Hi,
On Thu, May 16, 2024 at 8:22 PM Antti Ristimäki via juniper-nsp
wrote:
> I thought this issue had been resolved already years ago, but I
> noticed that JunOS still happily forwards IPv6 packets with link-local
> source address towards remote destinations. This of course violates
> RFC4291.
Hi Mark,
On Wed, Jul 29, 2020 at 4:24 PM Mark Tinka wrote:
> I'm not sure I can be that patient, so I'm sniffing at Nokia's new
> Metro-E product line. The problem is so far, as with Juniper and Cisco,
> they've gone down the Broadcom route (some boxes shipping with Qumran,
> others with Jericho
> Are there vendor implementations?
Yes, am running in production on MX, ASR9K and NCS5500. Interops
nicely too, for the most part.
Believe Arista and others have working implementations too.
--
Daniel.
___
juniper-nsp mailing list
Hi,
On Fri, Oct 18, 2019 at 11:45 AM Gert Doering wrote:
> If yes, is this something people do over EVPN?
as an extension to 'plain' EVPN, yes. It's called EVPN-VPWS, RFC 8214.
Basically EVPN without the MAC learning.
--
Daniel.
___
juniper-nsp
Hi,
On Thu, May 9, 2019 at 1:54 PM Richard McGovern via juniper-nsp
wrote:
> Nathan, I am not sure what you want to hear, or what would make you
> satisfied, but YES Juniper [IT?] did screw-up, and a restore from back-up
> was/is not possible. So this situation is now being worked on,
Tim,
On Tue, Oct 31, 2017 at 9:00 PM, Tim St. Pierre
wrote:
> Can anyone suggest a simple way to measure interface traffic by address
> family? Currently, I'm measuring interface traffic using SNMP queries and
> just grabbing the in / out bit byte counters.
check
On Thu, May 18, 2017 at 12:44 PM, Saku Ytti wrote:
> Why would you run policer, if shaper is available.
on egress, agreed, but the OP mentioned he wants to do ingress
policing. Not many platforms support ingress shaping afaik.
--Daniel.
On Tue, Jan 10, 2017 at 7:45 PM, Brandon Ross wrote:
> I have a colleague trying to use a MPC-3D-16XGE-SFPP with SCBE2s and getting
> an "FPC misconfiguration" message in 'show chassis fpc' on an MX. It works
> fine with SCBE, just not SCBE2, they tell me.
>
> Does anyone have
Hi,
On Fri, Sep 16, 2016 at 11:38 AM, Mark Tinka wrote:
> I'd suggest 14.2R7. It's been through the wash a few times and is
> scent-free...
One word of caution for 14.2R7: I have an open case where the box
stops both logging & sending SNMP traps for link flaps. Issue
On Thu, Aug 18, 2016 at 5:46 PM, raf wrote:
> Hum my RRs do NHS, and I don't think I could easily change this.
if your RRs do NHS for l3vpn routes, it will break the fowarding path;
- in your scenario, your PEs don't have RSVP LSPs towards your RRs
- and even if they would
Hi,
On Thu, Aug 18, 2016 at 5:13 PM, raf wrote:
> I've changed resolution of bgp.inet.0 to inet.0 on RRs and PEs.
you only need to do this on your RRs, not on your PEs. And make sure
your RRs don't set NHS.
--Daniel.
___
Hi Nathan,
On Mon, Jun 20, 2016 at 6:03 AM, Nathan Ward wrote:
> Does anyone have and tricks to make l2circuit counters work properly, or, is
> this a lost cause?
on ACX1k/2k/4k, you have to explicitly enable per unit statistics
collection. We simply enable it on all
Hi,
On Wed, May 25, 2016 at 7:06 PM, Saku Ytti wrote:
> Longer time before it's end of support, better resell value on top of
> normal better scale and convergence.
definitely good and valid points, however are you willing to deploy
(what I consider) bleeding-edge code in your
Hi,
On Tue, Apr 26, 2016 at 3:31 PM, Mark Tinka wrote:
> That said, I think the MX104 feels even slower - I think having to
> commit a configuration on multiple RE's just doubly slows things down.
have you considered using the [system commit fast-synchronize] option?
Hi Aaron,
On Thu, Apr 21, 2016 at 10:20 PM, Aaron wrote:
> agould@eng-lab-5048-1# commit
> [edit vlans vlan10]
> 'interface ge-0/0/38.17'
> l2ald ACX: On a bd, for each ifd only one ifl can be added
> [edit vlans]
> Failed to parse vlan hierarchy completely
> error:
Hi Aaron,
On Thu, Apr 21, 2016 at 7:48 PM, Aaron wrote:
> [edit vlans vlan10 interface]
> 'ge-0/0/38.17'
> interface with input/output vlan-maps cannot be added to a
> routing-instance with a vlan-id/vlan-tags configured
> error: commit failed: (statements constraint
Hi Aaron,
On Tue, Apr 19, 2016 at 10:43 PM, Aaron wrote:
> Goal, to do tagging on ge-0/0/38 for 802.1q vlan tags of 10 and 17 and also,
> put those tagged frames into the SAME vlan/bridge-domain so that they can
> use the same ip subnet on the irb.10 interface that sits atop
Hi,
On Wed, Mar 30, 2016 at 10:41 PM, Aaron wrote:
> what are these routes (access-internal) ? i'm seeing them actually being
> sent over my MPLS L3VPN into my other pe's as /32 routes. very interesting.
> and seemingly very inefficient and busy. not sure that I like the idea
Hi,
On Fri, Apr 1, 2016 at 9:52 PM, Aaron wrote:
> agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0
> family inet]
> 'filter'
> Referenced filter 'local_acl' can not be used as default/physical
> interface specific with lo0 not supported on ingress
Hi,
On Mon, Feb 22, 2016 at 6:53 PM, Saku Ytti wrote:
> On pre-Trio it would disable egress filters, but on Trio it won't.
yup, Trio always uses the egress proto family, whereas DPC would use
the ingress (i.e. mpls) when vrf-table-label is used.
One more reason to love Trio :-)
>
Hi,
On Thu, Jan 28, 2016 at 10:37 PM, Saku Ytti wrote:
> Anyone remember from top of their head if or not Trio originally
> punted transit IP packets with IP options through lo0 filter or not?
http://kb.juniper.net/InfoCenter/index?page=content=KB30719=search
just came online.
Hi Jonas,
On Fri, Nov 27, 2015 at 2:20 PM, Jonas Frey (Probe Networks)
wrote:
> Does anybody have any idea if its possible to filter for such traffic?
have you looked at the firewall flexible match conditions? (avail in
14.2 for MX/MPC).
Hi,
On Mon, Nov 17, 2014 at 9:24 PM, Joerg Staedele j...@tnib.de wrote:
Currently i only know about a enhanced SSB for M20 which is available and has
16MB so this limit will not be reached in the near future but all other
(older) models only have 8MB (fixed on the board, not replacable!) and
On Mon, Nov 17, 2014 at 9:41 PM, Daniel Verlouw dan...@shunoshu.net wrote:
for the M7i and M10i there's the enhanced CFEB, basically (IIRC) a
Trio-based/-like CFEB, along with plenty more memory.
I-chip based that is...
___
juniper-nsp mailing list
Hej Mark,
On Thu, Nov 13, 2014 at 5:10 PM, Mark Tinka mark.ti...@seacom.mu wrote:
I'd deploy vMX as a route reflector. I was actually
evaluating vRR a few months ago, but it still had a long way
to go, so went with Cisco's CSR1000v (which is, basically,
IOS XE) instead.
would you be able to
Hi,
For starters, at least when we evaluated it last year, there was no switching
or IRB support.
there is now, bridge-domains + IRB with L3VPN is what we use without a problem.
We have a few hundred ACX deployed for our mobile backhaul and will
ramp up that number over the next few months.
Hi list,
before i open a tac case, wondering if anyone has seen something similar;
when we enable 'metric-out igp offset delay-med-update' towards a full-table
downstream bgp customer (exporting ~400k prefixes), CPU % of rpd process spikes
through the roof (mostly in kqread state), overall RE
Hi,
On Thu, May 10, 2012 at 1:59 AM, Richard A Steenbergen r...@e-gerbil.net
wrote:
There is a serious issue with MPLS RSVP auto-bandwidth in 10.4R9, which
can cause the reservation calculations to be off by quite a bit. The
least broken code we've found so far is 10.4S9, I'm surprised they
On Wed, May 9, 2012 at 9:13 PM, Clarke Morledge chm...@wm.edu wrote:
I am curious to know about anyone's experience with 10.4R9 over the past few
months. I have DPC only currently; i.e. no MPC hardware -- and no
MultiServices.
I've been hit by:
PR570168 - RE crash triggered by deletion and
Hi,
On Fri, Feb 17, 2012 at 17:18, Paul Stewart p...@paulstewart.org wrote:
Has anyone got 10.4R9 running on MX platform in production yet? I'm looking
for any feedback as JTAC is recommending we go to this release.
hopefully I can share some results on Tuesday...looks fine in the lab
so far,
Hi,
On Tue, Jan 24, 2012 at 08:25, Daniel Roesen d...@cluenet.de wrote:
Daniel (waiting for over a year now for a 10.4 without major bugs...)
same here...
Am I the only one who finds it extremely annoying and disturbing that
critical bugs get *introduced* this far down into an E-EOL train!?
Hi guys,
To revive this thread; does anyone know how to check what type of
packets are being matched when using an family any input filter on lo0
?
You can't seem to use log as action and the from clause only allows
some protocol independent matches;
daniel@lab# set firewall family any filter
On Fri, Aug 26, 2011 at 17:38, Clarke Morledge chm...@wm.edu wrote:
I would love to be proven wrong on this, but I do not think you can use
family any filters on the lo0 interface.
well, it does commit on M and MX running 10.4;
set firewall family any filter test term test then accept count
On Fri, Jul 22, 2011 at 22:14, Stefan Fouant
sfou...@shortestpathfirst.net wrote:
Regarding BFD's capabilities to determine member state of individual member
links, this is not currently supported by BFD. Take a look at IETF Draft
'Bidirectional Forwarding Detection (BFD) for Interface' which
Hi,
On Wed, Jul 13, 2011 at 15:18, Michael Hallgren m.hallg...@free.fr wrote:
I can't find a firm statement in the JunOS documentation, and some
tests makes me believe it's not implemented. Or am I mistaken with
the syntax? (I can use back-reference in 'replace', etc, etc...)
see
Hi,
On Wed, Jun 22, 2011 at 02:01, Harry Reynolds ha...@juniper.net wrote:
Hey all, Please pardon the wide distribution. I recall seeing postings on
this list regarding current best practices for securing Juniper Networks
Routing Engines via firewall filters.
just briefly skimmed over it,
Hi list,
Has anyone played around with RSVP/MPLS automesh feature and can share
some experiences and/or example configs? I believe it was introduced
in 10.1, but can't find anything in the release notes and docs aren't
very clear either;
On Jan 17, 2011, at 11:50 PM, Keegan Holley wrote:
Of course I can't find the link now, but just last night I read that prior
to JunOS 9.4 echo mode required a command to be entered in order to move BFD
to the forwarding plane. In or after 9.4 a new daemon was created to allow
BFD to run in
On Tue, 2010-08-31 at 08:44 -0600, David Ball wrote:
Thanks Krasimir. I'd run across that knob previously, but my understanding
is that the functionality provided by vpn-apply-export is enabled when a
router is configured as a route-reflector, which mine are already. Will
give it a whirl
Hi,
can someone give me some clue on how to translate the following Cisco
regexp to Junos ?
ip as-path access-list 1 permit ^([0-9]+)(_\1)*$
(this uses pattern recall to match AS paths whose first AS number in the
path is repeated zero or more times; basically to make sure certain
customers
On Thu, 2010-07-29 at 14:45 +0200, KJ wrote:
http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-policy/html/policy-extend-match-config3.html
I'm familiar with the manual, thank you.
I'm not sure what operator you're specifically aiming at, but stuff like
[1-65535]* doesn't work
On Jun 10, 2010, at 4:59 PM, Thomas Eichhorn wrote:
Has somebody here an idea what to allow or maybe even
a working configuration for this?
this works for us (for both singlehop and multihop paths):
term allow-bfd-control {
from {
source-prefix-list {
insert prefix
On Fri, 2010-01-08 at 07:36 -0500, Eric Van Tol wrote:
Wait, what? Can anyone confirm the removal of GE-SX-B drivers?
9.5R3.7 seems to work fine with a non-EFPC and PE-1GE-SX-B:
FEB REV 10 710-002503 removedFEB-M5-S
FPC 0
PIC 0 REV 02
On Wed, 2010-01-06 at 14:04 -0600, Richard A Steenbergen wrote:
Yeah I've seen that behavior for years now, never got around to opening
a case on it though. If you specify the table in your show route command
(either inet.0 or inet6.0) it will return the results quickly, it's
only slow if you
On Thu, 2010-01-07 at 08:04 -0500, Paul Stewart wrote:
Anyone know why some issues identified as early as January 2009 are only
being released now almost a year later?
someone forgot to hit the 'send' button? ;)
Interestingly enough, all of the PRs mentioned in these bulletins are
not
On Wed, 2009-12-16 at 16:39 +0100, Daniel Verlouw wrote:
It's most obvious with IPv6 neighbors receiving a full feed (+/- 2400
prefixes) from us, whereas the same command with an IPv4 neighbor
receiving a full feed (300k prefixes) is almost instantaneous.
funny enough, I just ran into the same
Hi all,
has anyone ever seen the behaviour below? I've been going back and forth
with JTAC for months now without any result (which seems to be the norm
nowadays...). We just upgraded a few M-series boxes from 9.3 to 9.5R3
and the issue still persists. It seems the issue was introduced in one
of
On Wed, 2009-11-11 at 15:19 +0530, chandrasekaran iyer wrote:
Has anyone downgraded the PIC? how to do it? Which PICs are
supported by 6.1 release.
downgrade the PIC? What exactly do you want to achieve? And I'm more
curious about why you would want to run JUNOS version that's EOLd over 5
On Fri, 2009-09-18 at 01:16 -0700, Hoogen wrote:
Now from my understanding of the question I need to deny the longer more
specific routes... on R5 filter saying 172.16.40/29 longer the reject...
yes it is quite common to suppress the more specifics. A more scalable
approach would be to use the
Hi Harry,
On Aug 12, 2009, at 6:50 PM, Harry Reynolds wrote:
T-series platforms with e-fpcs and MX can hash on multiple MPLS
labels while *also* hashing on L3 and l4.
This seems to jive with the docs at:
On Fri, 2009-07-31 at 16:43 +0500, mas...@nexlinx.net.pk wrote:
So does it mean that ISIS
traffic is always treated as BE. Is there anything else that is hardcoded
for ISIS QoS?
IS-IS is mapped to the NC forwarding class (queue 3).
Check
On Wed, 2009-05-27 at 19:01 +0200, Daniel Verlouw wrote:
JTAC has decoded the core dumps and on initial analysis it appears to
match PR 448745 - RPD core at krt_inh_lock_internal. The PR doesn't
mention 9.3 as affected though. I'll keep the list posted on any
progress.
JTAC is now
Hi,
anyone else seeing messages similar to the following? We started seeing
several of these after upgrading one of our M120s to 9.3R3.8 last night.
May 27 10:28:05.806 2009 jun1.bit-1 rpd[1149]: %
DAEMON-3-RPD_ASSERT_SOFT: Soft assertion failed rpd[1149]: file
Hi Richard,
On May 27, 2009, at 5:16 PM, Richard A Steenbergen wrote:
I had a similar issue (well the exact same message, but I'm assuming
different root causes) back in 8.2R2. It turned out to be PR99220, and
was mostly cosmetic (minus the big scary log message that looked
like a
rpd core
Hi David,
On May 27, 2009, at 9:18 PM, david@orange-ftgroup.com david@orange-ftgroup.com
wrote:
Do you have some configuration at this level edit protocols bgp
path-selection ?
no, it's empty.
Did the RPD restart ? It seems that yes : %KERN-6: pid 12767
(rpd),uid 0: exited on
On Feb 25, 2009, at 9:34 PM, Stefan Fouant wrote:
I'd like to tragger some sort of alert when the traffic exceeds my
policer configuration and packets start being discarded. I looked
through JUNIPER-FIREWALL-MIB and didn't see anything along the lines
of what I'm looking for.
Anyone else
On Fri, 2009-02-20 at 12:00 +, Berislav Todorovic wrote:
I'm wondering if there is a way to limit the AS path length in JUNOS.
Yeah, bgp maxas-limit is available in JUNOSe, as well as in Cisco IOS,
but I can't find any reference to it for JUNOS (M/MX/T Series).
Any info will be greatly
On Nov 14, 2008, at 8:38 PM, SunnyDay wrote:
but what if i have 4509:65001:4356:65444
will it remove both private or only 65001 and when it checks the
next (4356) stops and does not remove 65444
remove-private will only remove leading (left-hand) private ASNs, so
in your example,
On Jun 20, 2008, at 5:55 PM, Judd, Michael (Michael) wrote:
What is Juniper's default TTE for entries in the ARP table/cache ?
RTFM?
http://www.juniper.net/techpubs/software/junos/junos85/swconfig85-system-basics/id-10920970.html
--Daniel
___
On Jun 4, 2008, at 3:46 AM, snort bsd wrote:
Any ideas?
[EMAIL PROTECTED] set protocols mpls ?
[...]
ipv6-tunneling Allow MPLS LSPs to be used for tunneling IPv6
traffic
?
--
Daniel Verlouw, Network Engineer
BIT BV | [EMAIL PROTECTED] | +31 318 648688
DV244-RIPE | GPG: FAAF
On May 20, 2008, at 9:57 PM, Stefan Fouant wrote:
I'm wondering if anyone else has seen any similar problems and are
there any gotchya's when configuring load-balancing for IPv6 traffic.
you cannot match on family inet and inet6 in one term, 8.5 returns the
following error:
[edit
On Wed, 2008-05-14 at 16:12 +0300, M.Mihailidis wrote:
Anyone knows why is this??
on the general tab, change the mode-config method to push instead of the
default pull.
-Daniel.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
On Tue, 2008-03-25 at 05:11 -0500, Kevin Day wrote:
It also seems to work okay, and do what was expected. Is anyone else
using it without problem?
layer-3 + layer-4 is the default hash setting for inet6.
--
Daniel Verlouw, Network Engineer
BIT BV | [EMAIL PROTECTED] | +31 318 648688
63 matches
Mail list logo