E. It mention that
theses packets transit by gigabit ethernet interfaces in the TPP
proprietary protocol, but nothing after. What daemon is in charge of
handling TPP flow on the RE side ? rpd ? for icmp is at the end the
packet go through the freebsd kernel (seems logic but). And what cause
busy doing
programming RPD asked it to do, instead of giving ICMP towards RE.
This is interesting discussion. It was always unclear to me what are
handled by the freebsd kernel, rpd, or the micro junos kernel.
--
Raphael Mazelier
___
juniper-nsp mailing
CCC should work (of memory it worked for me on a simple setup
with only one P in the middle).
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
supported in the MPLS edge switch
if label swap is done.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
real router, a good density and the Junos toolbox on
1U. Sound good on the paper.
What are the port details ? 8x10G ports and 4x100/40/10G which can be
spitted ?
Best,
PS : can you give me some price detail in pv ?
PS2 : How about your remote ? :)
--
Raphael Maz
Is this the case for chassis MX104 and 80? Is your recommendation to run
with indirect-next-hop on them as well?
Correct me if I'm wrong but I think this is the default on all the MX
since a long time. There as no downside afaik.
--
Raphael Maz
).
--
Raphael Mazelier
On 22/12/2016 15:15, Vincent Bernat wrote:
Hey!
How reliable should MC-LAG be considered on EX and QFX series (in a pure
L2 setup)?
I had a few bad experiences with virtual chassis where a hiccup usually
translates to both switches becoming unavailable. This is pretty rare of
course
...
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
ob, and on UDP based application there re-transmission or
control mechanism.
But if you cannot control the server side (this look strange by the way)
you can just go on, after all lacp goal is also to provide redundancy.
--
Raphael Mazelier
___
j
On 27/10/2016 20:28, Karsten Thomann wrote:
I'm a bit curious why until now no one mentioned MPLS Enabled Applications...
Good one but much more theoretical. I like to have practical examples
for my understanding of a new subject.
--
Raphael Maz
I would personally recommend "Mpls in the SDN Era" from Oreily.
The first chapter are a really good practical introduction to MPLS and
further chapters treat RVSP in detail.
--
Raphael Mazelier
___
juniper-nsp mailing list j
evant.
Yep that the plan, with separate RR (vrr or other).
Very likely QFX5k will cover large percentage of P deployment use-cases.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/ju
ower price, what do you think of using a qfx5100 as P/LSR
router ? The mpls support look correct, and it have a lot of 10G ports.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
#x27;ve grab many of the filter over the years, and
can publish it if someone are interrested).
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
ked in the "dmz" vrf, so how do you avoid
this kind of leaking ?
For the default leak, what about a static default backup route ?
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
ing, but I have make the opposite, aka mixed edge and core link
on MPC. The idea was to provide redundancy in case of one MPC failure.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
at I'm going to have large VPN tables and 1.5M won't be
enough.
What the point to separate upstream and downstream port on different MPC
? (apart FIB size)
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https:
n the main table/main vr (vrf provide more
flexibility for a little increased complexity)
- LDP for signaling MPLS (unless you really need FRR, and/or QOS)
as always KISS is a good approach :)
--
Raphael Mazelier
Le 25/03/2016 00:57, Matthew Crocker a écrit :
Hello,
What is the current bes
ge-1/0/13.0;
interface lo0.1;
route-distinguisher 10:14;
vrf-target target:10:10;
vrf-table-label;
}
The filter is never reached...
I will open a case on the Jtac.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.ne
Le 21/03/2016 18:12, Raphael Mazelier a écrit :
Wow look nice. I will give it try. Can I specify a policy in the
rib-groups ?
So tested and nope. I will stuck with my strange (but working config)
configuration.
--
Raphael Mazelier
___
juniper
-WANT;
}
}
}
Nope, this didn't work in this case (mp-bgp learned route to inet.0).
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
sing single
policy in rib-group declaration.
Wow look nice. I will give it try. Can I specify a policy in the
rib-groups ?
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
unicast {
rib-group internet-to-inet0;
}
}
neighbor x.x.x.x;
}
}
}
without the neighbor knob activated, the pfx are not leaked.
--
Raphael Mazelier
___
juniper-nsp mailing list j
imary table)
This last solution seems to be the less manual (I don't want to make
config for each pfx) but seems tricky/ugly.
I got a working setup with these but definitively looks weird.
What are your opinions/hints ?
--
Raphael Mazelier
___
j
roper
license installed ;) (I've spend one hour to find why one of my test vmx
does not anymore, before I found that the license have expired...)
--
Raphael Mazelier
Le 18/03/2016 21:49, serge vautour a écrit :
Hello,
I haven't had any replies in the Juniper VMX forum so I thought I
. But for some reason the filter does not apply on
traffic coming from interface placed in a vrf to the RE.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
inet stanza of the interface. Nothing work
(nothing is filtering, which is very bad).
I wonder if someone has already hit this bug/fonctionnality ?
Best,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nethe
Le 20/02/2016 16:16, Raphael Mazelier a écrit :
Le 19/02/2016 14:08, Adam Vitkovsky a écrit :
Thanks for the clarification.
And again the Oreilly book "Mpls in the SDN ERA" have three great
chapters on the end speficic to theses problematics ("fast restoration").
another for Transits.
But I'm not aware of any performance issues, certainly the convergence is
faster with BGP-PIC.
I will try to move/split the DMZ in separate vrf.
Seems to be a fun project, specialy the migration part.
--
Raphael Mazelier
___
j
af to the other rr neighbor session... No
outage on pe. Love it
Ah ! good approach. Will make it.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
is only available on l3vpn,
so my question is :
Is it advisable to run the dmz/internet table in a vrf/routing instance
on juniper ? and what are the pros/cons of doing that ?
pros : PIC, more flexibily ?
cons : more complex setup, performance issue (I've heard some storie
about that) ?
B
e sub interface .0 remain ENET2, not Ethernet-CCC.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
ot;familly " stanza it just not working :)
--
Raphael Mazelier
Le 10/02/2016 18:12, Pyxis LX a écrit :
Hi, All.
I'm not quite sure when to use the "family ccc" config stanza.
I know that this stanza should be used when applying a filter or a
policer, but what if I don
ificant re engenering of the junos core.
Or equip all its routers with fast x86 cpu :p
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
uld trigger
massive change of route and do :
- quick clear on the entire fib,
- quick install of some specific route (which was flaged).
- normal update
Or other, but provide some options to the operators.
Regards,
--
Raphael Mazelier
Le 05/02/2016 17:15, Brad Fleming a écrit :
Welcome to run
era" is also interresting, regarding
specificly vpn and other overlay scnenario.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
:)
--
Raphael Mazelier
Le 03/02/2016 14:34, Matthew Crocker a écrit :
Hello,
I have an EX-2200 in production and would like to add another to create a
virtual-chassis. The current production unit will be the master and the new
unit will be the backup.Does creating a virtual-chassis
d by Johan originally.
Ah ok I was mis understanding and agree with you. My IGP contains only
my loopback, but I could understand how a laxist policy can inject /32
in it.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether
ters ?
And as generaly we configure IBGP session with next hop self, rtbh route
are directed to the origin router. That's why the Niall setup is
required, make an execption (do not nhs rtbh route) and set a next hop
that is localy resolved, to discard.
--
R
work tagged).
- jumbo frame (at least 9000), because fabric link use special frame
(and long one). If the mtu remains at 1500, strange thing may happen.
- no stp/whatever on the ports
Regards,
--
Raphael Mazelier.
Le 13/01/16 17:04, james list a écrit :
Hi experts,
a customer of mine has
your account rep to see
exactly what the details are.
The QFX5200 isn't shipping just yet, i believe it the 32 port one will
be Q1 2016 and the 64 port will be Q2
We use lots of the QFX5100-24Q and they have been solid.
--
Raphael Mazelier
___
ju
hardware as the QFX5100.
--
Raphael Mazelier
Le 05/12/15 12:02, Robert Hass a écrit :
Hi
I'm thinking about new QFX5200 and idea of software-less box (whitebox).
Please correct me if I'm wrong - can I buy QFX5200 without software and
install Cumulus Linux on it as 3rd party software ?
ite must be engaged.
Btw Junos on intel RE is fast enough for me. But not all on other cpu,
specially on EX/QFX one... Perhaps Juniper should install x86 cpu on
switch too (other vendor do this).
--
Raphael Mazelier
___
juniper-nsp mailing lis
that method as well.
+1. When I begin to use Junos I was really surprised/frustated that I
couldn't use tag/communities on connected, which break the classic logic
of redistributing route in junos. That said this is even worse on other
network os.
--
Raphae
for faster detection.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
rista propose a central/fast db called sysdb to
handle communication/sync to other process (see :
https://www.arista.com/assets/data/pdf/EOSWhitepaper.pdf for detail). I
don't know if was a good/viable approach, but on the paper it seems
promising.
I heard that aws support is on the roadmap for vsrx.
I don't think it make sense for vmx tought.
For now older vsrx/firefly might work with some customisation.
Le 06/10/15 18:09, Nikos Leontsinis a écrit :
Anyone knows if the vmc can be imported as a vm on aws?
--
Raphael Maz
smp aware. First results
are expected in Junos 16 afaik.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
e is on ge roadmap? Does anyone know?
Yes for now the only supported deployment is on top of kvm.
But when I asked Juniper, they told me that the vmware support is a
priority on the roadmap. btw it was possible to run vmx on vmware but it
was a bit tricky.
--
Raphae
here is no limitation
(except by the ram) of RIB/FIB on version I've tested. On official
version if I remember correctly there is a unlimited option.
(VMX-PRM-XXX I think). I could be wrong.
And I still wait for the vmware support.
--
R
I think this is good and stable router. In my opinion it would be
preferable to have two mx480 (with one RE, one SBC each). In your
scenario you'll have a very strong router, but it would not prevent for
human error (or software).
--
Raphael Mazelier
___
I am doing for now with no issues).
I had not played with ms-dpc so I don't know if they are good at making
ipsec (but as ipsec is a common standard and asas the most common device
to make ipsec tunnel, I think this is safe ?). Don't know for the nat.
aking between routing instance.
Very annoying.
- snmp counter on sub interface (but there are workarround)
Regards,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Hello,
I have no the full knowledge to disccussall of the points above, but the
real point is where you come from ? mx80 ? and why you need an upgrade
to (say) mx104 ?
And for what I know:
1. MX104 like MX80 have no SBC, true. They are integrated router.
So no redundancy on this point.
2. Y
,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
d
4550 to test this release.
If it work, this will be a very good news.
Even if the firewall filter is functionnal returning to a "normal"
behaviour would be good.
(mostly for my management/billing system).
--
Raphael Mazelier
___
juniper-nsp
.. But the situation is moving
fastly and newer release fix a log of bugs. But they have 40G ports and
higher density than EX4550.
EX4550 in the other hand are not perfect, but stable and less expensive.
For aggregation swithes with only 10G ports I will go with EX4550.
--
Raphae
e a lot of
limitation. So if you plan to use EX as P router I advice to carefuly
test/stage it. afaik ecmp is not supported on EX.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
accomplish this? I would be grateful for any assistance.
The best workarround is to use firewall filter counters. I've used this
on advice of the list, and it work very well. The only drawback is that
you have to find the correct snmp oid for each counter, but it can
easily be scripted.
refering to the two main mode of design for RRs :
- data traffic pass trough the RR, in band RR
- data paths are not trought the RR, out of band RR
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman
Le 29/05/2015 15:42, Philip Wiberg a écrit :
Another tip now that alg is discussed, you can disable alg in your custom apps
aswell, that way there is no global effect.
In The app conf:
Application-protocol ignore;
Ah yes, you have to put this in your sip-custom application.
--
Raphael
- fw sessions ending (idleing) rtp/sip ?
- remote ending (keep alive not receveid ??)
- local ending (the reverse)
- etc...
Regards,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
t 2
request virtual-chassis vc-port delete pic-slot 1 port 3
Regards,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
supported.
Running 12.3R7 MPLS over RVIs is not working at all.
On subif basics features work, and some other don't (l2circuirt for
example fail silently).
MPLS support on EX is very difficult to work with, features differ
between model, the documentation is not up to date, etc...
--
R
, ccc not.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
-cli.html
Hum on my test even l2circiut (ccc) is not working on EX4200.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
ly I had a better budget and more time :)
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Le 11/05/15 11:31, Mark Tinka a écrit :
On 11/May/15 11:11, Raphael Mazelier wrote:
We have seen this on our EX4550 switches.
The uplink toward the upstream routers is an 802.1Q LAG, where the aeX
interface graphs actual traffic, but the aeX.Y interface just graphs
control traffic
gured family on the interface with a single term, which just does
"count" and "accept". Then I poll those firewall counters.
Tore
Yes I've read that it could be a solution. Have you notive/hit some
performance problems with this config
s some king
of workarround. The goal is to monitoring traffic, and billing.
Thks.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
A friendly PLM said the following was okay to post:
"VMX FRS is 14.1R5 which is expected to be out by the 1st week of June."
Ah good, I ve got a pricelist from Juniper, and price looks ok :)
So we can move forward and test.
--
Raphae
with redundant everything and 4 10G ports. New from Juniper I don't
even want to know what these would cost.
Lets try it. Juniper can make aggressive price :)
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puc
rrect, but for RR, vRR or vSrx (Firefly perimeter)
should be sufficient (?)
Regards,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Le 30/04/15 22:49, Daniel Rohan a écrit :
The good advice I got when I asked this question a few months back was
"talk to your SE". I did, and it was fruitful.
I ll try it again so :)
--
Raphael Mazelier
___
juniper-nsp mailing list j
Le 23/04/15 18:22, Saku Ytti a écrit :
Since 13.2 you could toggle rpd to 64b mode.
Hum interresting. Anyone have feedback about that ?
Stability ?
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https
run 32bits.?
Regards,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
inion, and I think the monolithic design of
rpd should be rethinked.
Regards,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Le 21/04/15 16:02, Raphael Mazelier a écrit :
Me again. I'm facing a problem when mixing rib-groups export and vrf
import/export.
When exporting routes from A to vrf X with rib-groups, these routes is
candidate to be re-exported in mpbgp VPN X, which is not I want (result
in routing
Le 20/04/15 17:27, Raphael Mazelier a écrit :
In my opinion rib-groups have a more complex syntax than auto-export
wich seems natural to me. Anyway with the help of this documentation and
templating feature of junos, I ll be able to make a relatively clear
configuration.
Me again. I&#
figuration.
Regards,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
iable for sampled
anyway. release in 15.0 ?
Regards,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
y idea ? Am I forced to use rib-group ? and how it will inter-operate
with mbgp import/export ?
Regards,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
stable 11.4
branch. Or use the jtac recommanded version : 12.3R8.7.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Hi,
Currently running 12.3R7.7 with no apparent trouble.
Previous versions were exhibiting memory leaks.
I'm running dozen of EX4550 VC with 12.3R7.7.
Running fine.
I've tested 13.2X50, and I'm faced strange routing problem, so I'm stick
with the 12.3 train.
Le 26/01/15 17:19, sth...@nethelp.no a écrit :
As far as I know the software version cannot do IPfix.
Yes, software flow are jflow or cflow v5.
--
Raphael Mazelier
AS39605
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https
that juniper have fixed this on
higher release, but I m happy with software flow for now.
--
Raphael Mazelier
AS39605
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
quot;IPFIX with flows Timeout".
--
Raphael Mazelier
AS39605
Le 26/01/15 05:29, Jordan Whited a écrit :
If clocks are sync’d my best guess would be that your active and/or inactive
flow timeouts are longer than what is configured on the collector and it
doesn’t like that.
Try making them
the mistake (this is
pulicly available informations)
They both use VPLS but the design slighly differ.
Update : Finally the VPLS issue on the France-IX seems to be fixed (with
the help of the jtac). No problem since the new release was in production.
--
Raphael Mazelier
AS39605
le).
For cheaper I end with EX4550 that have correct MPLS/BGP support, and
L2Circuit only.
Regards,
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
ed with EX4550 I can confirm that basic MPLS feature are
supported (RSVP, LDP signalling, L3VPN, L2circuit), but with slow limit
in term of path, vrf, etc...
The EX9200 support VPLS but with some bug (thks to the FranceIX to debug
the juniper code).
300K route approx before rpd crash.
So no full view, even only in RIB.
After all this cheap switch was making his job. Good value for money.
Thks for all.
--
Raphael Mazelier
AS39605
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
ht
loss
What could be missing ?
Here is my config : http://pastebin.com/bHP9FFsp
Thks.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
think it's smarter to use
bgp signalling; but l2circuit are acceptable. And no; no filter (I
deactivate all filter...)
With chip's configuration I've have some traffic (arp in one way), but
nothing more. I think there is definitively something wr
or one reason or another the mac address of the ce is not learn on
the mx80 side ?!
I'm just out of luck for this setup :(
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
different
tought. Some big IX (Linx, FranceIX) run with vpls topologies on EX9200
series (with some issues :) ).
Anyway. Redesigning my network at this stage might be challenging.
I will try to let this work, and think about a new design in //.
Thks.
--
Raphael Mazelier
the other the spec of the EX4550 specifie
that l2vpn (at least l2circuit) should be working...
And some other guys on the list report some kind of success with that.
Thks.
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
ting because I think I'm very close, since the
L2vpn/L2circuit comes up. I will try to capture the traffic to see what
happen (some encapsulation problem).
And even if the correct solution is to force my transit customer to use
ebgp multihop, I need this plan
design. It work well, but I does not want to use
a dedicated MX80 port and switch to transit customers (wich are not the
majority). If I had more money I had bought some MX480 :p
--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.
Any suggestions ? or other way to do ? (I ve tested l2circuit and it
does not work anyway)
--
Raphael Mazelier
AS39605
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
99 matches
Mail list logo
