Hi,
You can use "show services sessions| match Drop" and check the drop flows. Default value for Max-drop-flow per pic is 40000 and current count is very less. This doesn't indicate any problem. It can be DoS attack.
Regards,
Rahul
↧
Re: Egress and Ingress Dropflow
↧
Re: MX Series Routing Engine and SCB datasheet
Hi,
i think this question is better off being asked to your preferred Juniper SE or partner SE as there are more factors to consider when considering these kinds of upgrades.
Things to consider includes current linecards installed, if the chassis has enhanced midplane and if it makes sense to look at new MX-platforms instead of upgrading existing ones - and considering if this is a valid approach when looking at service pricing and local sparepart stock.
Regarding RIB/FIB capacity, you will also need to provide a list of MPC's to make any suggestions on this.
But again. This is more a question for your partner or Juniper account team.
↧
↧
mpls RSVP congestion bandwidth handling
Hi all,
Can RSVP help in the scenario where if the SRX interconnect via Microwave link , when primary microwave link bandwidth is downgrade from 100mbps to 20 mbps , can the RSVP detect the congestion and swing to secondary link ?
note : SRX1 --> 1G copper to Microwave equipment -> over the air radio(~100mbs) -> 1G copper to Microwave equipment -> SRX3
Example as per topology
LSP from SRX1-SRX3 via direct ge-0/0/0 , when SRX1 to SRX3 the in between microwave link is downgrade to 20 mbps , can i switch LSP to SRX1-SRX3 via SRX2 ?
↧
Re: mpls RSVP congestion bandwidth handling
I think you should try to read about JET and this sample
https://github.com/Juniper/jet-app-store/tree/master/Microwave-BW-Notification-App
↧
Re: mpls RSVP congestion bandwidth handling
RSVP is only used during the setup and reservation signaling process. This does not do any further checking and is only aware of the configured bandwidth in RSVP for the interface. So it cannot be used for your application.
On the SRX you can use RPM probes that measure the ability of the circuit to perform in general but not with a bandwidth specific function. If the ping tests here start to fail it can switch traffic.
↧
↧
Implemented VRF import and export policy and MVPN stopped working
So I implemented a VRF import and export policy and I found that MVPN doesn't work as a result. Below is my simple topology. I'm running CentOS servers with iPerf for multicast testing. The export policy matches protocol (static/bgp/direct) and adds community. The import policy allows protocol bgp with matching community. I found that the policies work for unicast routes but MVPN does not add an interface to the OIL for multicast routes. When I deactivate the export and import policy and use the vrf-target command everything works as expected. So my question is, when using explicit VRF export and impolicies, does something have to be added for MVPN to work?
CE iPerf server Multicast Tx/RX--->(vrf-black)MX-A-->MX-B(vrf-black)--->CE iPerf server Multicast Tx/RX
I can't provide configs due to government network.
↧
Re: No default route in stub area
solved my problem by reading your sentence. Thanks!
↧
MX: access-address assignment vs dhcp-local-service
I'm going through a MX dynamic subscriber managment configuration and noticed that in case we configure MX as DHCP-server for PPPoE subscribers there's no need to configure DHCP-server in system/services/dhcp-local-server. Configure pools in access address-assignment and you're good to go. However, when it comes to IP-based subscribers you also need to configure dhcp-local-server.
Why exactly is it implemented in such a way?
↧
Re: MX: access-address assignment vs dhcp-local-service
Hi,
DHCP and PPPoE are completely different protocols.
DHCP works on DORA process. Here address is assigned by DHCP server.
Discover
Offer
Request
ACK
DHCP server is configured on MX to listen port 67 and 68. It uses AAA to assign address in case loopback address matches the pool subnet or you can assign the address via radius.
In case you don't configure the dhcp-local-server, MX will not process the DHCP discover as it won't be listen to the ports.
TEST# show system services dhcp-local-server
TEST#
TEST> show system processes extensive | grep jdhcp
TEST> show system connections | match 67
TEST> show system connections | match 68
TEST# set system services dhcp-local-server group test interface ge-0/0/0
labroot@ERX-MX960-NS-1> show system processes extensive | grep jdhcp
12067 root 2 39 0 545M 96108K select 3 0:00 0.78% jdhcpd
TEST> show system connections | grep 67
udp4 0 0 *.67 *.*
TEST> show system connections | grep 68
udp4 0 0 *.68 *.*
PPPoE has two stages. Discovery and PPP session . DHCP server doesn't play any role here.
PPPoE
PPPoE is a rather simple layer 2 protocol which allows to tunnel PPP frames accross an ethernet segment.
The protocol uses 4 way handshake where the subscriber side tries to discover the Access Concentrator (the MX in our case) available to offer service, this is the discovery phase which uses ethertype 8863. The subscriber select an offer from the AC available which answers with session id.
When successful PPPoE negotiation completes the peers have an session_ID and each other MAC addresses which is uniquely identifying a PPP session. Then start the session phase which uses ethertype 8864.
Discovery
PADI
PADO
PADR
PADS
Session
LCP [Authentication]
NCP [IP negotiation]
The Link Control Protocol is used to establish, configure, monitor and terminate the link, it is always the first protocol negotiated. Most common options negotiated during the LCP phase are MRU, authentication protocol, if options are not present default values of the parameter are assumed (i.e. MRU=1500).
PPP is a symetric peer to peer protocol and LCP phase is said to be finished only when both peers have sent and received configuration acknowlegdment to confirm alignment on the LCP parameters negotiated. NCP packets received during this phase should be silently discarded.
NCP is used by PPP to negotiate network protocols parameters. I will concentrate on IPCP since this is the most used one and corresponds to IP network protocol, in BRAS evironment Service Provider use the protocol to transport IP datagram accrros the link, to assign IP addresses and DNS address to subscribers among the most use parameters.
Regards,
Rahul
*************************************
Accept this as solution if it resolved your issue.
Kudos would be appreciated too.
↧
↧
Re: MX: access-address assignment vs dhcp-local-service
Hi. Sure, I know how DHCP and PPPoE are working and I'm aware we're dealing with two different protocols in these two cases.
I was just under impression that, roughly speaking, we have one single process which's in charge of address assignment in both cases (cause in the end in both cases whether we are talking of PPPoE or of DHCP, MX will need to assign address to subscriber from configured pool) and what confused me is that in one case we needed to explicitly list the interface and in another we didn't.
What I expected to hear is maybe a bit deeper view on how is it implemented, something like "there's in fact standalone process responsible for address allocation regardless of protocol which demands this allocation, dhcp and pppoe processes are interacting with this process when there's need to give address to subscriber".
↧
Re: MX: access-address assignment vs dhcp-local-service
Hello,
grindelwaldus wrote:what confused me is that in one case we needed to explicitly list the interface and in another we didn't.
Interface in case of DHCP local server is required to match the pool IP address range with that interface IP. To find out what pool to grab the client IP from, if You will.
Interface in case of PPPOE is not required since pool matching can be done on many more criteria including username/domain/RADIUS framed-pool attribute/etc.
HTH
Thx
Alex
↧
Re: MX: access-address assignment vs dhcp-local-service
The process responsible for address-assignment is authd in junos. You can enable the logs and check how the address-assignment is done.
TEST# show system processes
general-authentication-service {
traceoptions {
file authd size 500m files 10;
flag all;
}
}
Regards,
Rahul Nayar
↧
BGP groups and address-families
Hi, Is it possible to configure multiple address-families within a single BGP group? For example; configure 'family inet' and 'family inet-vpn' within a BGP group (type 'internal') on a PE router which peers with a route-reflector which acts as the RR for both IPv4 routes and vpn-IPv4 routes within an AS ..? Or would one need to configure a BGP group per address-family on the PE and the RR even though the peering sessions within each group would use the same neighbor IP addresses: i.e. the iBGP (family inet) group of the PE would peer with the RR's loopback address, and the MP-iBGP group (family inet-vpn) of the PE would peer with the same loopback address of the RR (and vice-versa: the iBGP group (family inet) of the RR would peer with the PE's loopback address, and the MP-iBGP group (family inet-vpn) of the RR would peer with the same loopback address of the PE) Apologies in advance if this is a dumb question but I haven't got access to a lab at the moment otherwise I'd try it and find out for myself! TIA
↧
↧
MX204 questions about Redundancy/BRAS
Hi,
I have questions about new MX204.
1. How reservation for control-plane is organized? For example, 104, 240 etc. have redundant routing-engine... What about 204?
2. Is there a functional BRAS (subcriber-management) ?
↧
Re: BGP groups and address-families
Hi,
You can configure multiple address-families in a single bgp group.
HTH
You can configure multiple address-families in a single bgp group.
HTH
↧
Re: MX204 questions about Redundancy/BRAS
Hi,
MX204 has single X86 based Routing engine and it support BNG feature. I would request you to touch base with Juniper Account team for more details.
Regards,
Rahul
↧
Re: Is possible to ECMP on vrf using only source-ip address hashing
Hi aarseniev
I have question about load balacing hashing
on PE L3VPN routing lookup use family inet loadbalance ...
on PE L2VPN/VPLS/EVPN routing lookup which family ?
on PE routing use family MPLS ?
on non MPLS routing use family inet
↧
↧
Re: Is possible to ECMP on vrf using only source-ip address hashing
Hello there,
junos.m wrote:Hi aarseniev
I have question about load balacing hashing
on PE L3VPN routing lookup use family inet loadbalance ...
And/or inet6
junos.m wrote:
on PE L2VPN/VPLS/EVPN routing lookup which family ?
On MX Trio cards, Ethernet header & payload (if IP/IPv6) is used. If not IP/IPv6, then only Ethernet header is used (i.e. PPPOE-over-VPLS usecase). If You want to customize, use "enhanced-hash-key family multiservce"
[edit] regress@R1# set forwarding-options enhanced-hash-key family ? Possible completions:> inet IPv4 protocol family> inet6 IPv6 protocol family> mpls MPLS protocol family> multiservice Multiservice protocol (bridged/CCC/VPLS) family
junos.m wrote:on PE routing use family MPLS ?
I don't understand this question. Are You referring to Carrier-of-Carriers VPN where CE sends labeled traffic? Or are You referring to examining the MPLS packets that come from the core? In either case, MX Trio looks into payload as well - to an extent just like with PPPOE-over-VPLS example above.
junos.m wrote:on non MPLS routing use family inet
and/or inet6.
HTH
Thx
Alex
↧
Re: Is possible to ECMP on vrf using only source-ip address hashing
↧
Re: Implemented VRF import and export policy and MVPN stopped working
Hello there,
Please see if this free book helps
HTH
Thx
Alex
↧