J-Net Community
Your home for the latest technical resources, insights and conversations. Connect with your peers to ask questions, exchange ideas and share expertise.
I've got a topology where I have 2 chassis clusters of vSRX, separated by a L2 p2P virtual circuit between our two DCs, one cluster in DC A and another in DC B. I am setting up routing between the ... See more...
I've got a topology where I have 2 chassis clusters of vSRX, separated by a L2 p2P virtual circuit between our two DCs, one cluster in DC A and another in DC B. I am setting up routing between the two, and want to use a transport vlan that is stretched between the two DCs to leverage dynamic routing. The problem is, the two vSRXs can't seem to ping each other Topology looks like this DC A reth0.660 -----> CORE router with same VLAN tagged -----P2P VC-----CORE router with same VLAN tagged ------DC B reth0.660 I can ping from side A vSRX to side B DC (ie. I can ping 10.66.0.1, the core router on side A from 10.66.0.12, the SRX inside DC B) But I can't ping from 10.66.0.11 (vSRX A) to 10.66.0.12 (vSRX B) I first assumed this is just the nature of routers, which makes complete sense as they end broadcast domains, but I AM able to ping the vSRX interfaces from a VM across Datacenters at purely L2. Ie, windows test VM in DC B on IP 10.66.0.15 can ping 10.66.0.11 in DC A.   Security zone is allowing pings as I can ping each reth0.660 interface @ purely L2 from another VM across the p2P circuit, I just can't talk to each other.    Any thoughts?
Hi, I found a log message, but find no information about this. Hoping someone can help. Thanks! MIB2D_COUNTER_DECREASING: pfes_stats_delta: counter PFES_TRAFFIC_ARP decreasing for type(72)
Hi,   I got confused on the function of "P2MP". What's it's real purpose ? Regarding to my backbone, I don't see any information what is relevant about P2MP. My network just need LDP Label wi... See more...
Hi,   I got confused on the function of "P2MP". What's it's real purpose ? Regarding to my backbone, I don't see any information what is relevant about P2MP. My network just need LDP Label with RSVP backup-LSP.    Or something need it to share routes. Like BGP L3 VPN or L2circuit ?   > show ldp p2mp tunnel {master}   > show ldp database p2mp Input label database,192.168.146.6:0--192.168.144.2:0 Labels received: 44 Output label database,192.168.146.6:0--192.168.144.2:0 Labels advertised: 44 Input label database,192.168.146.6:0--192.168.145.2:0 Labels received: 44 Output label database,192.168.146.6:0--192.168.145.2:0 Labels advertised: 44 Input label database,192.168.146.6:0--192.168.146.2:0 Labels received: 44 Output label database,192.168.146.6:0--192.168.146.2:0 Labels advertised: 44 Input label database,192.168.146.6:0--192.168.146.8:0 Labels received: 44 Output label database,192.168.146.6:0--192.168.146.8:0 Labels advertised: 44 Input label database, 192.168.146.6:0--192.168.146.9:0 Labels received: 31 Output label database,192.168.146.6:0--192.168.146.9:0 Labels advertised: 44 Input label database,192.168.146.6:0--192.168.147.2:0 Labels received: 45 Output label database,192.168.146.6:0--192.168.147.2:0 Labels advertised: 45 Input label database,192.168.146.6:0--192.168.128.6:0 Labels received: 44 Output label database,192.168.146.6:0--192.168.128.6:0 Labels advertised: 44 Input label database,192.168.146.6:0--192.168.131.10:0 Labels received: 43 Output label database,192.168.146.6:0--192.168.131.10:0 Labels advertised: 46 Input label database,192.168.146.6:0--192.168.131.11:0 Labels received: 43 Output label database, 192.168.146.6:0--192.168.131.11:0 Labels advertised: 45   Thanks Cloud
Hi, we're trying to add a MX to Contrail and have been given the MX5 config but we're stumped by the following: chassis {     loopback-dynamic-tunnel;     fpc 0 {         pic 0 {           ... See more...
Hi, we're trying to add a MX to Contrail and have been given the MX5 config but we're stumped by the following: chassis {     loopback-dynamic-tunnel;     fpc 0 {         pic 0 {             tunnel-services;                    }     }     network-services enhanced-ip; }   we can find no documentation for loopback-dynamic-tunnel; and our MX5 rejects this command. Would appreciate identifying what it is and if it is for a MX5 or SRX, etc. Any pointers welcome.  
I wonder does vMX 19.1 which is used in Juniper vLABs support L2VPN(L2circuit connection)? Thank you for your help and support  
Hey guys,   iam a bit confused over the Juniper License System. i would buy a couple of mx204 with Basic License (MX204-HW-BASE MX204 Integrated SKU with Base HW + Standard Junos SW, Perpetual... See more...
Hey guys,   iam a bit confused over the Juniper License System. i would buy a couple of mx204 with Basic License (MX204-HW-BASE MX204 Integrated SKU with Base HW + Standard Junos SW, Perpetual ), just some bgp and OSPF stuff noting special. Anyway, i was wondering over the JS-IPv6 License option https://www.juniper.net/documentation/en_US/release-independent/licensing/topics/topic-map/software_licensing_requirements.html   Is this meaning that i can not use ipv6 on my mx204 with basic license ?
Hello,  i have troubles when i try to enter SRX240B2 from Web interface, loging page loads and when i enter login and password it says "Invalid password", same password is good from ssh. running ... See more...
Hello,  i have troubles when i try to enter SRX240B2 from Web interface, loging page loads and when i enter login and password it says "Invalid password", same password is good from ssh. running 12.1X46-D86. 
Hi everyone,   We have many Juniper devices in our parc and i would like to force the configuration private mode. I explain myself => On each device a user account is created for administration... See more...
Hi everyone,   We have many Juniper devices in our parc and i would like to force the configuration private mode. I explain myself => On each device a user account is created for administration. Is it possible to make it so that when the user enters in configuration mode he enters in the private mode and not in traditional mode of configuration ?   Thank you in advance for your help.   Best regards
Hello, i have 2x QFX3500 which configured as VC and i have a router which is connected to both switches and my top of rack switches are connected to these QFX, (every top of rack has 2x 10g , 1x 10... See more...
Hello, i have 2x QFX3500 which configured as VC and i have a router which is connected to both switches and my top of rack switches are connected to these QFX, (every top of rack has 2x 10g , 1x 10g is conected to first qfx3500 and second 10g is connected to second qfx3500) and in qfx3500 side both uplink for top of racks are confgured as lacp , so i want to know how can i configure top of racks port and those ports which is conected to router as trunk and permit vlan for each ae (LACP) port, for example i want permit vlan 100 for ae0 and those ports which is conected to router and vlan 200 for ae1 and those ports which is conected to router i will appericate if you can give me example of commands, because i am familiar with arista and cisco, THanks,
Hi,   I've enabled LDP/MPLS/RSVP on our backbone. The LSP is working by LDP with RSVP(BypassLSP). Just like this route:     192.168.146.9/32 *[LDP/9] 5d 16:19:47, metric 1    > to 192.168.14... See more...
Hi,   I've enabled LDP/MPLS/RSVP on our backbone. The LSP is working by LDP with RSVP(BypassLSP). Just like this route:     192.168.146.9/32 *[LDP/9] 5d 16:19:47, metric 1    > to 192.168.146.46 via ae0.0    to 192.168.146.38 via ae8.1, label-switched-path ae0.0:BypassLSP->192.168.146.9    [IS-IS/18] 13w6d 00:51:04, metric 1   But I don't get if we need to enable this function "auto-targeted-session" on protocol LDP. This function looks like for LDP LFA. Should I need it ?   BTW, I attached my configuration of one router about LDP/MPL/RSVP/IS-IS.   Thanks Cloud
Hello, i have 2x qfx3500 i want to know can i use 4x 10G ports for virtual chassis and not qsfp port? thnaks,
Hi everybody, https://www.juniper.net/us/en/products-services/switching/ex-series/datasheets/1000511.page Features and Benefits EX4600 Ethernet switches include the following key features and... See more...
Hi everybody, https://www.juniper.net/us/en/products-services/switching/ex-series/datasheets/1000511.page Features and Benefits EX4600 Ethernet switches include the following key features and benefits: Unified in-service software upgrade (unified ISSU): With its Intel core processor, the EX4600 switch allows Junos OS to run within a virtual machine (VM) on Linux. Junos OS runs in two separate VMs in active and standby pairs; during software upgrade cycles, the switches seamlessly move to the newer software version while maintaining intact data plane traffic. This true topology-independent ISSU (TISSU), an industry-first software upgrade feature for a fixed-configuration top-of-rack switch, is supported across all L2 and L3 protocols and doesn’t need the support of any other switches to perform an image upgrade. I am looking for some details: 1) How ISSU works on EX4600 with these VMS 2) If active VM gets corrupted ( abrupt power outage), how EX4600 recovers? does it boot up using standby VM? 3) do these VMS run the same JUNOS OS when we upgrade JUNOS on EX4600 using  normal " request software add" ( not using ISSU)?   Thanks and have a good night!!
I have the following topology for MC-LAG practice. I do not understand why the following MAC is listed as being learnt from Remote instead of Local root@vMX1> show bridge mac-table MAC fl... See more...
I have the following topology for MC-LAG practice. I do not understand why the following MAC is listed as being learnt from Remote instead of Local root@vMX1> show bridge mac-table MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC) Routing instance : default-switch Bridging domain : bd-10, VLAN : 10 MAC MAC Logical NH RTR address flags interface Index ID 00:05:86:71:3c:f0 DR ae2.0 My understanding is MAC learnt via ICL connection (ae0 here) is listed as R. right ? root@vMX1> show configuration | display set set version 14.1R1.10 set system host-name vMX1 set system root-authentication encrypted-password "$1$1s9Reimz$87Km3q6NBLumLISPyIVBD1" set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set chassis aggregated-devices ethernet device-count 3 set interfaces ge-0/0/0 gigether-options 802.3ad ae0 set interfaces ge-0/0/1 gigether-options 802.3ad ae0 set interfaces ge-0/0/2 gigether-options 802.3ad ae1 set interfaces ge-0/0/3 gigether-options 802.3ad ae2 set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 unit 0 family bridge interface-mode trunk set interfaces ae0 unit 0 family bridge vlan-id-list 101 set interfaces ae0 unit 0 family bridge vlan-id-list 10-12 set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp system-id 00:00:11:00:00:11 set interfaces ae1 aggregated-ether-options lacp admin-key 1 set interfaces ae1 aggregated-ether-options mc-ae mc-ae-id 1 set interfaces ae1 aggregated-ether-options mc-ae redundancy-group 1 set interfaces ae1 aggregated-ether-options mc-ae chassis-id 0 set interfaces ae1 aggregated-ether-options mc-ae mode active-active set interfaces ae1 aggregated-ether-options mc-ae status-control active set interfaces ae1 unit 0 family bridge interface-mode trunk set interfaces ae1 unit 0 family bridge vlan-id-list 10-12 set interfaces ae2 aggregated-ether-options lacp active set interfaces ae2 aggregated-ether-options lacp system-id 00:00:11:00:00:22 set interfaces ae2 aggregated-ether-options lacp admin-key 1 set interfaces ae2 aggregated-ether-options mc-ae mc-ae-id 2 set interfaces ae2 aggregated-ether-options mc-ae redundancy-group 1 set interfaces ae2 aggregated-ether-options mc-ae chassis-id 0 set interfaces ae2 aggregated-ether-options mc-ae mode active-active set interfaces ae2 aggregated-ether-options mc-ae status-control active set interfaces ae2 unit 0 family bridge interface-mode trunk set interfaces ae2 unit 0 family bridge vlan-id-list 10-12 set interfaces irb unit 10 family inet address 10.0.10.253/24 vrrp-group 10 virtual-address 10.0.10.254 set interfaces irb unit 10 family inet address 10.0.10.253/24 vrrp-group 10 priority 150 set interfaces irb unit 10 family inet address 10.0.10.253/24 vrrp-group 10 accept-data set interfaces irb unit 10 family inet address 10.0.10.253/24 vrrp-group 10 authentication-type md5 set interfaces irb unit 10 family inet address 10.0.10.253/24 vrrp-group 10 authentication-key "$9$32n//A0vMX-dsEcK8" set interfaces irb unit 11 family inet address 10.0.11.253/24 vrrp-group 11 virtual-address 10.0.11.254 set interfaces irb unit 11 family inet address 10.0.11.253/24 vrrp-group 11 priority 150 set interfaces irb unit 11 family inet address 10.0.11.253/24 vrrp-group 11 accept-data set interfaces irb unit 11 family inet address 10.0.11.253/24 vrrp-group 11 authentication-type md5 set interfaces irb unit 11 family inet address 10.0.11.253/24 vrrp-group 11 authentication-key "$9$/awnAu18LNbwgSrWx" set interfaces irb unit 12 family inet address 10.0.12.254/24 set interfaces irb unit 12 mac aa:aa:aa:aa:aa:aa set interfaces irb unit 101 family inet address 192.168.101.1/30 set multi-chassis multi-chassis-protection 192.168.101.2 interface ae0 set protocols iccp local-ip-addr 192.168.101.1 set protocols iccp authentication-key "$9$J9Ui.AtOREyQFCu" set protocols iccp peer 192.168.101.2 redundancy-group-id-list 1 set protocols iccp peer 192.168.101.2 liveness-detection minimum-interval 6000 set bridge-domains bd-10 vlan-id 10 set bridge-domains bd-10 routing-interface irb.10 set bridge-domains bd-101 vlan-id 101 set bridge-domains bd-101 routing-interface irb.101 set bridge-domains bd-11 vlan-id 11 set bridge-domains bd-11 routing-interface irb.11 set bridge-domains bd-12 vlan-id 12 set bridge-domains bd-12 routing-interface irb.12 set switch-options service-id 1 root@vMX1> thanks in advance !!
Hi Experts,   Can you please share the procedure to upgrade MX10003 from 17 to 18.4R3   Best Regards, ewaqtar
Hi  1- I have a vMX router(JMX1). on this router I have a routing-instance type virtual-router(Routing-instance MPLS) which has one interface inside of it. 2- There is another router which is con... See more...
Hi  1- I have a vMX router(JMX1). on this router I have a routing-instance type virtual-router(Routing-instance MPLS) which has one interface inside of it. 2- There is another router which is connected to this interface.(JMX2) 3- Also there is another Interface which is not in this routing-instance(JMX3) 4- There is an OSPF adjacency between JMX1 and JMX3 inside inet.0 and JMX1 and JMX2 inside Routing instance MPLS. 5- Those JMX2 and JMX3 have already OSPF and MPLS and LDP neighbors with other connected routers for their own. 6- Now inside of JMX1 I tried to redistribute OSPF routes from inet.0 into MPLS.inet.0 and vice versa. 7- The configuration was OK and JMX2 and JMX3 have their route in their inet.0. I used export and rib-groups(Nothing fancy) 8- Now I tried to do the same with LDP (Inet.3 and MPLS.inet.3) 9- I could successfully do the same inside of JMX1. but this router did not advertise LDP routes to JMX2 and JMX3 10. I enabled Egress policy on JMX1 and the propagation was done but this time inet.3 and MPLS.inet.3 of JMX1 were vanished. 11- Is there any configuration guide or command for doing this? I want to have two separate OSPF domain but I want to maintain the LSP unbroken. I did my tests on Juniper vLABs which uses JunOS 19 Thank you for your help and support.    
Hello colleagues, seems I need some help here.    Scenario:  - 4 LAB QFX 5100 (2 spines and 2 leaves) simulating our production network need to be upgraded from 14.1x53 to qfx-5-18.1R3-S10.4 (y... See more...
Hello colleagues, seems I need some help here.    Scenario:  - 4 LAB QFX 5100 (2 spines and 2 leaves) simulating our production network need to be upgraded from 14.1x53 to qfx-5-18.1R3-S10.4 (yeah I know it's written somewhere you can't skip 3 version but it is not applicable here and we confirmed it with Juniper) anyway the question is not here.  TEST1 - I Built the VCF connected it with few switches to test ping losts and did the direct(1 step) upgrade for all four switches and all went ok.    TEST2 - I copied the production configuration to test and did the upgrade and it is failed, I repeated it 3 times and always failing!! actually upgrade is ok as version is updated but, I am not able to commit the config.  difficult to understand how the configuration is affecting the upgrade but that what I got trying 3 times, below I put related logs. - the way I fixed it each time is to zeroise all 4 switches one by one then copy the config and then it works, but when upgraded with the config it keep failing.  --------------------------------------------- mostly here is the error I get after upgrading with my production config when trying to commit  --------------------------------------------- root# commit check error: Only one source address allowed in ntp for default routing-instance error: configuration check-out failed: daemon file propagation failed   the first one because I have this in my configuration which working fine with 14.1x53 set system ntp source-address 10.x.x.x set system ntp source-address 10.y.y.y set system ntp source-address 10.z.z.z   so after deleting two and keeping one, this error is fixed but still commit is failing:  root# commit check JNUD_CONFIG_ERROR: Configuration database has errors error: configuration check-out failed   and here I have no other option the do request system zeroiseto restore it to factory default then copy the config manually and fix some errors related to VCF, NTP and it works.    So what I am missing here, we are planning to do that on our production network soon with small outage window and I don't go via the night mare of needing to zeroise all 10 vcf switches and configuring all from the scratch, I also don't want to delete the current config, do the upgrade then restore it, I want to understand how can I get the upgrade succeed  with present configuration.   --------------------------------------------- After upgrade in two cases I got this: --------------------------------------------- pci-hgcomdev module loadedhgcommdev0: <HGCOMMDEV For Host VM communication> mem 0xfebc1000-0xfebc1fff at device 22.0 on pci0 hgcommdev0: hgcommdev: registers at 0xf7b9e000 Creating initial configuration...Kernel out of physical pages (error count: 1) mgd: error: Only one source address allowed in ntp for default routing-instance mgd: error: commit failed: daemon file propagation failed Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. override rw-r----- root/wheel for /var/etc/pam.conf? (y/n [n]
Hi, I found a log message but no information about it. Hoping some one can help. Thank! gkmd: %USER-3: Exit at main 1088
  I'm labbing this up and can find almost no reference config, The test setup is a test SRX and JUNOS space, using TRAPs and SNMPv3 all is good, basically JUNOS pushes out all of the SNMPv3 config ... See more...
  I'm labbing this up and can find almost no reference config, The test setup is a test SRX and JUNOS space, using TRAPs and SNMPv3 all is good, basically JUNOS pushes out all of the SNMPv3 config to the device anyway.  We need to switch to Informs because in some circumstances  eg topology changes, we are not receiving traps. When I switch the config on the SRX to informs, SPACE stops receiving them, in the window where we view the traps nothing new comes in, I'm using the command request snmp spoof-trap xxxxxxxx to trigger them.  Has anyone got this working with space ?  I have have raised with JTAC but its taking a while. 
I tried loading 18.4R3-S4 and had the following issues   xe-0/0/x redundancy group members showing down/down physical links were up on both side LACP up/down constantly on links redundancy grou... See more...
I tried loading 18.4R3-S4 and had the following issues   xe-0/0/x redundancy group members showing down/down physical links were up on both side LACP up/down constantly on links redundancy groups kept failing over from primary to secondary  VPN rekey issues on tunnels causing data to stop flowing deactivate/activate tunnel  syslog messages not working had to disable stream and re-enable it to work 18.4R3-S4 does not work properly do no use it   I had four P2 tickets open up on various issues in three days and a P1 ticket open up on the VPN issue   All issues went away after rolling back Junos OS to 18.3R1   I need to upgrade my Junos and need a stable version to load I cannot have these same types of issues.   Looking for stable release in 18.4    Please let me know    
Hi all I have a two spine and two leaf setup. I connected my end hosts to both leafs i.e multihomed way. I have configured EVPN-VXLAN on my leaf-spine switches. After configuration I can ping ... See more...
Hi all I have a two spine and two leaf setup. I connected my end hosts to both leafs i.e multihomed way. I have configured EVPN-VXLAN on my leaf-spine switches. After configuration I can ping the IRBs configured on spine switches from leaf switches. But I can't ping the IRBs on spine switches through the end hosts. What might be the possible reasons .. actually I am new to vxlan-evpn so I don't know how to troubleshoot this..juniper documentation also don't help much in this regard..so please help if you have any idea in kind of circumstances this kind of problems can occur or how to troubleshoot such issue   Leaf/spine switches model: QFX5200 Please let me know if any portion of configuration is need to be posted here I will post accordin Thanks
Feedback