[j-nsp] MX304 - Edge Router

Michael Hare michael.hare at wisc.edu
Wed Oct 25 12:48:21 EDT 2023 

Re: "In your specific case, the ports never worked, you had to procure a license, and the license never dies."

Here's a cool story.  At some point I migrated the perpetual 10G FPC2 SFP+ port license on our MX104s from the "request system license add" mantra to "set system license" so it was more easily manageable in the config.  The migration worked fine in the lab.  I was making the change in production batch using automation, using the model of "commit confirmed" followed in a bit with a "commit check".  I pushed a set of "commit confirmed" out and got distracted by.. something.  I missed the commit check.  The config rolled back, but guess what didn't roll back?  The "request system license add".  The SFP+ shut off.  No truck rolls were needed but it did create a needless outage for some.  Going back to Saku's comment about SSL certs; never underestimate a human's ability to fail.

-Michael

> -----Original Message-----
> From: juniper-nsp <juniper-nsp-bounces at puck.nether.net> On Behalf Of
> Saku Ytti via juniper-nsp
> Sent: Wednesday, October 25, 2023 7:43 AM
> To: Aaron1 <aaron1 at gvtc.com>
> Cc: juniper-nsp <juniper-nsp at puck.nether.net>
> Subject: Re: [j-nsp] MX304 - Edge Router
> 
> On Wed, 25 Oct 2023 at 15:26, Aaron1 via juniper-nsp
> <juniper-nsp at puck.nether.net> wrote:
> 
> > Years ago I had to get a license to make my 10g interfaces work on my
> MX104
> 
> I think we need to be careful in what we are saying.
> 
> We can't reject licences out right, that's not a fair ask and it won't happen.
> 
> But we can reject licenses that expire in operation and cause an
> outage. That I think is a very reasonable ask.  I know that IOS XE for
> example will do this, you run out of license and your box breaks. I
> swapped out from CRS1k to ASR1k because I knew the organisation would
> eventually fail to fix the license ahead of expiry.
> 
> I'm happy if the device calls homes via https proxy, and reports my
> license use, and the sales droid tells me I'm not compliant with
> terms. Making it a commercial problem is fine, making it an acute
> technical problem is not.
> 
> 
> In your specific case, the ports never worked, you had to procure a
> license, and the license never dies. So from my POV, this is fine. And
> being absolutist here will not help, as then you can't even achieve
> reasonable compromise.
> 
> --
>   ++ytti
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list