Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. juniper: Page 2
1 2  View All
Re: Netflow config for MX204 [ In reply to ]
adamv0025 at netconsultings
Apr 17, 2020, 12:38 AM
Post #26 of 31 (1600 views)
Permalink
> Saku Ytti
> Sent: Sunday, April 12, 2020 9:44 AM
>
> On Sun, 12 Apr 2020 at 03:53, Mark Tinka <mark.tinka@seacom.mu> wrote:
>
> > On 11/Apr/20 08:04, Nick Schmalenberger via juniper-nsp wrote:
> > > I had the same issue with first trying to export over fxp0, then
> >
> > We just export flows in-band. Just seems simpler, and has been
> > reliable for close to 10 years.
>
> in-band is right, Trio can export the flow itself, you will kill your
performance
> if you do non-revenue port export.
>
> In my mind JNPR non-revenue ports have no use-case. They are dangerous
> with no utility. Cisco is much better here, as they offer true OOB non-
> revenue ports. JNPR non-revenue port is a convenient way to quickly break
a
> lot of your network at the same time, as they entirely fate-share the
control-
> plane. Cisco has non-revenue ports with their own isolated management-
> plane, so state of your control-plane will not impact the management-plane
> vice versa.

Hey,
Can you expand on the above please?
Say comparing RE/RSP management port on ASR9k and MX,

adam

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: Netflow config for MX204 [ In reply to ]
saku at ytti
Apr 17, 2020, 12:49 AM
Post #27 of 31 (1600 views)
Permalink
On Fri, 17 Apr 2020 at 10:39, <adamv0025@netconsultings.com> wrote:

> Can you expand on the above please?
> Say comparing RE/RSP management port on ASR9k and MX,

No management port is revenue port, and will kill your flow export, if
flow export is supported directly from the NPU. Because if it works,
it means NPU has to _punt_ the traffic to control-plane, to export it.
Where as if NPU supports exporting off the NPU, then exporting from
non-revenue ports can be done without touching control-plane or
stealing punt capacity.
If flow is exported by the RE, it's much less important.

I would personally not use any RE attached ETH port for any purpose.
However I'd happily use ASR9k CMP port or Cisco 8k BMC port for
out-of-band.



--
++ytti
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: Netflow config for MX204 [ In reply to ]
mark.tinka at seacom
Apr 17, 2020, 1:47 AM
Post #28 of 31 (1600 views)
Permalink
On 17/Apr/20 09:49, Saku Ytti wrote:

> No management port is revenue port, and will kill your flow export, if
> flow export is supported directly from the NPU. Because if it works,
> it means NPU has to _punt_ the traffic to control-plane, to export it.
> Where as if NPU supports exporting off the NPU, then exporting from
> non-revenue ports can be done without touching control-plane or
> stealing punt capacity.
> If flow is exported by the RE, it's much less important.
>
> I would personally not use any RE attached ETH port for any purpose.
> However I'd happily use ASR9k CMP port or Cisco 8k BMC port for
> out-of-band.

This is what we do in our network. We don't use any control plane ports
for anything.

The farthest we go is attach a serial cable to the console port and back
into a terminal server, for out-of-band access.

fxp0 and such ports are shutdown to disable the alarms that assume they
should always be connected :-).

Mark.
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: Netflow config for MX204 [ In reply to ]
adamv0025 at netconsultings
Apr 17, 2020, 3:23 AM
Post #29 of 31 (1600 views)
Permalink
> From: Saku Ytti <saku@ytti.fi>
> Sent: Friday, April 17, 2020 8:49 AM
>
> On Fri, 17 Apr 2020 at 10:39, <adamv0025@netconsultings.com> wrote:
>
> > Can you expand on the above please?
> > Say comparing RE/RSP management port on ASR9k and MX,
>
> No management port is revenue port, and will kill your flow export, if flow
> export is supported directly from the NPU. Because if it works, it means NPU
> has to _punt_ the traffic to control-plane, to export it.
> Where as if NPU supports exporting off the NPU, then exporting from non-
> revenue ports can be done without touching control-plane or stealing punt
> capacity.
> If flow is exported by the RE, it's much less important.
>
Yup this bit was clear, actually on this one, when I was searching I stumbled upon a XR-9k cmd to enable connecting management port to fabric ... "rp mgmtethernet forwarding"

> I would personally not use any RE attached ETH port for any purpose.
> However I'd happily use ASR9k CMP port or Cisco 8k BMC port for out-of-
> band.
>
Aah that clears it up, sure BMC like OOB (CMP included) is the true separate management plane.
Sorry I was wondering how is standard management ethernet port on RSP not sharing control plane -I can point static routes at it after all.... so yeah didn't occur to me you were referring to BMC OOB MGMT ports there.

adam

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: Netflow config for MX204 [ In reply to ]
saku at ytti
Apr 17, 2020, 3:53 AM
Post #30 of 31 (1600 views)
Permalink
On Fri, 17 Apr 2020 at 13:23, <adamv0025@netconsultings.com> wrote:

> Yup this bit was clear, actually on this one, when I was searching I stumbled upon a XR-9k cmd to enable connecting management port to fabric ... "rp mgmtethernet forwarding"

I don't think you can. I think you enable forwarding through RE, but
the port isn't NPU connected. Junos has hidden toggle for that too.
But you really don't want to do that, as you lose all protection.
NPU/fabric to RE is blood-brain barrier to humans, without it, we'll
get easily very seriously sick.


--
++ytti
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: Netflow config for MX204 [ In reply to ]
adamv0025 at netconsultings
Apr 17, 2020, 4:34 AM
Post #31 of 31 (1600 views)
Permalink
> From: Saku Ytti <saku@ytti.fi>
> Sent: Friday, April 17, 2020 11:53 AM
>
> On Fri, 17 Apr 2020 at 13:23, <adamv0025@netconsultings.com> wrote:
>
> > Yup this bit was clear, actually on this one, when I was searching I stumbled
> upon a XR-9k cmd to enable connecting management port to fabric ... "rp
> mgmtethernet forwarding"
>
> I don't think you can. I think you enable forwarding through RE, but the port
> isn't NPU connected. Junos has hidden toggle for that too.
> But you really don't want to do that, as you lose all protection.
> NPU/fabric to RE is blood-brain barrier to humans, without it, we'll get easily
> very seriously sick.
>
No agree 100% :)

adam

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
1 2  View All

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal