Quantcast
Channel: All Routing posts
Viewing all 8688 articles
Browse latest View live

Re: Filter based forwarding not working on mx

May 23, 2016, 10:51 pm
$
0
0

Hello,

 

sheeel wrote:

 

 

i have made few changes on the filter and the next hope for the default route in the routing instance is the p2p IP between R3 and upstream provider (10.10.10.1/30), with the resolve option, the route is resolved to the outgoing interface towords R3 from R1. the config is done on R1. 

.

Is it still not working? If not, then please post exact symptoms, i.e. DNS resolution ok but cannot open whatever webpage; ping ok but no traceroute, etc.

At a glance I don't see any issues with the new config, the necessary routes are  in place, the filters look applied to right interfaces.

HTH

Thx

Alex

Search

Re: OSPF routing problem

May 24, 2016, 7:50 am
$
0
0

I can ping vlan 16 hosts froom the cli of stack 2 but when I add the l3 interface the connectivity drops. What could be causing that to happen?

 

Currently the Vlan 16 subnet is showing in the routing table and in the ospf route. I do not understand why the hosts on stack 2 cannot communicate with the hosts on stack 1. Please let me know what other information I can provide.

Re: OSPF routing problem

May 24, 2016, 8:06 am
$
0
0

It seems that you have layer 3 separation between your 2 switch stacks. Is that correct? If so are the hosts on VLAN 16 on STACK1 on different subnet to those on STACK2?

Re: Error message after upgrade MX-5 to version 13.3R8.7

May 24, 2016, 8:08 am
$
0
0

HI,

 

Did you ever manage to figure this out? Maybe downgrade to previoous JUNOS version and see if it was resolved?

 

Thanks,

-N

Re: Cannot use command "show vlan" in MX960

May 24, 2016, 8:23 am
$
0
0

Thank you so much for your reply. The router has vlan. please see below. but when I enter command show bidge damain, it shows nothing. Maybe I did something wrong? 

 

xe-1/0/0.10 up up aenet --> ae1.10
xe-1/0/0.17 up up aenet --> ae1.17

Re: OSPF routing problem

May 24, 2016, 10:14 am
$
0
0

Yes there is l3 separation between the stacks. The Stacks are connected via redundant fiber ports that have their own subnet and are a part of ospf area 0.0.0.0. The links connecting the stacks are not memebers of any vlans and are not configured as trunk ports. This confused me when I came aboard because all previous expirence utlized trunk links to connect switches. I am assuming it is not necessary because of ospf. All of the hosts in Vlan 16 share are in the same subnet.

Explaination on traceroute

May 24, 2016, 8:31 pm
$
0
0

I am running protocol ospf on my lab Router.I have a load balancing policy configured on the forwarding table on my Router. The detialed output for an external route seen in the routing table is as below.

 

admin@R6# run show route 172.30.63.1/32 detail 

inet.0: 56 destinations, 64 routes (56 active, 0 holddown, 0 hidden)
172.30.63.1/32 (1 entry, 1 announced)
        *OSPF   Preference: 150
                Next hop type: Router, Next hop index: 262149
                Address: 0x94e4280
                Next-hop reference count: 73
                Next hop: 172.16.0.29 via ge-0/0/4.123
                Next hop: 172.16.0.37 via ge-0/0/4.135, selected
                State: <Active Int Ext>
                Local AS: 4012345678 
                Age: 6:41       Metric: 1       Tag: 2624 
                Task: OSPF
                Announcement bits (3): 0-KRT 4-LDP 7-Resolve tree 2 
                AS path: I

inet.3: 35 destinations, 42 routes (6 active, 0 holddown, 34 hidden)

The forwarding table is also showing 2 next hops installed in it for this external route.

 

admin@R6# run show route forwarding-table destination 172.30.63.1 
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
172.30.63.1/32     user     0                    ulst 262149    24
                              172.16.0.29        ucst   625     5 ge-0/0/4.123
                              172.16.0.37        ucst   626    13 ge-0/0/4.135

Routing table: __master.anon__.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   527     1

The Trace for this external route is as below.

admin@R6# run traceroute 172.30.63.1 no-resolve    
traceroute to 172.30.63.1 (172.30.63.1), 30 hops max, 40 byte packets
 1  172.16.0.29  14.933 ms  14.972 ms 172.16.0.37  19.948 ms
 2  172.16.0.21  19.811 ms 172.16.0.13  19.937 ms  20.364 ms
 3  172.30.63.1  24.715 ms  24.814 ms 172.16.0.10  25.117 ms

[edit]
admin@R6# run traceroute 172.30.63.1 no-resolve    
traceroute to 172.30.63.1 (172.30.63.1), 30 hops max, 40 byte packets
 1  172.16.0.37  14.973 ms 172.16.0.29  14.855 ms  14.969 ms
 2  172.16.0.21  20.138 ms  20.070 ms 172.16.0.13  19.780 ms
 3  172.16.0.10  25.012 ms 172.30.63.1  24.665 ms  25.152 ms

I am confused in the output of traceroute that why it is showing two next-hops in every line of trace for this route. In line 1 it is showing 172.16.0.37 as well as 172.16.0.29. Is it because of load-balancing configured on my router?? Can anyone explain in detail ?? The topology diagram is also attached.

Re: Explaination on traceroute

May 24, 2016, 9:40 pm
$
0
0

Hi,

Greeting !!!

 

I suppose, it is because of LB policy which you configure. Hence one paket he send on "172.16.0.29"  next-hop address and second packet send on "172.16.0.37".

 

Cheers Smiley Happy

Vinay

Search

Re: Error message after upgrade MX-5 to version 13.3R8.7

May 24, 2016, 10:13 pm
$
0
0

Hi,

Greeting !!!

 

Can you share below cli output.

start shell pfe networks feb0

    show nvram

    show syslog messages

 

Cheers Smiley Happy

Vinay

Re: OSPF routing problem

May 25, 2016, 1:34 am
$
0
0

If I understand this correctly you have the 172.40.1/24 network on both switches, separated by a layer 3 network, 192.168.30.16/29. This means you have the same network in two places which means at least one of them will not work. You will either need to connect the two switches at layer 2 to extend the 172.40.1/24 network from one switch to another, or change the prefix for VLAN 16 on one of the switches. 

 

VLANs are only locally significant unless you are connecting with trunk links.

 

There is nothing wrong with setting a point to point link to connect two switches together provided they are not expected to share layer 2 dowmains. This would be considered a routed network rather than a switched network.

Logging "Input DA rejects" and "Input packet rejects"

May 25, 2016, 7:15 am
$
0
0

i have an MX960 which has extreamly high number of "Input DA rejects" and "Input packet rejects" counters

This is a link via DWDM to an ISP and we are unable to pass any traffic on the interface.  I can see my ARP reqeusts going out (which remote side learns) but I see no inbound traffic at all.

 

The only thing i'm seeing is counters for "Input DA rejects" and "Input packet rejects" constantly increasing.

 

Wondering if there is any way I can log what this traffic is, monitoring the interface doesn't show anything at all.  Trying to figue out why every inbound bit is being blocked.

Re: DPCE 20x 1GE + 2x 10GE R Issue

May 25, 2016, 11:02 am
$
0
0

Probably I have found the issue by deactivate this config under chassis:

 

}
inactive: fpc 1 {
pic 1 {
tunnel-services {
bandwidth 1g;
}

This config was not in use.

Re: Explaination on traceroute

May 25, 2016, 12:00 pm
$
0
0

If you may please explain in detail.

 

Any links to explain this.

 

regards

Re: Explaination on traceroute

May 25, 2016, 10:28 pm

Re: Explaination on traceroute

May 25, 2016, 10:56 pm
$
0
0

One more ... you can compare traceroute from RE and traceroute from host behind this router. trace will be different. 

 

From RE on your first hp yoou will always see all nexthops , from host behind router on the second hop you will see only one nexthop every time.  This is RE originating traffic always balanced per-packet(real per packet , not per flow) 

Search

Re: J-Flow configuration not working

May 26, 2016, 2:12 am
$
0
0

 

Hi Abed,

 

--------------------------------

> show chassis hardware clei-models
Hardware inventory:
Item Version Part number CLEI code FRU model number
Midplane REV 03 710-013698 CHAS-BP-MX960-S
FPM Board REV 03 710-014974 CRAFT-MX960-S
PEM 0 Rev 04 740-013682 PWR-MX960-AC-S
PEM 1 Rev 03 740-013682 PWR-MX960-AC-S
PEM 2 Rev 03 740-013682 PWR-MX960-AC-S
PEM 3 Rev 03 740-013682 PWR-MX960-AC-S
Routing Engine 0 REV 15 740-013063 RE-S-2000-4096-S
Routing Engine 1 REV 15 740-013063 RE-S-2000-4096-S
CB 0 REV 20 750-031391 COUCATGBAA SCBE-MX-S
CB 1 REV 20 750-031391 COUCATGBAA SCBE-MX-S
CB 2 REV 20 750-031391 COUCATGBAA SCBE-MX-S
FPC 0 REV 41 750-028467 MPC-3D-16XGE-SFPP
FPC 1 REV 05 750-045372 COUIBBHBAA MX-MPC3E-3D
MIC 0 REV 08 750-036233 IPUCA9ZCAA MIC3-3D-2X40GE-QSFPP
FPC 11 REV 14 750-021679 DPCE-R-40GE-SFP
Fan Tray 0 REV 05 740-014971 FFANTRAY-MX960-S
Fan Tray 1 REV 05 740-014971 FFANTRAY-MX960-S

--------------------------------

 

Does appear to be creating j-flow's - just not exporting them:

 

--------------------------------

> show services accounting flow inline-jflow fpc-slot 0
Flow information
FPC Slot: 0
Flow Packets: 192337720517, Flow Bytes: 133472335558640
Active Flows: 68186, Total Flows: 8563443238
Flows Exported: 7099478760, Flow Packets Exported: 1446883793
Flows Inactive Timed Out: 6539532723, Flows Active Timed Out: 2023843979

IPv4 Flows:
IPv4 Flow Packets: 192314782225, IPv4 Flow Bytes: 133462968512818
IPv4 Active Flows: 68101, IPv4 Total Flows: 8557193619
IPv4 Flows Exported: 7093305543, IPv4 Flow Packets exported: 1441029704
IPv4 Flows Inactive Timed Out: 6533741369, IPv4 Flows Active Timed Out: 2023385799

IPv6 Flows:
IPv6 Flow Packets: 22938292, IPv6 Flow Bytes: 9367045822
IPv6 Active Flows: 85, IPv6 Total Flows: 6249619
IPv6 Flows Exported: 6173217, IPv6 Flow Packets Exported: 5854089
IPv6 Flows Inactive Timed Out: 5791354, IPv6 Flows Active Timed Out: 458180

--------------------------------

 

Your first point, can you clarify what you mean by "management interface". Below I have shared where we are sourcing the traffic:

 

--------------------------------
set groups re0 interfaces fxp0 unit 0 family inet address 10.0.0.10/25
set groups re1 interfaces fxp0 unit 0 family inet address 10.0.0.11/25

--------------------------------

 

We did attempt to change this source from FXP0 too irb.904, but we lost some hardware reporting on SNMP:

 

--------------------------------

set interfaces irb unit 904 family inet address 10.6.1.60/26 vrrp-group 9 virtual-address 10.6.1.65
set interfaces irb unit 904 family inet address 10.6.1.60/26 vrrp-group 9 priority 100
set interfaces irb unit 904 family inet address 10.6.1.60/26 vrrp-group 9 advertise-interval 2

--------------------------------

 

Kind regards,

Chris

Re: Cannot use command "show vlan" in MX960

May 26, 2016, 3:31 am
$
0
0

Hard to tell from the partial output, but it would appear your system is using the alternative method for vlan assignment, configuring directly on the interface.  In Juniper gear you can create the bridge doman/vlan and assign interfaces to this.  Or you can directly assign vlan tags to the sub interface.

 

And in your case there may also be a physical interface versus ae bundle too.  Typically here you assign the physical interface to the ae bundle then configure the sub interface parameters on the ae logical interface.

 

to have a look at the interface vlan id setup use 

show configuration interface ae1

Blackhole routes recieved & forward too upstream providers

May 26, 2016, 4:06 am
$
0
0

Hey

 

Scratching my head on this one! NTT blackholing (2914:666)

Our BGP neighbour ("neigh1" we will call them) setup blackholing through community too us - and then the end goal here is too set this up, so the routes recieved from BGP neigh1 will be forward to the upstream provider (NTT). Can anyone suggest a solution around this?

 

Any assistane would be great!


Thanks

Chris

About Junos BGP

May 25, 2016, 6:08 am
$
0
0

Helo all,

 

I have a IP Tunnel BGP with HNET. When i trace the Router IP from outside network, i can reach the router. But I couldnt reach behind the router.

I have an answer from HNEt like below.

 

"I see the prefix announced from you, however I can't ping the ......................... address either.  As I can ping your .................... address, we have reachability to your router, but it would appear that it's not forwarding the IPv6 traffic back.  On Cisco to enable IPv6 routing, the command ipv6 unicast routing needs to be issued.  Presuming JunOS may need a similar command, has such been entered onto this router?"

 

Could anyone help me about ıthat problem?

 

IPSEC with NAT to non RCF Address on Phase 2

May 26, 2016, 8:23 am
$
0
0

I'm using a SRX210 device.

 

I have a client insisting that we use NO RCF 1918 address within our IPSEC tunnel. So I believe I will need to configure a NAT-T on phase 2 of the tunnel.

 

My question is this, can I use any address that does not fall within 192.0.0.0.0, 172.0.0.0.0 & 10.0.0.0.0 (basically make up my own address). Or do I need to expand my current Public Subnet with my ISP, and use an address that falls in that new subnet?

 

 

Viewing all 8688 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>