.
Chris Kawchuk ([EMAIL PROTECTED])
Systems Engineering, Service Providers
Juniper Networks Inc., Canada
(866) 470-8174 toll-free
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Campbell
Sent: Monday, May 07, 2007 11:08 PM
To: juniper-nsp
:
http://www.juniper.net/techpubs/hardware/erx/junose82/bookpdfs/hw-erx-mo
dule.pdf
Cheers.
- Chris.
Chris Kawchuk ([EMAIL PROTECTED])
Systems Engineering, Service Providers
Juniper Networks Inc., Canada
local: +1 (403) 470-8174
toll-free: +1 (866) 470-8174
.
Chris Kawchuk ([EMAIL PROTECTED])
Systems Engineering, Service Providers
Juniper Networks Inc., Canada
local: +1 (403) 470-8174
toll-free: +1 (866) 470-8174
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rubens Kuhl
Jr.
Sent: Thursday
, if you start adding L3VPNs, and add more and more MPLS/VPN
routes, you will run into the 128 Mb limit quickly.
Hence, 256M is strongly recommended.
- Chris.
-Original Message-
From: Rubens Kuhl Jr. [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 01, 2007 11:01 AM
To: Chris Kawchuk
Cc
balancing when this is enabled; so as not to upset the
path/timings/order of things like VoIP RTP packets.
- Chris.
Chris Kawchuk ([EMAIL PROTECTED])
Systems Engineering, Service Providers
Juniper Networks Inc., Canada
local: +1 (403) 470-8174
toll-free: +1
. - It leads to tears... (plus any
time you adjust your network, youd have to manually re-balance all your metrics
again. aka a Netork Capacity Planner's worst nightmare...)
- Chris.
Chris Kawchuk ([EMAIL PROTECTED])
Systems Engineering, Service Providers
.!
- Chris.
-Original Message-
From: Paul Goyette
Sent: Friday, November 09, 2007 11:29 AM
To: Chris Kawchuk; 'Hamid Ahmed'; 'Andy Lamontagne'
Cc: 'juniper-nsp'
Subject: RE: [j-nsp] load balancing between juniper routers for
unequalcostpath
As both Chuck and Leigh have stated, you CAN
.
Chris Kawchuk ([EMAIL PROTECTED])
Systems Engineering, Service Providers
Juniper Networks Inc., Canada
Aden Bos wrote:
Hi,
I have configured cflowd on an m7i, but the flow data doesn't seem to
include the source or destination ASN (shows ASN0), apart from when I
am
Hi Tom,
Try this:
term 1 {
from {
destination-address {
192.168.100.0/23;
}
protocol tcp;
destination port 8935;
}
then {
count
You can override the SNMP-reported bandwidth of an interface by the
following:
interfaces {
ge-1/3/0 {
vlan-tagging;
unit 101 {
bandwidth 100m;
vlan-id 101;
family inet {
address x.x.x.x/x;
}
}
The
EX3200 - You can add 10G ports without losing the 1G ports on the main
board... has to do with the internal architecture.
EX4200 - No loss of ports anywhere. It has a 3rd PFE chip which can
handle the extra capacity.
The problem lies with the fact that the EX3200 only has 2 PFE chips,
Hi There,
sampling {
input {
family inet {
rate 1;
run-length 1;
max-packets-per-second 65535;
}
This part has me worried. It says, Sample every packet, and the next
packet too. You might want to try this instead for sakes of clairity:
Vandegrift wrote:
On Wed, Sep 16, 2009 at 08:07:13AM -0600, Chris Kawchuk wrote:
9.6 Offers the possibility of doing mixed flow-mode and packet-
mode
based on protocol, filter, or interfaces; meaning you can take
advantage
of the Security based flow/services/ALGs etc. on a J, while also
The purpose is to build a mission-critical Internet access with two
ISP (one
on each box running full table) and have a VRRP fault tolerance and
with a
small budget. It is not for pushing huge traffic, I expect around 1
to 3
Mbit average and some rare peaks at 8 - 10 Mbit during backup
Hi.
255 Groups. It's not a Limit on the M10i, it's how VRRP works.
VRRP creates a Virtual-MAC-Address to use as the MACIP for the VRRP
address (i.e. the MAC address that's returned when a device ARP's for
the address)
The GroupID in the VRRP config is used as the least-significant byte
I was wondering what the list recommends for traffic monitoring as
far as software and which method is the most popular.
Hi Brendan,
If you don't mind spending a few pennies on a commercial system, I'd
suggest Intermapper. Runs on pretty much any platform (Linux, FreeBSD,
Windows, OSX,
As long as they don't attempt to Liberate my Network =P
Regards,
- Chris.
On 2009-10-30, at 12:19 PM, Lynch, Tomas wrote:
Only an idiot will make an important announcement on a Saturday.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
Hi,
We actually just completed an RFP for:
2-3 eBGP peers (full routes)
smattering of iBGP
30k+ routes internal in OSPF
Cisco pitched an ASR 1002.
Juniper Pitched an SRX650.
We went with the SRX650 - Better throughput and about 1/2 the price of the
Cisco box.
Regards,
Hi All,
Anyone else's netflow simply stop working after they upgraded an SRX-series
to JunOS 10.0R2? (Specifically on an SRX650, but might appliy to any of the
srx-sme line, SRX240, etc...)
Worked fine under 10.0 R1. (shrug.. and 9.6R1, and 9.6 R2...etc...)
@CLGR01-CR01 show configuration
What? this isn't JTAC? =)
Regards,
- Chris.
On 2009-12-22, at 7:22 AM, Shane Short wrote:
I don't know about anyone else, but I'd really appreciate it, if every post
you posted wasn't 'urgent'.
We're not here to serve you.
-Shane
On 22/12/2009, at 10:17 PM, chandrasekaran iyer
Telnet can be enabled on any/all IP interfaces. Simply add telnet as a services
under the [edit system services] stanza.
system {
services {
telnet {
connection-limit 5;
rate-limit 5;
}
}
}
This will allow telnet on every interface.
You might
As stated before, The Advanced BGP Licence is for Route-Reflector capability.
The system does full i/eBGP out-of-the-box (normal JunOS).
Also look at the SRX series - which are basically pumped up J's running the
virtually same code. (and yes, you can kick an SRX into packet mode)
- Chris.
Do not include the ge-0/0/3 in each of your VLAN statements; as that
designates that port to be an access port per se.
You just need to have this:
vlans {
bgp {
vlan-id 12;
l3-interface vlan.12;
}
lan {
vlan-id 10;
l3-interface vlan.10;
}
wan {
is down.
/Morten
On Thu, Apr 8, 2010 at 3:23 PM, Chris Kawchuk juniperd...@gmail.com wrote:
Do not include the ge-0/0/3 in each of your VLAN statements; as that
designates that port to be an access port per se.
You just need to have this:
vlans {
bgp {
vlan-id 12;
l3
1. Check your security zone to ensure you're allowing ping on both devices, and
that the vlan.xxx interfaces are part of the zone:
i.e.:
security {
zones {
security-zone trust {
interfaces {
vlan.99 {
host-inbound-traffic {
Hi,
Per packet load balancing is actually per-flow load balancing on an
M10i/M7i.
The command is a hold-over from the very old Internet Processor version that
did per packet on the M40/M20 etc... which Juniper has left as-is in JunOS.
It does tend to throw people for a loop when they see it
I don't believe the SSG does SYN proxy'ing, correct?
It does indeed support that. Check in the screen options for SYN flood limit,
as well as enable SYN-Cookie under flow options.
- Chris.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
If you use the router template, the Security requirements (i.e. needing
policies between zones) is removed, however the device still operates in flow
mode; unless you also specifically state that family inet is in packet mode;
as well as using firewall filters on every interface and matching
We're using Intermapper, with the BGP Status Probe.
When the NMS system receives a BGP down trap, it SNMP scans all known BGP
sessions on the device; and looks for any that are not in the Established
state. If it finds one (or more), it generates an alarm/page/email for each
session that is
Simple Answer. Cost.
The SRX650 can handle about as much traffic as an M7i, at less half the price.
There's no equivalent J-series at that level. (J6350 would top out at 2Gbps).
Likewise, J-series runs virtually the same code now as the SRX series (in terms
of security),
Which begs an answer
We've now settled on 10.2R3 on our EX4200s, and EX2200s. When I tried to do
upgrades to the JTAC recommended releases I managed to almost brick my
EX2200's in the process. (i.e. when booting, they simply waited 15 mins for mgd
to settle, amongst other nasty deadlocking situations in the boot
forwarding-options {
output {
cflowd x.x.x.x {
autonomous-system-type origin;
}
}
}
}
http://juniper.cluepon.net/index.php?title=Cflowd_configuration
- Chris.
On 2010-12-10, at 6:44 AM, Correa Adolfo wrote:
Anybody knows how can
Just installed 14 x MX960s for a large Aussie Mobile company - The release
train we've decided on is 10.4R2 for now, due to EEOL support; and the fact
that 10.0 didn't support a few of the cards we added. (16x10GE Trio for example
didn't come till 10.2).
I have also hear that 10.4 also
Should just work. Ensure me0.0 is not defined anywhere in the interfaces {}
stanza.
i.e.:
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/2 {
And last, but not least:
ssh {
root-login deny;
protocol-version v2;
rate-limit 3;
}
Rate limit it in the [system services] stanza. 3 unsuccessful tries and the IP
is ignored.
- Chris.
P.S. the 'ssh' services port is defined in /etc/services. Unsure if you adjust
the line, that
Agreed.
A proper [firewall family inet] restricting ssh access with a packet filter is
a far better solution.
I assume that lo0.0 loopback filters finally work on an EX-series as of 10.4 (I
think I saw that in the release notes for 10.4R3x).
- Chris.
On 2011-04-04, at 7:02 AM, Stefan Fouant
;
}
address 4.3.2.1/32;
}
}
}
}
Hope this helps
- Chris.
On 2011-04-04, at 7:02 AM, Stefan Fouant wrote:
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of Chris Kawchuk
Sent
Hi Paul,
Try this:
interfaces {
/* Repeat for all the physical ports you need to put into the respective
aeX LACP groups */
xe-0/2/0 {
description Connection to blah;
gigether-options {
802.3ad ae0;
}
}
ae0 {
aggregated-ether-options {
Is firewall filter SAMPLER or BLOCK-FROM-INTERNET doing any type of then
accept on the remainder traffic?
If so, an accept is a terminating action, and no other filters (even
filter-chains) are evaluated; hence filter all is never called.
- Chris.
On 2011-04-06, at 7:32 AM, kwarteng wrote:
You could try:
system {
default-address-selection;
}
This will try to source all router-initiated management traffic from your
loopback address.
- Chris.
On 2011-04-13, at 8:58 PM, Alexander Shikoff wrote:
Hello,
is it possible to specify source IP address for DNS queries in JunOS?
Forgive me if this is a known bugI seem unable to mask the fxp0 management
port down alarm for the Redundant RE - host 1. (works fine for the primary RE -
host 0).
Platform: MX480, JunOS 10.3R3.7
groups {
re0 {
chassis {
alarm {
management-ethernet {
Hi Paul..!
Yeah - I tried that as well initially with no luck (and just tried again
just now...)
me@wowter show configuration chassis
alarm {
management-ethernet {
link-down ignore;
}
}
user@wowter show chassis alarms
1 alarms currently active
Alarm time Class
, at 10:52 AM, OBrien, Will wrote:
Silly question... You did use commit sync, correct?
Will O'Brien
On May 1, 2011, at 7:51 PM, Chris Kawchuk juniperd...@gmail.com wrote:
Hi Paul..!
Yeah - I tried that as well initially with no luck (and just tried again
just now...)
me@wowter
You'll need to declare your xe- port with flexible-ethernet-services, so you
can do per-unit encapsulations.
interfaces {
xe-1/0/0 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 20 {
encapsulation vlan-ccc;
vlan-id 20;
Donnerstag, den 18.08.2011, 16:22 +1000 schrieb Chris Kawchuk:
You'll need to declare your xe- port with flexible-ethernet-services, so you
can do per-unit encapsulations.
interfaces {
xe-1/0/0 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 20
I think request system zeroize is what you're looking for.
- Chris.
On 2011-08-22, at 9:45 AM, Martin T wrote:
What are the best practices for cleaning the router in order to deploy
it in some other site? I did set system root-authentication
plain-text-password in order to have some sort of
MX'es - 10.4R5.5 - looking to move to 10.4R6 soon (and R7, and R8, etc...)
EX'es - 10.4R3.4 - looking to move to 10.4R6 soon
J's - 10.2R4.8 - end of the line due to 512M memory constraints
- Chris.
On 2011-08-31, at 1:28 PM, Jackson Jacobson wrote:
I am curious about what version of junos
I think that's precisely what he's trying to avoid. =)
What we did is to use RVIs (vlan.xxx), but had a series of VLANs (VLAN 2000,
2001, 2002, 2003 etc..) setup as point-to-point /30s between the EXes inside a
VLAN. Switch 1 to Switch 2 would be VLAN 2002. Switch 2 to Switch 3 would be
VLAN
On 2011-08-31, at 4:12 PM, Morgan McLean wrote:
Well, part of good design is trying to avoid as many issues (whether likely
or unlikely) wherever reasonably possible, right?
Chris, thanks for the reply; thats what I was sort of leaning towards. I
still think even that is sort of an ugly
Chris,
Could you elaborate on:
Just need to be careful to bridge the VLAN across the trunk link as
necessary. (i.e. only bridge what you need - switch to switch - don't use
'vlan members all').
What would be the problem if I did all? I might have say tag 2001 going to a
switch that
1. RSVP reservations are just that - reservations. They don't actually
police/shape/take away available bandwidth on the interface for other traffic.
LSPs ask for bandwidth reservations so that further/additional LSPs don't
attempt to book their bandwidth on this interface if it's full. (See
Please clarify more this statement (have 5% of the available
bandwidth/buffer space) as I understood if the interface is completely
utilized using LSP traffic the buffer will be utilized and may starving the
control traffic (please correct me)
You need to understand the difference between an
On 2011-10-26, at 9:03 PM, Leigh Porter wrote:
Does anybody have any real test results of MPLS throughput on the SRX series?
I've done some work with the SRX210 doing L2Circuits/EoMPLS (for E-LINE style
ethernet), coupled with the new Gig-E SFP capable mPIM. The throughput
numbers are quite
Any reason to use MC-LAG as the termination/CE-facing method out of a VPLS,
instead of using the standard VPLS primary/backup sites to prevent layer-2
looping?
Since MC-LAG generally is tricky (I've seen dumps as well), it made us re-think
our reasons for using MC-LAG for our
In Juniper's BGP-based VPLS, you do not need to create pseudowires in-between
the VPLS instances. As long as you have one master LSP (usuallyan RSVP one)
in-between two PEs, BGP will then (by detecting which VPLS instance is
announced from which device), automatically build an inner tunnel
On 2011-11-22, at 9:55 AM, Brad Fleming wrote:
Is there any way to configure a multi-field classifier on an L2Circuit's
local drop port?
From what I've tested - Nope. Not on a J nor SRX for family ccc. (no sort of
p-bit nor DSCP inspection possible). I do hope this changes in the future.
Intermapper does this as part of it's Layer 2 discovery...
- Scans a Subnet to find all IP pingable/snmp poll-able devices in a range.
- Gathers all the MAC addresses off your EX switches,
- Looks at the MAC forwarding Table on the EX to see which MAC is out which
physical port
- Reads any ARP
Hey j-nsp Folks,
I'm pretty much at wit's end trying to get policy-based VLAN Tag Manipulation
working on an EX in a nice/non-convoluted way.
As per JNPR's docs, you can do 1:1 swapping by using the mapping statement
against an interface in the vlan declaration, in conjunction with declaring
1. EX4200 - I assume this following:
ethernet-switching-options {
dot1q-tunneling {
ether-type 0x8100;
}
}
vlans {
My-QinQ-VLAN {
vlan-id 1000;
dot1q-tunneling {
layer2-protocol-tunneling {
all;
}
}
}
}
2. Note that the EX4200's re-write the MAC
Just noticed this today - Seems JNPR has filled out the recommended release
JunOS matrix for all the products now (incl M, T, MX, QFX)
http://kb.juniper.net/InfoCenter/index?page=contentid=KB21476
- Chris.
... Riding the 10.4 MX Release Train. Next Stop, R9.
Hi Paul,
Second that. Have it on a Lab MX240 with DPC-EQ Cards at the moment.
Running IPv4/IPv6 (PE6), OSPF ABR, OSPF3, iBGP, MPLS, RSVP, LDP, L3VPNs, and
BGP VPLS w/LDP VPLS Mesh Group Interworking.
No issues so far. Haven't Tried with Trio/MPC cards yet - that'll be next week.
I'll let you
You're out of luck.
There's no way I've found to come in untagged and leave double-tagged; due to
the EX's inability to handle 2 label operations per port. Same reason you can't
support LDP MPLS L2CKT's (double-label) Martini CCCs, but you can support RSVP
MPLS (single label) Kopella CCC's on
Whoa. Good idea...!
/me scurries off to the lab to try it. although I don't know if you can
even say native-vlan-id on a QinQ access port (or if it assumes that
everything is native anyways).
Worth a shot tho - even if it is a Dodgy Hack. =)
- Chris.
On 2012-02-23, at 5:04 AM, Kevin
Dang.
No dice on the native-vlan-id option. Makes sense, as an access port (even
though it's for a QinQ access port) isn't expecting tagged vs untagged(native)
- It just grabs everything (tags or not)
configgy:
ge-0/0/11 {
description TEST Input of QinQ Tagging using native-vlan-id to
- 10.2R4.8 on J2320's 512M RAM; but in packet-mode (as I'm using it for an
MPLS/CPE endpoint), which is the last version you can use without upgrading the
CF/RAM.
- 10.4R8.5 on J2320's 1Gb RAM, packet mode (same as above as MPLS
CPE/endpoint) - I've had good luck with 10.4R8.5 so far
I cant compare j-web performance between branch and DC series. Never used
jweb on branch..
It's just as slow.
- CK.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Here's the secret sauce you're looking for to remap NC to something else, as
well as change the DSCP value of any IP packet you generate from the RE:
/* Change the name of the original nc queue to Queue-3, and rename Queue-7 to
'Network-Control' */
forwarding-classes {
Whoa. A hardened MPLS-to-the-edge box. w/1 and 10G SFP+ Optics.
Thanks Juniper! We've been waiting for a box like this for a while.
Any chance of a 1RU AC powered unit? (suitable as a Business CPE for
L3VPN/VPLS/E-Line services)
- CK.
On 2012-03-19, at 8:53 AM, Robert Hass wrote:
Hi
I'm
1. Apply the QoS schedulers/queues to the at-1/0/0 interface that has the ppp
session. (Since the 'ppp' interface isn't real).
Queues are generally only associated with the physical interface hardware. This
is what we do for our managed xDSL connections:
class-of-service {
interfaces {
Howdy All,
I'm attempting to smooth out some traffic on an MX Gig Port on an MX80-T (Trio
Card) running 11.4R2.14 (Yeah, I'm being adventurous here).
The underlying Gig link is going via a carrier lease on one of those
Ethernet-over-SONET jobbies on the Carrier's side; which is limited to
I usually set the interface physical MTU as high as it goes (per device), but
manually set protocol inet to MTU 1500 (for things like OSPF to work). This
allows for as-large-as-MTU-as-MPLS-can-do. Other address families aren't that
picky about MTU matching.
ge-1/0/5 {
description LINK to
Yup.
The EX3200 is basically an EX4200 minus the VC capability (and one less PFE
from what I remember for the uplink ports/expansion thingy).
Same single-label RSVP-style CCC's w/Optional QoS/Pbit inspection and EXP
remarking. (Kompella style). No Martini/LDP though.
*Officially Requires the
I have yet to run into any limit. There probably is one, but would need to Lab
it up and try to max it out.
I've heard of people using EX3200/4200s as a pure MPLS CCC endpoint device
(i.e. 1 LSP per physical port) as some kind of wacky olde-style M13 Mux like
we used to do in the TDM days; so
On 2012-05-18, at 9:29 AM, Saba Sumsam wrote:
flexible-vlan-tagging;
encapsulation vlan-ccc;
unit 0 {
encapsulation vlan-ccc;
vlan-id-range 700-800;
family ccc;
}
unit 400 {
family bridge {
interface-mode trunk;
vlan-id-list 400;
}
Cant do that. Youve told the MX that
Using a unix shell, to download software directly to a router, which itself
uses a unix shell..? Sorry - That's too clever (and hence; not allowed). =)
- CK.
On 2012-05-22, at 9:29 AM, Richard A Steenbergen wrote:
the proceed button at the bottom of the
EULA acceptance is
Maybe logical tunnel into a bridge? Eg
https://puck.nether.net/pipermail/juniper-nsp/2011-August/020891.html
^
Yup. I'm using this method right now to backhaul a VLAN off of an CPE
generating a Martini L2CKT endpoint, stitched into an MX480 bridge-group.
Works well.
Caveat: You lose CoS
You should be classifying on ingress.
Classification is only for 'internal' treatment. Then you do rewrite on
egress interface
Actually, You can apply multifield classifiers either at ingress or egress.
Either way works fine; unless the traffic itself is sourced from the RE (bug in
MX).
JunOS Routing for all intents and purposes is stateless.
It doesn't cache information concerning the IP lookup (CEF-Style), hence
there's no concept of a 'flow' in JunOS; so nothing per se to 'show'. (each
packet is processed 'atomically', meaning JunOS doesn't remember that this next
packet
Not costly at all; when you think about scaling it to 20,000/30,000 subscribers
per box.
BRAS's (xDSL, PPPoE, PPPoA) have massive numbers of hardware queues, and
shape/queue per individual subscriber. These boxes are designed to do this.
Examples: Juniper E-series, Cisco ASR-Series, Juniper
Layer-2 Cable is done at a BRAS (running in DHCP mode). Layer-3 Cable Plants
shape at the CMTS.
Layer-2 Optical/GPON/FTTH can be done at a BRAS (if DHCP or PPP), or can be
done at the head end GPON device; assuming the GPON is reasonably 'smart', and
understands each subscriber and their
Downstream is Shaped, Definitely.
The BRAS/CMTS/etc sets up Individual Hardware Queues for each traffic class per
subscriber. (Hence why those boxes have 16,000-64,000 HW queues per blade, as
each sub may use 2-8 queues depending on what you sell =)..)
Generally 4 prioritized queues (NC,
Apologies, as my REGEX-fu is weak today.
I'm attempting to filter off certain interface from showing up via an SNMP
walk... i.e. interfaces that are internally generated which really serve no
purpose outside the JunOS box itself: (lsi.*, lo0.16384, etc)
I want to match any ge-x/x/x interface
Your Vendor's Sales Rep and Systems Engineer should be more than happy to help
in this regard. =)
- CK.
On 2012-07-12, at 5:01 PM, Frank Norman wrote:
Dear friends,
I need suggestion for broadband network based on xDSL fiber based last
miles (GPON/Metro technologies), Subscriber base
One possibility - They're coming from inside your own network =)
Whats the source IPs on the attempts, and what device is this (EX? MX? J?
QFabric?)
- CK.
On 2012-08-13, at 5:07 AM, Robert Hass wrote:
Hi
I have Juniper running 10.4R7 with RE filter applied to lo.0 but I
still see
Hi Clarke,
We pass through BPDUs through VPLS the MX'es- but yes, miscreant users /
switches will always be a problem.
We do the following to every customer-facing VPLS instance, but only #3 would
help you here:
1. Mac Limiting per VPLS Interface (100) (i.e per 'site')
2. Mac Limiting per
Err VPLS Implies Layer 2 only.
Where is the VRP runninng in-between? Are you doing vlan-id inside the VPLS
instance for normalization, then binding an irb.x into it? I dont think that
works in SRX/J either. (l3 within VPLS).
- CK.
On 2012-08-23, at 6:39 PM, Johan Borch wrote:
VPLS
.
Regards
Johan
On Thu, Aug 23, 2012 at 11:21 AM, Chris Kawchuk juniperd...@gmail.com wrote:
Err VPLS Implies Layer 2 only.
Where is the VRP runninng in-between? Are you doing vlan-id inside the VPLS
instance for normalization, then binding an irb.x into it? I dont think that
works in SRX
Got LSPs and RSVP/LDP paths in inet.3?
- CK.
On 2012-08-27, at 11:00 PM, Frank Norman wrote:
Friends,
i am getting following messages on my M7i Router which are causing problem
with the MPLS VPN customers. Can someone explain me how to diagnose and
resolve the issue???
Junos Version
However, if the teaming you want to achieve is purely for redundancy,
..This can be enforced on the Server-side (in some type of active/passive
control on the server's OS), and hence you can just make the SRX's use normal
access ports.
Weve done this for our VMWare clusters; as well as for
I've always had troubles using an EX4200 as a P router.
The only way Ive gotten it to kinda work is to build an LSP with the endpoint
having protocols { mpls { explicit-null; }}, so any EX4200 in the middle
doesn't try to 'pop' the outer label if it happens to be the penultimate…
although my
Really? Wow. !
That must be new that the EX4200 supports LDP.
Which version of JunOS did they add LDP support into the 32/42 EX-series?
Just tried checking the JNPR website and the data sheets. All I can find
officially is RSVP/CCC support. Let me know where you spotted that. That opens
up
BTW, I also saw in the 12.2 Release Notes that LDP-based L2CKTs are now
supported on the EX4500/4550.
You can maybe use an l2circut/L2CKT instead of a CCC; using martini style
status-tlvs to signal end-to-end availability.
...Haven't tried this in the Lab yet. Might be worth a shot to drop the
You cannot tie 2 different connections/LSPs to the same interface, as CCC's are
purely point to point Layer-2.
You are attempting to do point-to-multipoint Layer-2 ethernet, hence VPLS is
the solution here.
- CK.
On 2012-11-25, at 10:28 AM, Saba Sumsam saba+j...@eintellego.net wrote:
Hi,
I
On 2012-11-28, at 9:36 AM, Luca Salvatore l...@ninefold.com wrote:
So - my understanding is that VPLS multihoming is used to prevent layer 2
loops. How is this accomplished?
Is it because the backup PE device does not forward any traffic (except for
LDP stuff) and hence no loop is formed
Correct (Assuming each PE only has 1 Link to the CE Network…)
Chris
- Chairman of the STP is evil and should be avoided if possible Committee. =)
On 2012-11-28, at 1:24 PM, Luca Salvatore l...@ninefold.com wrote:
Right, this is what I thought. Thanks for the info.
So this type of
I'm trying to export some OSPF routes as type 1 external instead of the
default type 2 external.
I can't seem to find where it is done - I thought it would be done in the
policy map but I don't see an option.
policy-options {
policy-statement my-ospf-export-policy {
term
You have NTP enabled, and it's properly synced?
- CK.
On 2012-12-04, at 4:28 AM, Ali Sumsam ali+juniper...@eintellego.net wrote:
The Experts Who The Experts Call
Juniper - Cisco – Brocade - IBM
___
juniper-nsp mailing list
It was my understanding that the label was logically popped on Egress (in
terms of how one would envision the packet flow); hence the outer label EXP
bits were evaluated by the BA classifier on ingress properly. (Whether it's
popped on ingress, yet evaluated prior-to-pop is a mechanics thing..)
*UNLESS* you use table-label in a l3vpn, then it gets re-classified after the
label POP.
Aha, Very true - Good ole vrf-table-label
So, to Alexandre for L3VPN, just do this:
class-of-service {
routing-instances {
all {
classifiers {
exp MY-CLASIFIER;
How does one send back an ICMP please-fragment-this Message when you're
emulating a blue wire?
No router in the middle to send back to the customer. it's an L2 service.
You're transparent to them IP-wise. No IP interface anywhere inside their
bridge to source a packet from.
- Ck.
On
1 - 100 of 166 matches
Mail list logo