On Jul 12, 2018, at 10:09 AM, Benny Amorsen wrote:
>
> Saku Ytti writes:
>
>> I think best compromise would be, that JNPR would offer good filter,
>> dynamically built based on data available in config and referring to
>> empty prefix-lists when not possible to infer and customer can fill
>>
On Thu, 12 Jul 2018 16:04:04 -0400,
Jason Healy wrote:
>
> On Jul 12, 2018, at 10:09 AM, Benny Amorsen
> wrote:
> >
> > Saku Ytti writes:
> >
> > That would be really wonderful. A great start would be if there was a
> > way to get just the /32 (or /128) interface IP addresses in
> >
Martin T writes:
>aren't you using grave accent("echo -e "\x60"") character? I was using
>"echo -e "\x27"" character.
Doh! I read apostrophe (even named the script apos.slax) but my
brain turned into backtick.
Yes, this looks like a JUNOS bug:
root@box> op apos char "'"
''':(null):(2) Invalid
Martin T writes:
>Is it possible to pass apostrophe character(ASCII dec code 39) as an
>argument value to SLAX script? I have tried to escape it, but it does
>not seem to work:
Quote it:
version 1.2;
param $char = "-";
main {
"got: " _ $char;
}
root@box> op apos char "`"
got: `
On Thu, Jul 12, 2018 at 7:19 PM, Aaron Gould wrote:
> I hear some chatter about systems getting old and incapable and allegedly
> being end of life or end of serviced... I just saw these links, dated July
> 10, 2018 so very recent, they mentioned how this company is using these two
> platforms
On Thu, 12 Jul 2018, Jason Healy wrote:
On Jul 12, 2018, at 10:09 AM, Benny Amorsen
wrote:
> Saku Ytti writes:
>
> > I think best compromise would be, that JNPR would offer good filter,
> > dynamically built based on data available in config and referring to
> > empty prefix-lists when not
> Of Jay Ford
> Sent: Thursday, July 12, 2018 9:26 PM
>
> On Thu, 12 Jul 2018, Jason Healy wrote:
> > On Jul 12, 2018, at 10:09 AM, Benny Amorsen
>
> wrote:
> > > Saku Ytti writes:
> > >
> > > > I think best compromise would be, that JNPR would offer good
> > > > filter, dynamically built based
On Thu, Jul 12, 2018 at 11:20 PM Phil Shafer wrote:
>
> Martin T writes:
> >Is it possible to pass apostrophe character(ASCII dec code 39) as an
> >argument value to SLAX script? I have tried to escape it, but it does
> >not seem to work:
>
> Quote it:
>
> version 1.2;
>
> param $char = "-";
>
>
Hi,
- On 12 Jul, 2018, at 13:54, Saku Ytti s...@ytti.fi wrote:
> c) implement ddos-protection
>- configure _every_ protocol, set 10-100pps aggregate for
> protocols you don't know you need
>- disable sub detection, enable ifl detection
I can see the reasoning behind disabling sub
On 10/Jul/18 23:33, adamv0...@netconsultings.com wrote:
> Now a robust transport network with appropriate redundancy and failover
> mechanisms is responsibility of each operator.
> One can use IGP tuning or take the new path computation out of the equation
> completely with FRR options: LDP
Hi,
On Wed, Jul 11, 2018 at 11:50:57PM +0100, adamv0...@netconsultings.com wrote:
> 2) Would you like to have the ability to restrict management plane protocols
> only to certain internal interfaces outside of RE filter logic (explicitly
> defining source IPs per protocol or XR-like
Hi!
Is it possible to pass apostrophe character(ASCII dec code 39) as an
argument value to SLAX script? I have tried to escape it, but it does
not seem to work:
root@vmx1> op test chr '
''':(null):(2) Invalid expression
error: runtime error
error: Evaluating user parameter chr failed
root@vmx1>
I thought I had it by being cunning, but, no!
{master}
nward@mx> op test chr \x27
''':(null):(2) Invalid expression
error: runtime error
error: Evaluating user parameter chr failed
{master}
nward@mx> op test chr \\x27
'\'':(null):(3) Invalid expression
error: runtime error
error: Evaluating user
Hi,
On Thu, Jul 12, 2018 at 02:20:42AM +0300, Saku Ytti wrote:
> Of course this cannot happen, because you can't just randomly kill
> people new breaking default configs. Which is another issue I think
> vendors should address, so that they could evolve out-of-the-box
> defaults over time. I
Saku Ytti writes:
> I think best compromise would be, that JNPR would offer good filter,
> dynamically built based on data available in config and referring to
> empty prefix-lists when not possible to infer and customer can fill
> those prefix-lists if needed. And also have functional
This is probably a silly question but do you have any idea why ftp, http, and
https show up as open ports in a port scan on an MX80 even when the services
are unconfigured?
Not shown: 997 filtered ports
PORTSTATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp open https
[drew@nessie
Hey Drew,
No idea. There isn't really command in JunOS to ask which PID is
listening on given port. I'm sure it's possible with dtrace, but I'm
not gonna figure out how to do it. I suspect inetd though.
On Thu, 12 Jul 2018 at 16:51, Drew Weaver wrote:
>
> This is probably a silly question but do
So just to throw a question out there:
When I last looked at SR this was a big empty hole when it came to multicast.
As we are possibly removing mLDP and RSVP from the network in favour of SR(-TE)
what are people doing to fill this void.
There were some drafts being worked on last year and if I
I believe you're right, that there isn't really anything there. But
I'd love to be wrong.
I see no reason why NG-MVPN couldn't have SR tunnel / forwarding-plane.
On Thu, 12 Jul 2018 at 13:43, Jackson, William
wrote:
>
> So just to throw a question out there:
>
> When I last looked at SR this was
I have not.
But to answer your question broadly
a) allow in very specific terms what you want to accept
- always match on source IP (except UDP traceroute and ICMP, which
you'll need to accept from world)
- always match on destination IP, if you run any L3 MSPL VPN
- always match on
> From: Saku Ytti [mailto:s...@ytti.fi]
> Sent: Thursday, July 12, 2018 12:21 AM
>
> Hey,
>
> > And there don't seem to be a way in Junos how to restrict
> > management-plane protocols only to certain interfaces no matter what RE
> filter says.
> > In XR it's as easy as specifying a list of OOB
This is from an industry perspective and not specific to Juniper. BIER won't
really happen without hardware support which is coming but will not be
compatible with a lot of already deployed hardware.
There was some IETF work going on to figure out how to map multicast to SR-MPLS
but it
Hey,
> This one I was not aware of actually, so you say that theoretically aggregate
> from all LPTS policers can be more than what a single worker queue can handle
> resulting in tail-drops (well assuming that the hashing is imperfect
> congesting this one worker queue), is that right?
I'm
I hear some chatter about systems getting old and incapable and allegedly being
end of life or end of serviced... I just saw these links, dated July 10, 2018
so very recent, they mentioned how this company is using these two platforms
for financial and government critical sectors.
24 matches
Mail list logo
