Re: [j-nsp] Collapsed MPLS CE/PE/P configuration

2015-12-21 Thread Aaron
Darn, I hate when word-wrap does that ... I'll try again... this makes L3VPN work for me on a PE... set interfaces ge-0/0/47 mtu 9192 set interfaces ge-0/0/47 unit 0 family inet address 10.101.14.118/30 set interfaces ge-0/0/47 unit 0 family mpls set interfaces lo0 unit 0 family inet address 1

Re: [j-nsp] Collapsed MPLS CE/PE/P configuration

2015-12-21 Thread Aaron
Maybe this will help... this makes L3VPN work for me on a PE... set interfaces ge-0/0/47 mtu 9192 set interfaces ge-0/0/47 unit 0 family inet address 10.101.14.118/30 set interfaces ge-0/0/47 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.101.12.245/32 set interfaces lo0 unit

Re: [j-nsp] Collapsed MPLS CE/PE/P configuration

2015-12-21 Thread Matthew Crocker
Thanks Phil & Hugo, I figured it out and have a working config now. CROCKER-VOIP { instance-type vrf; interface ae0.301; interface ae0.302; route-distinguisher A.B.C.137:13; vrf-target target:7849L:13; vrf-table-label; } The issue wasn’t the VRF config at all. The iss

Re: [j-nsp] Collapsed MPLS CE/PE/P configuration

2015-12-21 Thread Hugo Slabbert
The original config also doesn't show any of your BGP config from inet.0, so it's hard to say what's missing. IIRC, if you have vrf-target, you don't need vrf-export: vrf-export export-direct; vrf-target target:7849:13; If you want to do explicit export policy via vrf-export, I believe

Re: [j-nsp] juniper hack news

2015-12-21 Thread Hugo Slabbert
Does this affect any other juniper gear ? Not as of this moment, no. It's limited to ScreenOS. -- Hugo h...@slabnet.com: email, xmpp/jabber PGP fingerprint (B178313E): CF18 15FA 9FE4 0CD1 2319 1D77 9AB1 0FFD B178 313E (also on Signal) On Mon 2015-Dec-21 10:45:04 -0600, Aaron wrote: Y'all

[j-nsp] juniper hack news

2015-12-21 Thread Aaron
Y'all know anything about this ? Folks in my organization are concerned. It seems to be that it only affects certain versions of Juniper Netscreen ScreenOS. Does this affect any other juniper gear ? http://kb.juniper.net/InfoCenter/index?page=content

Re: [j-nsp] SRX performance

2015-12-21 Thread Payam Chychi
I have some test results from my own performance testing with both small and large side pkts, ill send them over later today ... Currently pushing 300mbps (450-500 mbps spikes) mix traffic with no problems. Should be noted that i am only using ospf + fw policy, no ipsec/ids/layer7 filters --

Re: [j-nsp] SRX performance

2015-12-21 Thread Brad Fleming
In our testing ~3years ago the SRX240H1 with RAM upgrade it seemed the device performed fine at 180Kpps total. After that point we started seeing jitter. At ~190Kpps we started seeing out-of-orders and even some completely dropped packets. Our test was using a single firewall policy passing traf

Re: [j-nsp] Collapsed MPLS CE/PE/P configuration

2015-12-21 Thread Phil Mayers
On 21/12/15 15:42, Matthew Crocker wrote: A ‘show run bgp sum’bgp.l3vpn.0 with 0 routes That's what you want to focus on. Check the output of "show bgp nei" to ensure the inet-vpn-unicast is *actually* present on "NLRI for this session"; if not then correct this. Remember if you're us

[j-nsp] Collapsed MPLS CE/PE/P configuration

2015-12-21 Thread Matthew Crocker
Hello, I have 3 MX series routers connected via 3 10G circuits A - B - C -A. OSPD, MPLS, RSVP, LDP are all running inet-vpn any configured on the BGP groups I’m trying to build a routing-instance on MX-A & MX -B with some local interfaces and then have the two routing-instances be able

Re: [j-nsp] SRX performance

2015-12-21 Thread Phil Mayers
On 20/12/15 14:16, harbor235 wrote: Can anyone share real world SRX performance? ?I am looking at the SRX220 or SRX240 for a small website ~150-200Mbps in a co-location environment. The performance charts state the SRX220 can do 300Mbps with a mix of traffic and up to 900Mbps with mostly large p

Re: [j-nsp] NETCONF in Junos

2015-12-21 Thread Martin T
Thanks! Martin On 12/21/15, Matt Bernstein via juniper-nsp wrote: > On 21/12/2015 08:57, Martin T wrote: >> Thanks! So as I understand, the general idea is that it doesn't matter >> much for Junos if the command is executed in the CLI or from the >> remote(management server) NETCONF manager, i.

Re: [j-nsp] NETCONF in Junos

2015-12-21 Thread Matt Bernstein via juniper-nsp
On 21/12/2015 08:57, Martin T wrote: Thanks! So as I understand, the general idea is that it doesn't matter much for Junos if the command is executed in the CLI or from the remote(management server) NETCONF manager, i.e. Junos is basically built around the NETCONF? However, local calls(for exampl

Re: [j-nsp] NETCONF in Junos

2015-12-21 Thread Martin T
Thanks! So as I understand, the general idea is that it doesn't matter much for Junos if the command is executed in the CLI or from the remote(management server) NETCONF manager, i.e. Junos is basically built around the NETCONF? However, local calls(for example if one executes "show version" in Jun