PTX1000
PTX3000
MX/MP3E
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Robert Hass
Sent: Saturday, September 26, 2015 3:42 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Cheaper way to have 2x100G and 16x10G wire-speed in MX480
Hi
What
http://www.juniper.net/techpubs/en_US/junos14.1/information-products/topic-collections/release-notes/14.1/index.html?topic-83541.html
"Support for upgrades and downgrades that span more than three Junos OS
releases at a time is not provided, except for releases that are designated as
Extended En
I assume you mean a different port on the EX going down - not the ports
connected to the MX.
If that is the case, you could perhaps use Uplink Failure detection, in
reverse, so to say...
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21003
http://www.juniper.net/techpubs/en_US/junos14
With this you are setting the forwarding-class, which is internal to the MX.
If you also want to rewrite the DHCP bits in the packet headers, then you also
need to configure 'rewrite' for these forwarding classes, on the egress
interfaces (core facing in this case).
I can't remember what the de
This might be interesting: http://youtu.be/Le9S2rj_qXI?t=19m46s (starting from
19m and 46s into the video).
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Evangelos Kanarelis
Sent: Tuesday, August 26, 2014 3:43 PM
To: juniper-nsp@puck.neth
Duct tape or super glue ...
-Original Message-
From: Tom Storey [mailto:t...@snnap.net]
Sent: Thursday, April 03, 2014 12:01 PM
To: Per Granath
Cc: Mircho Mirchev; Juniper Maillist
Subject: Re: [j-nsp] J2300/J4300 FPCs cannot go online
Juniper's solution is perhaps a little
The smaller SRX100/SRX210 have external power supply, so you can always
consider using a single SRX but install a spare power supply at each site.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper
Change the date to 2004, and do not use NTP.
set date 200403311010.10
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Mircho Mirchev
Sent: Saturday, March 29, 2014 11:32 PM
To: Tom Storey
Cc: Juniper Maillist
Subject: Re: [j-nsp] J2300/J430
I could add "syntax" as an important aspect. First of all as a way to learn and
memorize ways of configuration - the CLI syntax is probably for most people an
easier way to memorize than a GUI.
Of course, we should all learn the concepts, generally in a vendor neutral
language or syntax, but
grow.
-Original Message-
From: Mark Tinka [mailto:mark.ti...@seacom.mu]
Sent: Thursday, February 20, 2014 9:49 AM
To: juniper-nsp@puck.nether.net
Cc: Per Granath; Aaron Dewell; ryanL
Subject: Re: [j-nsp] VLAN's on EX4300 with 13.2X50-D15.3
On Thursday, February 20, 2014 09:01:01 A
There is also an 8x10G uplink module coming out soon - in the pricelist already.
Mixed VC with EX43 and QFX also means these should be useful for a very long
time.
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Aaron Dewell
Sent: Wednesday
When you run VRRP, the source MAC address of the ARP request will be the same
from both routers.
http://tools.ietf.org/search/rfc5798#section-8.1.2
Servers only need to learn the virtual MAC/IP in their ARP cache.
If you want the backup router to learn the server MACs, look at [set system arp
p
# show policy-options
policy-options {
prefix-list lo0.0-inet-address {
apply-path "interfaces lo0 unit 0 family inet address <*>";
}
prefix-list ntp-servers {
apply-path "system ntp server <*>";
}
}
# show firewall
firewall {
family inet {
filter protect_RE {
This might be useful.
http://www.juniper.net/techpubs/en_US/junos/topics/example/subscriber-interface-static-or-dynamic-demux-over-vlan-demux.html
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Josh Hoppes
Sent: Wednesday, December 11, 2013
Not clear what you want to do, although it looks like "family inet"..., but
would this work?
# show interfaces ge-1/1/0
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 2 {
vlan-tags outer 3001 inner 2;
family inet {
address 1.1.1.1/31;
}
}
-Original
For any virtual chassis only two licenses are required - for master and backup
RE.
For the EX82-VC is the two XRE.
http://www.juniper.net/techpubs/en_US/junos/topics/concept/ex-series-software-licenses-overview.html
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.
The EX4550 supports up to 8 interfaces in each LAG, while you have 12.
http://www.juniper.net/techpubs/en_US/junos/topics/concept/interfaces-lag-overview.html
However, that's not an issue there, since even though on the SRX side you
should have one RETH with all 12 interfaces, on the EX-VC since
Official scaling numbers says 4,000 for L2TP on MX80.
http://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/subscriber-access/subscriber-management-scaling-values.xls
PPPoE uses 2 IFL only when there is a VLAN per subscriber.
-Original Message--
Hi,
Keep in mind that SRX and MX/MPC use different command hierarchy for the load
balancing hash config, which means your lab will not be useful.
SRX (and MX/DPC) use "hash-key"
MX/MPC use "enhanced-hash-key"
The hash is used on the ingress card of the MX (which might not be the card
connected
The new MS-MIC is coming too...
http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/ms-mic-and-mpc-overview.html
So, it fits in MPC1/MPC2, if you have a free MIC slot.
It costs a lot less than the MS-DPC, although it has about the same capacity.
Fits in the back of MX80 too...
-
It is already supported; in Junos version 12.3X50.
http://www.juniper.net/techpubs/en_US/junos12.3/topics/reference/general/qfx-series-software-features-overview.html
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Robert Hass
Sent: Monday,
Perhaps this is useful:
https://www.juniper.net/techpubs/en_US/junos/topics/topic-map/vpls-bgp-multihoming.html
There are two places in the configuration where you can configure VPLS
multihoming. One is for FEC 128, and the other is for FEC 129:
For FEC 128-routing-instances instance-name proto
http://www.juniper.net/us/en/local/pdf/whitepapers/2000452-en.pdf
BGP LU
LDP DoD
...
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Will Orton
Sent: Thursday, August 29, 2013 9:28 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] MPLS PEs
Did you try it with this configuration?
chassis {
redundancy {
failover {
on-loss-of-keepalives;
on-disk-failure;
}
}
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/ma
http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/concept/ex-series-software-features-overview.html#layer-3-protocols-features-by-platform-table
Supported from 12.3R1, but without PIM, IGMP, multicast in the VRF.
-Original Message-
From: juniper-nsp [mailto:juniper-n
With MPC cards (which MX5 is) you need "enhanced-hash-key".
http://www.juniper.net/techpubs/en_US/junos/topics/reference/configuration-statement/enhanced-hash-key-edit-forwarding-options.html
http://kb.juniper.net/InfoCenter/index?page=content&id=KB24339
-Original Message-
From: juniper
Also EX has "zero touch provisioning".
http://www.juniper.net/techpubs/en_US/junos/topics/task/configuration/software-image-and-configuration-automatic-provisioning-confguring.html
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net]
https://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mic-mx-series-supported.html#toc-table-mics-mx80
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of joel jaeggli
Sent: Thursday, A
Yes.
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Ahmad Alhady
Sent: Wednesday, April 10, 2013 12:38 PM
To: Michel de Nostredame
Cc: nsp-juniper
Subject: Re: [j-nsp] M10i
But does MX80 support SDH ?
On Wed, Apr 1
On Monday, April 01, 2013 02:49:02 PM ashish verma wrote:
> Ingress ipv6 marking is supported on MX. You need to use 'then traffic
> class'.
That sounds like classification, not rewrite...
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
http
If you configure "vlan-id none" under the routing-instance, then all vlan tags
will be remove before transport over MPLS, and automatically the correct tag
will be pushed on egress towards CE.
Effectively, the VPLS becomes a single broadcast domain also when there are
different VLAN ID on diffe
http://www.juniper.net/techpubs/en_US/junos/topics/example/bgp-local-as-private.html
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Suginto Hung
Sent: Friday, March 01, 2013 10:38 AM
To: juniper-nsp@puck.nether.net
Su
Nice domain.
http://www.juniper.net/techpubs/en_US/junos/topics/concept/ex-series-software-licenses-overview.html
For a Virtual Chassis deployment, two license keys are recommended for
redundancy-one for the device in the master role and the other for the device
in the backup role
You do not n
Yes, in Junos you do not "redistribute from ospf", you "export from inet.0" and
one of your terms in the policy for that export is that the route should be
from "protocol ospf". As you have noticed, your connected networks are from
'direct' (pseudo) protocol and not from ospf.
-Original Me
http://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/junos-license-key-components.html
"Starting with Junos OS Release 12.2, license keys are available to enhance the
port capacity on MX5, MX10, and MX40 routers up to the port capacity of an MX80
router.
"... the Junos OS licensing in
You could use the "install" command under the LSP on the ingress PE (which is
somewhat manual), or you could change from OSPF to BGP on the CMTS...
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of James Ashton
Sent: Th
use on egress -
or block traffic on ingress.
From: John Neiberger [mailto:jneiber...@gmail.com]
Sent: Monday, January 14, 2013 5:15 PM
To: Per Granath
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Confusion about DSCP marking and rewrite rules
That makes perfect sense. I'm not sure
Note that "marking" is not word used in Junos...
On ingress you do "classification", and on the class assigned you do queuing,
etc. The class does not change any bit in the packet header - the class is
assigned "outside" the packet header internally in the router.
On egress you may apply a rewr
The general idea is to do:
Policing (firewall filter) on ingress
Shaping (CoS) on egress
http://www.juniper.net/us/en/local/pdf/implementation-guides/8010073-en.pdf
Shaping is typically per port, and I am not sure if you can do that per VLAN.
But the feature guide say there is CoS support on RVI
Have a look at the High Availability scripts here:
http://www.juniper.net/us/en/community/junos/script-automation/library/event/
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Robert Hass
Sent: Monday, January 07, 2
Perhaps these are useful:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB25094
http://kb.juniper.net/InfoCenter/index?page=content&id=KB24566
> Does the SRX do something "special" with asymmetric UDP flows? When I
> say UDP I mean UDP generically, because I'm aware of special cases lik
> I am testing RSVP-TE in Juniper MX Junos 11.2R3. Is there a way to have a
> RSVP-TE between ingress and egress PE and use that RSVP-TE only for one
> specific L3 MPLS VPN or L2 Circuit VPN customer and other VPN customers
> between the same ingress and egress PE to prefer a IGP/LDP path?
>
> In
> Got some issues connecting two new MX10 routers over a DWDM link.
>
> Basically the link just isn't coming. I'm running the XFP-10G-T-DWDM-ZR
> optics which are plugged into the 2x10Gb MIC.
>
> This might seem silly but when I look into the XPF in the router I don't see
> any red lights coming
http://www.juniper.net/techpubs/en_US/junos11.4/topics/usage-guidelines/vpns-configuring-firewall-filters-and-policers-for-vpls.html
[edit routing-instances routing-instance-name forwarding-options family vpls]
filter input input-filter-name;
> is there a knob so that I can get instance-specific
> We have a very odd problem that we've been dealing with for a couple of
> weeks. JTAC is involved but we have not come to a resolution yet. The gist of
> the problem is that we have two MX960s and we're running VRRP on
> multiple interfaces with different Cisco switches in between each pair of
>
Are those four MX your PE routers?
Does your CE devices connect to one or two PE routers?
> I have a question regarding dual VPLS links. My topology will look like this:
>
> MX1-darkfibre--MX2
> | |
> |
>From 12.1R1 it should work.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB26116
>
> Any Ideas on using a USB 3/4G modem with the SRX 100 ?
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinf
The signature
HTTP:STC:SRVRSP:404-NOT-FOUND
should do that.
> I have srx 240 want to block "http 1.1 404 not found" replay from server to
> client with IDP but not able to find context and pattern combination.
___
juniper-nsp mailing list juniper-nsp@
> how are the experiences with the EX2500 in regards of software / command-
> line quality (since it is not running JunOS) and performance?
It is EOL next month.
The list price of EX4550 is 5% higher than EX2500.
___
juniper-nsp mailing list juniper-ns
> > As for "high speed link to an EX" something along those lines has now
> > been announced as "Node Unifier" for FEX-like support.
> >
> >
> > It's a shame that the sum total of detail on that feature on Juniper's
> public website is two paragraphs that give very little detail on it.
>
> "
> Jun
Have a look at RMON.
> Is-there an easy way (without accounting-profile / event-script) to generate
> a trap or a syslog when interface reach 95% of load (for example) ? Platform
> MX / release 11.4
___
juniper-nsp mailing list juniper-nsp@puck.nether
It seems also "mac-flush" is now available with BGP based VPLS - before that
was only supposed to work with LDP based.
Possibly that is a more important improvement.
> I see that there is a new "best-site" feature in Junos 12.2 for improving the
> convergence time in VPLS multi-homed environmen
Your best bet is probably to write an "event-script" that looks for VRRP
fail-over, and then changes the OSPF metric for the interface.
> So, I've got 2 J6350s in full flow-mode guise on 11.4, but not a cluster.
> I am trying to use VRRP for some HA though.
> Because they're both "on" the same ne
I would typically do:
show | display set | match super-user
Which would give you:
set system login user marge class super-user
Then I would copy/paste part of that line, and do:
show system login user marge
Perhaps there's a smarter way, or perhaps someone has written an op-script for
it...
ping logical-systems R1 10.0.5.254
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
> On Wed, Jul 25, 2012 at 01:32:50AM -0700, Morgan McLean wrote:
> > So I have a single ASN and two sites that do not peer directly with
> > each other, but have eBGP with providers.
> >
> > Site A takes full routes, advertises a /24 Site B takes defaults only,
> > advertises a /24
> >
> > I notice
> Am 23.07.2012 16:14, schrieb Per Granath:
> > Is there any reason why you are not running LDP-tunneling to/from R4/R8
> and R10?
>
> This woule be a viable solution, but as mentioned per definition it is not
> allowed (or for a better term wanted) in this scenario to ext
Is there any reason why you are not running LDP-tunneling to/from R4/R8 and R10?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Hi,
The RR needs routes to all its clients in the inet.3 table, otherwise the RR
will not advertise inet-vpn routes to its clients.
If you do not want receive those routes via LDP/RSVP, then you can always do a
static route on the RR. This will never be used for forwarding, just route
reflecti
I suspect you cannot change metric of internal routes, but for just filtering
try the "area-range" command, with or without "restrict".
> Hello,
>
> I have routers in area2 and area0, srx 11.4R1.6 .
> R1-area1---R2--area0
>
> I try to filter out or change metrics for some prefixes on ABR (R2),
> So I can't remember the command to show the BGP output being sent to a
> peer. Such as routes and details I am drawing a blank today.
> Thank you for the little things in advance.
>
show route advertising-protocol bgp
___
juniper-nsp mailing list jun
> > Even 'independent tests' from Cisco's friends do not argue that SRX3k
> > can do 20G+.
> >
> http://www.cisco.com/en/US/prod/collateral/vpndevc/miercom_vs_juniper
> .
> > pdf
> >
> > I am sorry for that sort of a link in such a respectful place :)
>
> I am sure the SRX3600 can do 22Gbps+. The
Flexible Ethernet services should be supported since 10.1.
http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42298.html
It should allow you to mix, at least, 'inet' and 'vlan-vpls' on the interface.
Not sure if it will allow 'bridge', b
Try adding:
set interfaces reth0 encapsulation flexible-ethernet-services
> I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
> failover
> mode.
> Is it possible to have a redundant interface as trunk link, with 1 vlan with
> an
> @IP, and 1 vlan in transparent mode.
>
lab@A> file checksum md5 /var/home/lab/jinstall-10.1R1.8-domestic-signed.tgz
http://kb.juniper.net/InfoCenter/index?page=content&id=KB17665
> I've been trying to install the Junos 10 into one M20 with Routing Engine
> 3.0 (with one SSD of 8GB) and I getting this error
>
> Adding jbase...
>
> On Thu, May 24, 2012 at 8:01 AM, Per Granath
> wrote:
> > Well, this gentleman: http://mccltd.net/blog/?p=1199 has looked at that,
> so:
> >
> > monitor traffic interface ge-1/0/0 no-resolve matching "(ip and (ip[1] &
> 0xfc) >> 2 == 20)"
&g
Well, this gentleman: http://mccltd.net/blog/?p=1199 has looked at that, so:
monitor traffic interface ge-1/0/0 no-resolve matching "(ip and (ip[1] &
0xfc) >> 2 == 20)"
would give you DSCP with AF22.
> -Original Message-
> From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-n
ilto:t...@snnap.net]
> Sent: Wednesday, May 23, 2012 9:13 PM
> To: Per Granath
> Cc: MKS; juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] what would you put in this PoP
>
> Assuming space were not an issue, is there a reason why you might avoid
> something like an M320,
MX240, with redundant REs, with two MPC1, two 2XE MIC, one ATM MIC, one 20GE
MIC.
For the Business connections, do a VC of two EX4200, uplinks to the available
XE ports.
If you have space, go for the MX480 which does not really cost much more.
You need to figure out if you can use MPC1E (reduce
When using ccc you cannot add also a L3 interface.
With vpls instead, it may work.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Does the M120 RR have reachability to the clients in its inet.3 table?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Something about "prefix length size 2" on cisco...
http://forums.juniper.net/t5/Routing/Cisco-and-Juniper-VPLS-Integration-using-BGP/td-p/42308/page/2
Assuming they use the same FEC now.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https:/
I believe the exam is using 10.4, so it is probably best to lab with that;
particularly for 6PE, etc.
> * d...@infiltr8.com [2012-04-18 12:51]:
> > Hi list,
> >
> > I have an MX80 in the lab for labbing purposes. The idea behind to use
> > it primarily for JNCIE-ENT/SP studies amongst feature t
It should be possible to get the values via an op-script ...
Not sure if that can also populate MIB values.
> > > So there is no way to poll by SNMP the power for 1 G SFP. Strange.
> >
> > Yes, this is a significant omission, and you're certainly not the only
> > one to notice it. If enough peop
I do not see why it would not work in packet mode.
It works on the routing platforms (MX, etc) that do not support "flow mode".
> But jflow is not going to work in packet mode, right?
>
> On Tue, Apr 3, 2012 at 12:15 AM, Per Granath
> wrote:
> > Netflow/j
Netflow/jflow should be useful to you.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB12512
Have a look at some free collectors that will analyze the output, or consider
Juniper STRM if you are running firewalling on the box too.
> > I am currently using a pair of J2350 exporting abo
I suspect the 10.4 would not lock down the XE ports on the chassis, so there is
a reason for not allowing it to work...
> It's quite weird, especially since I can "upgrade" the system to a full MX80
> with licences only, and if I do that I expect that I will be able to run my
> standard release
Much of the L2 functionality (VPLS, etc.) came in 11.4 and was not available in
11.2.
See the release notes.
> I'm looking for the most stable code to run MX960's in a virtual-chassis.
> They'll be an MPLS (RSVP and LDP signaled) PE.
>
> I've narrowed it down to one of the latest 11.2 revs or 11
Are you sure you are not running Junos 11.x ?
I said before it was in 10.4 that mapped addresses changed from :: to :::
but it was probably from 11.1. Been some time since I looked into it.
Have a look at the Day One book Advanced IPv6 Configuration for an example with
:::.
__
-- Original --
From: "Per Granath"mailto:per.gran...@gcc.com.cy>>;
Date: Fri, Mar 16, 2012 11:46 PM
To:
"juniper-nsp"mailto:juniper-nsp@puck.nether.net>>;
Cc: "bruno"mailto:bruno.juni...@gmail.com>>;
Subject: RE: [j-nsp] bgp ipv6
In 10.4 the automatically created "IPv4-compatible IPv6-address" changed, that
is the (:::12.1.1.1).
Before 10.4 it used to be just (::12.1.1.1).
If you have mixture in the network it will be confusing...
BTW, the JNCIE exam is now using 10.4.
> i met some odd problem on junos 10.4 . two r
> Both RE´s have the same software image. and now my doubts are about the
> configuration, Do I need to edit groups RE0 and re1? In this moment I haven´t
> IP in the fxp0 interface, How I can access the Backup RE from the Master RE
> ?.
>
request routing-engine login (backup | master | other-ro
> We have an MX960 with two routing engines, Re0: Backup, Re1: Master
>
> When we try to switchover to the backup RE we see the following message:
>
> XXX# run request chassis routing-engine master switch
>
> error: Standby Routing Engine is not ready for graceful switchover
> (replication_err s
> I'm trying to work with an interface that has mixed subinterfaces. some of
> the subinterfaces are part of a bridge domain, some are family inet, and one
> interface is PPPOE for subscriber termination.
>
>
> unit 402 {
> description Wireless_PPPOE;
> encapsulation ppp-over-ether;
>
Try the command:
no-gratuitous-arp-request
> > Basically we migrate from a Cisco to a Juniper MX80, and since there
> > has been some issues, mainly we are seeing IP addresses being shared
> > by 2-3 mac address, to be precise , mac address being rewritten , ie:
> > one IP is being seen on the Ju
> > However, I also need to accept OSPF and BGP.
> >
> > I dont want to allow BGP on ge-1/0/0. This should be done at lo0.
> >
> > But If I accept BGP on ge-1/0/0, I also need to accept it on lo0 to get it
> > to
> work.
> >
> > Is it possible to have different rules for incomning interface and lo
> However, I also need to accept OSPF and BGP.
>
> I dont want to allow BGP on ge-1/0/0. This should be done at lo0.
>
> But If I accept BGP on ge-1/0/0, I also need to accept it on lo0 to get it to
> work.
>
> Is it possible to have different rules for incomning interface and lo0?
BGP is a TC
> Im trying a basic filer to deny traffic to lo0.
> SSH, OSPF and ICMP is allowed.
>
> It doesnt work, it allows all traffic.
>
> Same filter work on a ge-interface.
>
> ge-1/0/0 {
> unit 0 {
> family inet {
> filter {
> input admin-access;
>
> > You have no CE interface in the chrismas instance. Do you just want
> > the IRB interface in there? If so, than replace "interface irb.800" with
> "routing-interface irb.800"
>
Note that whatever CE facing interfaces you have in the vpls type
routing-instance, also need to have "encapsulati
> Error in JUNOS:
> Jan 14 11:23:17 border-ptt-rs rpd[1055]: bgp_recv: read from peer
> 2ABC:DE::6 (Internal AS ABCDE) failed: Connection reset by peer Jan 14
> 11:25:01 border-ptt-rs rpd[1055]: bgp_process_caps: mismatch NLRI with
> 2ABC:DE::6 (Internal AS ABCDE): peer: (1) us:
> (32)
Quagga wa
> Does anyone know if there is a special apply-group for referencing individual
> virtual-chassis members?
member0, member 1, member2, ...
http://kb.juniper.net/InfoCenter/index?page=content&id=KB15556
___
juniper-nsp mailing list juniper-nsp@puck.neth
> Recently I was working on a scenario in OSPF for checking the use of
> Backbone Area 0 for Inter-Area communication and I was surprised to see
> that 2 Non-Backbone areas were able to exchange inter-area routes without
> any Area 0 configured. Well the same thing did not work in Cisco which was
> I read that the tunnel-services statement has to be configured under the
> [chassis hardware pic] But the question is: does it have to be configured on
> all the routers along the path to the other PE router?
tunnel-services are only needed on PE routers.
There's also the alternative to use vrf-
Including the bgp config would help too.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
If you are doing route target filtering (family route-target), then you may
need to add the default target on the RRs:
set ... protocols bgp ... family route-target advertise-default
Cheers.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
htt
Hi,
Try running LACP too:
set interfaces ae4 aggregated-ether-options lacp active
Regards,
Per
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of hani ibrahim
Sent: 23 November 2011 11:01
To: juniper-nsp@puck.n
Hi,
I had a similar thing once.
If you have graceful-switchover and nonstop-routing enabled, try to deactivate
it, commit, and then activate it again. It effectively resets the database with
kernel connections (I think) and that sorted out the issue. Perhaps not that
relevant on an M7i with a
97 matches
Mail list logo
