[j-nsp] juniper security advisories rss feeds broken this year?

About 3 months ago now I observed that the rss feeds associated with security advisories stopped updating. this were urls like https://kb.juniper.net/InfoCenter/index?page=rss=SECURITY_ADVISORIES=SRX_SERIES=content which now reforms into a link in the CMS like

Re: [j-nsp] upgrading an antique 240

On 7/15/21 19:06, Randy Bush via juniper-nsp wrote: Limited/Unlimited depends on your geographic region and if your encryption access is limited. ahhh; still that silliness. it is in amerika. As for 64/32 bit, check what it’s running now and go from there: ‘show version | match kernel’

Re: [j-nsp] IPv6 hardening

On 12/30/19 06:19, harbor235 wrote: > Does anyone have any updated router hardening guidelines, some of the sites > I reference have not been updated for some time. e.g. www.team-cymru.org Every time I build a new control-plane protection ACL at new company I pretty much riff off what we did

Re: [j-nsp] Router for full routes

On 6/27/18 8:42 AM, Tom Beecher wrote: > Can confirm convergence time on the MX80 with even a single full table > session is extremely painful, and essentially not functional in a > production environment. > > > On Wed, Jun 27, 2018 at 7:10 AM, Dovid Bender wrote: > >> Hi All, >> >> In my 9-5 I

Re: [j-nsp] Spine & leaf

On 6/22/18 11:44 PM, Mehul Gajjar wrote: > Hello Juniper experts, > > I am new in Juniper. > > Can anyone help me the basic l2 spine & leaf configurations example. my > concern is to high availability of server's connections. High availability of a server's interface is typically achieved by

Re: [j-nsp] More power questions

On 5/11/18 15:15, mike+j...@willitsonline.com wrote: > Hi, > > >     So I want to connect an MX240 and some other gear in a single > cabinet at 208V. The group has convinced me this can work in general. I > am now trying to find a rack mounted or Zero-U type metered 208V PDU but > I am having a

Re: [j-nsp] Juniper PTX1000

On 12/16/16 1:24 PM, Jesper Skriver wrote: > On Fri, Dec 16, 2016 at 02:45:14PM -0600, Aaron wrote: >> Ah, thanks Jesper... you know how much those 7280's cost ? (just ballpark) retail on 7280r-48C6 is 40k that's on the small end. I'd find it rather hard to directly compare that the the

Re: [j-nsp] Recommended firmware for QFX5100-48T

On 10/10/16 7:34 AM, Paul S. wrote: > Hi folks, > > Are everyone running the JTAC recommended 14.1X53-D35.3 or have you > found better stability at some newer revision? > > My problem is that the "tri state" 10g ports (copper) don't seem to > want to run at anything less than 10g. It links up when

Re: [j-nsp] 3rd party juniper compatible CFPs SR optics

On 9/27/16 8:12 AM, Adam Vitkovsky wrote: >> Fredrik Korsbäck >> Sent: Tuesday, September 27, 2016 3:58 PM >> >> On 27/09/16 16:47, Adam Vitkovsky wrote: >>> Hi folks, >>> >>> What is the current stand in this matter? >>> Are 3rd party juniper compatible CFPs a viable alternative? >>> As it looks

Re: [j-nsp] Dealing with multihomed customer BGP primary/backup links

On 7/13/16 1:41 AM, Mark Tinka wrote: > > > On 13/Jul/16 10:36, Cydon Satyr wrote: > >> What would be the optimal way to deal with following scenario. >> >> The customer of ours has a primary bgp connection over primary link on one >> router, and a backup bgp connection (up) on backup link on

Re: [j-nsp] MX104 capabilities question

On 6/21/16 7:12 PM, Josh Hoppes wrote: > PAE can get the kernel to address more than 4GB of RAM, however a single > process will still be limited. this is straying off topic but. yeah it doesn't use pae... Arista kernels are 64 bit, user space is 32 bit derived from FC14. Linux XX

Re: [j-nsp] QFX10002 as P Router

On 4/16/16 9:40 AM, Mark Tinka wrote: > > > On 16/Apr/16 17:58, Richard Hicks wrote: > >> Thoughts on using the QFX10002 as a P only router? >> WIll be our first big investment into Juniper hardware. >> >> All PE functionally will live elsewhere. Mainly Cisco ASR9k and ASR1k for >> now. > >

Re: [j-nsp] negative arp cache on JunOS?

On 3/31/16 3:49 PM, Jared Mauch wrote: > For reasons that can’t be easily solved, we have a large subnet > connected on a device that connects wireless and other devices. I’m > looking for a quick answer if someone has been able to configure > negative arp caching on JunOS to prevent ARP floods

Re: [j-nsp] Is there a noticeable performance difference between the RE-S-2000 and the RE-S-1800-X4 when rebuilding the FIB?

On 2/25/16 12:59 AM, v wrote: > Hello, > > let's assume a link goes down. The router (in our case a MX960) will > have to rebuild the FIB in order to stop sending data to that > interface. > > Is there a performance difference in such a case between the > RE-S-2000 and the RE-S-1800-X4? How long

Re: [j-nsp] MX960 with 3 RE's?

On 1/14/16 2:48 PM, Jeff wrote: > Am 14.01.2016 um 23:19 schrieb Christopher E. Brown: >> >> >> Agree, mixing DPC and MPC is a terrible idea. Don't like DPC to begin >> with, but nobody in their right mind mixes DPCs and MPCs. >> > > Why is that? The mentioned 16x 10G card actually sounds

Re: [j-nsp] MX960 with 3 RE's?

On 1/13/16 8:59 AM, Colton Conor wrote: > Just to confirm though, its the extra RE that is different and not > supported in this config right? The MX960 can use 3 SCB's at once, but only > 2 REs? Or do I have the wrong too? An mx960 has a full fabric with two SCBs. it is n+1 redundant with 3.

Re: [j-nsp] Limit on interfaces in bundle

On 10/29/15 5:57 AM, Edward Dore wrote: > On 29 Oct 2015, at 12:49, Mark Tinka wrote: > >> >> >> On 29/Oct/15 14:22, Cydon Satyr wrote: >> >>> Oh wow. >>> >>> Any real drawbacks to running something like 32x10Gbps LAG link in core >>> instead of higher bandwidth physical

Re: [j-nsp] LACP

On 10/14/15 2:54 PM, Michael Loftis wrote: > You do not want to do LACP (or any ae) over dissimilar links. You > will be on a trail of tears of poor performance and wonky behavior. > LACP/ae is NOT designed for dissimilar links. if they are nominally similar capacity l3 ecmp with and igp or bfd

Re: [j-nsp] Multi Core on JUNOS?

On 10/2/15 2:33 PM, Phil Rosenthal wrote: >> On Oct 2, 2015, at 5:11 PM, Colton Conor wrote: >> >> Does anyone have an update on when Juniper will release SMP (symmetrical >> multi processor) aka the ability to use multiple cores? Do you think the >> second core on the

Re: [j-nsp] Cheaper way to have 2x100G and 16x10G wire-speed in MX480

On 9/27/15 12:01 PM, Phil Bedard wrote: > The 16x10G cards are not going to be full line rate at all packet > sizes and depending on destinations can't push full line rate due to > limitations to fabric BW on each PFE. afaik the 16 x 10 fixed mpc was 1.2:1 oversubscribed. > Phil > >

Re: [j-nsp] Cooling Pads for Juniper SRX?

On 12/1/14 8:26 PM, Skeeve Stevens wrote: Hi all, I have an issue with some Juniper SRX100's overheating. I've seen them get hot before, especially placed on something similar (i.e. another SRX100)... and given warnings of overheating, but never shut down but this situation is

Re: [j-nsp] Juniper T640 DC power cable lugs

it's .63 center to center... the only part of the spec you care about is Cable lug; dual hole, sized to fit 1/4-20 UNC terminal studs at 15.86-mm (0.625-in.) center line. https://www.anixter.com/en_au/product-set.Electrical%2BSupplies.Power%2BConnectors%2Band%2BLugs.html this is probably a

Re: [j-nsp] Trio Bandwidth

On 5/30/14, 10:32 AM, Eric Van Tol wrote: Hi all, I'm trying to clear something up that's been bothering me for some time and that is the MPC1/MPC2/MPC3E actual bandwidth specs. I know from various sources that the MPC1 has a single Trio chipset, MPC2 has two Trio chipsets, and the MPC3E has

Re: [j-nsp] TACACS and Logical systems

On 3/20/14, 1:40 PM, Amos Rosenboim wrote: Hello Everybody, One of our customers is going to implement logical systems in his network (core and access on the same box, different logical systems). All user accounts are based on TACACS with AD integration. this may be hearesy but the

Re: [j-nsp] MX480 RE-S-2000 IGMP flood

On 1/31/14, 7:08 AM, Chuck Anderson wrote: On Thu, Jan 30, 2014 at 10:58:05PM -0800, joel jaeggli wrote: http://tools.ietf.org/search/rfc6192 has an excellent example recipie for juniper and cisco control-plane protection. it's a good starting off point and it covers the rational behind

Re: [j-nsp] MX480 RE-S-2000 IGMP flood

On 1/30/14, 6:46 AM, Saku Ytti wrote: On (2014-01-30 14:35 +0400), Misak Khachatryan wrote: Thanks Abhi, i saw this document, but i need real life experience about hardening thresholds or implementing additional filter/policers. In my experience there is some build-in unconfigurable

Re: [j-nsp] MX960 - Release 12.3R4

we have 12.3r4 on 960/480/240 all re2000 4GB 32 bit all mpc/trio we had some more than cosmetic issues with early 12.3 especially r1.7 this looks tollerable. On 1/21/14, 7:00 PM, Giuliano Medalha wrote: ​People, Does anyone used JUNOS 12.3R4 on MX960 gear ? Is this a stable release ?

Re: [j-nsp] NTP Reflection

On 1/13/14, 8:10 PM, Mark Tees wrote: Thanks Ben I will review those links. I have the MX book and have read a decent portion of it. Thats what I was referring to. A quick glance shows some similar examples as to what was in the MX book. Same author so it makes sense. RFC 6192

Re: [j-nsp] MX and ipfix

On 1/7/14, 8:44 AM, OBrien, Will wrote: It looks like I need ipfix to get full flows from MPCs on the MX. From the Juniper site, it seems that I need 12.x code. Is anyone happily running it? I've got 12 on some small SRX, but have been very conservative on MX code loads. Been running 12.3

Re: [j-nsp] Anybody use dual RE in srx3k? SCM only?

On 12/16/13, 1:07 PM, Morgan McLean wrote: Hi all, Looking into installing the SCM module into a couple of SRX3600's I have in production. Notice the diagram from juniper says slot RE1 for SCM. Do they support running another RE? Just curious if anybody does this, if its worth it or if its

Re: [j-nsp] Juniper MX104

On Nov 12, 2013, at 12:46 PM, Saku Ytti s...@ytti.fi wrote: On (2013-11-12 20:14 +), Tom Storey wrote: Why so much just to enable some ports? How do they come up with that kind of price? Pluck it out of thin air? The hardware has been paid for, and I know thats only list pricing,

Re: [j-nsp] TCN guard on Juniper EX

segmenting the office from the DC by subnetting seems like a really easy win. On 9/11/13 4:45 AM, Ben Dale wrote: Hi Dennis, The closest thing Junos has at the moment is root-guard, which would stop your Netgears assuming root for the topology, but AFAIK TCNs would still be accepted and

Re: [j-nsp] Console server recommendations

On 9/7/13 12:30 AM, Saku Ytti wrote: On (2013-09-07 04:23 +), Luechtefeld, Daniel G wrote: My QFabric will need at least 24 terminal server ports for all the console ports. I'd like one with options for an OOB POTS and/or cellular modem. What are your recommendations? This is quite

Re: [j-nsp] Connecting two spanning-tree domains

On 8/27/13 8:16 AM, Johan Borch wrote: This is basically two datacenters with a lot of devices on each side, and I need to exchange vlans in a redundant way. I need something solid so that one side can't interfere with the other side. Is there some way to add an extra L2 device between the

Re: [j-nsp] Vlan question MX

On 7/8/13 10:26 AM, Keith wrote: Have this setup in the lab on some srx's but want to get some info on this. We have an upstream provider that we use a config: set interfaces ge-0/1/0 vlan-tagging set interfaces ge-0/1/0 encapsulation flexible-ethernet-services set interfaces ge-0/1/0 unit

Re: [j-nsp] Vlan question MX

On 7/8/13 3:00 PM, Tom Storey wrote: The thing thats confusing me is, who on earth presents a service to a customer as a tagged service? Ive never come across such a thing. entirely appart from the case of metro-e/pbb/spb if you're doing L2 or L3 vpn, on the PE you can differentiate between

Re: [j-nsp] RIB and FIB - Memory for MX with LR

On 6/27/13 8:14 PM, Giuliano Medalha wrote: People, Thinking about configuring 2 Logical Systems in a MX480 box with RE1800X4, how can we provide control for memory allocation ? The box has the following configuration: 2 x RE1800X4-16GB 1 x MPC-3D-16XGE-SFPP-R-B 2 x SCBE-MX Is it possible to

Re: [j-nsp] SRX550 Mode Packet Based for BGP Full Routing

On 6/21/13 6:55 AM, Pavel Lunin wrote: Given the exponential growth of the Internet BGP table, this is not going scale in the long term.

Re: [j-nsp] PSU - MX480

On 5/8/13 8:40 PM, John pp wrote: Hey everyone, Few questions here that nobody seems to know! the MX480 requires two PSU's to run I purchased a MPC line card (16xge sfpp), so I need the high capacity fans however how many *REGULAR *PSU's are needed for the high capacity fans.. this chassis

Re: [j-nsp] PSU - MX480

Sorry, it works fine with two PSUs up was what I meant. joel jaeggli joe...@bogus.com wrote: On 5/8/13 8:40 PM, John pp wrote: Hey everyone, Few questions here that nobody seems to know! the MX480 requires two PSU's to run I purchased a MPC line card (16xge sfpp), so I need the high

Re: [j-nsp] vlans

On 5/3/13 3:26 PM, John pp wrote: hey all, what is the max amt of vlans on an mx480 (4k?) some people have said 16k but i am unsure some clarification would be great it used to be 16k per PFE, I'm sure you could imagine some topologies where the router would be able to support a lot more than

Re: [j-nsp] ex4500 best-effort drops nowhere near congested

On 5/2/13 10:27 AM, Jeff Wheeler wrote: On Wed, May 1, 2013 at 8:27 PM, ryanL ryan.lan...@gmail.com wrote: i'm guessing this is a buffer thing, but i can't explain why it only happens on my 1ge ports and not when i punt the traffic over an 10ge Yes, it is a buffer thing. A 10GE interface is

Re: [j-nsp] ex4500 best-effort drops nowhere near congested

On 5/2/13 1:24 PM, Benny Amorsen wrote: joel jaeggli joe...@bogus.com writes: There's literally no options in between. so a 1/10Gb/s TOR like the force10 s60 might have 2GB of shared packet buffer, while an like an arista 7050s-64 would have 9MB for all the ports, assuming you run it as all

Re: [j-nsp] Class E IP addresses

On 3/8/10 1:53 PM, keegan.hol...@sungard.com wrote: As with most other dirty address ranges these will inevitably be used for something. It's just a fact of life as IPv4 space becomes more and more scarce. For example APNIC has begun assigning addresses in the previously reserved and often

Re: [j-nsp] SNMP on logical-system fxp0

On 4/25/13 7:55 AM, Brandon Ross wrote: On Thu, 25 Apr 2013, Saku Ytti wrote: On (2013-04-24 20:54 -0400), Jeff Wheeler wrote: My view is that fxp0 is an out-of-band interface for manual intervention; not one that I ever use for SNMP. there are differing deployment models, our pop routers

Re: [j-nsp] SNMP on logical-system fxp0

On 4/25/13 8:47 AM, Saku Ytti wrote: On (2013-04-25 08:29 -0700), joel jaeggli wrote: It's not OOB, it's completely fate-sharing the freebsd/junos. it's not part of the forwarding plane so it certainly is not in-band, what you connect it to of course is your business. we connect them to our

Re: [j-nsp] M10i

On 4/10/13 5:45 PM, Chris Adams wrote: Once upon a time, Correa Adolfo acor...@mcmtelecom.com.mx said: I tought MX series were purely ethernet. I think that was true initially, but (for example) there are MX5-80 MICs to handle circuits from T1 up to OC192.

Re: [j-nsp] Stackable switches, looping stacking ports

On 4/9/13 11:15 AM, Tom Storey wrote: Hey all. A colleague of mine tells me that, if you have a single stackable switch (not in a stack obviously) and do not loop the two stacking ports on the back using the stacking cable that comes in the box, then you reduce the effective throughput of the

Re: [j-nsp] Max ARP entries on an MX240?

On 4/9/13 3:41 PM, Dave Peters - Terabit Systems wrote: Can't seem to find a specific ceiling on this. Anyone know the max ARP entries on an MX240? There isn't one, it's going to depend on the amount of memory used for the rest of the fib. I imagine that with 2 million or so l2 next hops

Re: [j-nsp] Am I carrying this route or not ?

On 3/24/13 1:24 PM, Zehef Poto wrote: Thank you Payam. I think I got what you mean. In this particular case however, the X/22 route is not a customer or anything. It is the IXP's peering LAN ! So... It means that the person requested all the IXP's members to null-route the whole peering LAN ?

Re: [j-nsp] ability to turn USB port on/off for MX routing engine?

You can turn off/on the alarm and warn circuits via the craft interface, which might do what you want, could use that to drive a relay. joel On 3/19/13 11:50 AM, Morgan McLean wrote: I can see turning off USB from a security stand point, like disabling console toobut then again in the

Re: [j-nsp] Hashing on M10i LAG interfaces

On 3/14/13 1:33 PM, Chris Adams wrote: I'm probably missing an obvious search term, but I didn't find this myself, so asking... How does an M10i hash packets to choose a link on a LAG interface? Is it configurable? This is on a PE-4FE-TX if it matters.

Re: [j-nsp] MX80 BGP performance after reboot

On 2/13/13 10:42 PM, Caillin Bathern wrote: Couldn't RPD just reduce the TCP window size for BGP sessions to reduce the rate at which it can receive routes from neighbouring routers? This would mean that your FIB would always be synched to your RIB and other routers would not blackhole by

Re: [j-nsp] Splitting Dot1q VLAN across Logical Systems

On 1/24/13 3:24 AM, Skeeve Stevens wrote: Hey all, I want to build this scenario. 2 * MX80, with a trunk between then. On the trunk (as an example) there would be two VLANs. I would like to take VLAN 100 on Router-A Logical System A to Router-B Logical System A, while at the same taking VLAN

Re: [j-nsp] Redundancy with MX

On 1/24/13 2:53 PM, Stephen Hon wrote: Ouch… I picked a single MX480 chassis design over a dual MX80 because of the unavailability of the MS-DPC card in the MX80. yeah that's a consideration if you need an msdpc. We're very new to Juniper here with close to no practical experience.

Re: [j-nsp] Redundancy with MX

On 1/21/13 11:44 PM, Saku Ytti wrote: On (2013-01-21 21:40 +0100), Markus H wrote: I wonder what kind of redundancy the community would prefer for small-medium sized PoPs. a) 2xMX80 b) 1xMX240/480 with redundant SCB and RE a) no question. As long as you can live with modest RE performance of

Re: [j-nsp] Smallest size IPv6 allocation typically advertised?

On 1/22/13 17:19 , Morgan McLean wrote: Hi, Just curious what the smallest v6 advertisement providers will accept is these days? I've seen no smaller than /48 mentioned on various boards, but I see arin will allocate all the way down to /32. A /32 is 16 bits shorter than a /48. and they'll

Re: [j-nsp] EX4200 VC PFE crashes

On 1/18/13 4:19 AM, Alexander Bochmann wrote: Hi, ...on Mon, Jan 14, 2013 at 08:55:36PM +0100, Dennis Krul | Tilaa wrote: So that means thousands of MAC, ARP and v6 neighbour entries in the PFE database (but nowhere near the supported limit of 16k entries). 16k doesn't seem realistic as

Re: [j-nsp] DDOS and MX-240's

On 1/6/13 20:14 , Richard Gross wrote: Dear List, I am seeking advise. If you wanted to block 800K /32's from your inbound pipes, how would you do it? Would you null route? Put up multiple stanza firewall filters? Which way has the least amount of hit on router resources? so I'd

Re: [j-nsp] DDOS and MX-240's

of RTBH e.g. RFC 5635 and so on. Bjørn Tore @ mobil Den 7. jan. 2013 kl. 06:22 skrev Joel jaeggli joe...@bogus.com: On 1/6/13 20:14 , Richard Gross wrote: Dear List, I am seeking advise. If you wanted to block 800K /32's from your inbound pipes, how would you do it? Would you null route? Put

Re: [j-nsp] M120 : Arp broadcast messages causes irradic behaviour

On 11/28/12 10:56 PM, Sunil Mayenkar wrote: Hello Gentlemen, Problem faced: When a large broadcast generated by the downstream network(1,00,000Pkts per sec) hits the Juniper gigE interface it causes the node to behave erratically, not allowing remote login, LSPs flap, until the port is shut

Re: [j-nsp] How reliable is EX multichassis? 3300 and 8200 switches

On 10/30/12 5:49 PM, Pavel Lunin wrote: Richard A Steenbergen r...@e-gerbil.net wrote: IMHO multi-chassis boxes are for people who can't figure out routing protocols When it comes to ethernet switching, routing protocols means what? :) spanning-tree/trill/l2vpn/NVO and so on. And the same

Re: [j-nsp] VRRP between mixed M7i and M10i

On 9/3/12 06:48 , sth...@nethelp.no wrote: 1) Did someone have a chance to configure a subnet with 4 Mixed routers M7i and M10i and VRRP enabled between all of them ? VRRP runs between *two* routers. Aside from that, no specific problems with M7i vs M10i (and why should there be? M7i and M10i

Re: [j-nsp] MX960 AC power strip

On 8/23/12 6:59 AM, JA wrote: Hi I need advice if someone is having an MX960 up on AC power. Usually high capacity (32A) power bars (PDU) come with C13 or C19 outlets while Juniper has no provision for such power cords. we use c19-c20 cables. we have a standard supplier for those so I don't

Re: [j-nsp] SRX as a server load balancer for service redundancy?

On 8/15/12 9:34 AM, Scott T. Cameron wrote: The SRX isn't a loadbalancer. Use something sensible like haproxy, nginx, etc. We do layer 3 ecmp in front of our load balancer tier and I imagine that would be fairly straight forward to implement with an srx. each destination to be load balanced

Re: [j-nsp] EX4200 Virtual Chassis Uplink Requirements - Extended VCT / VCCP

On 6/24/12 09:20 , Sascha Luck wrote: James, On Sun, Jun 24, 2012 at 08:43:22PM +1000, James Jimenez wrote: I am curious with a EX4200 as to the requirements of the uplink ports when attempting to use VCT / VCCP. Juniper documentation says a 1000BaseTX SFP module is unable to be used

Re: [j-nsp] EX4200 Virtual Chassis Uplink Requirements - Extended VCT / VCCP

On 6/24/12 11:11 AM, Sascha Luck wrote: On Sun, Jun 24, 2012 at 10:37:22AM -0700, Joel jaeggli wrote: extending the control-plane of an ethernet switch over tens of kilometers is a imho a seriously bad idea. Why, actually? Latency issues? Latency is a consideration given your control-plane

Re: [j-nsp] More Multicast Routing Help needed please..

On 6/22/12 07:37 , Spam wrote: Hello All, I've been trying to get multicast routing between 2 vlans on my SRX240 working so the Apple Mac's on both vlans can see each other and use their respective services. bonjour is: 224.0.0.251 by definition it's local to one subnet. 224.0.0.0 -

Re: [j-nsp] Whats the best way to announce an IP range in BGP? Doesn't physically exist anywhere.

On 6/22/12 9:49 AM, Morgan Mclean wrote: This is exactly what happened. The session table filled up. One of our security guys took down our edge 650 cluster from a single unix box out on the net. This is what happens when you use a stateful box for an internet router. a router with a

Re: [j-nsp] Broadcast storm on M7i fxp0 kills the CFEB?

On 6/22/12 6:28 AM, Phil Mayers wrote: On 22/06/12 13:29, Amos Rosenboim wrote: Hello Phil, I have seen this happen a few times and with different platforms. A good way to avoid this is to configure policing on the OOB switches ports facing the REs. Unfortunately, our OOB network is

Re: [j-nsp] CPU in Routing Engines - MX

On 5/12/12 03:32 , jo...@bjorklund.cn wrote: Hello, Whats kind of CPU do Juniper use in RE-S-2000-4096 and RE-S-1800x2-8G ? re2000 is a single core pentium-m 1800x2 is a more modern dual-core cpu /Jonas ___ juniper-nsp mailing list

Re: [j-nsp] Help Needed for Bonjour Routing/OSX Clients

On 5/10/12 16:21 , Phil Mayers wrote: On 10/05/12 17:12, Jonathan Lassoff wrote: On Thu, May 10, 2012 at 2:54 AM, Phil Mayers p.may...@imperial.ac.uk mailto:p.may...@imperial.ac.uk wrote: On 09/05/12 22:55, Jonathan Lassoff wrote: I've gotten this to work in the past, but it

Re: [j-nsp] WAN-PHY support for EX-series 10g interfaces

On 2/20/12 21:28 , Mark Tinka wrote: On Wednesday, February 15, 2012 08:21:15 PM Tim Jackson wrote: LAN-PHY only on EX4200/4500 as far as i know. I haven't yet quite found low-end Ethernet switches that do anything more than LAN-PHY; but it's been a while since I last did that check

Re: [j-nsp] MX960 Redundant RE problem

On 2/15/12 10:56 , Daniel Roesen wrote: On Wed, Feb 15, 2012 at 12:24:50PM -0500, Stefan Fouant wrote: The cool thing is the Backup RE is actually listening to all the control plane messages coming on fxp1 destined for the Master RE and formulating it's own decisions, running its own Dijkstra,

Re: [j-nsp] Whitebox 10Gb/s capture challenge

On 1/9/12 08:05 , OBrien, Will wrote: I'm pondering the idea of trying to build a relatively inexpensive 10Gb capture box. The simple solution is a dell R710 with 10Gb nics. I have some, they work, but I'd have to spend $50k to get enough of them. So, my challenge is keeping the price

Re: [j-nsp] What is an acceptable amount of latency for traffic routed through an SRX cluster?

srx covers at least three different hardware architectures... An srx 5800 in a publicly available testing can do sub 300usec forwarding on small packet workloads. what srx we're talking about would probably set the expectation a bit better. joel On 1/9/12 14:40 , Morgan McLean wrote: In our

Re: [j-nsp] Junos 11.2R4.3 on MX

On 12/21/11 12:20 , Brendan Mannella wrote: Just wondering if anyone has been brave enough to run Junos 11.2R4.3 yet on a MX960? We are currently on the latest 10.4, but would really like to upgrade to get “trunk style” config on Trio line cards. I also noticed during a previous ISSU that the

Re: [j-nsp] 'Juniper BGP issues causing locallized Internet Problems, (Mon, Nov 7th)?

On 11/7/11 17:58 , Jared Mauch wrote: Juniper doesn't believe security bugs should be public. You must be a customer with support to access their portal. Cisco has a good policy. You can view any security bugs and get fixes regardless of your contract status. In either case there are a

Re: [j-nsp] out of band management - real OOB

Sorry, this is late, as far as this thread goes but I think I'd add one more thing since I've got oob networks big enough to have to add l3 boundries in them... juniper's not the only vendor with this issue by far... On 9/19/11 13:59 , Jonathan Lassoff wrote: On Mon, Sep 19, 2011 at 1:42 PM,

Re: [j-nsp] Unfamiliar with Juniper M10 Config Files

the show bgp neighbor (neighborip) on the juniper will tell you how many it's sending. e.g. an example session... Active prefixes: 64903 Received prefixes:374540 Accepted prefixes:374538 Suppressed due to damping:0 Advertised prefixes:

Re: [j-nsp] TCAM full on EX8200?

On 10/14/11 03:08 , Phil Mayers wrote: On 13/10/11 20:21, Richard A Steenbergen wrote: EX8200 uses SRAM for forwarding lookups, and TCAM for firewall filtering. SRAM is perfectly capable of doing lookups at these speeds, and infact is a lot more flexible than TCAM, whereas TCAM is actually

Re: [j-nsp] TCAM full on EX8200?

On 10/13/11 12:21 , Richard A Steenbergen wrote: On Thu, Oct 13, 2011 at 02:19:40PM +0200, Michele Bergonzoni wrote: Il 13/10/2011 13.31, Chen Jiang ha scritto: AFAIK, The EX8200 use SRAM for FIB and TCAM for ACL, that's not like EX2200/3200/4200 that use TCAM for all FIB and ACL. You could

Re: [j-nsp] Pulse Client Mobile Devices with SRX ?

On 9/27/11 18:58 , Jonathan Lassoff wrote: On Tue, Sep 27, 2011 at 6:20 AM, Chris Gapske cgap...@paducahpower.com wrote: Sorry Very new at this but I would like to ask for help on an issue. I am getting conflicting stories on the ability of the SRX. TAC says they cannot get Mobile

Re: [j-nsp] full table?

On 9/20/11 10:26 , Keegan Holley wrote: Is it always necessary to take in a full table? Why or why not? In light of the Saudi Telekom fiasco I'm curious what others thing. This question is understandably subjective. We have datacenters with no more than three upstreams. We would obviously

Re: [j-nsp] out of band management - real OOB

On 9/19/11 14:04 , Chris Morrow wrote: On 09/19/11 16:59, Jonathan Lassoff wrote: BTW, can anyone give a good real-world example of a_routed_ OOB management network usage? yeah, I I find that oob networks larger than a /21 are sort of hard to manage therefore we split them up into l3

Re: [j-nsp] Using MX router with JunOS Script to DDos detection and Mitigation

Managements of stats (and therefore event correlation) is generally some not done on the router itself... So netflow gets exported someplace else, e.g. to a machine running flowtools, nfsen, arbor peakflow etc, the data is massaged into some meaningfull state and then decisions are made as to what

Re: [j-nsp] How can change the OSPF backbone area number other 0?

On 9/12/11 01:19 , medrees wrote: Dear Experts I'm confusing why all vendors chooses OSPF backbone area to be area 0 rfc 2328 3.1. The backbone of the Autonomous System The OSPF backbone is the special OSPF Area 0 (often written as Area 0.0.0.0, since

Re: [j-nsp] MX RE how fast is slow

userspace has to be recompiled for ppc. freebsd ppc tree has parity with x86 more or less. e.g. this is just another processor architecture. the relative performance of a freescale cpu vs say re-2000 is a consideration, just like you'd expect re-4x1800 to be faster than re-2000 joel On 9/8/11

Re: [j-nsp] JUNIPER EX8208 - Redundant RE Option

disclaimer, I'm on the buying end not the selling end. there's one license per RE, so two. recall that you're in HA mode (probably) so the features will be enabled on both RE at the same. That said I don't recall it failing when unlicensed (not that I recommend running that way) and your milage

Re: [j-nsp] MX80 Questions

On 8/27/11 05:48 , Julien Goodwin wrote: On 27/08/11 22:13, Saku Ytti wrote: Hardwarewise scaling is same as any MPC in larger MX, but control-plane is lot less beefy than big brothers. Not really sure why, it's not like intel CPU would be significant BOM addition to MX80 compared to

Re: [j-nsp] 32-Bit JunOS on the 64-Bit Routing Engines

On 8/24/11 11:18 PM, Keegan Holley wrote: 2011/8/25 Daniel Roesen d...@cluenet.de On Wed, Aug 24, 2011 at 07:52:54PM -0400, Keegan Holley wrote: They are saying that the new 16G RE's can handle 250M routes. How is this possible if none of the daemons are 64bit? Multiple logical-system

Re: [j-nsp] DPC or MPC with MX480

For a given port count 8, MPC 3D 16x 10GE is cheaper than the alternative configurations that yield a similar count. So when driven by 10Gbe density considerations (or linecard count) you're going to end up with MPCs. joel On 8/25/11 09:40 , Jeff Richmond wrote: My personal opinion is that it

Re: [j-nsp] 32-Bit JunOS on the 64-Bit Routing Engines

On 8/24/11 06:25 , Keegan Holley wrote: Sent from my iPhone On Aug 24, 2011, at 9:13 AM, Chris Adams cmad...@hiwaay.net wrote: Once upon a time, Keegan Holley keegan.hol...@sungard.com said: Interestingly enough my SE told us this is possible at lease on our Mx480 and MX960 boxes. Our lab

Re: [j-nsp] 32-Bit JunOS on the 64-Bit Routing Engines

On 8/25/11 17:56 , Jonas Frey (Probe Networks) wrote: Thats not completely accurate, for example the Intel Atom D525 does run 64bit code. there are a number of atoms the support 64bit, I think that the observation I was making was that there are atoms that don't support PAE, by virtue of not

Re: [j-nsp] good filter to protect RE

http://tools.ietf.org/html/rfc6192 On Aug 8, 2011, at 6:50 PM, Chris Morrow wrote: On 08/08/11 21:38, OBrien, Will wrote: Hey guys, I need to spend some time putting together a good filter to protect my REs. Does anyone have a canned one I can start from? cymru.com ... search for

Re: [j-nsp] acceptable/good laser receive power in case of different interfaces

if these are sr multimode optics, the -15 number is low the -7 number is marginal and everything else is decent. either the -15 one is quite long ( for sr) or needs to be replugged/cleaned/reterminated On Aug 2, 2011, at 2:53 PM, chip wrote: Depending on whose optics you're using there

Re: [j-nsp] Juniper SRX Operating Temperature Question

On Jul 20, 2011, at 4:50 AM, Paul Stewart wrote: Thanks Scott... much appreciated... yeah, this summer is kinda nuts for temperature - good testing basis ;) These will be installed in remote sites and most of them are large cabinets in rural areas - the cabinets have no airflow in them.

Re: [j-nsp] Coloured GBIC

they look the same as far as the juniper is concerned... if they work, they work, and generally they do. On Jul 20, 2011, at 9:48 AM, Cyn D. wrote: Hi list, We need to run CWDM between a M7i router and a SSG 550 firewall. But we've learned Juniper doesn't officially support coloured GBIC.

Re: [j-nsp] Can per flow load-balancing result in TCP session drops?

On Jun 27, 2011, at 8:07 AM, MSusiva wrote: Hi experts, Is MX80 a flow based or packet based router? the trio chipset and by extention all MX routers are packet based devices. flow cached routing hasn't worked in the internet core for a long time. With asymmetric routing, will the TCP

Re: [j-nsp] Any takers on 10.4R5.5 yet ?

we're running it on trio only mx960s in production. it's got a few issues at least one our outstanding one's (frame-relay encapsulation lti interfaces not working) is fixed in 11 but I don't think we're willing to make that jump yet outside the lab. On Jun 27, 2011, at 10:05 AM, David Ball

  1   2   >