Re: [j-nsp] 40GbE channel-speed auto negotiation behavior

2017-04-10 Thread Luke Flemington
Yes. JTAC is already aware of the issue. > On 11 Apr 2017, at 02:25, Jonathan Call wrote: > > Anyone had that happen to them before? Should I bother JTAC with it? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman

Re: [j-nsp] ddos protocol protection - IPv4-unclassified

2017-04-10 Thread Saku Ytti
On 11 April 2017 at 00:42, wrote: > Nope ASR9k is using LPTS to cya :) Some problems with LPTS a) LPTS punted packets are not subject to MQC, so you cannot use interface policers to limit say say ICMP, BGP etc b) LPTS only has 'aggregate' (NPU) level policing, ddos-protection has aggregate =>

Re: [j-nsp] ddos protocol protection - IPv4-unclassified

2017-04-10 Thread adamv0025
> Aaron Gould > Sent: Monday, April 10, 2017 5:12 PM > > Junos ddos protect capabilities is new to me. I was pleasantly surprised to > learn about ddos protection in Junos and that it seems to be built-in to Junos > with Trio chip capabilities (like ACX5048 broadcomm-based doesn't seem to > suppo

Re: [j-nsp] FIB size at CFEB-E M7i

2017-04-10 Thread Jeff Meyers
show chassis cfeb0 (or alike) is the most interesting info since it shows the SRAM usage on this very, very old machine. This is what actually limits the number of routes in the FIB. But 96% on the RE is not funny either and a replacement should be scheduled on short notice. Best is to skip the

Re: [j-nsp] FIB size at CFEB-E M7i

2017-04-10 Thread Eduardo Schoedler
Hi Robert, This output is from a M7i: usr@rtr> show version Hostname: rtr Model: m7i Junos: 13.3R8.7 usr@rtr> show route summary Autonomous system number: x Router ID: x.x.x.x inet.0: 641678 destinations, 1301206 routes (641372 active, 19 holddown, 3258 hidden) Restart Complete

[j-nsp] FIB size at CFEB-E M7i

2017-04-10 Thread Robert Hass
Hi What is supported FIB size for M7i router with CFEB-E ? Is it will handle 1M of routes in FIB ? Rob ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] 40GbE channel-speed auto negotiation behavior

2017-04-10 Thread Jonathan Call
I installed multiple QSFP+-40G-SR4 modules into a QFX5100-24Q. Port 5 changed to "break out" mode (i.e. xe-0/0/5:0, 1, 2, 3 instead of et-0/0/5) I tried swapping out QSFP modules and the problem persisted with just that port. I had to manually disable auto negotiation (set chassis fpc 0 pic 0 p

Re: [j-nsp] ddos protocol protection - IPv4-unclassified

2017-04-10 Thread Aaron Gould
Junos ddos protect capabilities is new to me. I was pleasantly surprised to learn about ddos protection in Junos and that it seems to be built-in to Junos with Trio chip capabilities (like ACX5048 broadcomm-based doesn't seem to support ddos protect). In comparison to Cisco IOS-XR ASR9000, I'm pr

Re: [j-nsp] EX3200/4200 ipv6 match conditions in family ethernet-switching

2017-04-10 Thread Phil Mayers
On 10/04/17 15:03, Jason Healy wrote: What's depressing is that it looks like the 2300/3400 are the only EX switches that support any IPv6 on layer 2 filters (Phil, you mentioned the 4300, but the docs list that as unsupported as well). That must be a doc error. We have these working in produc

Re: [j-nsp] flowspec in logical-systems

2017-04-10 Thread Aaron Gould
Thanks Thomas, good info, I'll proceed wiser now. -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX3200/4200 ipv6 match conditions in family ethernet-switching

2017-04-10 Thread Jason Healy
On Apr 10, 2017, at 7:51 AM, Phil Mayers wrote: > > My memory is hazy, but I think we saw the CLI accept but ignore partial v6 > config, same as you are seeing, so I'd guess CLI bug on that score. Ugh. I whipped up a quick filter with anything ipv6 that would commit. I was hopeful for a seco

Re: [j-nsp] ddos protocol protection - IPv4-unclassified

2017-04-10 Thread Saku Ytti
On 10 April 2017 at 09:49, Mark Tees wrote: Hey, > Ytti will probably pop up and comment on this but we have As summoned. > flow-detection configured under global for ddos-protection which > create flows then actions when under DDOS like conditions rather than > hitting static policers. Only a

Re: [j-nsp] EX3200/4200 ipv6 match conditions in family ethernet-switching

2017-04-10 Thread Phil Mayers
On 10/04/17 02:10, Jason Healy wrote: I've been burned plenty of times by the (lack of) IPv6 feature parity, so I'm hoping the list's collective wisdom can save me from a lot of extra testing and phone calls with JTAC... TL;DR: are ANY layer 3 match conditions supported for IPv6 in family ethern

Re: [j-nsp] ddos protocol protection - IPv4-unclassified

2017-04-10 Thread adamv0025
> James Jun > Sent: Monday, April 10, 2017 7:17 AM > > Hello Folks, > > We had a strange DoS attack against a customer attached to an MX104 router > that caused the device to completely stop forwarding all legitimate traffic > (routing protocols both igp and bgp timed out across all adjacencies a

Re: [j-nsp] ddos protocol protection - IPv4-unclassified

2017-04-10 Thread Cahit Eyügünlü
Dear james , Do you face sth. Like that ? http://gorselpaylas.com/image/5 http://gorselpaylas.com/image/7 http://gorselpaylas.com/image/A http://gorselpaylas.com/image/D On 10/04/17 10:14, "Felix Schüren" wrote: >From memory, the MXes by default have a single shared policer across all >