Border Gateway Protocol or BGP, is a gateway protocol that enables the Internet to exchange routing information between AS or Autonomous Systems. It is used by Large Enterprise and Service Providers. Here are the recommended Best Security Practices that need to be implemented on your Juniper Routers. Authentication need to be set for all peering using MD5 set protocols bgp group <group_name> authentication-key <MD5 key> There are few supported authentication that you can use aes-128-cmac-96 Cipher-based Message Authentication Code (AES128)…
Tag: <span>Juniper</span>
Here are the sample steps on finding the interface where the host is connected based on IP address or MAC address on Juniper Routers. Scenario 1: IP address is given, find which interface it is connected IP address: 192.168.15.6 a. Find the routing entry for the IP to know where it is connected show route <IP> darwin@JUNIPER-re0> show route 192.168.15.6 inet.0: 3 destinations, 6 routes (3321 active, 0 holddown, 3 hidden) + = Active Route, – = Last Active, *…
Here’s the basic BGP (eBGP) configuration of connecting 3 different router vendors namely Huawei, Juniper and Cisco Routers. Assuming we connect via their physical interfaces and incoming and outgoing policies are basically allow all. Sample Configuration Huawei <Huawei>system-view Enter system view, return user view with return command. [~Huawei] interface GigabitEthernet1/0/0 description Connection to Cisco ip address 192.168.0.1 255.255.255.252 interface GigabitEthernet1/0/1 description Connection to Juniper ip address 192.168.1.1 255.255.255.252 xpl route-filter Cisco-Import approve end-filter xpl route-filter Cisco-Export approve end-filter xpl route-filter…
uRPF or Unicast Reverse Path Forwarding is a security feature/tool that help verifies reachability of source address in packets being forwarded. It can prevents malicious and spoofing attacks as it will perform forwarding table lookup on the source IP address. – it as defined in RFC3704 – it follows RFC2827 for ingress filtering. – it relies on the CEF (Cisco Express Forwarding) or FIB table to perform lookups. – preferably implemented at the network edge facing internet, customers and servers…
These are the some commands being used when performing network change or maintenance, depending on the features or services being run in the network. Typically, this is very useful in verification, troubleshooting and comparison between before and after the change. #Log Time set cli timestamp set cli screen-width 200 show ntp associations no-resolve | no-more show ntp status no-resolve | no-more ## Hardware Status show chassis hardware | no-more show chassis hardware clei-models | no-more show chassis hardware detail |…
As mentioned from the previous post, Bogon prefixes or routes should never appear in the Internet routing table. Network Engineers should implement “Best Practices” in their network, that includes filtering of bogons as it maybe used in DDoS attacks or Spams. Refer to https://freenetworktutorials.com/ipv4-and-ipv6-bogon-address-list for more info. “Martians” bogons may changed occasionally so at least make sure private address mentioned in https://freenetworktutorials.com/ipv4-classful-and-reserved-addresses are filtered so it wont leak out into the Internet. Here is sample steps and configuration. (This is the equivalent configuration…
Leave a Comment