juniper
Stop IPv4 Point-To-Point Addressing your Networks
<p>IPv4 addressing on links is no longer required to route IPv4. What you say?? Yes, you can stop IPv4 addressing your point to point links with <em>Legacy IP</em> and route your IPv4 addressed packets via IPv6 next hops!</p> <ul> <li>With this we can save Public IPv4 addressing!</li> <li>We now only need a Public IPv4 loopback […]
IPv6 + Flow labels
Recently a teammate and I have come across a frame forwarding issue with ECMP on a hardware ASIC in a device I work on where the use of Flow labels are used in the ECMP hash. This was interesting as we found iperf was not setting the Flow label at all, unless you specify the -L […]
IPv6 Tacacs+ Support (tac_plus)
Recently @ Facebook we found that we required IPv6 access to TACACS for auth (AAA) for the majority of our production Network Equipment. Tacacs+ (tac_plus) is an old daemon released by Cisco in the late 90s. It still works (even at our scale) and the config was doing what we required, so it was decided that we […]
30 Levels of NAT Lab #2 – Juniper SRX100s
Well, I had the chance again to play with lots of Firewalls, so I did. A customer had ordered > than 30 SRX100s for clustered branch deployments so I took the opportunity to ask for permission to pull 30 of them out of boxes and reproduce my 30 levels of NAT lab. It\’s never the […]
RANCID with Junos Read-Only User
Here is the setting for a Junos device to create a user with read only privileges to allow RANCID to work. [plain] set system login class RANCID permissions access set system login class RANCID permissions admin set system login class RANCID permissions firewall set system login class RANCID permissions flow-tap set system login class RANCID […]
Updating Juniper QFabric
The follow post shows output obtained and the upgrade process performed recently on a clients QFabric system. This output was captured updating from 12.2X30 to 12.2X50 Junos release via a ‘Non Stop Services Upgrade’ (NSSU) method. This method basically is a very conservative approach updating redundant components one at a time. The overall process is: […]
Juniper SRX Chassis Cluster RG0 Nagios Check
I was required to check (as this customer did not have a trap collector) which node was active for redundancy group 0 on a SRX cluster. So I thought I would check for a SNMP OID that is only presented by the active RG0 node. This script uses snmpwalk and is configured to use SNMP v2c […]
SRX Branch Chassis Cluster Ports
Here is a table of the ports that are used for chassis cluster control link and management ports on Branch SRX devices. The quoted ports are the ‘stand alone’ non clustered port names (not node1’s port names once clustered). In a SRX cluster the PIM slots on node1 start at the last PIM slot of […]
Backup your Junos configs TODAY !
Cooper’s tip of the moment, ALWAYS backup your Junos configurations. Hate when a customer does not, your router does not have raid (unless it has redundant REs, VC or is in a Chassis Cluster :)). It’s a built in feature of Junos so use it! It even allows multiple sites, so if you have DR […]
QFabric Part 2 – Lets get Down and Dirty Deploying and Configuring …
Juniper is selling QFabric as a bundle. Due to this the install has been templated and will be similar in regards to the control plane and getting the fabric up and ready to be configured for each target environment. Every QFabric bundle today must include Juniper Professional Services. Hopefully in the future I (and other […]