Hey,
> And there don't seem to be a way in Junos how to restrict management-plane
> protocols only to certain interfaces no matter what RE filter says.
> In XR it's as easy as specifying a list of OOB or in-band interfaces against
> a list of management protocols,
In practical life IOS-XR
> Of Drew Weaver
> Sent: Wednesday, July 11, 2018 7:17 PM
>
> Hello,
>
> Is there a list of best practices or 'things to think about' when
constructing a
> firewall filter for a loopback on an MX series router running version 15
of
> Junos?
>
> I'm slowly piecing it together by just 'seeing
> Of Saku Ytti
> Sent: Wednesday, July 11, 2018 8:44 PM
>
> On Wed, 11 Jul 2018 at 22:26, Chris Morrow
> wrote:
>
> > > You might want "payload-protocol" for IPv6, except where you really
> > > want "next-header". This is a case where there's not a definite
> > > single functional mapping from
Yes, I was really talking about "payload-protocol", not "protocol" :)
And this is the point, it didn't work on lo0 whereas it works on "physical"
interfaces.
> Le 11 juil. 2018 à 21:14, Jay Ford a écrit :
>
> You might want "payload-protocol" for IPv6, except where you really want
>
On Wed, 11 Jul 2018 at 22:26, Chris Morrow wrote:
> > You might want "payload-protocol" for IPv6, except where you really
> > want "next-header". This is a case where there's not a definite
> > single functional mapping from IPv4 to IPv6.
>
> unclear why that's important here though? you MAY
On Wed, 11 Jul 2018 15:23:28 -0400,
Saku Ytti wrote:
>
> Hey Chris,
>
> On Wed, 11 Jul 2018 at 22:16, Chris Morrow wrote:
>
> > > a) You can't just limit UDP to 2Mbps on every edge port
> >
> > it's really a limit of 2mbps on each PFE, so ... in some cases that's
> > 2mbps on a port, in some
❦ 11 juillet 2018 18:17 GMT, Drew Weaver :
> Is there a list of best practices or 'things to think about' when
> constructing a firewall filter for a loopback on an MX series router
> running version 15 of Junos?
>
> I'm slowly piecing it together by just 'seeing what is broken next'
> and I
On Wed, 11 Jul 2018 15:14:40 -0400,
Jay Ford wrote:
>
> You might want "payload-protocol" for IPv6, except where you really
> want "next-header". This is a case where there's not a definite
> single functional mapping from IPv4 to IPv6.
unclear why that's important here though? you MAY (and
Hey Chris,
On Wed, 11 Jul 2018 at 22:16, Chris Morrow wrote:
> > a) You can't just limit UDP to 2Mbps on every edge port
>
> it's really a limit of 2mbps on each PFE, so ... in some cases that's
> 2mbps on a port, in some cases not. This is a 'problem' because of the
> architecture of the MX
On Wed, 11 Jul 2018 15:06:43 -0400,
Saku Ytti wrote:
>
> I'd say the filters are all kind of broken.
>
> Just few issues
>
> a) You can't just limit UDP to 2Mbps on every edge port
it's really a limit of 2mbps on each PFE, so ... in some cases that's
2mbps on a port, in some cases not. This
You might want "payload-protocol" for IPv6, except where you really want
"next-header". This is a case where there's not a definite single functional
mapping from IPv4 to IPv6.
Jay Ford, Network Engineering Group,
Have you tried submitting your recommendations to the authors?
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Saku Ytti
Sent: Wednesday, July 11, 2018 3:07 PM
To: cb...@gizmopartners.com
Cc: Juniper List
Subject: Re: [j-nsp] ACL for lo0
One thing to think about, in IPv6:
On MX, one can use "match protocol" (with Trio / MPC cards).
But it's not supported on lo0 filters, where you were / probably still are
restricted to "match next-header", in order to have a filter working as
expected.
> Le 11 juil. 2018 à 20:17, Drew Weaver a
> On Jul 11, 2018, at 1:17 PM, Drew Weaver wrote:
>
> Is there a list of best practices or 'things to think about' when
> constructing a firewall filter for a loopback on an MX series router running
> version 15 of Junos?
>
> I'm slowly piecing it together by just 'seeing what is broken
Hello,
Is there a list of best practices or 'things to think about' when constructing
a firewall filter for a loopback on an MX series router running version 15 of
Junos?
I'm slowly piecing it together by just 'seeing what is broken next' and I have
found some issue specific examples on
Right.
Growing pains I guess. Is anything every bug free? I think the more features
you put into something the more possibility there is for bugs.
Actually I feel this is why when I get comfortable with a version of code and
the platform I tend to camp out there for quite some time and
> Of Jackson, William
> Sent: Wednesday, July 11, 2018 1:28 PM
> To: 'Colton Conor'; Nick Ryce
> Cc: Juniper List
> Subject: Re: [j-nsp] QFX5100 vs ACX5048
>
> > colton.co...@gmail.com>
> > wrote:
> >
> > Gustavo,
> >
> > We you say " Another problem was upgrading to the lastest Junos
I was wondering the same thing in 15.1X54-D51.7 with DHCP-relay on IRB's not
working inside my L3VPN , I mean I was wondering how did that pass internally
testing before it was released. I'm asking that not knowing anything about how
Juniper tests their boxes and code revs... But simply
--- JUNOS 17.4R1.16 Kernel 64-bit JNPR-11.0-20171206.f4cad52_buil
We are running our type approval testing procedure against this version for
eventual deployment on all nodes in our network - MX480, MX960, MX204.
So far everything is positive.
Br,
Niall
Niall Donaghy
Senior Network Engineer
> colton.co...@gmail.com>
> wrote:
>
> Gustavo,
>
> We you say " Another problem was upgrading to the lastest Junos JTAC
> recommended that made the ACX5048 unusable... ( Junos was unable
> to find
> the physical ports..) We had to downgrade to get it back working
> again.."
Nick,
Why does it say
*Resolved In* 16.2R1-S7 16.2R3 17.1R2 17.1R3 17.2R2 *17.3R1*
17.3R1 came before the now current JTAC recommend *17.3R2 right? *
On Wed, Jul 11, 2018 at 6:39 AM, Nick Ryce wrote:
> Sorry I thought I had.
>
>
>
> We hit this
Nick,
Did you find the PR for this memory leak?
On Wed, Jul 4, 2018 at 11:02 AM, Nick Ryce wrote:
> If you use BFD, do not upgrade to 17.3R2 as there is a memory leak. Will
> find the PR.
>
> N
>
> On 04/07/2018, 15:31, "juniper-nsp on behalf of Colton Conor" <
>
Hi
Looking for the stable JunOS version for the MX-204 . Anybody with
recommendations and experience running a fairly stable JunOS version for s
MX-204 ?
ThanksDanny
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
23 matches
Mail list logo
