Free Network Posts

Static Route Configuration Examples in Juniper for BGP Aggregated Prefix

Static Route Configuration Examples in Juniper for BGP aggregated prefix advertisements In order to advertise the aggregated routes (and default routes) via BGP, it should exists in the routing table, that’s the #1 rule. If these summarized routes (/16) are not existing and only smaller subnets are learned via the IGP(e.g. OSPF,IS-IS), then configure static route and next hop e.g. Null0. Configuration: routing-options { graceful-restart; rib inet6.0 { static { route fd41:c8be:2153:f400::/64 discard; route ::0/0 { discard; no-install; static {…

Read MoreStatic Route Configuration Examples in Juniper for BGP Aggregated Prefix

Juniper

BGP Juniper Routing Static

One Comment

Originating BGP advertisements and BGP community tagging in Juniper

Originating BGP advertisement can be configured to any iBGP peer router. Here’s the sample configuration of originating BGP routes and community tagging in Juniper. Assuming these are the summarized prefixes that you want to advertise via BGP. 111.111.0.0/16 222.222.0.0/16 Configuration: routing-options { graceful-restart; router-id 1.1.1.1; autonomous-system 11111; protocols { bgp { group RR-IBGP { type internal; description RR-IPv4; local-address 192.168.100.6; family inet { unicast; } authentication-key “$1$N3tBioBwfdFsFVwgoGDh.3C0oL”; ## SECRET-DATA export bgp-statement; neighbor 192.168.100.5 { description iBGP to Route Reflector; }…

Read MoreOriginating BGP advertisements and BGP community tagging in Juniper

Juniper

BGP community Juniper

Leave a Comment

Checking TX / RX optical power in Juniper (JunOS)

Checking TX / RX optical power for Juniper Routers For checking transmission links, it is good to know how to find out the optical power for troubleshooting and making sure the desired or optimal range is meet. Here is the sample command for checking the TX/RX optical power show interfaces diagnostics optics <interface-name> Sample Output for 10GE interface: darwin@JUNOS-re0> show interfaces diagnostics optics xe-3/0/1 Physical interface: xe-3/0/16 Laser bias current : 41.590 mA Laser output power : 0.7150 mW /…

Read MoreChecking TX / RX optical power in Juniper (JunOS)

Juniper

optical

One Comment

Best Security Practices for SSH (Secure Shell) Remote Access in Juniper

Here’s some Best practices that you can implement in Juniper devices in securing your SSH. 1.Remote access should be via SSH and telnet is disabled delete system services telnet   2. SSH should be version 2 or higher. Do not run v1 set system services ssh protocol-version v2   3. Configure Login Banner set system login message “\n*************************************************************************\n       UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED\n\nYou must have explicit, authorized permission to access or configure this \ndevice.Unauthorized attempts and…

Read MoreBest Security Practices for SSH (Secure Shell) Remote Access in Juniper

Juniper

best practice Juniper

One Comment

Best Security Practices for SSH (Secure Shell) Remote Access in Cisco

1.Remote access should be via SSH and telnet is disabled IOS-XR: no telnet ipv4 server Nexus OS: no feature telnet feature ssh feature tacacs+ 2. SSH should be version 2 or higher. Do not run v1. IOS-XR: ssh server v2 ssh server vrf management Nexus OS: ssh server v2 ssh server vrf management ssh timeout 60 3. Configure SSH logging IOS-XR: ssh server logging 4. Configure Login Banner IOS-XR: banner login ^C *************************************************************************         UNAUTHORIZED ACCESS TO…

Read MoreBest Security Practices for SSH (Secure Shell) Remote Access in Cisco

Cisco

best practice Cisco

3 Comments

Sample IS-IS Configuration in Cisco IOS-XR, IOS and Nexus OS

Here’s the sample IS-IS dynamic routing configuration in different Cisco platforms. Fig.1   IOS-XR Configure Loopback interface Loopback0 ipv4 address 172.16.2.1 255.255.255.255 ipv6 address fdfe:abcd:ef12:0:172:16:2:1/128 ipv6 enable Configure P2P IP interface Gi0/0/0/0 description Connection to IOS Fa0/0 ipv4 address 172.17.0.1 255.255.255.252 ipv4 verify unicast source reachable-via any ipv4 unreachables disable ipv6 nd suppress-ra ipv6 verify unicast source reachable-via any ipv6 address fdfe:ab12:cd34:a00:1::/127 ipv6 enable ipv6 unreachables disable load-interval 30 dampening interface Gi0/0/0/1 description Connection to NX-OS E1/1 ipv4 address 172.18.0.1…

Read MoreSample IS-IS Configuration in Cisco IOS-XR, IOS and Nexus OS

Cisco

Cisco ISIS Routing

Leave a Comment

Troubleshooting (Debugging) BGP in Juniper using Traceoptions

The “traceoptions” statement in Juniper let you debug BGP protocol issues. If cannot connect BGP peering, you can set the “traceoptions” to understand further about the issue. 1. Configure “traceoptions” and name the log as debug-bgp set protocols bgp group BGP-GROUP1 traceoptions file debug-bgp set protocols bgp group BGP-GROUP1traceoptions file size 1m set protocols bgp group BGP-GROUP1 traceoptions file files 2 set protocols bgp group BGP-GROUP1 traceoptions flag all commit where: max trace file size = 1m max trace files…

Read MoreTroubleshooting (Debugging) BGP in Juniper using Traceoptions

Juniper

BGP debug Juniper traceoptions

Leave a Comment

IPv4 and IPv6 Static Route Configuration in Juniper

Here’s a sample IPv4 and IPv6 Static Route Configuration in Juniper Routers Configuration: IPv4: Route the block (1.1.1.0/24) to next hop  2.2.2.1 with metric 255 user@MX-re0>configure #set routing-options static route 1.1.1.0/24 next-hop 2.2.2.1 #set routing-options static route 1.1.1.0/24 metric 255 Optional: Set comment using annotate command #edit routing-options static #annotate route  1.1.1.0/24  “/* STATIC ROUTE IPv4*/” Commit #commit It will look something like this: user@MX-re0>> show configuration routing-options static /* STATIC ROUTE IPv4*/ route 1.1.1.0/24  {     next-hop 2.2.2.1;    …

Read MoreIPv4 and IPv6 Static Route Configuration in Juniper

Juniper

Juniper Routing Static

Leave a Comment

Resetting Cisco ASR9000 Network Processor(NP)

Resetting Cisco ASR9000 Network Processor(NP) NP or network processor is the component on ASR9000 line cards that handle the feature processing of packets as they go through the system. Sample LC: ASR9K MOD160 RP/0/RSP0/CPU0:ASR9000#  show controller np ports all location 0/1/cpu0 Node: 0/0/CPU0: —————————————————————- NP Bridge Fia                       Ports — —— — ————————————————— 0  —     0   TenGigE0/0/0/0 – TenGigE0/0/0/1, TenGigE0/0/0/4 – TenGigE0/0/0/5 NP1 is down. 2  —     2   TenGigE0/0/1/0 – TenGigE0/0/1/1, TenGigE0/0/1/4 – TenGigE0/0/1/5 3  —     3   TenGigE0/0/1/2 – TenGigE0/0/1/3,…

Read MoreResetting Cisco ASR9000 Network Processor(NP)

Cisco

ASR9000

Leave a Comment

100G world

100G transceivers have been around for few years already and it is getting affordable since 2016 I guess, and it is now practical to shift to 100G instead of burning N x 10GEs.  To see more info about 100G transmission principles, I find this link very informative -> https://community.fs.com/blog/understand-100g-transceivers-transmission-principles.html Here are sample 100G transceivers we deployed in our datacenters, it really depends on what type of vendor or hardware you have, but the most popular now is the QSFPs Juniper QSFP-100GBASE-LR4…

Read More100G world

Networking

100G Cisco CPAK Juniper QSFP

Leave a Comment