UNOS.
Pro Cisco:
MPLS/VRF aware "foo." Like NAT, SSL, IPSec/GET, and just a load of other
features. Although I'm not sure how much of this applies to the 9k..
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth/
___
10.4R9? This makes me very happy... I thought they were going to stop at R8.
I think they really need/want a golden release for the MX and R8 was supposed
to be it.
R9 will be good... we hope.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth
it came to MPLS-TE... but then decided to just use LDP by default and MPLS-TE
as the exception. Also, we could have put the internet into an LSYS. In
fact... now I'm thinking we should do that.
For stuff in the same data center as the internet pipe, we are seeing ~1ms of
delay from edge
http://packetpushers.net/internet-as-a-service-in-an-mpls-cloud/
Check that out...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth/
From: Mark Smith
To: juniper-nsp@puck.nether.net
Sent: Thursday, January
Michael:
You have no CE interface in the chrismas instance. Do you just want the IRB
interface in there?
If so, than replace "interface irb.800" with "routing-interface irb.800"
Then under "protocols vpls" in the instance, use "connectivity-type irb"
You can do this with a properly constructed XPath expression... I will look at
this later in the lab
Sent from Yahoo! Mail on Android
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Just do it sequentially and then write an op script that takes the vlan(s) as
an argument to show you the interface info you are looking for...
Sent from Yahoo! Mail on Android
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.neth
ily bridge", etc.
The MX solution guide isn't making it happen.
Still, I heart the MX immensely. Especially now that we are finally seeing
quality code on it... or better quality code anyway.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://
Scratch that, it was bigger tx/rx buffers for sockets... internal sockets.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth/
From: Derick Winkworth
To: "juniper-nsp@puck.nether.net"
Sent: Tuesday,
FWIW, some socket related changes were made in 10.4 (I believe)... Bigger
windows by default. I haven't verified with Wireshark, but this is what I've
heard.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/
You don't need to define any VRFs. I'll post a config later.
You don't need static routes for each PE either, you can just have a default
route to discard in inet.3 and it'll work.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.n
If you enable LLDP on all your switches/devices... and you have an all Juniper
network... you could write a JUNOScript that would do this... *and* do the OUI
lookup too.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
. Juniper will be there and as some of you know there has been some
experimentation on the MX with an OpenFlow instance type.
See http://networkingnerd.net/2011/10/23/info-about-open-flow/ for more info on
the event and some links to blog posts (including my own) about OpenFlow.
Derick Winkworth
Anyone get a chance to run it through some tests? Put it in production yet?
We've been busy here so I haven't had much time to play. Just got back from
EBC and they talk a good game on this release and 10.4R8...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http:
s with this question, but they are lists where the right
people generally lurk...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth
From: Robert Raszuk
To: Gert Doering
Cc: Derick Winkworth ; "juniper-nsp@p
its because of performance issues?
Any pointers would be great or perhaps someone on the list knows why?
Thanks! Derick
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth/
___
juniper-nsp mailing l
there is nothing subjective about your assessment of the ASR RP1. Cisco should
not be selling this junk in the first place.
Sent from Yahoo! Mail on Android
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/list
issues.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
From: Stephan Tesch
To: juniper-nsp@puck.nether.net
Sent: Friday, September 2, 2011 5:29 AM
Subject: Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR
What platform is this? If its an MX, you can change the encapsulation of the
physical interface to "flexible-ethernet-services" and then you can add a unit
with family inet on it.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.bl
http://blinking-network.blogspot.com/2011/08/multi-tenant-vmware-with-junipers-mx.html
Using VLAN normalization on the MX to overcome VLAN overlap, and using
Juniper's
vGW product with VMWare port-groups to provide secure network path isolation
all
the way to the VM.
Derick Winkworth
no, thats normal...
actually if sessions are always being initiated from outside in this case then
he doesn't need the "input" direction rule...
Sent from Yahoo! Mail on Android
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck
destination static;
}
}
}
}
}
}
it'll look something like that... then add that rule to the service-set...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
From: Mauritz Lewies
To: juniper-nsp@puck.net
good question... you'd think this would not be a platform specific feature...
sometimes when a feature like this is announced for T-series devices, it shows
up on M devices too...
Sent from Yahoo! Mail on Android
___
juniper-nsp mailing list juniper-
I wonder if you had the frame egress a trunk if you would see it dual tagged
with 100/100, the expected outer-tag TPID, and the 0x8100 on the inner tag...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
--- On Thu, 7/28/11, David Ball wrote:
From
We look at this these items now in Vitalnet. Its an Alcatel-Lucent product I
think.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
From: Dale Shaw
To: Juniper-Nsp
Sent: Mon, July 25, 2011 5:10:47 PM
Subject: [j-nsp
Not to mention the use of dynamic profiles for the application of filters and
tag-manipulation policies on VPLS LSIs...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
From: Stefan Fouant
To: tim tiriche
Cc: juniper
e just spread out across the LSYS...
The ASA I think can support up to 500 contexts now, but with contexts enabled
I'm hearing there is no crypto support. I'm not sure this is an impediment for
us but I can see it being an issue for folks.
Derick Winkworth
CCIE #15672
Thoughts on this blog entry?
I wonder if Cisco will support BGP on ASA soon.. I know people have been asking
for it. It would be nice if it had something Netconf on it too...
The new ASA blade is coming out for Nexus I hear, anyone know how many
virtual-firewalls it will support? Juniper's SRX
eting numbers and (2) show command output.
--- On Mon, 7/4/11, Derick Winkworth wrote:
From: Derick Winkworth
Subject: Re: [j-nsp] strange packet loss without impact
To: "Matthias Brumm" , "Christian"
Cc: juniper-nsp@puck.nether.net
Date: Monday, July 4, 2011, 8:58 PM
1. Ha
1. Have you thought of running your ping tests *thru* the box rather than *at*
it?
2. I see you have pretty symmetrical in/out here, could you be experiencing
something like a DDOS (router pushing out too many ICMPs)?
3. Packet capture at all?
4. 19k pps... is this high/normal/low for this in
New blog post I hope others find helpful...
http://blinking-network.blogspot.com/2011/06/sqlnet-aka-oracle-tns-and-firewalls.html
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
The "juniper-nsp" list is basically the "Juniper MX" list. Read the archives
there are a *lot* of discussions about the MX...
From: Chris
To: juniper-nsp@puck.nether.net
Sent: Sat, June 25, 2011 8:25:23 AM
Subject: [j-nsp] What do you think about the MX line?
New Blog Post:
http://blinking-network.blogspot.com/2011/06/ip-tools-in-junoscript.html
Feedback appreciated!
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Thats a very good point. Vyatta is a solid product.
From: Keegan Holley
To: Richard A Steenbergen
Cc: juniper-nsp@puck.nether.net
Sent: Friday, June 3, 2011 12:44 PM
Subject: Re: [j-nsp] MX80 Opinions
2011/6/2 Richard A Steenbergen
> On Thu, Jun 02, 2011 at
- Forwarded Message -
From: Derick Winkworth
To: Richard A Steenbergen
Sent: Thursday, June 2, 2011 9:14 PM
Subject: Re: [j-nsp] MX80 Opinions
Amongst other things. Like a GDOI Server, or a JUNOScript jump box complete
with development environment. So many things they could
You could use the EX to do this. However, you will need additional EXs to
connect to the existing switches with the RVIs. Terminate your WAN into a
"WAN" EX (assuming its ethernet handoff) and then connect this EX into your
existing infrastructure via ethernet trunk.
You have two options on
ust accept this will happen.
From: Richard A Steenbergen
To: Derick Winkworth
Cc: juniper-nsp@puck.nether.net
Sent: Wed, April 13, 2011 1:08:52 PM
Subject: Re: [j-nsp] MX480 troubles.
On Wed, Apr 13, 2011 at 10:48:30AM -0700, Derick Winkworth wrote:
>
Our experience has been the opposite. When there have been issues Juniper has
fallen over themselves to identify/fix the issue or provide workaround.
Really.
I'm not saying there haven't been moments of frustration. There has been great
frustration at some points. Still, overall our support
Argh! Please tell me this is a joke!
From: David Ball
To: Juniper-Nsp
Sent: Tue, April 12, 2011 9:46:45 AM
Subject: [j-nsp] MX80 - restricted bundles and disabled 10G ports.
A question almost too obvious to ask, but can someone with one of
the restricted
We've done that. Its the rx-ring on the controller in the NPE-G2. That is not
tunable. A show controller indicates we are basically microbursting 128 or
more
packets at a time (faster than the next cycle to pull packets off the ring).
Increasing the permanent buffers and the hold-queue
I was thinking of just applying a shaping-rate at the port level. As it stands
not more than 300m or so could ever pass through this interface (based
ultimately on the sum of the interfaces the traffic is routing to at the WAN
edge).
It turns out actually there is an EX-4200 between the MX
All:
I have a Cisco 7206VXR w/NPE-G2 attached to an MX. The issue I am seeing is
ignored packets on the 7200. It turns out, the 1G interfaces on the NPE-G2
have
128 packet rx-rings and this is not a tunable thing.
I have tuned up buffers and hold-queues on the 7200 and this has drasticall
Do you have a link for documentation about the 10G interfaces? I was under the
impression you weren't really "stealing" a 10G interface.. if you enable tunnel
services on a 10G interface then you lose an interface, but with
no-tunnel-services I thought you didn't need to do that...
_
We are running 10.0S9 right now. 10.0S10 introduced a bug that leaves the CPU
running at 100% on our M-series, and this bug is resolved in 10.0S13 which I
think is out already.
We haven't put 10.0S13 in production yet, but I suspect that this will be as
close we will get to a bug-free release
Also integrated L2/L3 forwarding so that you don't hairpin traffic through a
node where the L2/L3 pieces meet (like VPLS to a node where the IRB interface
is..)
From: Doug Hanks
To: Chris Evans ; Stefan Fouant
Cc: Juniper-Nsp List
Sent: Thu, February 24, 2
All:
When you configure 'no-tunnel-services' under VPLS, does the router still steal
bandwidth from the PFEs in various line cards to support VPLS? It seems to me
it does. A "show interface" terse shows logical interfaces dedicated to VPLS.
>From the PFE shell, these are ifls created for VPL
We tried 10.0S10 and S11, but there is a bug that drives CPU to 100%
indefinitely if you have a large config (something to do with socket used to
pass config info to various processes).
10.0S9 doesn't have that bug, so that is what we are using now. We have
MPLS/RSVP/OSPF/BGP/RIP/NAT/GRE/IPS
Keep in mind that if you haven't already done so, you will need to have both an
'inside' and 'outside' rule for your NAT translation since the junos-ip ALG is
unidirectional.
From: Alex
To: Gökhan Gümüş
Cc: juniper-nsp@puck.nether.net
Sent: Mon, January 10,
GRE, IPSec, and NAT. It is L3 mode.
From: Nilesh Khambal
To: Derick Winkworth ; "juniper-nsp@puck.nether.net"
Sent: Mon, December 20, 2010 12:09:26 PM
Subject: Re: [j-nsp] fpc2 message...
Derek,
What is the PIC being used for? Is it in L2 mode
Anyone know why this would be happening with an ms-400 service-pic? Its
running at 2-4% CPU and less than one 1% memory utilization...
#
Dec 20 10:05:15 galaxy-01 fpc2 Transient flow-control asserted by MAC on
sp-2/2
for 1 seconds
Dec 20 10:05:16 galaxy-01 fpc2 Transient flow-contro
Is this an encrypted GRE tunnel over the internet?
The "recommended" MTU is 1400 bytes on both ends. Use the
clear-dont-fragment-bit knob on the juniper side, and do "ip tcp mss-adjust
1360" on the Cisco side. Also on the Cisco side, ingress interfaces should
have
a route-map applied to clear
this is an on-going topic here. I'm wondering if we should set up an
independent website with a hardware/software matrix hyperlinked to known issues
with problem descriptions/diagrams (if available) etc...
From: Paul Stewart
To: "Ger, Javier" ; juniper-ns
I found three ways to keep the local interface up so it can hit the irb
interface even if all remote PEs for the VPLS instance are lost:
1. Use two physical ports to the PE from the CE, one for VPLS and one for L3.
You could put a switch in front of your PE to accomplish this. I think this
p too.
From: Daniel Hilj
To: Derick Winkworth
Sent: Thu, October 21, 2010 11:26:49 AM
Subject: Re: [j-nsp] VPLS issue...
Hi,
To get around the fact of not having a local interface UP that you need for the
IRB to be UP you can configure an lt-interface and add it to you ins
- Forwarded Message
From: Derick Winkworth
To: Daniel Hilj
Sent: Thu, October 21, 2010 1:24:12 PM
Subject: Re: [j-nsp] VPLS issue...
I need the local interface to remain up too.
From: Daniel Hilj
To: Derick Winkworth
Sent: Thu, October 21
All:
We have a two site VPLS setup using virtual-switches. Site "A" has an IRB in
the bridge-domain in the virtual-switch configuration. All is good when the
two
PEs have a BGP session and the LSPs are up between the two PEs.
However, when Site "B" becomes unreachable, then the IRB and local
Also you could statically configure the correct MAC address to see if that
works
too...
From: William Jackson
To: juniper-nsp@puck.nether.net
Sent: Tue, October 12, 2010 4:48:09 AM
Subject: [j-nsp] Strange BGP behaviour on 10.0R3
Hi
We are seeing some st
Anyone try this yet or do any testing with it? I'm hearing that this is the
version to go to for MX...
Derick
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
http://www.onfulfillment.com/JuniperTrainingPublic/Category.aspx?d=44&sid=323&sm=d44
There is this too, the official courseware. You can order the courseware
without the course. It can be expensive. If you have an SE or RE that can log
into this, they can get the books much cheaper... you m
http://www.juniper.net/techpubs/software/junos/junos103/junos-xml-ref-oper/html/summary-oper-request107.html#2093716
You can write a script that will do it for you automatically You can copy
files between the REs from the CLI...
From: Chris Evans
To: j
You need to put it all in the same term.
From: Giuliano Cardozo Medalha
To: juniper-nsp@puck.nether.net
Sent: Thu, September 2, 2010 11:07:08 AM
Subject: [j-nsp] JUNOS POLICER
People,
We are trying to configure policers to logical interfaces created under IQ2
are sampling on
the CE/VRF side (IPv4) or the core side (MPLS).
From: Chris Evans
To: Derick Winkworth
Cc: juniper-nsp@puck.nether.net
Sent: Wed, September 1, 2010 8:48:53 AM
Subject: Re: [j-nsp] Netflow / JFlow questions
Hrm..
That documentation is very
Its not possible on an M... Its one or the other, IPv4 or MPLS...
http://www.juniper.net/techpubs/software/junos/junos94/swconfig-policy/configuring-active-flow-monitoring-using-version-9.html
"You can define a version 9 flow record template suitable for IPv4 traffic,
MPLS
traffic, or a combi
cable is just a trunk port.
This might resolve your issue.
From: Chris Evans
To: Derick Winkworth
Cc: juniper-nsp@puck.nether.net
Sent: Tue, August 31, 2010 11:45:58 AM
Subject: Re: [j-nsp] 10.3 on MX960 with MPC only?
Agreed if they offering the mx as an
. I asked jtac to update the
>documentation.
> > Is this in documentation somewhere? I just did a quick pass through the
>IGMP
>> snooping docs and I did not see it stated anywhere in there... maybe I
>missed
>> it.
>>
>>
>>
>>
>>
>>
Is this in documentation somewhere? I just did a quick pass through the IGMP
snooping docs and I did not see it stated anywhere in there... maybe I missed
it.
From: Derick Winkworth
To: Chris Evans ; Gavin Tweedie
Cc: juniper-nsp@puck.nether.net
Sent
###
I'm not even going to mention that
IGMP-Snooping isn't support on trunk interfaces which blows my mind.
wow!
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
In fact, yes! 10.3 is primarily a JUNOS cleanup effort. There should be close
to nothing in the release notes compared to previous releases.
I believe they intend to do this with another release in the near future. Like
10.5?
I think they are really, really wanting to have another golden rel
so the possibility does exist that with a combination of newer fabric and newer
line card (a line card with better MQ memory bandwidth), that MX might be able
to push more traffic per slot...
From: Richard A Steenbergen
To: Derick Winkworth
Cc: "ju
Has this always been the case with the SCBs? Will there not be newer SCBs that
can run faster? I've always heard that the MX series could potentially run
240gbps per slot but would require SCB upgrade and newer line cards... We're
not
there yet, but I'm wondering if its true. it sounds like
A lot of shops use custom tools.
EMC makes a multi-vendor MPLS management tool.
http://www.emc.com/products/detail/software/mpls-manager.htm
From: Ethan Whitt
To: juniper-nsp@puck.nether.net
Sent: Wed, August 11, 2010 2:00:07 AM
Subject: [j-nsp] Provisioning
We put a router in place to do NAT for the local subnet of the fxp.
Alternately, you can just put static routes in for specific management subnets
pointing out the fxp port...
From: Serge Vautour
To: Chen Jiang ; Jim Devane
Cc: "juniper-nsp@puck.nether.net"
hahahaha nice!
From: Andrey Zarechansky
To: juniper-nsp@puck.nether.net
Sent: Wed, June 30, 2010 3:26:50 AM
Subject: Re: [j-nsp] JUNOS and MX Trio cards
On Tue, Jun 29, 2010 at 06:50:49PM -0700, Derick Winkworth wrote:
[dd]
>
> How unfortunate. I
#
6 years by my count. The weird thing is I'm constantly running into
plenty of really smart competent people at Juniper who do want to help,
they just have no idea that things are really this broken, or they
aren't empowered to do anything about it. I guess you could call that
"t
urely some networking vendor must give a sh*t.
From: Richard A Steenbergen
To: Derick Winkworth
Cc: "juniper-nsp@puck.nether.net"
Sent: Tue, June 29, 2010 2:59:55 PM
Subject: Re: [j-nsp] JUNOS and MX Trio cards
On Tue, Jun 29, 2010 at 08:37:20AM -07
When you say 'transit session' what do you mean exactly? Also disappointed to
hear about the bugs.
Is the stuck-in-pending issue easily reproducible? I have read some of your
past posts, but recently it sounds like this can be reproduced without a lot
of effort?
___
ter forces a packet to traverse all terms regardless of a match,
> and is subjected to at least two actions via two different terms
> (fwd-class + next-term AND accept). And there's no real need for the
> latter.
>
> Regards,
> Addy.
>
>
> On 6/20/10, Derick Win
This is probably better:
term BEST-EFFORT
thenforwarding-class best-effort
next-term
term DSCP-EF
fromdscp ef
thenforwarding-class expedited-forwarding
next-term
term default-accept
thenaccept
You can insert additional terms later to modify loss-priority, sampling, etc...
after the classificati
It would be awesome if we could clear the DF bit in a FW filter...
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Cisco does support this on the Nexus and in the next rls of XE.
From: Peter Krupl
To: Derick Winkworth ; "juniper-nsp@puck.nether.net"
Sent: Fri, June 4, 2010 12:41:16 AM
Subject: RE: [j-nsp] GRE & Bridging, is it possible with a Juniper b
This sounds like what Cisco is doing with OTV. They are using ethernet over
GRE w/multicast to transport ethernet... It is being marketed as a better
alternative to VPLS.
From: Pekka Savola
To: Patrik Olsson
Cc: "juniper-nsp@puck.nether.net"
Sent: Thu, June
The bug situation is getting better though, I think...
We have EX-4200s in our environment and aside from an earlier
aggregated-ethernet bug and a hardware issue, they have been rock-solid. In
our environment they are L2 Q-in-Q only, no routing. We have MPLS licenses for
the units in our la
The MX80 is relatively inexpensive and has excellent port density. With such a
simple config, I'm not even that worried about it being deployed with the JUNOS
it requires. You really have three choices I think at release time: 10.1R1,
10.1R2, and 10.2R1.
But man, a 48-port copper 10/100/10
Speaking of this, I wrote an XSLT library for binary functions, and then an IP
library on top of that uses the binary library to do fun stuff like adding a
decimal number to an IP address... to help automate provisioning. Anyone
interested in this? How could I contribute to junoscriptorium?
Anyone find that making a physical loop with two or more EXs automatically
results in a forwarding loop when you use VSTP?
We are seeing this right now... I wonder if it affects the MX too.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
htt
Ahh, so 10.1 is needed then for the MX80 I'm guessing... We'll be testing
those soon in a POC where they will run VPLS, RSVP, COS, BGP, and L3VPNs...
From: Richard A Steenbergen
To: Bj?rn Tore
Cc: "juniper-nsp@puck.nether.net"
Sent: Fri, April 30, 2010 3
Can you share a sanitized config?
From: Nick Ryce
To: "juniper-nsp@puck.nether.net"
Sent: Fri, April 30, 2010 4:08:21 AM
Subject: [j-nsp] Juniper IPSEC VPN
Is there a default speed that a juniper ipec tunnel runs at? We have an
asa5510 and an 1812 where t
If its JUNOS, then just configure the MTU normally in the interface config on
the switch.
From: Eric Van Tol
To: Juniper-Nsp
Sent: Sat, March 6, 2010 3:07:23 PM
Subject: Re: [j-nsp] Strange IS-IS Problem
Answers to several questions from various sources below
Sebastian:
Create an account at www.techexams.net. They have a Juniper Certification
forum and there are multiple dual JNCIE folks who post regularly there. Also
there are practice lab scenarios available for download.
Derick
From: Sebastian Shumari
To:
Don't forget dual power supply in the box. Thats nice.
10.0r3 is coming and we will be moving all of our EXs to it when it arrives.
As far as egress policing, it isn't there today. However, you could configure
a port-level or queue-level shaping-rate. You could then change the default
trans
Finally, indeed. My "finally" moment will arrive in 10.2R1 for the SRX.
But in 9.5R4, you get tcp-mss adjust for packets passing through GRE and IPsec
tunnels, and clear-dont-fragment-bit now works with CoS on M-series.
I see in 10.0 there is a feature called packet-based IPSec services on
This is not possible until 10.0 on the EX.
From: Kevin Wormington
To: juniper-nsp@puck.nether.net
Sent: Mon, December 28, 2009 2:29:15 PM
Subject: [j-nsp] EX4200 Q-in-Q
Hi All,
I'm fairly new to EX4200s and am running 9.6R1.13 on a three member stack.
Unf
Enable extended buffer size..
q-pic-large-buffer
also under chassis/pic configuration.
From: Scott Berkman
To: Derick Winkworth ; juniper-nsp@puck.nether.net
Sent: Mon, December 21, 2009 3:58:45 PM
Subject: RE: [j-nsp] RED Drops with Qos
Derick
By default, in JUNOS, there is no weighted average for RED. Queue-depth is
evaluated in an instantaneous fashion. This means, of course, that there is no
allowing for transient bursts.
Under the chassis/pic hierarchy you must enable weighted-average RED and you
should put a weight of 9 as a s
##
To allocate more memory for routing tables, include the route-memory-enhanced
statement at the [edit chassis] hierarchy level:
[edit chassis]
route-memory-enhanced;
##
You have to restart the FPC once you do this...
From: Richard A Steenberge
Wouldn't an SRX-650 be a better choice if your comparing to an ASR1002?
From: Kris Amy
To: "mti...@globaltransit.net" ;
"juniper-nsp@puck.nether.net"
Sent: Wed, November 18, 2009 4:48:17 AM
Subject: Re: [j-nsp] ASR1002 Comparitive
The plot thickens,
With sam
Yes it is.
The SRX can do flow-based QoS, while the m10i does not. You will want RED
enabled for trafffic that responds to it on the m10i (TCP traffic, and any
other traffic that will respond to loss packets by rating down or
slow-starting, such as IP BARR).
In fact, RED is just "on" by defau
How about some debugs or traceoptions?
From: Tima Maryin
To: kszarkow...@gmail.com
Cc: juniper-nsp@puck.nether.net
Sent: Wed, November 11, 2009 8:11:56 AM
Subject: Re: [j-nsp] MX960 JunOS recommendations
Uhm, i see your point here.
We indeed have cisco - ci
Upgrade to 9.6. You can have many more rules per rule-set...
From: Christopher M. Hobbs
To: juniper-nsp@puck.nether.net
Sent: Tue, November 3, 2009 10:08:13 AM
Subject: [j-nsp] destination nat, 8 rule limit
If I try to set up more than 8 rules per rule-set on
http://networkliberationmovement.net/
15 hours some big announcement? Anyone know what this is?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
1 - 100 of 130 matches
Mail list logo