Filter-Based Forwarding (FBF) or (for some vendor is also called Policy Based Routing (PBR)) is a simple method to route IP traffic to different interfaces on the basis of Layer 3 parameters (e.g. source or destination IP) or Layer 4 parameters (source or destination ports). Example: Objective: – to configure R1 to forward traffic originating from HostX under 10.10.1.0/24 to use ISP-X to reach Server 20.20.20.1 – to configure R1 to forward traffic originating form HostY under 10.20.1.0/24 to use…
Category: <span>Juniper</span>
uRPF or Unicast Reverse Path Forwarding is a security feature/tool that help verifies reachability of source address in packets being forwarded. It can prevents malicious and spoofing attacks as it will perform forwarding table lookup on the source IP address. – it as defined in RFC3704 – it follows RFC2827 for ingress filtering. – it relies on the CEF (Cisco Express Forwarding) or FIB table to perform lookups. – preferably implemented at the network edge facing internet, customers and servers…
Here are sample static route configuration on Juniper routers such as MX and QFX series. 1.Configure IPv4 default route to next hop 192.168.10.3 set routing-options static route 0.0.0.0/0 next-hop 192.168.10.3 2.Configure IPv4 default route to next hop 192.168.10.3 via management port set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 192.168.10.3 3. Configure IPv4 for 192.168.0.0/16 range to Null interface (e.g. for BGP advertisement) set routing-options static route 192.168.0.0/16 discard 4. .Configure IPv6 default route to next hop…
These are the some commands being used when performing network change or maintenance, depending on the features or services being run in the network. Typically, this is very useful in verification, troubleshooting and comparison between before and after the change. #Log Time set cli timestamp set cli screen-width 200 show ntp associations no-resolve | no-more show ntp status no-resolve | no-more ## Hardware Status show chassis hardware | no-more show chassis hardware clei-models | no-more show chassis hardware detail |…
As mentioned from the previous post, Bogon prefixes or routes should never appear in the Internet routing table. Network Engineers should implement “Best Practices” in their network, that includes filtering of bogons as it maybe used in DDoS attacks or Spams. Refer to https://freenetworktutorials.com/ipv4-and-ipv6-bogon-address-list for more info. “Martians” bogons may changed occasionally so at least make sure private address mentioned in https://freenetworktutorials.com/ipv4-classful-and-reserved-addresses are filtered so it wont leak out into the Internet. Here is sample steps and configuration. (This is the equivalent configuration…
Here’s the Cisco IOS-XR commands vs Juniper OS commands Cisco IOS-XR Juniper OS BASIC show show | include | match ..formal | display set configure configure/edit shutdown disable no shutdown delete interface <interface> disable no delete clear clear show running-config show configuration show version show version show tech-support request support information show configuration (after change) show | compare (after change) clear counters <interface> clear interface…
Leave a Comment