Re: [j-nsp] Hyper visor and juniper

One of our latest deployments is based on VMware with EVPN-VXLAN for the netwirking. Amos Sent from my iPhone On 28 Oct 2017, at 22:20, Mehul gajjar > wrote: Hello there, For knowledge purpose I want to know which hypervisor used when deployed

Re: [j-nsp] reinject traffic from DDoS filtering device

Hi, We are utilizing FBF/PBR quite extensively mainly for redirecting traffic to value added services platforms (caching, content filtering etc'). One nice feature in Junos is the ability to apply the filter on output interfaces and avoiding loops using interface groups. Of course it's not a

[j-nsp] EVPN -VXLAN in production

Hi Everybody, We are working on a new DC design for a relatively large deployment (start at 20 racks and grow to about 60). We are considering EVPN-VXLAN for extending L2 between rows (we failed convincing the server guys that they don’t need this). We are wondering if anyone has any

[j-nsp] EVPN -VXLAN in production

Hi Everybody, We are working on a new DC design for a relatively large deployment (start at 20 racks and grow to about 60). We are considering EVPN-VXLAN for extending L2 between rows (we failed convincing the server guys that they don’t need this). We are wondering if anyone has any

Re: [j-nsp] SRX reboot time

Dovid, We just finished a project with 6 data centers, all with SRXs. There was no downtime as we rebooted the secondary, then failed the cluster to it and rebooted the primary. Amos Sent from my iPhone On 22 Aug 2016, at 21:56, Dovid Bender >

Re: [j-nsp] EX4600 Vs QFX 5100 VS ACX 5048

According to the recent rumors flying around, such a device should be on it's way. However, I've been hearing these rumors for quite some time. Hopefully this week this should be clarified to me, but under NDA. Regards, Amos Sent from my iPhone On 2 May 2016, at 12:20, Harald F. Karlsen

Re: [j-nsp] EX4600 Vs QFX 5100 VS ACX 5048

Hi, I am not very familiar with their portfolio but ALU seems to have decent metro/agg boxes. From a conversation with an Ericsson SE a few months ago they were suppose to release a 1U platform with excellent port density. Amos Sent from my iPhone On 30 Apr 2016, at 03:24, Colton Conor

Re: [j-nsp] Cisco ASR 9001 vs Juniper MX104

I don't think ASR1K is comparable to MX. The Juniper platform we position against ASR1K is the Juniper SRX. Amos Sent from my iPhone On 30 Nov 2015, at 22:05, Mark Tinka > wrote: On 30/Nov/15 21:18, Nitzan Tzelniker wrote: Regarding CGNAT

Re: [j-nsp] EVPN

Hi, We are in the final stages of testing EVPN for DCI as well as corporate customers access into a small IaaS provider cloud. So far the testing was really good. Few points we encountered: 1. On single active multi homing, when the CE is a L2 switch. When failing the active link the switch

Re: [j-nsp] Juniper 10G Switch Options

Hello, We use them as L2 core for a few small ISPs (port extension for MX80 routers). The buffers of the EX4550 are not very good. Especially when you go from 10g to 1g. Amos Sent from my iPhone On 5 Jun 2015, at 08:59, Mark Tinka mark.ti...@seacom.mumailto:mark.ti...@seacom.mu wrote: On

Re: [j-nsp] Full BGP table, one provider w/ 2 routers, slow forwarding convergence

Hi, What model of router are you using ? What you are describing is a general problem of juniper routers, however it's really bad on the low-mid range routers, MX5-80, the 104 is slightly better but not very. The stronger REs are less prone for this, although the real solution is a serious

Re: [j-nsp] Full BGP table, one provider w/ 2 routers, slow forwarding convergence

with it. Clarke Morledge College of William and Mary On Thu, 14 Aug 2014, Amos Rosenboim wrote: What model of router are you using ? What you are describing is a general problem of juniper routers, however it's really bad on the low-mid range routers, MX5-80, the 104 is slightly better but not very

Re: [j-nsp] MX80 Route table Size

What I described only happens in convergence scenarios. Amos Sent from my iPhone On 25 Sep 2013, at 02:21, Luca Salvatore l...@ninefold.commailto:l...@ninefold.com wrote: This concerns me a little. I'M about to take a full table on a MX5. Is it only an issue when the adjacencyis lost and we

Re: [j-nsp] MX80 Route table Size

To add on Nitzan's comment(we work together): When everything is stable all is good. But bounce a full table BGP session, and than bounce an IGP adjacency and you are in a lot of trouble. This seems to be a combination of the (in)famous Junos software issue described extensively by RAS and a

Re: [j-nsp] DOM support for OEM optics

Hi, Can you share some models that support DOM ? All the compatibles that we have do not support it. Thanks Amos Sent from my iPhone On 15 May 2013, at 14:28, sth...@nethelp.nomailto:sth...@nethelp.no sth...@nethelp.nomailto:sth...@nethelp.no wrote: I have started collecting information

Re: [j-nsp] QFX vs EX4550 as collapsed core

4550 packet buffers are not that big. We are getting tail drops on ports that show 5-6 Gbps utilization (output of monitor interface show command). It's related to (micro)bursts, and there is not much to do about it. Deeper buffers would certainly help. If I remember correctly QFX uses a cut

Re: [j-nsp] EX VC mixed mode experience

We have deployed a mixed mode 4500/4200 small VC as a part of mobile network core and it is running smoothly so far. We don't have significant throughput, and we don't run any fancy features. It's simply serves as L2 port extension for MX routers. We have also tried to deploy mixed mode between

[j-nsp] iBGP multipath behavior

Hi All, We are trying to implement iBGP multipath. R1 receives route 2.2.2.2 from R2 with NH=1.1.1.1 1.1.1.1 is an iBGP route learned through 2 iBGP peers (all attributes are equal). For 1.1.1.1 we can see two next-hops at both the RIB and FIB. For 2.2.2.2 only 1 next hop is installed at both

Re: [j-nsp] Broadcast storm on M7i fxp0 kills the CFEB?

Hello Phil, I have seen this happen a few times and with different platforms. A good way to avoid this is to configure policing on the OOB switches ports facing the REs. Regards Amos Sent from my iPhone On 22 Jun 2012, at 15:16, Phil Mayers

Re: [j-nsp] 10.4R9 on MX stable?

Hi, It seems there is a common agreement that 10.4R8 is not the release to Ho with. Now I feel left out of the party, as I have no idea what you folks are talking about. I am also feeling a little nervous, as we are in the staging phase of a 12 router network and they are all running 10.4R8.

[j-nsp] next hop behavior within between VRFs

Hi All, I have a router with two VRFs. I need to apply FBF on traffic flowing between the two VRFs so I created a logical tunnel that connects the two VRFs. The problem is that when importing routes from one VRF to the other the next hop is obviously not through the tunnel. I am trying to apply

[j-nsp] IP/MPLS fast convergence

Hello All, I'm planning a greenfield IP/MPLS network for a mobile operator. The requirements are to support MPLS services (mainly L3 VPNs but also some VPLS), enforce strict but fairly simple CoS model, and support fast convergence. No requirement for CSPF based TE. Traditionally I'de set

Re: [j-nsp] IP/MPLS fast convergence

sub-50ms convergence. For paths that weren't covered by LFA in a worst case scenario, I got about 300ms. Not too bad. Junos seems really fast at converging even without LFA. We use MX960s and MX80s. I hope this helps. Serge From: Amos Rosenboim a...@oasis

Re: [j-nsp] DHCP IPv6

Hi Paul, The Junos DHCPv6 implementation does not support DHCPv6 IA requests as sent by users. It supports DHCPv6 PD (prefix delegation) for allocating prefixes to downstream routers. However you don't really need DHCPv6 to assign users with IP addresses. All you need to do enable router

[j-nsp] flow spec with upstream providers

Hello All, Not exactly a Juniper specific question, but knowing the list is very SP oriented I'm thinking it's still worth while. Does anyone have an idea about SPs that are supporting flowspec with peers and customers ? Regards Amos ___

Re: [j-nsp] Too much packet loss during switchover on MPLS network

As far as I remember deactivating the interface will not take the link down, so we are relying on igp hold times to detect the failure. If so, does the 45 seconds make any sense ? Can you correlate igp adjacency loss to lsp switchover to customer pings ? Amos Sent from my iPhone On 14 Mar

Re: [j-nsp] Matching multiple communities in a policy-statement

When you create a community with two values inside square brackets it's an and operation. When specify multiple community names in a policy it's an or operation. Regards Amos On Feb 17, 2011, at 10:31 PM, Ido Szargel wrote: Hi all, I am trying to find a way to match 2 communities on a

[j-nsp] SNMP if-mib stops responding

Hello all, This morning one of our MX routers stopped responding to SNMP if-mib queries. It responds nicely to other SNMP queries. The SNMP responses simply arrive empty. Restarting SNMP does not help. We are running 10.2R3. Is anyone aware of this issue and is there any workaround or is a

Re: [j-nsp] Juniper QoS Using AS Match

If the network is Juniper end to end you can evaluate flow spec. Regards, Amos Sent from my iPhone On 31 Jan 2011, at 19:17, Walaa Abdel razzak wala...@bmc.com.sa wrote: Hi Experts I need to implement a QoS based on AS number match. I couldn't match on subnets as it's not fixed

Re: [j-nsp] IPv6 for PPP customers on ERX310

wrote: IMHO, it has almost no sense in case of PPP 2011/1/10 Bjørn Mork bj...@mork.no: Amos Rosenboim a...@oasis-tech.net writes: ipv6 nd prefix-advertisement 2a02:ed0:1002:1::/64 3600 3000 autoconfig You may want to add onlink here Bjørn -- Best regards, Egor Zimin

Re: [j-nsp] IPv6 for PPP customers on ERX310

with Juniper IPv6oPPPoE on E-series. Can you please show me show configuration of your BRAS ? I have encountered a similar problem. In my case root cause was validLifetime=0 in RA messages. Like this: --- ipv6 nd prefix-advertisement 2001:db8::/64 0 0 autoconfig --- 2010/12/31 Amos

[j-nsp] IPv6 for PPP customers on ERX310

Hello Everybody and happy new year, I'm managing the network of a small ISP and working on adding IPv6 to the network. Subscribers connect to the ISP services by either PPPoE or L2TP dialers. On the ISP side the edge router (Juniper E310 BRAS) is configured with local DHCP pool out of which a

[j-nsp] ERX310 IPv6 local pools

Hello, I would like to enable IPv6 for subscribers connecting (PPPoL2TP) to our ERX310 (running 10.1.1). I decided to use IPv6 local pool, the pool is configured and enabled service dhcpv6-local. What do I need to configure so the router will start assigning IPv6 prefixes to the subscribers? I

Re: [j-nsp] Traffic drops on IPSEC - SRX3600

We had a the exact same thing on the lower end SRX (240 if I remember correctly). This was resolved by a software upgrade to the latest SRX image at the time. Amos On Aug 2, 2010, at 2:48 PM, Fahad Khan wrote: Hi folks, I am seeing very strange issue on SRX3600 when the traffic is flown

Re: [j-nsp] Traffic drops on IPSEC - SRX3600

As far as I know the code you are running is the recommended version by Juniper. However it's important to mention that I have no experience with the high end SRX boxes. The stuff mentioned below by quoc sounds a little scary to me. Amos Sent from my iPhone On 2 Aug 2010, at 23:44, Fahad Khan

[j-nsp] Inter provider LDP based L2VPN between a Juniper network and a Cisco network

Hello All, I'm trying to configure an inter provider LDP based L2VPN between a Juniper network and a Cisco network. The topology is roughly as follows: Cisco PE-Cisco P--Cisco P--Cisco ASBR--Juniper ASBR---Juniper P---Juniper P---Juniper PE. In order to

Re: [j-nsp] J series users bitten by the massive memory useincrease with flow mode add, please file jtac cases.

Chris, Thanks for your feedback. However I think it does not address the following points: 1. Memory consumption increased by flow mode even if the router reverts to packet mode the pre allocation is not released. 2. Upgrade from packet mode version to flow mode version locks you out of the

Re: [j-nsp] J series users bitten by the massive memory useincrease with flow mode add, please file jtac cases.

Chris, The discussion is about J series routers, not SRXs. The J series are marketed as routers not security devices and turning them to security devices all of a sudden is a decision I still don't understand. If you want to open a discussion about SRX we can do that. I have no experience

[j-nsp] JunosE intelligent pool management

Hello List, I'm looking for an intelligent way to manage IP pools on ERX. Currently we are using statically configured pools to assign IPs to PPP customers, which is of course inefficient. The documentation I could find was about downloading access routes from radius server, but I don't

Re: [j-nsp] preventing DoS attacks

Marlon, It wasn't explicitly stated below so just to clarify. A firewall filter applied to the lo0.0 interface is applied to all control plane traffic handled by the RE no matter what the destination address on the router is (i.e it also applied to the ip address assigned to the interfaces

[j-nsp] J2320/2350

Hello All, I'm planning to to deploy J-2320 routers in a hosting farm facing two ISPs. I would like to receive full internet routing table from both ISPs. in terms of forwarding capacity they seem to have more what I need, but when looking at the number of BGP routes they seem to be limited

Re: [j-nsp] EX Series Experiences

Hello, We have deployed several of these switches (EX-3200) in a small service provider network to connect few servers and also as aggregation layer between our access and core layers. So far our experience is very good, although we did not try too much fancy stuff. We are doing L2

Re: [j-nsp] ERX SNMP

, Truman On 22/12/2008, at 11:41 AM, Amos Rosenboim wrote: Hello List, We are using an ERX 310 as an LNS (Junos-E Version: 9.0.0 release-0.0 [BuildId 8976]). We have few virtual routers which are used for some sub-providers (virtual ISPs). We are able to use SNMP and poll the total number

[j-nsp] ERX SNMP

Hello List, We are using an ERX 310 as an LNS (Junos-E Version: 9.0.0 release-0.0 [BuildId 8976]). We have few virtual routers which are used for some sub-providers (virtual ISPs). We are able to use SNMP and poll the total number of sessions, but cannot find the oid for polling per

[j-nsp] protecting E-series

Hello List, I'm looking for the JunosE equivalent of lo0 filters in Junos or Cisco control plane policing. Any reference will be welcome. Regards Amos ___ juniper-nsp mailing list juniper-nsp@puck.nether.net

[j-nsp] flow spec configuration

Hello List, I'm wondering whether flow-spec can be used in order to change the next hop for some flows. Can anyone provide any sample configuration of flow-spec policies, or refer me to the documentation? Regards Amos Rosenboim [EMAIL PROTECTED

[j-nsp] E-Series and Cacti

Hello List, I'm looking to monitor ERX310 using Cacti. Does anyone have Cacti templates that he is willing to share for this platform? Also templates for J-series will be highly appreciated. Regards Amos Rosenboim [EMAIL PROTECTED

Re: [j-nsp] Route Reflecting Next-Hop Self

it's right, but I really don't think it creates such a big problem. Amos Rosenboim [EMAIL PROTECTED] On Sep 10, 2008, at 3:08 AM, Mark Tinka wrote: On Wednesday 10 September 2008 07:31:37 Kevin Hodle wrote: I agree, this is 'hotly debated' :).. Those who argue against having transfer

Re: [j-nsp] Route Reflecting Next-Hop Self

this? Regards Amos Rosenboim [EMAIL PROTECTED] On Sep 6, 2008, at 12:46 AM, Dan Armstrong wrote: EUREKA you're a genius! Thanks... That works perfectly. And thanks to all who replied! Kevin Hodle wrote: Hi Dan, Instead of 'from external' you need 'from route-type external', like so

Re: [j-nsp] cogent bgp example?

Hello James, Can you explain the logic behind Cogent BGP topology? Are they going through all these configuration efforts just so their PE routers will not have to carry full internet feed? Regards Amos Rosenboim [EMAIL PROTECTED] On Aug 20, 2008, at 11:21 PM, James Jun wrote: Hi, I'm

Re: [j-nsp] ERX and framed-ip

There you go. Configuration and logs Thanks in advance, Amos Rosenboim [EMAIL PROTECTED]  On Aug 14, 2008, at 5:55 AM, Truman Boyes wrote: Amos, Possibly you can post a snippet of the logs from the ERX, and we can take a look. Regards, Truman On 13/08/2008, at 1:41 PM, Amos

[j-nsp] ERX and framed-ip

the radius (framed-ip- address=100.100.100.1) then the user is unable to connect. Any Idea if I'm missing some configuration to allow allocation of IPs from the radius? 10x Amos Rosenboim [EMAIL PROTECTED] ___ juniper-nsp mailing list juniper-nsp

Re: [j-nsp] Debugging SONET (OC-3) errors

Hello Chris, If I remember correctly then B3 errors are associated with clocking alignment along the circuit. This also correlate to what you are saying about passing through 7 carriers. Regards Amos Rosenboim [EMAIL PROTECTED] On Aug 4, 2008, at 9:54 PM, Chris Adams wrote: I have

Re: [j-nsp] Load balance with 2 adsl pics

. Regards Amos Rosenboim [EMAIL PROTECTED] On Jul 23, 2008, at 5:00 PM, Leigh Porter wrote: I would also like to do this but does anybody know if the per-flow load balancing will correctly distribute multiple GRE sessions between the same pair of IP addresses fairly across the two paths

Re: [j-nsp] MX vs. 7600 experience?

. I heard that newer versions of IOS contain enhancements to the BGP processing that might improve the situation, but I have not tested it myself. Regards Amos Rosenboim [EMAIL PROTECTED] On Jul 6, 2008, at 6:55 AM, Kris Price wrote: Hi, We're looking at both the MX and 7600 platforms

Re: [j-nsp] BGP question

Of Amos Rosenboim Sent: Thursday, May 29, 2008 9:56 AM To: juniper-nsp Subject: [j-nsp] BGP question Hello List, This is not Juniper specific, but I think it's an interesting case anyway. A global carrier is running an MPLS network to provide L3 and L2 vpns. Obviously this carrier doesn't have

Re: [j-nsp] 2.5 gig SFP modules?

I actually used the MRV thingy for doing just that and it worked very well. It's actually a nice CWDM system. Regards Amos On May 22, 2008, at 6:05 PM, Matthew Crocker wrote: Doesn't MRV sell a CDWM 'thingy' that will take two GigE links and combine them onto a single 2.5 gb Lambda? You

Re: [j-nsp] J-series stateful firewall / NAT architecture

the 4 switches option is preferred if the budget allows it. Amos On Apr 19, 2008, at 7:56 PM, Florian Weimer wrote: * Amos Rosenboim: Regarding the number of boxes, you can consolidate the 4 switches to just two by using vlans. Huh? You either lose redundancy, or you heavily rely on VLAN

Re: [j-nsp] J-series stateful firewall / NAT architecture

Hello, Regarding the number of boxes, you can consolidate the 4 switches to just two by using vlans. I would use ospf for managing the failover with the external routers and keep VRRP for the static elements (servers I guess) inside. I'm not very familiar with the stateful filters feature of

[j-nsp] blocking problematic services

Hello List, I have a customer with both SSG550 as the corporate firewall, as well as IDP. The customer would like to block access to the go2mypc service. The challenge is that go2mypc is simply an outbound SSL connection, and of course the customer does not want to block all outbound SSL.

Re: [j-nsp] JUNOS : prefix-list

Hi List, This reminds me: Is it possible to have different match type for each different line in the prefix-list (similar to the Cisco implementation)? Amos On Feb 7, 2008, at 2:33 PM, Samuel wrote: Hi Jonathan, Regarding the default behavior in firewall filters, there is no way you can

Re: [j-nsp] L2VPN path in a LDP core

Since you are using LDP, which (at least for me) means that you don't have any MPLS traffic engineering in the network, then LDP LSP follows the IGP path. This means that a simple trace route can show you the path between the edge routers. Cheers, Amos On Jan 28, 2008, at 3:25 PM,

Re: [j-nsp] Juniper Firewall Platforms

Hello, I do have some experience with the SSG series (running ScreenOS). I like those devices very much, although I did not use them in transparent mode, and did not get near the performance you expect. They do have a feature (licensed one) called deep inspection, which is sort of IDP/IPS

Re: [j-nsp] Problem exporting BGP routes.

Hello, How do you get those BGP routes that you are trying to export? Are they being sent when there is no policy at all? Regards Amos On Jul 1, 2007, at 7:41 AM, Stephen Fulton wrote: Hi all, I'm having an issue exporting routes to iBGP peers. I am able to import routes from my iBGP

Re: [j-nsp] restart ospf on an erx

You can use clear ip ospf database, or clear a specific neighbor with clear ip ospf nei A.B.C.D Regards Amos On May 29, 2007, at 11:51 AM, nsp wrote: Hi, anyone know the command to restart ospf on erx? Similar to restart routing immediately but on junose (its ok to restart the whole

Re: [j-nsp] Juniper BGP Route Metrics

Dan, Without giving it too much thought, maybe bgp confederations might become handy in your case. Regards Amos On May 16, 2007, at 4:13 PM, Dan Benson wrote: Alan and all, I am currently tracking IGP metrics in LDP. Please see my show route proto bgp detail below. I have changed my

Re: [j-nsp] layer 3 vpn issue

causing any harm. -Original Message- From: Amos Rosenboim [mailto:[EMAIL PROTECTED] Sent: Monday, March 26, 2007 9:25 PM To: Harry Reynolds Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] layer 3 vpn issue Hello Harry, Thanks for your advice, and sorry it took me so long

Re: [j-nsp] layer 3 vpn issue

PROTECTED] On Behalf Of Amos Rosenboim Sent: Friday, March 23, 2007 8:18 AM To: juniper-nsp@puck.nether.net Subject: [j-nsp] layer 3 vpn issue Hi I have configured an network of 4 M10i routers for mpls using RSVP for label distribution. the topology is as follows: R1E3 lineR2

[j-nsp] layer 3 vpn issue

Hi I have configured an network of 4 M10i routers for mpls using RSVP for label distribution. the topology is as follows: R1E3 lineR2EthernetR3-3xE1R4 I have configured a test VRF on all 4 routers and associated a loopback unit in each router to the test VRF. I have