Re: [j-nsp] Enable EVPN on existing mpls l3vpn network

On Thu, Feb 18, 2016 at 10:44:16AM -0800, tim tiriche wrote: > I have an existing L3VPN network with NSR. > > If i want to enable EVPN, is it just a matter of enabling family evpn > signalling on the bgp neighbors? Yes, but you probably want at least Junos 14.1 for EVPN. > Will doing so, cause

Re: [j-nsp] Optimizing the FIB on MX

On Wed, Feb 17, 2016 at 08:51:23PM +0100, Vincent Bernat wrote: > Being a bit unsatisfied with a pair of MX104 turning themselves as a > blackhole during BGP convergence, I am trying to reduce the size of the > FIB. > > I am in a simple situation: one upstream on each router, an iBGP session >

Re: [j-nsp] Anyone tried ThreatStop on Juniper integration?

On Mon, Feb 15, 2016 at 12:46:15PM -0500, Phil Shafer wrote: > Chuck Anderson writes: > >I assume by "ephemeral" database, you mean "configure dynamic" to edit > >the dynamic-db? > > Yup, exactly. > > >Unfortunately, it appears that dynamic-db on

Re: [j-nsp] Anyone tried ThreatStop on Juniper integration?

On Fri, Jan 15, 2016 at 03:51:02PM -0500, Phil Shafer wrote: > But most of these issues can be mitigated. For example, they change > config using "cat command-file | cli" which churns the change bits > in the database even when nothing changes; using "load update" will > solve that. In addition,

Re: [j-nsp] | display inheritance vs. logical-systems

look, the firewall data > >model has the right reference, but it's not working, likely broken > >somewhere in my (ui) code. > > > >Thanks, > > Phil > > > > > > > >Chuck Anderson writes: > >>An interesting CLI bug: > >> > &

[j-nsp] | display inheritance vs. logical-systems

An interesting CLI bug: "show configuration | display inheritance" doesn't find prefix lists that are referenced via configuration groups that are applied inside a logical-system, but the configuration commits and works correctly: MX_RE0# show groups DROP-RESERVED-SOURCES logical-systems {

[j-nsp] apply-macro to set named communities on static routes?

On Thu, Jan 28, 2016 at 02:16:52PM -0500, Chuck Anderson wrote: > Does anyone know why Junos doesn't accept named communities for static > routes? This doesn't work: > > set routing-options static route 192.0.2.0/24 community TEST > set policy-options community TEST me

[j-nsp] setting named communities on static routes

Does anyone know why Junos doesn't accept named communities for static routes? This doesn't work: set routing-options static route 192.0.2.0/24 community TEST set policy-options community TEST members 65000:100 Instead we are forced to put the value directly: set routing-options static route

Re: [j-nsp] setting named communities on static routes

On Thu, Jan 28, 2016 at 02:30:52PM -0500, Jeff Haas wrote: > > > On Jan 28, 2016, at 2:16 PM, Chuck Anderson <c...@wpi.edu> wrote: > > > > Does anyone know why Junos doesn't accept named communities for static > > routes? This doesn't work: > > > >

Re: [j-nsp] EVPN

On Thu, May 07, 2015 at 05:54:43PM -0400, Chuck Anderson wrote: > On Thu, May 07, 2015 at 10:41:18PM +0200, Sebastian Wiesinger wrote: > > * Chuck Anderson <c...@wpi.edu> [2015-05-05 16:51]: > > > On Fri, May 01, 2015 at 05:53:54PM -0400, Chuck Anderson wrote: >

Re: [j-nsp] MX960 Power Options

> 208V X 30AMP X .80 Max Load = 4,992 watts. That's a lot. > > Are you saying I ideally need double this? Why? > > On Mon, Jan 25, 2016 at 10:20 PM, Chuck Anderson <c...@wpi.edu> wrote: > > > I recommend 4 x 208V. The MX960 uses "power zones" in a 2+2 &

Re: [j-nsp] MX960 Power Options

I recommend 4 x 208V. The MX960 uses "power zones" in a 2+2 arrangement where half of the chassis is powered by 2 PEMs, and the other half of the chassis is powered by the other 2 PEMs. Make sure the 1st PEM for each zone is powered by the A feed, and the 2nd PEM for each zone is powered by the

Re: [j-nsp] MX: mixin family bridge and family inet

On Mon, Jan 25, 2016 at 05:45:25PM +0100, Vincent Bernat wrote: > ❦ 25 janvier 2016 11:03 -0500, "Tim St. Pierre"   > : > > > I'm pretty sure you have to add the interfaces to the bridge domains: > > > > vlan-200 { > > domain-type bridge; > > vlan-id 200; > >

Re: [j-nsp] EX4200 VCP port statistics not showing errors when it should

On Wed, Mar 18, 2015 at 01:44:10PM -0400, Chuck Anderson wrote: > Has anyone experienced a problem where an EX4200 VC was dropping > packets (30-50% packet loss or higher) across a certain VCP cable, but > the "show virtual-chassis vc-port statistics extensive" command

Re: [j-nsp] Tracking Juniper Pluggable Optics

Heh. Many years ago I had trouble with a batch of LX optics in my MX router. Apparently, some were purchased as EX-SFP-1GE-LX rather than SFP-1G-LX (I had spare stock in both). But they both identify as the same part number in EX and MX (though different model name as you noted), same OEM and

Re: [j-nsp] EX4200 console port woes

On Thu, Dec 31, 2015 at 12:30:51PM -0500, Eric Van Tol wrote: > > The default console speed on the EX4200 is 9600bauds, as stated here : > > > > http://www.juniper.net/techpubs/en_US/release-independent/junos/information- > >

Re: [j-nsp] SNMP NMS support of Junos VLAN MIBs

On Sat, Dec 12, 2015 at 04:33:44PM +1100, Dale Shaw wrote: > Hi Chuck, > > On Sat, Dec 12, 2015 at 4:16 AM, Chuck Anderson <c...@wpi.edu> wrote: > > > > Here are some commercial NMS products that we've looked at that we > > would like to

Re: [j-nsp] SNMP NMS support of Junos VLAN MIBs

On Fri, Dec 11, 2015 at 03:26:24PM +, Phil Mayers wrote: > On 11/12/15 15:11, Ross Vandegrift wrote: > > >I never ran into this, but it's not too surprising - I had unending > >problems with poor Q-BRIDGE-MIB. We used at least Junos, Procurve, and > >a few flavors of IOS 12. Only HP had a

Re: [j-nsp] Routed VLAN Interfaces on MX

You also need to configure the physical interface(s) in the LAG: interfaces { xe-x/y/z { gigether-options { 802.3ad ae0; } } } interfaces { xe-x/y/w { gigether-options { 802.3ad ae0; } } } ... Otherwise, it looks fine. On

Re: [j-nsp] Routed VLAN Interfaces on MX

Right, you aren't required to do bridging and IRB if all you want is a layer 3 termination: ae0 { flexible-vlan-tagging; encapsulation flexible-ethernet-services; unit 41 { vlan-id 41; family inet { address 1.1.1.2/30; } } } You can do the same

Re: [j-nsp] convert config from m120 to mx480

On Fri, Oct 02, 2015 at 12:08:34PM -0500, David B Funk wrote: > We have a venerable m120 that's being used as an edge router in our > department on campus. We've recently acquired an mx480 as a replacement. > > I'm trying to decide the best way to port the m120 config to the mx480; > Either a

Re: [j-nsp] purpose of "commit check"?

On Thu, Oct 01, 2015 at 12:30:51AM +0300, Martin T wrote: > So in order to sum this up, "commit check" makes sense at least in > following cases: > > 1) confirm "commit confirmed" action. This does not waste a rollback. > 2) test errors for configuration which will be saved and committed later >

Re: [j-nsp] purpose of "commit check"?

I could be wrong about failed commits logging to "show system commit", but I thought I saw that at least once. We log commits with RANCID, so we get email with the config diffs, including the "show system commit" output. Another reason to use commit check--when coordinating changes across

Re: [j-nsp] purpose of "commit check"?

"commit comment" will log the comment even if the commit fails. Doing "commit check" first allows you to avoid this extra comment in the "show system commits" log. On Tue, Sep 29, 2015 at 12:24:41AM +0300, Martin T wrote: > when I commit the candidate configuration in Junos, I tend to execute >

Re: [j-nsp] EX4300 and full-duplex-only

Really? So you can't use EX4300 at 10 Mbps (I don't know of any devices that support 10/Full)? If this is true, it is a purchase-stopper for us. On Wed, Sep 23, 2015 at 01:58:36PM +0100, Phil Mayers wrote: > Does anyone know the backstory to this? We just found out this > platform doesn't

Re: [j-nsp] IOS XR ISIS overload bit with advertise-high-metrics as in JunOS

at 12:07 PM, Chuck Anderson c...@wpi.edu wrote: On Sun, Aug 23, 2015 at 11:05:11AM +1000, Uzir Khan wrote: Hi there, Is there something equivalent to advertise-high-metrics—Advertise maximum link metrics in NLRIs instead of setting the overload bit in IOS-XR? If yes, please share any

Re: [j-nsp] IOS XR ISIS overload bit with advertise-high-metrics as in JunOS

On Sun, Aug 23, 2015 at 11:05:11AM +1000, Uzir Khan wrote: Hi there, Is there something equivalent to advertise-high-metrics—Advertise maximum link metrics in NLRIs instead of setting the overload bit in IOS-XR? If yes, please share any reference etc.. web search is not much help Google worked

Re: [j-nsp] MX240 SCBE2 10G ports

On Wed, Aug 19, 2015 at 12:14:03PM -0700, Michael Loftis wrote: On Wed, Aug 19, 2015 at 9:09 AM, Chuck Anderson c...@wpi.edu wrote: On Wed, Aug 19, 2015 at 11:43:43AM -0400, Phil Rosenthal wrote: I suggest you bring this up with your Juniper sales rep :) Juniper is very much driven

Re: [j-nsp] MX240 SCBE2 10G ports

On Wed, Aug 19, 2015 at 11:43:43AM -0400, Phil Rosenthal wrote: On Aug 19, 2015, at 11:42 AM, John Center john.cen...@outlook.com wrote: Thanks, Phil. Doesn't make much sense then. If these ports were usable, it would make the MX240 much more attractive from our perspective. I

Re: [j-nsp] EVPN

On Wed, May 06, 2015 at 12:13:41PM +0100, Matt Bernstein via juniper-nsp wrote: On 05/05/2015 15:48, Chuck Anderson wrote: On Fri, May 01, 2015 at 05:53:54PM -0400, Chuck Anderson wrote: Is anyone doing EVPN in production yet? I take it from the deafening silence that either no one is doing

Re: [j-nsp] Ingress QoS Marking Now Fully Supported on MX Routers - Junos 14.2R3.8 Release

Scroll down to the 4th top-level bullet: Support for packet marking schemes on a per-customer basis (MX Series only) On Sun, May 17, 2015 at 09:23:37PM +1000, Masood Ahmad Shah wrote: Thanks for sharing, Mark! Are you sure that it supports all Trio-bsaed cards and afterwards... Juniper

Re: [j-nsp] EVPN

On Thu, May 07, 2015 at 10:41:18PM +0200, Sebastian Wiesinger wrote: * Chuck Anderson c...@wpi.edu [2015-05-05 16:51]: On Fri, May 01, 2015 at 05:53:54PM -0400, Chuck Anderson wrote: Is anyone doing EVPN in production yet? I take it from the deafening silence that either no one is doing

Re: [j-nsp] EVPN

On Fri, May 01, 2015 at 05:53:54PM -0400, Chuck Anderson wrote: Is anyone doing EVPN in production yet? I take it from the deafening silence that either no one is doing EVPN in production, or no one is willing to admit it. Is anyone willing to share any experiences with EVPN, such as results

[j-nsp] EVPN

Is anyone doing EVPN in production yet? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] JTAC Recommended Junos Software Versions Old?

On Wed, Apr 29, 2015 at 12:22:15PM -0700, Michael Loftis wrote: On Wed, Apr 29, 2015 at 9:58 AM, Colton Conor colton.co...@gmail.com wrote: Why is the JTAC Recommended Junos Software Version for the MX routers currently Junos 12.3R8.7? There are much newer versions of JUNOS out there. From

[j-nsp] MX: Hardware-Down for an irb logical unit

What would cause an irb logical interface unit to stay in Hardware-Down? I'm using identical configs on 4 different routers (different IPs of course), and one of them won't come up. There is at least one physical interface in the BD that is up. The irb physical interface is up. There are many

[j-nsp] Solved: MX: Hardware-Down for an irb logical unit

On Wed, Apr 29, 2015 at 12:21:11AM +, Ben Dale wrote: Hi Chuck, On 29 Apr 2015, at 9:32 am, Chuck Anderson c...@wpi.edu wrote: What would cause an irb logical interface unit to stay in Hardware-Down? I'm using identical configs on 4 different routers (different IPs of course

Re: [j-nsp] iBGP and IPv6

Can you provide a show route hidden extensive? On Wed, Apr 15, 2015 at 01:07:37PM -0600, Jonathan Call wrote: I apologize. The email looked fine when I got it back from the list. OSPF/OSPF3 are the IGP. When I shut them off the BGP route for the loopback disappears.Limiting IBGP to only

Re: [j-nsp] info VC QFX

On Wed, Mar 25, 2015 at 09:20:14AM +0100, Tore Anderson wrote: * james list jameslis...@gmail.com on QFX VC is there a way to configure VME interface to respond on each module of the VC instead to be redirected on the master RE ? If yes a little configuration example is appreciated.

Re: [j-nsp] info VC QFX

Did you remove the non-groups config from em0? delete interfaces em0 What shows up for ifconfig from the shell on each member? request session member 0 start shell ifconfig em0 ifconfig vme exit request session member 1 start shell ifconfig em0 ifconfig vme exit On Wed, Mar 25, 2015 at

[j-nsp] EX4200 VCP port statistics not showing errors when it should

Has anyone experienced a problem where an EX4200 VC was dropping packets (30-50% packet loss or higher) across a certain VCP cable, but the show virtual-chassis vc-port statistics extensive command showed no errors, and the request virtual-chassis device-reachability command didn't show any

Re: [j-nsp] MTU mismatch between EX4200 and EX4500 / OSPF3 adjacencies

On Mon, Mar 02, 2015 at 06:05:18PM +0100, Laurent CARON wrote: We clearly see a MTU mismatch (1500 vs 150*4* for inet6 on the 4200 side) leading to OSPF adjacencies not coming up. Setting: set interfaces ae26 mtu 1518 on the 4200 side allows to have the OSPF adjacencies up. Did you guys

Re: [j-nsp] EX4200 L2 to MX960 L3

On Thu, Feb 26, 2015 at 09:14:03AM -0500, adfjklaufao akjvlauroe wrote: Hello We connect our devices to a 4200 and run layer 2 to an AE on the 960. The layer 3 is on the ae on the 960. Currently the layer 3 stays up when the physical layer port is down on the 4200. Is there a way to have

Re: [j-nsp] EX4300/EX4600 experiences

On Tue, Feb 17, 2015 at 12:24:22AM -0500, Jordan Whited wrote: Looking for experiences with EX4300 EX4600 as layer 2 ToR. No routing, just vlans and MSTP. Can these be looked at as a 4200/4500 with a larger bridge table? Anything to look out for? E4300/4600 are a different chipset than

Re: [j-nsp] Merging routes from VRF to inet.0

I do this with rib-groups directly, not auto-export. You need to mention both the VRF and inet.0 tables in the rib-group, with the VRF one first (primary table): Main routing-options: routing-options { rib-groups { vrf_and_inet0 { import-rib [ vrf.inet.0 inet.0 ];

Re: [j-nsp] Merging routes from VRF to inet.0

/export may work instead if you'd rather not use rib-groups: http://forums.juniper.net/t5/TheRoutingChurn/Using-rib-groups-or-auto-export-for-route-leaking/ba-p/202349 On Wed, Jan 14, 2015 at 10:52:40AM -0500, Chuck Anderson wrote: I do this with rib-groups directly, not auto-export. You need

Re: [j-nsp] juniper qfx5100 vs ex9200

EX9200 has more potential to support more MPLS features as a PE, like EVPN. QFX5100 is a nice box, but won't do much MPLS (L3VPN, but no L2VPN, VPLS or EVPN). See the Feature Explorer: http://pathfinder.juniper.net/feature-explorer/search-features.html Interestingly, EX9200 isn't shown as

Re: [j-nsp] DDOS_PROTOCOL_VIOLATION_SET: Protocol Reject:aggregate

On Wed, Dec 10, 2014 at 05:16:25PM -0500, Brendan Mannella wrote: Just wondering if anyone has ever seen these DDOS messages before and what i should be looking at to resolve. Dec 10 11:10:24 re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned to

Re: [j-nsp] BRAS IPv4/IPv6 Combined Policer RADIUS Attributes

On Fri, Oct 31, 2014 at 05:17:40PM +0800, Darren Liew wrote: Hi Team, Has anyone has experience deploying dual-stack services on Juniper BRAS? Our requirement is per below. For example, the bandwidth package is 5Mbps. The IPv4 IPv6 should be policed jointly to bandwidth of 5Mbps rather

Re: [j-nsp] rpm / ip-monitoring

Even with a qualified next-hop? http://www.juniper.net/documentation/en_US/junos12.3/topics/reference/configuration-statement/qualified-next-hop-edit-routing-options.html On Fri, Aug 29, 2014 at 03:03:07PM +0200, Mattias Gyllenvarg wrote: Typical, looks like it will work fine with a DHCP but

Re: [j-nsp] juniper switch ex2200 how to find port from ip address?

There are two or three places where you will find a mapping between MAC and IP address. Then from the MAC you can find the port. The main one is in the ARP table of the router for that subnet. The router could be the EX2200 itself or a different device in the network. If the router runs Junos:

Re: [j-nsp] Drawbacks when using QFX5100 and EX4300 in mixed VCF mode

On Thu, Aug 21, 2014 at 05:07:05PM +0400, Pavel Lunin wrote: except maybe some corner-cases (which I am not aware of). Using QFX3600 as leafs when spines are QFX5100 is non-reasonable from the pure performance PoV as QFX3600 is a 40GE switch and QFX5100 is 10GE. What about EX4300—of course any

Re: [j-nsp] Could you pls clarify a bit about OAM for link fault management?

On Tue, Jul 22, 2014 at 12:25:40PM +0700, Victor Sudakov wrote: Chuck Anderson wrote: Something like this should do the trick once you've configured it on both ends: set protocols oam ethernet link-fault-management action-profile UDLD event link-adjacency-loss I

Re: [j-nsp] Could you pls clarify a bit about OAM for link fault management?

On Fri, Jul 18, 2014 at 04:24:28PM +0700, Victor Sudakov wrote: Ben Dale wrote: Something like this should do the trick once you've configured it on both ends: set protocols oam ethernet link-fault-management action-profile UDLD event link-adjacency-loss I have come to the

Re: [j-nsp] Junos 12.3 more strict about 3rd party optics?

On Wed, Jun 11, 2014 at 03:49:16PM +0100, Phil Mayers wrote: On 11/06/14 15:01, Chuck Anderson wrote: Jun 10 11:40:54 ex4200 chassism[1293]: XCVR: Unit 0, SFP+ of type 0 EEPROM is Mis Programmed!! Yeah, this was the one that caught my eye. I wonder if it's choking on unknown values

Re: [j-nsp] MX-Series supported transceivers

On Mon, Jun 23, 2014 at 02:38:58PM +0200, Alex D. wrote: Hi, one of our customers has some SFP+ transceiver (Part-No 750-028392) on stock. He tries to plug them in his MX80, but show chassis hardware declares them as UNSUPPORTED Does anybody now if these transceivers are supported at all on

Re: [j-nsp] Junos 12.3 more strict about 3rd party optics?

On Tue, Jun 10, 2014 at 05:33:26PM +0100, Phil Mayers wrote: On 10/06/14 16:17, Chuck Anderson wrote: Moving this same exact optic from the QFX5100 to an EX4200 running 11.4R8.5 it fails, so this seems to be an issue with how the optic is programmed vs. the specific switch/router hardware

Re: [j-nsp] Junos 12.3 more strict about 3rd party optics?

On Wed, Jun 11, 2014 at 10:01:37AM -0400, Chuck Anderson wrote: On Tue, Jun 10, 2014 at 05:33:26PM +0100, Phil Mayers wrote: On 10/06/14 16:17, Chuck Anderson wrote: Moving this same exact optic from the QFX5100 to an EX4200 running 11.4R8.5 it fails, so this seems to be an issue

[j-nsp] Junos 12.3 more strict about 3rd party optics?

Is Junos 12.3 more strict about 3rd party MSA optics than 11.4? I've been using 3rd party MSA optics in EX without troubles, including DOM support working fine. I just deployed a new EX4200 VC with 12.3R6, and the DOM isn't working on the 3rd party MSA optics (but the link comes up and works),

Re: [j-nsp] Junos 12.3 more strict about 3rd party optics?

On Tue, Jun 10, 2014 at 03:09:31PM +0100, Phil Mayers wrote: On 10/06/14 14:14, Chuck Anderson wrote: Is Junos 12.3 more strict about 3rd party MSA optics than 11.4? I've been using 3rd party MSA optics in EX without troubles, including DOM support working fine. I just deployed a new EX4200

Re: [j-nsp] Junos 12.3 more strict about 3rd party optics?

On Tue, Jun 10, 2014 at 11:09:52AM -0400, Chuck Anderson wrote: On Tue, Jun 10, 2014 at 03:09:31PM +0100, Phil Mayers wrote: On 10/06/14 14:14, Chuck Anderson wrote: Is Junos 12.3 more strict about 3rd party MSA optics than 11.4? I've been using 3rd party MSA optics in EX without troubles

Re: [j-nsp] loop detection on EX4200

On Mon, Apr 21, 2014 at 03:20:42PM +0700, Victor Sudakov wrote: Dave Bell wrote: You could try enabling bpdu-block-on-edge. http://www.juniper.net/techpubs/en_US/junos12.2/topics/task/configuration/spanning-trees-bpdu-block-cli.html This is not an edge interface, I need RSTP running on

Re: [j-nsp] ICMP Recommendation !!

Do not block unreachable or you will break PMTUD. http://lost-carrier.org/why-disabling-icmp-unreachables-is-a-bad-thing/ These ones are okay to block for IPv4: icmp-type info-request icmp-type info-reply icmp-type mask-request icmp-type mask-reply icmp-type redirect icmp-type

Re: [j-nsp] Help with MSTP in EX8208

On Wed, Apr 02, 2014 at 03:36:51PM +0200, Octavio Alfageme wrote: I would like to have ae2.0 blocked in instance 1 and ge-20/0/1.0 blocked in instance 2. That's why I modify the cost of ae2.0 interface within instance 1 in both switches: Could you, please, help me to discover what I'm doing

Re: [j-nsp] DWDM SFP+ Finisar

On Wed, Apr 02, 2014 at 11:45:59AM -0300, Giuliano Medalha wrote: People, Does anyone has some experience using SFP+ (10G) DWDM Finisar (3 party optics) in JUNIPER products ? For 40Km or 80 Km ? Yes. Following:

Re: [j-nsp] Help with MSTP in EX8208

On Wed, Apr 02, 2014 at 01:29:46PM -0400, Chuck Anderson wrote: On Wed, Apr 02, 2014 at 03:36:51PM +0200, Octavio Alfageme wrote: I would like to have ae2.0 blocked in instance 1 and ge-20/0/1.0 blocked in instance 2. That's why I modify the cost of ae2.0 interface within instance 1 in both

[j-nsp] Disable STP on a port with ELS?

Here is another Enhanced Layer 2 Software question. Is it possible to disable STP participation on a port? The disable command seems to be missing from these hierarchies, at least on 13.2X51 for QFX5100: protocols stp interface disable protocols rstp interface disable protocols mstp interface

Re: [j-nsp] urpf

On Fri, Feb 28, 2014 at 03:03:57PM -0700, thomas.bowlby wrote: Installing some juniper routers as borders and need specifically RTBH functionality. This was accomplished by upgrading code to 12.1 (specifically 12.3R4.5) and including 'set forwarding-options rpf-loose-mode-discard family

Re: [j-nsp] proposed changes to clear bgp neighbor

On Fri, Feb 28, 2014 at 01:17:38AM +1100, Julien Goodwin wrote: On 28/02/14 00:48, Phil Shafer wrote: Sorry if I'm venturing toward shameless self promotion here, but this really is an area we try to work at. That's part of the movation for asking if this one specific case is sufficiently

Re: [j-nsp] VLAN's on EX4300 with 13.2X50-D15.3

On Thu, Feb 20, 2014 at 02:31:58PM -0800, ryanL wrote: weren't the ex4200 VC connections 64/128 Gbps thru the ribbon cable? why is No, 32 Gbps through PCIe x8. Marketing would have you believe it is 128 Gbps, but using their definitions, a 10 GigE port is 40 Gbps. In reality the VCPs each do

Re: [j-nsp] MX480 RE-S-2000 IGMP flood

On Thu, Jan 30, 2014 at 10:58:05PM -0800, joel jaeggli wrote: http://tools.ietf.org/search/rfc6192 has an excellent example recipie for juniper and cisco control-plane protection. it's a good starting off point and it covers the rational behind the various elements in detail. o Permit

Re: [j-nsp] NTP Reflection

On Mon, Jan 13, 2014 at 03:25:19PM -0600, Richard A Steenbergen wrote: And then start making sure UDP/123 is blocked in your lo0 firewall filters. Shouldn't this be SOP anyway? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net

Re: [j-nsp] EX3300 family ethernet-switching IPv6 matches?

On Wed, Jan 08, 2014 at 06:07:39PM +, Phil Mayers wrote: All, The release notes for the EX3300 are a little vague on this, but strongly imply that as of Junos 12.3, IPv6 firewall filters are supported. However: [edit firewall family ethernet-switching filter FPP term deny-ra]

Re: [j-nsp] EX3300 family ethernet-switching IPv6 matches?

On Wed, Jan 08, 2014 at 07:59:14PM +, Phil Mayers wrote: On 08/01/2014 19:33, Chuck Anderson wrote: and likewise for 13.2, and you'll notice that your last statement is correct. Platform Support for Match Conditions for IPv6 Traffic That's a damn shame. Up to that point, they'd been

Re: [j-nsp] egress balancing on J2350

load-balance per-packet really means distribute load per-flow based on a hash of the traffic. You should not expect exact balancing, and you will never get it. You can control which fields on the packet (MAC addresses, IP addresses, ports) are used to hash the flows by changing the hash-key

Re: [j-nsp] EX cpu performance under multicast replication load?

If the multicast traffic is using a group that shares the same multicast MAC address as some control-plane protocol groups (224.0.0.X) then the RE CPU needs to get a copy of all those packets in case it needs to act on possible control plane traffic. This is a problem that most switches have.

Re: [j-nsp] ng-mvpn problem

On Tue, Oct 22, 2013 at 03:59:42PM -0600, Stacy W. Smith wrote: Because you are injecting traffic with ping and bypass-routing interface lt-1/1/10.771 logical-system a is NOT the first-hop router. It's simply acting as a multicast source that's pumping traffic with destination IP

[j-nsp] pim bootstrap family inet6 import/export policies

Has anyone seen an issue where PIM bootstrap import/export policies don't work correctly on IPv6 RPs? Or for that matter, is anyone using these policies successfully? They are working fine for IPv4, but for IPv6 they are preventing the local RP router from learning the IPv6 BSR, so instead the

Re: [j-nsp] EX4550 true power consumption

On Thu, Oct 24, 2013 at 09:38:43AM -0700, Michael Loftis wrote: I don't know anyone that assumes that the peak capability of a PSU (especially in network gear) is it's actual consumtion, but thats just me. I do agree I wish they'd publish at least approximate figures. It can be a deciding

Re: [j-nsp] DHCP snoop/DAI/IPSG and mac-based vlans?

Yes, we are using MAC RADIUS with DHCP Snooping/DAI/IPSG. Everything also works with the VOIP feature so LLDP assigns a tagged VLAN to IP phones. On Tue, Oct 01, 2013 at 09:10:55AM +0100, Phil Mayers wrote: Does anyone know if the layer2 security features in $subj work at the same time as

Re: [j-nsp] Jloader Update for EX4200

Where do you get the latest jloader? It isn't published in the same place the regular JUNOS images are. You have to happen to see the TSB/KB article. I hadn't known about any new one since the original TSB (11.3I20110326_0802_hmerge) until I saw this email. On Wed, Sep 18, 2013 at 12:20:26PM

[j-nsp] M5 or M10 AC power supplies

I have an old M10 (not M10i) with DC power supplies. Does anyone have any AC power supplies they'd be willing to part with or trade for the 2 DC ones I have? This is just for playing around in the home lab... Alternatively, does anyone know of a cheap way to get enough DC power for these in a

Re: [j-nsp] Link local address errors when committing VRRP for inet6

On Thu, Jun 20, 2013 at 05:22:46PM -0700, Morgan McLean wrote: I ended up setting virtual-link-local-address fe80::1 and an interface using fe80::0/10, which I guess is the link local designed range so I found after more googling. Actually, you should use /64 not /10. While the whole /10 is

Re: [j-nsp] Stackable switches, looping stacking ports

On Tue, Apr 09, 2013 at 11:48:36AM -0700, joel jaeggli wrote: On 4/9/13 11:15 AM, Tom Storey wrote: Hey all. A colleague of mine tells me that, if you have a single stackable switch (not in a stack obviously) and do not loop the two stacking ports on the back using the stacking cable that

Re: [j-nsp] EX4200 generates power supply and fan alarms when environment is good

I think Juniper's internal IT department should be required to immediately load any new version of software on their own offices' switches before it is released to the general public. On Thu, Apr 04, 2013 at 02:14:10AM +0200, Jasper Jans wrote: I can actually confirm that on 12.3R2.5 on the M10i

Re: [j-nsp] Routing loop with OSPFv3 NSSA and external routes

What does the inet6.0 RIB look like for 2001:db8::1/128 ? On Fri, Feb 22, 2013 at 10:41:47AM +0100, Tore Anderson wrote: At this point, both R1 and R2 see SW1's NSSA LSA: R1 show ospf3 database advertising-router 192.0.2.40 lsa-id 0.0.0.2 extensive Area 10.0.0.0 Type ID

[j-nsp] Juniper PDFs now require Adobe Reader 9 and Flash Player to view?!?

Today I downloaded the Complete Documentation Set (PDFs) for Junos OS Release 12.1X44-D10 for SRX: https://www.juniper.net/techpubs/en_US/junos12.1x44/information-products/topic-collections/security/software-all/junos-srx-pdfs/junos-for-srx-12.1x44-pdfs.zip only to discover that I can't open

Re: [j-nsp] Juniper PDFs now require Adobe Reader 9 and Flash Player to view?!?

I did and asked them to open a documentation PR... On Thu, Jan 31, 2013 at 12:10:22AM +, OBrien, Will wrote: Yuck. I hate their reader. Also, I like to read it on ipads and similar submit it as a bug report. It will be funny. On Jan 30, 2013, at 5:17 PM, Chuck Anderson c...@wpi.edu

Re: [j-nsp] EX switches and bpdu-block-on-edge

On Mon, Jan 14, 2013 at 12:04:26PM +0100, Pierre-Yves Maunier wrote: Hi, I have a quick question about the bpdu-block-on-edge feature on EX switches. I think I have the good configuration for what I want to achieve but I'd like some feedback before I put that info production. I have top

Re: [j-nsp] SRX and not working VRRP

On Wed, Jan 09, 2013 at 12:36:47AM +0100, Robert Hass wrote: Hi I have SRX100 running 11.4R6.5 and I cannot make VRRP working. I have configuration like below: admin@srx100 show configuration interfaces fe-0/0/0 unit 0 { family inet { address 10.0.0.69/29 {

Re: [j-nsp] IPv6 VRRP issue on SRX100

On Sat, Dec 29, 2012 at 09:28:53PM +0700, Try Chhay wrote: Problem: *Both SRX100 IPv6 VRRP are master role.* The topology is that two SRX100 are connected to Cisco 2950 switch. After configure IPv4 and IPv6 VRRP ready getting IPv4 VRRP is working as normal, but IPv6 VRRP is not working. A PC

Re: [j-nsp] Cisco SX SFP on Juniper EX2200

Regarding my previous comment about auto-negotiation, on the EX platform the correct command is: set/delete interfaces ge-x/y/z ether-options no-auto-negotiation On Thu, Dec 13, 2012 at 11:02:00AM +0100, Nicolas Hyvernat wrote: On Thu, Dec 13, 2012 at 02:25:31AM +, Coy Hile wrote: Is

Re: [j-nsp] switch idea.?

On Thu, Dec 06, 2012 at 09:00:40AM -0800, Michael Loftis wrote: On Thu, Dec 6, 2012 at 8:35 AM, Mike Devlin juni...@meeksnet.ca wrote: Its ironic this thread has started, since my company is in the process of replacing the core infrastructure, and we have it narrowed down to HP IRF on

Re: [j-nsp] port mirror to multiple ports on MX80 in inet6

What I do is plug the monitor (output) port into a switch with a separate monitoring VLAN and then set the destination MAC address to an unknown one like 02:02:02:02:02:02--the switch will forward all the unknown traffic to all ports in the monitoring VLAN. Works great with an EX4200 (on which

Re: [j-nsp] MX, ARP cache with L2 bridging

On Tue, Sep 18, 2012 at 07:35:28PM +0200, Nicolaj Kamensek wrote: Hi list, I've just learned that even if the MX operate in L2 bridging mode with irb interfaces and an IP address moves from one bridged interface to another, the arp cache timeout still applies. This is a pain since this

Re: [j-nsp] MX, ARP cache with L2 bridging

On Tue, Sep 18, 2012 at 11:24:04PM +0200, Nicolaj Kamensek wrote: Am 18.09.2012 20:57, schrieb Chuck Anderson: Hi, That is not true in my experience. L2 MAC Learning takes effect immediately upon seeing traffic enter the new MX port. The ARP entry will point to the new L2 next-hop

Re: [j-nsp] Twinax direct attach cables coming loose?

On Tue, Sep 11, 2012 at 02:35:08PM -0700, Morgan McLean wrote: Is anybody having issues with twinax / DAC cables from juniper staying secure? We run redundant L2 links just about everywhere so this hasn't caused down time, but at least 7-8 times I've had a link to a switch go down, usually at

Re: [j-nsp] VRRP between mixed M7i and M10i

On Mon, Sep 03, 2012 at 03:33:01PM +0200, sth...@nethelp.no wrote: 1) Did someone have a chance to configure a subnet with 4 Mixed routers M7i and M10i and VRRP enabled between all of them ? VRRP runs between *two* routers. Aside from that, no specific problems with M7i vs M10i (and why

Re: [j-nsp] VRRP between mixed M7i and M10i

On Mon, Sep 03, 2012 at 03:48:09PM +0200, sth...@nethelp.no wrote: 1) Did someone have a chance to configure a subnet with 4 Mixed routers M7i and M10i and VRRP enabled between all of them ? VRRP runs between *two* routers. Aside from that, no specific problems with M7i vs

Re: [j-nsp] Transporting VLAN between two 10GE ports on MX80

On Wed, Aug 29, 2012 at 08:16:42AM +0200, Robert Hass wrote: Hi I need to transport VLAN (switch / bridge) from port xe-0/0/1 (unit 200) to port xe-0/0/2 (unit 200) on MX80. It it possible ? If yes can anyone paste configuration for this task. Can I enable QinQ for this VLAN also ? BTW.

<    1   2   3   4   >