Greetings,
I have a question regarding SRX5800. Is it possible to implement fully
operational forward proxy function on this device (ability to read, cache
content, etc), or is it better to use a dedicated solution for this, (eg.
Squid), and simply port-forward from srx to server?
What if there's
Hi all,
Anyone have some experience with this; what might be wrong with the
configuration?
Thanks
On Thu, Dec 28, 2017 at 4:41 PM, Cydon Satyr wrote:
> Hi.
> The way I understood IRB in VPLS is like this - if you have CE interface
> down, then VPLS should be down, unless
Hi.
The way I understood IRB in VPLS is like this - if you have CE interface
down, then VPLS should be down, unless you have connectivity-type irb
configured inside VPLS instance.
This is the config:
instance-type vpls;
vlan-id 123;
interface ge-1/2/3.123;
routing-interface irb.123;
protocols {
gards,
> Krzysztof
>
>
>
>
> > On 2016-Nov-18, at 14:08, Cydon Satyr wrote:
> >
> > Hi Krasimir,
> >
> > I'm aware that would work. Also, if aggregate is redistributed to level 2
> > as well (not just level 1), the originating router will not
at 1:48 PM, Krasimir Avramski
wrote:
> Hi Cydon,
>
> Lower the aggregatde route preference below 18.
>
>
> Best Regards,
> Krasi
>
> On 18 November 2016 at 13:11, Cydon Satyr wrote:
>
>> Hello experts,
>>
>> If I create an aggregate route on L1/2 r
Hello experts,
If I create an aggregate route on L1/2 router and export it to Level1 ("to
level 1"), this route does not have up/down bit set, making it eligible for
leaking back to Level 2.
What happens is that now router which originated aggregated route prefers
same route over ISIS making a con
Hello experts,
I'm struggling with this specific scenario for hub-and-spoke MVPN network I
have.
It is just a regular hub-and-spoke unicast L3VPN with two links that needs
to have multicast now.
H-CE
| |
|
I am trying to switch to diffserv model (mam) from non-diffserv model, but
for some reason LSPs won't establish.
I added
diffserv-te {
bandwidth-model mam;
}
to mpls stanza, as well as tried to reserve bandwidth with
{
bandwidth ct1 25m;
}
in lsp stanza.
RSVP/MPLS/OSPF with traffic eng
work differently.
Regards
On Thu, Jul 14, 2016 at 9:48 AM, Harald F. Karlsen wrote:
> On 14.07.2016 01:43, Cydon Satyr wrote:
>
>> uRPF check doesn't work since customer can just advertise his routes over
>> backup link.
>> I had some hopes for conditional bgp advertisement a
uRPF check doesn't work since customer can just advertise his routes over
backup link.
I had some hopes for conditional bgp advertisement and SCU/DCU but I don't
think it works not to mention it's like trying to kill a bee with a hammer.
What about MC-LAG between two routers and just setting one l
I agree with you 100%. Active/Active and splitting policer values.
However, this doesn't help my case ;)
Thanks
Regards
On Wed, Jul 13, 2016 at 10:41 AM, Mark Tinka wrote:
>
>
> On 13/Jul/16 10:36, Cydon Satyr wrote:
>
> What would be the optimal way to deal with followi
What would be the optimal way to deal with following scenario.
The customer of ours has a primary bgp connection over primary link on one
router, and a backup bgp connection (up) on backup link on our other
router. The customer may or may not (usually not) terminate both
primary/backup links on th
Hey all,
Adam I believe that is correct. If I remember this, if it's something other
than 0x4/0x6 Trio chip looks at bits after first 12 bytes; if it's
0x0800/0x86dd it still load balances this packet based on IPv4/IPv6 rules,
and if it's 0x8100 it skips up to two vlan headers and again checks for
p-edit-chassis.html
>
>
> Le 29 oct. 2015 à 13:00, Cydon Satyr a écrit :
>
> Hello experts,
>
> Could somebody confirm if 16 is the max number of physical interfaces one
> can have in a LAG on MX? What about MX2020, is it still 16, or is it
> possible to have more than
Hello experts,
Could somebody confirm if 16 is the max number of physical interfaces one
can have in a LAG on MX? What about MX2020, is it still 16, or is it
possible to have more than that?
So far I've see 16 is max on every MX platform but I heard someone
mentioned it could go higher.
Best reg
Version 11.4R7.5 and 12.3R6.6.
Configuration in lab is minimal - just peer IP, type internal,
local-address, and remove-private toward RR. Simple eBGP session toward
other end.
Thanks!
BR
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://
ere is no secret flag afaik to
> the route to tell the egress PE's to remove the private as number.
>
>
>
> I'm a bit curious how Cisco is doing it, or where you expect that the AS
> is removed from the AS path.
>
>
>
> Regards,
>
> Karsten
>
>
Hello,
I'm very well aware of that which is why I'm confused.
Here, PE is removing private AS before sending update to RR.
Could anyone explain what are we missing here?
Regards
On Sun, Sep 27, 2015 at 6:09 PM, Adam Vitkovsky
wrote:
> Hello Cydon,
>
> > Of Cydon Sa
Maybe I should have been more specific. This is on 12.3R3. But I guess this
works differently on Cisco.
I couldn't find anywhere in documentation that remove-private works for
iBGP session. Yet I have this working in lab.
Regards
On Sat, Sep 26, 2015 at 1:34 PM, Cydon Satyr wrote:
&g
Hello,
I was under the impression that remove-private works for eBGP sessions, as
it does on Cisco routers (if my memory serves me right).
But I notices that remove-private on a PE router would remove private AS
(from customer's vrf bgp session) before sending it to a route reflector.
Is this no
Hello experts.
This is not directly tied to Juniper, but any help is welcomed.
What I'm curios about is what kind of tools you use in your network to
gather statistics/analyze traffic patterns on your links to other upstream
provider/peering partners.
For example, how do you analyze how much of yo
Also what's the point of connection-type irb then?
Thanks a lot
On Fri, Jun 12, 2015 at 3:19 PM, Cydon Satyr wrote:
> That makes perfect sense...
> But why are there examples with only irb interfaces in vpls?
> Also, your examples requires that IFL have vlan-vpls encap, whereas
That makes perfect sense...
But why are there examples with only irb interfaces in vpls?
Also, your examples requires that IFL have vlan-vpls encap, whereas in my
case i have bridge encap.
On Fri, Jun 12, 2015 at 3:08 PM, Sebastian Wiesinger
wrote:
> * Cydon Satyr [2015-06-12 15:03]:
>
I am trying to configure what Cisco would call a routed pseudowire. I'm
trying to do this by configuring bridge-domain with irb, and using that irb
in VPLS instance (and vrf instance), like this:
routing-instances {
vpls-red {
instance-type vpls;
vlan-id none;
routing-i
ve the no-propagate-ttl configured?
>
> Amos
>
> Sent from my iPhone
>
> On 10 Jun 2015, at 02:48, Cydon Satyr wrote:
>
> So I have a simple bgp-free core network, and one CE router is trying to do
> traceroute to another one over mpls. Two of my middle P routers don
So I have a simple bgp-free core network, and one CE router is trying to do
traceroute to another one over mpls. Two of my middle P routers don't reply
back to traceroute.
I have icmp tunneling configured in my whole network. So it's global IP,
one mpls label.
In fact I can see running a wireshark
Thanks, I will check those out.
Do you consider not having IPv6 filter on RE a big security issue? Do you
use it on your routers?
BR
On Sun, Apr 26, 2015 at 4:49 AM, Michael Loftis wrote:
>
>
> On Saturday, April 25, 2015, Cydon Satyr wrote:
>
>> Hello,
>> Currently
Hello,
Currently we don't use any IPv6 RE protect filters on our routers (6PE only
in network). We do use IPv6 filters on public interfaces, however.
Would you recommend deploying IPv6 RE filters on our edge routers at least.
What kind of configuration you have in your network?
Also, do you know
terface-knob" like i mentioned in
> earlier example.
>
> Br, Amarjeet
>
>
> On Thu, Apr 16, 2015 at 9:51 PM, Cydon Satyr wrote:
>
>> It works :)
>> Thanks!
>>
>> Please, if you don't mind just helping me clear this confusion - why does
>> do
et-policer-256K {
> physical-interface-filter; #
> term 10 {
> then {
> policer 256K-srTC;
> }
> }
> }
>
> Apply above on input of your both IFL's and thanks me later ;)
>
> Br, Amarjeet
>
>
>>
>>
>>
Maybe somebody has another idea?
Eduardo, thanks for the suggestion again.
BR
On Sun, Apr 12, 2015 at 8:28 PM, Cydon Satyr wrote:
> Doesn't help.
>
> Wouldn't that know make it non-aggregate anyway?
>
> BR
>
> On Sun, Apr 12, 2015 at 8:17 PM, Eduardo Schoedler
Doesn't help.
Wouldn't that know make it non-aggregate anyway?
BR
On Sun, Apr 12, 2015 at 8:17 PM, Eduardo Schoedler
wrote:
> Try set "filter-specific" in the policer.
>
> --
> Eduardo Schoedler
>
> Em domingo, 12 de abril de 2015, Cydon Satyr
> escr
Juniper documentation mentions that regular srTC policer applied in regular
firewall filter will be shared among all interfaces that use that filter
(if those interfaces share same PFE).
So, the following configuration would mean that when applied to two inet
IFL on the same IFF, ingress traffic w
I knew it had to do something with LSI interface, just wasn't smart enough
to follow it trough!!
Many thanks, this worked.
One more question if you don't mind please. If instead of:
set class-of-service routing-instances classifiers exp BA-exp I do
set class-of-service routing-instances cla
I stumbled upon something I can't get my head around.
I've been doing some CoS testing; it's a simple L3VPN network, and at the
egress PE router,
I want to rewrite customer dscp with whatever exp value I classified from
core interface.
The topology is actually two M320 connected back to back with
35 matches
Mail list logo