Mailing List Archive

MX204 MACsec
Dears
I am working with a customer and MX204 is in play.
The customer concern is MACsec feature support , I have read around
that MX204 doesn’t Support a real MACSEC, but offers unicast MAC DA for
MACsec and MACsec with fallback PSK are which related to allow exchanging
and establishing Macsec connections.
So frankly MX204 does not support MACsec or am I missing something?

Thanks
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
Hi Mohammad,

The following link displays specific elements pertaining to MACSec support
on various Juniper platforms, MX204 included:
https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=Media%20Access%20Control%20Security%20(MACsec)


Review the link and ask the customer for clarification on what they require
to be supported from the equipment. Depending on what the requirements are,
the MX204 may be able to secure the L2 elements for your customer.

HTH,
Graham

Graham Brown
Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer>
LinkedIn <http://www.linkedin.com/in/grahamcbrown>


On Wed, 27 Nov 2019 at 08:39, Mohammad Khalil <eng.mssk@gmail.com> wrote:

> Dears
> I am working with a customer and MX204 is in play.
> The customer concern is MACsec feature support , I have read around
> that MX204 doesn’t Support a real MACSEC, but offers unicast MAC DA for
> MACsec and MACsec with fallback PSK are which related to allow exchanging
> and establishing Macsec connections.
> So frankly MX204 does not support MACsec or am I missing something?
>
> Thanks
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
Thanks Graham for the kind reply.
But in general that means MACsec standard 802.1ae is not support on MX204
ports?

Thanks again

On Tue, 26 Nov 2019 at 21:44, Graham Brown <juniper-nsp@grahambrown.info>
wrote:

> Hi Mohammad,
>
> The following link displays specific elements pertaining to MACSec support
> on various Juniper platforms, MX204 included:
> https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=Media%20Access%20Control%20Security%20(MACsec)
>
>
> Review the link and ask the customer for clarification on what they
> require to be supported from the equipment. Depending on what the
> requirements are, the MX204 may be able to secure the L2 elements for your
> customer.
>
> HTH,
> Graham
>
> Graham Brown
> Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer>
> LinkedIn <http://www.linkedin.com/in/grahamcbrown>
>
>
> On Wed, 27 Nov 2019 at 08:39, Mohammad Khalil <eng.mssk@gmail.com> wrote:
>
>> Dears
>> I am working with a customer and MX204 is in play.
>> The customer concern is MACsec feature support , I have read around
>> that MX204 doesn’t Support a real MACSEC, but offers unicast MAC DA for
>> MACsec and MACsec with fallback PSK are which related to allow exchanging
>> and establishing Macsec connections.
>> So frankly MX204 does not support MACsec or am I missing something?
>>
>> Thanks
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
Hi

MX204 does not support MACsec, it lacks the hardware for it.



On Tue, Nov 26, 2019 at 9:04 PM Mohammad Khalil <eng.mssk@gmail.com> wrote:

> Thanks Graham for the kind reply.
> But in general that means MACsec standard 802.1ae is not support on MX204
> ports?
>
> Thanks again
>
> On Tue, 26 Nov 2019 at 21:44, Graham Brown <juniper-nsp@grahambrown.info>
> wrote:
>
> > Hi Mohammad,
> >
> > The following link displays specific elements pertaining to MACSec
> support
> > on various Juniper platforms, MX204 included:
> >
> https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=Media%20Access%20Control%20Security%20(MACsec)
> >
> >
> > Review the link and ask the customer for clarification on what they
> > require to be supported from the equipment. Depending on what the
> > requirements are, the MX204 may be able to secure the L2 elements for
> your
> > customer.
> >
> > HTH,
> > Graham
> >
> > Graham Brown
> > Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer>
> > LinkedIn <http://www.linkedin.com/in/grahamcbrown>
> >
> >
> > On Wed, 27 Nov 2019 at 08:39, Mohammad Khalil <eng.mssk@gmail.com>
> wrote:
> >
> >> Dears
> >> I am working with a customer and MX204 is in play.
> >> The customer concern is MACsec feature support , I have read around
> >> that MX204 doesn’t Support a real MACSEC, but offers unicast MAC DA for
> >> MACsec and MACsec with fallback PSK are which related to allow
> exchanging
> >> and establishing Macsec connections.
> >> So frankly MX204 does not support MACsec or am I missing something?
> >>
> >> Thanks
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
Thanks Roger for the kind feedback.
Is there any HW related documentation I can use for this?

On Tue, 26 Nov 2019 at 22:28, Roger Wiklund <roger.wiklund@gmail.com> wrote:

> Hi
>
> MX204 does not support MACsec, it lacks the hardware for it.
>
>
>
> On Tue, Nov 26, 2019 at 9:04 PM Mohammad Khalil <eng.mssk@gmail.com>
> wrote:
>
>> Thanks Graham for the kind reply.
>> But in general that means MACsec standard 802.1ae is not support on MX204
>> ports?
>>
>> Thanks again
>>
>> On Tue, 26 Nov 2019 at 21:44, Graham Brown <juniper-nsp@grahambrown.info>
>> wrote:
>>
>> > Hi Mohammad,
>> >
>> > The following link displays specific elements pertaining to MACSec
>> support
>> > on various Juniper platforms, MX204 included:
>> >
>> https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=Media%20Access%20Control%20Security%20(MACsec)
>> >
>> >
>> > Review the link and ask the customer for clarification on what they
>> > require to be supported from the equipment. Depending on what the
>> > requirements are, the MX204 may be able to secure the L2 elements for
>> your
>> > customer.
>> >
>> > HTH,
>> > Graham
>> >
>> > Graham Brown
>> > Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer>
>> > LinkedIn <http://www.linkedin.com/in/grahamcbrown>
>> >
>> >
>> > On Wed, 27 Nov 2019 at 08:39, Mohammad Khalil <eng.mssk@gmail.com>
>> wrote:
>> >
>> >> Dears
>> >> I am working with a customer and MX204 is in play.
>> >> The customer concern is MACsec feature support , I have read around
>> >> that MX204 doesn’t Support a real MACSEC, but offers unicast MAC DA for
>> >> MACsec and MACsec with fallback PSK are which related to allow
>> exchanging
>> >> and establishing Macsec connections.
>> >> So frankly MX204 does not support MACsec or am I missing something?
>> >>
>> >> Thanks
>> >> _______________________________________________
>> >> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >>
>> >
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
Here you go

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/understanding_media_access_control_security_qfx_ex.html#jd0e108


On Tue, Nov 26, 2019 at 9:29 PM Mohammad Khalil <eng.mssk@gmail.com> wrote:

> Thanks Roger for the kind feedback.
> Is there any HW related documentation I can use for this?
>
> On Tue, 26 Nov 2019 at 22:28, Roger Wiklund <roger.wiklund@gmail.com>
> wrote:
>
>> Hi
>>
>> MX204 does not support MACsec, it lacks the hardware for it.
>>
>>
>>
>> On Tue, Nov 26, 2019 at 9:04 PM Mohammad Khalil <eng.mssk@gmail.com>
>> wrote:
>>
>>> Thanks Graham for the kind reply.
>>> But in general that means MACsec standard 802.1ae is not support on MX204
>>> ports?
>>>
>>> Thanks again
>>>
>>> On Tue, 26 Nov 2019 at 21:44, Graham Brown <juniper-nsp@grahambrown.info
>>> >
>>> wrote:
>>>
>>> > Hi Mohammad,
>>> >
>>> > The following link displays specific elements pertaining to MACSec
>>> support
>>> > on various Juniper platforms, MX204 included:
>>> >
>>> https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=Media%20Access%20Control%20Security%20(MACsec)
>>> >
>>> >
>>> > Review the link and ask the customer for clarification on what they
>>> > require to be supported from the equipment. Depending on what the
>>> > requirements are, the MX204 may be able to secure the L2 elements for
>>> your
>>> > customer.
>>> >
>>> > HTH,
>>> > Graham
>>> >
>>> > Graham Brown
>>> > Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer>
>>> > LinkedIn <http://www.linkedin.com/in/grahamcbrown>
>>> >
>>> >
>>> > On Wed, 27 Nov 2019 at 08:39, Mohammad Khalil <eng.mssk@gmail.com>
>>> wrote:
>>> >
>>> >> Dears
>>> >> I am working with a customer and MX204 is in play.
>>> >> The customer concern is MACsec feature support , I have read around
>>> >> that MX204 doesn’t Support a real MACSEC, but offers unicast MAC DA
>>> for
>>> >> MACsec and MACsec with fallback PSK are which related to allow
>>> exchanging
>>> >> and establishing Macsec connections.
>>> >> So frankly MX204 does not support MACsec or am I missing something?
>>> >>
>>> >> Thanks
>>> >> _______________________________________________
>>> >> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>> >>
>>> >
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
Thank you very much.

On Tue, 26 Nov 2019 at 22:33, Roger Wiklund <roger.wiklund@gmail.com> wrote:

> Here you go
>
>
> https://www.juniper.net/documentation/en_US/junos/topics/topic-map/understanding_media_access_control_security_qfx_ex.html#jd0e108
>
>
> On Tue, Nov 26, 2019 at 9:29 PM Mohammad Khalil <eng.mssk@gmail.com>
> wrote:
>
>> Thanks Roger for the kind feedback.
>> Is there any HW related documentation I can use for this?
>>
>> On Tue, 26 Nov 2019 at 22:28, Roger Wiklund <roger.wiklund@gmail.com>
>> wrote:
>>
>>> Hi
>>>
>>> MX204 does not support MACsec, it lacks the hardware for it.
>>>
>>>
>>>
>>> On Tue, Nov 26, 2019 at 9:04 PM Mohammad Khalil <eng.mssk@gmail.com>
>>> wrote:
>>>
>>>> Thanks Graham for the kind reply.
>>>> But in general that means MACsec standard 802.1ae is not support on
>>>> MX204
>>>> ports?
>>>>
>>>> Thanks again
>>>>
>>>> On Tue, 26 Nov 2019 at 21:44, Graham Brown <
>>>> juniper-nsp@grahambrown.info>
>>>> wrote:
>>>>
>>>> > Hi Mohammad,
>>>> >
>>>> > The following link displays specific elements pertaining to MACSec
>>>> support
>>>> > on various Juniper platforms, MX204 included:
>>>> >
>>>> https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=Media%20Access%20Control%20Security%20(MACsec)
>>>> >
>>>> >
>>>> > Review the link and ask the customer for clarification on what they
>>>> > require to be supported from the equipment. Depending on what the
>>>> > requirements are, the MX204 may be able to secure the L2 elements for
>>>> your
>>>> > customer.
>>>> >
>>>> > HTH,
>>>> > Graham
>>>> >
>>>> > Graham Brown
>>>> > Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer>
>>>> > LinkedIn <http://www.linkedin.com/in/grahamcbrown>
>>>> >
>>>> >
>>>> > On Wed, 27 Nov 2019 at 08:39, Mohammad Khalil <eng.mssk@gmail.com>
>>>> wrote:
>>>> >
>>>> >> Dears
>>>> >> I am working with a customer and MX204 is in play.
>>>> >> The customer concern is MACsec feature support , I have read around
>>>> >> that MX204 doesn’t Support a real MACSEC, but offers unicast MAC DA
>>>> for
>>>> >> MACsec and MACsec with fallback PSK are which related to allow
>>>> exchanging
>>>> >> and establishing Macsec connections.
>>>> >> So frankly MX204 does not support MACsec or am I missing something?
>>>> >>
>>>> >> Thanks
>>>> >> _______________________________________________
>>>> >> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>> >>
>>>> >
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>
>>>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
I don't know much about this, but, for what it's worth, I do see this on one
of my MX204's...

me@site2-204-3# set security macsec connectivity-association test ?
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
cipher-suite Cipher suite to be used for encryption
> exclude-protocol Configure protocols to exclude from MAC Security
include-sci Include secure channel identifier in MAC Security PDU
> mka Configure MAC Security Key Agreement protocol
properties
no-encryption Disable encryption
offset Confidentiality offset
> pre-shared-key Configure pre-shared connectivity association key
pre-shared-key-chain Pre-shared key chain name for connectivity
association
> replay-protect Configure replay protection
> secure-channel Configure secure channel properties
security-mode Connectivity association mode
| Pipe through a command

[edit]
me@site2-204-3# exit
Exiting configuration mode

me@site2-204-3> show system information
Model: mx204
Family: junos
Junos: 18.4R1-S3.1
Hostname: site2-204-3

me@site2-204-3>


-Aaron

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
Not knowing much about this, but going from this site's guidance ( I stopped halfway down the page ) , https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/macsec-configuring-mx-series.html

...i did the following...

[edit]
me@site2-204-3# show | compare
[edit]
+ security {
+ macsec {
+ connectivity-association my-ca1 {
+ security-mode static-cak;
+ mka {
+ transmit-interval 6000;
+ key-server-priority 0;
+ }
+ replay-protect {
+ replay-window-size 5;
+ }
+ offset 30;
+ pre-shared-key {
+ ckn 37c9c2c45ddd012aa5bc8ef284aa23ff6729ee2e4acb66e91fe34ba2cd9fe311;
+ cak "$9$9Zp0tBIhSrlM8n/0IhcleaZGD.P5T36/tPfIESr8LVwY4UjfTzn9AF3A0BIrlaZGjmfFn/CA0JGjqP5F3evM8X-oJGDHqLx"; ## SECRET-DATA
+ }
+ exclude-protocol lldp;
+ }
+ interfaces {
+ xe-0/1/0 {
+ connectivity-association my-ca1;
+ }
+ }
+ }
+ }

[edit]
me@site2-204-3# commit check
configuration check succeeds

[edit]
me@site2-204-3#



- Aaron

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: MX204 MACsec [ In reply to ]
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [EXT] Re: MX204 MACsec [ In reply to ]
Can you do "show security" and see if there as a message about "unsupported"?

On Wed, Nov 27, 2019 at 10:50:07AM -0600, Aaron Gould wrote:
> Not knowing much about this, but going from this site's guidance ( I stopped halfway down the page ) , https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/macsec-configuring-mx-series.html
>
> ...i did the following...
>
> [edit]
> me@site2-204-3# show | compare
> [edit]
> + security {
> + macsec {
> + connectivity-association my-ca1 {
> + security-mode static-cak;
> + mka {
> + transmit-interval 6000;
> + key-server-priority 0;
> + }
> + replay-protect {
> + replay-window-size 5;
> + }
> + offset 30;
> + pre-shared-key {
> + ckn 37c9c2c45ddd012aa5bc8ef284aa23ff6729ee2e4acb66e91fe34ba2cd9fe311;
> + cak "$9$9Zp0tBIhSrlM8n/0IhcleaZGD.P5T36/tPfIESr8LVwY4UjfTzn9AF3A0BIrlaZGjmfFn/CA0JGjqP5F3evM8X-oJGDHqLx"; ## SECRET-DATA
> + }
> + exclude-protocol lldp;
> + }
> + interfaces {
> + xe-0/1/0 {
> + connectivity-association my-ca1;
> + }
> + }
> + }
> + }
>
> [edit]
> me@site2-204-3# commit check
> configuration check succeeds
>
> [edit]
> me@site2-204-3#
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [EXT] Re: MX204 MACsec [ In reply to ]
Before or after I do that config test ? Asking since I didn't commit that
as it's on a MX204 in a far-away place during a thanksgiving week
network-change moratorium, I'm treading on thin ice. LOL

-Aaron


_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [EXT] Re: MX204 MACsec [ In reply to ]
On Wed, Nov 27, 2019 at 12:54:01PM -0600, Aaron Gould wrote:
> Before or after I do that config test ? Asking since I didn't commit that
> as it's on a MX204 in a far-away place during a thanksgiving week
> network-change moratorium, I'm treading on thin ice. LOL

Either. No need to commit, just show the config before you try to commit or commit check. Here is an example of how it looks when you try to configure an unsupported feature:

{master:0}[edit firewall family ethernet-switching filter TEST]
user@ex4300# show
term 1 {
from {
##
## Warning: configuration block ignored: unsupported platform (ex4300-48p)
##
source-address {
10.0.0.0/16;
...

user@ex4300# rollback
user@ex4300# exit
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [EXT] Re: MX204 MACsec [ In reply to ]
[edit]
me@site2-204-3# show | compare
[edit]
+ security {
+ macsec {
+ connectivity-association my-ca1 {
+ security-mode static-cak;
+ mka {
+ transmit-interval 6000;
+ key-server-priority 0;
+ }
+ replay-protect {
+ replay-window-size 5;
+ }
+ offset 30;
+ pre-shared-key {
+ ckn (i removed);
+ cak "(i removed)"; ## SECRET-DATA
+ }
+ exclude-protocol lldp;
+ }
+ interfaces {
+ xe-0/1/0 {
+ connectivity-association my-ca1;
+ }
+ }
+ }
+ }

[edit]
me@site2-204-3# commit check
configuration check succeeds

[edit]
me@site2-204-3# show security
macsec {
connectivity-association my-ca1 {
security-mode static-cak;
mka {
transmit-interval 6000;
key-server-priority 0;
}
replay-protect {
replay-window-size 5;
}
offset 30;
pre-shared-key {
ckn (i removed);
cak "(i removed)"; ## SECRET-DATA
}
exclude-protocol lldp;
}
interfaces {
xe-0/1/0 {
connectivity-association my-ca1;
}
}
}

[edit]
me@site2-204-3#



- Aaron

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [EXT] Re: MX204 MACsec [ In reply to ]
Interesting. I wonder if this falls under "This is implemented, but not supported by JTAC." You'd have to actually try it to see...

On Wed, Nov 27, 2019 at 01:18:29PM -0600, Aaron Gould wrote:
> [edit]
> me@site2-204-3# show | compare
> [edit]
> + security {
> + macsec {
> + connectivity-association my-ca1 {
> + security-mode static-cak;
> + mka {
> + transmit-interval 6000;
> + key-server-priority 0;
> + }
> + replay-protect {
> + replay-window-size 5;
> + }
> + offset 30;
> + pre-shared-key {
> + ckn (i removed);
> + cak "(i removed)"; ## SECRET-DATA
> + }
> + exclude-protocol lldp;
> + }
> + interfaces {
> + xe-0/1/0 {
> + connectivity-association my-ca1;
> + }
> + }
> + }
> + }
>
> [edit]
> me@site2-204-3# commit check
> configuration check succeeds
>
> [edit]
> me@site2-204-3# show security
> macsec {
> connectivity-association my-ca1 {
> security-mode static-cak;
> mka {
> transmit-interval 6000;
> key-server-priority 0;
> }
> replay-protect {
> replay-window-size 5;
> }
> offset 30;
> pre-shared-key {
> ckn (i removed);
> cak "(i removed)"; ## SECRET-DATA
> }
> exclude-protocol lldp;
> }
> interfaces {
> xe-0/1/0 {
> connectivity-association my-ca1;
> }
> }
> }
>
> [edit]
> me@site2-204-3#
>
>
>
> - Aaron
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [EXT] Re: MX204 MACsec [ In reply to ]
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp