That method should work. Keep in mind that policies applied by group are
applied after everything else.
If you have a deny in your normal policies (like trust to untrust) that the
traffic meets, it'll get dropped before it ever makes it to this policy.
I prefer to put my policies in each zone
Tag your discard and use the tag to set a community. Then the community can be
used to take the desired action.
Will O'Brien
On Feb 8, 2014, at 1:17 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
All,
We're wanting to deploy RTBH, and I'm running into issues because when the
route is
I'm gonna go ahead and say nope.
SRX supports reth with active/passive nodes.
It doesn't support a lag that uses both nodes active/active as part of the same
ae.
You can build a reth with multiple ports that uses LACP to build a lag on each
node however.
I recommend not using AE at all on
I just used PoE. You can get a PoE injector pretty easily.
On Jan 11, 2014, at 1:20 PM, Chris Woodfield rek...@semihuman.com
wrote:
Anyone know what type of power adapter (apart from ordering one directly from
Juniper) I’d need to power an AX411 wireless AP? Or would I be better off
simply
It looks like I need ipfix to get full flows from MPCs on the MX. From the
Juniper site, it seems that I need 12.x code. Is anyone happily running it?
I've got 12 on some small SRX, but have been very conservative on MX code loads.
I use bgp, ospf, vrrp, mc-lag, and some routing instances.
Try using the absolute path. Relative paths with symbolic links is great way to
break things.
On Dec 16, 2013, at 2:06 PM, Chip Marshall wrote:
I've got an odd problem on a host that I'm trying to do some SLAX
development on, it appears JUNOS is having a problem reading a file I'm
trying to
Second REs don't really do anything on SRX... yet.
On the 5800s, I had to add them in order to bring up a secondary control link.
The only thing they do is init the control plane on the chassis for that link
to come up.
I believe it's an artifact from stealing the MX chassis. I don't think it
show chassis fpc is a start.
you can run various diags on the fpc pics themselves as well.
On Oct 25, 2013, at 2:25 PM, Keith wrote:
Is there a command on JunOS similar to the cisco command:
show controller utilization
Thanks,
Keith
___
On the 5800 in stream mode (which is the way to go) you must configure a source
address on each node.
Because the logs come from the control plane and NOT the routing engines.
So, the solution is to configure your security log under the groups stanza for
both nodes.
Within each node, you
I advertise a default route via an igp. (Ospf) when traffic gets to the border
routers, the best path is chosen thanks to ibgp between the two border routers.
I also maintain redundant links between the two border routers so that an
outage won't matter.
Will O'Brien
On Sep 30, 2013, at 5:52
My CGNAT works very well. Currently providing NAT for a few /16s of private
space.
On Sep 18, 2013, at 11:13 AM, rkramer wrote:
I currently use MX240's throughout my routing environment today, and I'm
looking to upgrade my existing NAT boxes, which are Cisco ASR's. They are
running out of
# is the acceptable number of times your AS# shows up in an eBGP as-path
On Tue, Sep 10, 2013 at 12:28 PM, OBrien, Will
obri...@missouri.edumailto:obri...@missouri.edu wrote:
I've found an interesting issue and I wanted to get some thoughts before
talking to JTAC about it.
I have a few of MX480s
I've found an interesting issue and I wanted to get some thoughts before
talking to JTAC about it.
I have a few of MX480s. In the past, I've advertised a dedicated /24 from my
lab to my providers upstream.
That /24 was never learned by my primary MX.
The issue comes down to either the MX or
The fabric carries traffic between the nodes, so it's my immediate suspect on
the traffic loss.
Are your connections configured as standard Reth interfaces? Are you using some
form of igp?
In active/active mode, I've seen some traffic loss, but most of it was due to
ospf taking time to select
Failover works fine on my 5800 cluster. I use direct connections for fabric and
control.
It sounds like you're losing traffic in Zmode. I'd start by taking a serious
look at your fabric links.
Do you have dual REs in each chassis for the double control links?
On Sep 3, 2013, at 7:34 AM, R S
You have to match them appropriately. Take a look at my nexus-srx example.
On Jul 26, 2013, at 9:30 AM, Mark Tinka wrote:
On Friday, July 26, 2013 03:21:32 PM R S wrote:
In a
broadcast interface (GE) I’ve to run OSPF between my MX
and some systems running OSPF.
What about
L2 and L3
Here's a full working example that I pulled off my production link. It's
comprised of a pair of 10gb links.
I renumbered things to protect the guilty.
Useful bits here are adjustments to MTU counting style to make ospf work with
jumbo frames.
interface port-channel5
description
ipsecuritas is a nice mac client. Free too. I used it all the time with ssgs,
but haven't gotten around to making a SRX config.
It allows for split routing too.
On Jul 14, 2013, at 11:39 PM, Doug McIntyre mer...@geeks.org
wrote:
On Mon, Jul 15, 2013 at 12:59:18PM +1000, Ali Sumsam wrote:
Is
You can install it on a usb drive and go from there. And you probably have a
second re if you have a 480 right?
On Jul 11, 2013, at 5:20 PM, Dave Peters - Terabit Systems
d...@terabitsystems.com
wrote:
Hi all--
I can't seem to find the jloader file to upload my RE on an MX480. Just not
https://kb.juniper.net/InfoCenter/index?page=contentid=KB24362
On Jun 24, 2013, at 8:38 AM, Alberto Santos wrote:
Hi there,
I'm swapping a cisco ASA and I found myself stuck on how configure any
similar to cisco RRI(reverse route injection) feature on junos,I'm load
balacing with a BigIP
.
BR
Alberto Santos
CCIE #26648
JNCIS-SP - ITIL-F
...Fix your DNS, make it dual-stack, take your mail server and make it
dual-stack, take your web server and make it dual-stack... by Randy Bush/RIPE
IPv6
On 24 June 2013 13:15, OBrien, Will
obri...@missouri.edumailto:obri...@missouri.edu
,
whatever works for you.
On Jun 22, 2013, at 10:10 AM, Joseph T. Klein j...@titania.net
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/22/13 12:14 AM, OBrien, Will wrote:
More info? Show chassis cluster status Would be a start
Cluster ID: 1
Node Priority
More info?
Show chassis cluster status
Would be a start
Will
On Jun 21, 2013, at 11:57 PM, Joseph T. Klein j...@titania.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have a 2 node set of srx240s and can no longer get the commit to
check nor confirm on 2nd node.
Help
This got me a little curious.
Most likely someone is using a crappy client that behaves oddly (or used
malformed headers on purpose) - and just aren't matching the tcp port combo.
I'm not a fan of the way that the stateless firewall filters are written.
A simple fix may be to not specify tcp,
The primary use of the dns alg is to reduce session count. This is very
apparent on net screens. I reduced 500k sessions down to 400k by turning it on.
That said, you can achieve similar results by setting dns specific policies
with short timeouts.
Will
On May 28, 2013, at 8:41 AM, Julien
You never sent your policy to the list. Is there traffic being routed inside
your zones? Do you have a trust to trust permit policy for example? Are you
using any alg? Have you used trace options to determine what's dropping? Are
you allowing assymetric traffic flows across the cluster? Have
I'm working on a routing design that uses multiple routing instances to allow
traffic shaping based on destination, CG Nat based on destination and a set of
traffic filters.
Those three things don't tend to play very nicely together on the same
interface since they're all require various
You can definitely do this. There's room for several hundred filter statements
on the R blades. I had policers (as firewall filters) configured for a couple
of /16s on a /24 basis for scale.
When I added a third /16 I hit a limit where I couldn't apply changes without
restarting the card, if
Oh, and I've forgotten the procedure, but you can query the card directly
through shell to check on memory allocation.
On May 5, 2013, at 3:08 PM, Peter Krupl p...@siminn.dk
wrote:
Hi Group,
I have googled and checked the KB for som time, but I'm unable to find
anything usable...
The
Did you edit the new policy and set anything in it first?
Will O'Brien
On May 1, 2013, at 8:48 AM, James S. Smith
jsm...@windmobile.camailto:jsm...@windmobile.ca wrote:
I have an SRX240 running 11.1R2.3, and occasionally I have to add new policies.
The obvious choice would seem to be use the
Do you have a policy allowing traffic from that zone to that zone?
On Nov 3, 2010, at 7:33 AM, Bruce Buchanan wrote:
Hi List –
Can anyone give any suggestion/guidance on the following.
I’m trying to do a static route *out* the same interface that the traffic came
*in* on. This is on an
No license needed. Just configure under protocols.
Will O'Brien
On Apr 25, 2013, at 5:17 PM, John pp luklaupda...@gmail.com wrote:
hi all
i have a new MX480 with MPC-3D-16XGE-SFPP and I am trying to enable BGP but
am not sure how?
someone said I need a license is this true?
you can email
/task/configuration/chassis-mx-series-ip-ethernet-mode-configuring.html
On Apr 25, 2013, at 5:39 PM, OBrien, Will obri...@missouri.edu
wrote:
No license needed. Just configure under protocols.
Will O'Brien
On Apr 25, 2013, at 5:17 PM, John pp luklaupda...@gmail.com wrote:
hi all
i have
It there a possibility of a flapping route?
Will O'Brien
On Apr 23, 2013, at 7:02 PM, James S. Smith jsm...@windmobile.ca wrote:
I found that a bit strange myself, but we log all traffic flows through the
firewall and the only communication going on was on port 993.
-Original
Agreed. That's the way to do it.
On Apr 19, 2013, at 5:37 PM, Brandon Ross br...@pobox.com
wrote:
On Fri, 19 Apr 2013, Chip Marshall wrote:
So, I have an MX5 with it's fxp0 management interface connect to
one network, which I've placed in a logical-system so it can have
it's own default
Hey guys, I'm building a new cluster of SRX 5800s and prepping to move several
VPN tunnels to it. All of them are ike/ipsec.
I built a test site on a SRX210 and configured a tunnel between it and my
cluster. My tunnels aren't coming up on the 5800 side at all.
I'm using Agg Eth interfaces on
I've heard that it works. I have avoided it so far, however.
Will O'Brien
On Apr 2, 2013, at 11:48 AM, Mike Williams mike.willi...@comodo.com wrote:
Hey all,
So I've been reading the clustering docs, and they make it pretty clear that
the (at least) control link should connect the devices
You should also check for more specific routes inside that block.
Using a filter that specifies x.x.x.x/24 exact to prevent smaller announcements.
I
Will O'Brien
On Mar 29, 2013, at 8:16 AM, Matthew Crocker matt...@corp.crocker.com wrote:
Hello,
I have a weird routing issue where my
I'm trying to figure out just what you're doing, the picture isn't quite clear.
It sounds like you want to advertise routes learned via ospf over bgp.
In that case, you just need to write an appropriate policy statement to apply
to those routes to tune metrics, etc.
Additionally, you need to
Config or it didn't happen
Will O'Brien
On Feb 1, 2013, at 5:06 PM, Ahmed Taha ahmedta...@hotmail.com wrote:
Hi all,I have a query , as I'm trying to establish LSP secondary tunnel ,
but that secondary one becomes up for seconds , and then became down.Here is
the Output when using ,
Yuck. I hate their reader. Also, I like to read it on ipads and similar
submit it as a bug report. It will be funny.
On Jan 30, 2013, at 5:17 PM, Chuck Anderson c...@wpi.edu
wrote:
Today I downloaded the Complete Documentation Set (PDFs) for Junos OS
Release 12.1X44-D10 for SRX:
show chassis fcp, see if they came online.
On Jan 28, 2013, at 2:25 PM, Dave Peters - Terabit Systems wrote:
Hi all-
I've got two MX80s that I upgraded from 11.1R1.14 to 11.4R6.5, and after I
finished, one unit showed the physical ports no longer available via the CLI.
The xe-x/x/x
I usually use separate policers for in and out.
Will
On Jan 25, 2013, at 1:22 PM, Luca Salvatore l...@ninefold.com wrote:
Hi Guys,
Got some issues with my policing configuation on a SRX650.
I have it configured to police inbound and outbound traffic to 40Mb.
The config to make this
Interesting. My ms-dpc were very pricy. It'll be interesting to see a price on
that one.
Will
On Jan 18, 2013, at 7:13 PM, Richard Hesse richard.he...@weebly.com wrote:
This product was slated to be released in 2012 according to a few KB docs
on juniper.net, but 2012 has come and gone
I'm curious if anyone has been using MX's in a VC config. It's supported on the
new MPC blades, but supposedly not with the older DPCs.
I haven't done any testing yet, just minimal research.
Why would I want to? Well, I'm after redundancy with my services blades.
Specifically, MS-DPCs. I've
uh, what?
On Dec 31, 2012, at 6:34 PM, Robert Hass robh...@gmail.com
wrote:
Hi
Is BGP PIC Edge functionality supported on current MX platforms ? (eg.
JunOS 11.4R6 or 12.x)
Rob
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
you should probably define the source ip address from the router.
On Dec 3, 2012, at 11:28 AM, Ali Sumsam wrote:
Hi All,
I am moving from Cisco to Juniper MX5. My Cisco router was sending netflow
information to a server(NFSEN).
I cant see any update on the same server from my MX5 router,
After the last site maintenance my support account was completely foo. I had to
have them reset it for me.
On Dec 3, 2012, at 8:13 PM, Julien Goodwin jgood...@studio442.com.au
wrote:
On 04/12/12 02:28, Phil Mayers wrote:
On 03/12/12 14:45, Jason Fortier wrote:
The export junos does not
Did you try gracefully restarting routing? That should keep it forwarding while
freeing route process memory
Will O'Brien
On Nov 30, 2012, at 2:57 PM, Giuliano Medalha giuli...@wztech.com.br wrote:
People,
We are doing some BGP tests using routing-instances on MX5-T-DC routers.
We have
no-validate
That is, request system software install no-validate blah
On Nov 29, 2012, at 7:25 PM, Ali Sumsam wrote:
Hi,
I have a brand new MX5 router for one of my customers. The only
configuration I have on this router is
1, one login name and password
2, IP address on FXP0
3, telnet
I'm interested in possibly using junoscript to adjust policing based on a
utilization ceiling.
Example, let's say that I've got 2Gb/sec of bandwidth that I can use. At busy
times, it's appropriate to police users at 7Mb, but if I'm only using around
70% of that 2Gb, adjust policing up to
The math for burst rate is a little odd. However it seems to average at around
10% of the desired rate. The burstiness (for lack of a better word) provides
for a better user experience rather than a hard policer.
Will O'Brien
On Oct 3, 2012, at 9:55 PM, GIULIANO (WZTECH) giuli...@wztech.com.br
Config for your security policy? Nat is only half of it.
Will
On Sep 7, 2012, at 6:09 PM, Oliver Garraux oli...@g.garraux.net wrote:
Brent, Patrick,
Thanks for the replies.
When I change the rule-set to apply to traffic from the user zone, I'm
seeing the same behavior. The source
We run 208v to ours, which reduces the amp load. Then we use 1u rackable
tripplite PDUs on 30a circuits with C13s and C19s and C19-C20 cables.
Will
On Aug 23, 2012, at 8:59 AM, JA wrote:
Hi
I need advice if someone is having an MX960 up on AC power.
Usually high capacity (32A) power
I'm wondering if I can do a simple server load balancer using a SRX.
Example:
Server A offers up service on port .
Server B has the same service.
If Server A goes offline, send traffic over to server B.
Resume when Server A becomes available again.
One thought is to use something like
Have you captured traffic before and after to validate the marking?
Relavent config bits would help.
On Jul 20, 2012, at 3:56 PM, John Neiberger wrote:
We've been troubleshooting a strange problem for a few days. JTAC is
on the case, too, but we have not found any resolution. I thought
maybe
Check your fxp0 configuration. You may be shipping return traffic out random
interfaces...
We are leaning toward putting all production traffic inside a virtual routing
instance/chassis and using the main routing instance just for management.
From:
You'll want to make sure that your switches aren't quashing things as well.
igmp snooping on various vendor hardware usually makes my head hurt.
I suggest allowing broadcast flood for multicast to prove that your multicast
router is functioning properly and then locking down your igmp config
Offhand, I'd say you're not running fsck on the partition that's failing.
Try looking at /dev/da* and making sure that you've run it on all of the
partitions.
Otherwise, there are some emergency options but I haven't done them..
On May 14, 2012, at 6:01 PM, Dave Peters wrote:
Hey all--
How big is the network?
Will O'Brien
On May 9, 2012, at 4:59 PM, Jonathan Lassoff j...@thejof.com wrote:
To get Bonjour to work across LANs, you would need to enable multicast
routing so that clients on the various LANs can join the same group.
Bonjour is just Apple's name for mDNS
Your export policy must be applied at the announcement router. For example, my
area 0 router only announces a default route and nothing else. Set a match and
don't forget the reject.
Will
On May 9, 2012, at 4:30 PM, Morgan Mclean wrx...@gmail.com wrote:
Hi everyone,
I have a two network
I have some lengthy ones. My only limitation is that I've used so much of my
firewall memory (in my case) that I have to manipulate the filter a bit to get
it to clear and reload when I edit it.
I don't expect to have this issue once I deploy my trio blades. (I have R
blades in production now.)
We've been pushing out jumbo frames across our new core lately. Right now I've
got multiple boxes from multiple vendors that all support different maximum
MTUs.
Example: Juniper MX960/480, Nexus 7009, Nexus 5k/2k, Catalyst 4900,
Nortel/Avaya 8600 All different maximums.
Anyone have
I agree with that. I looked at the ASR the other day. the 6 slot chassis is
only 4 for line cards. the first two are taken.
The 480 allows for six + 2xSCB/RE
On Apr 24, 2012, at 9:01 PM, Keegan Holley wrote:
Go with the 480 if you go juniper. The cost difference between chassis is
v5 certainly.
Keep in mind that sampling depends on your hardware configuration (MS-DPC, etc)
On Apr 11, 2012, at 2:32 AM, Arun Kumar wrote:
Hi Juniper NSP,
Would like to know whether Juniper MX series router support other variants
of jflow except IP FIX. Flow collector that i m evaluating
I got on TAC about the fact that they were recommending 10.4 code for the MX
when it doesn't support the Enhanced SCB at all.
I don't know if it was my case or just enough people giving them a hard time,
but they notified me that they've updated KB21476.
There is now an entry for the MX series
I think it's a matter of the newer switching fabric only being supported in 11.
Will O'Brien
On Mar 22, 2012, at 8:12 AM, Per Granath per.gran...@gcc.com.cy wrote:
I suspect the 10.4 would not lock down the XE ports on the chassis, so there
is a reason for not allowing it to work...
I'm putting a couple of AX411s out for some remote and dmz office networks.
Does anyone have any suggestions for optimizing these things?
I've deployed one behind a SRX210 and so far users are happy. (I had
temporarily run it behind a 100, but I'm pretty sure that it over-ran the 100mb
Yes. I've got several deployed in those roles.
Will O'Brien
On Mar 5, 2012, at 5:28 PM, TCIS List Acct lista...@tulsaconnect.com wrote:
Over the past few years the general feeling I've gotten reading j-nsp and
elsewhere was to stay away from the SRX line until the code matured. We've
got
I'm running 10.4R7.5 for now. I haven't even loaded R9 yet.
On Feb 17, 2012, at 10:18 AM, Paul Stewart wrote:
Hey there.
We need to upgrade from our 10.0R3.10 releases on MX platform. Up until a
month ago we were ready to roll to recommended release 10.4R8 and well, we
know that
Anyone running the SCB-E? I've got a stack of them with a set of fresh MX480s
ready to roll out. I'm curious what code your running. These will be paired
with MPC blades…
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
Have you verified connectivity across the lt?
Will O'Brien
On Feb 4, 2012, at 2:21 PM, Amos Rosenboim a...@oasis-tech.net wrote:
Hi All,
I have a router with two VRFs.
I need to apply FBF on traffic flowing between the two VRFs so I created a
logical tunnel that connects the two VRFs.
I'm pondering the idea of trying to build a relatively inexpensive 10Gb capture
box.
The simple solution is a dell R710 with 10Gb nics. I have some, they work, but
I'd have to spend $50k to get enough of them.
So, my challenge is keeping the price point is something around $1000-$1500 -
I've used the copper sfp+ to sfp+ cables with them just fine.
Also, I can get dual port intel 10gtb nics for about $300.
On Jan 9, 2012, at 12:06 PM, Phil Mayers wrote:
On 09/01/12 17:45, Joel jaeggli wrote:
Intel Ethernet X520-SR2 Server Adapter is ~$950, that's your dual port
As I
I'd make darn sure that Juniper knows that this is an issue for you.
I'm half torn on the optics issue - I can half understand the argument for
certified optics, but I've also been in the position of being short on
'blessed' optics while having other vendors hardware on hand.
With a sfp+ to
20 mins is not normal.
Is that from the box or from a downstream client. What are you doing with rib
groups and how are you advertising internal routes?
Will O'Brien
On Nov 20, 2011, at 1:30 PM, biwa net biwa...@gmail.com wrote:
hi
we added in our network a new mx960, with EBGP peering on
Pulse is ssl. Srx only supports IPSec.
The windows client supports IPSec, so it works.
Will O'Brien
On Sep 27, 2011, at 8:51 AM, Chris Gapske cgap...@paducahpower.com wrote:
Sorry Very new at this but I would like to ask for help on an issue.
I am getting conflicting stories on the ability
To implement tagged interfaces with bridge domains, I use irb interfaces. This
is directly from my production box with a little scrubbing.
xe-0/0/0 {
description blah uplink;
per-unit-scheduler;
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 200 {
10.4r5 seems to need some additional tricks... At least on my mx. We also added
a service filter to keep it from grabbing other traffic.
Will O'Brien
On Aug 14, 2011, at 6:12 PM, Derick Winkworth dwinkwo...@att.net wrote:
You need two rules actually, you have a rule for the input direction,
Agreed. You'll be well served to do these by hand. Especially given screenos's
habit of not displaying all of a multipart policy on the command line.
However, it's a pretty simple task to migrate the address entries to the
address book format.
Once that's done, policies aren't too bad of a
I'd consider preceding certain route ranges across the links. Prefer a range of
routes on each link. Depending how you write your filters, you'll be able to
tune things a bit as well as keep redundancy. The return path can be more
difficult, but I find that as prepends or more specific route
Hey guys,
I need to spend some time putting together a good filter to protect my REs.
Does anyone have a canned one I can start from?
Cheers,
Will
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
Does anyone have examples of configuring nat (NAPT) on the outside interface of
a MX? I've got a working config with Nat applied to an inside interface, but I
need to do it on my gateway interface...
Here's why.
I want to police per user IP at ingres. Policing doesn't play nice with
services
I use 240s for a bgp connected network. Even a 100 will work, but the 240 is
superior. You can even cluster them
Will O'Brien
On Jul 26, 2011, at 6:34 PM, Keith kwo...@citywest.ca wrote:
We need to get something in our work lab for testing the odd thing out
and just to bang on.
Is the SRX
I export the wan route into ospf. Then if the wan connection goes down, the
route is removed from the ospf export.
This will increase the number of updates, but on a small network the extra cpu
required is fairly minimal.
The trick is getting the route removed. I usually have a dynamic protocol
I'm very happy with it, but I've only got MX960s.
It's a fantastic platform for user aggregation. I use it to police per
individual IP across a couple of /16s. Soon I'll be rolling out NAT services
for a /16 of private space for wireless users.
I'd like to get some of the new smaller boxes, but
I've had 10.4r4 in my lab MX960 for a couple of weeks now with no real issues,
but not much test traffic either.
I'm planning to deploy it later this summer to prep for MS-DPC's that are on
the way.
I do have an odd case of a nat service breaking a filter based policer, but on
for Nat'd
There is a re-inspection process, but yes, they make it pretty expensive.
They'd much rather sell you a new router. I was afraid that I'd have to do it
when one of my devices inadvertently fell off maintenance.
That said, have you talked to a sales rep about something like a MX5?
On Jun 2,
During a maintenance window one of my co-workers had to go swap out a juniper
SRX100.
Upon inspection, the file system had been corrupted so much that it wouldn't
boot any more.
We suspect that the issue was due to the end users physically power cycling the
device multiple times trying to 'fix
into a routing
instance...
Any thoughts on that one? As soon as I enable my policer filter, traffic breaks
again. I presume that it never returns to the interface filter to hit the
service filter.
On May 17, 2011, at 11:45 PM, Julien Goodwin wrote:
On 18/05/11 10:34, OBrien, Will wrote:
I've been
Does anyone have recommendations for 10gb server nics? (sfp+) We have a couple
of intels, and the seem decent, but I'm curious if anyone has used any
extensively. We've used them with twinax or optics.
Will O'Brien
University of Missouri, DoIT DNPS
Network Systems Analyst - Redacted
Hmm. Got suggestions for copper 10g nics? I see prices that are similar to SFP+
nics with twinax cables...
Sent from my iPad
On May 4, 2011, at 11:14 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 04/05/11 14:35, OBrien, Will wrote:
Does anyone have recommendations for 10gb server nics
Silly question... You did use commit sync, correct?
Will O'Brien
On May 1, 2011, at 7:51 PM, Chris Kawchuk juniperd...@gmail.com wrote:
Hi Paul..!
Yeah - I tried that as well initially with no luck (and just tried again
just now...)
me@wowter show configuration chassis
alarm {
excellent.
Any dropped traffic issues?
On Apr 29, 2011, at 8:13 AM, Stefan Fouant wrote:
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of OBrien, Will
Sent: Friday, April 29, 2011 1:15 AM
To: juniper-nsp
We were using two tunnels to separate peers. 1 to a pci network and another for
office workers to be on our normal user network.
I will see if I can dig up details later today
Will
Sent from my iPad
On Apr 29, 2011, at 9:05 AM, Dale Shaw dale.s...@gmail.com wrote:
Hi Stefan,
On Friday,
Actually...
OSPF will work across an ipsec tunnel. Unfortunately, last time I checked, it
wouldn't work across a tunnel that's terminated within a routing instance on a
srx. The issue was confirmed by JTAC.
We haven't tried it on 10.4 yet, but it's a known issue with older code.
OSPF just won't
I'm working on building a configuration to support MS-DPCs for netflow (easy)
and nat (less easy) using a virtual routing instance to apply nat to specific
source networks.
Does anyone on the list have some configurations that they can share, using the
MS-DPC on a MX? I'd like to see some
It's clearly documented that netscreen doesn't support ios vpn devices.
Any indications on when we might see that support on the SRX platform?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
I had a misbehaving SRX100 the other day that had an interesting symptom.
It's got a IPSEC tunnel between itself and a SRX240.
The tunnel itself was up, but I couldn't pass traffic over the tunnel.
A look at /var/log/messages revealed a cold boot earlier in the day.
A look at the chassis alarms
It depends on just how bad the attack is.
If you can't identify the major sources with something like netflow/cflow, you
might be able to identify the target. I suggest popping the policer on your
customers one by one and take note of who's inbound traffic spikes the most.
Alternatively, if
1 - 100 of 124 matches
Mail list logo
