By default, Juniper will return XML in response to your RPC calls. But if you prefer, Juniper can translate the XML into JSON for you.
[Read More]
Using Junos PyEZ for information gathering
Most people that start out working with Junos using PyEZ seem to get stuck trying to figure out how to retrieve information. Since I always learn the most from short examples that I can reverse engineer or alter to fit my needs, I aim to provide you with just that....
[Read More]
Templating for network engineers in SaltStack.
Templating in SaltStack is an absolute joy. It makes the generation of text-based configurations for networking devices very easy. This write up is to give you some tips and insights that I could have used when I started templating myself. After walking you through an easy way to render templates...
[Read More]
Getting your facts straight.
The Salt grains interface is a very powerful tool. The interface presents Salt with grains of information about the system that is being managed. One of the things you can use grains for is to make your templating more effective. As a network engineer, I mostly work with proxy-minions. And...
[Read More]
First post!
For quite some time I have been thinking about writing some articles again.
[Read More]
QFX controllerless overlay with all-active Ethernet segments.
An Introduction to Python Exceptions
In control with RSVP
6PE and 6VPE
Troubleshooting packet loss with firewall filters
Packet loss can be caused by all sorts of reasons. Could be faulty hardware, a software issue on a device, a congested link or some policers and shapers that are working against you. In order to fix packet loss in a network, you first have pinpoint where the packets are...
[Read More]
Junos OS route-reflection considerations
Introducing packet loss with RED
Recently, a customer had several issues going on at the same time. The customer had an MPLS L3VPN with a default route towards a central firewall in the datacenter. Behind this firewall, there was some rackspace and a cloud environment. A lot of components were involved and after solving the...
[Read More]
Verifying a BGP signaled VPLS
Q-in-Q on EX, QFX or VCF
Configuring Q-in-Q, or dot1q tunneling can lead to some confusion. I’ve seen confusion due to changes in the new enhanced Layer 2 CLI configuration and because of a mismatch in Ethertype. This is a short article on how QinQ can be configured on an EX, QFX or VCF. I’ll configure...
[Read More]
Configuring a basic BGP signalled VPLS
Huawei basic layer 3 MPLS VPN
Normally, I use Huawei for all sorts of CPE stuff. But this time, instead of connecting a Huawei CPE to an MPLS VPN, I thought I’d use Huawei to create the Layer 3 MPLS VPN itself. Using eNSP, the free and open Enterprise Simulation Platform, I created the following scenario:...
[Read More]
tunneling LDP over RSVP and establishing a pseudowire
This article is about establishing an LDP session across RSVP signaled LSPs and using those sessions to signal a Martini-draft style pseudowire.
[Read More]
Policy based LSP mapping with Junos OS
LSPs can be configured with a whole variety of characteristics. You can police traffic that is send onto an LSP, steer the LSP through certain location in the network and much more. When you create several LSPs towards the same destination router, prefixes using that router as a next-hop are...
[Read More]
Basic BGP import filtering example on Junos OS
What your BGP peers decide to advertise is out of your control. What you accept is not.
This is a short article on basic route-filtering using Junos. The focus here is on a BGP import policy for public peering.
Let’s start of by rejecting all 0.0.0.0/x routes:
[Read More]
Interprovider Layer 3 VPN option C
Junos and all things syslog
This article is about Junos and all things syslog. I'll go over several examples showing you what you can configure under the [ system syslog ] stanza. Parts of the examples I use here are based on what I think can benefit a device running Junos OS. I'll cover logging...
[Read More]
Juniper OSPFv3 IPsec authentication
Though the OSPFv3 protocol does not offer a built-in authentication method, IPsec can be used to secure protocol exchanges between devices running OSPFv3. To authenticate OSPFv3 on a Juniper device, you first start out with the configuration of a Security Association (SA). The SA describes how the devices will communicate...
[Read More]
Juniper MX and RSVP refresh reduction
The past few weeks I have been working on the replacement of several core nodes. After finally installing the last MX, I wanted revise several configurations that were applied. One of the configurations that I revised was the configuration used in the RSVP stanza. I ‘optimized’ it by implementing RSVP...
[Read More]
Setting up your own vSRX lab
Recently, I’ve been having some fun with the vSRX. I wanted to share the lab I created so others can see how easy it is to get things going with the vSRX. The vSRX doesn’t require a lot of resources and it is a really nice way to get acquainted...
[Read More]
EVPN on Juniper MX and interconnecting Data Centers on layer 2 and 3
After creating a single-homed layer 2 EVPN here, let’s add some layer 3 routing and see in what way EVPN can benefit the datacenter.
But first, have a look at a situation wherein a VPLS is connecting two data centers together:
[Read More]
Basic BGP MPLS-Based Ethernet VPN on Juniper MX
For a while now I wanted to try out EVPN on the MX.
I decided to go for the easiest of scenarios that EVPN has to offer: a single-homed VLAN-based EVPN:
[Read More]
IPFIX configuration example
Turning on IPFIX (IP Flow Information Export) on Juniper MX is a good idea if you want to know what’s going on. Not only can it provide you with a tremendous insight into the traffic traversing your network, you can also use the information provided by IPFIX to automatically divert...
[Read More]
Juniper Virtual Chassis Fabric AE interface
Connecting other parts of the network to the VCF in a redundant way using Link Aggregation Groups (LAG) is very easy. A LAG can combine several Ethernet interfaces into a single logical link called an Aggregate Ethernet (AE) interface. When you are running a VCF, you’d best spread a LAG...
[Read More]
Juniper Virtual Chassis Fabric
Having to deal with a network edge that organically grew as time passed, evolving into an ever more complicated constellation of switches, is frustrating. Looming in the back of my mind were choices made in a past I had no part of. Those choices strained growth and frustrated my attempt...
[Read More]
Site-to-Site IPsec VPN between Huawei AR and Juniper MX
Today I configured an IPsec VPN between a Huawei AR1220F and a Juniper M104. I wanted to keep the configuration around for future reference.
The configuration on a Huawei is rather straightforward. To put the Huawei AR IPsec configuration in a picture:
[Read More]