When you say not using RFC1918 within the tunnel, do you mean you are using a route based VPN utilising st0 interfaces and these must not be RFC1918 addresses?
↧
Re: IPSEC with NAT to non RCF Address on Phase 2
↧
MS-MIC
Dears,
Does any one exactly know what are the services that MS-MIC is providing?
and the required license accordingly? as i couldn't able to understand the combination between the the MS-MIC, Service and the required license.
BR,
Hrostom
↧
↧
Re: MS-MIC
Hi Hamdy,
You may want to go through the below link to understand the MIC card and the services offered;
http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/ms-mic-and-mpc-overview.html
I could only see the below two features needing license on the MIC card;
Link Services Software License—up to 64 ML bundles per Chassis for AS PIC, MS PIC and MS DPC
License to run one instance of the NAT software on one NPU per MS-MIC, MS-DPC, or MS-MPC
To check further you can refer to the below link for all the features that need licensing;
http://www.juniper.net/documentation/en_US/junos15.1/topics/topic-map/junos-software-license-features.html
Hope this helps!
↧
Re: MS-MIC
Hi,
Ms-Mic supports services like JFLOW,IPSEC,IDS,RPM,SFW,CG-NAT,SIP,NAT44/64 etc. Two types of Ms-Mic logical interfaces can be found, one interface is Sp-* and other interface type is ms-*. Mx Series devices Ms-Pic is present as an inline part of Ms-Dpc Card. As far as MS-Mic variants go they are Mspic 100/400/500 I guess but you can refer the above data-links provided.
I dont think you require any License as such for Ms-Mic but you might require licenses say for IPSEC vpn Variants / Nat Variants etc
Hope this Helps
Regards
Rakesh
Kudos if you found this to be helpful
↧
Re: About Junos BGP
Hi,
Juniper has native support for Ipv6 for Mx. If you are running Srx code base then you might have to enable is specifially.
What product / Junos are you using ? Can you see the Direct Interface populated in Inet6 table ? "show route" command would help
root@210# set security forwarding-options family inet6 mode flow-based
Refer to this Kb
http://kb.juniper.net/InfoCenter/index?page=content&id=KB25697&smlogin=true&actp=search
Regards
Rakesh
Kudos if my reply has helped
↧
↧
Re: MS-MIC
Hello,
SP- interfaces are hosted by MS-PIC, AS-PIC (EOL) or MS-DPC, not MS-MIC nor MS-MPC.
MS-PIC and AS-PIC are for M-series or T-series routers.
MS-DPC is only for MX240/480/960.
MS-MIC goes into MX5/10/40/80, MX240/480/960 with modular MPC.
MS-MPC goes into MX240/480/960, MX2010/2020.
MS-MIC and MS-MPC support only MS- or AMS interfaces. AMS can be viewed like LAG for MS- interfaces.
At this time, AMS interface supports only Stateful Firewall and NAT, no AMS support for IPSec or Jflow or other services.
No IDS or "SIP" (I guess You meant Session Border Controller, SBC) support on MS-MIC or MS-MPC, at all.
HTH
Thx
Alex
↧
L3vpn
Hi ,
Please help me to understand the following:
why routing protocol is defined under instance in L3vpn and why not define globally????
>>>set routing instance site-1 protocol bgp group EBGP type external neighbor 1.1.1.1 peer-as 100
My understanding:
routing instance contains RD, RT, CE facing interface
since, we have CE facing interface under routing instance it means that whatever traffic comes in that CE interface should be placed on the VRF table. but when i define the routing protocol globally ,my CE facing interface receives the packet and should keep it in my VRF table. but this doesn't happens.
↧
Re: L3vpn
"why routing protocol is defined under instance in L3vpn and why not define globally????"
The reason is that every route learned from the CE has to go into the vrf-table (<vrf-name>.inet.0) and not into the global table (inet.0) to keep routes separate from other VPNs (Customers)
a routing-instance (in this case vrf) consists of routing table(s), logical interfaces AND routing protocols
regards
alexander
↧
Re: L3vpn
As Alexander notes, the architecture here is to keep the ce specific routing protocols into the routing instance while the global or signaling protocols are in the root or base routing instance.
For a fuller description and base configuration examples have a look at chapter 12 in the Layer 3 VPN configuration guide.
↧
↧
Re: DPCE 20x 1GE + 2x 10GE R Issue
Also without tunnel config the issue continue.
I'll swap the board ASAP
↧
Is it possible to set an mpls based layer3 vpn on my mx 960 router?
Hi junos guys ,
I need to link my mx960 with a cisco router as a PE using a mpls based l3 vpn.
Two days ago a begin searching for some application exaples without success ... Im afraid my router does not support mpls.
I have a basic mpls background using mikrotik as LSR, so im trying to set a basic scenario with my junos box.
Ok , following some important data:
OS = 11.1R4.4
and my hardware:
Hardware inventory:
Item Version Part number Serial number Description
Chassis JN11CB986AFA MX960
Midplane REV 03 710-013698 ABAC0167 MX960 Backplane
FPM Board REV 03 710-014974 ABBN5241 Front Panel Display
PDM Rev 03 740-013110 QCS151450DA Power Distribution Module
PEM 0 Rev 05 740-029344 QCS1505V0F6 DC 4.1kW Power Entry Module
PEM 1 Rev 05 740-029344 QCS1505V0KM DC 4.1kW Power Entry Module
PEM 2 Rev 05 740-029344 QCS1505V0JN DC 4.1kW Power Entry Module
PEM 3 Rev 05 740-029344 QCS1509V0XJ DC 4.1kW Power Entry Module
Routing Engine 0 REV 15 740-013063 9012022140 RE-S-2000
Routing Engine 1 REV 15 740-013063 9012023333 RE-S-2000
CB 0 REV 10 710-021523 ABBM6676 MX SCB
CB 1 REV 10 710-021523 ABBM6764 MX SCB
CB 2 REV 11 710-021523 ABBM9394 MX SCB
FPC 0 REV 17 750-031089 ABBM6949 MPC Type 2 3D
CPU REV 06 711-030884 ABBM6921 MPC PMB 2G
MIC 0 REV 24 750-028392 ABBM9583 3D 20x 1GE(LAN) SFP
PIC 0 BUILTIN BUILTIN 10x 1GE(LAN) SFP
Xcvr 0 REV 01 740-031850 PLA0LJY SFP-LX10
Xcvr 2 REV 01 740-031851 AM1129SUSV0 SFP-SX
Xcvr 3 Lb NON-JNPR MTC134302LG SFP-T
Xcvr 4 REV 02 740-013111 B262065 SFP-T
Xcvr 5 REV 02 740-013111 B262166 SFP-T
Xcvr 7 REV 02 740-013111 B262150 SFP-T
Xcvr 8 REV 02 740-013111 B262140 SFP-T
Xcvr 9 REV 01 740-031851 AM1129SUSV3 SFP-SX
PIC 1 BUILTIN BUILTIN 10x 1GE(LAN) SFP
Xcvr 0 REV 01 740-031851 AM1129SUSUW SFP-SX
Xcvr 1 REV 01 740-031851 AM1129SUSX3 SFP-SX
Xcvr 3 REV 01 740-031850 PLA0LV6 SFP-LX10
Xcvr 4 REV 01 740-031850 PLA0LQE SFP-LX10
Xcvr 5 REV 01 740-031850 PLA0M4H SFP-LX10
Xcvr 6 NON-JNPR AC0916S0130 SFP-LX10
MIC 1 REV 26 750-028387 ABBT7281 3D 4x 10GE XFP
PIC 2 BUILTIN BUILTIN 2x 10GE XFP
Xcvr 0 REV 03 740-014289 CC22BQ039 XFP-10G-SR
Xcvr 1 REV 03 740-014289 CC22BQ033 XFP-10G-SR
PIC 3 BUILTIN BUILTIN 2x 10GE XFP
FPC 1 REV 17 750-031089 ABBL8201 MPC Type 2 3D
CPU REV 06 711-030884 ABBJ1499 MPC PMB 2G
MIC 0 REV 24 750-028392 ABBM6197 3D 20x 1GE(LAN) SFP
PIC 0 BUILTIN BUILTIN 10x 1GE(LAN) SFP
Xcvr 0 REV 01 740-031850 PLA0LZJ SFP-LX10
Xcvr 1 NON-JNPR FNS13440C3P SFP-SX
Xcvr 2 NON-JNPR FNS13440C5P SFP-SX
Xcvr 4 REV 02 740-013111 B262113 SFP-T
Xcvr 7 REV 02 740-013111 B262005 SFP-T
Xcvr 8 REV 02 740-013111 B262088 SFP-T
Xcvr 9 REV 01 740-031851 AM1129SUSV1 SFP-SX
PIC 1 BUILTIN BUILTIN 10x 1GE(LAN) SFP
Xcvr 0 REV 01 740-031851 AM1129SUSX9 SFP-SX
Xcvr 1 REV 01 740-031851 AM1129SUSV6 SFP-SX
Xcvr 2 REV 01 740-031850 PLA0LJQ SFP-LX10
Xcvr 3 REV 01 740-031850 PLA0LJW SFP-LX10
Xcvr 4 REV 01 740-031850 PLA0LJN SFP-LX10
Xcvr 5 REV 02 740-013111 B230015 SFP-T
Xcvr 6 REV 01 740-031850 PLA0LQH SFP-LX10
Xcvr 8 REV 02 740-013111 B262092 SFP-T
MIC 1 REV 26 750-028387 ABBT7280 3D 4x 10GE XFP
PIC 2 BUILTIN BUILTIN 2x 10GE XFP
Xcvr 0 REV 03 740-014289 CC22BQ032 XFP-10G-SR
Xcvr 1 REV 03 740-014289 CC22BQ03A XFP-10G-SR
PIC 3 BUILTIN BUILTIN 2x 10GE XFP
Xcvr 0 REV 01 740-031833 UN4058H XFP-10G-LR
Fan Tray 0 REV 08 740-031521 ACAD0184 Enhanced Fan Tray
Fan Tray 1 REV 08 740-031521 ACAD1611 Enhanced Fan TrayAny recomended documentation would be great !!!
Regards,
Leandro.
↧
Re: OSPF routing problem
Thank you for this. I was thinking that this would be the case but hoping I was missing something that might enable the 172.40 vlan to be routed across without trunk links or a physical connection.
↧
Re: Explaination on traceroute
http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/policy-per-packet-load-balancing-overview.html
http://www.juniper.net/techpubs/en_US/junos12.3/topics/concept/policy-per-packet-load-balancing-overview.html
http://www.juniper.net/techpubs/en_US/junos12.3/topics/usage-guidelines/policy-configuring-per-packet-load-balancing.html
These articles should help explain in details. Not sure we are understanding what you do not understand about load balancing. You have configured it and it is working as designed.
↧
↧
Re: L3vpn
Hi Alex, Thank your for your answer.
But the confusion is now between data traffic and control plane traffic.
Since the CE interface is defined under routing instance, the routing updates we get on CE should automatically go to VRF instance right?? as like the data traffic.
The data traffic which comes on CE interface will automatically go to VRF instance then why not the control plane traffic(routing updates)????
↧
Re: L3vpn
Hi,
There are two ways you have to look at this
1. traffic till ce - pe
2. traffic after reaching Pe
traffic be it be control plane or data plane as you have righly put will land on PE device VRF instance. Now, there is a MP-BGP which runs between Two PE routers globally and MPLS LSP which runs between two PE routers. These global protocols help to transport traffice (control and data of Multiple VRF Instances) while protocols at CE/VRF Level will help to communicate between your CE and PE Devices , hence you have seperation of Global and Local at VRF level so that customers can be identified based on RD/RT
↧
Re: L3vpn
Hi Rakesh, Thank you so much for sharing your views.
________ ge0/0/1 ___________
| CE |------------ | PE |
------------- ___________
VRF1 table:
RD 1:1
RT 2:3
CE interface (ge0/0/1) <<<<---------- this means that, any traffic that comes on the interface ge-0/0/1 should be placed on VRF 1 (even though ebgp protocol is defined in global level, routing updates hits the ge0/0/1 interface so it should obviously be placed in VRF1 table ryt????) if this is the case , why we need to define the protocol configuration under the routing instance
↧
Not receiving netflow v9, v5 works.
Hi,
We have an ELK environment running that gathers data and processes it to the point where end users can visualize the data and such.
Right now we're dealing with Syslogs and Netflow, but are experiencing some issues with netflow. We currently have netflow version 5 configured to be sent to a remote server on udp port 2222 and it works fine.
As you might know version 5 is quite old and doesn't offer as much as version 9 so we decided to configure our device to send over netflow v9. Nothing comes in!
What could be causing this? Version 5 works fine, but we can not receive version 9 netflow.
↧
↧
Re: Not receiving netflow v9, v5 works.
pls check below URL
you may get some help
↧
MX-104 bgp neighbor go down -strange behavior-
Hi all,
We have a MX-104, with the following OS:
Model: mx104
Junos: 13.3R7.4
JUNOS Base OS boot [13.3R7.4]
In BGP configuration, there was only one BGP group, and inside this group, 2 neighbors (i-BGP, towards route reflectors).
We added a second BGP group, and inside of it, an e-BGP neighbor. When we committed, ALL BGP neighbors went down, and then re-established adjacency.
The log shows:
Jun 1 14:45:54 DEVICE-re0 rpd[1541]: %DAEMON-4: bgp_adv_main_update:8762: NOTIFICATION sent to NEIGHBOR-1 (Internal AS MY AS): code 6 (Cease) subcode 6 (Other Configuration Change), Reason: Configuration change - VPN table advertise
Jun 1 14:45:54 DEVICE-re0 rpd[1541]: %DAEMON-4: bgp_adv_main_update:8762: NOTIFICATION sent to NEIGHBOR-2 (Internal AS MY AS): code 6 (Cease) subcode 6 (Other Configuration Change), Reason: Configuration change - VPN table advertise
Jun 1 14:45:54 DEVICE-re0 rpd[1541]: %DAEMON-4: bgp_set_peer_if: BGP peer NEIGHBOR-3 (External AS ISP AS) interface not found. Leaving peer idled
Jun 1 14:45:57 DEVICE-re0 mgd[88798]: %INTERACT-4-UI_COMMIT_COMPLETED: commit complete
Jun 1 14:45:58 DEVICE-re0 mib2d[1473]: %DAEMON-4-SNMP_TRAP_LINK_DOWN: ifIndex 551, ifAdminStatus down(2), ifOperStatus down(2), ifName xe-2/0/1.950
Jun 1 14:46:00 DEVICE-re0 /kernel: %KERN-4: ae_linkstate_ifd_change: MUP received for interface xe-2/0/1, member of ae1
Jun 1 14:46:28 DEVICE-re0 rpd[1541]: %DAEMON-3: bgp_process_caps: mismatch NLRI with NEIGHBOR-2 (Internal AS MY AS): peer: <inet-vpn-unicast l2vpn>(68) us: <inet-vpn-unicast>(4)
Jun 1 14:46:31 DEVICE-re0 rpd[1541]: %DAEMON-3: bgp_process_caps: mismatch NLRI with NEIGHBOR-1 (Internal AS MY AS): peer: <inet-vpn-unicast l2vpn>(68) us: <inet-vpn-unicast>(4)
So, why is this behaviour? I don't understand what's the reason all bgp neighbors go down/reset when adding another BGP group in BGP configuration. Is this MX-104 specific?
Thanks.
↧
Re: IPSEC with NAT to non RCF Address on Phase 2
perhaps https://tools.ietf.org/html/rfc6598 ?
↧