Michael,
got it, thanks.
Lee,
the README of your repository provides an excellent introduction to RE
filtering. Based on your filters, I moved the processing of the IP
Options from edge filters to RE filters:
Hi.
Thanks for the feedback and remarks. I have updated the RE filters:
https://gist.github.com/tonusoo/efd9ab4fcf2bb5a45d34d5af5e3f3e0c
Few comments:
* I used the ephemeral range of 49160 - 65535 based on "sysctl
net.inet.ip.portrange.first" and "sysctl net.inet.ip.portrange.last"
on FreeBSD
Hi.
> In practical life IOS-XR control-plane is better protected than JunOS,
> as configuring JunOS securely is very involved, considering that MX
> book gets it wrong, offering horrible lo0 filter as does Cymru, what
> chance the rest of us have?
I recently worked on a RE protection filter
Hi.
As a workaround,
https://gist.github.com/tonusoo/2f95c1d377bf658dcf5c8b7c9dba5f57 could
be used. Few examples:
$ snmpwalk -v 2c -c public mx204 .1.3.6.1.4.1.2636.3.4
JUNIPER-ALARM-MIB::jnxYellowAlarmState.0 = INTEGER: off(2)
JUNIPER-ALARM-MIB::jnxYellowAlarmCount.0 = Gauge32: 0
> > What does this show:
> >
> > show system core-dump core-file-info /path/to/corefile
>
> gdb was removed from junos somewhere around 16. This unfortunately
> doesn't work anymore. It was quite handy.
While it's obviously not that convenient, then one can prepare a VM with
necessary shared
Hi,
> On one of my MX204 routers the DHCP relay crashes after some running time
and the process stops.
if you are looking for a temporary workaround, then you could periodically
check if the jdhcpd process is running and if it isn't, then restart it.
Something like this:
> This isn't a project it isn't even a process, it's culture.
Well said.
Hi Chuck,
> How do I inherit the nd6-stale-time setting only if there is already a
configured "family inet6" so I don't get IPv6 link-locals on IRBs where I
only want IPv4?
One hackish way to accomplish this would be
Hi Aaron,
> I tried decimals and zero to see what would happen, seems that 1 is the
lowest.
Looks like it is possible to configure 0 as a reporting-rate
using ephemeral database, but then the device simply does not send any
telemetry data.
I also did some further testing with Grafana and it
Hi Dario,
> So I can get the correct values in Grafana in bps, what reporting-rate do
you have configured on the Juniper?
I configured 1 second interval, but I noticed that at least vMX sent data
with 2 and occasionally 3 second intervals. I guess this is because
according to
Hi Dario,
> This looks really useful, thanks for sharing. Just checking, do I only
need this script, InfluxDB and Grafana to get traffic graphs?
That's correct.
WBR,
Martin
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
Hi,
> Telegraf has a built-in input plugin for Juniper Openconfig, so it takes
> like 5 minutes to enable.
there also seems to be a patch for native sensors:
https://github.com/influxdata/telegraf/pull/6365. Unfortunately, it's not
yet merged. In addition, in order to better understand how the
Hi Aaron,
> Anyone know how to limit ip addresses *in subnet notation* that are able
to communicate with the rest api ?
This does not seem to be possible with "allowed-sources". IPv4 addresses
specified under "allowed-sources" are used in /mfs/var/etc/lighttpd.conf
configuration file in regular
Hi Matt,
> This is probably a feature request, but maybe another
> creative solution is possible? Thanks.
What if you simply periodically check the address on IRB interface and if
this differs from the LLDP management-address, then configure latter
accordingly? Something like this:
13 matches
Mail list logo
