Getting your facts straight.

The Salt grains interface is a very powerful tool. The interface presents Salt with grains of information about the system that is being managed. One of the things you can use grains for is to make your templating more effective. As a network engineer, I mostly work with proxy-minions. And... [Read More]

Troubleshooting packet loss with firewall filters

Packet loss can be caused by all sorts of reasons. Could be faulty hardware, a software issue on a device, a congested link or some policers and shapers that are working against you. In order to fix packet loss in a network, you first have pinpoint where the packets are... [Read More]
Tags: juniper

Introducing packet loss with RED

Recently, a customer had several issues going on at the same time. The customer had an MPLS L3VPN with a default route towards a central firewall in the datacenter. Behind this firewall, there was some rackspace and a cloud environment. A lot of components were involved and after solving the... [Read More]
Tags: juniper

Q-in-Q on EX, QFX or VCF

Configuring Q-in-Q, or dot1q tunneling can lead to some confusion. I’ve seen confusion due to changes in the new enhanced Layer 2 CLI configuration and because of a mismatch in Ethertype. This is a short article on how QinQ can be configured on an EX, QFX or VCF. I’ll configure... [Read More]
Tags: juniper

Huawei basic layer 3 MPLS VPN

Normally, I use Huawei for all sorts of CPE stuff. But this time, instead of connecting a Huawei CPE to an MPLS VPN, I thought I’d use Huawei to create the Layer 3 MPLS VPN itself. Using eNSP, the free and open Enterprise Simulation Platform, I created the following scenario:... [Read More]
Tags: huawei

Policy based LSP mapping with Junos OS

LSPs can be configured with a whole variety of characteristics. You can police traffic that is send onto an LSP, steer the LSP through certain location in the network and much more. When you create several LSPs towards the same destination router, prefixes using that router as a next-hop are... [Read More]
Tags: juniper

Basic BGP import filtering example on Junos OS

What your BGP peers decide to advertise is out of your control. What you accept is not. This is a short article on basic route-filtering using Junos. The focus here is on a BGP import policy for public peering. Let’s start of by rejecting all 0.0.0.0/x routes: [Read More]
Tags: juniper

Junos and all things syslog

This article is about Junos and all things syslog. I'll go over several examples showing you what you can configure under the [ system syslog ] stanza. Parts of the examples I use here are based on what I think can benefit a device running Junos OS. I'll cover logging... [Read More]
Tags: juniper

Juniper OSPFv3 IPsec authentication

Though the OSPFv3 protocol does not offer a built-in authentication method, IPsec can be used to secure protocol exchanges between devices running OSPFv3. To authenticate OSPFv3 on a Juniper device, you first start out with the configuration of a Security Association (SA). The SA describes how the devices will communicate... [Read More]
Tags: juniper

Juniper MX and RSVP refresh reduction

The past few weeks I have been working on the replacement of several core nodes. After finally installing the last MX, I wanted revise several configurations that were applied. One of the configurations that I revised was the configuration used in the RSVP stanza. I ‘optimized’ it by implementing RSVP... [Read More]
Tags: juniper mpls rsvp