There are no universal rules which apply to sampling. Obviously the more
packets you can capture during a given sample, the better. Determining your
sampling rate depends on a lot of variables. You should start by looking at
the intended application for deployment of sampling. For DDoS
Hi all,
I am thinking about using two EX 4200 as redondant border routers of
my main Internet link.
In this design, I would then need to use BGP with my ISP and OSPF for inside
route redistribution.
Reading the archive, and on my own experience with the product too, i am
looking for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list,
does anybody have the slightest clue about
the availability or hold-up of those boxes?
Our sales representatives are shrugging, MX80
demonstrations are lacking the boxes etc pp.
Make way for the 2010 awards?
Why don't you just get an MX240? They are available and on the market.
On Mon, Jun 21, 2010 at 6:50 AM, Sven Juergensen (KielNET)
s.juergen...@kielnet.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list,
does anybody have the slightest clue about
the availability or hold-up
On Jun 21, 2010, at 4:58 AM, Scott T. Cameron wrote:
Why don't you just get an MX240? They are available and on the market.
Significantly different price structure!
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
I
would use a rewrite rule to modify DSCP on egress, so
that its consistent across platforms.
I still prefer the IOS way, where TOS byte values are re-
written on ingress (I believe we began a small petition for
this capability a year or more back, but it didn't gain any
traction). However, it
On Monday 21 June 2010 06:29:00 pm Laurent HENRY wrote:
Does anyone actually use these features actively with
this platform ?
We once used 2x EX4200-24F's as routers located in the
centre of a core network built to drive a regional operator
conference.
They ran iBGP + IS-IS (IPv6 support
You may want to seek out new sales people, or alternatively, sign an
NDA with Juniper.
David
On 21 June 2010 04:50, Sven Juergensen (KielNET)
s.juergen...@kielnet.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list,
does anybody have the slightest clue about
the
On Mon, Jun 21, 2010 at 12:29:00PM +0200, Laurent HENRY wrote:
Hi all,
I am thinking about using two EX 4200 as redondant border routers of
my main Internet link.
In this design, I would then need to use BGP with my ISP and OSPF for inside
route redistribution.
Reading the
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of Brendan Mannella
Sent: Monday, June 21, 2010 11:20 AM
To: juniper-nsp
Subject: [j-nsp] SRX Config Question
So main issue is the firewall does not seem to allow
Yes that makes sense. And the policy pre srx was like this. But I am
almost positive I read somewhere the srx was different in that the
policy is looked at post NAT and so the private ip should be used.
I will give that a shot though.
Brendan Mannella
TeraSwitch Networks Inc.
Office:
Your rules actually seem fine at a glance. Are those the only rules in your
system? No deny that might otherwise be blocking the traffic? I also
migrated from ScreenOS and ditched all the old catch-all denies that I had
at the bottom of zone policies because they don't work the same way in
Nope, i actually dont see any deny statements at all. Does the system, just
deny everything thats not defined as allowed? Any other thing i should look at?
Brendan Mannella
President and CEO
TeraSwitch Networks Inc.
Office: 412.224.4333 x303
Toll-Free: 866.583.6338
Mobile: 412-592-7848
Efax:
The system does default deny if you haven't specified a default policy
action.
set security policies default-policy permit-all
As far as the policy is concerned, the policy is applied AFTER destination
nat is performed and BEFORE source nat is performed.
What is the output of 'show
I noticed you didn't include all of the nat config.make sure you have
the from-zone configured for the static nat rule-set...
ex.
set security nat static rule-set natting from zone untrust
set security nat static rule-set natting rule 214 match destination-address
111.111.111.214/32
set
I have to double check but i might have missed
set security nat static rule-set natting from zone untrust... I will double
check and update the list.
- Original Message -
From: ben b benboyd.li...@gmail.com
To: Brendan Mannella bmanne...@teraswitch.com
Cc: Scott T. Cameron
the rule-set won't be natting, it'll be whatever rule-set rule 214
exists in
-Ben
On Mon, Jun 21, 2010 at 3:13 PM, Brendan Mannella
bmanne...@teraswitch.comwrote:
I have to double check but i might have missed
set security nat static rule-set natting from zone untrust... I will double
We leverage the EX3200 and 4200's extensively in our network, for edge, core,
and access.
As far as edge (ISP connectivity) we use EX3200's in pairs- each EX3200 has a
separate peer session to each upstream provider, providing redundancy
(high-availability) without merging the two units as one
Just a guess but try ^ $ to match beginning and end with nothing in
between. Or you can match against ^ 1234{0,1} $ which matches the
null as or a single occurrence of only AS 1234 (just insert any unused
AS).
-J Scott
On Mon, Jun 21, 2010 at 3:10 PM, Leah Lynch leah.ly...@clearwire.com wrote:
From: Dan Farrell da...@appliedi.net
Date: Mon, 21 Jun 2010 14:33:50 -0700
Sender: juniper-nsp-boun...@puck.nether.net
With 10.0.S1.1 the only headaches we encounter with our loaded
configuration on a 2-member 4200 stack (~850+ RVI's total, some on
OSPF) is the time it takes for the
Hi,
Everything in the junos doc works as expected and I have tried a lot
of combs, if you are using this procedure to select only local BGP
routes do not forget to reject everything else too, because the
default accept policy in the junos BGP, not sure if this is the
problem.
Below a Juniper
21 matches
Mail list logo
