Re: [j-nsp] Old JunOS upgrade path
On 8/Mar/19 23:12, Gert Doering wrote: > So? Just as with FreeBSD (if you've used it before), you can upgrade to 11 if you are coming from 9.3 and any official version of 10. For anything earlier than that, you'd need to upgrade to 10 first. You can upgrade to 10 if you are coming from any official versions of 7, 8 and 9. If you have anything earlier than that, you need to upgrade to 9 first. You can upgrade to 12 if you are coming from any official release of 11. For anything earlier than that, you need to upgrade to 11 first. And so on and so on, for the reasons that Ola has highlighted. With Junos being based on FreeBSD, you can see why this makes sense. Mark. signature.asc Description: OpenPGP digital signature ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
On 8/Mar/19 16:56, Pierre Emeriaud wrote: > > As others said, direct upgrade is somewhat unsupported and quite bold. > > We're currently upgrading mx480s from 13.3R5 to 17.2R2 with an > intermediate step on 15.1F5. As those are LNSes we have to activate > tomcat (`services subscriber-management`) while in 15.1, then continue > the upgrade. If memory serves, we rolled out our new backbone back in 2014 on 14. We totally skipped 15 and went straight to 16. We are now on 17. We usually do an upgrade once a year, in many cases moving to the next major release in the line. We didn't do this for 15 because we spent most of 2014 - 2016 in roll-out. Mark. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
My point is only that they made a _lot_ of changes to the underlaying systems between 12/13/14 and 15 (as far as I understand it 15 is basically forked from 12, so changes done in 13 and 14 are not necessarily in 15). But they still changed a lot, especially the whole change from running as a os directly on the hw, to a virtualised environment on many platforms etc. started in 15. So that is why I would suggest going from whatever you have that is less than 15, to 15.1, and then going from there to whatever you want to go to that is higher than 15. These days, the major number is only representing the year (it always has, but today to an even greater extent). So the difference beween eg. 17.4 and 18.1 is not neccesarily more greater than the difference between 17.3 and 17.4. /Ola (T) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
Lately, we have been upgrading lots of our ACX5048's from 15.1X54 (D51 and D61) to 17.3R3.10 -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
Hi, > On Fri, Mar 08, 2019 at 01:17:44PM -0700, Eldon Koyle wrote: >> Many (most?) network operating systems are an image file that the >> switch either writes over a partition (ie. block-level copy) or boots >> directly (ie. initrd/initramfs) with a separate partition for a config >> file. Junos is a full BSD operating system that installs packages to >> partitions on the device, runs upgrade scripts, etc. > > So? I didn't do an upgrade but I replaced an SRX last week. Went from an SRX210 with 12.1X to an SRX345 with 18.4R. Almost the whole configuration was copy The interface names were different, but that was about it. I see no reason why an upgrade wouldn't have worked: it's basically the same as copy an old config to a new OS release. Cheers, Sander signature.asc Description: Message signed with OpenPGP ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
Hi, On Fri, Mar 08, 2019 at 01:17:44PM -0700, Eldon Koyle wrote: > Many (most?) network operating systems are an image file that the > switch either writes over a partition (ie. block-level copy) or boots > directly (ie. initrd/initramfs) with a separate partition for a config > file. Junos is a full BSD operating system that installs packages to > partitions on the device, runs upgrade scripts, etc. So? gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
Many (most?) network operating systems are an image file that the switch either writes over a partition (ie. block-level copy) or boots directly (ie. initrd/initramfs) with a separate partition for a config file. Junos is a full BSD operating system that installs packages to partitions on the device, runs upgrade scripts, etc. -- Eldon On Fri, Mar 8, 2019 at 12:28 PM Gert Doering wrote: > > Hi, > > On Fri, Mar 08, 2019 at 10:38:16AM +0100, "Rolf Hanßen" wrote: > > usually they say not more than 2 major releases in one step (i.e. 13 -> 15 > > -> 17). > > So why is that? > > Genuinely curious, as I do not have much JunOS upgrade experience - and > my Cisco IOS experience so far has been "you can go from wherever you > are to wherever you want to go" - when going up, you can hit warnings > about "old config syntax", and when going down, you might lose config > bits that are "new" - but besides this, things generally work. > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
Hi, On Fri, Mar 08, 2019 at 10:38:16AM +0100, "Rolf Hanßen" wrote: > usually they say not more than 2 major releases in one step (i.e. 13 -> 15 > -> 17). So why is that? Genuinely curious, as I do not have much JunOS upgrade experience - and my Cisco IOS experience so far has been "you can go from wherever you are to wherever you want to go" - when going up, you can hit warnings about "old config syntax", and when going down, you might lose config bits that are "new" - but besides this, things generally work. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Hyper Mode on MX
Hey Michael, > I have used successfully used hyper mode on MPC4E in M2K for a few years with > little regrets. I chose to do this as I didn't have the equipment to do > line rate testing and I do a significant amount of counters on untrusted > ports. As others have suggested, you need to know feature limitations. We > certainly do .1q as well as double tagging so the vlan padding feature is not > what you think it is. What do you and Franz think it is? What I think it is a) IP packet comes in to a router, and the packet is 41B or smaller b) router sends the IP packet out via VLAN encapped interface, adding VLAN to the 41B, for packet of 45B c) 45B is invalid ethernetII payload size, frame may get dropped in L2 transport I read hypermode as victim of Trio's success. Juniper has been able to use same microcode for over decade now. Obviously after 10 years of development any code base is in dire need of spring cleaning. But you can't fix code without breaking code. So I think hypermode is just Juniper's strategy to rewrite Trio microcode and pay up some technical debt they have, but in a way that they release it to the market staggered, without single flag day. You could say Cisco is doing the same right now, because in ASR9k history first time are introducing non-microcode compatible lookup engine, forcing them to rewrite all forwarding plane code. Just JNPR isn't forced to do it, they just choose to do it. -- ++ytti ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Hyper Mode on MX
Franz- I have used successfully used hyper mode on MPC4E in M2K for a few years with little regrets. I chose to do this as I didn't have the equipment to do line rate testing and I do a significant amount of counters on untrusted ports. As others have suggested, you need to know feature limitations. We certainly do .1q as well as double tagging so the vlan padding feature is not what you think it is. Re MX204, I read that line rate thread differently. I thought hypermode actually increased PPS on the ingress processing side but I 100% agree that hypermode does NOT affect the WO queue difference on the MX204. So in short I think there is some benefit in enabling hypermode on MX204 but not the full benefit of a native MPC7 if you have a especially complex ingress ACL policy? -Michael > -Original Message- > From: juniper-nsp On Behalf Of > Franz Georg Köhler > Sent: Thursday, March 7, 2019 3:40 AM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] Hyper Mode on MX > > Hello, > > I wonder if it is gererally a good idea to enable HyperMode on MX or if > there are reasons not do do so? > > We are currently running MX960 with FPC7. > > > Best regards, > > Franz Georg Köhler > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
Le ven. 8 mars 2019 à 10:26, Robert Hass a écrit : > > Hi > Can I do direct upgrade of JunOS 13.2S to 17.4S ? > Platform is MX80 > Or should I go step by step: i.e: > 13.2 -> 14.1 > 14.1 -> 15.1 > 15.1 -> 16.1 > 16.1 -> 17.1 > 17.1 -> 17.4 As others said, direct upgrade is somewhat unsupported and quite bold. We're currently upgrading mx480s from 13.3R5 to 17.2R2 with an intermediate step on 15.1F5. As those are LNSes we have to activate tomcat (`services subscriber-management`) while in 15.1, then continue the upgrade. For downgrades besides deleting the subscriber-management configuration we disable GRES and commit sync, and it goes smoothly. HTH, pierre ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
I can only offer that if you want to go 13.x direct to 17.x: - you ought to do a lab test as this is not officially endorsed. - I know downgrading from 17.x to 15.1 has been problematic in our lab, requiring USB stick recovery. - I know that upgrading from 15.1 to 17.4 is fine. Avoiding lab time/risk, what Ola suggests is the simplest most pragmatic approach if you have a small number of boxes. If you have many, 13.x direct to 17.x is a more attractive option if you can prove in the lab, to your satisfaction, that it works for you. Niall Donaghy Senior Network Engineer GÉANT T: +44 (0)1223 371393 M: +44 (0) 7557770303 Skype: niall.donaghy-dante PGP Key ID: 0x77680027 nic-hdl: NGD-RIPE Please note my work days are Tuesday through Friday. Networks • Services • People Learn more at www.geant.org GÉANT Vereniging (Association) is registered with the Chamber of Commerce in Amsterdam with registration number 40535155 and operates in the UK as a branch of GÉANT Vereniging. Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands. UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK. -Original Message- From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Ola Thoresen Sent: 08 March 2019 09:41 To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Old JunOS upgrade path Not that I am in any way authoritative... And I think Juniper has official guidelines, but these might be a bit conservative. Depending on your config and feature sets. But I would at least suggest doing a few steps. 13.2 to 15.1 should be ok - skipping 14. 15.1 to 17.1 (and probably even 17.4) should also be ok, skipping 16. But do a backup, and verify in each step. The biggest changes are from < 15 to 15+ /Ola (T) On 08.03.2019 10:23, Robert Hass wrote: > Hi > Can I do direct upgrade of JunOS 13.2S to 17.4S ? > Platform is MX80 > Or should I go step by step: i.e: > 13.2 -> 14.1 > 14.1 -> 15.1 > 15.1 -> 16.1 > 16.1 -> 17.1 > 17.1 -> 17.4 > > Rob > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
Not that I am in any way authoritative... And I think Juniper has official guidelines, but these might be a bit conservative. Depending on your config and feature sets. But I would at least suggest doing a few steps. 13.2 to 15.1 should be ok - skipping 14. 15.1 to 17.1 (and probably even 17.4) should also be ok, skipping 16. But do a backup, and verify in each step. The biggest changes are from < 15 to 15+ /Ola (T) On 08.03.2019 10:23, Robert Hass wrote: Hi Can I do direct upgrade of JunOS 13.2S to 17.4S ? Platform is MX80 Or should I go step by step: i.e: 13.2 -> 14.1 14.1 -> 15.1 15.1 -> 16.1 16.1 -> 17.1 17.1 -> 17.4 Rob ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Old JunOS upgrade path
Hi, usually they say not more than 2 major releases in one step (i.e. 13 -> 15 -> 17). kind regards Rolf > Hi > Can I do direct upgrade of JunOS 13.2S to 17.4S ? > Platform is MX80 > Or should I go step by step: i.e: > 13.2 -> 14.1 > 14.1 -> 15.1 > 15.1 -> 16.1 > 16.1 -> 17.1 > 17.1 -> 17.4 > > Rob > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Old JunOS upgrade path
Hi Can I do direct upgrade of JunOS 13.2S to 17.4S ? Platform is MX80 Or should I go step by step: i.e: 13.2 -> 14.1 14.1 -> 15.1 15.1 -> 16.1 16.1 -> 17.1 17.1 -> 17.4 Rob ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp