It's hardly a polished Lawful Intercept feature, but there's this:
http://juniper.cluepon.net/index.php/Remote_port-mirror
On Wed, Nov 20, 2013 at 12:04 AM, Alex D. listensamm...@gmx.de wrote:
Hi guys,
is it possible to use flow-taps for lawful interception on MX80-48t ?
Does it require a
Seems doable to me, so long as there are prefixes for both the storage
gear hanging off of router A and B. If, for example, your storage
gear hanging off of B is using a default route to reach the gear off
of A, then you can't do it.
Add a term to your applicable OSPF import policy on all three
What is the media management interface of which you speak?
Do you mean a Layer 3 / IP interface on the router itself? I ask because
you mention a management VLAN as being part of the trunk.
It's not clear what's breaking here for you.
Cheers,
jof
On Thu, Apr 26, 2012 at 2:56 AM, Ala' Amira
On Tue, Apr 23, 2013 at 1:56 PM, James S. Smith jsm...@windmobile.cawrote:
Just in the process of finishing a project of migrating subnets behind an
SRX3600, and we've run into some odd behavior.
We have a database subnet outside the firewall, and an exchange server
subnet behind the
I think you'll need at least an M20 for your 10 GigE requirement as well as
SDH.
If you can somehow get a different transit circuit than your SDH one, an
MX5 would be a much closer (throughput-wise) and better bang-for-your-buck
replacement for a 7206 than an M-series.
J-series with a T1 module
It's strange that one end shows the interface as up, but the other does not.
Is it possible that you're using SFPs that only do 1000base-T?
What if you take the individual ports out of the ae / etherchannel and
just go point-to-point, does the link show as up then?
Maybe try cabling up to the
On Wed, Mar 13, 2013 at 6:36 PM, Eric Krichbaum e...@telic.us wrote:
More likely, it's the forced on mode which disables LACP. Try it with
mode active.
Will JunOS show the ae as down, then?
[channel-group N mode on] with IOS just enables portchanneling unconditionally.
Wouldn't that, in
If you want to stick with Juniper, maybe check out the EX4500.
If you're looking for inexpensive, maybe check out the Arista 7100s or
Accton's offerings.
On Thu, Dec 6, 2012 at 1:48 AM, hasan alperen selçuk h.a.sel...@hotmail.com
wrote:
Hi all,
We will change our Back Bone switch and i need
On Wed, Nov 28, 2012 at 4:45 PM, Aaron Dewell aaron.dew...@gmail.comwrote:
Hey all,
I haven't found an answer to this question (except for Cisco options which
doesn't help me). I want to configure a static route to a DHCP interface
on an SRX240. Here's the scenario:
ge-0/0/0 connected
The other that that comes to mind for me is security policy.
Is it possible that there could be security policy in place that
blocks flows in the topology that is formed when your SRX is root?
Cheers,
jof
On Mon, Nov 19, 2012 at 9:55 PM, Jeff Wheeler j...@inconcepts.biz wrote:
On Mon, Nov 19,
On Fri, Nov 9, 2012 at 9:57 PM, Saba Sumsam saba+j...@eintellego.net wrote:
Hi,
I have a Layer 2 network consisting of a Cisco 2970G, SRX210 and SRX100.
Following are the STP modes supported on each:
Cisco 2970G: mst, pvst, rapid-pvst
Juniper SRX100: STP, RSTP. MSTP
Juniper SRX210: STP,
On Wed, Oct 24, 2012 at 9:33 AM, Frank Sweetser f...@wpi.edu wrote:
I don't believe that Juniper has anything in that product space, but we've
been very happy with a set of A10 load balancers we recently rolled out. They
have all the features we needed, and for way less money than F5.
Agreed
On Mon, Oct 22, 2012 at 10:49 AM, Saku Ytti s...@ytti.fi wrote:
On (2012-10-22 17:18 +), Doug Hanks wrote:
These numbers will change with every hardware release and software
release. I used a generic number with the MX book.
The idea is that as soon as the book hits the shelf, the
It's sadly a known issue for which there is no easy fix.
When turning up new adjacencies, I generally hack in policy to avoid
announcing any routes at first until the box has had a while to learn and
pick up the tables, only then do I start announcing space and sinking
traffic through the router.
On Wed, Aug 15, 2012 at 12:13 AM, Saku Ytti s...@ytti.fi wrote:
On (2012-08-14 13:09 -0700), Jonathan Lassoff wrote:
Moral of the story, as I see it: avoid static routing.
This is bit circular. Vendor had software defect in ARP and you arrived to
conclusion consequently we should not use
On Tue, Aug 14, 2012 at 1:00 PM, Tobias Heister li...@tobias-heister.de wrote:
Hi
Am 14.08.2012 15:12, schrieb Markus:
Isn't that weird? Where did that arp entry come from and why was it saved on
the Juniper for so long, and only got removed after I removed the static
routing of that /24?
On Tue, Aug 14, 2012 at 1:20 PM, Tobias Heister li...@tobias-heister.de wrote:
Hi,
Am 14.08.2012 22:09, schrieb Jonathan Lassoff:
A dynamic routing protocol and BFD would be see this right away and
move traffic, but this would break any static routes that rely on any
dynamism with ARP
On Sun, Aug 5, 2012 at 6:51 PM, ibariouen khalid ibario...@gmail.com wrote:
Hi
I'm running version 11.1R4.4 on an M10i ;
i tried to load the configuration file from the M10i to an MX240 ( junos
12.x ) and i got an error regarding the following items :
user core {
uid ;
class
On Sun, Jul 22, 2012 at 8:06 AM, Harri Makela harri_mak...@yahoo.com wrote:
Hi All
Application Server connecting successfully to DataBase Server01 (db01). This
DB01 now need to mirror to db02 and port 5022 will be used.
Requirement : Application Servers which currently access DB01 should be
On Thu, May 24, 2012 at 8:01 AM, Per Granath per.gran...@gcc.com.cy wrote:
Well, this gentleman: http://mccltd.net/blog/?p=1199 has looked at that, so:
monitor traffic interface ge-1/0/0 no-resolve matching (ip and (ip[1]
0xfc) 2 == 20)
would give you DSCP with AF22.
But wont this only
On Tue, May 22, 2012 at 12:24 PM, Cyn D. cynthia_...@yahoo.ca wrote:
Network connections:
We have router A(M120, 10.4), B(MX240, 11.4) and C(M7i, 10.4) connected as a
triangle. Router A and B are in OSPF area 0 and also run IBGP between them.
Router C is connected to A and B via OSPF area
On Tue, May 22, 2012 at 12:46 PM, Cyn D. cynthia_...@yahoo.ca wrote:
Thanks for the input. Given our network topology, I am trying to avoid
running a full IBGP mesh.
If router C just needs internet transit, perhaps consider just
injecting a default route into your IGP?
It sounds like in this
On Thu, May 10, 2012 at 2:54 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 09/05/12 22:55, Jonathan Lassoff wrote:
I've gotten this to work in the past, but it ended up being a LOT more
work
than just using DNS names and routing (which I've subsequently done each
time).
Out
On Thu, May 10, 2012 at 9:21 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 10/05/12 17:12, Jonathan Lassoff wrote:
On Thu, May 10, 2012 at 2:54 AM, Phil Mayers p.may...@imperial.ac.uk
mailto:p.may...@imperial.ac.**uk p.may...@imperial.ac.uk wrote:
On 09/05/12 22:55, Jonathan Lassoff
On Thu, May 10, 2012 at 5:02 PM, Joel jaeggli joe...@bogus.com wrote:
On 5/10/12 16:21 , Phil Mayers wrote:
On 10/05/12 17:12, Jonathan Lassoff wrote:
On Thu, May 10, 2012 at 2:54 AM, Phil Mayers p.may...@imperial.ac.uk
mailto:p.may...@imperial.ac.uk wrote:
On 09/05/12 22:55
To get Bonjour to work across LANs, you would need to enable multicast
routing so that clients on the various LANs can join the same group.
Bonjour is just Apple's name for mDNS (multicast DNS).
Provided that everyone can solicit queries and hear announcements, hosts
should be able to resolve
On Tue, May 8, 2012 at 10:58 AM, Alex D. listensamm...@gmx.de wrote:
Hi list,
i manually set IPv6 mtu to 1500 on M- an MX-Series routers running JunOS
10.4R8.5
After configuration, following message appears in syslog:
/kernel: %KERN-6: MTU for ff02::0005 reduced to 1500
Is it a problem or
On Sun, Apr 22, 2012 at 10:24 PM, Md. Jahangir Hossain
jrjahan...@yahoo.com wrote:
Dear valued member:
Wishes all are fine.
i need
suggestion from you about Juniper MX10 router performance who already
implement this. i want to
buy this router for IP Transit provider where i received
On Thu, Apr 12, 2012 at 2:28 AM, Saku Ytti s...@ytti.fi wrote:
On (2012-04-12 11:12 +0200), Emmanuel Halbwachs wrote:
Juniper fellows subscribed to this list, please bring us useful,
complete and sane SNMP MIBs. We badly need it! Thank you very
much.
And maybe basic trap
On Thu, Apr 5, 2012 at 3:09 PM, Harri Makela harri_mak...@yahoo.com wrote:
Hi Guys
We are getting SSH_Brute_Force alerts quite often from our Intrusion
prevention systems (IPS) - ISS GX.
Issue Description: We have detected SSH_Brute_Force events sourcing from
external IP x.x.x.x targeting
On Tue, Apr 3, 2012 at 12:20 AM, Yucong Sun (叶雨飞) sunyuc...@gmail.com wrote:
But jflow is not going to work in packet mode, right?
Netflow-like reporting is probably the right way to detect these types
of anomalies in a scalable manner. However, I can't speak to the
performance of it on
On Thu, Feb 16, 2012 at 9:18 AM, Serge Vautour sergevaut...@yahoo.ca wrote:
Hello,
Has anyone ever rack mounted an MX80 or a similar sized router at an angle
before? Any reason why this isn't a good idea? Could it have an impact on the
electrical components?
We've run into alot of COs
On Tue, Feb 7, 2012 at 2:23 AM, Alex Arseniev alex.arsen...@gmail.com wrote:
Did you check what MACs are used in 1st, 2nd and 3rd time? Specifically MAC
OUIs.
I suspect this is a side effect of having C-J in the same broadcast domain.
Basically, when J-interface ARPs for a connected host,
On Sat, Feb 4, 2012 at 3:46 PM, Maciej Jan Broniarz gau...@gausus.net wrote:
I have a bunch of users using SSL VPN to Juniper SA box. Is there a way to
give each user the same static ip that will
always be given to that user, whenever he logs in?
Unfortunately, I don't know of a simple way of
On Sat, Feb 4, 2012 at 6:42 PM, Barny Sanchez bar...@juniper.net wrote:
the suggestion from Jof is clever but it doesn't scale. I am afraid that you
would require of an external device to help you accomplish this, such as
using a Radius and Attribute Value Pairs (AVP) to send back to the SA
On Thu, Jan 12, 2012 at 10:20 AM, Drew Weaver drew.wea...@thenap.com wrote:
Everyone pointed out really good notes here as well but as far as I know and
this may have changed recently but if you do the 10Gbps / smallest possible
packet size you'll crush the CPU before it ever gets anywhere
On Sun, Nov 27, 2011 at 6:15 PM, Dale Shaw dale.shaw+j-...@gmail.comwrote:
Hi all,
Is anyone aware of open source or COTS software that provides MAC
address to switch port to IP address (and vice versa) mapping and
discovery? aka end user / end station tracking.
There are lots of them out
On Tue, Sep 27, 2011 at 6:20 AM, Chris Gapske cgap...@paducahpower.com wrote:
Sorry Very new at this but I would like to ask for help on an issue.
I am getting conflicting stories on the ability of the SRX. TAC says they
cannot get Mobile Devices such as Android or Idevices to connect with
On Mon, Sep 19, 2011 at 1:42 PM, Pavel Lunin plu...@senetsy.ru wrote:
2011/9/17 Chris Evans chrisccnpsp...@gmail.com
Juniper devices have out of band ethernet ports, but have the HUGE HUGE
downfall of being in the main routing table conflicting with every other
route.
BTW, can anyone
On Mon, Sep 19, 2011 at 2:16 PM, Pavel Lunin plu...@senetsy.ru wrote:
I see two ways one can go about this. Either programmatically tunnel into
an OOB L2 segment via a bastion host in an on-demand fashion, or point
some routes (dynamically, or otherwise) into your internal network for
On Mon, Sep 19, 2011 at 2:04 PM, Chris Morrow morr...@ops-netman.netwrote:
On 09/19/11 16:59, Jonathan Lassoff wrote:
BTW, can anyone give a good real-world example of a_routed_ OOB
management
network usage?
As far as I understand the whole concept of OOB MGT IP interface
I agree with all of these points, and it's a pretty classic problem with
managing devices that route.
The path I've gone down in most setups I've done is to simplify.
I place all devices within a site within an out of band LAN/broadcast
domain, and setup one (or two, depending on HA
On Tue, Aug 2, 2011 at 2:26 PM, Martin T m4rtn...@gmail.com wrote:
What is the acceptable Rx power in case of SFP/XFP? For example, here
are XFP Tx and Rx signals from six FXP's:
1:
Laser output power : 1.2920 mW / 1.11 dBm
Laser rx power :
On Mon, Aug 1, 2011 at 12:04 AM, Richard Zheng rzh...@gmail.com wrote:
Thanks jof. I see, in production we can make other switches handle the
access and only use srx for firewall. So after setting up reth interface, we
should be able to add vlan-tagging to it, right?
I believe so, but honestly
On Sun, Jul 31, 2011 at 7:28 PM, Richard Zheng rzh...@gmail.com wrote:
Hi,
We have a configuration with multiple VR to support multiple customers. Vlan
is used to trunk traffic into and out of SRX. While trying to do chassis
clustering, it seems vlan is not supported. How do you do chassis
Jeff, Michael -- these are both totally reasonable cases I didn't even
consider. The Juniper clue wiki article is a really good example as to
why.
I wonder why it's not implemented. It does seem relatively easy
considering the fact that there is already some support for regular
expressions
On Wed, Jul 13, 2011 at 11:02 PM, Michael Hallgren m.hallg...@free.fr wrote:
Le mercredi 13 juillet 2011 à 18:25 +0200, Daniel Verlouw a écrit :
see
https://puck.nether.net/pipermail/juniper-nsp/2010-July/017473.html
Not supported. I requested an ER back then, don't think it ever got
On Tue, Jul 12, 2011 at 11:35 PM, Chris li...@blackhat.bz wrote:
On 13/07/2011 2:27 PM, Chris wrote:
snip
To add to the already long email, here is some more examples of whats
happening:
From the 10.10.10.100 device, trying to ping the 'acc-bdr1' (J6350)
device works:
traceroute to
On Wed, Jul 13, 2011 at 12:31 AM, Chris li...@blackhat.bz wrote:
On 13/07/2011 3:29 PM, Ben Dale wrote:
Hi Chris,
Hi all,
Thanks for the replies - the issue is as above, the routing table was
topping out. I should have checked that - it completely slipped my mind.
Nice catch, Ben!
The EXes
I think there are just a lot of places in the SRX codebase that don't
support IPv6. It's sad, but true.
I too have been having problems using IPv6 on VLAN and NHTB IPSec
interfaces on SRX 210s and 240s.
It feels like Juniper took gobs of Netscreen code, crammed it into
JunOS and didn't bother to
On Mon, Jun 27, 2011 at 6:12 PM, Ben Dale bd...@comlinx.com.au wrote:
Last time I looked (which was a while ago), the iPad/iPhone version of pulse
used SSL to establish the VPN Tunnel.
The SRX only support Pulse over IPSEC (which the Windows client also
supports).
The Secure Access (now
On Sun, Jun 19, 2011 at 9:28 PM, MSusiva ssiva1...@gmail.com wrote:
Hi Altaf,
Can you try IOS to JunOS translator tool?
https://i2j.juniper.net/release/index.jsp
I2J is indeed a pretty awesome tool. It's probably a great tool for
Juniper SEs to pitch switching.
Unfortunately, Cisco PIXes
On Fri, Jun 10, 2011 at 8:07 AM, Justin M. Streiner
strei...@cluebyfour.org wrote:
All:
I have a fairly extensive IPv6 test bed set up in my lab, using OSPFv3 as my
IGP, and one thing I noticed is that the OSPFv3 adjacencies on links between
Cisco (6509-Es, Sup720/3BXLs, 12.2SXH code) and
I think Juniper's answer to redundancy with the MX80s is to setup 2x
MX80's and use routing protocols to switch over from one to the other.
For a fully loaded box, it probably edges up on making an MX280 a
better deal, but for the smaller software-limited MX80's I could see
it being an ok deal.
On Wed, Mar 23, 2011 at 11:49 PM, cjwstudios cjwstud...@gmail.com wrote:
Hello Juniper folks :)
I'm setting up a remote metro ethernet site (fiber in a closet) that
will have 2 x 100mb BGP transit feeds and a smattering of IGP feeds.
The traffic will be service provider transit without
On Thu, Mar 24, 2011 at 1:02 AM, Joel Jaeggli joe...@bogus.com wrote:
On 3/24/11 12:44 AM, cjwstudios wrote:
Hi Jonathan, thanks for the reply.
The application is a service provider edge, all ethernet, with routed
traffic to two carriers. Internal traffic is a mix of IGP and OSPF.
I'll
On Tue, Mar 15, 2011 at 11:31 PM, medrees medr...@isu.net.sa wrote:
Hi Doug
Thanks for your reply, my question is that is it possible to make
aggregation in two links from juniper side and the other side is connected
to two different Layer-2 Cisco switches for load balance? currently I'm
On Wed, Mar 16, 2011 at 8:15 AM, James Jones ja...@freedomnet.co.nz wrote:
Can anyone tell me the average memory usage for Type 1 and Type 5 LSA's?
FWIW, I have a very modest OSPF installation with 24 LSAs that show
task memory detail | match ospf_lsa suggests to me is using ~6k of
memory.
On Fri, Jan 28, 2011 at 5:07 PM, Simon Chen simonche...@gmail.com wrote:
Hi jof,
I'm using mx-240, and I don't see the DHCP option... Can you tell me
the exact configure path that I should check?
Sometimes options can be platform and version-specific. What version
of JunOS are you running?
On Sat, Jan 8, 2011 at 2:45 AM, networking alcatel netprod...@gmail.com wrote:
Hi
i'm sort of stuck ...
One end is a J6350 router and the other end a Cisco router...
the built up between these two devices is L2 and on a VLAN 10.
From J6350 to the Cisco Router you are able to ping reverse
I guess that would depend on the hardware configuration that you have
in your 7206? What NPE are you using?
Assuming you're using an NPE-G1, which can run a few GigE ports at 1
Mpps, some comparable routers might be:
Juniper J6350 -- A CPU-based router (more inexpensive) that'll route
400 Kpps
I really like the monitor interface traffic screen.
It's a little app that loops over writing out some columnnar statistics on
interface rates and link states, clears the screen, and repeats.
Cheers,
jof
On Thursday, December 9, 2010 at 10:44 AM, Deric Kwok wrote:
Hi
When the
On Mon, Nov 29, 2010 at 6:49 PM, Adam Leff a...@leff.co wrote:
Also, for what it's worth, I do have multiple logical interfaces under st0
(i.e. st0.0 and st0.1) and it is working without requiring NHTB.
Without NHTB? So the security ipsec vpn XXX hierarchy has a
bind-interface statement, but
I'm trying to setup an SRX in my office as a branch office with two
ISP connections, and I'd like to run an IPSec path over each back to
our datacenter. Ideally, I could terminate each tunnel on a separate
st0 unit (ifl's of st0.0 and st0.1), but it seems that JunOS will only
try to establish
On Sun, Oct 31, 2010 at 6:29 PM, Derick Winkworth dwinkwo...@att.net wrote:
this is an on-going topic here. I'm wondering if we should set up an
independent website with a hardware/software matrix hyperlinked to known
issues
with problem descriptions/diagrams (if available) etc...
If only
While having an increased MTU across your WAN can improve throughout
greatly, I would suggest tuning your TCP stack for a Long Fat Pipe, as
many operating systems are not designed to work well with high-throughput,
high-latency links.
There are some good tips here: http://fasterdata.es.net/
On Thu, Sep 2, 2010 at 9:21 PM, Harris Hui harris@hk1.ibm.com wrote:
Hi all,
The J-6350 in JUNOS 10.0R3.1 can disable the security context (flow-based
forwarding) and use it as a Router Context (IPv4 Packet-based forwarding).
I had tested this on a single J-6350 box.
Did anyone tested
Agreed. To me, it seems to me that the overall quality of JunOS has slipped
since 10.x, however recovering from most problems on JunOS is at least
possible.
In classic IOS, even a small bug or memory leak can quickly turn into a
major catastrophe (no memory management/supervision and a single
On Wed, Aug 18, 2010 at 12:06 AM, Bjørn Tore b...@paulen.net wrote:
You'll find it under
jnxOperatingBuffer, 1.3.6.1.4.1.2636.3.1.13.1.11
And you can find which index to use under that tree (in case you want
to monitor PICs or multiple RE's) by examining the contents of
jnxOperatingDescr (
Excerpts from chrisccnpspam2's message of Wed Mar 31 12:13:14 -0700 2010:
Forgive me for not fully remembering as its been a while since I muddled with
v6. But for some reason I believe you have to do the static route to a link
local address, not to the address you configure under the
Excerpts from Abel Alejandro's message of Wed Mar 31 18:59:08 -0700 2010:
Hello,
I am running 4 x EX4200 in a virtual chassis configuration. I configured
sFlow but I can not get it to work.
Basically the configuration is accepted and no errors are given but no
flows are sent to the
Excerpts from Dan Farrell's message of Thu Mar 25 09:13:59 -0700 2010:
Flash gets a bad rap. I think most people have heard of supposed horror
stories or they see the cycle limit and get wary.
But I'm wondering... has anyone in this list actually had a personal flash
horror story? I don't
Excerpts from Paul Stewart's message of Thu Mar 25 12:13:31 -0700 2010:
I'm looking for feedback from folks on the list who are service providers
and connect to peering exchange points (IE. PAIX, Equinix, LINX etc). I'm
looking for recommended configuration for layer2 connectivity via an EX
Excerpts from Paul Stewart's message of Thu Mar 25 13:09:51 -0700 2010:
Thanks very much for the reply...
The AMS-IX guide I've been through but their Juniper section isn't nearly as
detailed as the Cisco side... good guide for sure. ;)
The MAC shown in my example below is actually the
Excerpts from Paul Stewart's message of Thu Mar 25 13:09:51 -0700 2010:
Thanks very much for the reply...
The AMS-IX guide I've been through but their Juniper section isn't nearly as
detailed as the Cisco side... good guide for sure. ;)
The MAC shown in my example below is actually the
Excerpts from Richard A Steenbergen's message of Thu Mar 25 16:52:15 -0700 2010:
On Thu, Mar 25, 2010 at 03:13:31PM -0400, Paul Stewart wrote:
The problem I'm facing we're tripping the port security on the exchange
switch:
Mar 24 15:36:52.773 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION:
Excerpts from Serge Vautour's message of Thu Feb 18 16:28:44 -0800 2010:
Hello,
We recently used a traffic generator to run RFC2544 tests against a Juniper
MX960. The 1G ports work flawlessly. 0% packet loss at all frame sizes.
The 10G ports (4x10G R card) didn't do as well. They
Excerpts from Taqdir Singh's message of Wed Jan 27 19:26:39 -0800 2010:
Hi Team,
JUNOS doesn't support layer 2 aggregate ethernet (i mean layer 2
ether channels ) ?
and how many max links we can combine in junos, in cisco we can combine upto
8 ?
I would think this would depend on
Excerpts from Malte von dem Hagen's message of Wed Dec 23 10:23:45 -0800 2009:
what exactly do you want to do? It's not yet clear to me.
Anyway, you seem to mix up vlan-tagging, which is a JunOS-Option for
L3-ports,
and port-mode trunk, which does quite the same for L2-ports (below family
Excerpts from Truman Boyes's message of Tue Dec 22 04:17:22 -0800 2009:
Can you post the relevant configuration from the box? I expect that the host
is
directly connect to the MX-960; and the interface that is facing the host is
running RA; furthermore if you look at the routing table on the
Excerpts from Truman Boyes's message of Tue Dec 22 18:25:23 -0800 2009:
Have you enabled the tunnel-services statement at the [ edit chassis fpc
slot-number pic pic-number] stanza?
Thanks Truman!
Nope. I've yet to find reference to this in the documentation relating
to setting up tunnels. Do
Excerpts from Truman Boyes's message of Tue Dec 22 20:12:34 -0800 2009:
Hi Jonathan,
You can use any of your DPCs. On non-MX JUNOS routers you need to have tunnel
pics (ie. packet that needs to be encapsulated/tunneled/etc will switch from
PFE to PIC to PFE). MX does not require this because
I'm having an odd problem routing IPv6 traffic through an MX-960 I'm
testing. I'm sending traffic from a directly connected host through the
Juniper box to be routed out to the Internet. I can ping the address on
the MX from the downstream router, but can't seem to route *through* the
Juniper.
Excerpts from sthaug's message of Thu Nov 12 00:12:16 -0800 2009:
Absolutely. We use quite a bit of dual tagging on Ethernet, so then we
need to crank it up to 4492. But all our backbone links are 4484 on the
Juniper side.
Is there a reason not to use 9000-bytes everywhere (accounting for
84 matches
Mail list logo