Re: [j-nsp] BGP/L3 routing support on EX2200 & EX2200-C

From what I've seen, the license is mainly a 'nag license,' at least for BGP. I've got quite a few customers doing BGP on the aforementioned products without the AFL, all it appears to affect is that it whines every single time a commit is performed -- yet continues to function fine. This do

Re: [j-nsp] BGP/L3 routing support on EX2200 & EX2200-C

Doug, Well yeah. I forgot to mention that the 2200 doesn't even have it available. +1 for bringing that up. -- Paul On 11/27/2013 午後 03:31, Doug McIntyre wrote: On Wed, Nov 27, 2013 at 09:24:29AM +0900, Paul S. wrote: From what I've seen, the license is mainly a 'nag lic

Re: [j-nsp] BGP/L3 routing support on EX2200 & EX2200-C

On 11/30/2013 ?? 12:45, Eugeniu Patrascu wrote: On Thu, Nov 28, 2013 at 2:11 AM, Tom Storey > wrote: Interesting. Has anyone tried this with protocols like IS-IS and with IPv6? I'd love to add an EX3200 to my lab, but shelling out for a license would

Re: [j-nsp] Únete a mi red en LinkedIn

Why exactly do these invites keep spamming these lists? Rather odd, I mean, on what logic are people trying to invite an entire list to add them onto linked in? On 12/19/2013 午後 07:39, Mohamed Elfar a través de LinkedIn wrote: LinkedIn Mohamed Elfar ha solicitado añadirt

Re: [j-nsp] Ex stack of 4 switchs stops routing, switching, ...

On 1/6/2014 午後 08:08, Laurent CARON wrote: On 06/01/2014 11:58, Maarten van der Hoek wrote: Humz….not sure if the VC will keep working! In the past an AFL license was needed, somewhere in the 12.3 branch this was changed to ‘standard licensing’ .. Laurent, can you confirm which version you’re

Re: [j-nsp] Resetting link-state and PoE on EX3300

On 1/6/2014 午後 09:53, Phil Mayers wrote: All, We're trialing the EX3300 as an edge switch and there are a couple of things we do on our current devices that I can't find an easy way to do without making a (relatively slow) config change, commit, undo, commit cycle - namely, blipping the ether

Re: [j-nsp] NTP Reflection

On 1/14/2014 午前 07:14, Jared Mauch wrote: On Jan 13, 2014, at 5:03 PM, Chuck Anderson wrote: Shouldn't this be SOP anyway? In the past many ISPs provided time to customers from the router hardware. The difference I’ve seen here is regarding the speed that devices will respond. The Juniper

Re: [j-nsp] NTP Reflection

On 1/14/2014 2:37 PM, Mark Tinka wrote: On Tuesday, January 14, 2014 03:54:29 AM John Kristoff wrote: IOS devices, at least those with which I'm familiar, don't implement the full specification that includes mode 6/7 functions so they can be somewhat less bad from an amplification perspective.

Re: [j-nsp] batch on junos ?

On 1/14/2014 午後 07:28, R S wrote: Is there a way to run a sort of .bat on SRX junos ? I mean, to run a single command from cli to do some actions (set xxx/ set yyy/ commit check / commit) ? This is useful to be runned by NOC for scheduled action every day. Tks

Re: [j-nsp] proposed changes to "clear bgp neighbor"

+1 to the 'all' requirement -- and then further include another question as suggested like 'Reset all BGP sessions? [Y/N]' That, in my opinion, is the most sane way to go about it. On 2/27/2014 ?? 05:37, Jonas Frey (Probe Networks) wrote: +1 for the "all" requirement Am Mittwoch, den 26.02.20

Re: [j-nsp] proposed changes to "clear bgp neighbor"

On 2/27/2014 午前 10:38, heasley wrote: Thu, Feb 27, 2014 at 10:30:29AM +0900, Paul S.: +1 to the 'all' requirement -- and then further include another question as suggested like 'Reset all BGP sessions? [Y/N]' Please - if you're dumb enough to enter a command that y

[j-nsp] Configuring in-band management over trunk interfaces in EX2200

Hi guys, In a bit of a bind here, what's the recommended way to configure in-band strictly management interface over a trunk port on the EX2200? I've been trying various formations of the following -- but it doesn't even register an arp entry on the l3 router. However, if I move the unit 13

Re: [j-nsp] Configuring in-band management over trunk interfaces in EX2200

Mark, It was the native-vlan-id, actually. Removing it made it all start working. Thank you! On 2/28/2014 午後 07:58, Mark Tinka wrote: On Friday, February 28, 2014 12:31:00 PM Paul S. wrote: However, if I move the unit 137 stanza from vlan.137 directly to ae0 (Removing its trunk status in

[j-nsp] Opinions on the QFX 3500 in regards to linerate L3 performance?

Hi guys, I've got a client who's interested in deploying the 3500 as TORs. He'll need to evenly distribute around 20/30g of bandwidth (via aggregated ethernet links) to multitudes of virtualized systems with individual vlans all located in singular racks. Would the QFX be an okay solution in

Re: [j-nsp] Opinions on the QFX 3500 in regards to linerate L3 performance?

hardware from juniper Sent from my iPhone On 15/03/2014, at 13:02, "Paul S." wrote: Hi guys, I've got a client who's interested in deploying the 3500 as TORs. He'll need to evenly distribute around 20/30g of bandwidth (via aggregated ethernet links) to multitudes of

Re: [j-nsp] Redundant RE setup useful?

On 6/23/2014 午後 05:07, Joerg Staedele wrote: Hi there, i am asking myself if it really makes sense to have a redundant RE setup in M and MX-series. Maybe some of you could tell me if they had a scenario where it really helped to prevent an outage. I am not talking about ISSU/NSSU feature wher

[j-nsp] Viability of EX4300 in a primarily l3 environment?

Hi folks, We're considering the EX4300 to run routing (l3) for a few hypervisors of ours that are connected via l2. Primarily interested due to the rather massive arp limit (64, 000) on the switch, but we've been told (and searched for ourselves to find out) that the 4300 platform has been p

Re: [j-nsp] Viability of EX4300 in a primarily l3 environment?

and poe it works pretty fine and we do not have any serious problems sometimes the poe controller goes down but we have a case oppened in jtac to try solve it Sent from my iPhone On 06/08/2014, at 07:15, Sebastian Wiesinger wrote: * Paul S. [2014-08-02 05:18]: Hi folks, We're consideri

Re: [j-nsp] Practice lab environments, any suggestions?

Buy the cheapest l3 switch that works for you and get JunOS firefly -- really. It does most things you could see yourself doing anytime soon. On 9/10/2014 午前 12:37, Tyler Christiansen wrote: Sorry, that should have been EX3300. On Tue, Sep 9, 2014 at 8:28 AM, Volodymyr Samodid < vladimir.samo

Re: [j-nsp] Sflow + ntop

I'm not 100% sure of this, but I believe ntop/ntopng can only parse their own Json based flow format. So, what you have to do is use nprobe to receive the flows and convert them, then transmit them to ntop's zmq server.. Please also note that nprobe is not free for commercial use. On 9/26/20

Re: [j-nsp] Sflow + ntop

Thursday, September 25, 2014 at 7:23 PM, Paul S. wrote: I'm not 100% sure of this, but I believe ntop/ntopng can only parse their own Json based flow format. So, what you have to do is use nprobe to receive the flows and convert them, then transmit them to ntop's zmq server.. Please

Re: [j-nsp] Nfsen + nfdump on mx5

nfdump has full support for IPFIX flows, which is what jflow essentially is. On 9/30/2014 午前 07:43, Rodrigo Augusto wrote: What i have to do to use ipfix with nfsen?! Does it Have support to ipfix?! Enviado via iPhone  Grupo Connectoway ___ juniper-

Re: [j-nsp] Junos MX series and Andrisoft Flow tools

Just as a thought, do both systems have time synchronized with something like ntp? I've found that it helps to use the same timezone on the system hosting WANGuard as well as the routers (You should technically be using UTC anyway) On 1/26/2015 午前 06:34, John Brown wrote: Hi, I'm looking fo

[j-nsp] Sflow on non-zero units for ELS style switches (EX4300)

Hi, In the past, I used to deploy similar configs on non-ELS switches, and they mostly worked just fine with sflow. sw# show interfaces xe-0/2/0 ether-options { 802.3ad ae1; } {master:0}[edit] sw# show interfaces ae1 description "Trunked to <>"; vlan-tagging; aggregated-ether-options {

Re: [j-nsp] Sflow on non-zero units for ELS style switches (EX4300)

Nobody ran into this one? Weird. On 3/16/2015 午後 10:40, Paul S. wrote: Hi, In the past, I used to deploy similar configs on non-ELS switches, and they mostly worked just fine with sflow. sw# show interfaces xe-0/2/0 ether-options { 802.3ad ae1; } {master:0}[edit] sw# show interfaces

Re: [j-nsp] Sflow on non-zero units for ELS style switches (EX4300)

of EX4300 in a VC on 13.2X51-D30.4. Let me attempt the config and see what happens. Mike Gonnason On Thu, Mar 19, 2015 at 6:47 AM, Paul S. wrote: Nobody ran into this one? Weird. On 3/16/2015 午後 10:40, Paul S. wrote: Hi, In the past, I used to deploy similar configs on non-ELS switc

[j-nsp] pfex: pfe_bcm sflow ipc error 0 on EX4300 VCs running sFlow

Hi guys, Picked up a few EX4300s to use as L3 switches, so far they've worked well. Deployed a few new ones today, upgraded them to the latest recommended by JTAC and set them up in a 2 member VC. I also turned on graceful switchover, commit synchronization and non-stop-routing. fpc0: --

Re: [j-nsp] iBGP and IPv6

Perhaps use a pastebin? On 4/15/2015 午後 11:24, Jonathan Call wrote: Here is the output of 'show route extensive'. Hopefully it shows up formatted properly this time. router1> ...oute 2001:db8:4000::1 extensive vr-1.inet6.0: 9 destinations, 13 routes (9 active, 0 holddown, 0 hidden)2001:db8:400

[j-nsp] VME interfaces and lo0 filters

Hi guys, Have a few EX4300 stacks here, and configured OOB management using the VME interface for them. It seems to work fine, but my lo0 protect-re filter doesn't seem to filter any vme traffic. If I try to access the device inband, it all works as expected. Before I attempt to apply the

Re: [j-nsp] pfex: pfe_bcm sflow ipc error 0 on EX4300 VCs running sFlow

identify a fix for this? About to open a JTAC case on same. :) Best, -a On Wed, Apr 8, 2015 at 10:13 PM, Paul S. wrote: Hi guys, Picked up a few EX4300s to use as L3 switches, so far they've worked well. Deployed a few new ones today, upgraded them to the latest recommended by JTAC and set

Re: [j-nsp] Core network design for an ISP

Hi Saku, What would a good lo0 filter template look like, in your opinion then? On 3/26/2016 02:50 AM, Saku Ytti wrote: And I've not yet read any lo0 filter anywhere which isn't fundamentally broken, including cymry secure templates. ___ juniper-nsp

Re: [j-nsp] pfex: pfe_bcm sflow ipc error 0 on EX4300 VCs running sFlow

Hi folks, Did anyone get a chance to try this on 15.x or 14.1-X53-D35 (current jtac rec). Did it get fixed? On 12/11/2015 01:50 AM, Paul S. wrote: Hi, Just to update everyone on this, this is still repeating on the latest recommended release (which as of now is 14.1-X53-D30) Dec 11 01:46

Re: [j-nsp] pfex: pfe_bcm sflow ipc error 0 on EX4300 VCs running sFlow

form. Have fun! 2016-05-08 11:39 GMT+02:00 Paul S. : Hi folks, Did anyone get a chance to try this on 15.x or 14.1-X53-D35 (current jtac rec). Did it get fixed? On 12/11/2015 01:50 AM, Paul S. wrote: Hi, Just to update everyone on this, this is still repeating on the latest recommended re

[j-nsp] Channelization on EX4300

Hi folks, Do the QSFP+ ports on the EX4300 support channelization (https://www.juniper.net/documentation/en_US/junos15.1/topics/task/configuration/qfx3500-3600-standalone-channel-configuring.html)? i.e: Can I break them out to 4x10g interfaces if ever needed? I've actually been unable to find

Re: [j-nsp] in-band management interface vs. re firewall concepts/bcp

Likewise, it really doesn't make much sense to me. Having to retrofit a normal port to act as management in its own vrf is stupid (and not even always possible). On 7/8/2016 07:07 AM, Clinton Work wrote: JunOS doesn't support putting management into a routing-instance and I have been pushing

Re: [j-nsp] open source packages to monitor ex2200/vc

Are you ok with putting your patches on something like github? On 8/22/2016 12:43 AM, raf wrote: Le 19/08/2016 à 17:38, William a écrit : My chat with jtac ended with blaming the monitoring SW, guys at check mk blamed juniper thou someone would look at the problem if we paid! Jtac answer do

[j-nsp] Design assistance with routing instances

Hi folks, Dealing with some rather interesting design issues lately. The main issue is that we have to partition the global table to provide "selective access" (mainly due to massive cost disparity based on where traffic goes, this is in Asia) to customers as they want. Prefer to do it withi

[j-nsp] DCU matching in firewall filter

Hi j-nsp, I'm trying to use DCU to filter access to specific prefixes selectively on Juniper MX. i.e: Customer on interface ge-0/0/0 cannot send traffic to prefixes tagged by some BGP community, or perhaps it'll be sent to a policer. So we first match routes into a community, then use a rout

Re: [j-nsp] DCU matching in firewall filter

) - if egress forw FW filter is used, interface filter groups cannot be used The router that this is being deployed on will likely be a part of a mpls backbone at a later date. On 9/13/2016 11:10 PM, Saku Ytti wrote: On 13 September 2016 at 14:35, Paul S. wrote: Hey Paul, Issue is, the

[j-nsp] Recommended firmware for QFX5100-48T

Hi folks, Are everyone running the JTAC recommended 14.1X53-D35.3 or have you found better stability at some newer revision? My problem is that the "tri state" 10g ports (copper) don't seem to want to run at anything less than 10g. It links up when connected to a 1g device, but still claims

Re: [j-nsp] Recommended firmware for QFX5100-48T

Hi Joel, Thanks for replying. What are the steps to configure the ports as "ge." Do I just get rid of xe from the config and replace it with ge for that port, that's all? On 10/11/2016 12:21 AM, joel jaeggli wrote: On 10/10/16 7:34 AM, Paul S. wrote: Hi folks, Are every

Re: [j-nsp] Recommended firmware for QFX5100-48T

w. I'm certain that JTAC could help but I'll try to find something when I'm properly online. Cheers, Dale > On 11 October 2016 at 07:05, Paul S. <mailto:cont...@winterei.se>> wrote: > > > Hi Joel, > > > > Thanks for replying. > > &

[j-nsp] AS path preservation when importing from instance.inet.0 to inet.0

Hi guys, So, in a bit of a peculiar situation. I think rather than explaining it, it's possibly easier to express through configs. I've added it at the end of the email. Basically, my local-as in a ri is different compared to my local-as set in the master instance. When I import a BGP route

Re: [j-nsp] AS path preservation when importing from instance.inet.0 to inet.0

any clear drawbacks to using it? Once upon a time, I recall hearing that it was bandwidth constrained. I'm doing this on a Trio MX. [/quote] There is a bandwidth limitation, check out docs. As for when to use it, depends... Best Dragan On Sun, Oct 16, 2016 at 6:05 PM, Paul

[j-nsp] FlowSpec rules being installed, but not matching any traffic

--- Begin Message --- Hey folks, We're trying to build a little something where we block malicious traffic after detection via BGP flowspec. This is a super simple network with a pair of QFX5100-24Q-2P acting as our l3 gateways, which then runs a single VLAN. Configuration snippets below. Th

Re: [j-nsp] FlowSpec rules being installed, but not matching any traffic

Hi folks, Thanks for taking the time to reply! I was afraid that was the case, but wanted to check in with the experts regardless =) On Thu, Apr 14, 2022 at 6:25 PM Nathan Ward via juniper-nsp < juniper-nsp@puck.nether.net> wrote: > > > > -- Forwarded message -- > From: Nathan W