Re: [j-nsp] BGP PIC for inet6

Thanks for that. By the way, this seems to work also, which is more consistent between IPv4 & IPv6: set routing-options rib inet.0 protect core set routing-options rib inet6.0 protect core Jay Ford, Network

Re: [j-nsp] BGP PIC for inet6

Hello For ipv6 set routing-options rib inet6.0 protect core For ipv4 set routing-options protect core David Roy IP/MPLS NOC engineer - Orange France Ph. : +33 2 99 28 57 66 Mob. : +33 6 85 52 22 13 SkypeID : davidroy.35 david@orange.com   JNCIE x3 (SP #703 ; ENT #305 ; SEC #144)

[j-nsp] BGP PIC for inet6

There is Juniper documentation acknowledging the use case of BGP PIC for inet & inet6 unicast, but I can't find a way to enable it for inet6 at Junos 16.2R2.8. Pointers to how to do so would be cool, but confirmation that it isn't supported (yet) would also be appreciated.

Re: [j-nsp] EX3400 or EX4600, and HPE FlexFabric-20/40, QSFP+ DAC's

On Tue, Nov 21, 2017 at 06:28:07AM -0800, Emille Blanc wrote: > Hello folks, > > Trudging through the woes that are cross-vendor compatibility issues, and > failing completely at getting a link between an EX3400 or EX4600, and an HPE > FlexFabric-20/40 F8 card in our c7000 enclosure using an

Re: [j-nsp] EX3400 or EX4600, and HPE FlexFabric-20/40, QSFP+ DAC's

Hello folks, Trudging through the woes that are cross-vendor compatibility issues, and failing completely at getting a link between an EX3400 or EX4600, and an HPE FlexFabric-20/40 F8 card in our c7000 enclosure using an HPE branded QSFP+ 3mtr DAC. That is to say, Juniper on one side, HPE on

Re: [j-nsp] Syslog getting spammed by DDOS_PROTOCOL_VIOLATION_SET

Sorry, I meant the opposite (i.e. the defaults are too high). One that is specially high is the IGMP at 20k. Multicast loops on large layer-2 fabrics (IXPs) will bring down first-gen Trios very easily (can't say the same for the newer ones up to Eagle). On Tue, Nov 21, 2017 at 10:19 AM, Saku

Re: [j-nsp] Syslog getting spammed by DDOS_PROTOCOL_VIOLATION_SET

On 21 November 2017 at 14:12, Luis Balbinot wrote: > The DDoS protection factory defaults are very low in some cases. The > Juniper MX Series book has a nice chapter on that. Do you have an example? Most of them are like 20kpps, which ismore than you need to congest the

Re: [j-nsp] Syslog getting spammed by DDOS_PROTOCOL_VIOLATION_SET

Most likely spoofed traffic or you don't have full tables or a default route. A /18 will pull a lot of unwanted traffic. The DDoS protection factory defaults are very low in some cases. The Juniper MX Series book has a nice chapter on that. On Tue, 21 Nov 2017 at 09:02 Karl Gerhard

Re: [j-nsp] Syslog getting spammed by DDOS_PROTOCOL_VIOLATION_SET

Hi Karl, DDOS subsystem applies only to the traffic destined to the host (router itself) and not transit traffic. When you announce that /18 have you got all destinations of that /18 reachable by the router? Have you got default route ? The graceful way to handle those messages is to

Re: [j-nsp] Syslog getting spammed by DDOS_PROTOCOL_VIOLATION_SET

Hey Karl, Do you have large connected subnet, largely empty? I believe 'resolve' is packet needing ARP resolution. I.e. you got packet to subnet address 192.0.2.42, but it did not have MAC address, so it could not be forwarded, but had to be punted to software for ARP resolution. Because it

[j-nsp] Syslog getting spammed by DDOS_PROTOCOL_VIOLATION_SET

Hello our syslog is getting spammed with the following messages: jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_SET: Protocol resolve:ucast-v4 is violated at fpc 11 for 1389 times jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol resolve:ucast-v4 has returned to normal.