Re: Documentation on generating IOS-XR prefix and as path sets with rtconfig

[Job Snijders]

On Fri, Feb 19, 2016 at 01:31:06AM +, courtneysm...@comcast.net wrote:
> Can anyone point me to examples of using rtconfig to generate IOS-XR
> configs? Specifically prefix and as-path sets. My Google skills are
> coming up short. The man page for rtconfig does not mention IOS-XR but
> it is supposedly supported. I get no farther than 'rtconfig -config
> ciscoxr'. 

I suggest you look at bgpq3 [1] instead, bgpq3 has support for IOS XR
prefix-sets & as-path-sets. You could look into using napalm [2] to
upload the resulting configurations to your routers.

Kind regards,

Job

[1]: https://github.com/snar/bgpq3
[2]: https://github.com/napalm-automation/napalm

Documentation on generating IOS-XR prefix and as path sets with rtconfig

[courtneysmith]

Can anyone point me to examples of using rtconfig to generate IOS-XR configs? 
Specifically prefix and as-path sets. My Google skills are coming up short. The 
man page for rtconfig does not mention IOS-XR but it is supposedly supported. I 
get no farther than 'rtconfig -config ciscoxr'. 

Thanks. 

Re: Eyeball Networks and DNS (was: Re: Xfinity stale DNS)

[Mark Andrews]

We define a new DNS opcode FLUSH and a EDNS FLUSH option.

The recursive server send a FLUSH option with a 64 bit cookie
computed from a client secret, the server address and zone the QNAME
is being looked up in.

The answering server stores these along with arrival address provided
they arrive over TCP or with a valid EDNS Server Cookie flushing
them after X seconds or on a LRU basis if they are consuming too
many resources.  Answers to this query are also capped at X seconds.

This means there has been a 3 way handshake to get put onto the
list initially.  A server can only flush namespace it has returned
answers for.

When a flush needs to occur a FLUSH message with the namespace to
be flushed is sent to each server in the list with the EDNS FLUSH
option that was recorded using the source address address recorded
with it.  If the EDNS FLUSH option verifies (stripping labels to
get the matching domain name used to generate the cookie) then the
server flushes the namespace and generates downstream FLUSH messages
using its list of clients.

Mark

In message <1993603000.201301.1455806695384.javamail.zim...@baylink.com>, "Jay 
R. Ashworth" writes:
> - Original Message -
> > From: "Chris Garrett" 
> 
> > An inadvertent DNS change was made on one of our domains yesterday. While t
> he
> > rest of the ISP world seems to be working correctly after propagation for t
> he
> > fix, I can not get Comcast / Xfinity to clear the stale records.
> > 
> > Anyone have suggestions or experience in moving them along?
> 
> This has been a not altogether infrequent request for a couple decades,
> all the way back to the time when I was the one who got bit in 96, and a
> *phone call to NetSol* was the prescription.  :-)
> 
> But -- especially in a world where the people who operate eyeball network
> DNS customer resolver servers hold the shape of the Internet in their hands,
> and have been known to monkey with it (by, eg, flooring TTLs on records to
> times much longer than you set, simply to reduce their own machine load) --
> am I the only one who thinks that it might be time for a more formal solution
> to this problem?
> 
> Certainly the technology isn't *that* hard to manage/deploy/invent at this 
> late date...
> 
> Cheers,
> -- jra
> -- 
> Jay R. Ashworth  Baylink   j...@baylink.co
> m
> Designer The Things I Think   RFC 210
> 0
> Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DI
> I
> St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 127
> 4
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: RBL resource to check entire netblock

[Eric Oosting]

On Thu, Feb 18, 2016 at 12:46 PM, greg whynott 
wrote:

> Team NANOG,
>
> I will summarize once I get to looking at things.   This isn't an immediate
> need but with that said I expect to start on it next week.   I may not
> evaluate all of them but what I do try I will share.
>
> My next challenge is finding a router that will forward on 4 x 1 gig
> interfaces (2 inside 2 outside) for less than 30k...
>

Without knowing much about your requirements I can say that the edgerouter
pro from ubiquiti doesn't suck, and is fantastic for the price. Cheap
enough to self spare, and

-e


>
> -greg
>
>
>
> On Wed, Feb 17, 2016 at 1:32 PM, Roberto Alvarado 
> wrote:
>
> > You can try this script:
> >
> > https://github.com/DjinnS/check-rbl
> >
> >
> > -i,--ip The IP or subnet to check
> >
> > I’m using it to check my subnets
> >
> >
> > Roberto
> >
> >
> >
> >
> >
> > > On Feb 17, 2016, at 15:25, Bernd Spiess 
> wrote:
> > >
> > >> I find many sites where you can enter 1 IP to
> > >> do a check but they don't seem to accept subnets to check.
> > >
> > > Maybe this is a help?
> > > https://www.senderbase.org/
> > >
> > > Bernd
> >
> >
>

Re: RBL resource to check entire netblock

[Christopher Morrow]

On Thu, Feb 18, 2016 at 12:46 PM, greg whynott  wrote:
> Team NANOG,
>
> I will summarize once I get to looking at things.   This isn't an immediate
> need but with that said I expect to start on it next week.   I may not
> evaluate all of them but what I do try I will share.
>
> My next challenge is finding a router that will forward on 4 x 1 gig
> interfaces (2 inside 2 outside) for less than 30k...
>

Ubiquiti Networks ERPro8. 349 from your friendly amazon dealer... buy
2 so you have a spare.

> -greg
>
>
>
> On Wed, Feb 17, 2016 at 1:32 PM, Roberto Alvarado 
> wrote:
>
>> You can try this script:
>>
>> https://github.com/DjinnS/check-rbl
>>
>>
>> -i,--ip The IP or subnet to check
>>
>> I’m using it to check my subnets
>>
>>
>> Roberto
>>
>>
>>
>>
>>
>> > On Feb 17, 2016, at 15:25, Bernd Spiess  wrote:
>> >
>> >> I find many sites where you can enter 1 IP to
>> >> do a check but they don't seem to accept subnets to check.
>> >
>> > Maybe this is a help?
>> > https://www.senderbase.org/
>> >
>> > Bernd
>>
>>

Re: -48DC electrical supply

[Jason Bothe]

Make sure you get wire rated for 90°C at a minimum.  Telcoflex or cobra wire is 
good. 

Jason Bothe, Manager of Networking
Rice University
o  +1 713 348 5500
m +1 713 703 3552

Sent from mobile

> On Feb 18, 2016, at 14:15, Daniel Corbe  wrote:
> 
> Where do you guys get your supplies (wire, connectors, tools) for -48VDC 
> stuff?
> 
> 

Re: -48DC electrical supply

[Josh Baird]

For DC 'stuff' in general (wires, fuses, distribution, etc), I use
alliedelectronics.com.

On Thu, Feb 18, 2016 at 2:15 PM, Daniel Corbe 
wrote:

> Where do you guys get your supplies (wire, connectors, tools) for -48VDC
> stuff?
>
>

Re: -48DC electrical supply

[Bob Evans]

I use auto parts stores, if the current isn't much. Your typical thick
gauge battery cable can carry quite a bit and auto part stores are
everywhere.

Thank You
Bob Evans
CTO




> Where do you guys get your supplies (wire, connectors, tools) for -48VDC
> stuff?
>
>

RE: -48DC electrical supply

[Naslund, Steve]

Graybar electric or Anixter.  They can supply any of that stuff.  There is not 
much specific about -48 VDC, just copper lugs, taps, and wire of the correct 
type and gage and you should be good to go.  For tools from those suppliers I 
recommend both Amp and Thomas & Betts as reputable.  The tooling is costly but 
mil-spec stuff often is and is often required for central office work.

Steven Naslund
Chicago IL



-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Daniel Corbe
Sent: Thursday, February 18, 2016 2:15 PM
To: NANOG
Subject: -48DC electrical supply

Where do you guys get your supplies (wire, connectors, tools) for -48VDC stuff?

-48DC electrical supply

[Daniel Corbe]

Where do you guys get your supplies (wire, connectors, tools) for -48VDC stuff?

Re: RBL resource to check entire netblock

[greg whynott]

Team NANOG,

I will summarize once I get to looking at things.   This isn't an immediate
need but with that said I expect to start on it next week.   I may not
evaluate all of them but what I do try I will share.

My next challenge is finding a router that will forward on 4 x 1 gig
interfaces (2 inside 2 outside) for less than 30k...

-greg



On Wed, Feb 17, 2016 at 1:32 PM, Roberto Alvarado 
wrote:

> You can try this script:
>
> https://github.com/DjinnS/check-rbl
>
>
> -i,--ip The IP or subnet to check
>
> I’m using it to check my subnets
>
>
> Roberto
>
>
>
>
>
> > On Feb 17, 2016, at 15:25, Bernd Spiess  wrote:
> >
> >> I find many sites where you can enter 1 IP to
> >> do a check but they don't seem to accept subnets to check.
> >
> > Maybe this is a help?
> > https://www.senderbase.org/
> >
> > Bernd
>
>

Re: Cisco ASR9010 vs Juniper MX960

[David Bass]

I don't think I'd trust any vendor's "ISSU" to be completely without 
impact...been more of a marketing term from my experience...



> On Feb 18, 2016, at 10:51 AM, Nick Hilliard  wrote:
> 
> Jason Bothe wrote:
>> The 9k does however get a huge win with the ability to apply a ‘pie’
>> or software patch while staying in service vs requiring a reload.
> 
> SMUs are often "hitless", which is to say, "hitless" with scary quotes.
> What this means in practice is that the SMU itself might be hitless but
> it will depend on 47 other SMUs, thereby almost guaranteeing some form
> of reload.  Also, restarting processes is "hitless" (e.g. restarting
> bgpd, ospfd, etc) or shutting down interfaces.
> 
> E.g.:
> 
> CSCuo47663: "Hitless/Optional SMU,aigp metric different in RIB & BGP
> table".  This will restart the bgp process.
> 
> CSCus26923: "traffic from SIP700 to 9000v is dropped when a link to
> 9000v flaps".  Release notes state that the issue is not service
> impacting, then "After the SMU installation , we need to apply
> shut/noshut of the problematic interface to trigger the hardware
> programming."  Wuh??
> 
> In other words, "hitless" does not mean "not service impacting".
> 
> Nick

Re: Cisco ASR9010 vs Juniper MX960

[Jared Mauch]

> On Feb 18, 2016, at 10:51 AM, Nick Hilliard  wrote:
> 
> In other words, "hitless" does not mean "not service impacting".

I would assume any SMU impacts traffic and requires a reboot or a line card 
reset.  There are types of SMUs that touch low level parts and require a 
reboot, in which case I’ve often told Cisco they should just rev the release 
number.

Solving SMU dependencies is sometimes impossible.  Right now the 5.3.3 SMU set 
posted on CCO can’t be installed with any of their automation/tools.  We are 
waiting for Cisco to provide a fix.  I’m not holding my breath.

- Jared

Re: Cisco ASR9010 vs Juniper MX960

[Nick Hilliard]

Jason Bothe wrote:
> The 9k does however get a huge win with the ability to apply a ‘pie’
> or software patch while staying in service vs requiring a reload.

SMUs are often "hitless", which is to say, "hitless" with scary quotes.
 What this means in practice is that the SMU itself might be hitless but
it will depend on 47 other SMUs, thereby almost guaranteeing some form
of reload.  Also, restarting processes is "hitless" (e.g. restarting
bgpd, ospfd, etc) or shutting down interfaces.

E.g.:

CSCuo47663: "Hitless/Optional SMU,aigp metric different in RIB & BGP
table".  This will restart the bgp process.

CSCus26923: "traffic from SIP700 to 9000v is dropped when a link to
9000v flaps".  Release notes state that the issue is not service
impacting, then "After the SMU installation , we need to apply
shut/noshut of the problematic interface to trigger the hardware
programming."  Wuh??

In other words, "hitless" does not mean "not service impacting".

Nick

Re: Congrats to SMB!

[Royce Williams]

On Thu, Feb 18, 2016 at 5:40 AM, Jay R. Ashworth  wrote:
> Let me be, apparently, the first to extend congratulations to long time
> NANOGer, Columbia CS professor, security researcher, and co-inventor of
> Usenet -- does anybody remember Usenet? :-) -- Steven M. Bellovin, who,
> it was announced yesterday, has become the first actual, y'know, technical
> person appointed to the Privacy and Civil Liberties Oversight Board, the
> White House organization formed over a decade ago to oversee the NSA in
> light of its bulk data collection activities WRT US citizens.

Hear, hear!

[snip]

> Steve's latest book is the second edition of _Firewalls And Internet Security:
> Repelling the Wily Hacker_; more info including links to buy are here:
>
>   http://www.wilyhacker.com/
>
> For poor but smart people, note that there's a link there to the full text of 
> the
> first edition; while much of it has been overrun by events, there's still a 
> lot of
> good material there.

Minor correction: Steve's latest book is _Thinking Security_ (Nov
2015).  Pretty great so far.

Royce

Re: Cisco ASR9010 vs Juniper MX960

[Saku Ytti]

On 18 February 2016 at 15:45, Colton Conor  wrote:

Hey,

> I would like opinions of the differences between these two platforms if
> possible.

Summary, I think MX is better HW and SW right now.




Warning, rant incoming.






I liked ASR9k lot more before I needed to run it. On paper IOS-XR is
superior to JunOS, JunOS is old fashioned non-pre-emptive,
run-to-completion. In theory this is most efficient way to run code,
but in practice it means programmer needs to be hyper aware how long
any bit of code they are writing may execute, if they get it wrong,
and don't yield manually, simple things like parsing community list
while doing commit may cause IGP flap.

IOS-XR otoh has multiple processes scheduled either by QNX or Linux,
which means programmer does need to be so careful, Linux can pre-empt
the process and run something more important.
However, with this distribution comes problem of IPC, sharing-state in
fast and economical manner, and I believe IOS-XR has dropped the ball
here, I don't know if it's even possible to solve today, it is
probably a very hard problem. This is just speculation, but I feel
like Cisco underestimated the problem, and instead of rethinking
infrastructure, they are duplicating state in efforts to keep
performance acceptable, as IPC cannot be made fast enough. All this
adds complexity which adds bugs.

So in practice, I believe JunOS to be currently the better system. But
IOS-XR 6 may show some light behind the tunnel, unsure yet. (Isn't
this always the case, in two years time, everything will be great)



For hardware, ASR9k have trident and typhoon generation, which are
Israeli EZChip (since acquired) NPUs, and now tomahawk which is
completely different NPU. Juniper MX has DPCE and Trio, from microcode
POV both have two generations, but you can't buy anymore DPCE it's
very old, so all MX systems really are Trio only, which means JNPR
only needs to develope features once for single NPU generation. Cisco
needs to do it twice and operator needs to learn two platforms to
troubleshoot, and there is feature disparity with troubleshooting
commands.
I also believe that Trio NPU is better NPU than EZchip or the one in
Typhoon, they atypically have succeeded doing all lookups (FIB and
ALC) in RLDRAM, instead of TCAM which is easier to pull off but more
expensive. Trio can do more in HW, like fragmentation, can look deeper
in packet. Lot of flexibility is exposed to operator, like ability to
arbitrary firewall filters by checking specific bit-positions.
For multicast ASR9k is better, as it can replicate in fabric, where as
in MX replication is done by linecard, either binary or unary. But
this really is relevant unless you actually have large volume of
multicast replicated to many ports.

For troubleshooting/instrumentation, for some things MX is better,
like packet-via-dmem capture for all transit packets is god-sent. But
ASR9k has far more NPU counters for various drop/punt/limit
conditions, which most can be capture (at cost of stopping forwarding
for a moment). Most of the stuff in ASR9k is very new or just coming,
while MX has had sufficient instrumentation for years. ASR9k team is
focusing on this and lot of good stuff is in pipeline, which may make
ASR9k instrumentation better  on the long run.

IOS-XR does not have any guaranteed machine parseable presentation of
data, in JunOS every command can be outputted as high quality XML. In
IOS-XR this is rarely possible, and even when it is, there is no
strong relation CLI, and often the actual output is just single
string-blob, so using it is no better than screee-scraping. JunOS
inherently will have this XML, much like TimOS would inherently have
SNMP presentation of data.
I don't imagine this being solved any time soon, because it's very
fundamental infrastructure issue. What is our truth source? Truth
source should be single presentation, out of which both CLI/XML/YANG
is extracted, so that there simply is no possibility of de-sync.

Lot of the stuff Cisco wanted to solve from Classic IOS are actually
worse in IOS-XR. Software management is worse, yeah you have SMUs but
managing them is a nightmare and most of them are reload or routign
flap anyhow, so it does not really help you. I actually prefer
managing Classic IOS software than XR. Most of the time we need to
upgrade, we need to do it because HW isn't supported. JunOS has
figured this out correctly as well, by having hardware abstraction
layer they can in-service add 'JAM' or new support for new hardware,
without changing the software.

For control-plane protection IOS-XR has pretty solid idea in 'LPTS',
the platform should know what is to be punted and what not, so why not
automatically program ACLs and policers for that stuff. It works
somewhat well, better than JunOS out-of-the-box. But for operator who
knows what they are doing, JunOS can be protected much, much better.
'LPTS' only has single policer for specific traffic-class, like
'BGP-known', if this is offended, all

Eyeball Networks and DNS (was: Re: Xfinity stale DNS)

[Jay R. Ashworth]

- Original Message -
> From: "Chris Garrett" 

> An inadvertent DNS change was made on one of our domains yesterday. While the
> rest of the ISP world seems to be working correctly after propagation for the
> fix, I can not get Comcast / Xfinity to clear the stale records.
> 
> Anyone have suggestions or experience in moving them along?

This has been a not altogether infrequent request for a couple decades,
all the way back to the time when I was the one who got bit in 96, and a
*phone call to NetSol* was the prescription.  :-)

But -- especially in a world where the people who operate eyeball network
DNS customer resolver servers hold the shape of the Internet in their hands,
and have been known to monkey with it (by, eg, flooring TTLs on records to
times much longer than you set, simply to reduce their own machine load) --
am I the only one who thinks that it might be time for a more formal solution
to this problem?

Certainly the technology isn't *that* hard to manage/deploy/invent at this 
late date...

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Congrats to SMB!

[Jay R. Ashworth]

Let me be, apparently, the first to extend congratulations to long time 
NANOGer, Columbia CS professor, security researcher, and co-inventor of 
Usenet -- does anybody remember Usenet? :-) -- Steven M. Bellovin, who, 
it was announced yesterday, has become the first actual, y'know, technical
person appointed to the Privacy and Civil Liberties Oversight Board, the 
White House organization formed over a decade ago to oversee the NSA in 
light of its bulk data collection activities WRT US citizens.

A Wired piece, with Steve's new resume photo, is here:

  
http://www.wired.com/2016/02/the-presidents-nsa-advisory-board-finally-gets-a-tech-expert/

and Steve's altogether excellent blog, which I read way too infrequently,
is here:

  https://www.cs.columbia.edu/~smb/blog/control/

Steve always has interesting stuff to say; it's nice to know that now...
well, there's no way I can phrase this compliment without being accidentally
insulting.  So I'll shut up now.  :-)

==

Steve's latest book is the second edition of _Firewalls And Internet Security:
Repelling the Wily Hacker_; more info including links to buy are here:

  http://www.wilyhacker.com/

For poor but smart people, note that there's a link there to the full text of 
the
first edition; while much of it has been overrun by events, there's still a lot 
of
good material there.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: Cisco ASR9010 vs Juniper MX960

[Josh Reynolds]

Yeah, you might look into that. We're about to put 3 x MX960s in service
and with GRES and NSR we are not dropping traffic when taking the master RE
down.
On Feb 18, 2016 8:05 AM, "Jason Bothe"  wrote:

> We have run into issues with GRES, and I think its an issue with the RE we
> have.  I don’t actually perform the tasks so it may or may not be as big of
> an issue as I initially stated.
>
>
>
> Jason Bothe, Manager of Networking
> Rice University
>o   +1 713 348 5500
>m  +1 713 703 3552
>   ja...@rice.edu 
>
> On 18, Feb 2016, at 7:59 AM, Josh Reynolds  wrote:
>
> With GRES, can't you simply set the master RE as backup, apply firmware,
> then switch back to master and upgrade the backup RE?
> On Feb 18, 2016 7:57 AM, "Jason Bothe"  wrote:
>
>> We have both and they’re both great boxes, however it’s sort of
>> embarrassing that the ASR9k still can’t do virtualized routing, ie.
>> logical-systems.  Not sure if thats a deal breaker for you but just thought
>> you’d like to beware.  We also find OS configurations on the Juniper much
>> easier than the cumbersome  XR OS that the Cisco runs.  The 9k does however
>> get a huge win with the ability to apply a ‘pie’ or software patch while
>> staying in service vs requiring a reload.   Either way, I don’t think
>> you’ll go wrong.
>>
>>
>> J~
>>
>>
>> Jason Bothe, Manager of Networking
>> Rice University
>>o   +1 713 348 5500
>>m  +1 713 703 3552
>>   ja...@rice.edu > a...@rice.edu>
>> > On 18, Feb 2016, at 7:45 AM, Colton Conor 
>> wrote:
>> >
>> > I would like opinions of the differences between these two platforms if
>> > possible.
>> >
>> > I was going to buy a used Juniper MX960 Router MX960-PREMIUM2-AC-ECM
>> with
>> > 2 x RE-S-1800X4-16G  and 3 x SCBE-MX-S. Then I was going to load this up
>> > with a couple of older DPCE-R-4XGE-XFP 4x10GE DPC Enhanced cards.
>> >
>> > Now Cisco has offered me a new ASR9010 with dual ASR9K Route Switch
>> > Processor with 440G/slot Fabric and 6GB, and two 4X10GE / 16X1G Combo
>> > Linecard, Packet Transport Optimized for about the same price as the
>> used
>> > Juniper. The only catch is the Cisco's support and warranty looks
>> > very expensive per year, but that's hard to compare since a used Juniper
>> > has zero support and warranty included.
>> >
>> >
>> > If these were both brand new with support and warranty which would you
>> > choose? If it were the used Juniper vs new Cisco which would you choose?
>> >
>> > I know Juniper makes newer MIC cards that probably better compete with
>> > these Cisco cards, but that is not option due to price.
>> >
>> > New, Juniper wants to sell me a MX104 for the same price that I can get
>> > this Cisco ASR9010. I think that is a no brainer to go with the ASR at
>> that
>> > point. I asked for new pricing on a MX240/480/960, but that was not even
>> > close to the ASR9010 numbers.
>> >
>> > I can also buy two ASR 9001's for the same price and as the single
>> ASR9010.
>> >
>>
>>
>

Re: Cisco ASR9010 vs Juniper MX960

[Jason Bothe]

We have run into issues with GRES, and I think its an issue with the RE we 
have.  I don’t actually perform the tasks so it may or may not be as big of an 
issue as I initially stated.



Jason Bothe, Manager of Networking
Rice University
   o   +1 713 348 5500
   m  +1 713 703 3552
  ja...@rice.edu 
> On 18, Feb 2016, at 7:59 AM, Josh Reynolds  wrote:
> 
> With GRES, can't you simply set the master RE as backup, apply firmware, then 
> switch back to master and upgrade the backup RE?
> 
> On Feb 18, 2016 7:57 AM, "Jason Bothe"  > wrote:
> We have both and they’re both great boxes, however it’s sort of embarrassing 
> that the ASR9k still can’t do virtualized routing, ie. logical-systems.  Not 
> sure if thats a deal breaker for you but just thought you’d like to beware.  
> We also find OS configurations on the Juniper much easier than the cumbersome 
>  XR OS that the Cisco runs.  The 9k does however get a huge win with the 
> ability to apply a ‘pie’ or software patch while staying in service vs 
> requiring a reload.   Either way, I don’t think you’ll go wrong.
> 
> 
> J~
> 
> 
> Jason Bothe, Manager of Networking
> Rice University
>o   +1 713 348 5500 
> 
>m  +1 713 703 3552 
> 
>   ja...@rice.edu  
> >
> > On 18, Feb 2016, at 7:45 AM, Colton Conor  > > wrote:
> >
> > I would like opinions of the differences between these two platforms if
> > possible.
> >
> > I was going to buy a used Juniper MX960 Router MX960-PREMIUM2-AC-ECM with
> > 2 x RE-S-1800X4-16G  and 3 x SCBE-MX-S. Then I was going to load this up
> > with a couple of older DPCE-R-4XGE-XFP 4x10GE DPC Enhanced cards.
> >
> > Now Cisco has offered me a new ASR9010 with dual ASR9K Route Switch
> > Processor with 440G/slot Fabric and 6GB, and two 4X10GE / 16X1G Combo
> > Linecard, Packet Transport Optimized for about the same price as the used
> > Juniper. The only catch is the Cisco's support and warranty looks
> > very expensive per year, but that's hard to compare since a used Juniper
> > has zero support and warranty included.
> >
> >
> > If these were both brand new with support and warranty which would you
> > choose? If it were the used Juniper vs new Cisco which would you choose?
> >
> > I know Juniper makes newer MIC cards that probably better compete with
> > these Cisco cards, but that is not option due to price.
> >
> > New, Juniper wants to sell me a MX104 for the same price that I can get
> > this Cisco ASR9010. I think that is a no brainer to go with the ASR at that
> > point. I asked for new pricing on a MX240/480/960, but that was not even
> > close to the ASR9010 numbers.
> >
> > I can also buy two ASR 9001's for the same price and as the single ASR9010.
> >
> 

Re: Cisco ASR9010 vs Juniper MX960

[Josh Reynolds]

With GRES, can't you simply set the master RE as backup, apply firmware,
then switch back to master and upgrade the backup RE?
On Feb 18, 2016 7:57 AM, "Jason Bothe"  wrote:

> We have both and they’re both great boxes, however it’s sort of
> embarrassing that the ASR9k still can’t do virtualized routing, ie.
> logical-systems.  Not sure if thats a deal breaker for you but just thought
> you’d like to beware.  We also find OS configurations on the Juniper much
> easier than the cumbersome  XR OS that the Cisco runs.  The 9k does however
> get a huge win with the ability to apply a ‘pie’ or software patch while
> staying in service vs requiring a reload.   Either way, I don’t think
> you’ll go wrong.
>
>
> J~
>
>
> Jason Bothe, Manager of Networking
> Rice University
>o   +1 713 348 5500
>m  +1 713 703 3552
>   ja...@rice.edu  >
> > On 18, Feb 2016, at 7:45 AM, Colton Conor 
> wrote:
> >
> > I would like opinions of the differences between these two platforms if
> > possible.
> >
> > I was going to buy a used Juniper MX960 Router MX960-PREMIUM2-AC-ECM with
> > 2 x RE-S-1800X4-16G  and 3 x SCBE-MX-S. Then I was going to load this up
> > with a couple of older DPCE-R-4XGE-XFP 4x10GE DPC Enhanced cards.
> >
> > Now Cisco has offered me a new ASR9010 with dual ASR9K Route Switch
> > Processor with 440G/slot Fabric and 6GB, and two 4X10GE / 16X1G Combo
> > Linecard, Packet Transport Optimized for about the same price as the used
> > Juniper. The only catch is the Cisco's support and warranty looks
> > very expensive per year, but that's hard to compare since a used Juniper
> > has zero support and warranty included.
> >
> >
> > If these were both brand new with support and warranty which would you
> > choose? If it were the used Juniper vs new Cisco which would you choose?
> >
> > I know Juniper makes newer MIC cards that probably better compete with
> > these Cisco cards, but that is not option due to price.
> >
> > New, Juniper wants to sell me a MX104 for the same price that I can get
> > this Cisco ASR9010. I think that is a no brainer to go with the ASR at
> that
> > point. I asked for new pricing on a MX240/480/960, but that was not even
> > close to the ASR9010 numbers.
> >
> > I can also buy two ASR 9001's for the same price and as the single
> ASR9010.
> >
>
>

Re: Cisco ASR9010 vs Juniper MX960

[Jason Bothe]

We have both and they’re both great boxes, however it’s sort of embarrassing 
that the ASR9k still can’t do virtualized routing, ie. logical-systems.  Not 
sure if thats a deal breaker for you but just thought you’d like to beware.  We 
also find OS configurations on the Juniper much easier than the cumbersome  XR 
OS that the Cisco runs.  The 9k does however get a huge win with the ability to 
apply a ‘pie’ or software patch while staying in service vs requiring a reload. 
  Either way, I don’t think you’ll go wrong.


J~


Jason Bothe, Manager of Networking
Rice University
   o   +1 713 348 5500
   m  +1 713 703 3552
  ja...@rice.edu 
> On 18, Feb 2016, at 7:45 AM, Colton Conor  wrote:
> 
> I would like opinions of the differences between these two platforms if
> possible.
> 
> I was going to buy a used Juniper MX960 Router MX960-PREMIUM2-AC-ECM with
> 2 x RE-S-1800X4-16G  and 3 x SCBE-MX-S. Then I was going to load this up
> with a couple of older DPCE-R-4XGE-XFP 4x10GE DPC Enhanced cards.
> 
> Now Cisco has offered me a new ASR9010 with dual ASR9K Route Switch
> Processor with 440G/slot Fabric and 6GB, and two 4X10GE / 16X1G Combo
> Linecard, Packet Transport Optimized for about the same price as the used
> Juniper. The only catch is the Cisco's support and warranty looks
> very expensive per year, but that's hard to compare since a used Juniper
> has zero support and warranty included.
> 
> 
> If these were both brand new with support and warranty which would you
> choose? If it were the used Juniper vs new Cisco which would you choose?
> 
> I know Juniper makes newer MIC cards that probably better compete with
> these Cisco cards, but that is not option due to price.
> 
> New, Juniper wants to sell me a MX104 for the same price that I can get
> this Cisco ASR9010. I think that is a no brainer to go with the ASR at that
> point. I asked for new pricing on a MX240/480/960, but that was not even
> close to the ASR9010 numbers.
> 
> I can also buy two ASR 9001's for the same price and as the single ASR9010.
> 

Cisco ASR9010 vs Juniper MX960

[Colton Conor]

I would like opinions of the differences between these two platforms if
possible.

I was going to buy a used Juniper MX960 Router MX960-PREMIUM2-AC-ECM with
 2 x RE-S-1800X4-16G  and 3 x SCBE-MX-S. Then I was going to load this up
with a couple of older DPCE-R-4XGE-XFP 4x10GE DPC Enhanced cards.

Now Cisco has offered me a new ASR9010 with dual ASR9K Route Switch
Processor with 440G/slot Fabric and 6GB, and two 4X10GE / 16X1G Combo
Linecard, Packet Transport Optimized for about the same price as the used
Juniper. The only catch is the Cisco's support and warranty looks
very expensive per year, but that's hard to compare since a used Juniper
has zero support and warranty included.


If these were both brand new with support and warranty which would you
choose? If it were the used Juniper vs new Cisco which would you choose?

I know Juniper makes newer MIC cards that probably better compete with
these Cisco cards, but that is not option due to price.

New, Juniper wants to sell me a MX104 for the same price that I can get
this Cisco ASR9010. I think that is a no brainer to go with the ASR at that
point. I asked for new pricing on a MX240/480/960, but that was not even
close to the ASR9010 numbers.

I can also buy two ASR 9001's for the same price and as the single ASR9010.