Re: [j-nsp] JunOS forwarding IPv6 packets with link-local source

2024-05-17 Thread Daniel Verlouw via juniper-nsp
Hi, On Thu, May 16, 2024 at 8:22 PM Antti Ristimäki via juniper-nsp wrote: > I thought this issue had been resolved already years ago, but I > noticed that JunOS still happily forwards IPv6 packets with link-local > source address towards remote destinations. This of course violates > RFC4291. Al

Re: [j-nsp] ACX5448 & ACX710 - Update!

2020-07-29 Thread Daniel Verlouw
Hi Mark, On Wed, Jul 29, 2020 at 4:24 PM Mark Tinka wrote: > I'm not sure I can be that patient, so I'm sniffing at Nokia's new > Metro-E product line. The problem is so far, as with Juniper and Cisco, > they've gone down the Broadcom route (some boxes shipping with Qumran, > others with Jericho

Re: [j-nsp] BPDUs over EVPN?

2019-10-18 Thread Daniel Verlouw
> Are there vendor implementations? Yes, am running in production on MX, ASR9K and NCS5500. Interops nicely too, for the most part. Believe Arista and others have working implementations too. -- Daniel. ___ juniper-nsp mailing list juniper-nsp@puck.neth

Re: [j-nsp] BPDUs over EVPN?

2019-10-18 Thread Daniel Verlouw
Hi, On Fri, Oct 18, 2019 at 11:45 AM Gert Doering wrote: > If yes, is this something people do over EVPN? as an extension to 'plain' EVPN, yes. It's called EVPN-VPWS, RFC 8214. Basically EVPN without the MAC learning. -- Daniel. ___ juniper-nsp mailin

Re: [j-nsp] prsearch missing in inaction

2019-05-09 Thread Daniel Verlouw
Hi, On Thu, May 9, 2019 at 1:54 PM Richard McGovern via juniper-nsp wrote: > Nathan, I am not sure what you want to hear, or what would make you > satisfied, but YES Juniper [IT?] did screw-up, and a restore from back-up > was/is not possible. So this situation is now being worked on, unfortun

Re: [j-nsp] Simple v4 vs v6 traffic measurement

2017-10-31 Thread Daniel Verlouw
Tim, On Tue, Oct 31, 2017 at 9:00 PM, Tim St. Pierre wrote: > Can anyone suggest a simple way to measure interface traffic by address > family? Currently, I'm measuring interface traffic using SNMP queries and > just grabbing the in / out bit byte counters. check out https://www.juniper.net/do

Re: [j-nsp] Junos CoS - ingress hierarchical policer

2017-05-18 Thread Daniel Verlouw
On Thu, May 18, 2017 at 12:44 PM, Saku Ytti wrote: > Why would you run policer, if shaper is available. on egress, agreed, but the OP mentioned he wants to do ingress policing. Not many platforms support ingress shaping afaik. --Daniel. ___ juniper-n

Re: [j-nsp] Juniper MPC-3D-16XGE-SFPP/SCBE2 incompatibility?

2017-01-10 Thread Daniel Verlouw
On Tue, Jan 10, 2017 at 7:45 PM, Brandon Ross wrote: > I have a colleague trying to use a MPC-3D-16XGE-SFPP with SCBE2s and getting > an "FPC misconfiguration" message in 'show chassis fpc' on an MX. It works > fine with SCBE, just not SCBE2, they tell me. > > Does anyone have any experience with

Re: [j-nsp] What version of Junos is best for bgp.

2016-09-16 Thread Daniel Verlouw
Hi, On Fri, Sep 16, 2016 at 11:38 AM, Mark Tinka wrote: > I'd suggest 14.2R7. It's been through the wash a few times and is > scent-free... One word of caution for 14.2R7: I have an open case where the box stops both logging & sending SNMP traps for link flaps. Issue occurs right after an upgrad

Re: [j-nsp] conditions [and negation] in bgp import policies

2016-08-18 Thread Daniel Verlouw
Hi, On Thu, Aug 18, 2016 at 4:45 PM, Michael Hare wrote: > Anyone have experience using conditions in bgp import policies? condition match condition can only be used in BGP export policies, not on import. You could do something like the following: aggregate { route 0/0 { discard; policy

Re: [j-nsp] RVSP signaled L3VPN and RRs

2016-08-18 Thread Daniel Verlouw
On Thu, Aug 18, 2016 at 5:46 PM, raf wrote: > Hum my RRs do NHS, and I don't think I could easily change this. if your RRs do NHS for l3vpn routes, it will break the fowarding path; - in your scenario, your PEs don't have RSVP LSPs towards your RRs - and even if they would (for example if you run

Re: [j-nsp] RVSP signaled L3VPN and RRs

2016-08-18 Thread Daniel Verlouw
Hi, On Thu, Aug 18, 2016 at 5:13 PM, raf wrote: > I've changed resolution of bgp.inet.0 to inet.0 on RRs and PEs. you only need to do this on your RRs, not on your PEs. And make sure your RRs don't set NHS. --Daniel. ___ juniper-nsp mailing list jun

Re: [j-nsp] ACX50xx l2circuit counters

2016-06-21 Thread Daniel Verlouw
Hi Nathan, On Mon, Jun 20, 2016 at 6:03 AM, Nathan Ward wrote: > Does anyone have and tricks to make l2circuit counters work properly, or, is > this a lost cause? on ACX1k/2k/4k, you have to explicitly enable per unit statistics collection. We simply enable it on all units using an apply-group;

Re: [j-nsp] RE-S-X6-64G-BB

2016-05-25 Thread Daniel Verlouw
Hi, On Wed, May 25, 2016 at 7:06 PM, Saku Ytti wrote: > Longer time before it's end of support, better resell value on top of > normal better scale and convergence. definitely good and valid points, however are you willing to deploy (what I consider) bleeding-edge code in your network to support

Re: [j-nsp] Full routes on MX5

2016-04-26 Thread Daniel Verlouw
Hi, On Tue, Apr 26, 2016 at 3:31 PM, Mark Tinka wrote: > That said, I think the MX104 feels even slower - I think having to > commit a configuration on multiple RE's just doubly slows things down. have you considered using the [system commit fast-synchronize] option? Allows the config to commit

Re: [j-nsp] ACX5048 - vlan-map conflict with routing-instance with vlan-id tags

2016-04-22 Thread Daniel Verlouw
Hi Aaron, On Thu, Apr 21, 2016 at 10:20 PM, Aaron wrote: > agould@eng-lab-5048-1# commit > [edit vlans vlan10] > 'interface ge-0/0/38.17' > l2ald ACX: On a bd, for each ifd only one ifl can be added > [edit vlans] > Failed to parse vlan hierarchy completely > error: configuration check-ou

Re: [j-nsp] ACX5048 - vlan-map conflict with routing-instance with vlan-id tags

2016-04-21 Thread Daniel Verlouw
Hi Aaron, On Thu, Apr 21, 2016 at 7:48 PM, Aaron wrote: > [edit vlans vlan10 interface] > 'ge-0/0/38.17' > interface with input/output vlan-maps cannot be added to a > routing-instance with a vlan-id/vlan-tags configured > error: commit failed: (statements constraint check failed) The err

Re: [j-nsp] ACX5048 - vlan-map conflict with routing-instance with vlan-id tags

2016-04-19 Thread Daniel Verlouw
Hi Aaron, On Tue, Apr 19, 2016 at 10:43 PM, Aaron wrote: > Goal, to do tagging on ge-0/0/38 for 802.1q vlan tags of 10 and 17 and also, > put those tagged frames into the SAME vlan/bridge-domain so that they can > use the same ip subnet on the irb.10 interface that sits atop that vlan. if memory

Re: [j-nsp] access-internal routes

2016-04-01 Thread Daniel Verlouw
Hi, On Wed, Mar 30, 2016 at 10:41 PM, Aaron wrote: > what are these routes (access-internal) ? i'm seeing them actually being > sent over my MPLS L3VPN into my other pe's as /32 routes. very interesting. > and seemingly very inefficient and busy. not sure that I like the idea of > host routes

Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)

2016-04-01 Thread Daniel Verlouw
Hi, On Fri, Apr 1, 2016 at 9:52 PM, Aaron wrote: > agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0 > family inet] > 'filter' > Referenced filter 'local_acl' can not be used as default/physical > interface specific with lo0 not supported on ingress loopback interface

Re: [j-nsp] Optimizing the FIB on MX

2016-02-22 Thread Daniel Verlouw
Hi, On Mon, Feb 22, 2016 at 6:53 PM, Saku Ytti wrote: > On pre-Trio it would disable egress filters, but on Trio it won't. yup, Trio always uses the egress proto family, whereas DPC would use the ingress (i.e. mpls) when vrf-table-label is used. One more reason to love Trio :-) > I'd really wan

Re: [j-nsp] ip(v6) options

2016-02-04 Thread Daniel Verlouw
Hi, On Thu, Jan 28, 2016 at 10:37 PM, Saku Ytti wrote: > Anyone remember from top of their head if or not Trio originally > punted transit IP packets with IP options through lo0 filter or not? http://kb.juniper.net/InfoCenter/index?page=content&id=KB30719&actp=search just came online. Coinciden

Re: [j-nsp] IPv4 Filter for ECN/CWR tcp bit (RFC3168)

2015-11-27 Thread Daniel Verlouw
Hi Jonas, On Fri, Nov 27, 2015 at 2:20 PM, Jonas Frey (Probe Networks) wrote: > Does anybody have any idea if its possible to filter for such traffic? have you looked at the firewall flexible match conditions? (avail in 14.2 for MX/MPC). https://www.juniper.net/techpubs/en_US/junos14.2/topics/c

Re: [j-nsp] End of M-series hardware with BGP Fulltable

2014-11-17 Thread Daniel Verlouw
On Mon, Nov 17, 2014 at 9:41 PM, Daniel Verlouw wrote: > for the M7i and M10i there's the enhanced CFEB, basically (IIRC) a > Trio-based/-like CFEB, along with plenty more memory. I-chip based that is... ___ juniper-nsp mailing list

Re: [j-nsp] End of M-series hardware with BGP Fulltable

2014-11-17 Thread Daniel Verlouw
Hi, On Mon, Nov 17, 2014 at 9:24 PM, Joerg Staedele wrote: > Currently i only know about a enhanced SSB for M20 which is available and has > 16MB so this limit will not be reached in the near future but all other > (older) models only have 8MB (fixed on the board, not replacable!) and there >

Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)

2014-11-13 Thread Daniel Verlouw
Hi, > For starters, at least when we evaluated it last year, there was no switching > or IRB support. there is now, bridge-domains + IRB with L3VPN is what we use without a problem. We have a few hundred ACX deployed for our mobile backhaul and will ramp up that number over the next few months.

Re: [j-nsp] ACX is just not there (was Re: EX4550 L2Circuit/VPN to MX80/lt Interface)

2014-11-13 Thread Daniel Verlouw
Hej Mark, On Thu, Nov 13, 2014 at 5:10 PM, Mark Tinka wrote: > I'd deploy vMX as a route reflector. I was actually > evaluating vRR a few months ago, but it still had a long way > to go, so went with Cisco's CSR1000v (which is, basically, > IOS XE) instead. would you be able to elaborate on your

[j-nsp] bgp metric-out igp and CPU utilization

2012-07-05 Thread Daniel Verlouw
Hi list, before i open a tac case, wondering if anyone has seen something similar; when we enable 'metric-out igp delay-med-update' towards a full-table downstream bgp customer (exporting ~400k prefixes), CPU % of rpd process spikes through the roof (mostly in kqread state), overall RE CPU % c

Re: [j-nsp] Update on 10.4R9 stability for MX?

2012-05-10 Thread Daniel Verlouw
On Wed, May 9, 2012 at 9:13 PM, Clarke Morledge wrote: > I am curious to know about anyone's experience with 10.4R9 over the past few > months.  I have DPC only currently; i.e. no MPC hardware -- and no > MultiServices. I've been hit by: PR570168 - RE crash triggered by deletion and recreation of

Re: [j-nsp] Update on 10.4R9 stability for MX?

2012-05-10 Thread Daniel Verlouw
Hi, On Thu, May 10, 2012 at 1:59 AM, Richard A Steenbergen wrote: > There is a serious issue with MPLS RSVP auto-bandwidth in 10.4R9, which > can cause the reservation calculations to be off by quite a bit. The > least broken code we've found so far is 10.4S9, I'm surprised they > haven't done a

Re: [j-nsp] 10.4R9 on MX stable?

2012-02-17 Thread Daniel Verlouw
Hi, On Fri, Feb 17, 2012 at 17:18, Paul Stewart wrote: > Has anyone got 10.4R9 running on MX platform in production yet?  I'm looking > for any feedback as JTAC is recommending we go to this release. hopefully I can share some results on Tuesday...looks fine in the lab so far, but then again, so

Re: [j-nsp] Junos 10.4R8 on MX (PR 701928)

2012-01-24 Thread Daniel Verlouw
Hi, On Tue, Jan 24, 2012 at 08:25, Daniel Roesen wrote: > Daniel (waiting for over a year now for a 10.4 without major bugs...) same here... Am I the only one who finds it extremely annoying and disturbing that critical bugs get *introduced* this far down into an E-EOL train!? And where's the t

Re: [j-nsp] In Search of the Optimal RE Protect Filter - A Journey

2011-08-26 Thread Daniel Verlouw
On Fri, Aug 26, 2011 at 17:38, Clarke Morledge wrote: > I would love to be proven wrong on this, but I do not think you can use > "family any" filters on the lo0 interface. well, it does commit on M and MX running 10.4; set firewall family any filter test term test then accept count counter set

Re: [j-nsp] In Search of the Optimal RE Protect Filter - A Journey

2011-08-26 Thread Daniel Verlouw
Hi guys, To revive this thread; does anyone know how to check what type of packets are being matched when using an family any input filter on lo0 ? You can't seem to use log as action and the from clause only allows some protocol independent matches; daniel@lab# set firewall family any filter te

Re: [j-nsp] ECMP vs LAG and OAM vs BFD

2011-07-23 Thread Daniel Verlouw
On Fri, Jul 22, 2011 at 22:14, Stefan Fouant wrote: > Regarding BFD's capabilities to determine member state of individual member > links, this is not currently supported by BFD.  Take a look at IETF Draft > 'Bidirectional Forwarding Detection (BFD) for Interface' which was just > released a few w

Re: [j-nsp] Back-reference in JunOS regular expressions

2011-07-13 Thread Daniel Verlouw
Hi, On Wed, Jul 13, 2011 at 15:18, Michael Hallgren wrote: > I can't find a firm statement in the JunOS documentation, and some > tests makes me believe it's not implemented. Or am I mistaken with > the syntax? (I can use back-reference in 'replace', etc, etc...) see

Re: [j-nsp] New J-net publications: Secure the routing engine and Useful tips/tricks

2011-06-22 Thread Daniel Verlouw
Hi, On Wed, Jun 22, 2011 at 02:01, Harry Reynolds wrote: > Hey all, Please pardon the wide distribution. I recall seeing postings on > this list regarding current best practices for securing Juniper Networks > Routing Engines via firewall filters. just briefly skimmed over it, good stuff! Per

Re: [j-nsp] RSVP automesh

2011-05-20 Thread Daniel Verlouw
(replying back to list if you don't mind) On Thu, May 19, 2011 at 17:07, Nick Slabakov wrote: > http://www.juniper.net/us/en/community/junos/training-certification/day-one/networking-technologies-series/this-week-deploying-mpls/ > > which has the best description of RSVP automesh functionality I

[j-nsp] RSVP automesh

2011-05-19 Thread Daniel Verlouw
Hi list, Has anyone played around with RSVP/MPLS automesh feature and can share some experiences and/or example configs? I believe it was introduced in 10.1, but can't find anything in the release notes and docs aren't very clear either;

Re: [j-nsp] Optimal BFD settings for BGP-signaled VPLS?

2011-01-17 Thread Daniel Verlouw
On Jan 17, 2011, at 11:50 PM, Keegan Holley wrote: > Of course I can't find the link now, but just last night I read that prior > to JunOS 9.4 echo mode required a command to be entered in order to move BFD > to the forwarding plane. In or after 9.4 a new daemon was created to allow > BFD to run i

Re: [j-nsp] MX480 IPv6 interface counters

2010-11-10 Thread Daniel Verlouw
Hi, On Wed, 2010-11-10 at 09:49 +, L Kennedy wrote: > We have v6 enabled on our MX network - routing etc is working fine, but if I > check the interface counters using "show int ... statistics detail" the IPv6 > transit statistics all read zero - this is on both 10GE and 1GE, physical > and lo

Re: [j-nsp] Filtering the export of VRF routes with iBGP export filters....

2010-09-01 Thread Daniel Verlouw
On Tue, 2010-08-31 at 08:44 -0600, David Ball wrote: > Thanks Krasimir. I'd run across that knob previously, but my understanding > is that the functionality provided by vpn-apply-export is enabled when a > router is configured as a route-reflector, which mine are already. Will > give it a whirl

Re: [j-nsp] AS-path regexp clue needed

2010-07-29 Thread Daniel Verlouw
On Thu, 2010-07-29 at 14:45 +0200, KJ wrote: > http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-policy/html/policy-extend-match-config3.html I'm familiar with the manual, thank you. I'm not sure what operator you're specifically aiming at, but stuff like "[1-65535]*" doesn't wor

[j-nsp] AS-path regexp clue needed

2010-07-29 Thread Daniel Verlouw
Hi, can someone give me some clue on how to translate the following Cisco regexp to Junos ? ip as-path access-list 1 permit ^([0-9]+)(_\1)*$ (this uses pattern recall to match AS paths whose first AS number in the path is repeated zero or more times; basically to make sure certain customers pre

Re: [j-nsp] Firewall Filters and BFD

2010-06-10 Thread Daniel Verlouw
On Jun 10, 2010, at 4:59 PM, Thomas Eichhorn wrote: > Has somebody here an idea what to allow or maybe even > a working configuration for this? this works for us (for both singlehop and multihop paths): term allow-bfd-control { from { source-prefix-list { }

Re: [j-nsp] Loop-free Alternate Paths for IS-IS Routes

2010-01-18 Thread Daniel Verlouw
On Wed, 2010-01-13 at 01:48 -0500, Stefan Fouant wrote: > I'm wondering if anyone here has had any experience configuring the > loop-free alternate paths for IS-IS in JUNOS, as described in the following > drafts: I currently have an open case for what appears to be a path-selection bug. In certai

Re: [j-nsp] vulnerability fix not available for 8.5 ?

2010-01-08 Thread Daniel Verlouw
On Fri, 2010-01-08 at 07:36 -0500, Eric Van Tol wrote: > Wait, what? Can anyone confirm the removal of GE-SX-B drivers? 9.5R3.7 seems to work fine with a non-EFPC and PE-1GE-SX-B: FEB REV 10 710-002503 FEB-M5-S FPC 0 PIC 0 REV 02 750-003163

Re: [j-nsp] JUNOS vulnerability with malformed TCP packets

2010-01-07 Thread Daniel Verlouw
On Thu, 2010-01-07 at 08:04 -0500, Paul Stewart wrote: > Anyone know why some issues identified as early as January 2009 are only > being "released" now almost a year later? someone forgot to hit the 'send' button? ;) Interestingly enough, all of the PRs mentioned in these bulletins are not ava

Re: [j-nsp] show route advertising-protocol on IPv6 peers

2010-01-07 Thread Daniel Verlouw
On Wed, 2010-01-06 at 14:04 -0600, Richard A Steenbergen wrote: > Yeah I've seen that behavior for years now, never got around to opening > a case on it though. If you specify the table in your show route command > (either inet.0 or inet6.0) it will return the results quickly, it's > only slow if

Re: [j-nsp] show route advertising-protocol on IPv6 peers

2010-01-06 Thread Daniel Verlouw
On Wed, 2009-12-16 at 16:39 +0100, Daniel Verlouw wrote: > It's most obvious with IPv6 neighbors receiving a full feed (+/- 2400 > prefixes) from us, whereas the same command with an IPv4 neighbor > receiving a full feed (>300k prefixes) is almost instantaneous. funny enough, I

[j-nsp] show route advertising-protocol on IPv6 peers

2009-12-16 Thread Daniel Verlouw
Hi all, has anyone ever seen the behaviour below? I've been going back and forth with JTAC for months now without any result (which seems to be the norm nowadays...). We just upgraded a few M-series boxes from 9.3 to 9.5R3 and the issue still persists. It seems the issue was introduced in one of t

Re: [j-nsp] Urgent downgrade pic

2009-11-11 Thread Daniel Verlouw
On Wed, 2009-11-11 at 15:19 +0530, chandrasekaran iyer wrote: >Has anyone downgraded the PIC? how to do it? Which PICs are > supported by 6.1 release. downgrade the PIC? What exactly do you want to achieve? And I'm more curious about why you would want to run JUNOS version that's EOLd over 5 y

Re: [j-nsp] ISIS Case Study in JNCIP..Summarization into Backbone

2009-09-18 Thread Daniel Verlouw
On Fri, 2009-09-18 at 01:16 -0700, Hoogen wrote: > Now from my understanding of the question I need to deny the longer more > specific routes... on R5 filter saying 172.16.40/29 longer the reject... yes it is quite common to suppress the more specifics. A more scalable approach would be to use the

Re: [j-nsp] MPLS VPN Load-balancing

2009-08-12 Thread Daniel Verlouw
Hi Harry, On Aug 12, 2009, at 6:50 PM, Harry Reynolds wrote: T-series platforms with e-fpcs and MX can hash on multiple MPLS labels while *also* hashing on L3 and l4. This seems to jive with the docs at: http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-collections/co

Re: [j-nsp] JUNOS IS-IS QoS

2009-07-31 Thread Daniel Verlouw
On Fri, 2009-07-31 at 16:43 +0500, mas...@nexlinx.net.pk wrote: > So does it mean that ISIS > traffic is always treated as BE. Is there anything else that is hardcoded > for ISIS QoS? IS-IS is mapped to the NC forwarding class (queue 3). Check

Re: [j-nsp] RPD soft assertion failed

2009-06-02 Thread Daniel Verlouw
On Wed, 2009-05-27 at 19:01 +0200, Daniel Verlouw wrote: > JTAC has decoded the core dumps and on initial analysis it appears to > match PR 448745 - RPD core at krt_inh_lock_internal. The PR doesn't > mention 9.3 as affected though. I'll keep the list posted on any >

Re: [j-nsp] RE : RPD soft assertion failed

2009-05-27 Thread Daniel Verlouw
On Thu, 2009-05-28 at 08:03 +0400, Yevgeniy Voloshin wrote: > but they also have KGB ;) and Borat! ;) --Daniel. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/ju

Re: [j-nsp] RE : RPD soft assertion failed

2009-05-27 Thread Daniel Verlouw
On May 27, 2009, at 10:16 PM, Daniel Verlouw wrote: Oddly enough, up until now, every prefix being logged along with each coredump is originated from Eastern Europe/Russia, AS9198 being the "top talker". Ghe. <http://www.ris.ripe.net/weekly-report/reports/20090518-20090525.h

Re: [j-nsp] RE : RPD soft assertion failed

2009-05-27 Thread Daniel Verlouw
Hi David, On May 27, 2009, at 9:18 PM, > wrote: Do you have some configuration at this level "edit protocols bgp path-selection" ? no, it's empty. Did the RPD restart ? It seems that yes : "%KERN-6: pid 12767 (rpd),uid 0: exited on signal 6 (core dumped) no, rpd actually does not restar

Re: [j-nsp] RPD soft assertion failed

2009-05-27 Thread Daniel Verlouw
Hi Richard, On May 27, 2009, at 5:16 PM, Richard A Steenbergen wrote: I had a similar issue (well the exact same message, but I'm assuming different root causes) back in 8.2R2. It turned out to be PR99220, and was mostly cosmetic (minus the big scary log message that looked like a rpd core du

[j-nsp] RPD soft assertion failed

2009-05-27 Thread Daniel Verlouw
Hi, anyone else seeing messages similar to the following? We started seeing several of these after upgrading one of our M120s to 9.3R3.8 last night. May 27 10:28:05.806 2009 jun1.bit-1 rpd[1149]: % DAEMON-3-RPD_ASSERT_SOFT: Soft assertion failed rpd[1149]: file "../../../../../src/juniper/usr.sb

Re: [j-nsp] SNMP traps for exceeding policer configuration

2009-02-25 Thread Daniel Verlouw
On Feb 25, 2009, at 9:34 PM, Stefan Fouant wrote: I'd like to tragger some sort of alert when the traffic exceeds my policer configuration and packets start being discarded. I looked through JUNIPER-FIREWALL-MIB and didn't see anything along the lines of what I'm looking for. Anyone else implem

Re: [j-nsp] bgp maxas-limit - JUNOS equivalent ???

2009-02-20 Thread Daniel Verlouw
On Fri, 2009-02-20 at 12:00 +, Berislav Todorovic wrote: > I'm wondering if there is a way to limit the AS path length in JUNOS. > Yeah, bgp maxas-limit is available in JUNOSe, as well as in Cisco IOS, > but I can't find any reference to it for JUNOS (M/MX/T Series). > > Any info will be great

Re: [j-nsp] bgp as-path

2008-11-14 Thread Daniel Verlouw
On Nov 14, 2008, at 8:38 PM, SunnyDay wrote: but what if i have 4509:65001:4356:65444 will it remove both private or only 65001 and when it checks the next (4356) stops and does not remove 65444 remove-private will only remove leading (left-hand) private ASNs, so in your example, 65001

Re: [j-nsp] default TTE for entries in the ARP table/cache

2008-06-20 Thread Daniel Verlouw
On Jun 20, 2008, at 5:55 PM, Judd, Michael (Michael) wrote: What is Juniper's default TTE for entries in the ARP table/cache ? RTFM? --Daniel __

Re: [j-nsp] Filter weirdness - bug?

2008-06-17 Thread Daniel Verlouw
On Jun 17, 2008, at 6:17 PM, Eric Van Tol wrote: What happens is that incoming SSH from *any* address hits "term 10- allow_local_nets" and matches. If I take out the prefix-list and put specific source addresses, it works fine. I'd like to know if I've missed something obvious before openin

Re: [j-nsp] ICMPv6 & 6PE network

2008-06-03 Thread Daniel Verlouw
On Jun 4, 2008, at 3:46 AM, snort bsd wrote: Any ideas? [EMAIL PROTECTED] set protocols mpls ? [...] ipv6-tunneling Allow MPLS LSPs to be used for tunneling IPv6 traffic ? -- Daniel Verlouw, Network Engineer BIT BV | [EMAIL PROTECTED] | +31 318 648688 DV244-RIPE | GPG: FAAF

Re: [j-nsp] VRRP for IPv6

2008-05-22 Thread Daniel Verlouw
On May 22, 2008, at 10:12 PM, Stefan Fouant wrote: > Does anyone know if and when when Juniper plans to support > draft-ietf-vrrp-unified-spec-02 (Virtual Router Redundancy Protocol > Version 3 for IPv4 and IPv6)? I need it for some IPv6 applications > which need redundancy. 8.4+ includes suppor

Re: [j-nsp] Load Balancing IPv6 Traffic Flows

2008-05-20 Thread Daniel Verlouw
On May 20, 2008, at 9:57 PM, Stefan Fouant wrote: > I'm wondering if anyone else has seen any similar problems and are > there any gotchya's when configuring load-balancing for IPv6 traffic. you cannot match on family inet and inet6 in one term, 8.5 returns the following error: [edit policy-op

Re: [j-nsp] netscreen Vpn

2008-05-15 Thread Daniel Verlouw
On Wed, 2008-05-14 at 16:12 +0300, M.Mihailidis wrote: > Anyone knows why is this?? on the general tab, change the mode-config method to push instead of the default pull. -Daniel. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.ne

Re: [j-nsp] forwarding-options hash-key family inet6

2008-03-25 Thread Daniel Verlouw
On Tue, 2008-03-25 at 05:11 -0500, Kevin Day wrote: > It also seems to work okay, and do what was expected. Is anyone else > using it without problem? layer-3 + layer-4 is the default hash setting for inet6. -- Daniel Verlouw, Network Engineer BIT BV | [EMAIL PROTECTED] | +31 318

Re: [j-nsp] Juniper SSG 140/520

2007-06-05 Thread Daniel Verlouw
On 5 Jun 2007, at 17:30, Leigh Porter wrote: > I have some 140s here and they work well. The older boxes (NS50) have > been in production for about two years now and have never had any > issues > whatsoever. Leigh, can you comment on the IPv6 support on the SSG140 ? If I understand correctly,