Junos Aggregated Ethernet w/LACP and Cisco Nexus Virtual Port Channel

Posted by cooper on Apr 17, 2012 in cisco, g33k, juniper

So when I was googiling around looking for working configurations of Junos (EX in this case) AE working with a Cisco vPC (Virtual Port Channel) I could not find any examples … So I said that I would post one. I will not be covering how to set up a VPC, if you’re interested in that side visit Cisco’s guide here. I will also not discuss how to configure a Juniper Virtual Chassis (more info here). The devices used in this example are 2 x Cisco 7k (running NX-OS 4) and 2 x Juniper EX4500 switches (running Junos 11.4R1) in a Mixed Mode virtual chassis with 2 x ex4200s.

The goal, as network engineers is to use all bandwidth when it’s available (if feasible) and avoid legacy protocols to stop layer 2 loops such as Spanning-Tree. vPC from Cisco and VC technologies allow LACP (Link Control Aggregation Protocol) links to span physical chassis, allow the network engineer to avoid single points of failure and harness all available bandwidth. If a physical chassis was lost, you would still be operation in a degraded fashion, e.g. 1/2 the available bandwidth until the second chassis returned.

To configure the Cisco Nexus side you would require the following configuration on each vPC configured chassis. I found that VLAN pruning can be happily done and a Natvie VLAN1 is not needed if CDP is not mandatory (I did not test making CDP able to traverse the trunk through the Juniper – Would love to hear if someone does!).

conf t

interface port-channel69
  description Good practice
  switchport mode trunk
  vpc 69
  mtu 9216
  switchport trunk allowed vlan 69

interface Ethernetx/x
  channel-group 69 mode active

Handy Cisco Debug Commands:

  • show vpc
  • show run interface port-channel69 member
  • show vpc consistency-parameters int port-channel 69
  • show port-channel summary

The Juniper side would only require the following, this configuration is identical (you just choose different member interfaces) even if you don’t have a Virtual Chassis configuration.

set interfaces xe-0/0/39 ether-options 802.3ad ae0
set interfaces xe-1/0/39 ether-options 802.3ad ae0
set interfaces ae0 description "Good Practice"
set interfaces ae0 mtu 9216
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members pr0nNet

set vlans pr0nNet vlan-id 69
set vlans pr0nNet l3-interface vlan.69 #If a L3 RVI is required

Handy Juniper Debug Commands:

  • show interface terse ae0
  • show lacp interfaces (you want your interfaces to be collecting and distributing)
  • show interface ae0 extensive

Please let me know if I have done anything that is not optimal – always eager to learn, I am definitely not (and proud of it) a Cisco expert.

Tags: , , , , , , , , , , , , , ,


Juniper SRX Screens + Dynamic VPNs

Posted by cooper on Mar 3, 2012 in g33k, juniper

Little tip with SRX Dynamic VPNs and ‘security screens’ on the VPN’s ingress zone I stumbled across during my JNCIE-SEC study.

UPDATE (20120401): Seems Juniper has addressed and fixed this bug …
More info: 

It seems you can not have the ‘IP Spoofing’ screen enabled when sending IPSec Dynamic VPN traffic ingressing into the zone with the screen set. This traffic is dropped by the screen which can be seen via a ‘security flow traceoption flag basic-datapath’:

  • ‘packet dropped, drop by spoofing check.’

So removing (or deactivating) the ip spoofing check solved the problem:

  • deactivate security screen ids-option from-Internet ip spoofing

Kind of lame, the spoofing screen sounds a good idea on your Internet facing interfaces, but seems a no no if you want dynamic VPNs. That is all. Hopefully eventually Juniper make this check smarter.

Tags: , , , , , , , , , ,


Valentines – Junos Style !

Posted by cooper on Feb 15, 2012 in g33k, juniper

Awesome – This would get the chicks …

Junos Valentines

Tags: , , , ,


Juniper 5 in 5 – QFrabric

Posted by cooper on Jan 29, 2012 in g33k, juniper

@cooperlees is yours truely

Tags: , , , , , ,


Juniper EX Virtual Chassis Specific Member Config

Posted by cooper on Jan 13, 2012 in g33k, juniper

EX VC tip of the moment: Use apply-groups to add specific config to each node.
For example:

set groups member0 system host-name member0
set groups member1 system host-name member1
set groups member2 system host-name member2
set apply-groups member0
set apply-groups member1
set apply-groups member2

Tags: , , , , , ,


IPERF CSV Data Summary Script

Posted by cooper on Jan 13, 2012 in g33k, linux, solaris, tech

Recently I was required to do a network performance test between a Head Office and a WAN site. I knocked up this quick python script to parse the data collect to see the results. Thought it could be handy for others so here it is to download / share.

Download Script

Sample Output:

cooper@dfbit:~/scripts/iperf-parse$ ./ 
   --   IPERF CSV Summariser   --   
-- Cooper Lees < --
- 20111212103043 to 20120103090052
- 1004 runs of IPERF
- Averages:
-	Average Sent			= 2.64M
-	Average Received		= 2.28M
-	Average Send Bandwidth		= 985.75K
-	Average Receive Bandwidth	= 805.12K
-	Max Send Bandwidth		= 1.08M (at 20111230183021)
-	Max Receive Bandwidth		= 837.16K (at 20120102113052)



# date,sender-ip,sender-port,receiver-ip,receiver-port,id,interval,transfer,bandwidth
# 20111212103043,,45020,,5001,5,0.0-21.4,2490368,931080
# 20111212103109,,5001,,57022,4,0.0-24.2,2228224,736145

FILENAME = 'client-iperf.log'

RUNS = 1




def convert_bytes(bytes):
	bytes = float(bytes)
	if bytes >= 1099511627776:
		terabytes = bytes / 1099511627776
		size = '%.2fT' % terabytes
	elif bytes >= 1073741824:
		gigabytes = bytes / 1073741824
		size = '%.2fG' % gigabytes
	elif bytes >= 1048576:
		megabytes = bytes / 1048576
		size = '%.2fM' % megabytes
	elif bytes >= 1024:
		kilobytes = bytes / 1024
		size = '%.2fK' % kilobytes
		size = '%.2fb' % bytes
	return size

f = open(FILENAME)
l1 = f.readline().strip().split(',')
l2 = f.readline().strip().split(',')
while l2 and l2[0] != '':
	if RUNS == 1:
		START = l1[0]

	BW_SENT = int(l1[8])
	BW_RECEIVED = int(l2[8])

	TOTAL_SENT = TOTAL_SENT + int(l1[7])




	END = l2[0]
	RUNS = RUNS + 1
	l1 = f.readline().strip().split(',')
	l2 = f.readline().strip().split(',')


print "------------------------------------"
print "   --   IPERF CSV Summariser   --   "
print "-- Cooper Lees < --"
print "------------------------------------"
print "-- SUMMARY --"
print "- %s to %s" % ( START, END )
print "- %d runs of IPERF" % RUNS
print "- Averages:"
print "-\tAverage Sent\t\t\t= %s" % convert_bytes((TOTAL_SENT / RUNS))
print "-\tAverage Received\t\t= %s" % convert_bytes((TOTAL_RECEIVED / RUNS))
print "-\tAverage Send Bandwidth\t\t= %s" % convert_bytes((TOTAL_BANDWIDTH_SENT / RUNS))
print "-\tAverage Receive Bandwidth\t= %s" % convert_bytes((TOTAL_BANDWIDTH_RECEIVED / RUNS))
print "-\tMax Send Bandwidth\t\t= %s (at %s)" % (convert_bytes((MAX_BANDWIDTH_SENT)), MAX_BANDWIDTH_SENT_DATE)
print "-\tMax Receive Bandwidth\t\t= %s (at %s)" % (convert_bytes((MAX_BANDWIDTH_RECEIVED)), MAX_BANDWIDTH_RECEIVED_DATE)
print "------------------------------------"

Cron Job Script to Collect Data:



echo "--> Starting iperf client @ $(date) ..." | tee -a $LOG

if [ "$1" == "-v" ]; then
        iperf -t $TIME -c $SERVER -r -y C | tee -a $LOG
        iperf -t $TIME -c $SERVER -r -y C >> $LOG

echo "--> Finished iperf client @ $(date)" | tee -a $LOG

Tags: , , , , , , , , ,


Junos IPv6 Management …

Posted by cooper on Dec 26, 2011 in g33k, juniper

What IPv6 system user output looks like …

cooper@noona-gw> show system users
 9:15AM  up 13:29, 1 user, load averages: 0.36, 0.28, 0.23
USER     TTY      FROM                              LOGIN@  IDLE WHAT
cooper   p0       2001:470:1f05:78b:224:1dff:fe71:9f70 9:15AM     - -cli (cli)    


SRX110 and ADSL2+

Posted by cooper on Dec 23, 2011 in g33k, juniper

So work was awesome this year and bought me an SRX110 for Xmas. I thought that I would share, to configure it’s vDSL interface to use adsl (with Australian VPI and VCI), you just configure the interface as if it was an ADSL PIM.

Here is the config:

set interfaces at-1/0/0 description "ADSL Interface"
set interfaces at-1/0/0 mtu 1540
set interfaces at-1/0/0 encapsulation atm-pvc
set interfaces at-1/0/0 atm-options vpi 8
set interfaces at-1/0/0 dsl-options operating-mode auto
set interfaces at-1/0/0 unit 0 description PPPoA
set interfaces at-1/0/0 unit 0 encapsulation atm-ppp-llc
set interfaces at-1/0/0 unit 0 vci 8.35
set interfaces at-1/0/0 unit 0 ppp-options chap default-chap-secret "PASSWORD"
set interfaces at-1/0/0 unit 0 ppp-options chap local-name "username@ISP"
set interfaces at-1/0/0 unit 0 ppp-options chap passive
set interfaces at-1/0/0 unit 0 family inet address x.x.x.x/32

Tags: , , , , , , , , , ,


Dennis Ritchie passes away …

Posted by cooper on Oct 13, 2011 in g33k, linux, solaris

The inventor of the C programming language and integral part of UNIX development has past away. RIP Dennis Ritchie.

Thanks for the Uni lectures …

BoingBoing Article

Tags: , , , , , , ,


Old Lady killing it … Hates a Radio

Posted by cooper on Oct 5, 2011 in humour

This letter was sent to the Lions Bay School Principal’s office in West Geelong after the school had sponsored a luncheon for seniors. An elderly lady received a new radio at the lunch as a door raffle prize and was writing to say thank you.

This story is a credit to all humankind. Forward this to anyone you know who might need a lift today.

Dear Lions Bay School,

God bless you for the beautiful radio I won at your recent Senior Citizens luncheon. I am 87 years old and live at the West Geelong Home for the Aged. All of my family has passed away so I am all alone. I want to thank you for the kindness you have shown to a forgotten old lady.

My roommate is 95 and has always had her own radio; but, she would never let me listen to it. She said it belonged to her long dead husband, and understandably, wanted to keep it safe. The other day her radio fell off the nightstand and broke into a dozen pieces.. It was awful and she was in tears. She asked if she could listen to mine, and I was overjoyed that I could tell her to fuck off.

Thank you for that wonderful opportunity.

God bless you all.



Tags: , , , , , , , , ,

Copyright © 2017 I-R-Coops Blog All rights reserved. Theme by Laptop Geek.