[j-nsp] MX304 - Edge Router

Richard McGovern rmcgovern at juniper.net
Wed Oct 25 10:12:58 EDT 2023 

No problem. Just FYI, but “Flex License” is often mis-understood within Juniper, never mind outside 😭

Richard McGovern
Sr Sales Engineer, Juniper Networks
978-618-3342

I’d rather be lucky than good, as I know I am not good
I don’t make the news, I just report it




Juniper Business Use Only
From: Aaron1 <aaron1 at gvtc.com>
Date: Wednesday, October 25, 2023 at 10:07 AM
To: Richard McGovern <rmcgovern at juniper.net>
Cc: Saku Ytti <saku at ytti.fi>, Karl Gerhard <karl_gerh at gmx.at>, juniper-nsp at puck.nether.net <juniper-nsp at puck.nether.net>, beecher at beecher.cc <beecher at beecher.cc>
Subject: Re: [j-nsp] MX304 - Edge Router
[External Email. Be cautious of content]

Thanks Richard… et al, I’ll have to go back to my account team and learn more about MX304 licensing… from your link, it appears that I have an Advanced license and furthermore, of trial duration.  Yes, they have already reissued me a new trial one for an additional 60 days.  To Mark’s point, at the moment, I’m tshooting to determine if I have another problem.
Aaron


On Oct 25, 2023, at 7:50 AM, Richard McGovern <rmcgovern at juniper.net> wrote:

Aaron, what version of Junos are you using on your MX304? This should NOT happen and if it did/is, then I suggest you open a Case with JTAC. Minimally your account team should be able to get you a temp license to work-around this until resolved.

The introduction of newer (well now like 2 years old) Flex licensing all newly purchased MX (which would include ALL MX304s) support only L2 in the base (free) license. For any L3 (even static) you require some additional level of license. For MX those levels are Base/Advanced/Premium - https://www.juniper.net/documentation/us/en/software/license/flex/flex-license-for-mx-series-routers-and-mpc-service-cards.pdf. Your local Partner or Juniper Sales team should be able to help with any questions in this area.

Flex License can be purchased on a Subscription (yearly) basis or Perpetual (matches older style) – this is similar/same for almost all vendors in current times.

Most (but not ALL!) Juniper license are currently “honor” based. This means features that require a license will NOT be turned off if the license is not present. Instead warning/error messages will be shown, which will [obviously] fill up your logs quickly 😂 MACSec maybe one of those licenses which are NOT “honor” based; there are others as well. Of course, Perpetual licenses never expire 👍 Subscription licenses have a built-in ‘safety zone’ of approximately 30 days after the subscription date expires. This is to provide time for renewal of the subscription for those that “forget” 😩

If you have an older subscription license which is no longer valid under newer Flex license structure, at renewal the license will automatically be converted by Juniper internal renewals team to the new Flex license SKU, at same price as the older SKU, if there is a price [increase] difference.

One big advantage of the new Flex license structure is that these licenses are transferable. That is, these licenses are not permanently tied to a single device SN. This also includes Perpetual Flex Licenses. In the Juniper Agile License Portal (https://license.juniper.net/licensemanage/) where one turns a License SKU [Entitlement] into a Activation [code] which then is used to create the actual loadable license. Here one MUST associate the License with a SN, but that License can then be re-called (changed from Activation back to Entitlement) and then that Entitlement can be associated with a new SN. The license on the old SN is no longer valid.

As for current checks, Juniper is covered by EULA – End User License Agreement. In the future Juniper can (and is likely to) add additional enforcement checks into their SW – Just an FYI.

FYI only, Rich


Richard McGovern
Sr Sales Engineer, Juniper Networks
978-618-3342

I’d rather be lucky than good, as I know I am not good
I don’t make the news, I just report it




Juniper Business Use Only
On 10/25/23, 2:01 AM, "Saku Ytti" <saku at ytti.fi> wrote:
On Tue, 24 Oct 2023 at 22:21, Aaron Gould via juniper-nsp
<juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>> wrote:

> My MX304 trial license expired last night, after rebooting the MX304,
> various protocols no longer work.  This seems more than just
> honor-based... ospf, ldp, etc, no longer function.  This is new to me;
> that Juniper is making protocols and technologies tied to license.  I
> need to understand more about this, as I'm considering buying MX304's.

Juniper had assured me multiple times that they strategically have
decided to NEVER do this. That it's an actual decision they've
considered at the highest level, that they will not downgrade devices
in operation. I guess 'reboot' is not in-operation?

Notion that operators are able to keep licenses up-to-date and valid
is naive, we can't keep SSL certificates valid and we've had decades
of time to learn, it won't happen. You will learn about the problem,
when shit breaks.

The right solution would be a phone-home, and a vendor sales rep
calling you 'hey you have expired licenses, let's solve this'. Not
breaking the boxes. Or 'your phone home hasn't worked, you need to fix
it before we can re-up your support contract'.
--
  ++ytti

More information about the juniper-nsp mailing list