Re: [j-nsp] BGP timer

Juniper Business Use Only On 4/29/24, 02:41, "Saku Ytti" mailto:s...@ytti.fi>> wrote: > On Sun, 28 Apr 2024 at 21:20, Jeff Haas via juniper-nsp > > BFD holddown is the right feature for this. > > But why is this desirable? Why do I want to prioritise stability &g

Re: [j-nsp] BGP timer

BFD holddown is the right feature for this. WARNING: BFD holddown is known to be problematic between Juniper and Cisco implementations due to where each start their state machines for BFD vs. BGP. It was a partial motivation for BGP BFD strict:

Re: [j-nsp] MX204 and IPv6 BGP announcements

Correcting myself, yes, it’s discard. -- Jeff Juniper Business Use Only From: Mark Tinka Date: Thursday, February 8, 2024 at 9:07 AM To: Jeff Haas , Lee Starnes , "juniper-nsp@puck.nether.net" Subject: Re: [j-nsp] MX204 and IPv6 BGP announcements [External Email. Be cautious of content]

Re: [j-nsp] MX204 and IPv6 BGP announcements

It’s rib-only. If you wanted the usual other properties, you’d use the usual other features. -- Jeff Juniper Business Use Only From: Mark Tinka Date: Thursday, February 8, 2024 at 12:14 AM To: Jeff Haas , Lee Starnes , "juniper-nsp@puck.nether.net" Subject: Re: [j-nsp] MX204 and IPv6 BGP

Re: [j-nsp] MX204 and IPv6 BGP announcements

On 2/6/24, 11:55 AM, "juniper-nsp on behalf of Mark Tinka via juniper-nsp" mailto:juniper-nsp-boun...@puck.nether.net> on behalf of juniper-nsp@puck.nether.net > wrote: > Typically, BGP will not originate a route to its neighbors unless it > already exists

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory - Resolved

And thank you all that responded to the request to open cases. Easy contributions to make the case, and far fewer meetings to resolve than it could have been. -- Jeff (who made noise, but did no source code commits) On 10/19/23, 12:48 AM, "juniper-nsp on behalf of Chris Kawchuk via

Re: [j-nsp] Q. Is anyone deploying TCP Authentication Option (TCP-AO) on their BGP peering Sessions?

[Warning: vendor anecdata follows] In bgp-land where we're a primary motivator, but only a client of tcp-ao, we've seen a few minor bugs from the field primarily dealing with keychain configuration or rollover issues in the last few years. Basically enough activity to suggest people are

Re: [j-nsp] CVE-2023-4481

On 8/31/23, 4:28 AM, "juniper-nsp on behalf of Tobias Heister via juniper-nsp" mailto:juniper-nsp-boun...@puck.nether.net> on behalf of juniper-nsp@puck.nether.net > wrote: > Am 30.08.2023 um 18:09 schrieb heasley via juniper-nsp: > > Tue, Aug 29, 2023 at

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory...

root> show sy ^ 'sy' is ambiguous. Possible completions: synchronous-ethernet Show synchronous ethernet related information system Show system information {master:0} root> Regards, Chris On Wed, Jul 12, 2023 at 11:45 PM Jeff Haas via juniper-nsp m

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory...

Juniper Business Use Only On 7/12/23, 12:11 PM, "Jeff Haas" mailto:jh...@juniper.net>> wrote: > On 7/12/23, 11:46 AM, "Mark Tinka" mailto:m...@tinka.afri> > >ca> wrote: > > Will any of these issues register significantly on Juniper's roadmap of >

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory...

On 7/12/23, 11:46 AM, "Mark Tinka" mailto:m...@tinka.afri>ca> wrote: > Will any of these issues register significantly on Juniper's roadmap of > how to make customers happier? Likely unlikely. Cynically, money moves things the best. But these comments don't fall on deaf ears. Occasionally,

Re: [j-nsp] Junos 21+ Killing Finger Muscle Memory...

You don't need to tell my fingers that. __ With the infrastructure as it is, the only "solution" is we stop adding things. Good luck with that. The general here is the explosion of keywords. I have about 15 features sitting in my backlog that are small things to do to bgp policy. The policy

Re: [j-nsp] JunOS RPKI/ROA database in non-default routing instance, but require an eBGP import policy in inet.0 (default:default LI:RI) to reference it.

[Note that I've already inquired internally about the original problem. I don't recall the answer from top of head and don't have time for code spelunking...] As to the point below, we get to these headaches one commit at a time. Junos is long-lived enough that VRFs started as a hack on a

Re: [j-nsp] SRTBH

In circumstances where the routing table can help you mitigate an attack, including things that use uRPF, it'll usually scale significantly better that flowspec. This is primarily because flowspec is just a distributed way of programming the firewall, and firewalls on transit routers have many

Re: [j-nsp] BGP export policy, group vs neighbor level

--- Begin Message --- Mostly in the interest of having better information circulating on this topic: While the idea below is in the right idea, it's wrong in details. The key detail here is that anything that causes a peer to not share the same rib-out with peers in the same group will cause a

Re: [j-nsp] Next-table, route leaking, etc.

--- Begin Message --- > On Feb 10, 2020, at 2:52 AM, Saku Ytti wrote: > > On Mon, 10 Feb 2020 at 05:08, Nathan Ward wrote: > > Hey Nathan, > >> Anyone got any magic tricks I’ve somehow missed? > > Olivier had a cute trick for this. This issue happens because it's the > same route, there is

Re: [j-nsp] rfc8097 (rpki) communities ?

--- Begin Message --- > On Mar 5, 2019, at 02:04, Job Snijders wrote: > > On Thu, Feb 28, 2019 at 04:17:19PM +0300, Alexandre Snarskii wrote: >> Somewhat stupid question: while experimenting with rpki, I found that >> while rfc8097 declares origin validation state as extended community >>

Re: [j-nsp] FlowSpec and RTBH

--- Begin Message --- Marcin, > On Oct 9, 2019, at 07:26, Marcin Głuc wrote: > I was wondering is there a way to export family flow routes (from > inetflow.0) to non flowspec BGP speaker? > For example tag Flowspec route with community and advertise this route with > different community to