Re: [j-nsp] Going Juniper

2018-04-17 Thread Ross Halliday
Indeed, I remember our discussions on the topic before! I still haven't made much headway. It's worth pointing out, though, that the "not configured" state can pop up when you least expect it, such as an aggregate filtering action applied after a broadcast storm (which you THOUGHT you fixed,

Re: [j-nsp] Going Juniper

2018-04-17 Thread Jared Mauch
> On Apr 17, 2018, at 7:02 PM, Saku Ytti wrote: > > > DDoS protection out-of-the-box is for all practical purposes not > configured at all, which is unfortunate as that is what most people > run. When configured correctly Trio has best CoPP I know of in the > market, certainly

Re: [j-nsp] Going Juniper

2018-04-17 Thread Saku Ytti
Hey Ross, > The low-end MXes can do a lot of things, but that doesn't mean you SHOULD > necessarily do them. Anything CPU-heavy is a good example. Convergence time > on three full feeds takes about 10-15 minutes in my experience, say in the > case a major upstream drops. This isn't a big deal

Re: [j-nsp] Going Juniper

2018-04-17 Thread Ross Halliday
A little late to the party, but I've been accused of worse. We transitioned our network from Cisco 6500 platform to MX104s, and at the same time converged our Internet Edge onto those MXes too. It's the only Juniper router I'm aware of that actually fits *nicely* into a two-post rack, and they

Re: [j-nsp] IPSEC VPN

2018-04-17 Thread Louis Kowolowski
On Apr 17, 2018, at 2:03 AM, Mohammad Khalil wrote: > > Hi all > > I have configured an IPSEC between my SRX210 and a provider who will > provide monitoring services > The IPSEC is up and running and I can reach from my internal servers (LAN) > to their monitoring servers

Re: [j-nsp] mx960 to mx960 via ciena 6500 - mtu smaller in the middle

2018-04-17 Thread Luis Balbinot
> This issue is my turning up new MX960's that are simply connected together > with Ciena 6500 DWDM for me to have an MTU issue via DWDM is actually a > surprise to me. I pretty much always envisioned wave/lamda dwdm as darn near > like having an actual fiber cable... no, not the case

Re: [j-nsp] mx960 to mx960 via ciena 6500 - mtu smaller in the middle

2018-04-17 Thread Chuck Anderson
It depends if the DWDM gear is purely L1 or if it is doing OTN switching (it will be doing OTN if you are mapping 1 or more lower rate client side signals into 1 or more higher rate line side signals). The latter deals with framing and would have MTU limits. The former would have a 1:1

Re: [j-nsp] mx960 to mx960 via ciena 6500 - mtu smaller in the middle

2018-04-17 Thread Aaron Gould
Lukas, I am learning and continue to learn and continue to ask questions even if I thought I understood it before and realize maybe I don't understand it the way that I did previously... factor into that bad memory, getting older, forgetting, then what you have is a human. This issue is my

Re: [j-nsp] mx960 to mx960 via ciena 6500 - mtu smaller in the middle

2018-04-17 Thread Gert Doering
Hi, On Tue, Apr 17, 2018 at 12:34:18PM +0300, Saku Ytti wrote: > On 17 April 2018 at 11:25, James Bensley wrote: > > > Also you say you have OSPF and LDP up but if you bring up BGP over > > this link you may have issues. BGP packs UPDATE messages up to the TCP > > MSS

Re: [j-nsp] mx960 to mx960 via ciena 6500 - mtu smaller in the middle

2018-04-17 Thread Lukas Tribus
Hello Aaron, On 16 April 2018 at 21:58, Aaron Gould wrote: > See juniper interface MTU is set to max 16000 bytes. but when I ping I can > only get 9584 bytes through to the other side of the link. This mx960 is > linked to another mx960, but Ciena 6500 dwdm is in between the

Re: [j-nsp] mx960 to mx960 via ciena 6500 - mtu smaller in the middle

2018-04-17 Thread Krasimir Avramski
> > If you are carrying the full table for example, then you could end up with > BGP UPDATE messages 16000 > bytes long they won't cross the link. Y Just to mention that rfc4271 states maximum bgp message size of 4096, although there is a draft

Re: [j-nsp] mx960 to mx960 via ciena 6500 - mtu smaller in the middle

2018-04-17 Thread James Bensley
On 16 April 2018 at 20:58, Aaron Gould wrote: > See juniper interface MTU is set to max 16000 bytes. but when I ping I can > only get 9584 bytes through to the other side of the link. This mx960 is > linked to another mx960, but Ciena 6500 dwdm is in between the mx960's. Hi

[j-nsp] IPSEC VPN

2018-04-17 Thread Mohammad Khalil
Hi all I have configured an IPSEC between my SRX210 and a provider who will provide monitoring services The IPSEC is up and running and I can reach from my internal servers (LAN) to their monitoring servers (remote LAN) via ICMP , but they cannot pull any data through my SNMP I have configured

Re: [j-nsp] mx960 to mx960 via ciena 6500 - mtu smaller in the middle

2018-04-17 Thread Gert Doering
Hi, On Mon, Apr 16, 2018 at 05:12:43PM -0400, Justin M. Streiner wrote: > You're better off staying within the limits of what the intermediate gear > will support. Fragmentation and re-assembly if you expect to fill a 16000 > byte frame (or fill one enough to cause fragmentation as the frame