Hi Vinod,
Thanks for your kindness to help me. I already PM u for futher dicussion.
Thanks
↧
Re: Which method easy to leak routes between two VRF?
↧
Re: Reg : IOS to JUNOS conversion
Dear Ashvin,
We have another requirement we need to advertise network 103.21.78.0/24 in airtel and Tata but need to restrict the network from being advertised in GOOGLE . Kindly advise based on the template attached in the previous post. As per our current configuration , if i advertise the network 103.21.78.0/24 is getting advertised with all the BGP peers i.e airtel,tata and Google. Herewith i have attached the current configuration.
We have done the intial configuration based on the I2J output . Kindly give ur suggestion or make changes in the template attached in the previous post , we will reconfigure the BGP based on the template.
Thanks
Mahesh
↧
↧
BGP routes: what triggers a time refresh in show route
Hello guys!
I wanted to ask about something that I have never found documentation and it's a general question, not for a specific event that happened.
What triggers a refresh of the timer seen in the "show route" output? (specifically for bgp routes)
*[BGP/170] 37w5d 11:07:27, localpref 100
AS path: 65535 I, validation-state: unverified
The "show route" documentation states it indicates how long the route has been known. But I have not been able to detect what causes it, as I have seen different cases over the years. So my question is, what specific event has to happen for it to refresh, for example:
- change in next-hop
- next-hop not reachable (route becomes hidden)
- route refresh
- etc.
I appreciate any help, specially any official Juniper documentation.
Best regards,
↧
Re: BGP routes: what triggers a time refresh in show route
Hi,
This corresponds to the "Age" of the route.
For BGP routes, a new update message received for that prefix would reset the age. Any changes in the BGP attributes received in an update message would result in resetting the age.
Cheers,
Ashvin
↧
Re: BGP routes: what triggers a time refresh in show route
Thank you very much AshvinO
↧
↧
Re: Is there a way to rate-limit traffic based on PPS on an MX router
There is a new feature in 16.1, this might help.
↧
Re: J-Flow configuration not working
Can anyone tell me if we should be experiencing issues due to using IRB interfaces?
↧
Mutiple Customer VLANs over single Layer 2 VPN?
I want to pass mutiple customer vlans over a single VPN between MX240 (13.3) routers.
Scenario:
vlan 10 20 30 Customer-Switch w/ dot1q trunk---> ge-1/0/5 MX240---WAN--->MX240 ge-1/0/5--->dot1q trunk Customer-Switch vlan 10 20 30
The Juniper documentation that I have found is not working for me. I have tried the VPLS approach and the Virtual-Switch w/ Bridge-Domain approach. Neither works. No MAC learning with either. I'm familiar with single VLAN VPLS instances and they have worked well for us. This is a new requirement that I want to support without per VLAN VPLS instances (does not scale well)
LAB> show configuration interfaces ge-1/0/5
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 0 {
encapsulation vlan-bridge;
family bridge {
interface-mode trunk;
vlan-id-list 1-1000;
}
}
LAB> show configuration routing-instances Test-VirtualSwitch
instance-type virtual-switch;
interface ge-1/0/5.0;
route-distinguisher 767:1000;
vrf-target target:767:1000;
protocols {
vpls {
site-range 100;
no-tunnel-services;
site SITE-A {
site-identifier 3;
}
}
}
bridge-domains {
Test-v1-to-v1000 {
vlan-id-list 1-1000;
}
}
↧
MX with DPC and chained composite nexthop
Good day,
Could someone clarify, does DPC fillted chassis work with chained composite nexthop being configured?
> show configuration routing-options forwarding-table chained-composite-next-hop
ingress {
l2vpn;
l3vpn pe-pe-connection;
}
System reports, yet traffic doesn't flow between two vlan-ccc interfaces. Configuration is rechecked and assumed to be good.
> show krt composite-next-hop
Composite Nexthop:
Index: 5186 References: 1
Locks: 3 0xa7d5870
VPN label: Push 800000 Offset: 252
Indirect Nexthop:
Index: 1048815 Protocol next-hop address: xx.xx.xx.xx
RIB Table: mpls.0
Policy Version: 2 References: 1
Locks: 2 0xc150660
Flags: 0x1
INH Session ID: 0x142
INH Version ID: 11
Ref RIB Table: unknown
Next hop: xx.xx.xx.xx via ae10.2000 weight 0x1
Label-switched-path to-mx480
Session Id: 0x140
Next hop: xx.xx.xx.xx via ae2.2001 weight 0x8001
Label-switched-path Bypass->xx.xx.xx.xx
Session Id: 0x18d
IGP FRR Interesting proto count : 0
Thank you in advance.
--Alex
↧
↧
Re: Mutiple Customer VLANs over single Layer 2 VPN?
My posted config actually does work. I was missing the vlan-id-list from the bridge domain config under the virtual switch instance on the other MX.
↧
how to apply bandwidth policer
Hi all,
we soon peering with google for their contents. i was thinking of how to let clients use google cache content without limitation of any bandwidth policer but rate other traffic leaving the network towards the clients. was thinking of using firewall filters to match google prefixes and say "then accept".. else "then policer POLICER-NAME".. will this work and is the best way to do it ?
the requirement is to bring in google content and let the clients access that without limitations... any other traffic leaving towards the client should be rate limited.
check the attached network digram
Thank you.
↧
Re: how to apply bandwidth policer
Hi,
I believe this would work applying the firewall filter as output on the edge egress interfaces.
Maintaining the google prefix-list may be a challenge though if there are dynamic updates to the routes received over the private peering.
Could you share the rationale for applying bandwidth policers. Is it to save on transit costs?
Cheers,
Ashvin
↧
LDP authentication configuration
Hi
The way I know LDP authentication is configured is as follows
set protocols ldp session 1.2.3.4 authentication-key "xxx"
Assuming directly connected ldp neighbors and autodiscovery. This way one has to manually configure and maintain redundant neighbor information. Is there a way to configure LDP authentication per interface or as default for all neighbors without specifying per-neighbor ip addresses?
Something like this:
set protocols ldp session all authentication-key "xxx"
Or:
set protocols ldp interface ge-1/0/0.100 authentication-key "xxx"
Thanks
↧
↧
Re: LDP authentication configuration
The mentioned two option is not possible
However , you can aggregate your LDP neighbors and configure authentication , something like below
set protocols ldp session 7.7.0.0/16 authentication-key-chain juniper123(say if your network falls under this)
The above said command is very useful even if your neighbor is dynamic(say in the case of RLFA , targetted/indirect LDP neighbor is automatically picked from any of the nodes in the network)
↧
Re: BGP routes: what triggers a time refresh in show route
Hello,
I have seen something interesting regarding this topic. BGP l3vpn routes stored in bgp.l3vpn.0 can have a different route age than the routes in their respective "routing-instance".inet.0 table. It seems that when there is a change in the next hop, like an LSP having a change in route, the route age gets refreshed in "routing-instance".inet.0 table, but the corresponding route in bgp.l3vpn.0 does not refresh it's route age.
This behavior would not correspond to an update message from the BGP neighbor.
↧
Anyone can explain difference among several policy-option policy-statement?
Hi, Anyone can explain difference among several policy-option policy-statement below?
We have several commands as below. In all configuration for the router MX960, I do not know how the configuration define traffic. I know these commands function would bolck the rest traffic after allowing some traffic pass. My question is what is difference among four commands? Thank you
set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 from prefix-list-filter RFC1918 orlonger
set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 then reject
set policy-options policy-statement ABC_EXPORT_V4 term EXPLICIT_DENY then reject
set policy-options policy-statement ABC_IMPORT_V4 term EXPLICIT_DENY then reject
↧
Re: Anyone can explain difference among several policy-option policy-statement?
Hi,
Are those policies being applied to any protocols?
Also, is it the complete policy-statement?
ABC_IMPORT_V4 and ABC_EXPORT_V4 are 2 different policies probably meant to be applied as import and export policies.
"I know these commands function would bolck the rest traffic after allowing some traffic pass"
Policies are mainly to influence routing protocol decisions and not to allow/block traffic. Allowing/Blocking traffic is implemented using firewall filters.
Cheers,
Ashvin
↧
↧
Re: Anyone can explain difference among several policy-option policy-statement?
Thank you so much for your fast reply. I am sorry I missed some info in the last post. In fact, all the policies exist with bgp. All that commands is like below. So these policies would allow some traffic pass and deny all rest.
set routing-instances CDF protocols bgp group BCD neighbor 12.12.1.1 import ABC_IMPORT_V4
↧
Re: Anyone can explain difference among several policy-option policy-statement?
Hi,
Based on accept actions in the import policy applied to the BGP neighbor, the prefixes in the accept term will be accepted, else there is a reject implying all prefixes will be rejected.
That is, If the comprehensive policy is as below and applied as import to BGP neighbor:
set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 from prefix-list-filter RFC1918 orlonger set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 then reject set policy-options policy-statement ABC_IMPORT_V4 term EXPLICIT_DENY then reject
set routing-instances CDF protocols bgp group BCD neighbor 12.12.1.1 import ABC_IMPORT_V4
There's no accept action + an EXPLICIT_DENY, then no prefixes are imported from that BGP neighbor.
If there was no EXPLICIT-DENY term, then all prefixes would be accepted except for prefixes in prefix-list RFC1918.
Cheers,
Ashvin
↧
Re: Anyone can explain difference among several policy-option policy-statement?
What prefix does "prefix-list-filter RFC1918 orlonger" stand for?
↧