These are the some commands being used when performing network change or maintenance, depending on the features or services being run in the network. Typically, this is very useful in verification, troubleshooting and comparison between before and after the change. #Log Time set cli timestamp set cli screen-width 200 show ntp associations no-resolve | no-more show ntp status no-resolve | no-more ## Hardware Status show chassis hardware | no-more show chassis hardware clei-models | no-more show chassis hardware detail |…
Tag: <span>Juniper</span>
As mentioned from the previous post, Bogon prefixes or routes should never appear in the Internet routing table. Network Engineers should implement “Best Practices” in their network, that includes filtering of bogons as it maybe used in DDoS attacks or Spams. Refer to https://freenetworktutorials.com/ipv4-and-ipv6-bogon-address-list for more info. “Martians” bogons may changed occasionally so at least make sure private address mentioned in https://freenetworktutorials.com/ipv4-classful-and-reserved-addresses are filtered so it wont leak out into the Internet. Here is sample steps and configuration. (This is the equivalent configuration…
In routing world, Administrative Distance refers to the reliability of the routing protocol. It is equivalent to Juniper’s Route Preference and Huawei’s Preference. It is important to consider these values as in the scenario that there are multiple routes to a destination (with same prefix length), the route (learned via the routing protocol) with the lowest value is preferred. Table below will show the values for respective platform. Routing Protocol Cisco(AD) Juniper (RP) Huawei(P) Connected Interface 0 0 0…
Static Route Configuration Examples in Juniper for BGP aggregated prefix advertisements In order to advertise the aggregated routes (and default routes) via BGP, it should exists in the routing table, that’s the #1 rule. If these summarized routes (/16) are not existing and only smaller subnets are learned via the IGP(e.g. OSPF,IS-IS), then configure static route and next hop e.g. Null0. Configuration: routing-options { graceful-restart; rib inet6.0 { static { route fd41:c8be:2153:f400::/64 discard; route ::0/0 { discard; no-install; static {…
Originating BGP advertisement can be configured to any iBGP peer router. Here’s the sample configuration of originating BGP routes and community tagging in Juniper. Assuming these are the summarized prefixes that you want to advertise via BGP. 111.111.0.0/16 222.222.0.0/16 Configuration: routing-options { graceful-restart; router-id 1.1.1.1; autonomous-system 11111; protocols { bgp { group RR-IBGP { type internal; description RR-IPv4; local-address 192.168.100.6; family inet { unicast; } authentication-key “$1$N3tBioBwfdFsFVwgoGDh.3C0oL”; ## SECRET-DATA export bgp-statement; neighbor 192.168.100.5 { description iBGP to Route Reflector; }…
Here’s some Best practices that you can implement in Juniper devices in securing your SSH. 1.Remote access should be via SSH and telnet is disabled delete system services telnet 2. SSH should be version 2 or higher. Do not run v1 set system services ssh protocol-version v2 3. Configure Login Banner set system login message “\n*************************************************************************\n UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED\n\nYou must have explicit, authorized permission to access or configure this \ndevice.Unauthorized attempts and…
Configuration: IPv4: Route the block (1.1.1.0/24) to next hop 2.2.2.1 with metric 255 user@MX-re0>configure #set routing-options static route 1.1.1.0/24 next-hop 2.2.2.1 #set routing-options static route 1.1.1.0/24 metric 255 Optional: Set comment using annotate command #edit routing-options static #annotate route 1.1.1.0/24 “/* STATIC ROUTE IPv4*/” Commit #commit It will look something like this: user@MX-re0>> show configuration routing-options static /* STATIC ROUTE IPv4*/ route 1.1.1.0/24 { next-hop 2.2.2.1; metric 255; IPv6: Route the block (2000:2000:2000::/56 ) to next hop 2006:3006:1:234:5:6:78:90ab with metric…
100G transceivers have been around for few years already and it is getting affordable since 2016 I guess, and it is now practical to shift to 100G instead of burning N x 10GEs. To see more info about 100G transmission principles, I find this link very informative -> https://community.fs.com/blog/understand-100g-transceivers-transmission-principles.html Here are sample 100G transceivers we deployed in our datacenters, it really depends on what type of vendor or hardware you have, but the most popular now is the QSFPs Juniper QSFP-100GBASE-LR4…
One Comment