skullonei bought
skullonewhy did it
skullonedid i
KhargosDo you like it that much?
skullonenot really
skulloneimpulse buy
KhargosJust cuz it was free?
KhargosWell not taken.
Khargoswait that's got an extra letter...
dhoutzYet another horrible markup language
skullonei need to put my endeavors to better use
Network2501what's this new 1TB PTX card
Network2501is it a card with 1TB worth of ports
Network2501or just 1TB of potential forwarding
skulloneB or b
OMGKittehNetwork2501: I heard you've got a small b too.
OMGKittehMy favourite new domain:
kworkOMGKitteh: maybe it should roundrobin between cisco and fortinet :D
OMGKittehAhhh Fortigate <3
Roland-hey guys, I cleared a config on vsrx device and when I show interfaces nothing is displayed, do I have to add it somehow?
kworkset interface ge-0/0/0 unit 0 family inet ....
OMGKittehI was quite sad to learn that the ex2200-c I got does not do BGP, even under licence. I can push config, but it's never activated :(
Roland-ah I see thank you, I was expecting tab to help me
kworkRoland-: it will once you have some configuration there, but first time you have to type it out
Network2501OMGKitteh: i wonder if you start shell, fix that
Network2501think i'm going to have to double srx210 and ex2200c home network
OMGKittehNetwork2501: how do you mean? I'm not aware of a way to cross compile for JunOS
Network2501i just assumed that if it takes the config it's just "deactivated" behind the scenes
Network2501assuming the module/daemon exists and is running
OMGKittehRPD is running, but BGP hides in there iirc
Network2501what a jerk..
ProFXNetwork2501: get on my level
Network2501i'm taking Luke's 210s
OMGKittehcute - is that your home network ProFX?
Network2501home mpls inbound
Network2501says the guy running BGP for his IGP
OMGKitteh*was. Gotta flip to OSPF now
ProFXNetwork2501: would you trust the guys i live with?
ProFXwe've gone for the public peering model
ProFXso we can use bgp condoms
Network2501no i wouldn't and that's good
Network2501OMGKitteh: why not isis
OMGKittehI dont want that in my google search history ;)
OMGKittehMy upstreams are BIRD and IS-IS support is questionable ATM
OMGKittehtotes brah
Network2501they both acheive a similar result
Network2501just a preference i have
OMGKittehI'm not too pushed as long as I can do link state from Sweden to LA
OMGKittehBecause that's totally fucking sane
Network2501what's that like 150ms?
OMGKittehI cant TE egress ,but I can TE ingress :D
Network2501fucking linux router
Network2501ProFX: is that diagram, you, potato, dutchy
ProFXthough i manage tatolan
Network2501raspberry pi should do a deal with bdcm and put a tomahawk chip inside one
kworkwhats wrong with linux router :P?
ThatDamnRangaI wish to stab my ISP
ThatDamnRangahigh packet loss to europe randomly at predictable times of day
ThatDamnRanga(and USA too tbh)
Network2501congested peering points
Network2501consistent loss?
Network2501at the same hop?
Network2501please do the needful
OMGKittehWhich ISP and what destinations in terms of AS_PATH
OMGKittehAlso this is why we need a single ISP to buy every other ISP on the planet, so they have to guarentee packet delivery inside of their border :D
Roland-ok, one more question, I am willing to create a custom nat ruleset, and allow specific nat services, like icmp + ftp + web + dns ... what would be the easiest approach for that ? In web config I only have ports...
runelindanyone got QFX5200 with perpetual JunOS license?
runelindapparently our discounts finally got approved, but we're still waiting to hear numbers.
dhoutzthe numbers i heard were pretty bad compared to what we're use to
dhoutzgranted that was without fighting back
runelindhaven't dealt much with Juniper, and I'm not sure if you guys are allowed to talk discounts.
dhoutzclearly the goal with this new method is to get more money out of people :)
runelinddamn Juniper and they're money making ways.
dhoutzyeah people generally won't talk specific numbers
runelindthat's cool.
dhoutzi stand corrected :)
runelindwe're looking at the 5200s for LSR
dhoutzah ah ah
runelindand getting a tomahawk switch from $other_vendor for redundancy.
Network2501redundancy or ability to negotiate?
dhoutzonce i return this 10k i should ask for a 5200
dhoutzstart looking at it seriously before building a ton of stuff with 5100
runelindNetwork2501: both ;)
runelinddhoutz: our J SE said that the 5200 demo pool was exhausted here
runelindpeople seem to like them :)
dhoutznot surprised
dhoutztook awhile to get 10k
runelindwe're supposedly getting the 10k for testing
runelindbut I think our SE forgot about us.
runelindwe've always been a Cisco shop before, so I don't think they're taking us seriously ;p
Network2501which is a double edge sword
runelindsupposedly we're getting "steep discounts"
runelindbut they seem to be having trouble figuring out the perpetual license price.
runelindwe ain't paying for no subscription license.
Roland-hi folks, I have an srx100 here, fancy, trying to build a custom nat rule... to allow only icmp + dns + ftp + http and https, what would be the best approach to do this? it seems like in the web nat config I can only do ports
Golleeit's not NAT rules you need, it's normal firewall rules you need
Roland-alright so I do a nat on eveyrthing and then firewall it?
Roland-managed to do it
Roland-actually easy
Roland-very nice, me gusta junipero
junos-apprenticeIve made a security zone called "internet"
junos-apprenticeive made udp, icmp etc rules, and ive assigned them to all interfaces. How ever, when I try and flood e.g. UDP way above the permitted PPS, it is not dropped, and i cant see it in the zone/interface statistics?
junos-apprenticeIve actually flooded an IP with 100Kpps and nothing as dropped. Here is the paste of my configuration.
junos-apprenticeanyone with a bright idea?
_sndACTION wants to call juniper an ass for putting egg on his face
_sndmode = 040700, inum = 33, fs = /cf/var
_sndpanic: ffs_valloc: dup alloc