codesanitize

policing – Juniper MX and never working policer with NAT service

Computer Networking

codesanitize

-

17 August 2025

I’ve a Juniper MX wherte I have to do a community translation and bandwidth policing in the identical time. I’ve tried each approaches – direct policing of a logical interface and a policer inside a firewall filter and in each circumstances output policing would not occur (netspeed take a look at on a bunch in vlan 207 reveals incoming pace of 500 Mbits/sec, add reveals 80 Mbit/secs):

direct policing:

[show interfaces ge-1/0/0 unit 207]
vlan-id 207;
household inet {
    filter {
        output deny-rfc1918-and-allow-some;
    }
    policer {
        enter 80m-30.6m-discard;
        output 80m-30.6m-discard;
    }
    service {
        enter {
            service-set nat-lan;
        }
        output {
            service-set nat-lan-portforward service-filter nat-lan-filter;
            service-set nat-lan;
        }
    }
    tackle 172.16.25.9/29;
}
[show firewall policer 80m-30.6m-discard]
logical-interface-policer;
if-exceeding {
    bandwidth-limit 80m;
    burst-size-limit 30720000;
}
then discard;

policing inside a firewall filter:

[show interfaces ge-1/0/0 unit 207]
vlan-id 207;
household inet {
    filter {
        output deny-rfc1918-and-allow-some-shape-to-80m;
    }
    policer {
        enter 80m-30.6m-discard;
    }
    service {
        enter {
            service-set nat-lan;
        }
        output {
            service-set nat-lan-portforward service-filter nat-lan-filter;
            service-set nat-lan;
        }
    }
    tackle 172.16.25.9/29;
}
[show firewall filter deny-rfc1918-and-allow-some-shape-to-80m]
time period allow-some-and-shape-to-80m {
    from {
        source-address {
            172.16.20.0/23;
            172.16.25.8/29;
        }
    }
    then settle for;
}
time period deny-rfc1918 {
    filter deny-rfc1918;
}
time period accept-the-rest {
    then {
        policer 80m-30.6m-discard-specific;
        settle for;
    }
}
[show firewall policer 80m-30.6m-discard-specific]
filter-specific;
if-exceeding {
    bandwidth-limit 80m;
    burst-size-limit 30720000;
}
then discard;

I suppose that is occurring due to existance of the service-set on the identical logical interface. Is there any approach to make this work ? Might this be a JunOS bug (sadly, this unit has to possibility of aquiring a help contract from Juniper Networks) ?

This unit is working the next JunOS model:

run present system software program
Info for jbase:

Remark:
JUNOS Base OS Software program Suite [21.2R3-S5.4]

Info for jcrypto:

Remark:
JUNOS Crypto Software program Suite [21.2R3-S5.4]

Info for jcrypto-dp-support:

Remark:
JUNOS DP Crypto Software program Software program Suite [21.2R3-S5.4]

Info for jdocs:

Remark:
JUNOS On-line Documentation [21.2R3-S5.4]

Info for jkernel:

Remark:
JUNOS Kernel Software program Suite [21.2R3-S5.4]

Info for jmacsec:

Remark:
JUNOS Macsec Software program Suite [21.2R3-S5.4]

Info for jpfe:

Remark:
JUNOS Packet Forwarding Engine Help (MX80) [21.2R3-S5.4]

Info for jroute:

Remark:
JUNOS Routing Software program Suite [21.2R3-S5.4]

Info for jsd:

Remark:
JUNOS jsd [powerpc-21.2R3-S5.4-jet-1]

Info for jsdn-powerpc:

Remark:
JUNOS SDN Software program Suite [21.2R3-S5.4]

Info for jservices-alg:

Remark:
JUNOS Companies Utility Stage Gateways [21.2R3-S5.4]

Info for jservices-cos:

Remark:
JUNOS Companies COS [21.2R3-S5.4]

Info for jservices-cpcd:

Remark:
JUNOS Companies Captive Portal and Content material Supply Container bundle [21.2R3-S5.4]

Info for jservices-crypto-base:

Remark:
JUNOS Companies Crypto [21.2R3-S5.4]

Info for jservices-ipsec:

Remark:
JUNOS Companies IPSec [21.2R3-S5.4]

Info for jservices-jflow:

Remark:
JUNOS Companies Jflow Container bundle [21.2R3-S5.4]

Info for jservices-nat:

Remark:
JUNOS Companies NAT [21.2R3-S5.4]

Info for jservices-rpm:

Remark:
JUNOS Companies RPM [21.2R3-S5.4]

Info for jservices-rtcom:

Remark:
JUNOS Companies RTCOM [21.2R3-S5.4]

Info for jservices-sfw:

Remark:
JUNOS Companies Stateful Firewall [21.2R3-S5.4]

Info for jservices-softwire:

Remark:
JUNOS Companies SOFTWIRE [21.2R3-S5.4]

Info for jservices-ssl:

Remark:
JUNOS Companies SSL [21.2R3-S5.4]

Info for jservices-tcp-log:

Remark:
JUNOS Companies TCP-LOG [21.2R3-S5.4]

Info for junos:

Remark:
JUNOS Base OS boot [21.2R3-S5.4]

Info for py-base-powerpc:

Remark:
JUNOS py-base-powerpc [21.2R3-S5.4]

Info for py-extensions-powerpc:

Remark:
JUNOS py-extensions-powerpc [21.2R3-S5.4]

dnat – Juniper MX and vacation spot/portforwarding NAT

Computer Networking

codesanitize

-

17 August 2025

0

I am struggling to get portforwarding engaged on a Juniper MX:

[show interfaces ge-1/0/0 unit 13]
description "CCTV and Entry Management";
vlan-id 13;
household inet {
    filter {
        output cctv-and-access-control;
    }
    service {
        enter {
            service-set nat-lan;
        }
        output {
            service-set nat-lan-portforward service-filter nat-lan-filter;
            service-set nat-lan;
        }
    }
    handle 172.16.20.1/24 {
        major;
    }
    handle 172.16.21.1/24;
}
[show services service-set nat-lan-portforward]
nat-rules sk7-port-forwarding;
interface-service {
    service-interface ms-0/2/0;
}
[show services nat]
pool prospects {
    address-range low 91.196.137.4 excessive 91.196.137.6;
    port {
        automated;
    }
}
pool sk7 {
    handle 91.196.137.254/32;
    port {
        automated;
    }
}
pool infrastructure {
    handle 91.196.137.253/32;
    port {
        automated;
    }
}
pool sk7-portforwarded {
    handle 91.196.137.252/32;
}
rule default {
    match-direction enter;
    time period no-nat {
        from {
            destination-address {
                10.0.0.0/8;
                172.16.0.0/12;
                192.168.0.0/16;
            }
        }
        then {
            no-translation;
        }
    }
    time period prospects {
        from {
            source-address {
                10.20.100.0/22;
            }
        }
        then {
            translated {
                source-pool prospects;
                translation-type {
                    napt-44;
                }
            }
        }
    }
    time period infrastructure {
        from {
            source-address {
                10.10.10.0/24;
                10.10.12.0/24;
                10.10.16.0/21;
            }
        }
        then {
            translated {
                source-pool infrastructure;
                translation-type {
                    napt-44;
                }
            }
        }
    }
    time period sk7 {
        from {
            source-address {
                172.16.25.8/29;
            }
        }
        then {
            translated {
                source-pool sk7;
                translation-type {
                    napt-44;
                }
            }
        }
    }
}
rule sk7-port-forwarding {
    match-direction output;
    time period default {
        from {
            destination-address {
                91.196.137.252/32;
            }
            destination-port {
                vary low 7000 excessive 7000;
            }
        }
        then {
            translated {
                destination-prefix 172.16.21.3/32;
                translation-type {
                    dnat-44;
                }
            }
        }
    }
}
[show firewall]
household inet {
    service-filter nat-lan-filter {
        time period skip-translation {
            from {
                source-address {
                    10.0.0.0/8;
                    172.16.0.0/12;
                    192.168.0.0/16;
                }
            }
            then skip;
        }
        time period default {
            then service;
        }
    }
}

pnat does work, so the hosts have entry to the Web, however portforwarding of tcp/7000 doesn’t:

[from MX itself]
emz@perm-mx5# run telnet 172.16.21.3 port 7000
Attempting 172.16.21.3...
Linked to 172.16.21.3.
Escape character is '^]'.
�^]
telnet> Connection closed.
[edit]

[from a host in WAN]
$ telnet 91.196.137.252 7000
Attempting 91.196.137.252...
telnet: Unable to connect with distant host: Connection timed out

This unit is operating the next JunOS model:

run present system software program
Info for jbase:

Remark:
JUNOS Base OS Software program Suite [21.2R3-S5.4]

Info for jcrypto:

Remark:
JUNOS Crypto Software program Suite [21.2R3-S5.4]

Info for jcrypto-dp-support:

Remark:
JUNOS DP Crypto Software program Software program Suite [21.2R3-S5.4]

Info for jdocs:

Remark:
JUNOS On-line Documentation [21.2R3-S5.4]

Info for jkernel:

Remark:
JUNOS Kernel Software program Suite [21.2R3-S5.4]

Info for jmacsec:

Remark:
JUNOS Macsec Software program Suite [21.2R3-S5.4]

Info for jpfe:

Remark:
JUNOS Packet Forwarding Engine Assist (MX80) [21.2R3-S5.4]

Info for jroute:

Remark:
JUNOS Routing Software program Suite [21.2R3-S5.4]

Info for jsd:

Remark:
JUNOS jsd [powerpc-21.2R3-S5.4-jet-1]

Info for jsdn-powerpc:

Remark:
JUNOS SDN Software program Suite [21.2R3-S5.4]

Info for jservices-alg:

Remark:
JUNOS Providers Software Degree Gateways [21.2R3-S5.4]

Info for jservices-cos:

Remark:
JUNOS Providers COS [21.2R3-S5.4]

Info for jservices-cpcd:

Remark:
JUNOS Providers Captive Portal and Content material Supply Container bundle [21.2R3-S5.4]

Info for jservices-crypto-base:

Remark:
JUNOS Providers Crypto [21.2R3-S5.4]

Info for jservices-ipsec:

Remark:
JUNOS Providers IPSec [21.2R3-S5.4]

Info for jservices-jflow:

Remark:
JUNOS Providers Jflow Container bundle [21.2R3-S5.4]

Info for jservices-nat:

Remark:
JUNOS Providers NAT [21.2R3-S5.4]

Info for jservices-rpm:

Remark:
JUNOS Providers RPM [21.2R3-S5.4]

Info for jservices-rtcom:

Remark:
JUNOS Providers RTCOM [21.2R3-S5.4]

Info for jservices-sfw:

Remark:
JUNOS Providers Stateful Firewall [21.2R3-S5.4]

Info for jservices-softwire:

Remark:
JUNOS Providers SOFTWIRE [21.2R3-S5.4]

Info for jservices-ssl:

Remark:
JUNOS Providers SSL [21.2R3-S5.4]

Info for jservices-tcp-log:

Remark:
JUNOS Providers TCP-LOG [21.2R3-S5.4]

Info for junos:

Remark:
JUNOS Base OS boot [21.2R3-S5.4]

Info for py-base-powerpc:

Remark:
JUNOS py-base-powerpc [21.2R3-S5.4]

Info for py-extensions-powerpc:

Remark:
JUNOS py-extensions-powerpc [21.2R3-S5.4]

linker – iOS archiving for launch strips away world symbols

iOS Development

codesanitize

-

16 August 2025

0

I’ve a cocoapods library.

This library has some C features that I’ve uncovered globally:

#outline EXPORT __attribute__((visibility("default"), used, retain)) extern "C"

EXPORT void ios_prepare_request(const char *url) {
  // some obj-c code
}

Then internally a dylib is loaded. This dylib tries to name these features.
When run through Xcode, every part is working.
Nevertheless, after I package deal the app to TestFlight/Debugging deployment. There’s a stripping step that eliminates my world symbols. Due to this fact when I attempt to name any of the features from the dylib in some unspecified time in the future it will get a null pointer reference and the app crashes.
I have been making an attempt to get round this with the assistance of one of many apple engineers, his suggestion is to make use of a linker flag -export_symbols_list, however it doesn’t matter what I attempted it would not work.
I’ve managed to get it working by disabled world stripping within the consumer goal xcconfig, however this clearly shouldn’t be superb because it messes with the consumer goal.

  s.user_target_xcconfig = {
    'STRIP_STYLE' => 'non-global'
  }

By default cocoapods creates a static lib, so export_symbol_list will not work as it’s meant for dylibs, I attempted to resolve this by turning the lib right into a dynamic framework

s.static_framework = false
s.preserve_paths="exports.exp"
  s.pod_target_xcconfig= {
        # 'OTHER_LDFLAGS' => '$(inherited) -Wl,-exported_symbols_list,$(PODS_TARGET_SRCROOT)/exports.exp',
  }

With the default config an a static lib, claude suggests utilizing a -u flag and passing every image I have to hold alive, however this additionally doesn’t work

  s.user_target_xcconfig = {
    'OTHER_LDFLAGS' => '$(inherited) -Wl,-u,_ios_prepare_request'
  }

At this level I am out of concepts easy methods to stop the worldwide symbols from being stripped. In some unspecified time in the future I attempted passing the features in a initialization perform however in some way they had been nonetheless being stripped.

Any recommendations what may work?

ios – deal with choice and replace in MVVM?

iOS Development

codesanitize

-

16 August 2025

0

I am enjoying round with MVVM and have bother wrapping my head round the way to work with deciding on a single component.

Following on-line examples I’ve written one thing primary that fetches an inventory of information and shows it.

struct NoteListView: View {
    @State personal var mannequin = NoteModel()
    
    var physique: some View {
        NavigationStack {
            Checklist(mannequin.notes) { word in
                NavigationLink {
                    NoteDetailView(word: word)
                } label: {
                    Textual content(word.title)
                }
            }
            .job {
                mannequin.fetchNotes()
            }
        }
    }
}

struct NoteDetailView: View {
    let word: Notice
    
    var physique: some View {
        Textual content(word.title)
            .font(.title)
        Textual content(word.content material)
    }
}

@Observable
class NoteModel {
    var notes: [Note] = []
    
    func fetchNotes() {
        self.notes = [
            Note(title: "First note", content: "Test note"),
            Note(title: "Reminder", content: "Don't forget to water the plants!"),
            Note(title: "Shopping list", content: "Eggs, milk, hat, bread")
        ]
    }
}

struct Notice: Identifiable, Hashable {
    let id = UUID()
    var title: String
    var content material: String
}

Now I wish to replace a word on the element view. Updating entails a PUT request to the server with the server calculating knowledge for the replace, so after the request is profitable the brand new model of the word must be fetched. I am unable to appear to determine the way to write this. I feel the mannequin would look one thing like this.

@Observable
class NoteModel {
    var notes: [Note] = []
    var selectedNote: Notice?
    
    func fetchNotes() {
        self.notes = [
            Note(title: "First note", content: "Test note"),
            Note(title: "Reminder", content: "Don't forget to water the plants!"),
            Note(title: "Shopping list", content: "Eggs, milk, hat, bread")
        ]
    }

    func fetchNote(title: String) {
        // fetch a single word, in all probability used after updating a word to show the up to date word on the small print view
        self.selectedNote = APIClient.fetchNote()
    }
    
    func updateNote(title: String, content material: String) {
        self.selectedNote?.title = title
        self.selectedNote?.content material = content material
        // makes a PUT request to replace the word, after which the word must be fetched
    }
}

However I do not know the way to cross the chosen word to the small print view and the way to replace the word displayed on the small print view and on the checklist view. I think about that it is a pretty primary situation for MVVM, however I could not discover any examples illustrating the essential conventions on how to do that.

Regardless of the hubbub, Intel is holding onto server market share

Computer Networking

codesanitize

-

15 August 2025

0

Regardless of the hubbub, Intel is holding onto server market share

Server CPU shipments have been “uninteresting,” as he put it, on a sequential foundation, with neither provider seeing a lot development on quarter after final quarter’s atypical improve. On-year, the server market was up considerably however that’s as a result of a 12 months in the past, the phase was close to its cyclical lows and coping with stock changes.

“Intel was in a position to maintain volumes in complete server unit shipments by shifting shipments to non-data middle merchandise, resembling Xeon D in networking/storage servers, which they famous of their earnings name. That comes at a value; these merchandise have a lot decrease ASPs, so decrease revenues, which is why Intel’s DCAI revenues have been decrease when models have been flat,” McCarron advised Community World.

“Nothing actually strikes that quick in servers, and on the whole a ‘freefall’ can’t actually occur outdoors of some systemic demand collapse occasion like 2008 was, as the remainder of the trade realistically can’t take in market share at a vast charge as a result of provide chain concerns,” he added.

AMD’s server revenues hit a file excessive, however many of the income positive aspects was from promoting a better mixture of its new Turin core CPUs, and unit cargo development was very modest. Nonetheless, even with a 0.1-point improve in share, which means a brand new file excessive in AMD server gross sales. It now has 37.2% market share.

Excluding IoT/SoC embedded merchandise from consideration, Intel’s shipments barely outgrew AMDs within the quarter leading to Intel having a modest sequential share improve thanks partly to cellular CPU shipments, the place Intel has strong merchandise. AMD made a slight achieve in desktops, the place it’s notably sturdy.

As for Arm, it confirmed power within the server market because of Nvidia’s GB200 processors ramping up volumes. On the shopper aspect, Apple had barely larger shipments within the second however that was offset by weak point in Chromebooks.