Re: [j-nsp] Thanks for all the fish

Shall we start taking bets on what stays, and what goes? Here’s my List: Stays: PE/Edge Routing (MX/Trio) - Stays and continues development. Reasons stated already in this thread. It’s the Swiss army knife to solve $things-you-didn’t-even-know-you-needed-to-do for some future corner case, and

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory - Resolved

Indeed. Apologies to all --- I too got an update from JNPR on the "show route" vs "show routing" CLI conflict a few weeks ago in early September -- but forgot to share it here. CASE; 2023-0719-733950 Synopsis: "show route" and "show routing" operational mode CLI conflict - JunOS 21+ Root Cau

Re: [j-nsp] Q. Is anyone deploying TCP Authentication Option (TCP-AO) on their BGP peering Sessions?

FWIW -- We've asked for that feature now in any RFP/RFQs we send to the usual gang of $vendors. Thats our method to get adoption, else they get a black-mark/non-comply in the [BGP section] when it comes time to score the responses. - CK. > On 27 Sep 2023, at 10:49, Barry Greene via juniper-n

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory...

Hi Jeff I'll open it with my SE here in Australia (Mark Barrett). Will advise once complete. - CK. > On Jul 19, 2023, at 01:24, Jeff Haas via juniper-nsp > wrote: > > > Juniper Business Use Only > On 7/12/23, 12:11 PM, "Jeff Haas" > wrote: >> On 7/12/23, 11:46 AM

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory...

+1 Mark! As any good problem begs for a solution, my suggestions to JNPR are as follows, as alternative places for this command: "show route transport-class ..." (or really, is it even a routing thing? might be better w/the segment-routing or spring commands)i.e.: "show segment-routing ..." "sh

Re: [j-nsp] JunOS RPKI/ROA database in non-default routing instance, but require an eBGP import policy in inet.0 (default:default LI:RI) to reference it.

here pushes the DB the way you > need. Certain versions of JunOS are quite broken going the other way, so I've > had to enumerate all of the routing-instances that I want to be sure have a > copy of the validation DB to get them to work correctly. Maybe the other way > will work

[j-nsp] JunOS RPKI/ROA database in non-default routing instance, but require an eBGP import policy in inet.0 (default:default LI:RI) to reference it.

Hi All Been scratching my head today. As per Juniper's documentation, you can indeed setup RPKI/ROA validation session inside a routing-instance. You can also have it query against that instance on an import policy for that VRF specifically, and if there's no session, it will revert to the defa

Re: [j-nsp] vlan-tagging on ospf interface

I also suspect that the OP is running "vMX"... due to the hostname on his routers. And If he's running vMX on ESXi, using vSwitch/VMXNET3, did you actually set the underlying vSwitch to MTU=9000 and VLANID=4095, such that the hypervisor will Pass VLAN Tags? The vSwitch will not pass inbound tag

Re: [j-nsp] MX Reboot with Reason, panic:data storage interrupt trap

Im aware that the MX80's Flash can get worn out over time. Ive had to replace a few MX80s flashes with a compatible 3rd party USB/Flash to get them back up and running. (yes, voids warranty field-stripping an MX80 to get at the 2 flash modules in the rear area of the motherboard) -- but it wor

Re: [j-nsp] Appending customer ASN to BGP

routing-options { static { route xx.xx.xx.0/24 { next-hop yy.yyy.yy.yy; as-path { path 12345; origin igp; atomic-aggregate; } } } } Where: - xx.xx.xx.0/24 is their block - yy.yy.yy.yy is the

Re: [j-nsp] SRX100H

SRX100H is EOL. They don't even list the software for it anymore on that main "recommended versions" page anymore as of this month. >From memory, the max version you can load is JunOS 12.1X46-something due to >the lower memory versus the H2 variant. If you can find the H2 variant, you can use Ju

Re: [j-nsp] MX960 vs MX10K

Only question is if it needs stateful-ness or not (IPSEC, CGNAT etc...), but only the OP can answer that. - CK. > On 5 Mar 2020, at 2:39 pm, Mark Tinka wrote: > > > > On 5/Mar/20 05:32, Chris Kawchuk wrote: > >> Just to chime in --- for scale-out, wouldn't y

Re: [j-nsp] MX960 vs MX10K

Just to chime in --- for scale-out, wouldn't you be better offloading those MS-MPC functions to another box? (i.e. VM/Dedicated Appliance/etc..?). You burn slots for the MSMPC plus you burn the backplane crossing twice; so it's at worst a neutral proposition to externalise it and add low-cost no

Re: [j-nsp] QFX10K port shaping

Assuming all your traffic is BE, (which is how I generally setup all my QFXes and ensure I never oversubscribe) and after adjusting all the ingress and egress shared-buffers from the defaults, (and just go down to a few HQ queues), you can create a scheduler with a shaper on the BE queue, + sche

Re: [j-nsp] arp from correct IP address

Ran into the same bug. $junos-preffered-source-address for an unnumbered for BNG functions does NOT return the "closest/must suitable address" based on the IP+Subnet that was given the subscriber... contrary to the BNG template doucmentation. It just defaults the actual loopback of the router.

Re: [j-nsp] trying to add double tagged interface and getting errors

Remove the pop-pop and push-push statements against unit xe-0/1/1.300. JunOS will auto magically "remove" and "add" the VLAN tags to the VPLS attachment circuit; since you have declared "vlan-id none" in the VPLS definition. (no tags) It's basically saying "don't try to do manual vlan tag manip

Re: [j-nsp] VLAN in SNMP Interface Table

Using the basic SNMP IfMib for per-vlan stats on a switching interface: EX - No. Just per-port stats. QFX - You can declare a sub-unit but per-vlan, but the unit's counters dont increase MX - Yes, per sub-unit stats, but you need to declare the units as encapsulation vlan-bridge and manually de

Re: [j-nsp] Ex8208 TRAP

Your dates are all over the place May 19, then Jun 14, then back to May 19th... Your SFP lost optics. Low power. So.. what have you done to troubleshoot this w/your optical carrier or fibre provider, besides post on j-nsp? - CK. On 20 May 2018, at 3:44 pm, Mohammed Abu Sultan wrote: >

Re: [j-nsp] MX204

Here's my setup FWIW: (same as Mark's last example), broken out by MIC for clarity. MIC 0: 100G, 100G, 4x10G, 4x10G, MIC1: 8x10G On 15 May 2018, at 9:53 am, Eric Krichbaum wrote: > 3x 40G + 8x 10G > > -Original Message- > From: juniper-nsp On Behalf Of Mark > Tinka > Sent: Monday,

Re: [j-nsp] MX204

Testing 2 x MX204's in the JNPR Lab at the moment. Have 1 on order and 5 more to come. - CK. On 15 May 2018, at 3:41 am, Bill Blackford wrote: > Anyone using MX204? > > Thoughts? > > Benefits / Drawbacks? > > Thank you in advance. > > B > > ___

Re: [j-nsp] Juniper UDP Amplification Attack - UDP port 111 ?

Hey Pierre, Yep Agreed -- this goes back to Saku Ytti's et al's discussion ([j-nsp] DDoS to core interface - mitigation) a few weeks back re: IP block used just for infrastructure...and either filter it, rate-limit it, or simply don't announce it. Sage advice. Note that this was a lab-box on my

Re: [j-nsp] Juniper UDP Amplification Attack - UDP port 111 ?

ff-and-deny-all-else" logic as I should have done in the first place. =P ...thats what happens when you do things in a rush. - CK. On 16 Mar 2018, at 1:06 pm, Roland Dobbins wrote: > > On 16 Mar 2018, at 8:59, Chris Kawchuk wrote: > >> Just a heads up; I

[j-nsp] Juniper UDP Amplification Attack - UDP port 111 ?

Just noticed this today: chr...@vmx1.mel-lab1> monitor traffic interface xe-0/0/0 no-resolve size 1500 matching "not port 22" verbose output suppressed, use or for full protocol decode Address resolution is OFF. Listening on ge-0/0/0, capture size 1500 bytes 01:50:20.710920 In IP 207.174.181

Re: [j-nsp] Stiching L2 to L3 on MX480

Correct. With the LT- method you'd have the same problem. You'd have to stitch every L2CKT to an LT-0/0/0.x then from LT-0/0/0.y (it's partner) to the L3VPN; so lots of config there too. Likewise, LT- interfaces are bandwidth-constrained (as they use PFE bandwidth to send the packet through the

Re: [j-nsp] Stiching L2 to L3 on MX480

1. Use VPLS and add a LDP "Mesh-group" to it -- this extends the L2CKT from the ACX via standard Martini/L2CKT to the MX. 2. Put an IRB inside the VPLS for the L3 routing into your inet.0 table (or whatever VRF of you choice) 3. Adjust the vpls type to "irb-only" so that it doesnt go down if no C

Re: [j-nsp] Unequal bandwidth on virtual chassis ports?

As VC uses IS-IS as it's underlying protocol (last time I checked), I believe there is a metric associated with each VC link. show virtual-chassis adjacency/database/etc.. should show those metics. VC IS-IS will calculate the lowest-metric to the far-end PFE, and use that. I also recall that it

Re: [j-nsp] What version of Junos is best for bgp.

This is what I always use: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21476&actp=RSS 14.1R7 seems to be the one that's more "current-yet-recommended". Your RE-1800X4's would benefit from the 64 bit version too... - CK. On 16 Sep 2016, at 1:34 pm, Sachin Rai wrote: > If you do

Re: [j-nsp] ACX2200 - bandwidth control at subinterfaces

You mean scheduler maps/shaping on a subinterface? Correct. EX doesn't do per-unit schedulers. If they did, nobody would buy an MX for HQoS. ;) You can do hard policers though... which is nasty. I think you can still shape per-queue (i.e. [edit class-of-service schedulers] best-effort shaping

Re: [j-nsp] EVPN/VXLAN on QFX5100

Ahh yes, that would indeed work... the L3 lookup for the remote VTEP is independent; so inet.0 or vrf-inet.0 what-have-you. - CK. "L2oVxLANoIPoMPLS" I gotta remember that one ;) On 4 Aug 2016, at 12:13 pm, Tim Jackson wrote: > You can run VXLAN over an MPLS LSP on QFX5100 just fine.. As

Re: [j-nsp] EVPN/VXLAN on QFX5100

Ahh yes, that would indeed work... the L3 lookup for the remote VTEP is independent; so inet.0 or vrf-inet.0 what-have-you. - CK. "L2oVxLANoIPoMPLS" I gotta remember that one ;) On 4 Aug 2016, at 12:13 pm, Tim Jackson wrote: > You can run VXLAN over an MPLS LSP on QFX5100 just fine.. A

Re: [j-nsp] EVPN/VXLAN on QFX5100

You cannot use MPLS as the "underlay" Transport on QFX51xx. I tried the same -- you need to use VxLAN as the "transport LSP" so to speak. (Think of VXLAN remote VTEP IP address as being the outer label, and the VNI is the inner label.) There's a config guide floating around out there on the JNP

Re: [j-nsp] EX3400 switches, QSFP+ breakout

Likely to make you buy a QFX5100/5100-48T/5100-96/xxx5048 instead. (or son-of-QFX...). Speculation thinks that JNPR wants everyone into the QFX line and out of EX; the moving you towards VCF/QF datacentre/fabric-ready/CLOS switching vs traditional switching products. Likely no technical reason

Re: [j-nsp] Independent /32s for Interfaces - anybody doing that?

Just to add to this On 31 May 2016, at 9:31 pm, Vincent Bernat wrote: > Unfortunately, the support vary widely accross vendors. I believe the > support is pretty good with Cisco. With Juniper, it really depends on > the equipment. The MX has pretty good support, but has some limitations > (f

Re: [j-nsp] Monitoring a gre tunnel on an EX4200

Yeah.. not there: {master:0}[edit protocols oam] chrisk@SwitchyMcSwitchFace# set ? Possible completions: + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups > ethernet OAM configuration for Eth

Re: [j-nsp] B-RAS services

vMX Supporting HQoS Yet? That feature will be key for Subscriber management / bandwidth enforcement of subscriber plans. I know -Q and -EQ definitely supporting it form day 1 in HW; bit haven't had luck with vMX yet. (vMX still lacking feature parity last time I checked... especially 'services'

Re: [j-nsp] Sending iBGP prefixes to another iBGP neighbour

let me fix my errors: I mean tot say L3VPN not L2 ;) ___ If you put the Linux session into a VRF on the MX104, then run *L3VPN* between the MX104 and MX80, (may have to enable the independent-domain knob in the vrf), you can solve it that way too.. however the egress i

Re: [j-nsp] Sending iBGP prefixes to another iBGP neighbour

If you put the Linux session into a VRF on the MX104, then run L2VPN between the MX104 and MX80, (may have to enable the independent-domain knob int he vrf), you can solve it that way too.. however the egress interface on the MX80 also needs to be in the VRF. I use this a lot for solving eBGP

Re: [j-nsp] MIB queue length Juniper

There's a JNPR MIB browser here which I have found rather helpful: http://contentapps.juniper.net/mib-explorer/navigate.jsp#object=juniperMIB&product=Junos%20OS&release=15.1R2 Can flip between versions of JunOS easily, and gives the raw OID back to you on the right. - CK. On 27 Apr 2016, at 7

Re: [j-nsp] MX80 base model

No. On 26 Apr 2016, at 9:34 am, Satish Patel wrote: > Also do I need to pay to run BGP? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] VPLS and IRB

Add connectivity-type irb; to the vpls {} stanza. i.e. at [edit routing-instances TEST protocols vpls] "Specifies when a VPLS connection is taken down depending on whether or not the interface for the VPLS routing instance is customer-facing or integrated routing and bridging (IRB)..." ce (de

Re: [j-nsp] MPLS L2VPN Cisco and Juniper

On 19 Apr 2016, at 2:26 am, Alexander Arseniev wrote: > Hello, > If You are doing the below JUNOS config on Olive, L2circuit data plane does > not work on Olive. > And it never worked on Olive, to my knowledge. > HTH > Thx > Alex +1 L2-features have never worked on Olive from my experience a

Re: [j-nsp] Cisco vs Juniper confused

On 15 Apr 2016, at 9:35 am, Satish Patel wrote: > Does Juniper SRX support BGP? In Spades. It's pretty much a full JunOS Routing Implementation (Multiprotocol BGP, OSPF, etc...); and included in the base price last time I checked. I use an 'small' SRX210 it for protocol testing vs other Vendo

Re: [j-nsp] Routeserver next hop issue.

1. Do you have an import policy on the BGP session to the route server? (seeing if maybe you're overwriting protocol-next-hop -- or you may have an inherited policy at a higher level than the group/neighbour...dunno) 2. As you mentioned, What does 'show route receive-protocol bgp ' say in term

Re: [j-nsp] MX960 with 3 RE's?

Used RE-S-2000 w/SCBE and JunOS 14.2 with JAM for MPC3-NG Cards. No issues. Mostly running 13.3R6 or R8 on most of our core which is dual RE-S-2000's on MX480. - CK. On 14/01/2016, at 9:11 AM, Tom Storey wrote: > On 13 January 2016 at 22:32, Mark Tinka wrote: >> A more current RE means you

Re: [j-nsp] Suggestions on management of dual-RE devices

Relevant config snippet/stanzas: ## Last commit: 2015-11-24 16:03:02 EST by me version 13.3R6.5; groups { re0 { interfaces { fxp0 { unit 0 { family inet { address 172.xx.xx.1/24 { master

Re: [j-nsp] Force reset of routing engine from its peer

request chassis routing-engine power-off other-routing-engine etc..etc..? (something along those lines) I recall I just did this last week on an MX480 (someone put the same fxp0 IPs on both REs..) so I shut one RE down from the other RE with some type of 'power off' command to avoid ip-to-m

Re: [j-nsp] jtree0 Memory full on MX480?

> So the SCB itself is only responsible for the available bandwidth per slot > but is not and will never be a memory limitation? Correct on all points. - CK. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/lis

Re: [j-nsp] jtree0 Memory full on MX480?

On 23/07/2015, at 1:30 AM, Jeff Meyers wrote: > yes, we did (at least since yesterday) although we are not really requiring > more ports or bandwidth right now. If I understand that correctly, I need to > upgrade to SCB2 as well? nope -- no need to go to MPC+SCB2 combo. original SCBs work f

Re: [j-nsp] jtree0 Memory full on MX480?

I know that a ton of fixes on BGP convergence time son MX80 is definitely a reason to be 'moving up'... however as you're on RE-2000s on MX480 may not be applicable. I see you're running DPC cards, have you considered shifting those links onto an MPC/Trio Card? (newer chip, more RAM, more horse

Re: [j-nsp] Proper Break of MPLS RSVP Ring

Post relevant configs and an actual diagram (Visio -> PDF) Without this, anything we say is pure speculation -- and we end up playing '20 questions' with you. Getting an MPLS/RSVP/LDP/IGP/BGP/Mesh/TE network setup involves multiple steps and config-knobs being turned on and turned on correctly.

Re: [j-nsp] L2Circuit Backup does not switch back to Primary

It's working as expected. L2 Circuits are (by default) non-revertive. Don't want things flipping back and forth if interfaces or paths are flapping. _ If you want it to revert automatically, do this: set protocols l2circuit neighbor 192.168.99.1 interface ge-0/0/0.0 revert-time

Re: [j-nsp] Setting CoS bits on ingress frames

class-of-service { interface { ge-0/0/0 { unit 0 { forwarding0class expedited-forwarding; } } } } where ge-0/0/0 is defined as an untagged port (i.e. family inet with no vlan-id, family ethernet-switching port mode access) etc... -

Re: [j-nsp] QinQ on MX bridge-ing

> adam > > -Original Message- > > From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf > > Of Chris Kawchuk > > Sent: 16 April 2015 00:40 > > To: Robert Hass > > Cc: juniper-nsp@puck.nether.net > > Subject: Re: [j-nsp] QinQ

Re: [j-nsp] QinQ on MX bridge-ing

Try this set interfaces ge-2/1/2 flexible-vlan-tagging set interfaces ge-2/1/2 mtu 9192 set interfaces ge-2/1/2 encapsulation flexible-ethernet-services set interfaces ge-2/1/2 unit 100 encapsulation vlan-bridge set interfaces ge-2/1/2 unit 100 vlan-id 100 set interfaces ge-2/1/3 flexible-vlan-ta

Re: [j-nsp] QinQ on MX bridge-ing

Don't you mean 102 and 103 for the other vlans? On 16/04/2015, at 8:32 AM, Robert Hass wrote: > set bridge-domains VLAN101 domain-type bridge > set bridge-domains VLAN101 vlan-id 101 > set bridge-domains VLAN102 domain-type bridge > set bridge-domains VLAN102 vlan-id 101 > set bridge-domains V

Re: [j-nsp] Aggregate policer config

Err, I thought he had unlike-speeds for interfaces? > > Customer Interface 1 is a VLAN on a 10G interface > Customer Interface 2 is a VLAN on a 1G interface Unless he does active-passive 1+1, but dunno if JunOS supports unlike physical interface speeds. plus means direct physical connection, i

Re: [j-nsp] VPLS question

instance-type vrf; interface irb.100; // VPLS 1 interface irb.200; // VPLS 2 vrf-target target:65535:3; vrf-table-label; } } cc'ed to list to share the knowledge. - CK. On 12/03/2015, at 11:29 PM, james list wrote: > > Il 11/mar/2015 23:09

Re: [j-nsp] VPLS question

Yes. - L2CKTs can be mapped into a VPLS using an LDP Mesh Group [routing-instances protocols vpls mesh-group vpls-id neighbour ] - L2VPNs can be mapped into a VPLS using stitched lt-* interfaces (interfaces lt-1/0/10.1 <> lt-1/0/10.2 peer unit 1 etc.. encapsulation vlan-vpls / vlan-ccc)

Re: [j-nsp] VPLS pass tagged/untagged traffic

> Chris, > > Thanks, I just tried it and this works...guess I was making it more difficult > that it needed to be. I haven't tested spanning tree through it or other > layer2 control protocols but you are thinking they should pass through just > like and l2vpn? > > Thanks again, > > Kevin

Re: [j-nsp] VPLS pass tagged/untagged traffic

Err, why not just something like: interfaces { ge-1/1/0 { mtu 9192; encapsulation ethernet-vpls; unit 0; } That will accept untagged, tagged, double tagged, etc... It makes the VPLS "not care" whats going on in

Re: [j-nsp] Comments display (annote command) via show command !!

I highly suggest always using the normal "show configuration" commands, as you'd also miss things like this in your lo0.0 filter: term block-ntp { from { protocol udp; ## ## Warning: statement ignored: unsupported platform (ex4550-32f)

Re: [j-nsp] Protect-re

http://www.team-cymru.org/ReadingRoom/Templates/ On 26/11/2014, at 11:48 AM, Rodrigo 1telecom wrote: > Hi folks... We have some firewall rules to protect our router... But i want > to know what kind of rules you guys implement to protec re?! And what you > sugest to use?!

Re: [j-nsp] LACP/LAG

I sometimes use LACP as well as a "poor man's BFD"; in the case of "the lights are on, but nobody's home" syndrome. aka a situation where the physical link(s) may be up, but the control plane functions are dead at the far end. Without LACP control packets, you may inadvertently start trying to

Re: [j-nsp] IP Monitoring/Tracking (SLA) on high end SRX

How about a default 0.0.0.0/0 with a bfd-liveliness detection. We use this for conditionally routing statics every now and then. Works well assuming the next-hop supports BFD; and no dynamic routing protocol needed. - CK. On 16/08/2013, at 7:15 AM, Darren O'Connor wrote: > You could run VR

Re: [j-nsp] SRX210 + AppTrack. How to analyse?

Netflow. The SRX's can do RE-Based sampling and generate Netflow v5 packets easily for secondary analysis. Same way you'd do it on an M/MX series wight he standard ops caveats. ( http://juniper.cluepon.net/index.php/Cflowd_configuration ). I've done this myself on an SRX210 at one of our office

Re: [j-nsp] Firewall filter -EX4500

And you can omit the "source-address" (i.e. it ignores the source IP now) and it matches all source IP traffic. from { destination-prefix-list { F5Traffic-IP; } then { accept; } On 09/07/2013, at 11:22 PM, Andy Litzinger wrote: > I think your source ip range netmask should be /0,

Re: [j-nsp] Vlan question MX

802.1p QoS Signalling through a Metro-E. May be a switch/switches in-between the customer CPE and the MX. No VID, No P bit. On 09/07/2013, at 8:00 AM, Tom Storey wrote: > If you're plugged in to a router interface on the providers side, why is > there a need to add VLAN tagging on top? Simila

Re: [j-nsp] LSP mapping

instal-nexthop lsp [ r7-r3 r7-r3-second-path ]; On 10/06/2013, at 11:29 PM, moki wrote: > install-nexthop lsp r7-r3; ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] M120 - Netflow/Jflow Export

RE based Sampling: http://juniper.cluepon.net/index.php/Cflowd_configuration - CK. On 06/06/2013, at 9:01 AM, Jake Jake <2012j...@gmail.com> wrote: > Hi All, > > Is it possible to export netflow/jflow from a M120 router(Junos 11.1) to an > external netflow analyser on the network without a Mul

Re: [j-nsp] EX switches - jumbo frames - vlan interface - interface range - virtual chassis

Need to set the "physical" master routed vlan interface to something large: interfaces { vlan { mtu 9192; /* whatever the max allowed is */ unit 10 { family inet { mtu 9000; address 10.10.10.1/24; } } That should let you send a 9k IP paacket without fragme

Re: [j-nsp] MTU problems over VPLS

How does one send back an ICMP please-fragment-this Message when you're emulating a blue wire? No router in the middle to send back to the customer. it's an L2 service. You're transparent to them IP-wise. No IP interface anywhere inside their bridge to source a packet from. - Ck. On 2013-02-

Re: [j-nsp] MPLS and QoS at penultimate hop ?

> *UNLESS* you use table-label in a l3vpn, then it gets re-classified after the > label POP. Aha, Very true - Good ole vrf-table-label So, to Alexandre for L3VPN, just do this: class-of-service { routing-instances { all { classifiers { exp MY-CLASIFIER;

Re: [j-nsp] MPLS and QoS at penultimate hop ?

It was my understanding that the label was "logically" popped on Egress (in terms of how one would envision the packet flow); hence the outer label EXP bits were evaluated by the BA classifier on ingress properly. (Whether it's popped on ingress, yet evaluated prior-to-pop is a mechanics thing..

Re: [j-nsp] QoS - to share a network control queue or not?

We use '6' for "customer network control". Customers giving us a 6 or a 7, we place into this queue. i.e. We never allow and end-user to place any of his/her traffic into queue 7 (which is 'our' NC queue - and has higher priority than '6' in our implementation) We police/mark/identify on ingre

Re: [j-nsp] netflow to Jflow

You have NTP enabled, and it's properly synced? - CK. On 2012-12-04, at 4:28 AM, Ali Sumsam wrote: > The Experts Who The Experts Call > Juniper - Cisco – Brocade - IBM ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/

Re: [j-nsp] export OSPF routes as type 1

> I'm trying to export some OSPF routes as type 1 external instead of the > default type 2 external. > I can't seem to find where it is done - I thought it would be done in the > policy map but I don't see an option. policy-options { policy-statement my-ospf-export-policy { term sta

Re: [j-nsp] VPLS Multihoming

Correct (Assuming each PE only has 1 Link to the CE Network…) Chris - Chairman of the "STP is evil and should be avoided if possible" Committee. =) On 2012-11-28, at 1:24 PM, Luca Salvatore wrote: > Right, this is what I thought. Thanks for the info. > So this type of configuration means tha

Re: [j-nsp] VPLS Multihoming

On 2012-11-28, at 9:36 AM, Luca Salvatore wrote: > So - my understanding is that VPLS multihoming is used to prevent layer 2 > loops. How is this accomplished? > Is it because the backup PE device does not forward any traffic (except for > LDP stuff) and hence no loop is formed since backup P

Re: [j-nsp] VLAN-CCC: Protocol Connection

You cannot tie 2 different connections/LSPs to the same interface, as CCC's are purely point to point Layer-2. You are attempting to do point-to-multipoint Layer-2 ethernet, hence VPLS is the solution here. - CK. On 2012-11-25, at 10:28 AM, Saba Sumsam wrote: > Hi, > I came across this post

Re: [j-nsp] CCC on EX, link state propagation

BTW, I also saw in the 12.2 Release Notes that LDP-based L2CKTs are now supported on the EX4500/4550. You can maybe use an l2circut/L2CKT instead of a CCC; using martini style status-tlvs to signal end-to-end availability. ...Haven't tried this in the Lab yet. Might be worth a shot to drop the

Re: [j-nsp] Config help for basic MPLS setup

Really? Wow. ! That must be new that the EX4200 supports LDP. Which version of JunOS did they add LDP support into the 32/42 EX-series? Just tried checking the JNPR website and the data sheets. All I can find officially is RSVP/CCC support. Let me know where you spotted that. That opens up an

Re: [j-nsp] Config help for basic MPLS setup

I've always had troubles using an EX4200 as a "P" router. The only way Ive gotten it to "kinda" work is to build an LSP with the endpoint having protocols { mpls { explicit-null; }}, so any EX4200 in the middle doesn't try to 'pop' the outer label if it happens to be the penultimate… although m

Re: [j-nsp] SRX NIC Teaming

However, if the "teaming" you want to achieve is purely for redundancy, ..This can be enforced on the Server-side (in some type of active/passive control on the server's OS), and hence you can just make the SRX's use normal access ports. Weve done this for our VMWare clusters; as well as for i

Re: [j-nsp] Errors on Juniper M7i

Got LSPs and RSVP/LDP paths in inet.3? - CK. On 2012-08-27, at 11:00 PM, Frank Norman wrote: > Friends, > > i am getting following messages on my M7i Router which are causing problem > with the MPLS VPN customers. Can someone explain me how to diagnose and > resolve the issue??? > > Junos Ve

Re: [j-nsp] SRX & MPLS

ffect this setup. > > Regards > Johan > > On Thu, Aug 23, 2012 at 11:21 AM, Chris Kawchuk wrote: > Err VPLS Implies Layer 2 only. > > Where is the VRP runninng in-between? Are you doing "vlan-id" inside the VPLS > instance for normalization, then binding a

Re: [j-nsp] SRX & MPLS

Err VPLS Implies Layer 2 only. Where is the VRP runninng in-between? Are you doing "vlan-id" inside the VPLS instance for normalization, then binding an irb.x into it? I dont think that works in SRX/J either. (l3 within VPLS). - CK. On 2012-08-23, at 6:39 PM, Johan Borch wrote: > "VPLS multi

Re: [j-nsp] Tricks for killing L2 loops in VPLS and STP "BPDU-less" situations?

Hi Clarke, We pass through BPDUs through VPLS the MX'es- but yes, miscreant users / switches will always be a problem. We do the following to every customer-facing VPLS instance, but only #3 would help you here: 1. Mac Limiting per VPLS Interface (100) (i.e per 'site') 2. Mac Limiting per VPLS

Re: [j-nsp] SSH access and not working firewall policy

One possibility - They're coming from inside your own network =) Whats the source IPs on the attempts, and what device is this (EX? MX? J? QFabric?) - CK. On 2012-08-13, at 5:07 AM, Robert Hass wrote: > Hi > > I have Juniper running 10.4R7 with RE filter applied to lo.0 but I > still see brut

Re: [j-nsp] VLAN into a VPLS instance

Use an LT to crones-connect the bridge-domain with the vlan access interfaces (which you do a push-vlan-tag on ingress), and stitch the LT into the VPLS instance. I was going to say "sure, put the access ports into a VPLS and do a vlan-push on ingress; and a pop on egress" but yes, that raises

Re: [j-nsp] Broadband Model suggestion?

Your Vendor's Sales Rep and Systems Engineer should be more than happy to help in this regard. =) - CK. On 2012-07-12, at 5:01 PM, Frank Norman wrote: > Dear friends, > > I need suggestion for broadband network based on xDSL & fiber based last > miles (GPON/Metro technologies), Subscriber base

[j-nsp] snmp { filter-interfaces {}}; wildcard usage

Apologies, as my REGEX-fu is weak today. I'm attempting to filter off certain interface from showing up via an SNMP walk... i.e. interfaces that are internally generated which really serve no purpose outside the JunOS box itself: (lsi.*, lo0.16384, etc) I want to match any ge-x/x/x interface th

Re: [j-nsp] cable modem/dsl/ftth bandwidth limiting

Downstream is Shaped, Definitely. The BRAS/CMTS/etc sets up Individual Hardware Queues for each traffic class per subscriber. (Hence why those boxes have 16,000-64,000 HW queues per blade, as each sub may use 2-8 queues depending on what you sell =)..) Generally 4 prioritized queues (NC, VoIP,

Re: [j-nsp] cable modem/dsl/ftth bandwidth limiting

Layer-2 Cable is done at a BRAS (running in DHCP mode). Layer-3 Cable Plants shape at the CMTS. Layer-2 Optical/GPON/FTTH can be done at a BRAS (if DHCP or PPP), or can be done at the head end GPON device; assuming the GPON is reasonably 'smart', and understands each subscriber and their associ

Re: [j-nsp] cable modem/dsl/ftth bandwidth limiting

Not costly at all; when you think about scaling it to 20,000/30,000 subscribers per box. BRAS's (xDSL, PPPoE, PPPoA) have massive numbers of hardware queues, and shape/queue per individual subscriber. These boxes are designed to do this. Examples: Juniper E-series, Cisco ASR-Series, Juniper MX-

Re: [j-nsp] Netflow equivalent for MX5 11.4

JunOS Routing for all intents and purposes is stateless. It doesn't cache information concerning the IP lookup (CEF-Style), hence there's no concept of a 'flow' in JunOS; so nothing per se to 'show'. (each packet is processed 'atomically', meaning JunOS doesn't remember that this next packet be

Re: [j-nsp] CoS - DSCP Markings

On the off chance, are you trying to verify your dscp markings by doing a port-mirror on the same device? (i.e. mirror the output of ae1 to another output port, and doing a wireshark on it?) I discovered the hard way that a rewrite happens *after* the port mirror; so your mirrored port is showi

Re: [j-nsp] CoS - DSCP Markings

> You should be classifying on ingress. > Classification is only for 'internal' treatment. Then you do rewrite on > egress interface Actually, You can apply multifield classifiers either at ingress or egress. Either way works fine; unless the traffic itself is sourced from the RE (bug in MX).

Re: [j-nsp] Bridge Domain/IRB on MX80

> Maybe logical tunnel into a bridge? Eg > https://puck.nether.net/pipermail/juniper-nsp/2011-August/020891.html ^ Yup. I'm using this method right now to backhaul a VLAN off of an CPE generating a Martini L2CKT endpoint, stitched into an MX480 bridge-group. Works well. Caveat: You lose Co

Re: [j-nsp] JUNOS downloads

Using a unix shell, to download software directly to a router, which itself uses a unix shell..? Sorry - That's too clever (and hence; not allowed). =) - CK. On 2012-05-22, at 9:29 AM, Richard A Steenbergen wrote: > the "proceed" button at the bottom of the > EULA acceptance is non-fun

Re: [j-nsp] Interface to be used for Trunking & MPLS

On 2012-05-18, at 9:29 AM, Saba Sumsam wrote: flexible-vlan-tagging; encapsulation vlan-ccc; unit 0 { encapsulation vlan-ccc; vlan-id-range 700-800; family ccc; } unit 400 { family bridge { interface-mode trunk; vlan-id-list 400; } Cant do that. Youve told the MX that t

  1   2   >