On Wed, Dec 13, 2023 at 03:58:00PM +, Jackson, William via juniper-nsp
wrote:
> We have had to send to the clients via DHCP a set of /32 host routes to
> circumvent this problem.
If you are able to configure the clients with /32 routes via DHCP, why
don't you just configure the clients with
On Wed, Oct 25, 2023 at 03:12:29PM +0200, Mark Tinka via juniper-nsp wrote:
> On 10/25/23 10:57, Sebastian Wiesinger via juniper-nsp wrote:
> > Yeah it depends. Our MX204 also needed licenses for subscriber
> > managment. Some options would produce a license warning and some other
> > stuff just fa
Not sure, but if there is a way, it might be configured under "set chassis pic
...", perhaps something like this:
sst chassis pic fpc-slot 0 pic-slot 1 port 0 speed 10g
On Mon, Feb 13, 2023 at 09:23:10AM -0600, Chris Adams via juniper-nsp wrote:
> I have an old Juniper EX4500 (working on replac
On Fri, Oct 14, 2022 at 01:50:55PM -0400, Jonathen Landis wrote:
> On Thu, Oct 13, 2022 at 9:59 AM Saku Ytti via juniper-nsp
> wrote:
> > I lost a fight with JTAC about whether the TCAM exhausting filter
> should be a commit failure or not.
>
> In lieu of failing the commit, would it make sense
>
> Is this filter you created? What are the terms you expect it to have?
> Single term to accept ether-type 0x8100? What actions? What is the
> bind point?
>
>
>
> On Wed, 12 Oct 2022 at 21:36, Chuck Anderson wrote:
> >
> > On Wed, Oct 12, 2022 at 08:40
ries available: 512
+ Total TCAM entries needed : 1
+ Term Expansion:
- Term1: will expand to 1 term : Name "cos-cl-624-5-1"
+ Term TCAM entry requirements:
- Term1: needs 1 TCAM entry : Name "cos-cl-624-5-1"
+ Total TCAM entries available: 512
Has anyone seen these errors and know what the cause is?
Oct 11 21:41:02 ex4300-48mp fpc0 DFWE ERROR DFW: Filter : "pfe-cos-cl-624-5-1"
is NOT programmed in HW
Oct 11 21:41:02 ex4300-48mp fpc0 DFWE ERROR DFW: Filter : "pfe-cos-cl-626-5-1"
is NOT programmed in HW
Oct 11 21:41:02 ex4300-48mp fp
Did you try creating a static ARP entry for the port mirroring destination?
interfaces {
xe-0/0/4:2 {
vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 3124 {
description "mirror test";
vlan-id 3124;
famil
Why would you want DHCP snooping or dot1x on a campus core router? Those
functions are typically implemented at the access layer switches connected
directly to end users.
On Fri, Sep 16, 2022 at 03:11:22PM -0400, Jason Healy via juniper-nsp wrote:
> We're a small school campus that's been runnin
On Sat, Sep 17, 2022 at 06:21:51PM -0400, Jared Mauch via juniper-nsp wrote:
> Anyone else see their RPD start to core today? Seeing something weird,
> unclear if it’s local to my network or otherwise but two devices at the same
> time seem to be having trouble, so puzzling.
>
> Running 20.4R3.
"show configuration | display set" is missing some aspects of the
configuration, namely annotations (comments). What else is it
missing? Would Juniper please consider making the entire
configuration representable in set-style format, including
annotations?
It is handy for example to annotate pre
I recommend you do not use VC at all, and instead use ESI-LAG for the
server-facing links.
On Mon, Oct 04, 2021 at 11:43:23AM +, Giovanni Bellac via juniper-nsp wrote:
> Date: Mon, 4 Oct 2021 11:43:23 + (UTC)
> From: Giovanni Bellac
> To: "juniper-nsp@puck.nether.net"
> Subject: QFX VC
On Wed, Sep 01, 2021 at 09:44:08AM -0700, Mike via juniper-nsp wrote:
> "Unified ISSU is supported with Junos OS Release 17.4R1 for MX Series
> routers with MPC-3D-16XGE-SFPP"
>
> my expectations were that the card would stay online and there
> would be little to no operational impact, but
I've done this with perl scripts and the Juniper NETCONF libraries. I
make the changes inside a configuration group which is inherited into
the actual prefix-list(s), then lock down the account so it is only
able to make changes to that configuration group.
groups {
AUTO-PREFIX-LIST {
In my experience 17.3R3-Sx also works with RE-2000, original SCB-MX,
and MPC line cards, although I don't know about support for DPC cards.
On Fri, Jul 16, 2021 at 10:57:19AM -0400, Alain Hebert via juniper-nsp wrote:
> Boot using a USB key and the proper image.
>
> junos-install-me
On Fri, Apr 30, 2021 at 09:21:13PM +, Ross Halliday wrote:
> Do FS QSFP+ breakout DACs and AOCs work on this platform? Is there some magic
> sauce firmware I'm too daft to find?
>
> (I've talked to JTAC, of course they blame the third-party transceiver)
Did you try disabling auto-negotiation
On Fri, Apr 23, 2021 at 01:23:32PM +, Matthew Crocker wrote:
> The SRX devices are limited to an MTU of 1600 due to the TLS carrier they are
> using to connect back to the QFX.
>
> I need to support 9K frames from one ACX to another over this network. The
> QFX is configured for MTU of 91
I've used SFP+ DACs on MX, EX and QFX without problems. I have not tried QSFP
DACs on MX, but they work on EX/QFX.
On Fri, Jun 12, 2020 at 01:39:11PM -0500, Chris Adams wrote:
> Is anybody using DAC cables on MX routers? We have a customer with an
> MX10003 connected to EX4600 switches with 40G
On Fri, Jun 12, 2020 at 08:44:48AM +0300, Matti Saarinen wrote:
> Chuck Anderson wrote:
>
> > On Thu, Jun 11, 2020 at 08:40:23AM +0300, Matti Saarinen wrote:
> >> We have a setup where one set of DHCP servers deliver IP configuration
> >> to clients and another s
On Thu, Jun 11, 2020 at 08:40:23AM +0300, Matti Saarinen wrote:
> We have a setup where one set of DHCP servers deliver IP configuration
> to clients and another set of DHCP servers deliver the PXE options. This
Don't do that. Clients do not aggregate DHCP options from different
responses--they p
On Thu, May 21, 2020 at 07:56:10AM +0300, Saku Ytti wrote:
> Hey Chuck
>
> > set groups ND6 interfaces irb unit <*> family inet6 nd6-stale-time 600
> > set interfaces apply-groups ND6
> >
> > then all irb interfaces get a "family inet6" with link-local
> > addressing created and the nd6-state-time
Is there any way to inherit a configuration group setting, but only if
the parent object already exists? For example, if I apply this:
set groups ND6 interfaces irb unit <*> family inet6 nd6-stale-time 600
set interfaces apply-groups ND6
then all irb interfaces get a "family inet6" with link-loc
> 978-618-3342
>
> I’d rather be lucky than good, as I know I am not good
> I don’t make the news, I just report it
>
> [signature_1140633420]
>
> From: james list
> Date: Tuesday, April 21, 2020 at 10:53 AM
> To: Richard McGovern
> Cc: Chuck Anderson , Junipe
3400s just fine.
Check if the carrier is running LLDP or CDP or similar.
On Sun, Apr 19, 2020 at 07:16:46PM -0400, Chuck Anderson wrote:
> Yes, I see CRC errors on EX3400s with MACsec termination, but only on one
> side.
>
> Here is my topology:
>
> From A to B:
>
> [EX3
Yes, I see CRC errors on EX3400s with MACsec termination, but only on one side.
Here is my topology:
>From A to B:
[EX3400-A]-->--[push-vlan-tag-on-MX480]-->-L2
vlan-->-[Carrier-ASR9k-pop-vlan-tag]-->--[EX3400-B]
MACsec L2 connectionL2 xconnect
On Wed, Mar 18, 2020 at 06:36:58PM +0200, Saku Ytti wrote:
> On Wed, 18 Mar 2020 at 18:30, John Kristoff wrote:
>
> > Yep, I get all that. I can tighten that up. Care to show us how you
> > do loopback filters?
>
> It is situational, it's hard to come up with one-size-fits-all. One
> approach
On Wed, Mar 18, 2020 at 06:33:11PM +0200, Saku Ytti wrote:
> On Wed, 18 Mar 2020 at 18:28, Chuck Anderson wrote:
>
> > term bgp-inbound {
> > from {
> > source-prefix-list {
> > bgp-neighbors-v4;
> > }
> > protoc
On Wed, Mar 18, 2020 at 11:16:54AM -0500, John Kristoff wrote:
> On Wed, 18 Mar 2020 16:02:09 +
> Saku Ytti wrote:
>
> > It is completely broken, you use 'port' so you expose every port in your
> > system.
>
> Ha, OK thanks. I think that would require some not so easy spoofing
> unless I'm
Has anyone tried using QSFP+ to SFP+ adapters such as this one? What software
versions have you tried?
https://www.fs.com/products/72587.html
I'm testing these on QFX10002-36Q with 17.3R3-S7.2 and SFP+ 10G-LR modules.
The links come up and pass LLDP and IP traffic, but DOM doesn't work:
{mas
I'd avoid the older RE-S-2000-4096-S with multiple full tables and newer code.
I have some older lab boxes that can't really handle it, but I keep them around
just for lab testing. I had to trim down the full tables with AS Path Length
filters to keep them from running out of RAM, swapping, an
Logically, why couldn't you isolate one member at a time, do the upgrade, then
rejoin it to the VC?
On Thu, Sep 06, 2018 at 11:12:59AM -0500, Louis Kowolowski wrote:
> I currently have a 6 node VC of qfx5100. All are running 14.1X53-D43.7 and
> host software 13.2X51-D38. In discussions with JTAC
Instead of LAG you can try RTG, redundant-trunk-group. That would block
ingress and egress traffic on the backup link and not require STP.
On Fri, Aug 17, 2018 at 11:20:24AM +, Javier Valero wrote:
> Hello all,
>
> We are facing a problem with one customer and multicast video streams on a
with the QFX5100 are flimsy as hell.
>
> On Wed, Aug 1, 2018 at 6:09 PM, Chuck Anderson wrote:
>
> > Just put the rack brackets back towards the middle of the sides so the
> > switch is hangs further forward. The weight is more balanced and it works
> > fine.
>
Just put the rack brackets back towards the middle of the sides so the switch
is hangs further forward. The weight is more balanced and it works fine.
On Wed, Aug 01, 2018 at 06:39:43PM -0400, Colton Conor wrote:
> We are constantly having to mount these larger switches to two post racks.
> To m
On Thu, Jul 26, 2018 at 05:24:53PM -0500, Doug McIntyre wrote:
> On Thu, Jul 26, 2018 at 05:35:42PM -0400, Chuck Anderson wrote:
> > Ask your Juniper rep for a feature that Cisco calls "WAN MACsec".
>
> Juniper calls it MACsec.
"WAN MACsec" is a slightly modifi
Ask your Juniper rep for a feature that Cisco calls "WAN MACsec".
On Thu, Jul 26, 2018 at 11:01:37PM +0200, james list wrote:
> Dear experts,
> I have a virtual chassis of ex4300 connected to another vc of ex4300 with 2
> x 1 Gbs links provided by two carriers.
>
> Lacp aggregation is up with jus
17.3R2 for MX, but I haven't tested
the functionality.
On Sun, Jul 08, 2018 at 11:51:32AM -0500, Colton Conor wrote:
> Chuck,
>
> Did this Junos issue ever get resolved?
>
> On Wed, Dec 9, 2015 at 10:31 AM, Chuck Anderson wrote:
>
> > Has anyone tried to use or impl
I don't see this issue. Does it only happen when you have a different ASN
inside the VRF?
On Thu, Jun 28, 2018 at 10:44:07PM -0400, Philippe Girard wrote:
> Grettings
>
> I'm setting up this VRF that hosts the full routing table. I have other
> peerings or remote PEs that import IX routes throu
I've been doing it for years with no ill effects. The only thing I do
is change the backup/master designations in chassis redundancy to
clear the alarm about running on the backup RE:
mx960> show configuration chassis redundancy |display set
set chassis redundancy routing-engine 0 backup
set cha
I almost always leave it running as master on the former backup. It is good to
exercise both REs periodically. I haven't bothered with ISSU in a long time
since I have node/path redundancy.
On Thu, Jun 28, 2018 at 09:12:14AM -0500, Chris Adams wrote:
> It's been a bit since I upgraded JUNOS on
You don't need to use the original power cords. IEC 60320 is the
standard for power connectors. You want an IEC 60320 C19 to C20 cord
and a PDU with C19 outlets on it to accept the C20 end of the cord:
https://www.stayonline.com/reference-iec320.aspx
On Fri, May 11, 2018 at 03:15:13PM -0700, mi
https://www.juniper.net/documentation/en_US/release-independent/junos/topics/concept/power-supply-mx240-ac.html
You can run the power supplies on either 120v or 208/240v . If you use the
lower voltage, you need 4 power supplies for redundancy. If you use the higher
voltage, you only need 2 for
slap together something simple.
> Anyone know the actual size of the threaded hole?
>
>
> Frank Sweetser
> Director of Network Operations
> Worcester Polytechnic Institute
> "For every problem, there is a solution that is simple, elegant, and wrong."
> - HL M
Nice. That screw hole on the front of the rack ear is screaming for
someone to make a 3D printed label tag.
On Thu, May 03, 2018 at 08:19:59AM -0500, Chris Wopat wrote:
> Our current QFX5100 label method:
>
> https://i.imgur.com/kRVojXk.jpg
>
> We have a label on both the left and right side, s
It depends if the DWDM gear is purely L1 or if it is doing OTN switching (it
will be doing OTN if you are mapping 1 or more lower rate client side signals
into 1 or more higher rate line side signals). The latter deals with framing
and would have MTU limits. The former would have a 1:1 mapping
On Tue, Apr 10, 2018 at 08:37:41AM -0700, mike+j...@willitsonline.com wrote:
> On 04/09/2018 08:07 PM, Chris via juniper-nsp wrote:
> > For the MX104 (and the MX80) the main limitation they have is that the
> > CPU on the routing engine is terribly slow. This can be a problem for
> > you if you are
Back-in-the-day we had fe-x/x/x for 10/100 Mbps ports. Now we have ge-x/x/x
that can take a 100 Mbps SFP, but the name doesn't change to fe-x/x/x AFAIK.
So there is precedent for the names not changing when the speed changes.
But I do like having the ability to match ports based on speed, e.g.
It makes sense on dual-RE platforms:
mx960> request vmhost power-on other-routing-engine
On Tue, Apr 03, 2018 at 07:41:57AM -0500, Aaron Gould wrote:
> Seeing it on my MX960 also...
>
> agould@ 960> request vmhost ?
> Possible completions:
> cleanup RE vmhost cleanup /var/tmp, /va
Cool. Is there another parameter specify which VM to power-on, maybe a service
VM?
I wonder why the MX150 doesn't have any vmhost commands. It would come in
handy for some issues.
On Mon, Apr 02, 2018 at 02:00:33PM -0500, Chris Adams wrote:
> Working on a new MX204, I noticed this:
>
> user@
Umm, you type the password into the box, right? The box stores that password
in memory so that it can build a TACACS+ request packet to send to the server?
Unless you are using SSH keys in lieu of passwords.
On Mon, Jan 08, 2018 at 05:16:01PM +0100, Sebastian Becker wrote:
> The password will
The most current supported software on EX2200 is 12.3R12--there were
some issues with insufficient flash space for 15.1, so they rolled
back the recommended release to 12.3R12.
They are fairly solid boxes, although I do notice occasional STP
issues on them (Root Bridge changes, Loop Protect activa
On Tue, Nov 21, 2017 at 06:28:07AM -0800, Emille Blanc wrote:
> Hello folks,
>
> Trudging through the woes that are cross-vendor compatibility issues, and
> failing completely at getting a link between an EX3400 or EX4600, and an HPE
> FlexFabric-20/40 F8 card in our c7000 enclosure using an HPE
of MACSec, intended to address that issue
> > exactly - they call it WAN MACSes. We was able to use across many different
> > SP circuits. As long as you have pure p2p links (real or stimulated), you
> > should be fine. Unfortunately, I'm not aware of any similar Juniper
>
Virtual Chassis shares the management, control, and data planes across the two
routers. I don't like that from a high-availability standpoint. The two
routers are tightly coupled with software versions, bootup, etc.
MC-LAG shares some of the control and data planes via ICCP but maintains
sepa
e in the enterprise doing this over e-line services?
>
> -Original Message-
> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
> Chuck Anderson
> Sent: Friday, October 27, 2017 9:39 PM
> To: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp]
rted by the switching hw,
> no any other special requirements.
> Btw keep in the mind macsec overhead, +32.
>
> regards, Eli
>
> On Fri, 27 Oct 2017 10:23:01 -0400
> Chuck Anderson wrote:
>
> > Has anyone been able to run MACsec over a service provider's Et
Has anyone been able to run MACsec over a service provider's Ethernet
Private Line (or even just a 802.1q vlan)? I'm looking at using 10gig
ports on the EX4300 or the EX4600/QFX5100-24Q with the MACsec uplink
module.
___
juniper-nsp mailing list juniper-
On Wed, Oct 11, 2017 at 12:23:16PM -0500, Aaron Gould wrote:
> (I really should change this subject heading to "BGP VPLS - Multi-homing"
> since that's the more specific vpls version we are discussing at this
> point... FEC 128 / RFC 4761)
>
> hey look what I just found ..
> https://www.juniper.ne
On Mon, Oct 09, 2017 at 11:34:52PM +, Matthew Crocker wrote:
>
>
> I’m performing an upgrade on my MX480 NG-REs and I see this scroll through
> the console:
>
> ALSA: Storing mixer settings...
> /usr/sbin/alsactl: save_state:1590: No soundcards found...
>
>
> So, the question is, what sou
Insert a 3dB or 7dB attenuator pad for lab testing. In a pinch (no pun
intended) you can take a fiber jumper and bend it tightly into a loop (like
1/4" diameter) to attenuate the signal, but I would use a disposable jumper for
that. Use a twist tie or similar to hold it in the tight loop. Mon
Yes, I'm using bpdu-block-on-edge with disable-timeout 3600 (1 hour).
I'm also using mac-limits with port shutdown.
Until a location is ready for IPv6:
set interfaces interface-range EDGE member-range ge-0/0/0 to ge-0/0/47
set interfaces interface-range EDGE unit 0 family ethernet-switching filte
Personally I would stick with 12.3. They came out with another service
release, 12.3R12-S6.
On Thu, Sep 28, 2017 at 03:26:36AM +1000, Kamal Dissanayaka wrote:
> Hi Jason,
>
> Thanks for the response,
> This happened to us irrespective of version, some switches were from
> 12.3.r9 to 15.1.r2.9 a
On Mon, Sep 25, 2017 at 07:10:47AM -0500, Aaron Gould wrote:
> A few questions about logical systems. related to a new 5-node MX960 100 gig
> ring.
>
> Do you all use logical systems in your production environment ?
I do.
> Do you contain your core P functions inside of an lsys ?
My network is
I don't normally rely on VRs on my access layer devices, but it comes
in handy once in a while for troubleshooting to add a l3-interface to
a VLAN, but keep the routing separate from the in-band management
VLAN. For this I use a routing-instance of instance-type
virtual-router. I can then use "pi
Is virtual-router at least supported if not full VRF?
On Wed, Sep 20, 2017 at 05:26:27PM +0100, Olivier Benghozi wrote:
> New additional licence needed to stack (VirtualChassis), VRF not supported.
>
> > On 20 sept. 2017 at 17:16, William wrote :
> >
> > Due to the ex2200 going eol/eos we are l
On Mon, Sep 18, 2017 at 01:12:36PM +, Eric Van Tol wrote:
> > Have you tried enabling BGP traceoptions to see if that logs more useful
> > diagnostics?
>
> Yes, per my first message:
>
> >I also see absolutely nothing when I enable traceoptions on the
> >peer in LS1 and with MX2 attempting t
On Sun, Sep 17, 2017 at 01:43:31PM +, Eric Van Tol wrote:
> Thanks, I did check all this and re-entered MD5 keys by pasting in on all 4
> routers. The fact that only one session out of the bunch isn't coming up
> indicates that it's not an MD5 or ASN issue, though, as they are all defined
>
On Thu, Sep 14, 2017 at 10:54:54AM -0500, John Kristoff wrote:
> Typically these devices can last out in the field for five or more
> years. There are at least two potential concerns about this series of
> switches. One, when stacking them into a larger virtual chassis (i.e.
> six or more), the m
Is anyone using EX4200 with DHCP Snooping + dot1x Dynamic VLAN
assignments? I appear to be hitting bugs where some devices can't
DHCP (such as Ricoh printer/copier/fax/scanners), or once they do DHCP
they can't communicate through the EX4200 switch port. It seems I can
make things work better by
cols will not pass.
>
>
>
> ____
> De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Chuck
> Anderson [c...@wpi.edu]
> Enviado: sexta-feira, 24 de março de 2017 18:33
> Para: juniper-nsp@puck.nether.net
> Assunto: R
I had to load 14.1X53-D40 to have a basic working Q-in-Q config. D35
was broken in some fundamental way.
On Fri, Mar 24, 2017 at 04:31:56PM +, Alexandre Guimaraes wrote:
> Alain,
>
> As far i know, QinQ - L2TP does not work at QFX5100.
>
> Att.,
> Alexandre
>
> _
On Fri, Mar 24, 2017 at 04:31:56PM +, Alexandre Guimaraes wrote:
> Alain,
>
> As far i know, QinQ - L2TP does not work at QFX5100.
>
> Att.,
> Alexandre
>
>
> De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Alain Hebert
> [ah
Try:
show firewall | match flowspec
Sometimes the filter names aren't what you expect when dealing with
logical-systems. The ones I see are prepended with __LSYSNAME/ to you
might find them names __LSYSNAME/__flowspec_
On Wed, Mar 22, 2017 at 09:07:22PM +0200, Michail Litvak wrote:
> Hi all
On Mon, Mar 20, 2017 at 10:19:35AM +0100, Johan Borch wrote:
> Do anyone have a control plane filter for ACX they can share? :) they don't
> seem to support using standard loopback filters.
See this thread:
https://puck.nether.net/pipermail/juniper-nsp/2016-April/032422.html
and specifically thi
Last time I checked the contributing routes have to be in the
destination RIB for the aggregate/generate to go active.
On Sun, Mar 05, 2017 at 11:26:18AM +, Alexander Arseniev wrote:
> Hello,
>
> Have You tried putting all routes from that peer in a routing-instance?
>
> Then configure aggr
Is there any way with JUNOS to not send the link-local next hop in the
MP_REACH_NLRI path attribute of an IPv6 BGP session? Another vendor
may be choking on it, and I'd like to test if removing it "fixes" the
issue, after which I can tell the vendor to fix their code.
Thanks,
Chuck
__
Has anyone found MX port-mirror to be unreliable? Either missing some
traffic or showing more traffic than should be there (e.g. from other
interfaces than the one(s) you have configured for port-mirroring)?
I'm using "family inet" port mirror on 15.1R4 and I can't explain why
some flows are showi
I recommend 12.3R12-S3.1 for EX2200/3200/4200/4500. I has many bug
fixes over 12.3R12.4:
https://kb.juniper.net/InfoCenter/index?page=content&id=TSB16975&actp=SUBSCRIPTION
However I see that JTAC is now recommending 15.1R5:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB21476&actp=se
On Mon, Dec 14, 2015 at 12:40:05PM +, Phil Mayers wrote:
> On 11/12/15 17:16, Chuck Anderson wrote:
>
> >For those of us who wish to/need to use commercial NMS software, are
> >there any that support NETCONF? And NETCONF isn't the answer yet
> >anyway to cro
In a VPLS multihoming scenario, if the remote primary multihomed PE
goes down, the local PE should start forwarding traffic to the CE:
https://www.juniper.net/documentation/en_US/junos15.1/topics/concept/vpn-vpls-multihoming-network-failures.html
But if all remote PEs go down (or if there are onl
When I was getting these and the Cisco far end was getting tons of
errors, the light levels were good all around. It ended up being a
fiber problem near the transmitter. Try shooting the fiber link with
an OTDR to see if you are getting lots of reflections.
On Fri, Oct 21, 2016 at 12:23:18PM -07
On Wed, Sep 21, 2016 at 03:26:40PM -0400, Chuck Anderson wrote:
> This doesn't work:
>
> $res = $jnx->get_configuration(changed => 'changed', compare => 'rollback',
> database => 'candidate');
>
> because that genera
No, I'm trying to have the router do the compare server-side.
On Wed, Sep 21, 2016 at 02:52:42PM -0500, Tim Jackson wrote:
> Have you just tried to just compare source=>running to source=>candidate
> from get_config?
>
> --
> Tim
>
> On Wed, Sep 21, 2016 a
Using NETCONF with Perl Net::Netconf::Manager, I'm trying to get the
candidate configuration to see what changed before issuing a commit
request so I can avoid "empty" commits after doing a "replace"
operation on a subtree. I see that NETCONF defines a standard
call, and I believe is a
legacy/pr
Has anyone upgraded from 14.2 to 15.1 and seen this issue? Right
after the upgrade, all loopback filters started dropping all traffic
causing OSPF & BGP failures, inability to ping or SSH into fxp0, etc.,
despite being configured to allow the appropriate management & control
plane traffic which wa
You can also directly set the communities on the static route, making
the BGP policy unnecessary:
set routing-options static route A.B.C.D/32 discard community [ 7922:666
1239:66 ]
On Thu, Sep 15, 2016 at 05:12:34PM +, Matthew Crocker wrote:
>
>
>
> Static /32 is in and Sprint (AS1239) u
s, and not inet.0.
>
> https://www.juniper.net/documentation/en_US/junos15.1/topics/example/vpns-layer-3-route-resolution-route-reflector.html
>
>
> Dragan
>
> On Wed, Sep 14, 2016 at 1:26 AM, Rob Foehl wrote:
>
> > On Tue, 13 Sep 2016, Chuck Anderson wrote:
>
On Tue, Sep 13, 2016 at 06:38:10PM -0400, Rob Foehl wrote:
> On Tue, 13 Sep 2016, Chuck Anderson wrote:
>
> >Could you just use a strict MPLS path with an ERO?
>
> Hmm, doesn't look like it... I just tried configuring an explicit
> path LSP to nowhere on a lab
On Tue, Sep 13, 2016 at 05:42:37PM -0400, Rob Foehl wrote:
> Assuming a typical IBGP session built between loopbacks, is there
> any relatively clean way to tie that session state to RSVP-signaled
> LSPs between the same pair of routers?
>
> I'm trying to work around a case where the IGP knows abo
Okay, attachments don't come through the list, so I've done what I
should have done long ago and put this on github:
https://github.com/cranderson/nagios-plugins
On Wed, Aug 17, 2016 at 11:12:12AM -0400, Chuck Anderson wrote:
> (trying again with gzipped code to make message
(trying again with gzipped code to make message small enough)
For Juniper hardware/software fault monitoring, we use Nagios with the
check_snmp_environment plugin, extended with more Juniper checks.
I've attached the one we use here. I'd like to improve this further
by removing duplicate alerts (
On Tue, Jun 21, 2016 at 01:37:37PM +0300, Saku Ytti wrote:
> On 21 June 2016 at 13:31, Nathan Ward wrote:
>
> > I haven’t looked in ages, but didn’t Richard Steenbergen run a wiki for
> > this sort of info?
>
> Yeah but he's wearing suits now and has no time for such shenanigans.
> Job has copy
On Wed, May 25, 2016 at 08:30:06PM +0300, Saku Ytti wrote:
> On 25 May 2016 at 20:28, Daniel Verlouw wrote:
>
> > definitely good and valid points, however are you willing to deploy
> > (what I consider) bleeding-edge code in your network to support the
> > latest and greatest HW? I'm most certai
On Wed, Apr 20, 2016 at 01:14:17AM +0200, j...@czmok.de wrote:
> Hi,
>
> i am looking for the following solution:
>
> - SITE A - VPLS SITE 1
> - SITE B - VPLS SITE 2
>
> On Site A i receive on ae0. Traffic which is tagged with VLAN
> On Site B i want to provide a Layer3 Interface which
On Mon, Mar 21, 2016 at 05:04:35PM +0100, Raphael Mazelier wrote:
> I am currently evaluating how to migrate the internet dmz, and the
> public pfx of my customers into VRF.
> During the migration phase I have to leak pfx from vrf to the global table.
> Don't ask why, but I cannot do the leaking o
On the MX/Trio platform, from a performance standpoint with large
prefix-lists (~10,000) and firewall filters, does it matter what order
the prefix-list is in? Will the firewall filter perform better if
shorter prefixes are listed first or if some other criteria is used
for sorting?
Thanks.
_
Not enough power to power up the card?
show chassis power
On Fri, Feb 26, 2016 at 01:50:44PM -0600, Josh Reynolds wrote:
> Hi all.
>
> Pair of MS-MPC-128's. 1st card boots, second card doesn't. Swapped FPC
> locations, now the 2nd card boots in the first card's spot, but the
> 1st card won't boo
, and see if the permissions work? The equivalent
> replace: tag in the text format works with a restricted login class when
> using netconf.
>
> http://www.juniper.net/documentation/en_US/junos14.2/topics/reference/tag-summary/junos-xml-protocol-replace-attribute.html
>
>
>
&g
Has anyone seen strange behavior when using a single prefix-list
shared containing both IPv4 and IPv6 prefixes shared between two fw
filters, one family inet and one family inet6? I just tried this, and
the family inet6 filter is executing the "then syslog" term even when
there is no match in the
At least for the "ifa for this rt" message, it is a bug that was
fixed:
https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1067484
"When setting the syslog to debug level (any any), you may note
reoccurring messages of the form "ifa for this rt ia is not
present, conside
1 - 100 of 393 matches
Mail list logo
