Re: [j-nsp] How to pick JUNOS Version

On Wed, 19 Aug 2020 14:42:32 + Colton Conor wrote: > How do you plan which JUNOS version to deploy on your network? Do you stick > to the KB21476 - JTAC Recommended Junos Software Versions or go a different > route? I've occasionally got some good advice from bigger operators who often have

Re: [j-nsp] Buffer Size

On Mon, 20 Apr 2020 20:58:02 + Mohammad Khalil wrote: > Am trying to conduct a comparison for campus refresh , my end customer is > deeply interested in deep details. > He is interested to know the buffer size of Juniper switches (EX series) > and I could not find such a piece of information

Re: [j-nsp] Netflow config for MX204

On Thu, 9 Apr 2020 06:20:00 + Liam Farr wrote: > However I am getting export packet failures. Some loss of flows being exported may be unavoidable depending on your configuration and environment. If you want to see fewer errors you may just have to sample less frequently. The numbers

Re: [j-nsp] Netflow config for MX204

On Wed, 8 Apr 2020 09:26:10 + Liam Farr wrote: > Just wondering is someone here has a working netflow config for a MX204 > they might be able to share. I've used IPFIX before, here is an example of how that might be setup, whether it is good or not I'll let others judge and I can fix if

Re: [j-nsp] Decoding DDOS messages

On Wed, 18 Mar 2020 16:18:18 + Saku Ytti wrote: > I set SPORT to 179 > I access your SSH port Yep, I get all that. I can tighten that up. Care to show us how you do loopback filters? John ___ juniper-nsp mailing list juniper-nsp@puck.nether.net

Re: [j-nsp] Decoding DDOS messages

On Wed, 18 Mar 2020 16:02:09 + Saku Ytti wrote: > It is completely broken, you use 'port' so you expose every port in your > system. Ha, OK thanks. I think that would require some not so easy spoofing unless I'm missing something. We can convert any statement that just uses port to

Re: [j-nsp] Decoding DDOS messages

On Wed, 18 Mar 2020 14:39:19 + Saku Ytti wrote: > Unfortunately even non-broken lo0 filter is extremely uncommon, even > MX book has fundamentally broken example, as is CYMRU example. Team Cymru only lists a Cisco BGP, general NTP (which includes a Juniper example), and Juniper IP multicast

Re: [j-nsp] IPv6 hardening

On Mon, 30 Dec 2019 14:19:51 + harbor235 wrote: > Does anyone have any updated router hardening guidelines, some of the sites > I reference have not been updated for some time. e.g. www.team-cymru.org There are a small handful of things I've done, or considered doing, here:

Re: [j-nsp] SNMP OIDs for Yellow/Red Alarm on MX204

On Thu, 28 Feb 2019 22:06:27 + Theo Voss wrote: > do you have an ER (Enhancement Request) ID for us to beg our SE/sales > rep for in order to support this? I just requested from a local rep. When and if I get one I'll respond to this thread. John

Re: [j-nsp] SNMP OIDs for Yellow/Red Alarm on MX204

On Thu, 28 Feb 2019 20:48:52 + Simon Lockhart wrote: > I'm running 18.1R2.5 on these - wonder if they add it back in on later > versions... Not available on 18.4R1.8. John ___ juniper-nsp mailing list juniper-nsp@puck.nether.net

Re: [j-nsp] SNMP OIDs for Yellow/Red Alarm on MX204

On Thu, 28 Feb 2019 20:19:36 + Tom Beecher wrote: > These don't work on the 204? > > Red Alarm: jnxRedAlarmState 1.3.6.1.4.1.2636.3.4.2.3.1 > Yellow Alarm: jnxYellowAlarmState 1.3.6.1.4.1.2636.3.4.2.2.1 No. $ snmpwalk -v2c -c foobar 192.0.2.1 1.3.6.1.4.1.2636.3.4.2.3.1

Re: [j-nsp] Recommended MX80 JUNOS version?

On Mon, 6 Aug 2018 10:30:16 + Chris Adams wrote: > I've got an old MX80 running the JTAC recommended release 15.1R7, but > that has a USB bug (PR 108) that is causing crashes. The PR says it > is fixed in 16.1R4 and 17.1R1, but I was wondering what releases other > people might be

Re: [j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?

On Wed, 11 Jul 2018 18:22:36 + Chris Boyd wrote: > Team Cymru has a “JunOS Secure Template” that I found a good place to start. > It quotes version 4 though. I think that means it’s well tested? > > http://www.cymru.com/gillsr/documents/junos-template.pdf That document is old and should

[j-nsp] EX 3300 vs EX 3400 for access layer

Friends, Our engineering team is reviewing and contemplating whether to stick with the Juniper EX 3300 switch at the edge access layer (to user wired ports, some VoIP phones, and some wireless APs also connect to these). Typically these devices can last out in the field for five or more years.

[j-nsp] debug messages - kernel: rt->rt_proto and fpc0 Next-hop resolution requests throttled

Hello friends, Curiosity may have killed the cat, but I'm not a cat so here goes. Evaluating some debug logs on an EX-9208 I've seen two flavors of log messages that I'd be interested in learning more about. One set looks like the following: /kernel: rt->rt_proto ipv4 plen 32 /kernel:

[j-nsp] Secure JUNOS IP Multicast Template

Friends, With all credit to Lenny Giuliano, we're happy to make this secure configuration template available: John ___ juniper-nsp mailing list juniper-nsp@puck.nether.net

Re: [j-nsp] NTP Reflection

On Mon, 13 Jan 2014 20:47:08 -0500 ML m...@kenweb.org wrote: Juniper didn't want to be outdone by Cisco. Cisco devices act the same way once they are configured as NTP clients. IOS devices, at least those with which I'm familiar, don't implement the full specification that includes mode 6/7

Re: [j-nsp] NTP Reflection

On Tue, 14 Jan 2014 12:38:12 +1100 Mark Tees markt...@gmail.com wrote: Can we get detailed lo0 filters listed too please? Hi Mark, While I'll defer to Juniper for their recommendations, we've had this for some time (scroll down to the Juniper section):