Category: <span>Juniper</span>

Filter-Based Forwarding (FBF) or (for some vendor is also called Policy Based Routing (PBR)) is a simple method to route IP traffic to different interfaces on the basis of Layer 3 parameters (e.g. source or destination IP) or Layer 4 parameters (source or destination ports). Example: Objective: – to configure R1 to forward traffic originating from HostX under 10.10.1.0/24 to use ISP-X to reach Server 20.20.20.1 – to configure R1 to forward traffic originating form HostY under 10.20.1.0/24 to use…

Juniper

Here’s the sample configuration for setting up the management port for different router platforms using static route. Assuming we have this IP configuration:RSP0/RE0 Physical IP : 10.10.10.98/24RSP1/RE1 Physical IP: 10.10.10.99/24 Virtual IP: 10.10.10.100/24 Gateway: 10.10.10.1/24 Note: It is advisable to connect the management plane connectivity to another network separate from data/voice network. Steps Cisco IOS-XR Cisco NX-OS Juniper OS Huawei Create VRF #vrf management#vrf management description MNGMT#vrf management address-family ipv4 unicast N/A #set system management-instance#set routing-instances mgmt_junos description MNGMT #ip…

Cisco Huawei Juniper

Scenario:2 physical interfaces bundled together (port-channel) and associated in the same vlan. Tested in:Cisco NexusJuniper EX Series Steps Cisco Juniper Configure 2 physical interfaces interface Ethernet1/1description Server Link#1switchportswitchport access vlan 888channel-group 99 mode activeno shutdown interface Ethernet2/1description Server Link#2switchportswitchport access vlan 888channel-group 99 mode activeno shutdown #set interfaces xe-0/0/0 description ” Server Link#1 “#set interfaces xe-0/0/0 gigether-options 802.3ad ae99 #set interfaces xe-1/0/0 description ” Server Link#2 “#set interfaces xe-1/0/0 gigether-options 802.3ad ae99 Configure the port-channel interface port-channel99description Server Port-channelswitchportswitchport access…

Cisco Juniper

This is a sample steps of migrating IP configuration from physical interface to bundle interface. Take note that this may result service impact during the migration as the existing interface need to be shutdown and re-configure. Remember to shift your traffic prior with the maintenance. Existing Config: freenetwork@MX1-re0> show configuration interfaces et-0/0/1 description “Link to Switch1”; unit 0 { family inet { address 192.168.0.1/24; } family inet6 { address fdf8:d3f5:1a47:bc09::1/64; } Fig.1 Shutdown the physical interface and remove existing configuration…

Juniper

uRPF or Unicast Reverse Path Forwarding is a security feature/tool that help verifies reachability of source address in packets being forwarded. It can prevents malicious and spoofing attacks as it will perform forwarding table lookup on the source IP address. – it as defined in RFC3704 – it follows RFC2827 for ingress filtering. –  it relies on the CEF (Cisco Express Forwarding) or FIB table to perform lookups. – preferably implemented at the network edge facing internet, customers and servers…

Juniper

Here are sample static route configuration on Juniper routers such as MX and QFX series. 1.Configure IPv4 default route to next hop 192.168.10.3 set routing-options static route 0.0.0.0/0 next-hop 192.168.10.3   2.Configure IPv4 default route to next hop 192.168.10.3 via management port set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 192.168.10.3   3. Configure IPv4 for 192.168.0.0/16 range to Null interface (e.g. for BGP advertisement) set routing-options static route 192.168.0.0/16 discard   4. .Configure IPv6 default route to next hop…

Juniper

These are the some commands being used when performing network change or maintenance, depending on the features or services being run in the network. Typically, this is very useful in verification, troubleshooting and comparison between before and after the change. #Log Time set cli timestamp set cli screen-width 200 show ntp associations no-resolve | no-more show ntp status no-resolve | no-more ## Hardware Status show chassis hardware | no-more show chassis hardware clei-models | no-more show chassis hardware detail |…

Juniper

It is recommended to implement the separation of management and data/customer traffic in your Juniper devices (e.g. QFX Series Switches, MX Series).  Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, implement central network management that can impose security protocol to…

Juniper

As mentioned from the previous post, Bogon prefixes or routes should never appear in the Internet routing table. Network Engineers should implement “Best Practices” in their network, that includes filtering of bogons as it maybe used in DDoS attacks or Spams. Refer to https://freenetworktutorials.com/ipv4-and-ipv6-bogon-address-list  for more info. “Martians” bogons may changed occasionally so at least make sure private address mentioned in https://freenetworktutorials.com/ipv4-classful-and-reserved-addresses are filtered so it wont leak out into the Internet. Here is sample steps and configuration. (This is the equivalent configuration…

Juniper

Here’s the Cisco IOS-XR commands vs Juniper OS commands Cisco IOS-XR Juniper OS BASIC show show     | include | match ..formal |       display set    configure        configure/edit shutdown      disable   no shutdown  delete interface <interface> disable     no        delete   clear  clear show running-config show configuration  show version show version    show tech-support request support information  show configuration (after change) show | compare (after change) clear counters <interface>  clear interface…

Cisco Juniper Networking