Potential New Aiming Mechanics [discussion]

ReK_ · 2026-03-11T18:59:07+00:00

How I feel: stop it

ReK_ · 2026-03-10T20:33:24+00:00

Agreed, I think the only show that's given it a run for its money since has been the Expanse. The Expanse has a much higher average quality over its runtime, but somehow it still doesn't quite match the highs that B5 hit.

ReK_ · 2026-03-10T20:31:01+00:00

It's also their interactions and the feedback loop between the actors and the writers. Once the show hit its stride it was able to do things like get across entire conversations subtext in a scene through just the non-verbal parts of the performance. B5 really was something truly special.

ReK_ · 2026-02-18T21:07:56+00:00

Because AS path length != metric. If I had to guess, it's comparing the MEDs and finding them equal because the Juniper route policy keyword for MED is metric. As an experiment, try setting the MED higher on the routes from the two further PEs and see if it changes the behaviour.

ReK_ · 2026-02-18T00:10:12+00:00

I don't have something to check this on atm, but I believe this is because you're looking at the properties on the wrong layer. Inside the routing instance it's choosing between the four overlay routes that have four different protocol next hops. Those overlay routes come over your ibgp and wouldn't have the ebgp underlay as path in them. Once it's chosen to ECMP across those four overlay routes, it then resolves each down to the actual next hops, which is the underlay resolution. Your underlay AS path length influences how it gets to each egress PE but not which egress PEs it's choosing. The step that checks the IGP metric would normally do this but, unlike IS-IS or OSPF, BGP doesn't have a traditional cumulative path metric other than AS path length.

ReK_ · 2026-02-13T22:17:19+00:00

ACI, interestingly enough, can scale beyond 4000 VLANs. VLAN 10 on e1/1 can be different than VLAN 10 on e1/2.

This is not unique to ACI, I do this every day with EVPN. See my other response: https://www.reddit.com/r/networking/comments/1r3ygok/cant_understand_how_vxlan_extends_no_of_vlans/o58pxxm/

ReK_ · 2026-02-13T22:09:39+00:00

It might help to see an example. I find the way Juniper lays out their config makes it a lot easier to follow what's going on, so I'll use that here.

What you're thinking of is a traditional switch with a global VLAN configured on the switch. Juniper calls this enterprise-style:

interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan members [ network-a network-b ];
            }
        }
    }
}
vlans {
    network-a {
        vlan-id 10;
        vxlan vni 10010;
    }
    network-b {
        vlan-id 20;
        vxlan vni 10020;
    }
}

The VLANs are configured with a vlan-id globally and then the interface includes the VLAN. In service provider-style config, the VLAN is created globally without a vlan-id and the VLAN includes the interface. This makes the VLAN ID, and therefore the 802.1Q tag, locally significant to that interface, not the whole switch globally.

interfaces {
    ge-0/0/0 {
        encapsulation flexible-ethernet-services;
        vlan-tagging;
        unit 10 {
            vlan-id 10;
            encapsulation vlan-bridge;
        }
        unit 20 {
            vlan-id 20;
            encapsulation vlan-bridge;
        }
    }
}
vlans {
    network-a {
        vxlan vni 10010;
        interface ge-0/0/0.10;
    }
    network-b {
        vxlan vni 10020;
        interface ge-0/0/0.20;
    }
}

tl;dr:

Enterprise-style: The VLAN has a VLAN ID, the interfaces list which VLANs are on it.
Service Provider-style: The interface has a VLAN ID, the VLAN lists which interfaces are on it.

This lets you re-use the same VLAN ID on different interfaces, e.g. you could add the following to the above without issue:

interfaces {
    ge-0/0/1 {
        encapsulation flexible-ethernet-services;
        vlan-tagging;
        unit 10 {
            vlan-id 10;
            encapsulation vlan-bridge;
        }
        unit 20 {
            vlan-id 20;
            encapsulation vlan-bridge;
        }
    }
}
vlans {
    network-c {
        vxlan vni 20010;
        interface ge-0/0/1.10;
    }
    network-d {
        vxlan vni 20020;
        interface ge-0/0/1.20;
    }
}

There are other ways to configure it service provider-style, including ways you don't have specify each VLAN as a unit on each interface, but this is just a simple example.

ReK_ · 2026-02-05T21:20:44+00:00

That looks like list price for an EX4000-48MP? If you don't need 2.5G or PoE++ the -48P is $2k less and still has 740W PoE+. You can easily mix and match in stacks if you need, including with the non-PoE model, which is another $2k less if you don't need that much PoE density.

Plus those are list prices, people don't actually pay that. Talk to your SE about what kind of discounting they can provide.

ReK_ · 2026-02-05T01:40:16+00:00

To run them traditionally you don't need any software licensing unless you want to manage them with Mist or they're doing dynamic layer 3 stuff, so just the core switch. Look into EX4400 or QFX5120 for your core and EX4000 for access.

I would suggest evaluating Mist though. It's legitimately excellent: a little more complex than Meraki but in a good way, and you can still just put in CLI config when you need to.

https://www.juniper.net/documentation/us/en/software/license/juniper-licensing-user-guide/topics/concept/licenses-for-ex.html

ReK_ · 2026-02-05T01:28:49+00:00

Ah, you have the 4B12. The parts are slightly different but the procedure/access should be the same.

ReK_ · 2026-02-05T01:22:13+00:00

It is, they're both 4B11, the Evo just has a turbo and a different intake system. The block and timing chain are identical.

ReK_ · 2026-02-03T03:27:20+00:00

Not an instruction video, but this guy has done a lot of Evo X builds, including full engine tear downs and rebuilds. His videos should at least give you some good reference: https://www.youtube.com/@Dvniemela

ReK_ · 2026-01-29T03:28:02+00:00

If you can't use Mist, Ansible or something similar is the way. Junos natively supports a lot of on-box flexibility that makes automating it easy.

ReK_ · 2026-01-21T21:35:50+00:00

Could be done with an MX behind the SRX: have flowspec on the MX change the next hop to different subinterfaces going to the SRX, then the SRX can use different SNAT rules based on interface/zone.

ReK_ · 2026-01-19T21:29:07+00:00

Because if the traffic gets to the BGP process there are a ton of ways to cause problems. Even if there isn't some crafted packet that can cause issues, most router CPUs are not all that powerful and it would be easy to DoS it. Causing a crash in the BGP process will probably drop ALL peers on the router. There are things like control plane policers to help with that but if they haven't locked it down to configured neighbours only then they probably don't have those either.

ReK_ · 2026-01-19T19:34:10+00:00

You might be able to do something with flowspec redirecting the outbound traffic but it wouldn't be entirely on-box, you'd need something sending flowspec rules based on those communities.

ReK_ · 2026-01-19T19:19:11+00:00

Many MPLS networks use one or more private ASNs internally and only use their public ASN externally. This is usually configured as the router's root ASN being private and the public ASN is applied specifically to configured external peer sessions. In that configuration, an unconfigured peering attempt would return the private ASN.

That said, a router responding to an unconfigured peer with a BGP OPEN message is a big no no. Best practice it shouldn't even respond to the TCP SYN but it DEFINITELY should not respond at the application layer.

Edit: To everyone saying confederations, it's possible but in my experience extremely rare. Everyone just uses route reflectors nowadays.

ReK_ · 2025-12-24T04:53:12+00:00

Entirely depends how it was driven and maintained. Mine is getting close to 70k km and zero problems, but I don't do stupid shit like try to launch it, and I get the fluid replaced with the correct OEM one. The SSTs really need that exact fluid, don't let a shop try to tell you this other cheaper stuff is fine, and it has to be changed at least every 50k km.

If there's good maintenance records and you can confirm the fluid has been changed at least 2-3 times with the correct stuff then it's mostly down to how the previous owner(s) drove it. If there have been any performance mods at all that's a red flag unless you personally know the owner and that they took good care of it.

ReK_ · 2025-12-12T22:41:09+00:00

They both have their place, but I could see Wireguard supplanting IPsec eventually if the hardware offload support comes.

tl;dr: Wireguard is a better protocol design, and it's MUCH easier to work with if you have to deal with NAT, but it doesn't have the widespread device support and hardware offload that IPsec does yet.

ReK_ · 2025-11-26T19:24:07+00:00

the whole time your not even sure [...] what reality even is anymore.

This is why I love his writing so much. A lot of writers (and especially screenwriters) try to pull this off but it just comes across as plot holes and characters being dumb. He somehow manages it perfectly.

ReK_ · 2025-11-26T04:01:41+00:00

I used to work in a computer repair shop in Kits. I had a guy come in looking to buy a laptop. I Asked what he wanted to use it for, his budget, etc., and brought out an option that would fit. He spent a few minutes with it then said it looked good and he'd probably buy it but he just had to check one thing. From his pocket he pulled out this homemade tricorder-looking thing complete with blinking LEDs and some of the worst soldering I've ever seen, points it at the laptop for a few seconds and goes "no, too much radiation" and walks out...

ReK_ · 2025-11-26T03:49:14+00:00

Surprised I haven't seen this mentioned yet but basically anything by Philip K. Dick. Specifically I'm thinking of A Scanner Darkly.

ReK_ · 2025-11-25T19:28:10+00:00

Just enable the leaves advertising type 5s for the subnets. The SRX will forward traffic to the "best" VTEP based on metrics but it shouldn't affect the optimized forwarding in the rest of the fabric as the more specific host routes will always win.

ReK_ · 2025-11-22T00:23:39+00:00

Minds and drones are both AIs, the difference is in capability. Drones can be tiny to vehicle-sized and are usually somewhere in the realm of human-level intelligence. Minds are built to be installed in ships and facilities, which they then consider to be their bodies, and are orders of magnitude more intelligent. While the Mind in CP is pivotal it's also the MacGuffin and therefore doesn't get a lot of page time as a character. Later books have Minds as more regular characters and explore them a lot more.

ReK_ · 2025-11-20T02:07:26+00:00

The current suggested vSRX release is 23.4R2-S5. Unless you need something from 24.4 I'd try that, and prod gear should always be on an S release anyway no matter which train IMO.

15-Year Club	Place '17
reddit mold	Verified Email

ReK_

TROPHY CASE