Border Gateway Protocol or BGP, is a gateway protocol that enables the Internet to exchange routing information between AS or Autonomous Systems. It is used by Large Enterprise and Service Providers. Here are the recommended Best Security Practices that need to be implemented on your Juniper Routers. Authentication need to be set for all peering using MD5 set protocols bgp group <group_name> authentication-key <MD5 key> There are few supported authentication that you can use aes-128-cmac-96 Cipher-based Message Authentication Code (AES128)…
Category: <span>Juniper</span>
Here are the sample steps on finding the interface where the host is connected based on IP address or MAC address on Juniper Routers. Scenario 1: IP address is given, find which interface it is connected IP address: 192.168.15.6 a. Find the routing entry for the IP to know where it is connected show route <IP> darwin@JUNIPER-re0> show route 192.168.15.6 inet.0: 3 destinations, 6 routes (3321 active, 0 holddown, 3 hidden) + = Active Route, – = Last Active, *…
Here’s the basic BGP (eBGP) configuration of connecting 3 different router vendors namely Huawei, Juniper and Cisco Routers. Assuming we connect via their physical interfaces and incoming and outgoing policies are basically allow all. Sample Configuration Huawei <Huawei>system-view Enter system view, return user view with return command. [~Huawei] interface GigabitEthernet1/0/0 description Connection to Cisco ip address 192.168.0.1 255.255.255.252 interface GigabitEthernet1/0/1 description Connection to Juniper ip address 192.168.1.1 255.255.255.252 xpl route-filter Cisco-Import approve end-filter xpl route-filter Cisco-Export approve end-filter xpl route-filter…
Filter-Based Forwarding (FBF) or (for some vendor is also called Policy Based Routing (PBR)) is a simple method to route IP traffic to different interfaces on the basis of Layer 3 parameters (e.g. source or destination IP) or Layer 4 parameters (source or destination ports). Example: Objective: – to configure R1 to forward traffic originating from HostX under 10.10.1.0/24 to use ISP-X to reach Server 20.20.20.1 – to configure R1 to forward traffic originating form HostY under 10.20.1.0/24 to use…
uRPF or Unicast Reverse Path Forwarding is a security feature/tool that help verifies reachability of source address in packets being forwarded. It can prevents malicious and spoofing attacks as it will perform forwarding table lookup on the source IP address. – it as defined in RFC3704 – it follows RFC2827 for ingress filtering. – it relies on the CEF (Cisco Express Forwarding) or FIB table to perform lookups. – preferably implemented at the network edge facing internet, customers and servers…
Here are sample static route configuration on Juniper routers such as MX and QFX series. 1.Configure IPv4 default route to next hop 192.168.10.3 set routing-options static route 0.0.0.0/0 next-hop 192.168.10.3 2.Configure IPv4 default route to next hop 192.168.10.3 via management port set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 192.168.10.3 3. Configure IPv4 for 192.168.0.0/16 range to Null interface (e.g. for BGP advertisement) set routing-options static route 192.168.0.0/16 discard 4. .Configure IPv6 default route to next hop…
These are the some commands being used when performing network change or maintenance, depending on the features or services being run in the network. Typically, this is very useful in verification, troubleshooting and comparison between before and after the change. #Log Time set cli timestamp set cli screen-width 200 show ntp associations no-resolve | no-more show ntp status no-resolve | no-more ## Hardware Status show chassis hardware | no-more show chassis hardware clei-models | no-more show chassis hardware detail |…
Leave a Comment