Ebay so
> that I may build a home lab without going broke?
>
> Thanks!
>
> --
> Steve King
>
> Network/Linux Engineer - AdSafe Media
> Cisco Certified Network Professional
> CompTIA Linux+ Certified Professional
> CompTIA A+ Certified Professional
>
>
>


-- 
-B

Re: Cheap Juniper Gear for Lab

[telmnstr]

Does anyone know of any older cheap Juniper gear I might find on Ebay so that 
I may build a home lab without going broke?


I got my J series cheap off of ebay because it wouldn't power on. Turns 
out getting a replacement power supply was very difficult from Juniper or 
the manufacturer of the power supply. I ended up rebuilding a PC supply to 
do the job.


Now to find rack ears and a module slot cover. Juniper quoted $150+ for 
the rack ears. If I can find a set, I think I might look to make a bunch 
of them.

AMS-IX for local loop

[Shacolby Jackson]

I know this is a bit off topic since Amsterdam isn't exactly in North
America but... Has anyone used AMS-IX for a private interconnect from one
datacenter to another to avoid a classic local loop to another party or
provider? For example, I'm in Equinix but might want to connect directly to
someone at Interxion.

-shac

Re: Cheap Juniper Gear for Lab

[Eduardo Schoedler]

There is no "olives".
;-)

-- 
Eduardo Schoedler




Em 10 de abril de 2012 10:03, Dan Brisson  escreveu:

> I think GNS3 can emulate Juniper devices.
>
> http://www.gns3.net/
>
> -dan
>
>
> Dan Brisson
> Network Engineer
> University of Vermont
> (Ph) 802.656.8111
> dbris...@uvm.edu
>
>
>
> On 4/10/12 12:31 AM, Steven King wrote:
>
>> Hello All,
>>
>> I am tasked with replacing an old linux router setup with Juniper gear in
>> the near future. Though I am a Cisco guy myself.
>>
>> Does anyone know of any older cheap Juniper gear I might find on Ebay so
>> that I may build a home lab without going broke?
>>
>> Thanks!
>>
>>
>


-- 
Eduardo Schoedler
ESDS Consultoria de TI

Re: AMS-IX for local loop

[Aris Lambrianidis]

Shacolby Jackson  bluejeans.com> writes:

> 
> I know this is a bit off topic since Amsterdam isn't exactly in North
> America but... Has anyone used AMS-IX for a private interconnect from one
> datacenter to another to avoid a classic local loop to another party or
> provider? For example, I'm in Equinix but might want to connect directly to
> someone at Interxion.
> 
> -shac
> 
> 


Hello Shac,

Yes. Please see http://www.ams-ix.net/private-interconnect/

--Aris

Re: Cheap Juniper Gear for Lab

[Owen DeLong]

On Apr 10, 2012, at 7:58 AM, Owen DeLong wrote:

> 
> On Apr 10, 2012, at 7:24 AM, Tim Eberhard wrote:
> 
>> I find it humorous that you think J/SRX junos isn't real junos.
>> 
>> So what makes it not real junos? The fact it has a flowd process? Lets
>> technically talk about this for a moment.
>> 
> 
> The fact that you can't put it into flow mode.
s/flow/packet/
(oops, wasn't awake yet)

> 
>> Realistically one of the only differences between "flow based junos"
>> and the legacy "packet based junos" is the flowd process. Which can be
>> easily bypassed by issuing a couple of configuration commands. So what
>> exactly makes this platform/code so horrible and not "real" junos?
> 
> Actually, not. Try again. It can be partially bypassed. There are real and
> serious differences in how forwarding works in flow-based JunOS and
> how it behaves under many circumstances.
> 
>> If anything to me it's a better platform to deploy and learn on. It's
>> more flexible as it comes with more advanced flow based features but
>> they are optional. There are certain limitations as mentioned
>> previously around the switching and class of service however these
>> same feature limitations were also in the "real" junos low end
>> devices.
> 
> They aren't entirely optional and that is the problem. You can't actually
> completely bypass them and they do sometimes get in the way.
> 
>> If there are other differences that I am unaware of then by all means
>> feel free to educate me. I am well aware that branch devices don't
>> have the capabilities of the MX/M series in regards to ATM and other
>> such specific platforms, but you called this "not real junos". So lets
>> keep any responses limited to that aspect.
> 
> I believe that the flow-based routing goes quite a bit deeper than
> just having a flowd. It causes a number of problems with tunnel
> recursion among other things.
> 
> Sure, if you want a firewall, flow-based JunOS is a pretty nice set of
> firewall features. However, if you just want to forward packets, it can
> really suck to have to work around it's flow-based "features".
> 
> Owen
> 
>> 
>> -Tim Eberhard
>> 
>> 
>> 
>> On Tue, Apr 10, 2012 at 1:33 PM, Owen DeLong  wrote:
>> 
>>> If you want real JunOS, avoid SRX or J series at all costs.
>>> 
 Juniper do have a bunch more lines, but those are the most common
 (there's also the E/ERX BRAS boxes and ScreenOS firewalls, but both are
 not long for this world).
 
>>> 
>>> Don't forget their SSL VPN boxes which are an acquired doesn't behave at 
>>> all like a Juniper device line of products.
>>> 
 If you just want one box to get to know the OS an SRX2X0 (or possibly a
 100) is by far the most flexible way, and can be had for < $500 used).
>>> 
>>> With the caveat about Services JunOS above.
>>> 
>>> Owen
>>> 
>>> 
> 

RE: AMS-IX for local loop

[Eric Krichbaum]

I just checked.  It was uploaded.The database was backed up with version
10.50.1600 (SQL Server 2008R2) and this is running 10.00.5500 (SQL Server
2008) and reporting an error.  I'll have to reload the server version before
I can import that db.

-Original Message-
From: Aris Lambrianidis [mailto:aris...@hotmail.com] 
Sent: Tuesday, April 10, 2012 1:49 PM
To: nanog@nanog.org
Subject: Re: AMS-IX for local loop

Shacolby Jackson  bluejeans.com> writes:

> 
> I know this is a bit off topic since Amsterdam isn't exactly in North 
> America but... Has anyone used AMS-IX for a private interconnect from 
> one datacenter to another to avoid a classic local loop to another 
> party or provider? For example, I'm in Equinix but might want to 
> connect directly to someone at Interxion.
> 
> -shac
> 
> 


Hello Shac,

Yes. Please see http://www.ams-ix.net/private-interconnect/

--Aris

RE: AMS-IX for local loop

[Eric Krichbaum]

Apologies for the list noise. 

-Original Message-
From: Eric Krichbaum [mailto:e...@telic.us] 
Sent: Tuesday, April 10, 2012 2:08 PM
To: 'Aris Lambrianidis'; nanog@nanog.org
Subject: RE: AMS-IX for local loop

I just checked.  It was uploaded.The database was backed up with version
10.50.1600 (SQL Server 2008R2) and this is running 10.00.5500 (SQL Server
2008) and reporting an error.  I'll have to reload the server version before
I can import that db.

-Original Message-
From: Aris Lambrianidis [mailto:aris...@hotmail.com]
Sent: Tuesday, April 10, 2012 1:49 PM
To: nanog@nanog.org
Subject: Re: AMS-IX for local loop

Shacolby Jackson  bluejeans.com> writes:

> 
> I know this is a bit off topic since Amsterdam isn't exactly in North 
> America but... Has anyone used AMS-IX for a private interconnect from 
> one datacenter to another to avoid a classic local loop to another 
> party or provider? For example, I'm in Equinix but might want to 
> connect directly to someone at Interxion.
> 
> -shac
> 
> 


Hello Shac,

Yes. Please see http://www.ams-ix.net/private-interconnect/

--Aris

Re: Cheap Juniper Gear for Lab

[Jimmy Hess]

On Tue, Apr 10, 2012 at 9:24 AM, Tim Eberhard  wrote:
> I find it humorous that you think J/SRX junos isn't real junos.
>
If it runs JunOS, then yeah, it's real JunOS.   It might not have the
feature you're looking for, but that's something different.

The  Juniper ERX edge routers are what isn't  "real"  JunOS.
It's as if they were trying to make a clone of the IOS CLI:

http://www.juniper.net/techpubs/en_US/junose10.2/information-products/topic-collections/swconfig-system-basics/id-21972.html#jd0e9955

--
-JH

Re: Cheap Juniper Gear for Lab

[Randy Bush]

> http://www.juniper.net/us/en/products-services/software/junos-platform/junosphere/lab/
>  

use.  like.

randy

Re: Cheap Juniper Gear for Lab

[Mark Kamichoff]

On Tue, Apr 10, 2012 at 11:57:31AM -0700, Owen DeLong wrote:
> > The fact that you can't put it into flow mode.
> s/flow/packet/
> (oops, wasn't awake yet)

Actually, this is possible:

prox@asgard> show configuration security 
forwarding-options {
family {
inet6 {
mode packet-based;
}
mpls {
mode packet-based;
}
}
}

The above is from an SRX210B, but the same configuration will work on
any J-series or /branch/ SRX-series platform.

Don't let the "mpls" keyword throw you off.  This actually causes the
box to run the inet /and/ mpls address families in packet mode.

- Mark

-- 
Mark Kamichoff
p...@prolixium.com
http://www.prolixium.com/


signature.asc
Description: Digital signature

Re: Cheap Juniper Gear for Lab

[Owen DeLong]

On Apr 10, 2012, at 4:05 PM, Jimmy Hess wrote:

> On Tue, Apr 10, 2012 at 9:24 AM, Tim Eberhard  wrote:
>> I find it humorous that you think J/SRX junos isn't real junos.
>> 
> If it runs JunOS, then yeah, it's real JunOS.   It might not have the
> feature you're looking for, but that's something different.
> 
No, it's not. Flow mode is NOT packet mode and it doesn't really ever run packet
mode in the current version. This has fundamental and significant impacts on the
way packets are handled when being forwarded through the box which come with
side-effects that cannot be overcome by mere configuration changes.

> The  Juniper ERX edge routers are what isn't  "real"  JunOS.
> It's as if they were trying to make a clone of the IOS CLI:
> 

Those are not JunOS at all. They don't really try to pretend to be.

The SRX and J-Series Services routers, OTOH, are most definitely pretending to 
be
JunOS while not behaving like JunOS at certain fundamental levels.

Owen

Re: Cheap Juniper Gear for Lab

[Tim Eberhard]

Owen,

While I know you are a smart engineer and obviously have been working
with this gear for a long time you're really not adding anything or
backing up your argument besides saying yet again the packet
forwarding is different. While this maybe true..It's my understanding
that enabling packet mode does turn it into a normal packet based
junos.

Admittedly I have limited experience with turning these branch devices
into pure packet mode so instead of repeating the same thing over and
over why not provide links and other documentation showing the
difference?

On Tue, Apr 10, 2012 at 8:23 PM, Owen DeLong  wrote:
>
> On Apr 10, 2012, at 4:05 PM, Jimmy Hess wrote:
>
>> On Tue, Apr 10, 2012 at 9:24 AM, Tim Eberhard  wrote:
>>> I find it humorous that you think J/SRX junos isn't real junos.
>>>
>> If it runs JunOS, then yeah, it's real JunOS.   It might not have the
>> feature you're looking for, but that's something different.
>>
> No, it's not. Flow mode is NOT packet mode and it doesn't really ever run 
> packet
> mode in the current version. This has fundamental and significant impacts on 
> the
> way packets are handled when being forwarded through the box which come with
> side-effects that cannot be overcome by mere configuration changes.
>
>> The  Juniper ERX edge routers are what isn't  "real"  JunOS.
>> It's as if they were trying to make a clone of the IOS CLI:
>>
>
> Those are not JunOS at all. They don't really try to pretend to be.
>
> The SRX and J-Series Services routers, OTOH, are most definitely pretending 
> to be
> JunOS while not behaving like JunOS at certain fundamental levels.
>
> Owen
>

Re: Cheap Juniper Gear for Lab

[Owen DeLong]

On Apr 10, 2012, at 6:02 PM, Mark Kamichoff wrote:

> On Tue, Apr 10, 2012 at 11:57:31AM -0700, Owen DeLong wrote:
>>> The fact that you can't put it into flow mode.
>> s/flow/packet/
>> (oops, wasn't awake yet)
> 
> Actually, this is possible:
> 
> prox@asgard> show configuration security 
> forwarding-options {
>family {
>inet6 {
>mode packet-based;
>}
>mpls {
>mode packet-based;
>}
>}
> }
> 
> The above is from an SRX210B, but the same configuration will work on
> any J-series or /branch/ SRX-series platform.
> 

Right, sort of. To the extent that it works. It doesn't actually do everything 
you
think it should, and, it's somewhat dependent on the version of JunOS as to
how well it does or doesn't work.

> Don't let the "mpls" keyword throw you off.  This actually causes the
> box to run the inet /and/ mpls address families in packet mode.
> 

I'm not unfamiliar or uninitiated in this regard. I had tickets with Juniper for
over a year and it escalated quite high up their escalation chain before they
finally admitted "Yeah, Services JunOS is different and it behaves differently
and if you need to do what you're trying to do, you should buy an M or MX
series."

It's quite unfortunate. I'd really like for the SRX series to not be so 
crippled for
my purposes.

Owen

Re: Cheap Juniper Gear for Lab

[Scott Weeks]

--- mysi...@gmail.com wrote:
From: Jimmy Hess 

The  Juniper ERX edge routers are what isn't  "real"  JunOS.
It's as if they were trying to make a clone of the IOS CLI:

http://www.juniper.net/techpubs/en_US/junose10.2/information-products/topic-collections/swconfig-system-basics/id-21972.html#jd0e9955
--


That's because Juniper bought the ERX series from Unisphere.  
It's not a "real" JunOS.  

My suggestion: if you make a lot of changes stay away from 
the ERXs, but if you don't do much to them they will mostly 
purr along just fine.  I was running them fairly hard, with 
30K plus ATM/DSL subs per router...

scott

Re: Cheap Juniper Gear for Lab

[Leigh Porter]

On 11 Apr 2012, at 02:34, "Owen DeLong"  wrote:.
> 
>> Don't let the "mpls" keyword throw you off.  This actually causes the
>> box to run the inet /and/ mpls address families in packet mode.
>> 
> 
> I'm not unfamiliar or uninitiated in this regard. I had tickets with Juniper 
> for
> over a year and it escalated quite high up their escalation chain before they
> finally admitted "Yeah, Services JunOS is different and it behaves differently
> and if you need to do what you're trying to do, you should buy an M or MX
> series."
> 
> It's quite unfortunate. I'd really like for the SRX series to not be so 
> crippled for
> my purposes.


Do you have an example of this crippledness?

--
Leigh


__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__

facebook ipv6 is down?

[Ido Szargel]

Hi,

 

It seems that on the last 3 hours facebook isn't available via ipv6, when
tracing from HE I don't even get to FB network, only as far as Ashburn on
their network,

When tracing from nl-ix I get to facebook network but the trace stops

 

traceroute6 -I www.v6.facebook.com

traceroute to www.v6.facebook.com (2620:0:1cfe:face:b00c:0:3:0), 30 hops
max, 40 byte packets

1  2a01:1b0:705::f (2a01:1b0:705::f)  3.858 ms  3.744 ms  3.504 ms

2  bit.telecity2.nlsix.net (2001:7f8:13::a501:2859:2)  2.133 ms  2.061 ms
1.923 ms

3  br01.ams1.tfbnw.net (2001:7f8:1::a503:2934:1)  3.276 ms  3.159 ms  3.000
ms

4  ae28.bb02.iad1.tfbnw.net (2620:0:1cff:dead:beef::485)  90.835 ms  91.009
ms  90.953 ms

5  ae12.bb02.sjc1.tfbnw.net (2620:0:1cff:dead:beef::85)  160.883 ms  160.820
ms  160.897 ms

6  ae2.pr01.sjc1.tfbnw.net (2620:0:1cff:dead:beef::10)  152.688 ms  152.638
ms  152.890 ms

7  * * *

8  * * *

9  * * *

10  * * *

 

Is anyone else having the same issue?

 

Thanks,

Ido



smime.p7s
Description: S/MIME cryptographic signature