Words

Posted on October 2, 2015

LSPs can be configured with a whole variety of characteristics. You can police traffic that is send onto an LSP, steer the LSP through certain location in the network and much more. When you create several LSPs towards the same destination router, prefixes using that router as a next-hop are... [Read More]

Posted on September 28, 2015

What your BGP peers decide to advertise is out of your control. What you accept is not. This is a short article on basic route-filtering using Junos. The focus here is on a BGP import policy for public peering. Let’s start of by rejecting all 0.0.0.0/x routes: [Read More]

Posted on September 21, 2015

[Read More]

Posted on September 4, 2015

This article is about Junos and all things syslog. I'll go over several examples showing you what you can configure under the [ system syslog ] stanza. Parts of the examples I use here are based on what I think can benefit a device running Junos OS. I'll cover logging... [Read More]

Posted on August 26, 2015

Though the OSPFv3 protocol does not offer a built-in authentication method, IPsec can be used to secure protocol exchanges between devices running OSPFv3. To authenticate OSPFv3 on a Juniper device, you first start out with the configuration of a Security Association (SA). The SA describes how the devices will communicate... [Read More]

Posted on August 12, 2015

The past few weeks I have been working on the replacement of several core nodes. After finally installing the last MX, I wanted revise several configurations that were applied. One of the configurations that I revised was the configuration used in the RSVP stanza. I ‘optimized’ it by implementing RSVP... [Read More]

Posted on August 1, 2015

Recently, I’ve been having some fun with the vSRX. I wanted to share the lab I created so others can see how easy it is to get things going with the vSRX. The vSRX doesn’t require a lot of resources and it is a really nice way to get acquainted... [Read More]

Posted on July 28, 2015

After creating a single-homed layer 2 EVPN here, let’s add some layer 3 routing and see in what way EVPN can benefit the datacenter. But first, have a look at a situation wherein a VPLS is connecting two data centers together: [Read More]

Posted on July 26, 2015

For a while now I wanted to try out EVPN on the MX. I decided to go for the easiest of scenarios that EVPN has to offer: a single-homed VLAN-based EVPN: [Read More]

Posted on July 23, 2015

Turning on IPFIX (IP Flow Information Export) on Juniper MX is a good idea if you want to know what’s going on. Not only can it provide you with a tremendous insight into the traffic traversing your network, you can also use the information provided by IPFIX to automatically divert... [Read More]

Posted on June 29, 2015

Connecting other parts of the network to the VCF in a redundant way using Link Aggregation Groups (LAG) is very easy. A LAG can combine several Ethernet interfaces into a single logical link called an Aggregate Ethernet (AE) interface. When you are running a VCF, you’d best spread a LAG... [Read More]

Posted on June 28, 2015

Having to deal with a network edge that organically grew as time passed, evolving into an ever more complicated constellation of switches, is frustrating. Looming in the back of my mind were choices made in a past I had no part of. Those choices strained growth and frustrated my attempt... [Read More]

Posted on June 17, 2015

Today I configured an IPsec VPN between a Huawei AR1220F and a Juniper M104. I wanted to keep the configuration around for future reference. The configuration on a Huawei is rather straightforward. To put the Huawei AR IPsec configuration in a picture: [Read More]

Posted on June 15, 2015

[Read More]

Posted on June 14, 2015

In this example, a server running BIRD will function as a route-reflector for two MX-routers: [Read More]

Posted on May 27, 2015

Juniper MX routers, except for the MX80, are capable of having two routing-engines (RE). In this article, I’ll configure an MX480 with some of the high-availability features offered by Junos. By using these features, you can decrease the downtime normally associated with a RE failure to an absolute minimum. Hardware... [Read More]

Posted on May 20, 2015

Of course, you need to allow RSVP in the firewall filter you are using to protect the routing-engine. The book 'Juniper MX series' covers this very in-depth in chapter 4. It offers a very extensive guide or example on how you could go about building a proper firewall filter to... [Read More]

Posted on May 18, 2015

After covering link-protection and node-link-protection here, I realized that I forgot one aspect. You can make Junos install the pre-signaled bypass LSP into the forwarding table. This is done by configuring a policy and by applying that policy under the [routing-options forwarding-table export ] stanza. A short example; [Read More]

Posted on May 17, 2015

Protecting LSPs in an MPLS enabled network can save quite some downtime whenever a link or a node in your network fails. In this article, we’ll go through the configuration of both link-protection and node-link-protection. We’ll configure it for the following scenario: [Read More]

Posted on May 17, 2015

This is the complete configuration used in Link-protection and node-link-protection on Juniper MX and several other articles. The routers in the topology drawing are all logical systems. The routers are running IS-IS. All interfaces are MPLS and RSVP-enabled. Under the RSVP configuration, there are also the ‘aggregate’ and the ‘reliable’... [Read More]

Posted on May 14, 2015

Traffic sent across RSVP-signaled LSPs without any additional configuration is susceptible to quite some down-time when a node or a link in the network fails. In a previous article here, I made an LSP more robust by configuring a primary and a secondary LSP. Let’s further enhance the LSP by... [Read More]

Posted on May 13, 2015

A failure somewhere in the network can cause for traffic traversing an RSVP-signaled LSP to drop. Several possibilities exist to reduce the impact a failure can have on RSVP-signaled LSPs. This article is about the creation of a secondary standby path in order to reduce downtime that is incurred upon... [Read More]

Posted on May 12, 2015

This is a quick and short article on how to perform vlan-swapping on a Juniper QFX5100. I was used to tunneling vlans in a QFX5100 by using the push-operation available through a vlan-map. With this in mind I was struggling to get vlan translation on the QFX5100 working. I was... [Read More]

Posted on May 12, 2015

This article is about the basic configuration on how to get an RSVP signaled MPLS LSP (label-switched path) working on a Juniper MX router. The focus will be on the minimum amount of configuration needed to create LSPs between the Tiberius and the Commodus router: [Read More]

Posted on April 2, 2015

This is an example on using the OSPF sham link in a BGP signaled MPLS VPN. The scenario is as follows: [Read More]

Posted on February 28, 2015

These notes cover CoS on Juniper devices. The list of topics covered here correspond to the JNCIP-SP exam objectives. One objective is missing. I will cover the 'Given a scenario, demonstrate knowledge of how to configure and monitor CoS' somewhere else. [Read More]

Posted on January 29, 2015

Policing, also known as rate-limiting, can be used as an instrument to control how much traffic is allowed to flow in a certain direction. In Juniper, you can do this by using a policer as an action in a firewall filter. This article is about the configuration of two simple... [Read More]

Posted on January 26, 2015

This article offers some insight into how you could decide to build a multihomed Layer 3 IP VPN or Layer 3 MPLS VPN. First I’ll go over the topology. After this, you will find the PE and CPE configuration. I’ll end with some verification and show commands. The topology: [Read More]

Posted on January 22, 2015

A QFX5100 allows for dot1q-tunneling, or Q-in-Q. If you ever configured dot1q-tunneling on an EX-switch, this configuration differs a lot from what you may be used to. This article offers an attempt to clarify and explain the configuration of a dot1q-tunnel on a standalone QFX5100 without an enhanced feature license.... [Read More]

Posted on January 19, 2015

This article explains how you can analyze the forwarding table on Junos. On this lab, I altered several metrics to make the traffic flow look like this: [Read More]