Discussion:
[j-nsp] Juniper annoyance... Migration from MX104 to MX960 - inet6 lo0 firewall issue
Alain Hebert
2018-07-09 19:58:40 UTC
Permalink
    Pretty basic box (beside boost in capacity and REs).

MX104 - Junos: 16.1R4-S1.3

MX960 - Junos: 16.1R7.7

    And yet the same "firewall family inet6" "lo0.0 family inet6
filter-list [ ... ]" from the MX104 refuse to work on the MX960...

    I have yet to find the hidden knot from Juniper about the MX960 and
RE protect firewalling for inet6.

    PS: Works without issue for IPv4.


    Any hints?
--
-----
Alain Hebert ***@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/junipe
Diogo Montagner
2018-07-09 20:07:55 UTC
Permalink
Without seeing the error, we can’t even guess.

Did you copy/paste ? If yes, there may be some hidden rubbish characters
that are causing the problem.

Try this:

On mx104: show conf firewall family inet6 ff-name | save ff-filename

Then ftp the file to mx960 and:
configure private
load merge ff-filename
commit

Please, post the error message ( with commit | display details ).

Thanks
Post by Alain Hebert
Pretty basic box (beside boost in capacity and REs).
MX104 - Junos: 16.1R4-S1.3
MX960 - Junos: 16.1R7.7
And yet the same "firewall family inet6" "lo0.0 family inet6
filter-list [ ... ]" from the MX104 refuse to work on the MX960...
I have yet to find the hidden knot from Juniper about the MX960 and
RE protect firewalling for inet6.
PS: Works without issue for IPv4.
Any hints?
--
-----
PubNIX Inc.
50 boul. St-Charles
<https://maps.google.com/?q=50+boul.+St-Charles&entry=gmail&source=g>
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
./diogo -montagner
JNCIE-SP 0x41A
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailm
Alain Hebert
2018-07-09 20:11:48 UTC
Permalink
    Y'all can safely ignore that.

    Someone punched in a lo0.1 without inet6 input-filter and it was
bypassing it through a routing-instance which was unused.


    PS: Diogo, yeah did all that nice stuff while scratching my head
for an hour until I noticed someone had fat fingers.  Thx for the follow up.

-----
Alain Hebert ***@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
Post by Alain Hebert
Pretty basic box (beside boost in capacity and REs).
MX104 - Junos: 16.1R4-S1.3
MX960 - Junos: 16.1R7.7
    And yet the same "firewall family inet6" "lo0.0 family inet6
filter-list [ ... ]" from the MX104 refuse to work on the MX960...
    I have yet to find the hidden knot from Juniper about the MX960
and RE protect firewalling for inet6.
    PS: Works without issue for IPv4.
    Any hints?
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck

Loading...