Re: [j-nsp] Thanks for all the fish

Shall we start taking bets on what stays, and what goes? Here’s my List: Stays: PE/Edge Routing (MX/Trio) - Stays and continues development. Reasons stated already in this thread. It’s the Swiss army knife to solve $things-you-didn’t-even-know-you-needed-to-do for some future corner case, and

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory - Resolved

Indeed. Apologies to all --- I too got an update from JNPR on the "show route" vs "show routing" CLI conflict a few weeks ago in early September -- but forgot to share it here. CASE; 2023-0719-733950 Synopsis: "show route" and "show routing" operational mode CLI conflict - JunOS 21+ Root

Re: [j-nsp] Q. Is anyone deploying TCP Authentication Option (TCP-AO) on their BGP peering Sessions?

FWIW -- We've asked for that feature now in any RFP/RFQs we send to the usual gang of $vendors. Thats our method to get adoption, else they get a black-mark/non-comply in the [BGP section] when it comes time to score the responses. - CK. > On 27 Sep 2023, at 10:49, Barry Greene via

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory...

Hi Jeff I'll open it with my SE here in Australia (Mark Barrett). Will advise once complete. - CK. > On Jul 19, 2023, at 01:24, Jeff Haas via juniper-nsp > wrote: > > > Juniper Business Use Only > On 7/12/23, 12:11 PM, "Jeff Haas" > wrote: >> On 7/12/23, 11:46

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory...

+1 Mark! As any good problem begs for a solution, my suggestions to JNPR are as follows, as alternative places for this command: "show route transport-class ..." (or really, is it even a routing thing? might be better w/the segment-routing or spring commands)i.e.: "show segment-routing ..."

Re: [j-nsp] JunOS RPKI/ROA database in non-default routing instance, but require an eBGP import policy in inet.0 (default:default LI:RI) to reference it.

ken going the other way, so I've > had to enumerate all of the routing-instances that I want to be sure have a > copy of the validation DB to get them to work correctly. Maybe the other way > will work in your case. > > David > >> On Jun 4, 2023, at 7:52 PM, Chris Kawchuk vi

[j-nsp] JunOS RPKI/ROA database in non-default routing instance, but require an eBGP import policy in inet.0 (default:default LI:RI) to reference it.

Hi All Been scratching my head today. As per Juniper's documentation, you can indeed setup RPKI/ROA validation session inside a routing-instance. You can also have it query against that instance on an import policy for that VRF specifically, and if there's no session, it will revert to the

Re: [j-nsp] vlan-tagging on ospf interface

I also suspect that the OP is running "vMX"... due to the hostname on his routers. And If he's running vMX on ESXi, using vSwitch/VMXNET3, did you actually set the underlying vSwitch to MTU=9000 and VLANID=4095, such that the hypervisor will Pass VLAN Tags? The vSwitch will not pass inbound

Re: [j-nsp] MX Reboot with Reason, panic:data storage interrupt trap

Im aware that the MX80's Flash can get worn out over time. Ive had to replace a few MX80s flashes with a compatible 3rd party USB/Flash to get them back up and running. (yes, voids warranty field-stripping an MX80 to get at the 2 flash modules in the rear area of the motherboard) -- but it

Re: [j-nsp] SRX100H

SRX100H is EOL. They don't even list the software for it anymore on that main "recommended versions" page anymore as of this month. >From memory, the max version you can load is JunOS 12.1X46-something due to >the lower memory versus the H2 variant. If you can find the H2 variant, you can use

Re: [j-nsp] MX960 vs MX10K

Only question is if it needs stateful-ness or not (IPSEC, CGNAT etc...), but only the OP can answer that. - CK. > On 5 Mar 2020, at 2:39 pm, Mark Tinka wrote: > > > > On 5/Mar/20 05:32, Chris Kawchuk wrote: > >> Just to chime in --- for scale-out, wouldn't you be

Re: [j-nsp] MX960 vs MX10K

Just to chime in --- for scale-out, wouldn't you be better offloading those MS-MPC functions to another box? (i.e. VM/Dedicated Appliance/etc..?). You burn slots for the MSMPC plus you burn the backplane crossing twice; so it's at worst a neutral proposition to externalise it and add low-cost

Re: [j-nsp] QFX10K port shaping

Assuming all your traffic is BE, (which is how I generally setup all my QFXes and ensure I never oversubscribe) and after adjusting all the ingress and egress shared-buffers from the defaults, (and just go down to a few HQ queues), you can create a scheduler with a shaper on the BE queue, +

Re: [j-nsp] arp from correct IP address

Ran into the same bug. $junos-preffered-source-address for an unnumbered for BNG functions does NOT return the "closest/must suitable address" based on the IP+Subnet that was given the subscriber... contrary to the BNG template doucmentation. It just defaults the actual loopback of the router.

Re: [j-nsp] trying to add double tagged interface and getting errors

Remove the pop-pop and push-push statements against unit xe-0/1/1.300. JunOS will auto magically "remove" and "add" the VLAN tags to the VPLS attachment circuit; since you have declared "vlan-id none" in the VPLS definition. (no tags) It's basically saying "don't try to do manual vlan tag

Re: [j-nsp] VLAN in SNMP Interface Table

Using the basic SNMP IfMib for per-vlan stats on a switching interface: EX - No. Just per-port stats. QFX - You can declare a sub-unit but per-vlan, but the unit's counters dont increase MX - Yes, per sub-unit stats, but you need to declare the units as encapsulation vlan-bridge and manually

Re: [j-nsp] Ex8208 TRAP

Your dates are all over the place May 19, then Jun 14, then back to May 19th... Your SFP lost optics. Low power. So.. what have you done to troubleshoot this w/your optical carrier or fibre provider, besides post on j-nsp? - CK. On 20 May 2018, at 3:44 pm, Mohammed Abu Sultan

Re: [j-nsp] MX204

Here's my setup FWIW: (same as Mark's last example), broken out by MIC for clarity. MIC 0: 100G, 100G, 4x10G, 4x10G, MIC1: 8x10G On 15 May 2018, at 9:53 am, Eric Krichbaum wrote: > 3x 40G + 8x 10G > > -Original Message- > From: juniper-nsp

Re: [j-nsp] MX204

Testing 2 x MX204's in the JNPR Lab at the moment. Have 1 on order and 5 more to come. - CK. On 15 May 2018, at 3:41 am, Bill Blackford wrote: > Anyone using MX204? > > Thoughts? > > Benefits / Drawbacks? > > Thank you in advance. > > B > >

Re: [j-nsp] Juniper UDP Amplification Attack - UDP port 111 ?

Hey Pierre, Yep Agreed -- this goes back to Saku Ytti's et al's discussion ([j-nsp] DDoS to core interface - mitigation) a few weeks back re: IP block used just for infrastructure...and either filter it, rate-limit it, or simply don't announce it. Sage advice. Note that this was a lab-box on

Re: [j-nsp] Juniper UDP Amplification Attack - UDP port 111 ?

-else" logic as I should have done in the first place. =P ...thats what happens when you do things in a rush. - CK. On 16 Mar 2018, at 1:06 pm, Roland Dobbins <rdobb...@arbor.net> wrote: > > On 16 Mar 2018, at 8:59, Chris Kawchuk wrote: > >> Just a heads

[j-nsp] Juniper UDP Amplification Attack - UDP port 111 ?

Just noticed this today: chr...@vmx1.mel-lab1> monitor traffic interface xe-0/0/0 no-resolve size 1500 matching "not port 22" verbose output suppressed, use or for full protocol decode Address resolution is OFF. Listening on ge-0/0/0, capture size 1500 bytes 01:50:20.710920 In IP

Re: [j-nsp] Stiching L2 to L3 on MX480

Correct. With the LT- method you'd have the same problem. You'd have to stitch every L2CKT to an LT-0/0/0.x then from LT-0/0/0.y (it's partner) to the L3VPN; so lots of config there too. Likewise, LT- interfaces are bandwidth-constrained (as they use PFE bandwidth to send the packet through

Re: [j-nsp] Stiching L2 to L3 on MX480

1. Use VPLS and add a LDP "Mesh-group" to it -- this extends the L2CKT from the ACX via standard Martini/L2CKT to the MX. 2. Put an IRB inside the VPLS for the L3 routing into your inet.0 table (or whatever VRF of you choice) 3. Adjust the vpls type to "irb-only" so that it doesnt go down if no

Re: [j-nsp] Unequal bandwidth on virtual chassis ports?

As VC uses IS-IS as it's underlying protocol (last time I checked), I believe there is a metric associated with each VC link. show virtual-chassis adjacency/database/etc.. should show those metics. VC IS-IS will calculate the lowest-metric to the far-end PFE, and use that. I also recall that

Re: [j-nsp] What version of Junos is best for bgp.

This is what I always use: http://kb.juniper.net/InfoCenter/index?page=content=KB21476=RSS 14.1R7 seems to be the one that's more "current-yet-recommended". Your RE-1800X4's would benefit from the 64 bit version too... - CK. On 16 Sep 2016, at 1:34 pm, Sachin Rai

Re: [j-nsp] ACX2200 - bandwidth control at subinterfaces

You mean scheduler maps/shaping on a subinterface? Correct. EX doesn't do per-unit schedulers. If they did, nobody would buy an MX for HQoS. ;) You can do hard policers though... which is nasty. I think you can still shape per-queue (i.e. [edit class-of-service schedulers] best-effort

Re: [j-nsp] EVPN/VXLAN on QFX5100

Ahh yes, that would indeed work... the L3 lookup for the remote VTEP is independent; so inet.0 or vrf-inet.0 what-have-you. - CK. "L2oVxLANoIPoMPLS" I gotta remember that one ;) On 4 Aug 2016, at 12:13 pm, Tim Jackson wrote: > You can run VXLAN over an MPLS LSP

Re: [j-nsp] EVPN/VXLAN on QFX5100

Ahh yes, that would indeed work... the L3 lookup for the remote VTEP is independent; so inet.0 or vrf-inet.0 what-have-you. - CK. "L2oVxLANoIPoMPLS" I gotta remember that one ;) On 4 Aug 2016, at 12:13 pm, Tim Jackson wrote: > You can run VXLAN over an MPLS LSP

Re: [j-nsp] EVPN/VXLAN on QFX5100

You cannot use MPLS as the "underlay" Transport on QFX51xx. I tried the same -- you need to use VxLAN as the "transport LSP" so to speak. (Think of VXLAN remote VTEP IP address as being the outer label, and the VNI is the inner label.) There's a config guide floating around out there on the

Re: [j-nsp] EX3400 switches, QSFP+ breakout

Likely to make you buy a QFX5100/5100-48T/5100-96/xxx5048 instead. (or son-of-QFX...). Speculation thinks that JNPR wants everyone into the QFX line and out of EX; the moving you towards VCF/QF datacentre/fabric-ready/CLOS switching vs traditional switching products. Likely no technical

Re: [j-nsp] Independent /32s for Interfaces - anybody doing that?

Just to add to this On 31 May 2016, at 9:31 pm, Vincent Bernat wrote: > Unfortunately, the support vary widely accross vendors. I believe the > support is pretty good with Cisco. With Juniper, it really depends on > the equipment. The MX has pretty good support, but has

Re: [j-nsp] Monitoring a gre tunnel on an EX4200

Yeah.. not there: {master:0}[edit protocols oam] chrisk@SwitchyMcSwitchFace# set ? Possible completions: + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups > ethernet OAM configuration for

Re: [j-nsp] Sending iBGP prefixes to another iBGP neighbour

let me fix my errors: I mean tot say L3VPN not L2 ;) ___ If you put the Linux session into a VRF on the MX104, then run *L3VPN* between the MX104 and MX80, (may have to enable the independent-domain knob in the vrf), you can solve it that way too.. however the egress

Re: [j-nsp] Sending iBGP prefixes to another iBGP neighbour

If you put the Linux session into a VRF on the MX104, then run L2VPN between the MX104 and MX80, (may have to enable the independent-domain knob int he vrf), you can solve it that way too.. however the egress interface on the MX80 also needs to be in the VRF. I use this a lot for solving eBGP

Re: [j-nsp] MIB queue length Juniper

There's a JNPR MIB browser here which I have found rather helpful: http://contentapps.juniper.net/mib-explorer/navigate.jsp#object=juniperMIB=Junos%20OS=15.1R2 Can flip between versions of JunOS easily, and gives the raw OID back to you on the right. - CK. On 27 Apr 2016, at 7:18 am, David

Re: [j-nsp] MX80 base model

No. On 26 Apr 2016, at 9:34 am, Satish Patel wrote: > Also do I need to pay to run BGP? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] VPLS and IRB

Add connectivity-type irb; to the vpls {} stanza. i.e. at [edit routing-instances TEST protocols vpls] "Specifies when a VPLS connection is taken down depending on whether or not the interface for the VPLS routing instance is customer-facing or integrated routing and bridging (IRB)..." ce

Re: [j-nsp] MPLS L2VPN Cisco and Juniper

On 19 Apr 2016, at 2:26 am, Alexander Arseniev wrote: > Hello, > If You are doing the below JUNOS config on Olive, L2circuit data plane does > not work on Olive. > And it never worked on Olive, to my knowledge. > HTH > Thx > Alex +1 L2-features have never worked on

Re: [j-nsp] Cisco vs Juniper confused

On 15 Apr 2016, at 9:35 am, Satish Patel wrote: > Does Juniper SRX support BGP? In Spades. It's pretty much a full JunOS Routing Implementation (Multiprotocol BGP, OSPF, etc...); and included in the base price last time I checked. I use an 'small' SRX210 it for protocol

Re: [j-nsp] Routeserver next hop issue.

1. Do you have an import policy on the BGP session to the route server? (seeing if maybe you're overwriting protocol-next-hop -- or you may have an inherited policy at a higher level than the group/neighbour...dunno) 2. As you mentioned, What does 'show route receive-protocol bgp ' say in

Re: [j-nsp] MX960 with 3 RE's?

Used RE-S-2000 w/SCBE and JunOS 14.2 with JAM for MPC3-NG Cards. No issues. Mostly running 13.3R6 or R8 on most of our core which is dual RE-S-2000's on MX480. - CK. On 14/01/2016, at 9:11 AM, Tom Storey wrote: > On 13 January 2016 at 22:32, Mark Tinka

Re: [j-nsp] Suggestions on management of dual-RE devices

Relevant config snippet/stanzas: ## Last commit: 2015-11-24 16:03:02 EST by me version 13.3R6.5; groups { re0 { interfaces { fxp0 { unit 0 { family inet { address 172.xx.xx.1/24 {

Re: [j-nsp] Force reset of routing engine from its peer

request chassis routing-engine power-off other-routing-engine etc..etc..? (something along those lines) I recall I just did this last week on an MX480 (someone put the same fxp0 IPs on both REs..) so I shut one RE down from the other RE with some type of 'power off' command to avoid

Re: [j-nsp] jtree0 Memory full on MX480?

So the SCB itself is only responsible for the available bandwidth per slot but is not and will never be a memory limitation? Correct on all points. - CK. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net

Re: [j-nsp] jtree0 Memory full on MX480?

On 23/07/2015, at 1:30 AM, Jeff Meyers jeff.mey...@gmx.net wrote: yes, we did (at least since yesterday) although we are not really requiring more ports or bandwidth right now. If I understand that correctly, I need to upgrade to SCB2 as well? nope -- no need to go to MPC+SCB2 combo.

Re: [j-nsp] jtree0 Memory full on MX480?

I know that a ton of fixes on BGP convergence time son MX80 is definitely a reason to be 'moving up'... however as you're on RE-2000s on MX480 may not be applicable. I see you're running DPC cards, have you considered shifting those links onto an MPC/Trio Card? (newer chip, more RAM, more

Re: [j-nsp] Proper Break of MPLS RSVP Ring

Post relevant configs and an actual diagram (Visio - PDF) Without this, anything we say is pure speculation -- and we end up playing '20 questions' with you. Getting an MPLS/RSVP/LDP/IGP/BGP/Mesh/TE network setup involves multiple steps and config-knobs being turned on and turned on correctly.

Re: [j-nsp] L2Circuit Backup does not switch back to Primary

It's working as expected. L2 Circuits are (by default) non-revertive. Don't want things flipping back and forth if interfaces or paths are flapping. _ If you want it to revert automatically, do this: set protocols l2circuit neighbor 192.168.99.1 interface ge-0/0/0.0

Re: [j-nsp] Setting CoS bits on ingress frames

class-of-service { interface { ge-0/0/0 { unit 0 { forwarding0class expedited-forwarding; } } } } where ge-0/0/0 is defined as an untagged port (i.e. family inet with no vlan-id, family ethernet-switching port mode access) etc... -

Re: [j-nsp] QinQ on MX bridge-ing

-boun...@puck.nether.net] On Behalf Of Chris Kawchuk Sent: 16 April 2015 00:40 To: Robert Hass Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] QinQ on MX bridge-ing Try this set interfaces ge-2/1/2 flexible-vlan-tagging set interfaces ge-2/1/2 mtu 9192 set interfaces ge

Re: [j-nsp] QinQ on MX bridge-ing

Don't you mean 102 and 103 for the other vlans? On 16/04/2015, at 8:32 AM, Robert Hass robh...@gmail.com wrote: set bridge-domains VLAN101 domain-type bridge set bridge-domains VLAN101 vlan-id 101 set bridge-domains VLAN102 domain-type bridge set bridge-domains VLAN102 vlan-id 101 set

Re: [j-nsp] QinQ on MX bridge-ing

Try this set interfaces ge-2/1/2 flexible-vlan-tagging set interfaces ge-2/1/2 mtu 9192 set interfaces ge-2/1/2 encapsulation flexible-ethernet-services set interfaces ge-2/1/2 unit 100 encapsulation vlan-bridge set interfaces ge-2/1/2 unit 100 vlan-id 100 set interfaces ge-2/1/3

Re: [j-nsp] Aggregate policer config

Err, I thought he had unlike-speeds for interfaces? Customer Interface 1 is a VLAN on a 10G interface Customer Interface 2 is a VLAN on a 1G interface Unless he does active-passive 1+1, but dunno if JunOS supports unlike physical interface speeds. plus means direct physical connection,

Re: [j-nsp] VPLS question

interface irb.200; // VPLS 2 vrf-target target:65535:3; vrf-table-label; } } cc'ed to list to share the knowledge. - CK. On 12/03/2015, at 11:29 PM, james list jameslis...@gmail.com wrote: Il 11/mar/2015 23:09 Chris Kawchuk juniperd...@gmail.com ha scritto: Yes

Re: [j-nsp] VPLS question

Yes. - L2CKTs can be mapped into a VPLS using an LDP Mesh Group [routing-instances protocols vpls mesh-group vpls-id neighbour ] - L2VPNs can be mapped into a VPLS using stitched lt-* interfaces (interfaces lt-1/0/10.1 lt-1/0/10.2 peer unit 1 etc.. encapsulation vlan-vpls / vlan-ccc)

Re: [j-nsp] VPLS pass tagged/untagged traffic

Chris, Thanks, I just tried it and this works...guess I was making it more difficult that it needed to be. I haven't tested spanning tree through it or other layer2 control protocols but you are thinking they should pass through just like and l2vpn? Thanks again, Kevin Correct.

Re: [j-nsp] VPLS pass tagged/untagged traffic

Err, why not just something like: interfaces { ge-1/1/0 { mtu 9192; encapsulation ethernet-vpls; unit 0; } That will accept untagged, tagged, double tagged, etc... It makes the VPLS not care whats going on in

Re: [j-nsp] Comments display (annote command) via show command !!

I highly suggest always using the normal show configuration commands, as you'd also miss things like this in your lo0.0 filter: term block-ntp { from { protocol udp; ## ## Warning: statement ignored: unsupported platform (ex4550-32f)

Re: [j-nsp] Protect-re

http://www.team-cymru.org/ReadingRoom/Templates/ On 26/11/2014, at 11:48 AM, Rodrigo 1telecom rodr...@1telecom.com.br wrote: Hi folks... We have some firewall rules to protect our router... But i want to know what kind of rules you guys implement to protec re?! And what you sugest to use?!

Re: [j-nsp] IP Monitoring/Tracking (SLA) on high end SRX

How about a default 0.0.0.0/0 with a bfd-liveliness detection. We use this for conditionally routing statics every now and then. Works well assuming the next-hop supports BFD; and no dynamic routing protocol needed. - CK. On 16/08/2013, at 7:15 AM, Darren O'Connor darre...@outlook.com

Re: [j-nsp] SRX210 + AppTrack. How to analyse?

Netflow. The SRX's can do RE-Based sampling and generate Netflow v5 packets easily for secondary analysis. Same way you'd do it on an M/MX series wight he standard ops caveats. ( http://juniper.cluepon.net/index.php/Cflowd_configuration ). I've done this myself on an SRX210 at one of our

Re: [j-nsp] Vlan question MX

802.1p QoS Signalling through a Metro-E. May be a switch/switches in-between the customer CPE and the MX. No VID, No P bit. On 09/07/2013, at 8:00 AM, Tom Storey t...@snnap.net wrote: If you're plugged in to a router interface on the providers side, why is there a need to add VLAN tagging

Re: [j-nsp] LSP mapping

instal-nexthop lsp [ r7-r3 r7-r3-second-path ]; On 10/06/2013, at 11:29 PM, moki vom...@gmail.com wrote: install-nexthop lsp r7-r3; ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] M120 - Netflow/Jflow Export

RE based Sampling: http://juniper.cluepon.net/index.php/Cflowd_configuration - CK. On 06/06/2013, at 9:01 AM, Jake Jake 2012j...@gmail.com wrote: Hi All, Is it possible to export netflow/jflow from a M120 router(Junos 11.1) to an external netflow analyser on the network without a

Re: [j-nsp] EX switches - jumbo frames - vlan interface - interface range - virtual chassis

Need to set the physical master routed vlan interface to something large: interfaces { vlan { mtu 9192; /* whatever the max allowed is */ unit 10 { family inet { mtu 9000; address 10.10.10.1/24; } } That should let you send a 9k IP paacket without

Re: [j-nsp] MTU problems over VPLS

How does one send back an ICMP please-fragment-this Message when you're emulating a blue wire? No router in the middle to send back to the customer. it's an L2 service. You're transparent to them IP-wise. No IP interface anywhere inside their bridge to source a packet from. - Ck. On

Re: [j-nsp] MPLS and QoS at penultimate hop ?

*UNLESS* you use table-label in a l3vpn, then it gets re-classified after the label POP. Aha, Very true - Good ole vrf-table-label So, to Alexandre for L3VPN, just do this: class-of-service { routing-instances { all { classifiers { exp MY-CLASIFIER;

Re: [j-nsp] MPLS and QoS at penultimate hop ?

It was my understanding that the label was logically popped on Egress (in terms of how one would envision the packet flow); hence the outer label EXP bits were evaluated by the BA classifier on ingress properly. (Whether it's popped on ingress, yet evaluated prior-to-pop is a mechanics thing..)

Re: [j-nsp] netflow to Jflow

You have NTP enabled, and it's properly synced? - CK. On 2012-12-04, at 4:28 AM, Ali Sumsam ali+juniper...@eintellego.net wrote: The Experts Who The Experts Call Juniper - Cisco – Brocade - IBM ___ juniper-nsp mailing list

Re: [j-nsp] export OSPF routes as type 1

I'm trying to export some OSPF routes as type 1 external instead of the default type 2 external. I can't seem to find where it is done - I thought it would be done in the policy map but I don't see an option. policy-options { policy-statement my-ospf-export-policy { term

Re: [j-nsp] VPLS Multihoming

On 2012-11-28, at 9:36 AM, Luca Salvatore l...@ninefold.com wrote: So - my understanding is that VPLS multihoming is used to prevent layer 2 loops. How is this accomplished? Is it because the backup PE device does not forward any traffic (except for LDP stuff) and hence no loop is formed

Re: [j-nsp] VPLS Multihoming

Correct (Assuming each PE only has 1 Link to the CE Network…) Chris - Chairman of the STP is evil and should be avoided if possible Committee. =) On 2012-11-28, at 1:24 PM, Luca Salvatore l...@ninefold.com wrote: Right, this is what I thought. Thanks for the info. So this type of

Re: [j-nsp] VLAN-CCC: Protocol Connection

You cannot tie 2 different connections/LSPs to the same interface, as CCC's are purely point to point Layer-2. You are attempting to do point-to-multipoint Layer-2 ethernet, hence VPLS is the solution here. - CK. On 2012-11-25, at 10:28 AM, Saba Sumsam saba+j...@eintellego.net wrote: Hi, I

Re: [j-nsp] CCC on EX, link state propagation

BTW, I also saw in the 12.2 Release Notes that LDP-based L2CKTs are now supported on the EX4500/4550. You can maybe use an l2circut/L2CKT instead of a CCC; using martini style status-tlvs to signal end-to-end availability. ...Haven't tried this in the Lab yet. Might be worth a shot to drop the

Re: [j-nsp] Config help for basic MPLS setup

Really? Wow. ! That must be new that the EX4200 supports LDP. Which version of JunOS did they add LDP support into the 32/42 EX-series? Just tried checking the JNPR website and the data sheets. All I can find officially is RSVP/CCC support. Let me know where you spotted that. That opens up

Re: [j-nsp] Config help for basic MPLS setup

I've always had troubles using an EX4200 as a P router. The only way Ive gotten it to kinda work is to build an LSP with the endpoint having protocols { mpls { explicit-null; }}, so any EX4200 in the middle doesn't try to 'pop' the outer label if it happens to be the penultimate… although my

Re: [j-nsp] SRX NIC Teaming

However, if the teaming you want to achieve is purely for redundancy, ..This can be enforced on the Server-side (in some type of active/passive control on the server's OS), and hence you can just make the SRX's use normal access ports. Weve done this for our VMWare clusters; as well as for

Re: [j-nsp] Errors on Juniper M7i

Got LSPs and RSVP/LDP paths in inet.3? - CK. On 2012-08-27, at 11:00 PM, Frank Norman wrote: Friends, i am getting following messages on my M7i Router which are causing problem with the MPLS VPN customers. Can someone explain me how to diagnose and resolve the issue??? Junos Version

Re: [j-nsp] SRX MPLS

Err VPLS Implies Layer 2 only. Where is the VRP runninng in-between? Are you doing vlan-id inside the VPLS instance for normalization, then binding an irb.x into it? I dont think that works in SRX/J either. (l3 within VPLS). - CK. On 2012-08-23, at 6:39 PM, Johan Borch wrote: VPLS

Re: [j-nsp] SRX MPLS

. Regards Johan On Thu, Aug 23, 2012 at 11:21 AM, Chris Kawchuk juniperd...@gmail.com wrote: Err VPLS Implies Layer 2 only. Where is the VRP runninng in-between? Are you doing vlan-id inside the VPLS instance for normalization, then binding an irb.x into it? I dont think that works in SRX

Re: [j-nsp] Tricks for killing L2 loops in VPLS and STP BPDU-less situations?

Hi Clarke, We pass through BPDUs through VPLS the MX'es- but yes, miscreant users / switches will always be a problem. We do the following to every customer-facing VPLS instance, but only #3 would help you here: 1. Mac Limiting per VPLS Interface (100) (i.e per 'site') 2. Mac Limiting per

Re: [j-nsp] SSH access and not working firewall policy

One possibility - They're coming from inside your own network =) Whats the source IPs on the attempts, and what device is this (EX? MX? J? QFabric?) - CK. On 2012-08-13, at 5:07 AM, Robert Hass wrote: Hi I have Juniper running 10.4R7 with RE filter applied to lo.0 but I still see

Re: [j-nsp] Broadband Model suggestion?

Your Vendor's Sales Rep and Systems Engineer should be more than happy to help in this regard. =) - CK. On 2012-07-12, at 5:01 PM, Frank Norman wrote: Dear friends, I need suggestion for broadband network based on xDSL fiber based last miles (GPON/Metro technologies), Subscriber base

Re: [j-nsp] cable modem/dsl/ftth bandwidth limiting

Not costly at all; when you think about scaling it to 20,000/30,000 subscribers per box. BRAS's (xDSL, PPPoE, PPPoA) have massive numbers of hardware queues, and shape/queue per individual subscriber. These boxes are designed to do this. Examples: Juniper E-series, Cisco ASR-Series, Juniper

Re: [j-nsp] cable modem/dsl/ftth bandwidth limiting

Layer-2 Cable is done at a BRAS (running in DHCP mode). Layer-3 Cable Plants shape at the CMTS. Layer-2 Optical/GPON/FTTH can be done at a BRAS (if DHCP or PPP), or can be done at the head end GPON device; assuming the GPON is reasonably 'smart', and understands each subscriber and their

Re: [j-nsp] cable modem/dsl/ftth bandwidth limiting

Downstream is Shaped, Definitely. The BRAS/CMTS/etc sets up Individual Hardware Queues for each traffic class per subscriber. (Hence why those boxes have 16,000-64,000 HW queues per blade, as each sub may use 2-8 queues depending on what you sell =)..) Generally 4 prioritized queues (NC,

[j-nsp] snmp { filter-interfaces {}}; wildcard usage

Apologies, as my REGEX-fu is weak today. I'm attempting to filter off certain interface from showing up via an SNMP walk... i.e. interfaces that are internally generated which really serve no purpose outside the JunOS box itself: (lsi.*, lo0.16384, etc) I want to match any ge-x/x/x interface

Re: [j-nsp] CoS - DSCP Markings

You should be classifying on ingress. Classification is only for 'internal' treatment. Then you do rewrite on egress interface Actually, You can apply multifield classifiers either at ingress or egress. Either way works fine; unless the traffic itself is sourced from the RE (bug in MX).

Re: [j-nsp] Netflow equivalent for MX5 11.4

JunOS Routing for all intents and purposes is stateless. It doesn't cache information concerning the IP lookup (CEF-Style), hence there's no concept of a 'flow' in JunOS; so nothing per se to 'show'. (each packet is processed 'atomically', meaning JunOS doesn't remember that this next packet

Re: [j-nsp] Bridge Domain/IRB on MX80

Maybe logical tunnel into a bridge? Eg https://puck.nether.net/pipermail/juniper-nsp/2011-August/020891.html ^ Yup. I'm using this method right now to backhaul a VLAN off of an CPE generating a Martini L2CKT endpoint, stitched into an MX480 bridge-group. Works well. Caveat: You lose CoS

Re: [j-nsp] JUNOS downloads

Using a unix shell, to download software directly to a router, which itself uses a unix shell..? Sorry - That's too clever (and hence; not allowed). =) - CK. On 2012-05-22, at 9:29 AM, Richard A Steenbergen wrote: the proceed button at the bottom of the EULA acceptance is

Re: [j-nsp] Interface to be used for Trunking MPLS

On 2012-05-18, at 9:29 AM, Saba Sumsam wrote: flexible-vlan-tagging; encapsulation vlan-ccc; unit 0 { encapsulation vlan-ccc; vlan-id-range 700-800; family ccc; } unit 400 { family bridge { interface-mode trunk; vlan-id-list 400; } Cant do that. Youve told the MX that

Re: [j-nsp] EX3200 vs. EX4200 MPLS

Yup. The EX3200 is basically an EX4200 minus the VC capability (and one less PFE from what I remember for the uplink ports/expansion thingy). Same single-label RSVP-style CCC's w/Optional QoS/Pbit inspection and EXP remarking. (Kompella style). No Martini/LDP though. *Officially Requires the

Re: [j-nsp] EX3200 vs. EX4200 MPLS

I have yet to run into any limit. There probably is one, but would need to Lab it up and try to max it out. I've heard of people using EX3200/4200s as a pure MPLS CCC endpoint device (i.e. 1 LSP per physical port) as some kind of wacky olde-style M13 Mux like we used to do in the TDM days; so

Re: [j-nsp] Best practice MTU?

I usually set the interface physical MTU as high as it goes (per device), but manually set protocol inet to MTU 1500 (for things like OSPF to work). This allows for as-large-as-MTU-as-MPLS-can-do. Other address families aren't that picky about MTU matching. ge-1/0/5 { description LINK to

[j-nsp] MX/Trio traffic-control-profile burst-size (controlling microbursts)

Howdy All, I'm attempting to smooth out some traffic on an MX Gig Port on an MX80-T (Trio Card) running 11.4R2.14 (Yeah, I'm being adventurous here). The underlying Gig link is going via a carrier lease on one of those Ethernet-over-SONET jobbies on the Carrier's side; which is limited to

Re: [j-nsp] Qos on branch SRX

1. Apply the QoS schedulers/queues to the at-1/0/0 interface that has the ppp session. (Since the 'ppp' interface isn't real). Queues are generally only associated with the physical interface hardware. This is what we do for our managed xDSL connections: class-of-service { interfaces {

Re: [j-nsp] FIB size at new ACX routers

Whoa. A hardened MPLS-to-the-edge box. w/1 and 10G SFP+ Optics. Thanks Juniper! We've been waiting for a box like this for a while. Any chance of a 1RU AC powered unit? (suitable as a Business CPE for L3VPN/VPLS/E-Line services) - CK. On 2012-03-19, at 8:53 AM, Robert Hass wrote: Hi I'm

Re: [j-nsp] QOS (Network Control traffic Queue)

Here's the secret sauce you're looking for to remap NC to something else, as well as change the DSCP value of any IP packet you generate from the RE: /* Change the name of the original nc queue to Queue-3, and rename Queue-7 to 'Network-Control' */ forwarding-classes {

  1   2   >