[j-nsp] JunsOS event for PPPoE interface acquiring address

ss?* Cause, as I've said, I can see the distinction between interface state and acquiring address (think of ethernet and DHCP) but than, how we're supposed to capture that distinction in JunOS event policy? Feel free to share you thoughts. Thank

[j-nsp] Static Route within L3VPN with static-lsp-next-hop

esolve tree 3 3-rt-export AS path: I All static-route examples i found used lsp-next-hop only in default routing-instance and not in a VRF. I would be interested in whether it can be configured that way and if not, how can i do such nasty kind of traffic engineering

Re: [j-nsp] Advertisement of VRRP IP in an EVPN with IRB setup

. That's what i was looking for. I already got an reply offlist that mentioned virtual-gateway-address Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Advertisement of VRRP IP in an EVPN with IRB setup

168.202.62; priority 200; fast-interval 200; accept-data; authentication-type md5; authentication-key "$9$L2N7w2oJDH.5BI"; ## SECRET-DATA } } }

Re: [j-nsp] Rate selectability on MPC7E-MRATE

Many thanks Charlie. It seems that calculation doesn't belong to my main skills ;-) Please forgot my questions... Regards, Alex 14x 10 = 140 2x 1C = 200 total 340 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net

Re: [j-nsp] Rate selectability on MPC7E-MRATE

wn xe-5/1/4:3 updown >You can't oversubscribe the capacity of the MPC7 card. Yes, i know. In my setup, i would use 14x 10G + 2x100G on pic 1 in maximum which sums up to 240G, means no oversubscription. Regards, Alex we have some MX-Routers (MX480 and MX960) with MPC7E-MRATE li

[j-nsp] Rate selectability on MPC7E-MRATE

speed 10g; } port 5 { speed 10g; } } } Thanks in advance for your replies. Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX4600 or QFX5110

Thank you for that link, it's quite useful. Would someone be able to confirm if EVPN with VXLAN data plane encapsulation would require or not the Advanced Feature Licenses, EX4600-AFL license? Thanks, Alex ‐‐‐ Original Message ‐‐‐ On Friday, March 15, 2019 11:14 PM, Anderson, Charles R

Re: [j-nsp] EX4600 or QFX5110

, but the datasheet does not mention VXLAN or EVPN anywhere. Can people confirm if the EX4600 does support EVPN, SPB, TRILL, FABRIC or just VXLAN? Thanks, Alex ‐‐‐ Original Message ‐‐‐ On Wednesday, March 13, 2019 6:37 PM, Andrey Kostin wrote: > Hi guys, > > My 0.02: we use QFX5100 in VC and it

[j-nsp] EX4600 or QFX5110

to be supported). And I have been told to either use VC or VCF rather than MC-LAG. Any suggestions? Thanks, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Manually creating a static route (or access route) in a DHCP dynamic subscriber management environment

, that doesn't work for static routes. That seems to be feasible for routes learned from a subscriber by dynamic routing protocols. Thanks anyway for your help. Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https

[j-nsp] Manually creating a static route (or access route) in a DHCP dynamic subscriber management environment

oth 192.1.2.0/29 *[Access/13] 00:00:35 Private unicast Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Running MX480 without craft interface

It is. https://www.juniper.net/documentation/en_US/release-independent/junos/topics/concept/mx480-fru-overview.html

[j-nsp] Running MX480 without craft interface

to be ordered separately. Does anybody know if the craft interface is "hot swapable" and i can initialy run the MX480 without it ??? I would order the missing craft interfaces as soon as possible and install them afterwards without rebooting the router (if possible). Re

[j-nsp] MX VC once again

. Hence, I'll glad to know is there any procedures/experience out there, that ultimately states that you cannot do X, without talking the whole VC down. Especially for practical reasons (documentation wise on such occasions, you don't have to). Thank you. Alex

Re: [j-nsp] GRE on MX960

Thank you Saku, that make sense then. Thanks, Alex ‐‐‐ Original Message ‐‐‐ On Monday, 31 December 2018 16:58, Saku Ytti wrote: > Hey Alex, > > DPC(E) needs to spend entire PFE for tunneling, all front-plate ports > on that PFE will be disabled. > > MPC can do

[j-nsp] GRE on MX960

traffic on all interfaces. The same configuration on fpc 1 pic 0-3 seems to work. Is there a trick or something to be aware of? Thanks, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SSD in RE-S-2000-4096

Hi, Anybody got any success using aftermarket SSD in a RE-S-2000-4096 to replace the mechanical disk? If so, which model have you used? Thanks, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo

Re: [j-nsp] Set 802.1p bits for DHCP packets generated from the routing-engine

Hi Saku, On Thu, 20 Dec 2018 at 14:24, Alex D. wrote: Hey Alex, i tried that, but as mentioned, it didn't work. For testing purposes, i configured a "log all" as first term: term log-all-re-traffic { then log; } DHCP packets from routing-engine to the DHCP-server and DHCP pa

Re: [j-nsp] Set 802.1p bits for DHCP packets generated from the routing-engine

a specific 802.1p-Bit (VoIP=5, HSI=0,...) on our OLT and therefore the DHCPREQUEST/DHCPDISCOVER arrive with different p-bits. I hope I could bring a little light into the dark ;-) Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether

[j-nsp] Set 802.1p bits for DHCP packets generated from the routing-engine

ding on the routing instance or other criteria). Does anybody know if there's another way to set IEEE 802.1p values except 'set class-of-services host-outbound-traffic' and should it normaly work with a firewall-filter ? Thanks in advance. Regards, Alex ___

Re: [j-nsp] Licenses needed for inline J-Flow

Hmmm, I just recently turned on inline jflow on my mpc7e-mrate in a MX960, and I don’t think I did anything with a license. Aaron Hi Aaron, that's correct. It works without installing a license. As Nick stated, they're trust-based. Regards, Alex On Nov 7, 2018, at 3:49 PM, Alex D. wrote

[j-nsp] Licenses needed for inline J-Flow

, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SD-WAN: Juniper SRX & CSO

to design and support my implementation. Best regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Access to junos downloads

downloads without breaking the bank? I welcome any feedback in private email as well. Many thanks, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] EX4500 and Nexus 5K STP

for clean interop or if I also need RSTP enabled and the native vlan id configured the uplink to handle STP on the Cisco native vlan 1. Experience and insights are highly appreciated. Thanks, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https

Re: [j-nsp] EVPN with IRB and static routing

{ from protocol evpn; then accept; } Now, it seems to work. I will do further testing, but currently it looks fine. Many thanks for you hint. Regards, Alex P.S.: Sadly, this behavior is not in mentioned in Juniper documentation ___ juniper-nsp mailing

Re: [j-nsp] EVPN with IRB and static routing

Type RtRef Next hop Type IndexNhRef Netif a.b.c.d/n user 0indr 1048944 2 x.x.x.x hold 1872 3 irb.1002 But which host routes do you mean ? Hos

Re: [j-nsp] EVPN with IRB and static routing

| | | +---+ +---+ | ++ | | | | | | +--+ |DMZ network | +--+ Regards, Alex Am 19.04.2018 09:11, schrieb Nitzan Tzelniker: Can you add show evpn database from both MXs In any case can you try to paste a diagram I am not sure I fully understand your topology I have SRX

[j-nsp] EVPN with IRB and static routing

with EVPN with IRB and static routing ? - does someone have a similar, but working setup If you need more informations, a more detailed and non-anonymized configurations or some output of show commands, feel free to ask. I will provide them accordingly. Thanks in advance. Regards, Alex

[j-nsp] Juniper MX w/ macSEC

Hello, Does anybody have experience of using macSEC on Juniper MX240 with RE-S-1800x4-32G and 10G linecards? Is there a big performance/latency hit to be expected when pushing 10-20G? With thanks, Alex Sent with [ProtonMail](https://protonmail.com) Secure Email

Re: [j-nsp] Subscriber Management with RADIUS authentication question

Hello Alex, You use the delete-binding-on-renegotiation statement to override the default action, and to specify that DHCP tear down the existing matching client entry and to process the message as a new client entry. https://www.juniper.net/documentation/en_US/junos/topics/reference

[j-nsp] Subscriber Management with RADIUS authentication question

inding. Does anybody knows this problem and is there a configuration option to "fix" it ? Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Anyone uses Adaptive Load Balancing?

Hello Michael, Thank you for sharing your experience. It's really useful. Alex. בתאריך 20 בנוב' 2017 17:11,‏ "Michael Hare" <michael.h...@wisc.edu> כתב: > Alex- > > I've used it AS wide in 14.1 for ~2+ years without observing any negative > side effects. My main

Re: [j-nsp] Anyone uses Adaptive Load Balancing?

Hello Daniel, Thank you. My scenario close to yours, hence I glad to know this thing really works. Alex. בתאריך 25 בנוב' 2017 9:36 AM,‏ "Daniel Rohan" <dro...@gmail.com> כתב: Same. Worked fine on 4x10Gb ring with large research flows. On Mon, Nov 20, 2017 at 7:11 AM, Michael

Re: [j-nsp] Anyone uses Adaptive Load Balancing?

his. We ran into > one and this solution worked. > > Serge > > > On Fri, Nov 17, 2017 at 6:36 PM, Alex K. <nsp.li...@gmail.com> wrote: > >> Hello everyone, >> >> A customer of mine, is looking forward for a technology able to load >> balance a t

Re: [j-nsp] MACsec over a service provider

as I remember the deployment, most of the circuits were fine with regular (i.e. LAN) MACSec. But some required the WAN flavor. Hence wouldn't have worked with J-gear. Anyhow, I glad you were able to sort it out. Best regards, Alex. בתאריך 18 בנוב' 2017 1:43 AM,‏ "Chuck Anderson" <c...

Re: [j-nsp] Anyone uses Adaptive Load Balancing?

Hello Giuliano and thank you. It would be MPLS traffic and Juniper facing Juniper. בתאריך 18 בנוב' 2017 1:08 AM,‏ "Giuliano C. Medalha" <giuli...@wztech.com.br> כתב: > Alex > > What type of traffic ? > > MX is very good for load balance because of TRIO chipset .

Re: [j-nsp] MACsec over a service provider

* As long as you have pure p2p links, you should be fine - Juniper gear meant. בתאריך 18 בנוב' 2017 1:20 AM,‏ "Alex K." <nsp.li...@gmail.com> כתב: > Yes, > > But unfortunately (as far as j-nsp is considered), using Ciscos' gear. > > Cisco has a special flavor

Re: [j-nsp] MACsec over a service provider

should be fine. Unfortunately, I'm not aware of any similar Juniper technique. Best regards, Alex. בתאריך 27 באוק' 2017 5:23 PM,‏ "Chuck Anderson" <c...@wpi.edu> כתב: Has anyone been able to run MACsec over a service provider's Ethernet Private Line (or even just a 802.1q vla

[j-nsp] Anyone uses Adaptive Load Balancing?

Hello everyone, A customer of mine, is looking forward for a technology able to load balance a traffic across a LAG. The LAG in question comprised of Ethernet link and can grow from a few links (4) to say, 20 - as required bandwidth grows. The gear is MX boxes. Since I'm familiar with adaptive

Re: [j-nsp] Output filter on discard interface doesn't work as expected

Am 13.03.2017 15:01, schrieb Michael Hare: Any more details on platform or version you can share? I'm doing this on MPC4 in 14.1 with no issues. I first tested my setup with a virtualized olive, but in the meanwhile i also tried my configuration on MX240 with DPCE running JUNOS 12.3.R8.7 and

Re: [j-nsp] Output filter on discard interface doesn't work as expected

Am 10.03.2017 16:27, schrieb Karsten Thomann: Hi, Already tried to set the firewall filter as input on dsc.0? Yes, i already tried that. Also no success. According to the Juniper documentation, it definitely must be applied as an output filter. Regards, Alex

[j-nsp] Output filter on discard interface doesn't work as expected

ts-em0.0-i 166290 2086 Any suggestions, why my firewall filter with count action doesn't work ? Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Debug ip packet equivalent for directed at RE traffic

*Chris* בתאריך 28 בנוב' 2016 10:08 PM,‏ "Alex K." <nsp.li...@gmail.com> כתב: > Thank you Tim, > > But it's not as easy. There seems to be no easy explanation, hence I'm > interested in a trace option that will shed a little bit more light, on how > EX process the p

Re: [j-nsp] Debug ip packet equivalent for directed at RE traffic

8 Nov 2016 19:17:41 +, > "Alex K." <nsp.li...@gmail.com> wrote: > > > > Thank you Tim and Chris, > > > > But correct me if I'm wrong - those are not quite the same thing. > > > > There's no doubt packets are reaching the box (I have PC conne

Re: [j-nsp] Debug ip packet equivalent for directed at RE traffic

ace option to show why an EX decided it shouldn't answer with reply (from its own address)? בתאריך 28 בנוב' 2016 8:45 PM,‏ "Tim Jackson" <jackson@gmail.com> כתב: > monitor traffic interface ge-0/0/0 size no-resolve layer2-headers > extensive > > -- > Tim >

[j-nsp] Debug ip packet equivalent for directed at RE traffic

Hello everyone, By any chance - is there an equivalent for Ciscos' "debug ip packet" command in Juniper? I'm fully aware that there is a complete distinction between forwarding layer and control layer, in those devices - But, I'm taking specifically about traffic TARGETING the box itself. I'm

Re: [j-nsp] Encrypted MPLS between MXes

Yes, sounds great. But as far as Juniper documentation is concerned, MIC-3D-20GE-SFP-E only supports MACSec. Am I missing something? בתאריך 27 במרץ 2016 21:32,‏ "Tim Jackson" כתב: > That's good news to hear.. Today EX4600 was my solution, and it actually > works quite

[j-nsp] Encrypted MPLS between MXes

Hello everyone, I was just wondering if there's a new way to encrypt MPLS traffic between MX boxes without the good old encrypted GRE? MPLS over encrypted MACSec links, encrypted internal tunnels between logical systems, everything goes. If that was your network, what's the craziest idea you'd

Re: [j-nsp] MPC4D-32*GE Major Alarms

ur network. בתאריך 17 בפבר' 2016 17:12,‏ "Timur Maryin" <timamar...@mail.ru> כתב: > Hi Alex, > > Maybe this > http://kb.juniper.net/KB23173 ? > > > On 16-Feb-16 10:31, Alex K. wrote: > > As for the documentation, let begin with some knowledge base article

Re: [j-nsp] MPC4D-32*GE Major Alarms

" <sw...@juniper.net> wrote: > Hi Alex, > > When there is an alarm raised on the FPC, there must be an issue. If the > issue is an obvious one, for example, sensor failure, you can always see > that from the messages log and that should be good enough to determine if

Re: [j-nsp] MPC4D-32*GE Major Alarms

il.com> wrote: > That should give you some indication of which subsystem is having problem. > > Also, check if there are no core-dumps generated fornthe FPC. > > Without additional information will be very hard to pinpoint where to look. > > On Sunday, 14 February 2016

Re: [j-nsp] MPC4D-32*GE Major Alarms

Hello Diogo, I'm currently not on site, so I'll definitely try it when I'll get there. Now I'm considering a plan of actions. What should I look for in that command? Thank you. On 14 Feb 2016 10:00, "Diogo Montagner" <diogo.montag...@gmail.com> wrote: > Alex, > > Wh

Re: [j-nsp] MPC4D-32*GE Major Alarms

te gets > cleared and that requires a reboot treatment to the RE (yeah Routing engine > :) > > I think chassisd (a daemon) not getting signaled from the relevant other > processes when the states get cleared. > > On Sun, Feb 14, 2016 at 6:39 PM, Alex K. <nsp.li...@gmail.com> w

[j-nsp] MPC4D-32*GE Major Alarms

Hello everyone, For some time now, one of my customers are getting "major alarms" from the MPC mentioned above on one of their MX960s. The issue is that nothing more than that message (+alarm) seems to be present. Nothing preceding that error, neither in "log messages" nor in "chassisd". There

Re: [j-nsp] MPC2E NG doesn't come online with SCBE2 and JUNOS 14.1R6.4

Am 08.02.2016 13:06, schrieb Ola Thoresen: On 08. feb. 2016 12:57, Alex D. wrote: Hi, i currently have a problem that my newly purchased MPC2E NG doesn't come online with JTAC recommended JUNOS 14.1R6.4 in an MX240 chassis with SCBE2. You probably have to install the JAM-software. http

[j-nsp] MPC2E NG doesn't come online with SCBE2 and JUNOS 14.1R6.4

dm@MX# run show chassis network-services Network Services Mode: IP Does anybody know how to fix this issue? Thanks in advance. Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX240 for route-reflector?

Hello all, One of my colleagues suggested using SRX240 us a route-reflector in our network. Since I've never seen SRX in such deployment, I'll be glad to know your opinion on that. The requirements are - MPLS VPN, L2VPN support (both VPLS and Pseudo wires) and multicast VRFs support. It is

[j-nsp] Port-Mirroring on auto-configuration interfaces

-name { managed-configuration; other-stateful-configuration; prefix ::/0 { no-on-link; no-autonomous; } } } } } Regards, Alex

Re: [j-nsp] chassisd[1299]: %DAEMON-3: rtslib: ERROR Failed to allocate new block of size 16384

2 routers (also M10i with same JUNOS installed). Regards, Alex Am 11.07.2014 06:18, schrieb Morgan McLean: Other KB articles with similar failed to allocate block errors point to memory related issues and recommend restarting the routing engine. Any log messages that came up right before

Re: [j-nsp] chassisd[1299]: %DAEMON-3: rtslib: ERROR Failed to allocate new block of size 16384

Hi Siva, yes i am using CFEB. Many thanks for pointing me out to PR718652. I think i will upgrade all M10i running 10.4R8.5 to the currently recommended JUNOS release (12.3R6.6 i think) Regards, Alex Am 11.07.2014 14:58, schrieb MSusiva: Hi Alex, Are you using CFEB on this node? You might

[j-nsp] chassisd[1299]: %DAEMON-3: rtslib: ERROR Failed to allocate new block of size 16384

it means ? Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] MX-Series supported transceivers

12.3R4.6 Regards Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Fwd: Re: MX-Series supported transceivers

who really knows it. Regards and thanks in advance Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] proposed changes to clear bgp neighbor

+1 I fully support this change. Regards, Alex Am 26.02.2014 16:36, schrieb Phil Shafer: Juniper users, We've been asked to make a change the clear bgp neighbor command to make the neighbor or all argument mandatory. The root cause is the severe impact of clear bgp neighbor and the increasing

Re: [j-nsp] sshd log messages !!

family inet filter Access term AllowOutboundSSHReturn then accept HTH Thanks Alex On 27/02/2014 12:13, Harri Makela wrote: Model: j6350 JUNOS Software Release [10.4R4.5] Following is the current configuration that we have for ssh:- set system login user xxx authentication ssh-rsa ssh-rsa

Re: [j-nsp] sshd log messages !!

destination } OR { any source, X.X.X.X/16 destination} ) AND ( { any src.tcp.port, 22 } OR { 22, any dst.tcp.port} ) Which means that if X.X.X.X/16 includes any local IP address, then any host on internet can send SSH packets to this router. Hope this makes sense. HTH Thanks Alex On 27/02/2014

Re: [j-nsp] RSVP neighbor sequence changes

Duplicate IP on this shared segment? Just my guess... HTH Thanks Alex On 04/02/2014 14:38, Eric Van Tol wrote: Hi all, Two sets of routers in my network keep logging the following message: rpd[1559]: RPD_RSVP_NBRDOWN: RSVP neighbor x.x.x.x down on interface ae0.1 nbr-type Direct, neighbor seq

Re: [j-nsp] MX ping - ToS overrided

You are monitoring ToS in ICMP ECHO REPLY, not request. And that can be set/overridden anywhere by QoS policies, i.e. - on Google DNS server 8.8.8.8 itself - on any transit network HTH Thanks Alex On 22/01/2014 14:21, Arash Alizadeh wrote: Hi, I'm experiencing issues when initating ToS ping

Re: [j-nsp] fxp0.0 interface match in firewall filter doesn't work in JUNOS 12.3R5.7

fxp0.0. Thanks Alex On 21/01/2014 01:35, Tore Anderson wrote: This is a heads-up to anyone planning to upgrade to 12.3R5.7, especially if you don't have easy access to the serial console, but only a firewall term such as: term allow-oob-management { from { interface fxp0.0

Re: [j-nsp] M-series IPSEC / SP interface and VRF

And what happens if You ping a destination IP known via BGP across the tunnel but with different src.ip? ping routing-instance VRFname dst.ip source whatever This src.ip must be known by/reachable from far end. HTH Thanks Alex On 17/12/2013 20:40, Scott Harvanek wrote: BGP is running

Re: [j-nsp] M-series IPSEC / SP interface and VRF

knob. HTH Thanks Alex On 17/12/2013 16:08, Scott Harvanek wrote: So this works to establish the tunnels, the problem is, BGP received routes over the tunnel do not function correctly. The routes are properly installed in the VRF but traffic to those destinations does not pass correctly. Does

[j-nsp] Double-Tagging on MX-Series

-VLAN 702 -- family inet { address } -- C-VLAN 703 -- family inet { address } Can anyone provide a template or some weblinks which explains configuring interfaces accordingly to my example ? Many thanks in advance Regards, Alex

Re: [j-nsp] Double-Tagging on MX-Series

[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Josh Hoppes Sent: Wednesday, December 11, 2013 4:21 PM To: Alex D. Cc:juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Double-Tagging on MX-Series http://www.juniper.net/techpubs/en_US/junos12.3/topics/usage-guidelines/interfaces-binding-a-vlan-id

[j-nsp] Flow-Taps on MX80-48t

Hi guys, is it possible to use flow-taps for lawful interception on MX80-48t ? Does it require a MS-MIC-16G ? Thanks in advance... Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper

Re: [j-nsp] M-series IPSEC / SP interface and VRF

: m120 Model: m120 JUNOS Base OS boot [10.4S7.1] HTH Thanks Alex On 12/11/2013 16:05, Scott Harvanek wrote: Anyone with any ideas on this? Scott H. On 11/9/13, 12:58 PM, Scott Harvanek wrote: Is there a way to build a IPSec tunnel / service interface where the local gateway is NOT in the same

Re: [j-nsp] M-series IPSEC / SP interface and VRF

then migrate to next-hop-style IPSec and place inside sp-* unit into the VRF leaving outside sp-* unit in inet.0. HTH Thanks Alex On 12/11/2013 16:35, Scott Harvanek wrote: Alex, Yea, tried this but it looks like you can't set it to the default inet.0 instance, only to things different

Re: [j-nsp] J-series, hoping packets between routing-instances

are not supported in SRX cluster. HTH Thanks Alex On 07/11/2013 14:37, Mike Williams wrote: Hi all, I might have painted myself into a corner here, so I'm here looking for options from people far cleverer than I. Firstly, a bit of history. We're using J6350s, and SRX650s, as security devices

Re: [j-nsp] MX-80 as a BRAS and as a LAC

to terminate on your MX80 ? Keep in mind, that there is a limit of 16.000 IFLs. When you plan to use hierarchical qos, better go to a bigger platform. Regards, Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman

Re: [j-nsp] l2circuit to bridge domain

routing instance-type virtual-switch (VS) + bridge-domain (BD) inside that VS. One limitation is that You cannot do VLAN manipulation in the middle between l2circuit and BD whereas You can on a physical cable loop. HTH Thanks Alex On 14/10/2013 19:31, Michail Litvak wrote: Hello, I have l2

Re: [j-nsp] l2circuit (martini) vlan-mismatch

'. Use explicit encapsulation-type ethernet under [protocols l2circuit interface ] and You won't be seeing this mismatch. On both sides of course. HTH Thanks Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net

Re: [j-nsp] R: RE : multicast issue

doing commit slightly varies. What would be more important is to monitor whether this difference changes with time which indicates packet loss. HTH Thanks Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman

Re: [j-nsp] Logging usage on an SRX with UTM

#WEBFILTER_URL_BLOCKED Regarding and who - the WEBFILTER syslog messages contain only the src.IP, correlation to username is manual at this stage. HTH Thanks Alex - Original Message - From: Skeeve Stevens skeeve+juniper...@eintellegonetworks.com To: juniper-nsp@puck.nether.net Sent: Sunday

Re: [j-nsp] SLAX script, redefining variables

means that only IFLs whose name XML tag matches a string stored in variable $if will be processed. HTH Thanks Alex - Original Message - From: Tom Storey t...@snnap.net To: juniper-nsp@puck.nether.net Sent: Friday, June 07, 2013 9:54 AM Subject: [j-nsp] SLAX script, redefining variables

Re: [j-nsp] routing instances - ospf - summarization

-5|7 are created in 1st place). HTH Thanks Alex - Original Message - From: n f pkc_...@yahoo.fr To: juniper-nsp@puck.nether.net Sent: Wednesday, June 05, 2013 6:57 AM Subject: [j-nsp] routing instances - ospf - summarization Hi all, I'm running junos 11.4 on a cluster of srx devices

Re: [j-nsp] SRX 3600 dropped packets - how to debug?

. And all of them will be dropped unless You enable full cone NAT. HTH Thanks Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Unable to ping all NE when MAC are learned in Bridge group

gARP is not reliable and Your NE devices' ARP cache still contains old MAC from old default GW. You have to revisit them one by one and clear their arp caches, or change IRB MAC to that of old default GW' MAC. HTH Thanks Alex - Original Message - From: Jason Fortier jasoncfort

Re: [j-nsp] next-hop driving me crazy

Works fine for me in the lab on MX80+JUNOS 12.3 ( I use BGP-LU though, too busy to change to regular inet unicast:-) [edit logical-systems MX2-RR] aarseniev@mx80# run show route logical-system MX2-RR protocol bgp extensive inet.0: 29 destinations, 30 routes (27 active, 0 holddown, 2 hidden)

Re: [j-nsp] SNMP on logical-system fxp0

with separate auth/enc keys for RE0 and RE1. Many thanks Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SNMP on logical-system fxp0

principles as their production networks - never flat L2, routed hops, every site has at least 1 (often 2 or multi-staged) firewall(s) protecting the rest of the OOB domain from rogue elements. HTH Thanks Alex ___ juniper-nsp mailing list juniper-nsp

Re: [j-nsp] SNMP on logical-system fxp0

in ASIC and transiting via RE (for the purpose of being encrypted) is NOT in HW. It would be classified as HW-assisted. Thanks Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SNMP on logical-system fxp0

. Inband for SNMP - unless You want subsecond counter updates (for realtime billing maybe?) then no. And I already answered Your points regarding SNMP in HW my other email. Thanks Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https

Re: [j-nsp] SNMP on logical-system fxp0

- Original Message - From: Pavel Lunin plu...@senetsy.ru To: juniper-nsp@puck.nether.net Sent: Thursday, April 25, 2013 5:48 PM Subject: Re: [j-nsp] SNMP on logical-system fxp0 25.04.2013 19:04, Alex Arseniev wrote: Netflow does NOT require encryption as standard (SNMPv3 does

Re: [j-nsp] SNMP on logical-system fxp0

- Original Message - From: Pavel Lunin To: Alex Arseniev Cc: juniper-nsp Sent: Thursday, April 25, 2013 9:56 PM Subject: Re: [j-nsp] SNMP on logical-system fxp0 In a big enough network — anything. Broken NMS (it turns out to happen more often than I could think

Re: [j-nsp] Speed

Use TCP Optimizer to increase WSCALE/RWIN on Windows hosts to achieve better TCP perf http://www.speedguide.net/downloads.php Thanks Alex - Original Message - From: Saku Ytti s...@ytti.fi To: juniper-nsp@puck.nether.net Sent: Monday, April 08, 2013 8:13 AM Subject: Re: [j-nsp] Speed

Re: [j-nsp] srx event-options

This part won't work: execute-commands { commands { set interface ge-0/0/3 disable; commit; Same holds true for delete interface disable. You will need a commit script. HTH Thanks Alex - Original Message - From: Luca Salvatore l

Re: [j-nsp] srx event-options

after changing the interface name in the script itself. Thanks Alex - Original Message - From: Brian Johnson bjohn...@drtel.com To: Diogo Montagner diogo.montag...@gmail.com; Luca Salvatore l...@ninefold.com Cc: juniper-nsp@puck.nether.net Sent: Monday, March 18, 2013 1:28 PM Subject

Re: [j-nsp] VLAN bundles in CCC

is not done. HTH Thanks Alex - Original Message - From: Eric Van Tol e...@atlantech.net To: juniper-nsp@puck.nether.net Sent: Wednesday, March 13, 2013 11:27 AM Subject: [j-nsp] VLAN bundles in CCC Greetings everyone, I'm trying to configure a list of VLANs on an interface and include

Re: [j-nsp] thoughs on MVRP?

If you don't need to run STP on these VLANs, why not use QinQ/dot1q-tunneling? http://kb.juniper.net/InfoCenter/index?page=contentid=KB21686actp=RSS Saves you Thanks Alex - Original Message - From: Luca Salvatore l...@ninefold.com To: juniper-nsp@puck.nether.net Sent: Sunday, March 03

  1   2   3   >