If you need you l2circuit forwarded via label-switched-path, you can enable ldp-tunneling on this lsp.
Or , if you want to map l2circuit to specific lsp , you can configure lsp and map l2circuit with psn-tunnel-endpoint
↧
Re: L2circuit via RSVP with strict path
↧
Re: L2circuit via RSVP with strict path
Hello,
First things first - in Your configs, I don't see "strict path" so either You supplied wrong configs, or Your post' title is wrong.
Secondly, there are 2 problems with Your config, namely:
a/ for L2circuit to use RSVP transport, the L2circuit "neighbor" IP/32 must match the [RSVP/7] /32 route
b/ for L2circuit to be Up, the [RSVP/7] /32 route must exist in inet.3 table
As I can see, Your l2circuit neighbor is 103.198.146.9 and looks like 103.198.146.9/32 route does not exist in inet.3 table.
For this L2circuit to use [RSVP/7] route to 192.168.146.96/32, You need to do 2 things :
1/ make sure L2circuit config includes line saying "psn-tunnel-endpoint 192.168.146.96"
2/ make sure [RSVP/7] route to 192.168.146.96/32 exists in inet.3 - You have a line in Your config saying "protocols mpls traffic-engineering bgp-igp-both-ribs" so show us Your inet.3 table
HTH
Thx
Alex
↧
↧
installing Junos software
hi,
What is the best practise on upgrading Junos device remotely?
↧
filtered specific communities
Hi!
Unfortunately, I have little experience with Juniper.
I have a question:
I cannot configure policy to advertise a network for ISP.
I have multiple connections eBGP, and I need to advertise part of my networks.
protocols {
bgp {
group ISP {
type external;
peer-as XXXX;
neighbor YY.YY.YY.YY {
import ISP-IN;
export ISP-OUT;
} policy-statement ISP-OUT {
term 1 {
from {
prefix-list-filter deny_gt_24 orlonger;
prefix-list-filter gray_networks orlonger;
}
then reject;
}
term 2 {
from community EXPORT-DENY;
then reject;
}
term 3 {
from community EXPORT-ALLOW;
then {
as-path-prepend "ZZZZ ZZZZ";
accept;
}
}
then reject;
community EXPORT-DENY members [ ZZZZ:205 ZZZZ:210 ZZZZ:220 ];
community EXPORT-ALLOW members [ ZZZZ:100 ZZZZ:110 ]
I see term 1 working - "gray networks" are blocked.
But, term 2 and 3 don't work.
If I configuring the last "then accept", then all networks are advertised except term 1.
Community are working:
run show route community ZZZ:205
inet.0: 826821 destinations, 1578859 routes (826820 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
1.0.4.0/22 *[BGP/170] 00:05:49, MED 1739, localpref 50
AS path: 6939 4826 38803 56203 I, validation-state: unverified
> to AA.AA.AA.AA via xe-0/1/0.2
1.0.4.0/24 *[BGP/170] 00:05:49, MED 1739, localpref 50
AS path: 6939 4826 38803 56203 I, validation-state: unverified> to AA.AA.AA.AA via xe-0/1/0.2
......
What am I doing wrong?
Thanks
Thanks
↧
Re: installing Junos software
Bonjour Arix,
funny you are asking this now: I am preparing for upgrading my EX2300 switches running 18.2R3 S2 with the new 18.2R3S3 .
I have upgraded a good deal of images by remote in test lab, and I look forward for any answers you receive on your question.
what's new about this upgrade for me is that I'll be running it for the first time on switches instaled at clients facilities !
Based on what I have lived so far last year,. here is what I plan to do (and testing right now ...)
- get the new image and checksums values from Juniper and put it on a ftp server
- ftp the new image on my switches. I am putting it in the /tmp directory. I know some documentation mention /var/tmp directory, but I have run into some installation failures when doing it that I have not faced from the /tmp directory. Go figure !
- if you ftp, make sure you use the binary option !
- I md5 the downloaded file and compare it with the original MD5 value from Juniper. Just to make sure the file transfer was correct.
- I issue a "request software add /tmp/junosfilename " and use the following options : force, unlink, no-copy
- in lab setup, I also added a reboot option, but I dont plan to do it for live switches: I want to coordinate the reboot with the client.
- the installation process goes on - trafic is not affected . (my test was pinging the switch continuously ...)
- I am then ready to warn the client that I need a reboot at a convenient time.
which bring me to a question: after doing this, I am ready to get a new image after reboot. BUT... when I disconnect from the swith and open a new ssh session, I have no notification that a reboot will install a new image, other than me remembering doing this. I am looking for a way to log into a switch and make sure it is ready for the reboot with the new installed imaged. I am open to suggestions.
↧
↧
Re: installing Junos software
Hello Arix,
I guess you have this question thinking in what could happen if the device becomes unresponsive after the upgrade. You may need to drive to the site to recover it.
The best option to me is connect to a console server. This way you will always have console connection if the device becomes unresponsive through SSH.
Regards,
Randall
↧
Re: installing Junos software
Hi Michael,
Once you reboot the switch, you will loose the SSH connection and won't be able to log anything during the boot process. Once the device is back, you can start a new SSH connection with no records of the boot process.
I suggest the same, setup a console server to the device. The console connection is always UP and you will be able to log and follow the boot sequence during the reboot.
Regards,
Randall
↧
Re: weird logs
Hi Arix,
According to the KB article you shared, the logs are related some memory allocation. I think it should be good to create a case with JTAC for a root cause.
Regards,
Randall
↧
Re: filtered specific communities
Hello,
wrote:
What am I doing wrong?
Likely classic "logical OR versus logical AND" mistake. You configured logical AND:
wrote: community EXPORT-DENY members [ ZZZZ:205 ZZZZ:210 ZZZZ:220 ]; community EXPORT-ALLOW members [ ZZZZ:100 ZZZZ:110 ]
In plain English : only prefixes that have ALL of the 3 communities will match EXPORT-DENY expression.
And only prefixes that have BOTH communities will match EXPORT-ALLOW expression.
HTH
Thx
Alex
↧
↧
how many times rebooting
hi all,
I know >sh system uptime is only showing latest rebooting info... Where can be checked or seen about how many times junos device rebooted historically? For instance we can see installing Junos historically by install logs... How about rebooting?
↧
Re: how many times rebooting
Hi Arix,
Unfortunately there is no record of the times the device has rebooted, as far as I know, the last reboot can be seen as you mentioned with the command >show system uptime or as well >show chassis routing-engine that will show you reason of this last reboot but there is no history of this, the only way to see it will be checking the command >show log messages, something useful is looking for the line "SYSTEM_OPERATIONAL" this always displays when the device is coming back on.
Remember that you can check all files saved under /var/log/,
>file list /var/log/
>show log _________ | match "SYSTEM_OPERATIONAL"
Please mark as "Solved" if this worked for you.
Regards,
Jeffry
↧
Re: installing Junos software
Hi Randero and Michael. Thanks for the responses. Michael shared his experiences...I appreciated
Another there is a question to ask? What method or plan(in step by step) can be follow up when doing software upgrade on Junos devices -9208EX and MX1003 series? Any good Juniper resources?
↧
version Both BU and MAster REs
Hi folk,
There is a junos mx device which has Dual RE. How to check whether Junos software version is the same on the both Backup and Master RE on the same mx device. The command of >show system software detail is not showing each..... Any ideas.....Which exact command to check this?
↧
↧
Re: version Both BU and MAster REs
show version invoke-on all-routing-engines
↧
Re: version Both BU and MAster REs
Thanks for quick response Smicker...
↧
Redundancy
Hi all,
A few questions I like to ask about the following outputs from the Mx1003;
1-) As you see there are 2 different stanza -system and chassis. It is noted that there is a word "switchover" at the first and last line. What do these two statements do as each from different stanza.? If both are related to GRES, why they are locating at different stanza?
2-) Can you give some examples about routing crash? If any routing crashes, will routing engine mastership change(master--->backup or Backup -->Master)?
3-) What is aim of "dump-on-panic" to use?
set system switchover-on-routing-crash set chassis dump-on-panic set chassis redundancy routing-engine 0 master set chassis redundancy routing-engine 1 backup set chassis redundancy failover on-loss-of-keepalives set chassis redundancy failover on-disk-failure set chassis redundancy graceful-switchover
Thx,
A
↧
Re: Redundancy
1) if rpd process is crashed (any reason like not enough memory or bug on sw) system will switchover backup -> master. (with gres + nsr this will prevent packet loss)
2) bug in SW or if rpd can not alocate memory
3) system will try to write all memory to disk , this will help with investigation why this happens.
↧
↧
Re: Redundancy
Hi Akushner,
Thanks for answers,
Some more qs(s):
1) if rpd process is crashed (any reason like not enough memory or bug on sw) system will switchover backup -> master. (with gres + nsr this will prevent packet loss)
If we don't use this statement (set system switchover-on-routing-crash), in case of any routing crush, will gres+nsr still work or?
3) system will try to write all memory to disk , this will help with investigation why this happens.
Can you give some tips on how to investigate this from which log files?
↧
How do we measure router throughput?
Hi everyone.
I need some help understanding what router throughput actually means.
Let's say I have a hypothetical MX with four 1G ports for handling traffic.
What will be the values of the following?
a: Half duplex throughput
b: Full duplex throughput
c: Aggregate half duplex throughput
d: Aggregate full duplex throughput
Many thanks.
↧
Remove local routes from routing table
Hi,
I am looking for a way of removing local /32 routes whenever a irb interface goes down. I have the setup in the picture. R3 runs LDP VPLS towards a primary Edge router (R1) and has a backup-neighbor to a secondary Edge router (R2). Irb interface on the secondary router remains down until the primary VPLS circuit fails. However the local /32 route (1.1.1.1/32) of the irb interface is still present in the routing table with next hop type "reject" even when the irb interface is down. At the same time R2 receives the bigger block (/29) from R1 via BGP which I want to be preferred. Is there anyway to remove the local route from the routing-table on R2 whenever the irb interface is down so that the BGP route from R1 will be used?
***** R2 show route *****
1.1.1.1/32 *[Local/0] 05:28:06
Reject
BGP route from R1:
***** R2 show route*****
1.1.1.0/29 *[BGP/170] 05:29:04, localpref 100, from x.x.x.x
AS path: I, validation-state: unverified
> to x.x.x.x via lt-1/1/0.4000
************ R1 CONFIGURATION ************
R1> show configuration routing-instances CUSTOMER_ACME
apply-groups INTERNET_VPLS_BACKHAUL_ER;
protocols {
vpls {
vpls-id 100;
neighbor 10.10.10.3 {
pseudowire-status-tlv;
}
}
}
bridge-domains {
CUSTOMER_ACME {
domain-type bridge;
vlan-id 100;
routing-interface irb.100;
}
}
}
}
R1> show configuration interfaces irb.100
description CUSTOMER_ACME;
family inet {
address 1.1.1.1/29;
}
mac 44:f4:77:12:d3:58;
************ R2 CONFIGURATION (same as R1) ************
R2> show configuration routing-instances CUSTOMER_ACME
apply-groups INTERNET_VPLS_BACKHAUL_ER;
protocols {
vpls {
vpls-id 100;
neighbor 10.10.10.3 {
pseudowire-status-tlv;
}
}
}
bridge-domains {
CUSTOMER_ACME {
domain-type bridge;
vlan-id 100;
routing-interface irb.100;
}
}
}
}
R2> show configuration interfaces irb.100
description CUSTOMER_ACME;
family inet {
address 1.1.1.1/29;
}
mac 44:f4:77:12:d3:58;
************ R2 CONFIGURATION ************
R3> show configuration routing-instances CUSTOMER_ACME
apply-groups INTERNET_VPLS_BACKHAUL_PE;
interface ge-0/0/0.100;
protocols {
vpls {
vpls-id 100;
neighbor 10.10.10.1 {
pseudowire-status-tlv;
revert-time 20;
backup-neighbor 10.10.10.2;
}
}
}
}
}
↧