On 10/30/12 5:49 PM, Pavel Lunin wrote:
"Richard A Steenbergen" wrote:
IMHO multi-chassis boxes are for
people who can't figure out routing protocols
When it comes to ethernet switching, "routing protocols" means what? :)
spanning-tree/trill/l2vpn/NVO and so on.
And the same observation ap
Tried this with 12.2, it took eight seconds to switch over. I
had eight seconds where my traffic was not reaching the next switch.
Typically with the way my network is setup now, I lose maybe one ping when
set to 1s interval, so I can assume 1 second. Seems like quite a bit more
down time associate
Hi Guys,
Could anyone guide on how to configure system login deny-commands for
operational command 'show route community-name' with an empty string
show route community-name ""
I've tried but can't since configuration is already in " syntax
Thanks in advance,
Al
__
It's an EX4500-VC running Junos 11.4r2.14
You can't configure GRES + NSR - they are mutually exclusive right?
Config is attached.
Luca
-Original Message-
From: Doug Hanks [mailto:dha...@juniper.net]
Sent: Wednesday, 31 October 2012 4:27 PM
To: Luca Salvatore; Morgan McLean; EXT - b
Make sure the platform + software + configuration supports GRES + NSR +
NSB and you're good to go.
On 10/30/12 8:58 PM, "Luca Salvatore" wrote:
>Yep I'm aware, but why are my OSPF neighbours going down when one switch
>reboots?
>
>Luca
>
>
>-Original Message-
>From: Doug Hanks [mailto:d
Yep I'm aware, but why are my OSPF neighbours going down when one switch
reboots?
Luca
-Original Message-
From: Doug Hanks [mailto:dha...@juniper.net]
Sent: Wednesday, 31 October 2012 2:42 PM
To: Luca Salvatore; Morgan McLean; EXT - bd...@comlinx.com.au
Cc: juniper-nsp@puck.nether.net
GR is mutually exclusive with NSR.
You want NSR.
On 10/30/12 5:44 PM, "Luca Salvatore" wrote:
>I'm just playing around with this now since I have a few new EX switches
>not in production just yet
>Have a pretty simple setup with two EX4500 in VC connected to another two
>EX4500 in VC mode. I'
I'll upgrade and try it out.
Sent from my iPhone
On Oct 30, 2012, at 6:33 PM, William McLendon wrote:
> NSR was not supported on EX3300s until 12.1 per the release notes, and 12.2
> added NSSU for EX3300s.
>
> I did not see mention of NSB in the release notes, but I have to believe it's
> su
Seriously, routing protocol ain't my problem here.
Sent from my iPhone
On Oct 30, 2012, at 5:49 PM, Pavel Lunin wrote:
> "Richard A Steenbergen" wrote:
>
>> IMHO multi-chassis boxes are for
>> people who can't figure out routing protocols
>
> When it comes to ethernet switching, "routing pr
NSR was not supported on EX3300s until 12.1 per the release notes, and 12.2
added NSSU for EX3300s.
I did not see mention of NSB in the release notes, but I have to believe it's
supported for NSSU to work properly. Unfortunately I do not have access to any
EX3300s to test / confirm.
http://ww
"Richard A Steenbergen" wrote:
>IMHO multi-chassis boxes are for
> people who can't figure out routing protocols
When it comes to ethernet switching, "routing protocols" means what? :)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://pu
I'm just playing around with this now since I have a few new EX switches not in
production just yet
Have a pretty simple setup with two EX4500 in VC connected to another two
EX4500 in VC mode. I'm running OSPF between them.
I rebooted the master member while running a ping an it took around 40
Neither of these two options show up as a configurable flag:
set routing-options nonstop-routing
set ethernet-switching-options nonstop-bridging
I'm running 11.4R2.14 on the ex3300-48t switches.
Granted, right now the VC is broken so maybe it doesn't allow me to
configure it? I can head to the d
Also will need the 'set commit sync' command under the 'edit system'
This is needed for nonstop-bridging
Luca
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Ben Dale
Sent: Wednesday, 31 October 2012 10:31 AM
To: Morg
Hi John,
Did you check by sending the traffic after enabling this configuration? Once
the forwarding entry is created with traffic, it should have the timeout set to
Never for that entry in "show multicast route group extensive" output.
Forwarding entry won't get created until we see the traf
Hi Morgan,
On 31/10/2012, at 9:06 AM, Morgan McLean wrote:
> Can anybody give me an idea regarding typical failover times if the master
> in a two switch pair were to die? The quickest I've seen in my testing with
> EX3300's is 45 seconds, just for L2 forwarding to continue working, no
> routing
Have no split detection, I'll try for the GRES and NSR.
Thanks,
Morgan
On Tue, Oct 30, 2012 at 4:24 PM, Doug Hanks wrote:
> Should be hitless. You need to configure GRES + NSR + no-split-detection.
>
>
> On 10/30/12 4:06 PM, "Morgan McLean" wrote:
>
> >Can anybody give me an idea regarding typ
Should be hitless. You need to configure GRES + NSR + no-split-detection.
On 10/30/12 4:06 PM, "Morgan McLean" wrote:
>Can anybody give me an idea regarding typical failover times if the master
>in a two switch pair were to die? The quickest I've seen in my testing
>with
>EX3300's is 45 seconds
Can anybody give me an idea regarding typical failover times if the master
in a two switch pair were to die? The quickest I've seen in my testing with
EX3300's is 45 seconds, just for L2 forwarding to continue working, no
routing. All the ports drop link as well on the secondary switch while
things
Nilesh,
We're trying this configuration and it's not having the results I
expected. Previously, there would be no entry in "show multicast
route" for a particular group, but there would be an entry in "show
pim join extensive". After implementing the flow map with the timeout
set to never, I would
30.10.2012 01:55, Jonathan Lassoff wrote:
> Specific sources are mapped via NAT rules to specific egress IPs (for
> IP filtering in some places, outside of the SRXes in question).
>
> And once in a while, some endpoint will have a legitimate need to open
> up *many* connections (and then NAT stat
Alex, Hans -- thanks for the pointers.
I was aware of the UTM features, but I'm targeting SRX 3600s and 5600s.
The pointer to the [security screen ids-options] feature looks
promising. Thanks for the tip -- I'll get this labbed out and see what
happens!
Cheers,
jof
On Tue, Oct 30, 2012 at 9:15
You could limit the number of sessions each ip address in your internal
zone can initiate. Here is an example on limiting an ip address in the zone
trust to only be able to create 1 session.
set security screen ids-option session-limit limit-session source-ip-based
1
set security zones sec
On 10/30/2012 5:21 AM, Bjørn Mork wrote:
Yes, I understand what is going on here and I DO NOT APPROVE. I
considere the above a malicious attempt to force me to use software I do
not want to use. It is no better than any other phishing attemt. I was
wondering if I should open a case with JTAC f
David,
thank you for confirming this. There are indeed no "remote" PPM adjacencies:
root@M10i> show ppm adjacencies remote
Adjacencies: 0, Remote adjacencies: 0
root@M10i>
regards,
martin
2012/10/30, david@orange.com :
> Hello,
>
> Not supported. You can see LACP packets punted to the R
Hi,
"Hardware input drops" counter in "show pfe statistics traffic" output
increases rapidly in case one floods router interface with small UDP
datagrams. "Software input medium drops" counter increases as well.
"show pfe statistics traffic" output can be seen below:
root@M10i> show pfe statistic
Hello,
Not supported. You can see LACP packets punted to the RE if you use "monitor
trafic interface xxx" or if you check ppm "remote" adjacencies there is no LACP
adj up at PFE level : show ppm adjacencies remote (hidden cmd)
For exemple on MX you have LACP distributed at PFE :
mymx@mx> sh
Is LACP supported on forwarding plane on M10i? According to "Disabling
Distributed Periodic Packet Management on the Packet Forwarding
Engine"(http://goo.gl/uDwYm) document LACP is supported on packet
forwarding engine only on MX series.
On the other hand, "show pfe statistics traffic" displays L
Bjørn Mork writes:
> Yes, I understand what is going on here and I DO NOT APPROVE. I
> considere the above a malicious attempt to force me to use software I do
> not want to use. It is no better than any other phishing attemt. I was
> wondering if I should open a case with JTAC for this, but I
2200 hundreds
3300,4500 around a thousand
4200 thousands
These should be safe, but again your SE can really help you out here.
On Oct 30, 2012, at 5:36 AM, Emil Katzarski wrote:
Thank yo very much!
I have one more concern about scaling. What would be the maximum number
Firewall Filter terms
Yes, the MX routers are PE.
CE devices at each end will be two EX4500 in VC mode.
One connection from each EX to each MX.
From: Per Granath [per.gran...@gcc.com.cy]
Sent: Tuesday, 30 October 2012 8:46 PM
To: Luca Salvatore; juniper-nsp@puck.nether.net
Subje
Thank yo very much!
I have one more concern about scaling. What would be the maximum number
Firewall Filter terms per system? I mean if I put several big prefix lists
and apply an accept/drop actions on them will it be possible to have a
total of a few thousand entries?
Thanx in advance
On Thu,
Yes, documentation itself maybe be a security risk...
I am more than a bit pissed after attemting to view
http://www.juniper.net/techpubs/en_US/junos12.2/information-products/topic-collections/config-guide-firewall-filter/config-guide-firewall-policer.pdf
Using an open source viewer, all I see i
Are those four MX your PE routers?
Does your CE devices connect to one or two PE routers?
> I have a question regarding dual VPLS links. My topology will look like this:
>
> MX1-darkfibre--MX2
> | |
> |
You can limit flows per individual source IP (not NAT ports) using UTM
https://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/configuration-statement/security-edit-limit.html
You'll need a UTM license.
And if you are doing NAT on branch SRX, UTM is supported only on high-memory
branch
35 matches
Mail list logo