Hello,
I want to restrict routes sent from one iBGP peer to another.
Specifically I want routes with a private AS or with no AS
(redistributed from static/connected) to be sent and nothing else.
On a Cisco router I would match on as-path "^$" or the private range
to achieve this. So in Juniper t
* Richard A Steenbergen [2010-11-11 18:12]:
> > But there is a gotcha there: Cisco WILL NOT send iBGP routes learned
> > from other iBGP peers when I configure such a policy. An MX960 on the
> > other hand WILL happly start to act like a route reflector and pass on
> > all the other iBGP routes
* Brad Fleming [2010-11-12 16:48]:
>> the MX960 with 9.6R2.11 did that. I was quite surprised as I was
>> expecting the behaviour you describe.
>
> Do you happen to have configurations saved from that situation? That
> seems like either (a) a MASSIVE BGP bug or (b) configuration causing
> unin
Hello,
I'm trying to find a junosscript RPC call to get the negotiated
speed/duplex on a link.
I tried
jcs:invoke( "get-interface-information extensive" );
which doesn't include the information. Oddly enough the CLI command
"show interface extensive | display xml" does:
complete
* Phil Shafer [2011-01-21 22:37]:
> Sebastian Wiesinger writes:
> >jcs:invoke( "get-interface-information extensive" );
>
> The string argument to jcs:invoke() can only be a method name, with
> no arguments. You can pass arguments in two ways: you can give
&g
* Phil Shafer [2011-01-24 02:51]:
> Sebastian Wiesinger writes:
> >Okay thank you for that I didn't see the "rpc" parameter behind xml.
>
> This is a recent feature, but I'm not sure of the release. 10.3, IIRC.
My 10.1 on ex2200 has the "rpc"
* Martin T [2011-06-15 00:30]:
> What is the difference between "request system halt" and "request
> system power-off" under JUNOS? Is there a possibility to completely
> turn off the router remotely(for example in case of Cisco it's
> impossible)?
On MX "power-off" turns off the RE(s) but leaves
* Martin T [2011-06-20 11:13]:
> Sebastian,
> in case one executes "request system power-off" under MX platform,
> then physical power-cycle is needed for the router in order to boot it
> up again?
Hi Martin,
yes, as far as I know. A colleague mentioned that there is apparently a
supersecret ke
* Tima Maryin [2011-10-10 14:41]:
> Hello!
>
>
> Recently RIPE NCC started to allocate addresses from 128/8 to end
> users, example:
>
> https://apps.db.ripe.net/whois/lookup/ripe/inetnum/128.0.0.0-128.0.7.255.html
>
>
> Junos software (upto and including 11.1) blocks those address by default
* Phil Bedard [2011-10-13 02:01]:
> Coming soon to at least one platform, but haven't heard anything about
> Juniper. The active/standby mechanisms work pretty well but active/active
> using something like SPBM or TRILL would be nicer.
One problem with active/standby is mac aging on the CE switc
* Phil Mayers [2011-10-21 00:03]:
> I can think of a few ways vendors could solve this. Most simply, the
> backup PE could briefly down the link, to trigger an FDB flush.
> Hell, you could probably script this using EEM in cisco-land.
Yes, I'm looking into scripting something like that with JUNOS
* Keegan Holley [2011-10-21 00:38]:
> A spanning tree TCN would do it as well. It would be nice if configuring
> STP at the edge caused the box to TCN when it gives up mastership. I
> haven't tried it but I'm pretty sure it doesn't.
Yes that would be nice and no it does not. The other way works
* David [2011-11-01 08:05]:
> I meant to say 11.2R3.3, not 10.2.
Hi David,
do you have a PR for that?
Regards
Sebastian
--
New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T
Hi,
I'm trying to setup a VLPS "Trunk" (many VLANs - one VPLS instance) on
MX960 (Trio MPC) where each site has different local VLAN-IDs which
should be bridged over VPLS.
Example:
Site 1 VPLS Site 2
LAN1: vl100 vl10vl200
LAN2: vl301 vl11vl201
I di
* Jeff Richmond [2011-12-21 21:39]:
> Yes, doing a lab eval on it and it has a nasty mibd leak bug.
> Running a daily 11.2 build at the moment that fixes it (precursor to
> R5 coming out in January). So, I would wait for R5 if you plan on
> doing any SNMP work at all on the box.
Same goes for VP
* Serge Vautour [2011-12-22 17:28]:
> Hello,
>
> Have you tried building this up from a very simple setup that works
> and adding complexity as you go? I've done something like this with
> the "vlan-id all" before but not with the VLAN tag manipulations at
> the same time.
Hi,
yes I begun with
* Johannes Resch [2011-12-23 12:28]:
> >* Jeff Richmond [2011-12-21 21:39]:
> >>Yes, doing a lab eval on it and it has a nasty mibd leak bug.
> >>Running a daily 11.2 build at the moment that fixes it (precursor to
> >>R5 coming out in January). So, I would wait for R5 if you plan on
> >>doing an
* Sebastian Wiesinger [2011-12-23 12:46]:
> the PR is not public at the moment. We triggered it while changing
> config in a VPLS instance (adding "vlan-id none" to it). After that
> the VPLS broke (BGP Routes for the VPLS were withdrawn and not
> readded).
Oh and to fix it
* magno [2011-12-23 15:27]:
> hi Sebastian,
>
> did you try to remove the vlan-id statement at all (I mean, no vlan-id
> none but no vlan-id at all)?
Hi,
yes I have that now and it's not doing anything. I see no mac-adresses
in show vpls mac-table.
Regards
Sebastian
--
New GPG Key: 0x93A0B
* Humair Ali [2011-12-23 16:41]:
> Sebastian,
>
> you should be able to achieve what you want by using Virtual Switch Routing
> instance instead of VPLS routing instance.
>
> you can confirgure a Virtual Switch instance with protocol VPLS in it , and
> create a bridge-domains to allow all vlans
* Daniel Verlouw [2012-01-24 10:13]:
> Hi,
>
> On Tue, Jan 24, 2012 at 08:25, Daniel Roesen wrote:
> > Daniel (waiting for over a year now for a 10.4 without major bugs...)
>
> same here...
>
> Am I the only one who finds it extremely annoying and disturbing that
> critical bugs get *introduce
Hi,
has anyone working QinQ between Cisco and Juniper running over VPLS
and with working layer2-tunneling? We have a setup like this:
EX4200 -- QinQ -- MX === VPLS === MX -- QinQ -- Cisco
We see that on both ends of the QinQ tunnel CTP/STP/LLDP Pakets are
encapsulated but on the other side nothi
* Chris Kawchuk [2012-01-24 22:54]:
> 2. Note that the EX4200's re-write the MAC Address when using QinQ
> (i.e. STP MAC 01:80:c2:00:00:00 becomes PVST+ MAC 01:00:0c:cc:cc:cd,
> for example). Ensure you are un-translating the MAC address at the
> far end MX or at the Cisco; else you end up with a
* Chris Kawchuk [2012-01-25 00:10]:
> Heh, then it's a different problem altogether. =)
>
> In your VPLS config, do you have any "vlan-id" settings set in the
> routing-instance? It's a long shot, else I have no idea why she
> ain't passing traffic...
I have "vlan-id all" set in the instance and
* Payam Chychi [2012-01-25 00:36]:
> On 12-01-24 03:14 PM, Sebastian Wiesinger wrote:
> >* Chris Kawchuk [2012-01-25 00:10]:
> >>Heh, then it's a different problem altogether. =)
> >>
> >>In your VPLS config, do you have any "vlan-id" setting
* Sebastian Wiesinger [2012-01-24 22:23]:
> Hi,
>
> has anyone working QinQ between Cisco and Juniper running over VPLS
> and with working layer2-tunneling? We have a setup like this:
>
> EX4200 -- QinQ -- MX === VPLS === MX -- QinQ -- Cisco
>
> We see that on both end
Hello,
I finally succeeded in getting dot1q-tunneling with L2PT working over
VPLS and a mixed Juniper/Cisco switch infrastructure. The switching
path goes like this:
test-server1 -- EX4200 -- MX960 == MX960 == MX960 -- EX4500 -- Cisco3560 --
test-server2
--- Q-in-Q Tunneling with L2PT
=== VPLS
* Sebastian Wiesinger [2012-02-13 13:42]:
> So I upgraded to 11.2R5.4 but still no success. The EX4500 wouldn't
> forward the packets.
>
> The solution?
>
> I had to configure
>
> set vlans qinq-vlan dot1q-tunneling layer2-protocol-tunneling all
>
> on
Hi,
I'm using a lo0 IPv6 firewall filter to protect my RE (yes, I'm
filtering IPv6). Hardware is MX960/Trio-MPC running on 11.2R5.4
I have a filter to accept all ICMPv6 that has to do with neighbor
discovery etc.:
term accept-nd {
from {
next-header icmpv6;
icmp-type [ neighb
* Kari Asheim [2012-02-21 15:01]:
> Hi,
>
> Do you have a filter on the interface?
No,
only on the RE.
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-
Hi all,
the EX4200 has really limited firewall capabilities for filters on
lo0, at least when you try to port a filter from the MX platform.
A few things I encountered:
1) input-list is not supported
2) "port" statement is not supported (only source-/destination-port)
3) Many features are not av
Hi,
is there any way for a commit script running on the EX series to get
the configuration *after* interface-ranges are applied? Right now the
interface-range ist not expanded and the individual interface
configuration is not visible for the commit script. I can manually
display it with the "| dis
* Phil Shafer [2012-03-15 15:35]:
> Sebastian Wiesinger writes:
> >is there any way for a commit script running on the EX series to get
> >the configuration *after* interface-ranges are applied? Right now the
> >interface-range ist not expanded and the individual interface
&g
* d...@infiltr8.com [2012-04-18 12:51]:
> Hi list,
>
> I have an MX80 in the lab for labbing purposes. The idea behind to use it
> primarily for JNCIE-ENT/SP studies amongst feature testing. Do any of you
> have any horror stories or recommendations on JunOS versions?
Hi,
you have to use a rela
Hello,
I'm testing a MX960 and coming from a Cisco background I'm having a
few problems/design questions regarding integration with the Cisco
network.
I have the following setup:
+-[MX960]-+
| |
|Trunk MSTP Trunk|
|
Hello,
we're using IPv6 uRPF filter on a MX960 (IRB interface) and I noticed
that it drops VRRPv3 packets (source fe80::/64, destination ff02::12).
Is this expected behaviour? It makes sense to me to drop link-local
packets but shouldn't packets that go the RE be excluded from that?
It's easily f
* Craig Askings [2012-10-23 05:44]:
> Junos Node Unifier
> Junos Node Unifier is a platform clustering program for MX Series 3D
> Universal Edge Routers that centralizes management and automates device
> configuration to enable the connection of thousands of router and switch
> ports attached to M
Hello,
is there a knob so that I can get instance-specific forwarding filters
for the BUM/flood filter option in VPLS instances? I want to define
one filter and apply it via apply-group but I need to generate
separate filters for every instance it is applied to.
I can't find documentation that su
* Per Granath [2012-11-05 10:33]:
> http://www.juniper.net/techpubs/en_US/junos11.4/topics/usage-guidelines/vpns-configuring-firewall-filters-and-policers-for-vpls.html
>
> [edit routing-instances routing-instance-name forwarding-options family vpls]
> filter input input-filter-name;
Hello,
I m
* Christopher E. Brown [2012-11-06 10:41]:
>
> And I have tested and seen exactly the opposite with 10.4R10 in both
> MX80 and all trio MX960.
>
>
> Create a policer and a vpls filter that matches unknown ucast, bcast and
> mcast.
>
> Apply to VPLS forwarding table in 2 instances
>
> ...
>
>
* Leigh Porter [2012-11-06 00:46]:
> A packet dump reveals that the TCP sender (FTP server) will send a
> segment, the LTE core will encap this segment and fragment the
> tunnel packet, these fragments enter into an MX80 and into a L3VPN
> instance but then only the first half of the fragmented da
* Saku Ytti [2012-11-06 14:27]:
> > Just to be sure, could you try to use the "interface-specific" keyword
> > for your filter?
>
> You should have tried that, it won't commit. It was first thing I tried
> when testing VPLS.
Yeah, you're right. I remembered that it didn't matter but I was
wrong.
* Leigh Porter [2012-11-06 15:54]:
> > you might be hitting PR736749:
>
> In L3VPN scenario, transit packets which require fragmentation, traversing
> over the
> mpls core, might get dropped at the egress PE, if the egress PE?s, CE facing
> interface
> is on trio chipset cards. [PR736749: This
Hello,
we're just setting up inline-jflow on MX Trio chipsets and I'm seeing
a few odd things:
1) Why is inline-jflow sending so many packets instead of putting more
then one flow in one udp packet? Every ~5 seconds I get a LOT of UDP
packets at the same time, many of them only containing 1
Hello,
we're having a strange problem with 802.1p priority values:
Packets are forwarded by VPLS. A MX960 (MPC/Trio) then forwards them
onto an EX4200 virtual chassis from where they are forwarded to an
external service provider (SP) as a VLAN tagged link.
While testing the line we noticed that
* Sebastian Wiesinger [2012-11-22 16:45]:
> I tried forcing all packets to best-effort/loss-priority low on the MX
> but that didn't change anything. I'm currently suspecting the EX4200
> to be the problem.
Okay, now I found a workaround but I'm still not sure abo
* Nick Kritsky [2012-11-22 18:15]:
> Judging on previous experience, I would blame EX, not MX. :)
> But just to be sure - can you add input counter filters to EX interface
> connected to MX? Just to be 100% sure that packets are coming in without
> weird 802.1p
Hi,
I did that (see my first mail)
* Paolo Lucente [2012-11-22 18:24]:
> > 3) The test collector is reporting missed flows. I'm not sure if that
> >is a problem with the collector or if I'm really missing flows.
> >Anyone else had this problem?
>
> It can be something else but i'm generically not surprised on this:
> nearl
* Sebastian Wiesinger [2012-11-22 16:45]:
> Hello,
>
> we're having a strange problem with 802.1p priority values:
And hello again,
a colleague from another company tested this and found out that
packets that traversed his EX switch also got their 802.1p field
messed up. So.. it
* Nick Kritsky [2012-11-22 22:45]:
> sorry, misread the original email.
> were you able to identify any pattern in which packets are remarked?
No, I couldn't see any pattern.
> also, can you share interface config for EX/MX?
It's a trunk interface on the EX and on the MX its a vlan-vpls
encapsu
* Andrew Jones [2012-08-12 05:32]:
> Hi All,
> There is a behaviour in jflow v9 which is frustrating me whereby once
> flows reach the active timeout the flow is exported, the packet and byte
> counters reset, but the flow remains in the flow table and the start time
> is not modified. According t
Hi,
I noticed that a MX80 takes quite a long time after reboot to put all
routes into the KRT. Is that normal for that box? It takes around 10
minutes after BGP is established to get all the routes into the KRT
and in the meantime we get messages like that every few seconds:
/kernel: rt_pfe_veto:
* Paul Stewart [2013-02-12 00:36]:
> What version of JunOS? Just one full table or many?
11.4R6-S1
Combined Full-Table from a few iBGP peers and around 70k routes from an
IXP. Approx. 700k Routes in RIB.
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A
* Jeff Wheeler [2013-02-12 01:03]:
> On Mon, Feb 11, 2013 at 6:15 PM, Sebastian Wiesinger
> wrote:
> > I noticed that a MX80 takes quite a long time after reboot to put all
> > routes into the KRT. Is that normal for that box? It takes around 10
> > minutes after BGP i
* Stacy W. Smith [2013-02-12 01:18]:
> Do the KRT error messages go away if you unconfigure sampling? Any
> change in the KRT installation time with sampling turned off?
I'll test that. I assume I will need to completely disable the
sampling instance?
This is the only MX80 where we use inline-j
* Sebastian Wiesinger [2013-02-14 08:06]:
> * Stacy W. Smith [2013-02-12 01:18]:
>
> > Do the KRT error messages go away if you unconfigure sampling? Any
> > change in the KRT installation time with sampling turned off?
>
> I'll test that. I assume I will n
* Brandon Ross [2013-02-14 04:57]:
> On Mon, 11 Feb 2013, Jeff Wheeler wrote:
>
> >I am sorry I missed Richard Steenbergen's lightning talk at NANOG,
> >which was something like "if you want your routers to install routes,
> >call Juniper and reference PR# because they do not want to
> >fix this
* Sebastian Wiesinger [2013-02-15 00:55]:
> I just tested this after talking to JTAC. Just for reference:
>
> I had ~70k routes from 40 peers that I deactivated. I then turned them
> up again and measured with inline-jflow disabled and enabled.
>
> With inline-jflow ON: ar
* Sebastian Wiesinger [2013-02-19 10:20]:
> So... ATAC says this is expected behavior for this platform. Nothing
> wrong with the router.
>
> He even sent me lab tests that he did which proved that it takes them
> the same time in the lab.
>
> I now sent him the NANOG sl
* Saku Ytti [2013-02-19 13:09]:
> On (2013-02-19 10:54 +0100), Sebastian Wiesinger wrote:
>
> > Okay, so ATAC says that the NANOG PR has nothing to do with this case.
> > This is a hardware limitation on MX and cannot be improved according
> > to them.
>
> I th
* Sebastian Wiesinger [2013-02-19 13:57]:
> Yes, I agree. But that's a design "decision" so ATAC is not
> interested. I'll try to get this to Juniper trough my SE but I don't
> know if that'll do any good.
So Juniper is aware that this is a problem (at leas
* Sebastian Wiesinger [2013-02-21 10:31]:
> There is also a NANOG discussion regarding this:
>
> http://mailman.nanog.org/pipermail/nanog/2013-January/054694.html
Sorry I just glanced at that. That's actually a post from this list.
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (
* Stacy W. Smith [2013-02-21 15:57]:
> Sebastian,
>
> PR 836197 is a problem that some customers are seeing, but it is not
> the problem that you reported in this thread. Your issue appears to
> be (primarily) an issue with sampled.
Yes, but the underlying issue seems to be RIB/FIB sync time. An
* david@orange.com [2013-02-27 17:36]:
> Hi all
>
> Does anybody use this version in production ? if yes, did you experience some
> SW issues with it?
We're having -S1 in production and no major problems. We see a strange
problem with RE firewall filters where packets are sporadically
disca
Hello,
I'm just testing the SNMP MIBs in 11.4 for VPLS. I have a VPLS PE with
a connection table like this:
Instance: CUSTOMER1-VPLS
Local site: customer1-site3 (3)
connection-site Type St Time last up # Up trans
1 rmt RD
2
Has anyone here an easily understandable graphic for port numbering on
MX80 mic slot(s)? I can't get it right half of the time and support
staff on-site never knows which port is which. Even the labels on the
box are not really helpful.
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 2
* apurva modh [2013-03-15 12:03]:
> Are you looking for this >
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB25588&actp=RSS
YES! I am SO looking for this. This will be bookmarked until judgement
day.
Thanks!
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D
Hello,
I'm a bit puzzled by the 'Input packet rejects' counter shown by 'show
interface .. extensive'.
What exactly does that counter count?
I have this output:
Filter statistics:
Input packet count38435461
Input packet rejects 23759
Input DA reject
* Tarko Tikan [2013-04-28 19:12]:
> By 'mixed' you surely mean painful. E-s filters do not work for STP,
> period. STP traffic is captured to RE first, bypassing all ingress
> filters and is then sent out from RE to be flooded as normal
> multicast.
Hi,
I can't confirm this. We have working bpdu
* Andy Litzinger [2013-05-15 21:00]:
> Has anyone used a 10G DAC/Twinax cable between an EX4550 and other vendor
> gear? Did you use Juniper DAC cables or the other vendor cables?
>
> In particular I'm planning on linking a Cisco UCS Fabric Interconnect and
> also an F5 BigIP 4200v to a VC of
Hello,
reading PR836197 and KB26792, it seems that the RPD queue
starving/stalling was improved (even fixed?) in 11.4R8, 12.1X45-D10,
13.1R1 and 13.2R1.
To quote from the KB:
| Starving jobs are now added to a FIFO (first in-first out) queue. This
| guarantees that a starving job is always servi
Hello,
as I'm hearing conflicting information regarding bootp helper on MX
routers in a vrf routing-instance, has anyone a working configuration?
What I need:
Forward DHCP broadcast requests from one vrf interface to a central
DHCP server in the same VRF (classical bootp helper functionality). I
* Mark Tinka [2013-06-13 13:24]:
> On Thursday, June 13, 2013 01:03:04 PM Sebastian Wiesinger
> wrote:
>
> > So any information regarding this is appreciated.
>
> This was my working configuration on an MX480 running Junos
> 10.4:
>
> routing-i
* Mark Tinka [2013-06-13 13:39]:
> On Thursday, June 13, 2013 01:25:34 PM Sebastian Wiesinger
> wrote:
>
> > Okay, but for dhcp-relay you need a license which is
> > really not something we want to do just for bootp
> > helper. :)
>
> If memory serves, I think
* Saku Ytti [2013-06-14 09:51]:
> Another problem with DHCP-relay is that, AFAIK, it causes _all_ dhcp
> packets in every interface to be punted. So some transit DHCP packet
> jetting through your router in unrelated interface gets punted.
> I find this most unsatisfactory, but of course we're 'on
* Grzegorz Janoszka [2013-06-24 21:57]:
> On 24-06-13 21:07, Rob Foehl wrote:
> > According to the release notes for 11.4R8, the KRT queue stall issue
> > (PR836197) has been marked as resolved. Has anyone had a chance to
> > confirm this on a suitably session-heavy MX?
>
> You still have to wai
Hello,
I need to do a sort of "dumb" Q-in-Q on a MX box. What I want from
the MX is:
Take alle VLAN tagged frames on an Port (CE-facing) and switch
them to another interface (Core-Facing). On the core-facing interface
push VLAN 42 on the frames (Q-in-Q).
When frames arrive on the core-facing IF,
* Sebastian Wiesinger [2013-07-01 12:11]:
> Hello,
>
> I need to do a sort of "dumb" Q-in-Q on a MX box. What I want from
> the MX is:
Hello,
a follow up to my question. We decided to do MPLS CCC (as we have a
MPLS enabled core).
It works just fine with RSVP. I'l
* sth...@nethelp.no [2013-07-25 01:21]:
> > "When using inline IPFIX the only valid rate is 1. The option
> > run-length isn't configurable, because there's no need to sample data
> > from the perspective of the microcode in the Trio Lookup Block. Every
> > packet will be inspected and is subjec
* Michael Loftis [2013-07-25 23:54]:
> Good to hear, I remembered reading that mostly because it seemed so
> wrong. I don't think I'm missing any context from the book, and I
> don't have any MPC/Trio based gear to test on myself.
I also read it in dhanks book and I wrote him on IRC about it and
So, it's friday and there is PSN-2013-08-987. Am I overlooking
something or is that only a problem for people who speak OSPF with
other parties (customers, strangers,...)? I don't see the big attack
vector in comparison to speaking OSPF with others in the first
place...
Regards
Sebastian
--
GPG
* Cheikh-Moussa, Ahmad [2013-08-02 11:03]:
> Hi Sebastian,
>
> it depends on the environment. On a PtP interface it is not an issue, on a
> broadcast network, it could be an issue.
> In general, it is always recommended to turn authentication ( md5) on and
> protect the RE with a lo0 filter.
H
* Chris Morrow [2013-08-02 11:12]:
>
>
> On 08/02/2013 04:26 AM, Sebastian Wiesinger wrote:
> > So, it's friday and there is PSN-2013-08-987. Am I overlooking
> > something or is that only a problem for people who speak OSPF with
> > other parties (customers, str
* Ben Dale [2013-08-08 02:00]:
> I haven't use this in anger for a while, so apologies if some of this
> functionality is already available, but how about:
>
> - an option to disable compression of the config file
> - an option to specify the naming convention used - eg: always back up to a
> s
Hello,
I have two MX routers with a VPLS instance. The instance has an irb
interface on both routers with IPv6 VRRP configured on it.
On the backup router I see the VRRP mastership flap every few seconds.
When I look at VRRP statistics I see that it receives much less
packets than the other route
Hello,
I have the following setup:
[CE] == AE(2 links) == [MX80] --- L2VPN --- [MX80] == AE(2 links) == [CE]
The problem is that the MX80s both only send outgoing traffic to the
CE on one link of the AE bundle.
There is no hash-key/enhanced-hash-key configured on the boxes.
The configuration i
Hello,
I tried to take a MX-MPC1E-3D FPC online in a MX960 chassis in the
lab. This produced PCI errors like this:
Oct 10 13:38:41 /kernel: pic_listener_connect: conn established: mgmt
addr=0x1b80,
Oct 10 13:38:42 fpc11 CLKSYNC: master RE connection made
Oct 10 13:38:42 fpc11 vrrp_db_i
* Matjaz Straus Istenic [2013-11-10 16:27]:
> Fat fingers, sorry:
>
> On 10. nov. 2013, at 09:07, Matjaz Straus Istenic
> wrote:
>
> > If your upstream is using juniper gear, it would (technically
> > speaking, of course) very hard for them to implement such a
> > service.
> ...it would _not_ b
Hello,
has anyone here experience with MACsec on EX switches (4550/4200)?
Especially performance, caveats, problems with the required JunOS
software (JunOS Controlled)?
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE S
* Saku Ytti [2013-12-02 15:54]:
> On (2013-12-02 09:17 -0500), Phil Shafer wrote:
>
> > JUNOS uses the "fetch" app under the covers, which lacks HTTPS
> > support. We're moving to "curl", which does. I don't have an
> > ETA on this support.
>
> I believe the problem is, domestic incorrectly ca
* Phil Shafer [2014-02-26 16:42]:
> Juniper users,
>
> We've been asked to make a change the "clear bgp neighbor" command
> to make the neighbor or "all" argument mandatory. The root cause
> is the severe impact of "clear bgp neighbor" and the increasing
> accidental use of this command without
Hello,
I'm currently looking at an EX4500 setup that had a few problems
related to multicast/broadcast packets going to the CPU (and sometimes
preventing required packets like LACP reaching the CPU) of the switch.
I assume this was because the queue between PFE and CPU was full (is
there a way to
* Keegan Holley [2014-03-05 18:33]:
> I agree. It’s more likely that you had an increase in packets that
> the switch would process normally than the switch getting bored and
> suddenly deciding to read packets off the wire. If there is an IP
> interface on the network that the broadcast/multica
* Phil Mayers [2014-03-05 19:12]:
> >Chris, can you elaborate on why low TTL on multicast frames will
> >cause high CPU?
> >
> >Sebastien, as Chris pointed out anything in the 224.0.0.0/24 will hit
> >the CPU, but so will a few other ranges that fall into the Link-Local
>
> There's no inherent re
* Phil Shafer [2014-03-05 19:36]:
> [hijacking part of a thread from Keegan]
>
> Keegan Holley writes:
> >My gut says this is as much a product of Space being new as the general
> >skeptcisim most
> >router-jockeys have towards GUI/WebUI based management tools.
>
> As the on-box CLI developer,
* Clarke Morledge [2014-03-06 16:42]:
> Sebastian,
>
> No, you are not alone on this issue.
>
> For a little more context, I have seen the same type of behavior
> associated with Apple Bonjour traffic related to
> Multicast DNS reported on this thread in November, 2013:
>
> http://www.gossamer-
Hello,
I'm searching for a way to stitch a kompella L2VPN into a VPLS domain
on MX routers. I want the L2VPN pseudowire to behave like a normal
site in the VPLS.
Has anyone here done this and knows how? I found the "Internetworking
interface" (iw0) that does kind of what I'm looking for:
http://
Hello,
does anyone know if Juniper MX does opportunistic ARP? Meaning, will
it send out an ARP request by itself when an ARP entry expires (like
Cisco does) or will it wait until it needs to resolve the ARP entry
when a packet arrives?
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 2
* Mark Tinka [2014-05-26 09:18]:
> On Monday, May 26, 2014 09:10:20 AM Sebastian Wiesinger
> wrote:
>
> > does anyone know if Juniper MX does opportunistic ARP?
> > Meaning, will it send out an ARP request by itself when
> > an ARP entry expires (like Cisco does) o
* Piotr [2014-06-20 00:36]:
> Hi,
>
> Since 13:50 i have very high cpu on routing engine, router doesn't
> answer for some snmp request (re cpu, interface counters are ok) but
> besides this, looks good - router pass traffic. It looks like
> problem with chassisd process ( nanslp ?? state). I don
1 - 100 of 178 matches
Mail list logo
