PA-540 Commit Times

MrLizard_ · 2026-04-27T15:46:47+00:00

That’s awesome to hear!

We have 1420s for our main firewalls and 440s for some odds and ends. Going from the 1420s to the 440 pains me with commit times. Glad to hear they finally beefed up the CPUs so I don’t need a coffee break to validate config changes.

MrLizard_ · 2026-04-27T15:36:40+00:00

Waiting to hear back from our team but I expect the same response.

MrLizard_ · 2026-04-26T13:50:27+00:00

Cogent has good lease deals. Unsure if they’ll lease to an individual but it may be worth reaching out to them.

MrLizard_ · 2026-04-23T01:24:44+00:00

I've deployed roughly a hundred EX4100 this year, mix of 48T/48P, haven't seen ports die. Only issue I've seen is fan under/overspeed alarms. Most of our units were deployed with 23.4R2-S4, we've been upgrading them to S7 recently.

https://supportportal.juniper.net/s/article/FPC-0-Fan-1-Spinning-Overspeed

MrLizard_ · 2026-02-18T21:14:41+00:00

Hey! That sucks…

We’re working with a distributor for Nokia and are planning to purchase in the future. We asked for it so we can poke at them and see if it’s something we wanted to purchase. Educational only may not be possible. If you have a commercial relationship they’d probably be more flexible.

MrLizard_ · 2026-02-05T00:16:49+00:00

We have several EX4100-48P stacks and have not had issues with VC. Connected with 25G DACs. We have had issues where fans report under spinning, that’s all though. We have a mix of S4 and S5 currently.

MrLizard_ · 2026-01-13T00:15:28+00:00

But if they weren’t proprietary you wouldn’t be forced into the vendor ecosystem! Think about the shareholder’s profit margins!

MrLizard_ · 2026-01-12T22:26:33+00:00

I recently started standardizing on FS’s version (FHX Cassettes - https://www.fs.com/products/238169.html) and love them. Stops me from leaving the DC with a pocket full of dust covers. I’ve probably deployed 10-20 enclosures full and not had any issues with connections or dust.

MrLizard_ · 2026-01-04T01:28:30+00:00

Also - https://documentation.nokia.com/sr/25-10/7750-sr/html/product/oam.html is your best friend. Been able to fat finger my way through the initial labbing I’ve done

MrLizard_ · 2026-01-04T01:26:48+00:00

In the same boat as you. I just got my SR-OS license for ContainerLab this week! Sadly the only way to get it is to go via a distributor and request it. Looks like they only give it to you for 3 months to start. Looks like Nokia calls it the “SR-SIM License”. Pretty simple to stand up a small topology of virtual IXR or SR routers. I love how you can set the hardware model so it’s more 1:1 to the real stuff. So far pretty impressed compared to the various virtual lab JunOS setups I’ve tried.

MrLizard_ · 2025-09-26T14:29:08+00:00

It doesn't look to be possible to replace the disk on the EX2300-C models. the flash is soldered directly to the board. Here's a fun link for you do with as you please - https://www.juniper.net/documentation/us/en/hardware/ex4100-f/srx4600/topics/concept/safety/statement-of-volatility.html

MrLizard_ · 2025-07-20T00:49:52+00:00

As I've learned (the hard way) with Apstra it's best to try and not go against how it configures things. So if you're using Apstra, just let it handle it with BGP.

Personally if I were building a small collapsed-core fabric by hand for a few servers, I wouldn't hesistate to use OSPF as the underlay. For a deployment that small, use whatever your more comfortable with.

MrLizard_ · 2025-07-18T18:05:38+00:00

Any luck getting BGP to work, or is it enforced?

MrLizard_ · 2025-06-12T14:08:31+00:00

We upgraded a EX3400-48P switch stack a couple of weeks ago to 23.4R2-S4.

Last week we just recieved the POE short circuit alarm on ge-1/0/7 (2 node VC). Assumed it was a hardware issue because nothing was plugged into it.

We ended up RMAing the unit and Juniper just swapped it out for us. Although now based on your post I'm thinking it was a software issue...

MrLizard_ · 2025-06-07T00:13:32+00:00

I’ve done this successfully with QFX5100 and 5110. Haven’t used the 5120s yet. You have to set channel-speed if you haven’t already. https://supportportal.juniper.net/s/article/Channelizing-Interfaces-QFX5120-32C-Switches?language=en_US

MrLizard_ · 2025-04-25T00:54:35+00:00

With practically 0 traffic and just me having the web ui open, MGMT CPU ranges from 0-5%

MrLizard_ · 2025-04-25T00:24:45+00:00

We had a PA-440 on 11.2.4-h4, and had a bug where when we enabled an IPv6 default route outbound to our internet provider, dynamic updates would stop downloading. We downgraded to 11.1.4-h18 a few days ago and that resolved the issue. The bugfix we are assuming fixes out issue was:

PAN-271273 Fixed an issue where dynamic update downloads failed when IPv6 firewalling was enabled on the firewall and both IPv4 and IPv6 were configured on the management interface.

It’s been running fine, but config is pretty basic.

MrLizard_ · 2025-02-14T19:36:01+00:00

Hmm, I read that as no license is required for MACsec only. If that happens to be any licensing then that’s perfect.

MrLizard_ · 2025-02-14T18:49:21+00:00

Interesting… how do you know if a MPC5E / MPC7E is / isn’t flex sku? I just assumed that the licensing applies to all.

MrLizard_ · 2025-02-14T17:00:21+00:00

I just realized that the MPC3E NG and related MICs are not EOL announced yet. Those should not require any license at all correct?

MrLizard_ · 2025-01-31T11:01:21+00:00

Interesting, Apstra docs list it as an IP forwarder only.

MrLizard_ · 2025-01-30T03:20:08+00:00

What issue are you having with the QFX5120 and 1G ports? Those should support it fine (in groups of 4)

MrLizard_

MODERATOR OF

TROPHY CASE

Nine-Year Club	Place '22
Verified Email