PTX1000
PTX3000
MX/MP3E
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Robert Hass
Sent: Saturday, September 26, 2015 3:42 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Cheaper way to have 2x100G and 16x10G wire-speed in MX480
Hi
http://www.juniper.net/techpubs/en_US/junos14.1/information-products/topic-collections/release-notes/14.1/index.html?topic-83541.html
Support for upgrades and downgrades that span more than three Junos OS
releases at a time is not provided, except for releases that are designated as
Extended
I assume you mean a different port on the EX going down - not the ports
connected to the MX.
If that is the case, you could perhaps use Uplink Failure detection, in
reverse, so to say...
http://kb.juniper.net/InfoCenter/index?page=contentid=KB21003
This might be interesting: http://youtu.be/Le9S2rj_qXI?t=19m46s (starting from
19m and 46s into the video).
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Evangelos Kanarelis
Sent: Tuesday, August 26, 2014 3:43 PM
To:
Change the date to 2004, and do not use NTP.
set date 200403311010.10
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Mircho Mirchev
Sent: Saturday, March 29, 2014 11:32 PM
To: Tom Storey
Cc: Juniper Maillist
Subject: Re: [j-nsp]
There is also an 8x10G uplink module coming out soon - in the pricelist already.
Mixed VC with EX43 and QFX also means these should be useful for a very long
time.
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Aaron Dewell
Sent:
When you run VRRP, the source MAC address of the ARP request will be the same
from both routers.
http://tools.ietf.org/search/rfc5798#section-8.1.2
Servers only need to learn the virtual MAC/IP in their ARP cache.
If you want the backup router to learn the server MACs, look at [set system arp
# show policy-options
policy-options {
prefix-list lo0.0-inet-address {
apply-path interfaces lo0 unit 0 family inet address *;
}
prefix-list ntp-servers {
apply-path system ntp server *;
}
}
# show firewall
firewall {
family inet {
filter protect_RE {
This might be useful.
http://www.juniper.net/techpubs/en_US/junos/topics/example/subscriber-interface-static-or-dynamic-demux-over-vlan-demux.html
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Josh Hoppes
Sent: Wednesday, December 11,
The EX4550 supports up to 8 interfaces in each LAG, while you have 12.
http://www.juniper.net/techpubs/en_US/junos/topics/concept/interfaces-lag-overview.html
However, that's not an issue there, since even though on the SRX side you
should have one RETH with all 12 interfaces, on the EX-VC since
For any virtual chassis only two licenses are required - for master and backup
RE.
For the EX82-VC is the two XRE.
http://www.juniper.net/techpubs/en_US/junos/topics/concept/ex-series-software-licenses-overview.html
-Original Message-
From: juniper-nsp
Not clear what you want to do, although it looks like family inet..., but
would this work?
# show interfaces ge-1/1/0
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 2 {
vlan-tags outer 3001 inner 2;
family inet {
address 1.1.1.1/31;
}
}
-Original
Official scaling numbers says 4,000 for L2TP on MX80.
http://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/subscriber-access/subscriber-management-scaling-values.xls
PPPoE uses 2 IFL only when there is a VLAN per subscriber.
-Original
Hi,
Keep in mind that SRX and MX/MPC use different command hierarchy for the load
balancing hash config, which means your lab will not be useful.
SRX (and MX/DPC) use hash-key
MX/MPC use enhanced-hash-key
The hash is used on the ingress card of the MX (which might not be the card
connected to
The new MS-MIC is coming too...
http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/ms-mic-and-mpc-overview.html
So, it fits in MPC1/MPC2, if you have a free MIC slot.
It costs a lot less than the MS-DPC, although it has about the same capacity.
Fits in the back of MX80 too...
It is already supported; in Junos version 12.3X50.
http://www.juniper.net/techpubs/en_US/junos12.3/topics/reference/general/qfx-series-software-features-overview.html
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Robert Hass
Sent:
Perhaps this is useful:
https://www.juniper.net/techpubs/en_US/junos/topics/topic-map/vpls-bgp-multihoming.html
There are two places in the configuration where you can configure VPLS
multihoming. One is for FEC 128, and the other is for FEC 129:
For FEC 128-routing-instances instance-name
http://www.juniper.net/us/en/local/pdf/whitepapers/2000452-en.pdf
BGP LU
LDP DoD
...
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Will Orton
Sent: Thursday, August 29, 2013 9:28 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] MPLS
Did you try it with this configuration?
chassis {
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
}
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/concept/ex-series-software-features-overview.html#layer-3-protocols-features-by-platform-table
Supported from 12.3R1, but without PIM, IGMP, multicast in the VRF.
-Original Message-
From: juniper-nsp
Also EX has zero touch provisioning.
http://www.juniper.net/techpubs/en_US/junos/topics/task/configuration/software-image-and-configuration-automatic-provisioning-confguring.html
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net]
https://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mic-mx-series-supported.html#toc-table-mics-mx80
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of joel jaeggli
Sent: Thursday,
Yes.
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Ahmad Alhady
Sent: Wednesday, April 10, 2013 12:38 PM
To: Michel de Nostredame
Cc: nsp-juniper
Subject: Re: [j-nsp] M10i
But does MX80 support SDH ?
On Wed, Apr
On Monday, April 01, 2013 02:49:02 PM ashish verma wrote:
Ingress ipv6 marking is supported on MX. You need to use 'then traffic
class'.
That sounds like classification, not rewrite...
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
If you configure vlan-id none under the routing-instance, then all vlan tags
will be remove before transport over MPLS, and automatically the correct tag
will be pushed on egress towards CE.
Effectively, the VPLS becomes a single broadcast domain also when there are
different VLAN ID on
http://www.juniper.net/techpubs/en_US/junos/topics/example/bgp-local-as-private.html
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Suginto Hung
Sent: Friday, March 01, 2013 10:38 AM
To: juniper-nsp@puck.nether.net
Nice domain.
http://www.juniper.net/techpubs/en_US/junos/topics/concept/ex-series-software-licenses-overview.html
For a Virtual Chassis deployment, two license keys are recommended for
redundancy-one for the device in the master role and the other for the device
in the backup role
You do not
Yes, in Junos you do not redistribute from ospf, you export from inet.0 and
one of your terms in the policy for that export is that the route should be
from protocol ospf. As you have noticed, your connected networks are from
'direct' (pseudo) protocol and not from ospf.
-Original
You could use the install command under the LSP on the ingress PE (which is
somewhat manual), or you could change from OSPF to BGP on the CMTS...
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of James Ashton
Sent:
Note that marking is not word used in Junos...
On ingress you do classification, and on the class assigned you do queuing,
etc. The class does not change any bit in the packet header - the class is
assigned outside the packet header internally in the router.
On egress you may apply a rewrite
use on egress -
or block traffic on ingress.
From: John Neiberger [mailto:jneiber...@gmail.com]
Sent: Monday, January 14, 2013 5:15 PM
To: Per Granath
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Confusion about DSCP marking and rewrite rules
That makes perfect sense. I'm not sure what
Have a look at the High Availability scripts here:
http://www.juniper.net/us/en/community/junos/script-automation/library/event/
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Robert Hass
Sent: Monday, January 07,
Perhaps these are useful:
http://kb.juniper.net/InfoCenter/index?page=contentid=KB25094
http://kb.juniper.net/InfoCenter/index?page=contentid=KB24566
Does the SRX do something special with asymmetric UDP flows? When I
say UDP I mean UDP generically, because I'm aware of special cases like set
I am testing RSVP-TE in Juniper MX Junos 11.2R3. Is there a way to have a
RSVP-TE between ingress and egress PE and use that RSVP-TE only for one
specific L3 MPLS VPN or L2 Circuit VPN customer and other VPN customers
between the same ingress and egress PE to prefer a IGP/LDP path?
In case
Got some issues connecting two new MX10 routers over a DWDM link.
Basically the link just isn't coming. I'm running the XFP-10G-T-DWDM-ZR
optics which are plugged into the 2x10Gb MIC.
This might seem silly but when I look into the XPF in the router I don't see
any red lights coming from
http://www.juniper.net/techpubs/en_US/junos11.4/topics/usage-guidelines/vpns-configuring-firewall-filters-and-policers-for-vpls.html
[edit routing-instances routing-instance-name forwarding-options family vpls]
filter input input-filter-name;
is there a knob so that I can get instance-specific
We have a very odd problem that we've been dealing with for a couple of
weeks. JTAC is involved but we have not come to a resolution yet. The gist of
the problem is that we have two MX960s and we're running VRRP on
multiple interfaces with different Cisco switches in between each pair of
Are those four MX your PE routers?
Does your CE devices connect to one or two PE routers?
I have a question regarding dual VPLS links. My topology will look like this:
MX1-darkfibre--MX2
| |
|
From 12.1R1 it should work.
http://kb.juniper.net/InfoCenter/index?page=contentid=KB26116
Any Ideas on using a USB 3/4G modem with the SRX 100 ?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
The signature
HTTP:STC:SRVRSP:404-NOT-FOUND
should do that.
I have srx 240 want to block http 1.1 404 not found replay from server to
client with IDP but not able to find context and pattern combination.
___
juniper-nsp mailing list
how are the experiences with the EX2500 in regards of software / command-
line quality (since it is not running JunOS) and performance?
It is EOL next month.
The list price of EX4550 is 5% higher than EX2500.
___
juniper-nsp mailing list
Have a look at RMON.
Is-there an easy way (without accounting-profile / event-script) to generate
a trap or a syslog when interface reach 95% of load (for example) ? Platform
MX / release 11.4
___
juniper-nsp mailing list
Your best bet is probably to write an event-script that looks for VRRP
fail-over, and then changes the OSPF metric for the interface.
So, I've got 2 J6350s in full flow-mode guise on 11.4, but not a cluster.
I am trying to use VRRP for some HA though.
Because they're both on the same network
It seems also mac-flush is now available with BGP based VPLS - before that
was only supposed to work with LDP based.
Possibly that is a more important improvement.
I see that there is a new best-site feature in Junos 12.2 for improving the
convergence time in VPLS multi-homed environments:
I would typically do:
show | display set | match super-user
Which would give you:
set system login user marge class super-user
Then I would copy/paste part of that line, and do:
show system login user marge
Perhaps there's a smarter way, or perhaps someone has written an op-script for
ping logical-systems R1 10.0.5.254
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
On Wed, Jul 25, 2012 at 01:32:50AM -0700, Morgan McLean wrote:
So I have a single ASN and two sites that do not peer directly with
each other, but have eBGP with providers.
Site A takes full routes, advertises a /24 Site B takes defaults only,
advertises a /24
I notice I do not get
Is there any reason why you are not running LDP-tunneling to/from R4/R8 and R10?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Am 23.07.2012 16:14, schrieb Per Granath:
Is there any reason why you are not running LDP-tunneling to/from R4/R8
and R10?
This woule be a viable solution, but as mentioned per definition it is not
allowed (or for a better term wanted) in this scenario to extend ldp beyond
4, 8 and 5
I suspect you cannot change metric of internal routes, but for just filtering
try the area-range command, with or without restrict.
Hello,
I have routers in area2 and area0, srx 11.4R1.6 .
R1-area1---R2--area0
I try to filter out or change metrics for some prefixes on ABR (R2), but it
Hi,
The RR needs routes to all its clients in the inet.3 table, otherwise the RR
will not advertise inet-vpn routes to its clients.
If you do not want receive those routes via LDP/RSVP, then you can always do a
static route on the RR. This will never be used for forwarding, just route
Even 'independent tests' from Cisco's friends do not argue that SRX3k
can do 20G+.
http://www.cisco.com/en/US/prod/collateral/vpndevc/miercom_vs_juniper
.
pdf
I am sorry for that sort of a link in such a respectful place :)
I am sure the SRX3600 can do 22Gbps+. The question is not
So I can't remember the command to show the BGP output being sent to a
peer. Such as routes and details I am drawing a blank today.
Thank you for the little things in advance.
show route advertising-protocol bgp
___
juniper-nsp mailing list
Try adding:
set interfaces reth0 encapsulation flexible-ethernet-services
I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
failover
mode.
Is it possible to have a redundant interface as trunk link, with 1 vlan with
an
@IP, and 1 vlan in transparent mode.
I
Flexible Ethernet services should be supported since 10.1.
http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42298.html
It should allow you to mix, at least, 'inet' and 'vlan-vpls' on the interface.
Not sure if it will allow 'bridge',
Well, this gentleman: http://mccltd.net/blog/?p=1199 has looked at that, so:
monitor traffic interface ge-1/0/0 no-resolve matching (ip and (ip[1]
0xfc) 2 == 20)
would give you DSCP with AF22.
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
On Thu, May 24, 2012 at 8:01 AM, Per Granath per.gran...@gcc.com.cy
wrote:
Well, this gentleman: http://mccltd.net/blog/?p=1199 has looked at that,
so:
monitor traffic interface ge-1/0/0 no-resolve matching (ip and (ip[1]
0xfc) 2 == 20)
would give you DSCP with AF22.
But wont
MX240, with redundant REs, with two MPC1, two 2XE MIC, one ATM MIC, one 20GE
MIC.
For the Business connections, do a VC of two EX4200, uplinks to the available
XE ports.
If you have space, go for the MX480 which does not really cost much more.
You need to figure out if you can use MPC1E
Does the M120 RR have reachability to the clients in its inet.3 table?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Something about prefix length size 2 on cisco...
http://forums.juniper.net/t5/Routing/Cisco-and-Juniper-VPLS-Integration-using-BGP/td-p/42308/page/2
Assuming they use the same FEC now.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
When using ccc you cannot add also a L3 interface.
With vpls instead, it may work.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
I believe the exam is using 10.4, so it is probably best to lab with that;
particularly for 6PE, etc.
* d...@infiltr8.com d...@infiltr8.com [2012-04-18 12:51]:
Hi list,
I have an MX80 in the lab for labbing purposes. The idea behind to use
it primarily for JNCIE-ENT/SP studies amongst
It should be possible to get the values via an op-script ...
Not sure if that can also populate MIB values.
So there is no way to poll by SNMP the power for 1 G SFP. Strange.
Yes, this is a significant omission, and you're certainly not the only
one to notice it. If enough people ask
Netflow/jflow should be useful to you.
http://kb.juniper.net/InfoCenter/index?page=contentid=KB12512
Have a look at some free collectors that will analyze the output, or consider
Juniper STRM if you are running firewalling on the box too.
I am currently using a pair of J2350 exporting about
I do not see why it would not work in packet mode.
It works on the routing platforms (MX, etc) that do not support flow mode.
But jflow is not going to work in packet mode, right?
On Tue, Apr 3, 2012 at 12:15 AM, Per Granath per.gran...@gcc.com.cy
wrote:
Netflow/jflow should be useful
I suspect the 10.4 would not lock down the XE ports on the chassis, so there is
a reason for not allowing it to work...
It's quite weird, especially since I can upgrade the system to a full MX80
with licences only, and if I do that I expect that I will be able to run my
standard release
Much of the L2 functionality (VPLS, etc.) came in 11.4 and was not available in
11.2.
See the release notes.
I'm looking for the most stable code to run MX960's in a virtual-chassis.
They'll be an MPLS (RSVP and LDP signaled) PE.
I've narrowed it down to one of the latest 11.2 revs or
Are you sure you are not running Junos 11.x ?
I said before it was in 10.4 that mapped addresses changed from :: to :::
but it was probably from 11.1. Been some time since I looked into it.
Have a look at the Day One book Advanced IPv6 Configuration for an example with
:::.
In 10.4 the automatically created IPv4-compatible IPv6-address changed, that
is the (:::12.1.1.1).
Before 10.4 it used to be just (::12.1.1.1).
If you have mixture in the network it will be confusing...
BTW, the JNCIE exam is now using 10.4.
i met some odd problem on junos 10.4 . two
In principle, which ever router has 12.1.1.1 as inet address, also needs to
have :::12.1.1.1 as a (secondary) inet6 address, and advertise this in IGP.
Hello per,
Thanks for ur response.R1 dont accept the route in 10.4. how do we do make it
accept the route.
Thanks
--
Both RE´s have the same software image. and now my doubts are about the
configuration, Do I need to edit groups RE0 and re1? In this moment I haven´t
IP in the fxp0 interface, How I can access the Backup RE from the Master RE
?.
request routing-engine login (backup | master |
We have an MX960 with two routing engines, Re0: Backup, Re1: Master
When we try to switchover to the backup RE we see the following message:
XXX# run request chassis routing-engine master switch
error: Standby Routing Engine is not ready for graceful switchover
(replication_err
I'm trying to work with an interface that has mixed subinterfaces. some of
the subinterfaces are part of a bridge domain, some are family inet, and one
interface is PPPOE for subscriber termination.
unit 402 {
description Wireless_PPPOE;
encapsulation ppp-over-ether;
vlan-id
Try the command:
no-gratuitous-arp-request
Basically we migrate from a Cisco to a Juniper MX80, and since there
has been some issues, mainly we are seeing IP addresses being shared
by 2-3 mac address, to be precise , mac address being rewritten , ie:
one IP is being seen on the Juniper
However, I also need to accept OSPF and BGP.
I dont want to allow BGP on ge-1/0/0. This should be done at lo0.
But If I accept BGP on ge-1/0/0, I also need to accept it on lo0 to get it to
work.
Is it possible to have different rules for incomning interface and lo0?
BGP is a TCP
However, I also need to accept OSPF and BGP.
I dont want to allow BGP on ge-1/0/0. This should be done at lo0.
But If I accept BGP on ge-1/0/0, I also need to accept it on lo0 to get it
to
work.
Is it possible to have different rules for incomning interface and lo0?
BGP is a
Im trying a basic filer to deny traffic to lo0.
SSH, OSPF and ICMP is allowed.
It doesnt work, it allows all traffic.
Same filter work on a ge-interface.
ge-1/0/0 {
unit 0 {
family inet {
filter {
input admin-access;
}
Error in JUNOS:
Jan 14 11:23:17 border-ptt-rs rpd[1055]: bgp_recv: read from peer
2ABC:DE::6 (Internal AS ABCDE) failed: Connection reset by peer Jan 14
11:25:01 border-ptt-rs rpd[1055]: bgp_process_caps: mismatch NLRI with
2ABC:DE::6 (Internal AS ABCDE): peer: inet-unicast(1) us:
Recently I was working on a scenario in OSPF for checking the use of
Backbone Area 0 for Inter-Area communication and I was surprised to see
that 2 Non-Backbone areas were able to exchange inter-area routes without
any Area 0 configured. Well the same thing did not work in Cisco which was
I read that the tunnel-services statement has to be configured under the
[chassis hardware pic] But the question is: does it have to be configured on
all the routers along the path to the other PE router?
tunnel-services are only needed on PE routers.
There's also the alternative to use
If you are doing route target filtering (family route-target), then you may
need to add the default target on the RRs:
set ... protocols bgp ... family route-target advertise-default
Cheers.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
Hi,
Try running LACP too:
set interfaces ae4 aggregated-ether-options lacp active
Regards,
Per
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of hani ibrahim
Sent: 23 November 2011 11:01
To:
Hi,
I had a similar thing once.
If you have graceful-switchover and nonstop-routing enabled, try to deactivate
it, commit, and then activate it again. It effectively resets the database with
kernel connections (I think) and that sorted out the issue. Perhaps not that
relevant on an M7i with a
83 matches
Mail list logo