I've also hade some hard times to understand the original problem
statement. However, IMHO there is one confusing potential design flaw in
the setup and it is that the aggregated /19 route is also redistributed
into OSPF by some router(s). If you have more specific routes in OSPF
and aggregate
Hi,
- On 28 Oct, 2022, at 18:14, Michael Hare via juniper-nsp
juniper-nsp@puck.nether.net wrote:
> Anyone running with less than 30s ipfix active and inactive flow timeouts
> willing to share positive or negative experiences? Our target platform is
> mx10003.
>
> We've been running active
-48S.
The hidden command "input-native-vlan-push " also seems to work
in S8, whereas in S7 it doesn't seem to have any impact.
Antti
- On 9 Apr, 2021, at 13:17, Antti Ristimäki antti.ristim...@csc.fi wrote:
> Hi Karsten,
>
> Thanks for the link, I wasn't aware of such K
t; from
> R1 or R2.
>
> Kind regards
> Karsten
>
> Am Freitag, 9. April 2021, 10:02:21 schrieb Antti Ristimäki:
>> Hi list,
>>
>> Returning to this old thread. It seems that the behaviour has again changed,
>> because after upgrading QFX5110 to 18.4R3-S7 the swit
Hi list,
Returning to this old thread. It seems that the behaviour has again changed,
because after upgrading QFX5110 to 18.4R3-S7 the switch does not add the
native-vlan tag when forwarding the frame to QinQ uplink. Previously with
version 17.3 the switch did add the native-vlan tag along
Hi,
I don't know what the current state is, but at least initially LAG was not
supported in MX204 interfaces when running them at 1G speed. At least the
official documentation states that this holds true still.
Antti
- On 18 Mar, 2021, at 13:30, Emmanuel Halbwachs
Hi,
In fact inline IPv6 BFD is supported for other than link-local addresses
starting from 18.1 IIRC. This doesn't help for IS-IS or OSPFv3, though, as
those use link-local addresses for adjacencies.
We do have IPv6 BFD enabled for IS-IS but with very relaxed timers compared to
IPv4. Haven't
Hi list,
For those that have already deployed SR-MPLS, I would be curious to know which
methodology you have followed when defining the SRGB label range? Have you just
consciously taken an overlapping label range and then during a maintenance
window restarted RPD so that other protocols using
Hi,
- On 23 Jun, 2020, at 14:57, Saku Ytti s...@ytti.fi wrote:
> Hey Mihai,
>
>
>> Is the rib-group configured under VRF auto-export supposed to be a
>> 'per-table' (instead of per-protocol) rib-group which can also export
>> routes from VRFs to non-VRF instances, default included?
>> The
Hi,
- On 13 Mar, 2020, at 20:07, Mark Tinka mark.ti...@seacom.mu wrote:
> On 13/Mar/20 19:54, Chris Adams wrote:
>
>> I'm using 1G optics on MX204 with 18.1. Not sure why you need to go to
>> 19...
>
> There are some that worked on 18, and others only worked on 19.
>
> Could be where we
+1
We've had some serious issues with Juniper AOC cables between QFX and MX. It
worked with the factory-installed version 15.1X, but then after upgrading QFX
to >=17 train caused the AOC work only between two QFX switches, but not
between QFX and MX, regardless of FEC etc. configuration. Then
configuration template or a bug.
Antti
- On 18 Jun, 2019, at 10:49, Antti Ristimäki antti.ristim...@csc.fi wrote:
> Hi colleagues,
>
> Before debugging this further, I'd like to ask whether anyone else has
> observed
> traffic disruption on QFX5k switch when a VLAN/ifl is deleted
Hi colleagues,
Before debugging this further, I'd like to ask whether anyone else has observed
traffic disruption on QFX5k switch when a VLAN/ifl is deleted from the switch
uplink interface? We have QFX5110 currently with version 17.3R3-S3.3 and we see
about 5-7 seconds traffic disruption
Hi,
We also went with the Fusion with MX10k routers, just because we need 1GE
interfaces and also 10GE interfaces with e.g. colored optics. In my opinion
traditional L2 aggregation style would have been the preferred and probably
more robust way, but then depending on the satellite device it
Hi,
There might be some corner cases where running a combined RR/PE can cause
mysterious issues. For example, there was (or is - I'm not sure whether it's
fixed or not) an issue that a RR didn't advertise iBGP learned VPLS routes when
the RR itself had a local attachment circuit in the given
sonnel
> spend many cycles investigating an issue not realizing that particular hidden
> apply-group config was affecting their investigation.
>
> I have a couple other semi-related (to automation / configuration
> enhancement) ER's going if folks are interested and would like to chat about
> tho
Hi colleagues,
This is something that I've been thinking quite a lot, so I would be delighted
to hear some comments, experiences or recommendations.
So, now that more and more of us are automating their network, there will be
the question about how to manage the configurations, if they are
- On 13 Jul, 2018, at 11:30, Saku Ytti s...@ytti.fi wrote:
> On Fri, 13 Jul 2018 at 06:19, Antti Ristimäki wrote:
>
>> I can see the reasoning behind disabling sub detection, but how would you
>> then
>> protect e.g. in a peering VLAN a single peer from killing a
Hi,
- On 12 Jul, 2018, at 13:54, Saku Ytti s...@ytti.fi wrote:
> c) implement ddos-protection
>- configure _every_ protocol, set 10-100pps aggregate for
> protocols you don't know you need
>- disable sub detection, enable ifl detection
I can see the reasoning behind disabling sub
We try to keep IPv4 and IPv6 configuration always distinct from each
other, where possible. Thus, not mixing v4 and v6 peerings in the same
groups. This kind of ships in the night approach makes it much more
comfortable to operate the network as it minimizes the risk that changes
related to one
Hi,
It seems that in the HW the filter is programmed with addresses for the
relevant address family only:
foo@bar> show configuration policy-options prefix-list BGP-NEIGHBORS
|display inheritance
##
## apply-path was expanded to:
## 10.10.244.98/32;
## 2001:db8:0:f001:0:fe08:0:2/128;
##
Hi list,
Returning to this past thread. We are seeing this issue also with 18.1, at
least with MX10k with dual RE, where the $USER/.ssh directory is chown'ed to
root during RE switchover. The directory can be chown'ed back to $USER for
example by deleting and re-adding [system services ssh].
Hi,
I can't seem to understand why this is happening. The thing I see is
default exp classification is this:
run show class-of-service classifier type exp name exp-default
Classifier: exp-default, Code point type: exp, Index: 10
Code point Forwarding class
On 2013-04-04 09:46, Per Granath wrote:
On Monday, April 01, 2013 02:49:02 PM ashish verma wrote:
Ingress ipv6 marking is supported on MX. You need to use 'then traffic
class'.
That sounds like classification, not rewrite...
then forwarding-class would be classification, right?
antti
Hi,
On Wed, Jan 30, 2013 at 03:44:42PM +0400, Nick Kritsky wrote:
You can use counters in jnx-cos MIB ( 1.3.6.1.4.1.2636.3.15 ).
They will give you per-queue drop counters for each interface.
I use jnxCosIfqTailDropPkts for monitoring interfaces on EX switches.
These
are the counters
ifOutDiscards counter seems to include packets dropped by RED, at least
in MX series. In our case the ifOutDiscards counter is most of the time
equal to jnxCosIfqTotalRedDropPkts given that all the dropped packets
were in the same forwarding class.
In fact, I just noticed that the behaviour
Hi,
It seems that ifq tail drops don't increment IF-MIB::ifOutDiscards
counter, whereas e.g. packets dropped by RED do. Has anyone else
encountered this and is this an expected behaviour or a known issue?
-Antti
___
juniper-nsp mailing list
On 2012-07-24 10:34, Tobias Heister wrote:
Am 24.07.2012 07:21, schrieb Antti Ristimäki:
On 2012-07-23 16:22, Tobias Heister wrote:
The document about scaling with labeled bgp [2] has a section about 6PE but it
does not help much. First of all the method explained to get interface routes
On 2012-07-23 16:22, Tobias Heister wrote:
The document about scaling with labeled bgp [2] has a section about 6PE but it does not
help much. First of all the method explained to get interface routes to inet6.3 does not
work (at least on 10.4R9 but I figured out the correct way myself) and
11.2R4.3 worked with our MX5/MX40s, although we upgraded to 11.2R6.3
because of a mib2d memory leak in 11.2R4.3. Other than that, it worked
pretty OK at least with trivial config.
AR
On 03/22/2012 10:13 AM, Tima Maryin wrote:
Hi,
Here:
On 2011-08-09 16:11, bas wrote:
Hi,
I was reading the release notes for 11.2, and I noticed a new feature:
Protection against distributed denial of service (DDoS) attacks
While debugging a suspected layer 2 loop issue, we noticed that this
feature is implemented and enabled by default in
On 2011-12-01 08:42, sth...@nethelp.no wrote:
I was reading the release notes for 11.2, and I noticed a new feature:
Protection against distributed denial of service (DDoS) attacks
While debugging a suspected layer 2 loop issue, we noticed that this
feature is implemented and enabled by
32 matches
Mail list logo
