Home

Quick-Series 33 – Wildcard Range? Very Efficient

Leave a comment

Hi,

When you have to scale the configuration be it number of static routes for some testing or be it for preparing for your certain certification exams, manual method is to use a notepad write down the number of static routes, a next smarter way may be is to use a excel sheet/scripting language.

Task – Configure 10 static routes ranging from 1.0.0.0/24 to 1.0.10.0/24 with next-hop as reject

Junos offers a convenient way to do this, here is how

 

If you need to learn more about wildcard follow the below Juniper networks link

https://www.juniper.net/techpubs/en_US/junos/topics/example/junos-cli-wildcard-range-configuring.html

 

Hope this helps your preparation

 

Regards

Rakesh M

Advertisements

Quick-Series 32 – Differentiate between 10g / 100g Physically ? Here you Go

2 Comments

Hi,

I was trying to swap 100Gig Circuits during a Migration and I was confused differentiating between a 10G and 100G port since there are many routers and Many combinations within the network

Hardware – MPC7E – Juniper Networks with Mx960

Quick way to Identify


request chassis port-led (start | stop) fpc-slot fpc-slot-number pic-slot pic-slot-number port (port-number| all-10g | all-40g | all-100g | all-port) duration duration

Let us see it from the Routers Perspective.

 

Step 1 – Finding the Line cards available on the system.

 

1

 

Step 2 – Executing the command

 

2

 

This makes life much easier even if it is you or any remote technician who visits for a fiber swap or commissioning of a New 10/100 Gig Circuit effortlessly but yes you can see the configuration from [edit chassis] to know which port has what speed, but hey who doesn’t want a Good Night show on a Router 🙂

Quick Series 31 – Getting started with PYEZ – Step 1 to automate your Data Collection

Leave a comment

Hi,

Following the post on installing PYEZ

https://r2079.wordpress.com/2016/06/28/pyez-first-impressions-installation/

Let us explore a very simple program which connects to the box and gets the version from the box

Step 1 – Configure the Device to accept Device – You do this by configuring NETCONF SSH under system services

1

Let’s look at how PYEZ Code looks. Am using a Ubuntu Linux which is on my Local LAN.

#########################################################################

from jnpr.junos import Device
import sys
from pprint import pprint
dev = Device(‘10.0.0.1′,user=’labroot’,password=’lab123′)
try:
dev.open()
except Exception as err:
print “Unable to connect to Device”, err
sys.exit(1)
print “\n#################################”
print “\n Successfully Connected to M120”
print “\n#################################”

print “\n \n show version | no-more”

print dev.cli(“show version | no-more”)

dev.close()

print “\n#############################################”
print “\nConnection with M120 Terminated Successfully”
print “\n#############################################”

print “\n \n END OF THE PROGRAM”

####################################################################

Let us try to execute the program.

2

You could improvise more on this by simply adding a RAW_INPUT function and then Program will ask for IP Address and will feed it to the system, than you feeding it manually. Below code will help you for the same.

####################################################################

from jnpr.junos import Device
import sys
from pprint import pprint
d = raw_input(“\n ENTER THE IP ADDRESS OF THE DEVICE: “) #Adding this would now make the program to request you for an IP address
dev = Device(d,user=’labroot’,password=’lab123′)
try:
dev.open()
except Exception as err:
print “Unable to connect to Device”, err
sys.exit(1)
print “\n \n show chassis hardware detail”

print dev.cli(“request support information | no-more”)
print dev.cli(“show log messages | no-more”)
print dev.cli(“show log chassisd | no-more”)

dev.close()
print “\n END OF THE PROGRAM”

####################################################################

We will see more of PYEZ and underlying functions in subsequent posts.

Regards
Rakesh M

BGP Group Split – Applying an Export policy Flaps the Neighbor – Juniper

Leave a comment

Hi,

Someone new to Juniper  Deployment might find this somewhat strange. The BGP neighbor flaps when BGP policies are applied at Neighbor level but not at their Group Level

Topology

————————————

R2 (9.9.23.2)——R3(9.9.23.3)

(9.9.12.2)

|

R1

(9.9.12.1)

—————————————

Both Neighbors are configured at [group] level

 

1

Now, let us add a Export Policy at neighbor level and see how it modifies the “show bgp group”

2

Lets see the output , how the BGP groups are split at neighbor level.

3

 

The above behavior is expected in a Juniper Networks Router by Design and is not a Anamoly.

Regards

Rakesh M

 

 

 

 

What is EXA-BGP ?

Leave a comment

Going through POC testing and application procedures, I came accross EXA-BGP, I have to say it is too easy and very powerful to deploy, I could deploy this in 5 minutes and started exchanging routes with my MX or any box for that matter, do give this a try, its easy I promise.

What is EXABGP ?

ExaBGP is a new application designed to provide an easy way for programmers and system administrators to interact with BGP networks. The program is designed to allow the injection of arbitrary routes into a network, including IPv6 and FlowSpec.

https://labs.ripe.net/Members/thomas_mangin/content-exabgp-new-tool-interact-bgp

CONFIGURING EXABGP on *nix system

I have a Linux system based on Ubuntu Distro, but it should be similar for any *Nix system

  • You need to have pip
  • You need to install Exabgp via pip

$ sudo apt-get install python-pip python-dev build-essential

I already have it installed, out differs if you are installing it for the first time

1

Next install Exabgp via  python, again I already have the package installed, output would vary for you

2

Configuring EXABGP

You need to have a conf.ini file similar to below, but you can get good examples from the initial link which I have pasted

3

Here – My Neighbor is a VMX with address 192.168.1.17 and Peer-as 100. Everything I have left at defaults for Family negotiations which will make EXA to advertise all the families available, we will see that in the other output file.

4

The Below slides show us how EXABGP output looks like, if you observe carefully, EXABGP is exchanging all Family parameters at Default and Vmx has received the request for All Families and GR capability.

5

6

There are Many applications of EXABGP, and when this is combined with Python may be related to “BGP Swiss Army Knife”, I will have more examples combined for this powerful tool which is widely deployed by customers, clearly for its ease of use and Power as well.

Regards

Rakesh M

RSVP MTU-Signaling ? How does it do ? Refresher

Leave a comment

Hi,

Below is a topology for RSVP LSP. As you can see MTU is varied across the path.

 

1

Drawbacks

-> Possible Black-hole when we receive high traffic Egress on R7 towards R1 with higher MTU on what link supports.

 

How do we avoid it, if it is RSVP Setup LSP

To understand better,  first we need to understand what RSVP uses to communicate MTU value then decide upon what is the lowest MTU value.

Two main objects would be

ADSPEC  – Relate to advertisement – Hence associate with PATH message

FLOWSPEC – Relate to Confirmation – Hence associate with RESV message

 

Digging Deeper , let see a screen shot on how it looks like, one simple thing, even the smallest value has to be advertised nothing is Magical per se 🙂

2

Lets see the flow-spec return

3

Let have a look at the command line at each and every hop, Its interesting to see how Ingress/Transit/Egress routers interpret the Spec

 

At Ingress

We have sent Adspec requesting 1015, we have received Path MTU 1015 – so far so good

4

At transit – Received 1015 / sent back 1015

5

At Egress – Adspec Received is 1015

6

 

I am changing mtu to 1001 in between the path, D1 should have this recognized , this is the last step. Fantastic we see that we have received path MTU to be 1001 , which is the lowest through out the path.

7

 

Regards

Rakesh M

 

 

 

 

 

 

 

 

 

 

BFD – High Level Working – Discriminator ?

1 Comment

Hi,

When testing in lab network for one of the customer environment reproduction, I Wanted to see what exactly BFD packet looked like to understand more about its behavior.

R1(9.9.12.1)—————–bfd(50ms, multipler 3)————-(9.9.12.2)R2

so to start with, I was working on a Juniper device block and here are the bfd session which are established. I have put it down simply to logical-systems but Idea is still the same.

I wanted first to monitor traffic, but no luck

1

At this point, we might start to be wondering why we don’t see BFD packets on the interface capture at all, the reason is simple, Juniper implements this much lower than the RE which is at line-card level, hence any capture on this would not work.

So, In order to capture the packets, I will go ahead and disable inline and delegation, these two are out of topic for this blog entry and lets keep it simple just by saying that disabling these two will help us in capturing packets at control plane level. Needless to say, dont do anything of this sort in production. we have to clear the session for these to take effect.

2

Lets now see if our interface can  capture BFD Packets and we see it , fantastic

3

Digging deep into the packet, I have done a packet-capture and have written it for a pcap. Also i have flapped the BFD session by writing a firewall filter and applying it to an interface

4

BFD, exchanges Hello, Discriminators for the session and also various timers, first let us see what are these in the command line then we will have seen in the packet capture, discriminators converted to hex, just keep this noted.

5

Let see the packet captures, control plane packet is destined for 3784 port, single-hop BFD and Discriminators are in HEX which are exchanged to keep the track of session.

6

Seeing, How the session down is advertised after firewall filter is applied

7

Bfd detected this by Session-state 0x1 Down  / Discriminator of neighbor set to 0x0 and from the message its clear that it detected that Control timer expired.

Bfd may  be a simple protocol but it can be very tough to troubleshoot for the same reason of being light weight ;), so next time if BFD goes down look out for these parameters and how they effect your session capture.

Regards

Rakesh M

 

 

 

 

Older Entries Newer Entries