[j-nsp] Firewall Policy Description !!

Wed Nov 5 10:28:59 EST 2014

Hi There

is there anyway that we can add description of firewall policies. Firewall policy name is restricted to 63 chracters on Junos which is not sufficient to review the firewall policies on periodic basis. I can only add flows related information with policy name and description is required to add further details like who requested it, when it was added, quarterly review if this flow is required not etc. to comply with AUDIT requirements

Thnaks

      On Wednesday, 29 October 2014, 16:05, "juniper-nsp-request at puck.nether.net" <juniper-nsp-request at puck.nether.net> wrote:

 Send juniper-nsp mailing list submissions to
    juniper-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
    https://puck.nether.net/mailman/listinfo/juniper-nsp
or, via email, send a message with subject or body 'help' to
    juniper-nsp-request at puck.nether.net

You can reach the person managing the list at
    juniper-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of juniper-nsp digest..."

Today's Topics:

  1. Re: CoS on iSCSI ports (Eugeniu Patrascu)
  2. EX4600 third party optic (Johan Borch)

----------------------------------------------------------------------

Message: 1
Date: Wed, 29 Oct 2014 01:09:49 +0200
From: Eugeniu Patrascu <eugen at imacandi.net>
To: Mike Gonnason <gonnason at gmail.com>
Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] CoS on iSCSI ports
Message-ID:
    <CALgc3C64g8g5JrnN+uzkLUu-=UmsdYQN_kz2Wqt7E+Br1_KUdg at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

If memory serves me right, the 5% bandwidth is actually prioritized when
you do something on the switch via SSH/Telnet/J-Web so that in case your
switch is running line-rate, you can actually log into it.

Also, disable flow-control, it's not helping.

Regards,
Eugeniu

On Wed, Oct 15, 2014 at 2:49 AM, Mike Gonnason <gonnason at gmail.com> wrote:

> For my iSCSI stuff, I have been disabling pause frames as they are not
> really beneficial for my situation. I had a NetApp (forget what model) that
> would saturate a 10Gb link and the Juniper would send a pause frame with
> the result of dropping all connections across that trunk. Not very helpful.
>
> You can try modifying the NC class and alter how the scheduling is
> performed. in section 21 you can see 5% is specified for the NC scheduler.
>
>
> http://www.juniper.net/documentation/en_US/junos13.2/topics/example/cos-ex-series-configuring.html
>
>
> -Mike Gonnason
>
> On Tue, Oct 14, 2014 at 3:39 PM, Josh Farrelly <Joshf at originit.co.nz>
> wrote:
>
> > Hi all.
> >
> > We have 2x EX4550's in VC that provide switching for an iSCSI network.
> > There are 3 Dell SANs and 4 Dell R820 ESXi hosts connected via twinax @
> > 10Gbps. Jumbo frames and flow control is enabled.
> >
> > My knowledge around Juniper tech is a little vague, but what's with the
> > default CoS settings on the switch? It seems they will automatically
> > reserve 5% for network control traffic. Is there anyway to disable CoS
> > entirely? AFAIK Brocade & Cisco don't have this type of default, and 5%
> of
> > a 10Gbps is actually a rather significant chunk of bandwidth.
> >
> > The reason I'm asking is that we've seen some performance issues lately.
> > We have a hybrid-SSD tray of storage that can saturate a link, so we're
> > seeing MAC pause frames being received by the switch as well as discards
> on
> > some of the queues.
> >
> > Thanks for any pointers.
> >
> > Regards,
> >
> > Josh.
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

------------------------------

Message: 2
Date: Wed, 29 Oct 2014 09:51:15 +0100
From: Johan Borch <johan.borch at gmail.com>
To: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
Subject: [j-nsp] EX4600 third party optic
Message-ID:
    <CAB_jNCR9BeSeNO2ER_+5LrO2WTT=vg5GbYjPvvhUxKfJsS7f3Q at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Hi!

Do anyone have experience with third party optics (SFP/SFP+) in EX4600?

Johan

------------------------------

Subject: Digest Footer

_______________________________________________
juniper-nsp mailing list
juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

------------------------------

End of juniper-nsp Digest, Vol 143, Issue 27
********************************************