I didn’t. We ultimately didn’t use Juniper for this.
> On Apr 16, 2021, at 4:32 PM, Colton Conor wrote:
>
> Jason,
>
> Did you ever get any feedback or implement this on the QFX's?
>
> On Tue, May 14, 2019 at 9:00 PM Jason Lixfeld <mailto:jason-j...@l
Is it possible it’s related to the MTU change itself? I only mention it
because I ran into a convergence issue between a MX10K3 and a JRR200 in the lab
when I was timing convergence speeds. It took many minutes for the JRR to
receive the full table. It turned out to be a lower MTU on an
Hi,
I wanted to follow up on a thread from a couple of years ago about the MX10003
https://lists.gt.net/nsp/juniper/63670?search_string=mx10003
We’ve got a bunch of MX204s that we use for peering and transit over LDP based
L3VPN pinned up with IS-IS and BFD. We’re quite happy with these boxes
Hey,
Running the JunOS VRR image on EVE-NG trying to get a vlan sub-interface
working on em0:
root@R4# show interfaces em0
traps;
vlan-tagging;
mtu 1614;
hold-time up 1 down 0;
unit 14 {
vlan-id 14;
family inet {
address 100.1.4.4/24;
}
family iso;
family inet6 {
> On Sep 23, 2019, at 2:17 PM, Mark Tinka wrote:
>
> On 23/Sep/19 14:07, Jason Lixfeld wrote:
>> What are your other requirements? Who/what else are you looking at?
>
> We were the first ISP in the world to run IP/MPLS all the way into the
> Access back in 2009
> On Sep 23, 2019, at 5:11 AM, Mark Tinka wrote:
>
> This is the major driving reason behind us avoiding the NCS540
> for the Metro.
What are your other requirements? Who/what else are you looking at?
___
juniper-nsp mailing list
Hi,
> On Sep 18, 2019, at 5:15 PM, Howard Leadmon wrote:
>
>
> I am looking to replace an older Cisco I have sitting down in Equinix, and
> have l have had a few tell me that I should look at the Juniper routers as
> well.
Diving into Juniper/JunOS isn’t for the faint of heart. It’s a
I’m only aware of that being an issue when vlan bridge encapsulation is enabled
on the PHY:
https://www.juniper.net/documentation/en_US/junos/topics/reference/general/mpls-limitations-qfx-series.html
(There may, of course, be other cases too that are documented elsewhere)
In any event, this
Hey,
I’m trying to lab up some l2circuit scenarios and I’m having some issues with
802.1AD outers. I could use some clue if this sounds familiar to anyone.
Here’s the physical topology:
CE1 QFX5110 ACX5448 CE2
The Coles Notes on the test traffic:
- CE1: 802.1AD outer (10), 802.1Q inner
Have a look at PR1352409.
> On Jun 19, 2019, at 5:03 PM, Eric Krichbaum wrote:
>
> Has anyone gotten the Fiberstore 100G DAC to link up between a QFX and an MX?
> I got link between 2 MX using it without any issue but haven't had any luck
> to the QFX.
>
> They detect ok:
>
>Xcvr 48
Circling back around to this, this is due to PR1352409. Ultimately it’s a BCM
issue.
> On May 10, 2019, at 7:13 PM, Jason Lixfeld wrote:
>
> Hey,
>
> I have a QFX5110 in the lab which I upgraded from 17.something to 18.4 to
> resolve some ISIS weirdness. ISIS weirdness
So JunOS supports draft-rabadan-sajassi-bess-evpn-ipvpn-interworking-02 then?
> On Jun 10, 2019, at 4:21 PM, Aaron Gould wrote:
>
> Seems that I get an auto-export from evpn-learned destinations auto exported
> as /32's into the vrf that the IRB is attached to.
>
> Is this possibly with inet.0
Hey there,
I’m starting to test martini l2circuits on a QFX5110 (17.3R3-S4.2). I’m
looking at possibly using these boxes, or QFX5120s on a larger scale to
terminate these types of circuits on other QFX’ or Cisco ME3600/ASR920/ASR9000.
These l2circuits could be in either port-based mode or
: set interfaces et-0/0/1 gigether-options fec fec91
>
> On Sat, May 11, 2019, 6:32 AM Jason Lixfeld <mailto:jason-j...@lixfeld.ca>> wrote:
> I had no idea auto-negotiation was still a thing with 100G, but in any event,
> toggling auto negotiation didn’t work.
>
&g
terfaces et-4/0/52 ether-options no-auto-negotiation
>
> I had a similar issue with QFX5100/EX4300 and 40G and this fixed the issue
> oddly enough.
>
> Eric
>
> -Original Message-
> From: juniper-nsp On Behalf Of Jason
> Lixfeld
> Sent: Friday, May 10, 2
Hey,
I have a QFX5110 in the lab which I upgraded from 17.something to 18.4 to
resolve some ISIS weirdness. ISIS weirdness resolved, but now the previously
working link between this QFX and an Arista 7280SR no longer comes up, despite
light levels on both sides being within norms. I went
Hey there,
Overall, I’m trying to allow specific commands to be run by a user through
allow-commandsN attributes in tacplus, but I’m having a hard time getting the
CLI to execute the commands, even though it seems to think that the user is
authorized to do so.
What I’m after is to allow the
Hi,
> On Mar 26, 2019, at 8:59 PM, Philip Smith wrote:
>
> Is this just a reboot to make it go away?
Not a solution, but an ignorant question - Is there a function to kill (and/or
restart) the process in this type of scenario? On IOS-XR, there were specific
XR CLI wrappers for restarting a
Hi,
I’m looking for some ideas about configuring syslog.
Starting from the bare-minumum syslog config, and log-updown in BGP:
jlixfeld@lab# show system syslog
user * {
any emergency;
}
host 10.219.51.130 {
any info;
}
file messages {
any info;
}
time-format year millisecond;
The
wrote:
>
> Really sure of your export policy when removed from the neighbour (that is,
> any policy under the protocol or the group) ?
>
> show bgp neighbor exact-instance foo 10.108.35.254 | match export
>
>
> Any NO-EXPORT community attached on the route?
>
>>
a diff neighbor in AS12345? If so then try 'as-override'
> option.
>
>
>> On Thu, Mar 7, 2019 at 2:06 PM Jason Lixfeld wrote:
>> Hello,
>>
>> I’m trying to work through solving why a BGP prefix 126.126.126.0/24
>> announced to pe2 in vrf foo isn’t announced t
Hello,
I’m trying to work through solving why a BGP prefix 126.126.126.0/24 announced
to pe2 in vrf foo isn’t announced to EBGP neighbour 10.108.35.254 on pe1 that
is also in vrf foo.
jlixfeld@pe1# run show route protocol bgp table foo.inet.0 126.126.126.0/24
foo.inet.0: 41 destinations, 51
; "advertise-inactive" you can advertise such inactive BGP route.
>
> HTH,
> Wojciech
>
>
> sob., 23 lut 2019, 16:58: Jason Lixfeld via juniper-nsp
> mailto:juniper-nsp@puck.nether.net>> napisał(a):
> Hello!
>
> I’m confused about some observations whi
Thanks to everyone for the comments. In certain cases my comprehension was
just plain broken. This has helped clear that up.
> On Feb 27, 2019, at 6:51 AM, Weber, Markus wrote:
>
> Jason wrote:
>> I’m having a hard time wrapping my head around behaviour with route
>> policies that consist of
Hi,
I’m having a hard time wrapping my head around behaviour with route policies
that consist of nested subroutines.
Consider the sample below:
jlixfeld@mx# run show route receive-protocol bgp 4.4.4.4 table internet.i.0
hidden extensive
i.inet.0: 32 destinations, 37 routes (28 active, 0
Hello!
I’m confused about some observations while testing BGP announcements of
inactive routes. I’m hoping someone can offer some clue.
I have this sample route:
jlixfeld@mx# run show route table rifoo.inet.0 protocol static 44.44.44.0/21
detail
rifoo.inet.0: 27 destinations, 29 routes (27
Hi all,
Another question about finding drops.
This time, identifying the dropped packet counters that would increment as a
result of being dropped during a controlled failure scenario.
+-++-+
Loopback 10.10.3.2/24+---+ mx1
Hi,
Just to close the loop on this, according to JTAC, the throughput issues
observed are addressed in KB33477 (basically, wire speed can be achieved on >
96 byte packets).
> On Jan 24, 2019, at 9:43 AM, Jason Lixfeld wrote:
>
> Hey Adam,
>
>> On Jan 24, 2019, at
I’m testing a similar approach (except using the ISIS overload bit) that aims
to prevent the path between a pair of LSRs via the links to and through my RRs
from being considered as a possible transit path. Seems to work just fine in
the lab.
> On Jan 24, 2019, at 3:24 PM, Luis Balbinot
Hey Adam,
> On Jan 24, 2019, at 5:51 AM,
> wrote:
>
> Is the test stream unidirectional please? -say from left (the mx1 side) to
> right (mx2 side) please? Or bidirectional please?
It’s been bi-directional, in that the Rx Tester is set to loopback. More or
less only so I could see the
> On Jan 23, 2019, at 10:23 AM, Saku Ytti wrote:
>
> On Wed, 23 Jan 2019 at 17:01, Jason Lixfeld wrote:
>
>> Now that I’m looking at the right box, yes! More importantly, on et-0/0/2 @
>> mx1:
>>
>> Input errors:
>>Errors: 0, Drops: 0, Framin
- [ mx2 ] - et-0/0/2 - [ Rx
Tester ]
...
> On Jan 23, 2019, at 8:58 AM, Saku Ytti wrote:
>
> On Tue, 22 Jan 2019 at 20:17, Jason Lixfeld wrote:
>
>
>> Transmitting exactly 100 million 64 byte UDP packets. SPORT: 49184 DPORT:
>> 7.
>
> Ok so ingress in
> On Jan 22, 2019, at 4:06 PM, Olivier Benghozi
> wrote:
>
> My 2 cents: it could be interesting to check if running the system in
> hyper-mode makes a difference (that should normally be expected).
Same results after enabling hyper-mode
___
Hey,
> On Jan 22, 2019, at 2:42 PM, adamv0...@netconsultings.com wrote:
>
> Maybe any of the show commands in the below, if they show any drops?
> https://kb.juniper.net/InfoCenter/index?page=content=KB26519=FIREWALL=LIST
>
>
> On Jan 22, 2019, at 4:49 AM, Saku Ytti wrote:
>
> On Mon, 21 Jan 2019 at 22:09, Jason Lixfeld wrote:
>
>> I’ve distilled the test down to generating 100 million 64 byte (UDP) packets
>> to the destination, but the counters on et-0/0/2 read as though they’ve only
Hey,
> On Jan 21, 2019, at 3:38 PM, Dave Bell wrote:
>
> Are you sure your tester is capable of generating that volume of traffic?
Yes. I’m quite sure.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
Hi all,
I’m doing some RFC2544 tests through an MX204. The tester is connected to
et-0/0/2, and the test destination is somewhere out there via et-0/0/0. 64
byte packets seem to be getting dropped, and I’m trying to find where on the
box those drops are being recorded.
I’ve distilled the
> On Jan 4, 2019, at 3:06 PM, Jason Lixfeld wrote:
>
> Hi,
>
> Before I go too far down the rabbit hole of looking into the DDoS Protection
> parent feature on MX, does anyone know if it’s supported on MX204?
So it’s a shallow rabbit hole; it’s enabled by default and a
Hi,
Before I go too far down the rabbit hole of looking into the DDoS Protection
parent feature on MX, does anyone know if it’s supported on MX204?
It’s not specifically listed as a supported platform here:
> On Jan 4, 2019, at 8:10 AM,
> wrote:
>
> Also in addition to the lengthy, complex and therefore often misconfigured
> RE filter a good practice is to have iACLs as a second layer of defence.
> By that I mean a policy applied on all edge interfaces allowing only
> selected protocols (e.g.
> On Jan 3, 2019, at 3:34 PM, Saku Ytti wrote:
>
> On Thu, 3 Jan 2019 at 22:23, Jason Lixfeld wrote:
>
>> If you match on specific source (and presumably specific destination)
>> addresses, why is a directionally agnostic port match bad? Or is it not so
>> mu
Hi,
> On Jan 3, 2019, at 2:47 PM, Saku Ytti wrote:
>
> Hey,
>
>> I’ve noticed that publication is a little more liberal in it's RE filtering
>> suggestions vs. say, Juniper MX Series, O’Reilly.
>>
>> Having dug through both, the Juniper guide seems more platform agnostic,
>> which probably
Hi all,
Would the Day-Zero Hardening JunOS, 2nd Edition publication be the defecto BCP
for RE filter hardening?
I’ve noticed that publication is a little more liberal in it's RE filtering
suggestions vs. say, Juniper MX Series, O’Reilly.
Having dug through both, the Juniper guide seems more
Hi all,
I’ve been playing around with rLFA in a small lab using a pair each of
MX204-IR, ASR920, ME3600s in a ring:
MX1-et0/0-MX2-xe0/1-ASR2-ge-ME2-ge-ME1-ge-ASR1-te-MX1
They're all running BFD (150ms x 3), LDP, ISIS, LDP-IGP sync (infinite
holddown), LDP session protection and LDP GR (not
Hi,
https://www.juniper.net/documentation/en_US/junos/topics/concept/rate-selectability-overview.html
I ran into this too, and my interpretation of the above on why it didn’t work
is that if you set rate selectability in PIC mode, all ports on the PIC are set
to the same speed, so you’ve
4 but i don't
>> think that
>>> matters.
>>>
>>> This should be enough:
>>>
>>> routing-options {
>>> rib inet.3 {
>>> static {
>>> route 0.0.0.0/0<http://0.0.0.0/0><http://0.0.0.0/0> discard;
>&
is out of band you need that family configured on the RR interface.
>
> Ivan,
>
> On Wed, Sep 12, 2018 at 12:10 PM Jason Lixfeld <mailto:jason-j...@lixfeld.ca>> wrote:
> Hi all,
>
> Trying to learn more about JunOS, I’m playing around with a vRR instance
> (18.
Hi all,
Trying to learn more about JunOS, I’m playing around with a vRR instance
(18.2R1-S1.5), and I haven’t been able to get something sorted.
This vRR instance is running as an out-of-band RR for a few LDP enabled PEs.
vRR is not running LDP so inet.3 is empty, but as far as I understand,
I’ll admit that I haven’t done much automation yet, so take this with a grain
of salt and provide clue where required...
> On Aug 17, 2018, at 6:54 AM, Antti Ristimäki wrote:
>
> Hi colleagues,
>
> This is something that I've been thinking quite a lot, so I would be
> delighted to hear some
> On Aug 2, 2018, at 2:51 PM, Saku Ytti wrote:
>
> Not the answer you probably wanted, but I think network engineers
> really need to start embracing less CLI-jockey and more centralised
> logic.
I agree whole heartedly, and that is a work currently in progress. However
until then, here we
Hey there,
I’m somewhat green to JunOS coming from a primarily IOS/IOS XR background. IOS
XR’s route-policy language supports the use of variables, or parameters, which
essentially allows me to create a template that accepts some variables, and
adjust the parameters that set those variables
So the rest is for guest VMs then?
> On Jun 27, 2018, at 9:57 AM, Tim Jackson wrote:
>
> Yeah 16G for the RE + I think you actually get 5 cores in the Junos VM:
>
> % sysctl -a | egrep -i 'hw.machine|hw.model|hw.ncpu'
> hw.machine: amd64
> hw.model: QEMU Virtual CPU version 1.7.2
> hw.ncpu: 5
> On Jun 27, 2018, at 9:18 AM, Mark Tinka wrote:
>
> At this stage, I'd say the cheapest MX router you should go for that is
> decent is the MX204.
Isn’t the MX204 RE more than decent? 8 core 1.6Ghz, 32GB DDR4 RE sounds like
decent is an understatement, no?
Hey there,
General question - MX204-IR, for example, claims no RIB/FIB scale restrictions.
While I’m sure with that claim, RIB scale is limited to the amount of physical
memory available on the box, I’m not sure what the physical limits are around
the FIB. My understanding is that it’s Trio
Hey there,
I’m looking to get a basic handle on the Juniper equivalent to some Cisco kit
that’s out there.
For a NCS5001 comparison, the use case is a simple ISIS, LDP BGP-Free P Core
LSR. QFX5110 seem to be closest. Fair?
For a NCS5501-SE comparison, the use case would be for a peering
Hey there,
I’m looking for a couple of NAT boxes. Something cheap and cheerful.
Something that will do a gig or two (or more of IMIX). Preferably something
EoL I can get used.
- Rack mountable
- DC power (single or dual)
- 2-4 SFP ports
and/or
- 2 SFP+ ports
- Don’t care about wireless
Does anyone know if it’s possible to have sflow export to a collector via a
routing instance? My collector is inside a VRF-type routing-instance, and I
have looked for routing-instance hooks similar to what what is listed in the
docs for things like ntp, tacacs, etc.[1], but I haven’t found
/us/en/training/jnbooks/day-one/fundamentals-series/securing-routing-engine/
>
> On Mon, Jul 25, 2016 at 1:55 PM, Jason Lixfeld <jason-j...@lixfeld.ca> wrote:
> Hi,
>
> I’m trying to write filters to prevent management access to my system (ssh,
> SNMP, etc), and I’m unsure
Hi,
I’m trying to write filters to prevent management access to my system (ssh,
SNMP, etc), and I’m unsure about where to apply them.
Let’s assume I have IPs configured on a bunch of interfaces, both physical and
logical, and I don’t want the majority of them to be able to accept management
Thanks Oliver,
This is perfect!
> On Jul 20, 2016, at 3:39 PM, Olivier Benghozi <olivier.bengh...@wifirst.fr>
> wrote:
>
> Poll the router using "@yourcommunity"
>
>> Le 20 juil. 2016 à 18:22, Jason Lixfeld <jason-j...@lixfeld.ca> a écrit :
>
Hi again,
I have an EX9204 running 14.2R4.9. I’m accessing the box in-band via lo0 which
is configured inside a management routing-instance (VRF). My SNMP management
station also lives within the same routing-instance inside the MPLS cloud of
which this routing-instance participates.
My
pplier, stick with them and if you find any issues,
> they will generally work with you to assist.
>
> Cheers,
> Graham
>
> Graham Brown
> Twitter - @mountainrescuer
> LinkedIn
>
> On 20 July 2016 at 03:59, Jason Lixfeld <jason-j...@lixfeld.ca> wrote:
> Hi Brian
c-slot
>
> Ive had bad experiences with 3rd party copper trispeed spfs that don't
> show up as 'Methode Electric.'
>
> Brian
>
>
> On 19 July 2016 at 15:15, Jason Lixfeld <jason-j...@lixfeld.ca> wrote:
>> Hi Graham,
>>
>> These are 3rd party.
it and miss.
>
> NB: I have not tested the EX9200.
>
> HTH,
> Graham
>
> Graham Brown
> Twitter - @mountainrescuer
> LinkedIn
>
> On 19 July 2016 at 08:04, Jason Lixfeld <jason-j...@lixfeld.ca> wrote:
> Hey there,
>
> I’m messing around with a lab E
Hey there,
I’m messing around with a lab EX9204 with a EX9200-40x1G-SFP running 14.2R4.9
I’ve got two ports (on the same box) connected together with 10/100/1000T SFPs
in each.
ario@lab01.juniper# show interfaces | display set
set interfaces ge-0/1/0 unit 0
set interfaces ge-0/3/0 unit 0
is
> a new thing for Juniper and the feature is still in process of coming out. I
> would expect various issues with it, even if some things work.
>
>> On Jul 8, 2016, at 12:06 PM, Jason Lixfeld <jason-j...@lixfeld.ca> wrote:
>>
>> So if my management stations a
to write the lo0 filter like this:
>
> from a prefix list listing allowed sources using particular protocols (i.e.
> ssh) -> accept
> anything else -> discard
>
> That can be multiple terms or however you prefer to write it.
>
>> On Jul 8, 2016, at 11:34 AM, Jason
agement within them (though it’s
> slightly recommended against, due to potential of misconfiguration causing a
> security issue), but this should work. That’s what Clinton was saying.
>
>> On Jul 8, 2016, at 11:20 AM, Jason Lixfeld <jason-j...@lixfeld.ca> wrote:
>>
>>
ditional logical routers for data traffic, but that is different
> than a Cisco management VRF.
>
> JunOS doesn't have an explicit control-plane interface and you attach
> your control-plane filter to lo0.0 instead.
>
> --
> Clinton Work
> Airdrie, AB
>
> On Thu,
Hey there,
Coming from a Cisco background, I generally assign a loopback interface as my
in-band management channel. I stick that into my management VRF and that’s
that. Without knowing any better, my instinct would be to do the same in
JunOS, but it seems as though lo0 is the control plane
Hi,
I’m trying to understand some counterintuitive behaviour I’m seeing with uRPF
strict and DHCP on a EX9200/14.2R4.9
According to the documentation[1], uRPF will not, by default, permit DHCP or
BOOTP, however the actual behaviour seems to be inconsistent with the
documentation:
set
Hi there,
I’m somewhat of a j-noob, so please forgive any obvious errors or omissions.
I’m trying to migrate a snippet of a Cisco configuration over to an EX9200
running 14.2R4.9. The configuration snippet incorporates private VLANs, DHCP
snooping, DIA, and IP Source Guard.
Reviewing the
I'm trying to test some C to J EoMPLS interoperability, but the only J box that
I have doesn't have any free interfaces on it, so I have nowhere to connect a
test CE and use the CE to ping the far end. Is there any way to stick a subnet
on to an l2circuit directly instead of having to use a
/max = 32/363/460 ms )
- Jared
On Jul 22, 2010, at 1:49 PM, Jason Lixfeld wrote:
I'm trying to test some C to J EoMPLS interoperability, but the only J box
that I have doesn't have any free interfaces on it, so I have nowhere to
connect a test CE and use the CE to ping the far end
On 2010-07-22, at 3:13 PM, Richard A Steenbergen wrote:
On Thu, Jul 22, 2010 at 01:49:55PM -0400, Jason Lixfeld wrote:
I'm trying to test some C to J EoMPLS interoperability, but the only J
box that I have doesn't have any free interfaces on it, so I have
nowhere to connect a test CE
I've dug through a bunch of manuals for both these items, but I fear my search
terminology may be preventing me from finding the appropriate results. Hoping
someone here can give me some pointers:
1- How to set the system time and date manually (ie: no NTP).
2- How to clear the firewall log
Thanks. I was trying from edit mode which is obviously a mistake.
On 2009-12-10, at 2:49 PM, Alexander Shikoff wrote:
On Thu, Dec 10, 2009 at 02:16:52PM -0500, Jason Lixfeld wrote:
I've dug through a bunch of manuals for both these items, but I fear my
search terminology may be preventing
In Cisco land, I'm used to something like this:
!
router bgp 1
network 1.1.1.0 mask 255.255.255.0 route-map LOCAL
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 route-map ANNOUNCE out
!
ip bgp-community new-format
ip community-list standard LOCAL permit 1:790
!
route-map LOCAL permit 10
set
On 2009-10-07, at 10:24 PM, Stefan Fouant wrote:
Yep, the OSPF route is preferred, you can see that in your display by
looking at the * symbol next, which indicates which route is
active. Also
you can see that the BGP route has an Inactive reason: Route
Preference,
which makes sense in
Thanks for the very detailed response, Romain.
One other question:
You will have 2 default routes but using only the one with lower
preference.
If trackIP failed, interface will be administratively be DOWN and
default
route inactive so the Internet traffic will used other link.
How does
I'm pretty new to Juniper, so please forgive any blatant missteps in
terminology.
I've got a requirement to build three sites using SSG5s. The three
sites will all have dual WAN - PPPoE DSL and DHCP cable. We will be
using provider space for the dual WANs, so we won't be using our own
I'm looking to possibly replace a PIX 515E with an SSG 5. First off,
does the SSG 5 support NAT-PMP or uPNP? The PIX doesn't, but I'm
hoping the SSG 5 does. Next, I have this PIX at a colo with a bridged
DSL circuit between it and my office which is a few kilometers away.
At the
I'm a little confused on this. Can't find any specific information on
the website.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Good to know, thanks!
On 4-Jan-08, at 7:31 PM, Steven Brenchley wrote:
There is a third option, There is a new hybrid of junos and
screenOS coming
available in 9.0. It uses the same routing stuff from the J-series
but adds
the sreeenOS features to the services area. Configuration is much
84 matches
Mail list logo
