[j-nsp] juniper-nsp Digest, Vol 68, Issue 27

Gary Hauser ghauser at juniper.net
Tue Jul 15 11:15:47 EDT 2008


Guys without revealing any NDA info all M7is come with built in tunnel services either v ia ASM or default daughter board slot functionality for ther built in rear slot that is on the cFeb which has nothing at all to do with the ge or fe options for the slot next to the re on the frnt of the chassis.

Cheers,

Gary


Gary Hauser
JNCIE-M #12, JNCIE-E/R #25, CCIE-R/S #4489
Senior Instructor / Proctor
Education Services - APAC
Juniper Networks (Singapore) PTE, LTD
3 Anson Road # 11-02
Springleaf Tower
Singapore 079909
Tel    +65 6511 3500
DID    +65 6511 3505
Fax    +65 6511 3590
Mobile +65 9173 0071
ghauser at juniper.net
 


----- Original Message -----
From: juniper-nsp-bounces at puck.nether.net <juniper-nsp-bounces at puck.nether.net>
To: juniper-nsp at puck.nether.net <juniper-nsp at puck.nether.net>
Sent: Tue Jul 15 22:04:34 2008
Subject: juniper-nsp Digest, Vol 68, Issue 27

Send juniper-nsp mailing list submissions to
	juniper-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://puck.nether.net/mailman/listinfo/juniper-nsp
or, via email, send a message with subject or body 'help' to
	juniper-nsp-request at puck.nether.net

You can reach the person managing the list at
	juniper-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of juniper-nsp digest..."


Today's Topics:

   1. Re: Tunnel Services (samuel.gay at bt.com)
   2. Re: Tunnel Services (Joseph Soricelli)
   3. Re: Tunnel Services (Guy Davies)
   4. Re: BGP and OSPF ECMP (Boyd, Benjamin R)
   5. Re: Best practice to manage log information (Boyd, Benjamin R)


----------------------------------------------------------------------

Message: 1
Date: Tue, 15 Jul 2008 13:05:28 +0100
From: <samuel.gay at bt.com>
Subject: Re: [j-nsp] Tunnel Services
To: <juniper-nsp at puck.nether.net>
Message-ID:
	<2B0ABDF9E4A1204AA7467F200753545605317FE6 at E03MVZ4-UKDY.domain1.systemhost.net>
	
Content-Type: text/plain;	charset="us-ascii"


> AFAIK, all M7i's will have one or the other.  I have never seen one
without the Tunnel Services module or ASM.

You have a lot of M7i without ASM or Tunnel Services module ;-). May be
now it is always integrated ...

Samuel

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Erdem Sener
Sent: Tuesday, July 15, 2008 7:21 AM
To: Dermot Williams
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Tunnel Services

Hello,

 IIRC, there are two bundles of M7i: either on-board Gigethernet OR ASM
(services module).

 So, it doesn't necessarily mean that all M7i's would have built-in
tunnel functionality. The best way would be to do a 'show chassis
hardware' on the M7i and look for something like:

  PIC 2          REV 07   750-009487   CJ6728            ASP -
Integrated (Layer-2-3)

 Cheers,
 Erdem

On Tue, Jul 15, 2008 at 12:05 PM, Dermot Williams
<Dermot.Williams at irishbroadband.ie> wrote:
> Yeah, it looks like the TS is on the built-in FPC and not on the RE. 
> My bad.
>
> Anyway, the main thrust of my question is answered - we can use our 
> M7i routers to terminate/initiate GRE/IP-in-IP tunnels.
>
> Thanks all
>
> Dermot
>
> -----Original Message-----
> From: Scott Morris [mailto:swm at emanon.com]
> Sent: 15 July 2008 12:03
> To: 'Eric Van Tol'; Dermot Williams; juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] Tunnel Services
>
> Well...  Ok.  So "The tunnel pic (or built in one) serves that 
> function as well."  should be followed up with:
>
> Perform a "show chassis hardware" and make sure you have one!  :)  M5,

> M10, M20, etc. don't automatically have one either!
>
> Scott
>
> -----Original Message-----
> From: Eric Van Tol [mailto:eric at atlantech.net]
> Sent: Tuesday, July 15, 2008 6:57 AM
> To: 'swm at emanon.com'; 'Dermot Williams'; juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] Tunnel Services
>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp- 
>> bounces at puck.nether.net] On Behalf Of Scott Morris
>> Sent: Tuesday, July 15, 2008 6:52 AM
>> To: 'Dermot Williams'; juniper-nsp at puck.nether.net
>> Subject: Re: [j-nsp] Tunnel Services
>>
>> An AS-PIC (or ASM) will terminate tunnels as well, but you don't need

>> to have it.  The tunnel pic (or built in one) serves that function as

>> well.
>
> Actually, you do need it on an M10i, as the M7i is the only M-Series 
> platform with a built-in tunnel PIC.
>
> -evt
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


------------------------------

Message: 2
Date: Tue, 15 Jul 2008 07:16:51 -0400
From: "Joseph Soricelli" <joe at ipath.net>
Subject: Re: [j-nsp] Tunnel Services
To: "Dermot Williams" <Dermot.Williams at irishbroadband.ie>
Cc: Eric Van Tol <eric at atlantech.net>, juniper-nsp at puck.nether.net
Message-ID: <2EA61E22-F722-4099-B3AD-9FFDB2FD747C at ipath.net>
Content-Type: text/plain;	charset="iso-8859-1"

Dermot-

Yes, you can use your M7i for those terminations. But please make sure  
that you actually have an ASM in your router (show chassis hardware).  
Those are a line item for those routers and while most folks purchased  
the bundle packs it is possible that yours is not in that group

In short, the M7i uses a daughter card for this and it's not  
'guaranteed' to have one installed.

-joe

On Jul 15, 2008, at 7:07 AM, "Dermot Williams" <Dermot.Williams at irishbroadband.ie 
 > wrote:

> Yeah, it looks like the TS is on the built-in FPC and not on the RE.  
> My
> bad.
>
> Anyway, the main thrust of my question is answered - we can use our  
> M7i
> routers to terminate/initiate GRE/IP-in-IP tunnels.
>
> Thanks all
>
> Dermot
>
> -----Original Message-----
> From: Scott Morris [mailto:swm at emanon.com]
> Sent: 15 July 2008 12:03
> To: 'Eric Van Tol'; Dermot Williams; juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] Tunnel Services
>
> Well...  Ok.  So "The tunnel pic (or built in one) serves that  
> function
> as
> well."  should be followed up with:
>
> Perform a "show chassis hardware" and make sure you have one!  :)  M5,
> M10,
> M20, etc. don't automatically have one either!
>
> Scott
>
> -----Original Message-----
> From: Eric Van Tol [mailto:eric at atlantech.net]
> Sent: Tuesday, July 15, 2008 6:57 AM
> To: 'swm at emanon.com'; 'Dermot Williams'; juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] Tunnel Services
>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
>> bounces at puck.nether.net] On Behalf Of Scott Morris
>> Sent: Tuesday, July 15, 2008 6:52 AM
>> To: 'Dermot Williams'; juniper-nsp at puck.nether.net
>> Subject: Re: [j-nsp] Tunnel Services
>>
>> An AS-PIC (or ASM) will terminate tunnels as well, but you don't need
>> to have it.  The tunnel pic (or built in one) serves that function as
>> well.
>
> Actually, you do need it on an M10i, as the M7i is the only M-Series
> platform with a built-in tunnel PIC.
>
> -evt
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


------------------------------

Message: 3
Date: Tue, 15 Jul 2008 13:15:33 +0100
From: "Guy Davies" <aguydavies at gmail.com>
Subject: Re: [j-nsp] Tunnel Services
To: swm at emanon.com, juniper-nsp <juniper-nsp at puck.nether.net>
Message-ID:
	<38f596590807150515u3a3add0fw75502ce6d7d01185 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Hi Scott,

I think Erdem is right in that the ASM is optional in the M7i chassis.
 I'm not sure that many customers took the option of the M7i without
the ASM, but the option was definitely there.   The absence of the ASM
does not automatically mean that a discreet Tunnel PIC *will* be
installed, although absolutely nothing precludes the installation of a
Tunnel PIC in one of the four slots in an M7i whether the ASM is
present or not.

Rgds,

Guy

2008/7/15 Scott Morris <swm at emanon.com>:
> With the M7i, if you do not have an ASP installed (separate purchase line
> item, irrelevant of Gig-E, although may be bundles) you will show a Tunnel
> Services in its place.
>
> AFAIK, all M7i's will have one or the other.  I have never seen one without
> the Tunnel Services module or ASM.
>
> Scott
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Erdem Sener
> Sent: Tuesday, July 15, 2008 7:21 AM
> To: Dermot Williams
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Tunnel Services
>
> Hello,
>
>  IIRC, there are two bundles of M7i: either on-board Gigethernet OR ASM
> (services module).
>
>  So, it doesn't necessarily mean that all M7i's would have built-in tunnel
> functionality. The best way would be to do a 'show chassis hardware' on the
> M7i and look for something like:
>
>  PIC 2          REV 07   750-009487   CJ6728            ASP -
> Integrated (Layer-2-3)
>
>  Cheers,
>  Erdem
>
> On Tue, Jul 15, 2008 at 12:05 PM, Dermot Williams
> <Dermot.Williams at irishbroadband.ie> wrote:
>> Yeah, it looks like the TS is on the built-in FPC and not on the RE.
>> My bad.
>>
>> Anyway, the main thrust of my question is answered - we can use our
>> M7i routers to terminate/initiate GRE/IP-in-IP tunnels.
>>
>> Thanks all
>>
>> Dermot
>>
>> -----Original Message-----
>> From: Scott Morris [mailto:swm at emanon.com]
>> Sent: 15 July 2008 12:03
>> To: 'Eric Van Tol'; Dermot Williams; juniper-nsp at puck.nether.net
>> Subject: RE: [j-nsp] Tunnel Services
>>
>> Well...  Ok.  So "The tunnel pic (or built in one) serves that
>> function as well."  should be followed up with:
>>
>> Perform a "show chassis hardware" and make sure you have one!  :)  M5,
>> M10, M20, etc. don't automatically have one either!
>>
>> Scott
>>
>> -----Original Message-----
>> From: Eric Van Tol [mailto:eric at atlantech.net]
>> Sent: Tuesday, July 15, 2008 6:57 AM
>> To: 'swm at emanon.com'; 'Dermot Williams'; juniper-nsp at puck.nether.net
>> Subject: RE: [j-nsp] Tunnel Services
>>
>>> -----Original Message-----
>>> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
>>> bounces at puck.nether.net] On Behalf Of Scott Morris
>>> Sent: Tuesday, July 15, 2008 6:52 AM
>>> To: 'Dermot Williams'; juniper-nsp at puck.nether.net
>>> Subject: Re: [j-nsp] Tunnel Services
>>>
>>> An AS-PIC (or ASM) will terminate tunnels as well, but you don't need
>>> to have it.  The tunnel pic (or built in one) serves that function as
>>> well.
>>
>> Actually, you do need it on an M10i, as the M7i is the only M-Series
>> platform with a built-in tunnel PIC.
>>
>> -evt
>>
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


------------------------------

Message: 4
Date: Tue, 15 Jul 2008 08:43:31 -0500
From: "Boyd, Benjamin R" <Benjamin.R.Boyd at windstream.com>
Subject: Re: [j-nsp] BGP and OSPF ECMP
To: "Harry Reynolds" <harry at juniper.net>, "Marlon Duksa"
	<mduksa at gmail.com>,	<juniper-nsp at puck.nether.net>
Message-ID:
	<3F045502966C304B963C72E3C442750E0DE49A at scarlitnt840.windstream.com>
Content-Type: text/plain;	charset="US-ASCII"

You can further control the flow with:

[edit forwarding-options hash-key]

family inet {
    layer-3;
    layer-4;
}
family mpls {
    label-1;
    label-2;
}

If you're load balancing over a decent amount of hops I wouldn't hash
both layer-3/layer-4 and label-1/label-2 on every router because then
your per-flow becomes quite segregated and you might find issues where
your load balancing on many routers will break the seemingly load
balancing of another router since the hashing algorithm will produce the
same result on each router.

-Ben

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Harry Reynolds
Sent: Monday, July 14, 2008 6:18 PM
To: Marlon Duksa; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] BGP and OSPF ECMP

Do you have a per-packet (really per flow) LB policy applied to the
forwarding table?

This is needed to install two or more forwarding paths in the pfe. BGP
multipath is a control plane tie breaker, but by default only one of the
winners is installed as active in the FT.

HTHs


[edit]
regress at asahi# show policy-options
policy-statement lb {
    then {
        load-balance per-packet;
    }
}

[edit]
regress at asahi# show routing-options forwarding-table traceoptions {
    file forwarding_table;
    flag route detail;
}
export lb;
 

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Marlon Duksa
> Sent: Monday, July 14, 2008 3:22 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] BGP and OSPF ECMP
> 
> Does anyone know how to enable ecmp in Junos (I'm on M320 
> with Junos 9.0)?
> 
> I have a vrf with BGP configured for multipath. In the 
> forwarding table I see only one path installed even though I 
> have two  equal cost physical links to the  NH.
> My IGP is OSPF and in the routing table OSPF is showing two 
> paths (only one active >) and in the fwd table only one path 
> is selected. How do I force Junos to select both links.
> 
> Similar with LDP which is used for the transport (tunnel) in 
> this VPN environment.
> 
> So it looks to me that multipath in BGP is not taking effect 
> because underlying protocols (OSPF and LDP) is not utilizing 
> both links??
> Thanks,
> Marlon
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



***************************************************************************************

The information contained in this message, including attachments, may contain 
privileged or confidential information that is intended to be delivered only to the 
person identified above. If you are not the intended recipient, or the person 
responsible for delivering this message to the intended recipient, Windstream requests 
that you immediately notify the sender and asks that you do not read the message or its 
attachments, and that you delete them without copying or sending them to anyone else.



------------------------------

Message: 5
Date: Tue, 15 Jul 2008 09:04:24 -0500
From: "Boyd, Benjamin R" <Benjamin.R.Boyd at windstream.com>
Subject: Re: [j-nsp] Best practice to manage log information
To: <melvyn.markham at bt.com>, <benyds at gmail.com>,
	<alain.briant at bt.com>,	<juniper-nsp at puck.nether.net>
Message-ID:
	<3F045502966C304B963C72E3C442750EB8C703 at scarlitnt840.windstream.com>
Content-Type: text/plain;	charset="iso-8859-1"

I'd like to know this PR no. as well. 

-Ben

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of melvyn.markham at bt.com
Sent: Tuesday, July 15, 2008 6:33 AM
To: benyds at gmail.com; alain.briant at bt.com; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Best practice to manage log information

Hi Beny,
I'm also looking to use 8.5R3.  Do you have the PR no. you refer to ??

Rgds,
Melvyn 

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Beny D Setyawan
Sent: 14 July 2008 17:07
To: Briant,A,Alain,JPECS R; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Best practice to manage log information

Hi Alain,

I'm sorry to for the late response since I do working deep on this problem.
Finally I already get answer for this particular problem. This problem happened to all my M10i & M7i router that running JunOS 8.5 R3.4 (this is the problem) and FYI, I need to use JunOS 8.5R3.4 because of the new PIC 4 port STM-1 SFP interfaces. The history as I said before that my M-series router hang and need to restart the cfeb and sometime I need to hard reboot the chassis. During last 2 weeks my 9 M10i suddenly running with backup routing-engine and my 10 M7i freeze/hang and all running with JunOS 8.5R3.4.
Even the old router that never problem when running JunOS 8.0R34 after I did upgrade to JunOS 8.5R3.4 also had the same problem. The key is on my M7i router, during the problem no alarm indicator in the chassis for all interfaces and chassis itself. Also the router didn't create core dump at all. JTAC already create PR release for this problem. From the PR said that this problem happened to JunOS 8.5R3.4 or above.

Since there is no JunOS release to solved this problem, I have to downgrade all my M-series (total 33 routers) that running JunOS 8.5R3.4 to JunOS 8.4R4.2. It's going to be along hard work weekend ....

Regards,
Beny D Setyawan


-----Original Message-----
From: alain.briant at bt.com [mailto:alain.briant at bt.com]
Sent: Tuesday, July 01, 2008 6:35 PM
To: benyds at gmail.com; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] Best practice to manage log information

Hi Beny

Sory for this late answer

I am not sure I catch you well but if you're wondering what is the root cause of your hard disk activity just see the age of the different files on it.
If you say that you have some other traces leading to some "Mpls_statistic"
files changed every 5 minutes, I am quite sure that's an heavy load for the hard disk.
Just think if you realy need this trace (statistics) to be activated !

Regards
Alain


-----Message d'origine-----
De : Beny D Setyawan [mailto:benyds at gmail.com] Envoy? : samedi 21 juin 2008 18:34 ? : Briant,A,Alain,JPECS R; juniper-nsp at puck.nether.net Objet : RE: [j-nsp] Best practice to manage log information

Hi Alain,

My router basically use bellow configuration for the system syslog.

syslog {
    user * {
        any emergency;
    }
    host 10.xxx.xxx.xxx { 	### to syslog server ###
        any any;
        authorization any;
        interactive-commands any;
    }
    file messages {
        authorization info;
        daemon any;
        kernel any;
        user any;
        pfe any;
        interactive-commands critical;
    }
    file log_config_user {
        authorization any;
        interactive-commands any;
        archive size 5m files 5 world-readable;
    }
    file new_log {
        any notice;
        authorization info;
        daemon any;
        kernel any;
        archive size 10m files 5;
    }
    source-address 10.xxx.xxx.x;
}

What I'm trying to do is removing log_config_user and new_log and send it to syslog, also change the configuration of file messages. But in mpls protocols, we used auto-bandwidth mechanism with file mpls_statistic on it.
Mpls_statistic file changes every 5 minutes and saved it into the harddisk also making the harddisk doing write-erase. I'm not sure that mpls_statistic need to be change also based on trends of the traffic itself on the mpls network. What still out of my mind is the root caused that making harddisk busy, is it the syslog or mpls_statistic and I'm sure that harddisk working every time just like others harddsik.


Thanks,
Beny D Setyawan

-----Original Message-----
From: alain.briant at bt.com [mailto:alain.briant at bt.com]
Sent: Friday, June 20, 2008 7:37 PM
To: benyds at gmail.com; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] Best practice to manage log information

Hi Beny

I believe the best Start is the default syslog config of JUNOS:

system {
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}

After that you can add, as new target, the syslog server and add some more traces but carefully.

You must keep in mind that for local logs (on the hard disk) if you see your log files rotating too fast (I mean if your files with the default size and number do not cover more than One week of time) they will be useless.

Regarding the trace-options you must be careful also with some "flag all"
statements that are writing on the disk a hudge amount of data.

We've had sometimes some M series hanged because of some heavy traces.

First thing so is to have a quick look at your log files:
"Show log ?" 
If you see some of them that are rotating too fast, start removing some traces leading that.

Hope this help

Alain


-----Message d'origine-----
De : juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] De la part de Beny D Setyawan Envoy? : vendredi 20 juin 2008 13:30 ? : juniper-nsp at puck.nether.net Objet :
[j-nsp] Best practice to manage log information

Hi List,

 

Somehow my m-series hang and need to reboot. JTAC suspected that this is due to harddisk busy, since there were so many log that write-erase to the harddisk and suggested to reduce that process. Does anyone has information what is the best practice on how to manage syslog severity on the Juniper router? Which log should be send to syslog server and should be save also in the router itself.

The goal is how to make the router healhty by reduce log of changing any information on the router from harddisk on the routing-engine perspective.
But in the other hand we need the log information for the NMS.

 

Thanks & Rgds,

Beny D Setyawan

 

 

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp



***************************************************************************************

The information contained in this message, including attachments, may contain 
privileged or confidential information that is intended to be delivered only to the 
person identified above. If you are not the intended recipient, or the person 
responsible for delivering this message to the intended recipient, Windstream requests 
that you immediately notify the sender and asks that you do not read the message or its 
attachments, and that you delete them without copying or sending them to anyone else.



------------------------------

_______________________________________________
juniper-nsp mailing list
juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

End of juniper-nsp Digest, Vol 68, Issue 27
*******************************************


More information about the juniper-nsp mailing list