[j-nsp] Firewall Policy Description !!

Darren O'Connor darrenoc at outlook.com
Mon Nov 10 06:24:28 EST 2014 

Annotate is a great  feature, but just be aware that a show | display 
set will NOT show annotates! Be aware if copying config from one to 
another...

> Date: Wed, 5 Nov 2014 18:49:35 +0300
> From: asadgardezi at gmail.com
> To: harri_makela at yahoo.com
> CC: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Firewall Policy Description !!
> 
> Hi
> 
> You can annotate match statement on each policy to add comments. Those
> comments will show in start of each policy when you do show configuration
> (without display set)
> 
> Br
> Asad
> On Nov 5, 2014 6:43 PM, "Harri Makela via juniper-nsp" <
> juniper-nsp at puck.nether.net> wrote:
> 
> >
> > Hi There
> >
> >
> >
> >
> > is there anyway that we can add description of firewall policies. Firewall
> > policy name is restricted to 63 chracters on Junos which is not sufficient
> > to review the firewall policies on periodic basis. I can only add flows
> > related information with policy name and description is required to add
> > further details like who requested it, when it was added, quarterly review
> > if this flow is required not etc. to comply with AUDIT requirements
> >
> >
> >
> >
> >
> > Thnaks
> >
> >       On Wednesday, 29 October 2014, 16:05, "
> > juniper-nsp-request at puck.nether.net" <juniper-nsp-request at puck.nether.net>
> > wrote:
> >
> >
> >  Send juniper-nsp mailing list submissions to
> >     juniper-nsp at puck.nether.net
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >     https://puck.nether.net/mailman/listinfo/juniper-nsp
> > or, via email, send a message with subject or body 'help' to
> >     juniper-nsp-request at puck.nether.net
> >
> > You can reach the person managing the list at
> >     juniper-nsp-owner at puck.nether.net
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of juniper-nsp digest..."
> >
> >
> > Today's Topics:
> >
> >   1. Re: CoS on iSCSI ports (Eugeniu Patrascu)
> >   2. EX4600 third party optic (Johan Borch)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Wed, 29 Oct 2014 01:09:49 +0200
> > From: Eugeniu Patrascu <eugen at imacandi.net>
> > To: Mike Gonnason <gonnason at gmail.com>
> > Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> > Subject: Re: [j-nsp] CoS on iSCSI ports
> > Message-ID:
> >     <CALgc3C64g8g5JrnN+uzkLUu-=UmsdYQN_kz2Wqt7E+Br1_KUdg at mail.gmail.com>
> > Content-Type: text/plain; charset=UTF-8
> >
> > If memory serves me right, the 5% bandwidth is actually prioritized when
> > you do something on the switch via SSH/Telnet/J-Web so that in case your
> > switch is running line-rate, you can actually log into it.
> >
> > Also, disable flow-control, it's not helping.
> >
> > Regards,
> > Eugeniu
> >
> > On Wed, Oct 15, 2014 at 2:49 AM, Mike Gonnason <gonnason at gmail.com> wrote:
> >
> > > For my iSCSI stuff, I have been disabling pause frames as they are not
> > > really beneficial for my situation. I had a NetApp (forget what model)
> > that
> > > would saturate a 10Gb link and the Juniper would send a pause frame with
> > > the result of dropping all connections across that trunk. Not very
> > helpful.
> > >
> > > You can try modifying the NC class and alter how the scheduling is
> > > performed. in section 21 you can see 5% is specified for the NC
> > scheduler.
> > >
> > >
> > >
> > http://www.juniper.net/documentation/en_US/junos13.2/topics/example/cos-ex-series-configuring.html
> > >
> > >
> > > -Mike Gonnason
> > >
> > > On Tue, Oct 14, 2014 at 3:39 PM, Josh Farrelly <Joshf at originit.co.nz>
> > > wrote:
> > >
> > > > Hi all.
> > > >
> > > > We have 2x EX4550's in VC that provide switching for an iSCSI network.
> > > > There are 3 Dell SANs and 4 Dell R820 ESXi hosts connected via twinax @
> > > > 10Gbps. Jumbo frames and flow control is enabled.
> > > >
> > > > My knowledge around Juniper tech is a little vague, but what's with the
> > > > default CoS settings on the switch? It seems they will automatically
> > > > reserve 5% for network control traffic. Is there anyway to disable CoS
> > > > entirely? AFAIK Brocade & Cisco don't have this type of default, and 5%
> > > of
> > > > a 10Gbps is actually a rather significant chunk of bandwidth.
> > > >
> > > > The reason I'm asking is that we've seen some performance issues
> > lately.
> > > > We have a hybrid-SSD tray of storage that can saturate a link, so we're
> > > > seeing MAC pause frames being received by the switch as well as
> > discards
> > > on
> > > > some of the queues.
> > > >
> > > > Thanks for any pointers.
> > > >
> > > > Regards,
> > > >
> > > > Josh.
> > > > _______________________________________________
> > > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Wed, 29 Oct 2014 09:51:15 +0100
> > From: Johan Borch <johan.borch at gmail.com>
> > To: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> > Subject: [j-nsp] EX4600 third party optic
> > Message-ID:
> >     <CAB_jNCR9BeSeNO2ER_+5LrO2WTT=vg5GbYjPvvhUxKfJsS7f3Q at mail.gmail.com>
> > Content-Type: text/plain; charset=UTF-8
> >
> > Hi!
> >
> > Do anyone have experience with third party optics (SFP/SFP+) in EX4600?
> >
> > Johan
> >
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > juniper-nsp mailing list
> > juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > ------------------------------
> >
> > End of juniper-nsp Digest, Vol 143, Issue 27
> > ********************************************
> >
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list