Juniper EX Virtual Chassis Specific Member Config
EX VC tip of the moment: Use apply-groups to add specific config to each node.
For example:
set groups member0 system host-name member0 set groups member1 system host-name member1 set groups member2 system host-name member2 set apply-groups member0 set apply-groups member1 set apply-groups member2
IPERF CSV Data Summary Script
Recently I was required to do a network performance test between a Head Office and a WAN site. I knocked up this quick python script to parse the data collect to see the results. Thought it could be handy for others so here it is to download / share.
Sample Output:
cooper@dfbit:~/scripts/iperf-parse$ ./iperf-summary.py ------------------------------------ -- IPERF CSV Summariser -- -- Cooper Lees <me@cooperlees.com -- ------------------------------------ -- SUMMARY -- - 20111212103043 to 20120103090052 - 1004 runs of IPERF - Averages: - Average Sent = 2.64M - Average Received = 2.28M - Average Send Bandwidth = 985.75K - Average Receive Bandwidth = 805.12K - Max Send Bandwidth = 1.08M (at 20111230183021) - Max Receive Bandwidth = 837.16K (at 20120102113052) ------------------------------------
Code:
#!/usr/bin/python
# date,sender-ip,sender-port,receiver-ip,receiver-port,id,interval,transfer,bandwidth
# 20111212103043,10.120.15.8,45020,10.120.13.120,5001,5,0.0-21.4,2490368,931080
# 20111212103109,10.120.15.8,5001,10.120.13.120,57022,4,0.0-24.2,2228224,736145
FILENAME = 'client-iperf.log'
RUNS = 1
MAX_BANDWIDTH_SENT = 0
MAX_BANDWIDTH_SENT_DATE = 0
MAX_BANDWIDTH_RECEIVED = 0
MAX_BANDWIDTH_RECEIVED_DATE = 0
TOTAL_BANDWIDTH_SENT = 0
TOTAL_BANDWIDTH_RECEIVED = 0
TOTAL_SENT = 0
TOTAL_RECEIVED = 0
def convert_bytes(bytes):
bytes = float(bytes)
if bytes >= 1099511627776:
terabytes = bytes / 1099511627776
size = '%.2fT' % terabytes
elif bytes >= 1073741824:
gigabytes = bytes / 1073741824
size = '%.2fG' % gigabytes
elif bytes >= 1048576:
megabytes = bytes / 1048576
size = '%.2fM' % megabytes
elif bytes >= 1024:
kilobytes = bytes / 1024
size = '%.2fK' % kilobytes
else:
size = '%.2fb' % bytes
return size
f = open(FILENAME)
l1 = f.readline().strip().split(',')
l2 = f.readline().strip().split(',')
while l2 and l2[0] != '':
if RUNS == 1:
START = l1[0]
BW_SENT = int(l1[8])
BW_RECEIVED = int(l2[8])
TOTAL_SENT = TOTAL_SENT + int(l1[7])
TOTAL_RECEIVED = TOTAL_RECEIVED + int(l2[7])
TOTAL_BANDWIDTH_SENT = TOTAL_BANDWIDTH_SENT + int(l1[8])
TOTAL_BANDWIDTH_RECEIVED = TOTAL_BANDWIDTH_RECEIVED + int(l2[8])
if BW_SENT > MAX_BANDWIDTH_SENT:
MAX_BANDWIDTH_SENT = BW_SENT
MAX_BANDWIDTH_SENT_DATE = l1[0]
if BW_RECEIVED > MAX_BANDWIDTH_RECEIVED:
MAX_BANDWIDTH_RECEIVED = BW_RECEIVED
MAX_BANDWIDTH_RECEIVED_DATE = l2[0]
END = l2[0]
RUNS = RUNS + 1
l1 = f.readline().strip().split(',')
l2 = f.readline().strip().split(',')
f.close()
print "------------------------------------"
print " -- IPERF CSV Summariser -- "
print "-- Cooper Lees <me@cooperlees.com --"
print "------------------------------------"
print "-- SUMMARY --"
print "- %s to %s" % ( START, END )
print "- %d runs of IPERF" % RUNS
print "- Averages:"
print "-\tAverage Sent\t\t\t= %s" % convert_bytes((TOTAL_SENT / RUNS))
print "-\tAverage Received\t\t= %s" % convert_bytes((TOTAL_RECEIVED / RUNS))
print "-\tAverage Send Bandwidth\t\t= %s" % convert_bytes((TOTAL_BANDWIDTH_SENT / RUNS))
print "-\tAverage Receive Bandwidth\t= %s" % convert_bytes((TOTAL_BANDWIDTH_RECEIVED / RUNS))
print "-\tMax Send Bandwidth\t\t= %s (at %s)" % (convert_bytes((MAX_BANDWIDTH_SENT)), MAX_BANDWIDTH_SENT_DATE)
print "-\tMax Receive Bandwidth\t\t= %s (at %s)" % (convert_bytes((MAX_BANDWIDTH_RECEIVED)), MAX_BANDWIDTH_RECEIVED_DATE)
print "------------------------------------"
Cron Job Script to Collect Data:
#!/bin/bash
SERVER="x.x.x.x"
LOG="client-iperf.log"
TIME="5"
echo "--> Starting iperf client @ $(date) ..." | tee -a $LOG
if [ "$1" == "-v" ]; then
iperf -t $TIME -c $SERVER -r -y C | tee -a $LOG
else
iperf -t $TIME -c $SERVER -r -y C >> $LOG
fi
echo "--> Finished iperf client @ $(date)" | tee -a $LOG
Junos IPv6 Management …
What IPv6 system user output looks like …
cooper@noona-gw> show system users 9:15AM up 13:29, 1 user, load averages: 0.36, 0.28, 0.23 USER TTY FROM LOGIN@ IDLE WHAT cooper p0 2001:470:1f05:78b:224:1dff:fe71:9f70 9:15AM - -cli (cli)
SRX110 and ADSL2+
So work was awesome this year and bought me an SRX110 for Xmas. I thought that I would share, to configure it’s vDSL interface to use adsl (with Australian VPI and VCI), you just configure the interface as if it was an ADSL PIM.
Here is the config:
set interfaces at-1/0/0 description "ADSL Interface" set interfaces at-1/0/0 mtu 1540 set interfaces at-1/0/0 encapsulation atm-pvc set interfaces at-1/0/0 atm-options vpi 8 set interfaces at-1/0/0 dsl-options operating-mode auto set interfaces at-1/0/0 unit 0 description PPPoA set interfaces at-1/0/0 unit 0 encapsulation atm-ppp-llc set interfaces at-1/0/0 unit 0 vci 8.35 set interfaces at-1/0/0 unit 0 ppp-options chap default-chap-secret "PASSWORD" set interfaces at-1/0/0 unit 0 ppp-options chap local-name "username@ISP" set interfaces at-1/0/0 unit 0 ppp-options chap passive set interfaces at-1/0/0 unit 0 family inet address x.x.x.x/32
Dennis Ritchie passes away …
The inventor of the C programming language and integral part of UNIX development has past away. RIP Dennis Ritchie.

Thanks for the Uni lectures …
Microsoft NPS Server + Juniper JUNOS VSA
A lot of companies run Microsoft’s Active Directory AAA infrastructure. A nice add on to AD (apart from my favorite ‘Services for UNIX’) is the Network and Policy Server (NPS). Using this RADIUS server with any radius speaking client is a nice addon that allows the majority of Network infrastructure to use AD as it’s authoriative authentication source. Using NPS as the souce will allow new users to obtain access to the box without the need for configuration on all the infrastrucutre devices individually, scales and disables users access when they leave the organisation (local accounts tend to be forgotten).
Finding documentation on using NPS with JUNOS was difficult, so here is how I have got it to work:
First we need the Juniper Vedor Code and attribute to send to your JUNOS device:
Juniper Vendor ID: 2636 RADIUS Attribute to specify account name (id): Juniper-Local-User-Name (1)
Then we need to configure a RADIUS client in NPS, then configure the JUNOS side and finally define a ’Connection Request Policy’ (More information here visit this post)
Once the connection request policy is defined we now need a ‘Network Request Policy’. This will allow the use of AD groups (amoungst other attributes) to define which template account that is defined locally on the JUNOS device to map the user to. Please refer to the previous NPS post for more information on configuring a Network request policy.
To add the custom VSA navigate to the “Network Policies” section in the NPS MMC, go to properties of the policy you wish to add the VSA to and navigate to the ’Settings’ tab.
Select ‘Vendor Specific’ under attributes and then click add. Then select ’Custom’ from the drop down list, select Vendor-Specific and click add:

Now select add and enter the following:

The device will now send the defined ‘USERNAME’ that is required to be defined locally on each JUNOS device that speaks to this radius server.
If there is no match, JUNOS will fall back to the default remote authentication server template user ‘remote’. I reccomend setting this to unauthorised so that if a user not in required groups gets authenticated due to bad NPS polices can not obtain any useful access to the JUNOS device.
Please let me know how you go and if I have made any boo boos in my post.
The above was tested with JUNOS 11.2r2.4 and Windows Server 2008 R2.
Lame Network Joke
tcp packet walks in to a bar and says “I want a beer”, barman says “you want a beer?” and tcp packet says “yes, a beer”
An RTP packet walks into a bar through the wrong entrance. The barman says “You’re not getting any special treatment”
A multicast packet walks into a bar and leaves by four different exits.
A BGP Update walks into a CRS-1. He walks back out with a corrupt optional transitive attribute.
A DNS packet walks into a liquor store – where do I find beer “ABC”?. Clerk: aisle 4, top row on the right.
An IPv6 packet walks into a bar. Nobody talks to him.
A UDP packet went into a bar. The bartender didn’t acknowledge him…
ICMP packet walks into a bar from warehouse and announces – “no more beer”
A dhcp packet walks into a bar and asks for a beer. Bartender says , “here, but I’ll need that back in an hour!”