Posts

Showing posts from 2014

[POC] Cisco vs Juniper running OSPF w/o Backbone Area 0

Image
As everyone knows that OSPFv2 is a standard routing protocol (http://www.ietf.org/rfc/rfc2328.txt), but not all vendors device will implement it exactly the same. Especially when the network scenario was not follow the standard design, then it might have different exceptional behavior in different vendor devices.

In order to compare the difference behavior between Cisco and Juniper. I designed a special OSPF topology just like below, so we can see Cisco and Juniper have different result of routing exchange behavior.

Learning JUNOS from IOS - Day3 (View/Modify Configuration)

Image
A bird in the hand is worth two in the bush
Day 3 - How to view or modify JUNOS configuration ?
Entering Configuration Mode When you stand behind an engineer, you can identify the engineer is Cisco or Juniper guy easily. 
Most cisco engineers like to use the command 'conf t' to enter configure mode of router or switch.

router> enable
Password:
router# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#


When you want to show any results, you don't need to exit to the privilege mode(#) to show it. You can leverage 'do' command to check the status.

router(config)# do sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1       10.17.14.195    YES manual up                    up      
GigabitEthernet2       unassigned      YES unset  administratively down down    
GigabitEthernet0       unassigned      YES manual up                    up      
Loopback0              5.5.5.5         YES m…

[POC] Junos script Operations Automation (op script) - show-bgp-policy

Image
Junos Script Automation is a powerful and flexible on-box toolset which provides customization of network behavior, adaption to what your application expects to configure, manage and diagnose if and when needed. It sits right above the Junos OS, with a northbound interface to Junos Space applications, and southbound access to Junos SDK applications and native management plane instrumentation. This customized programmable solution makes your application smarter and better in real-time.

In Juniper official website provides many script samples to match part of common requests. In my company, we deployed many inter-connections EBGP/IBGP between router or layer 3 switch. So I picked one op script from the JUNOS Script Library - show bgp policy: display all routing-policies in sequential order for a selected BGP peer.

Learning JUNOS from IOS - Day2 (Configuration Management)

Image
Configuration ManagementDay 2 - How to review router configuration ?In Cisco IOS, it has two default configuration files: 
(1) startup-config: is used for initialization of router boot up process (2) running-config. is the real-time concurrent configuration repository whenever you type any commands in IOS.


And how do you differentiate screen output is the startup-config or running-config ?



Learning JUNOS from IOS - Day1 (Show Interface)

Image
Once a use, forever a customMy first-time experience of Cisco router installation was in 1997, when I was a junior network engineer in a small company. I remembered that day I finished installing a customer router on-site for only 15 mins then I left and went back again after 2 hours to configure the router via console again..because I forgot to configure password under line vty (I told myslef I would never made such stupid mistake again like that - Password required, but none set)

After 13 years later, I started to learn JUNOS since 2010. Because I familiar Cisco IOS so much, so I knew the feeling of use behavior change from IOS to JUNOS. The hierarchical structure is not so easy to read when you see it in the first time.(especially when you have no any programming experience)

However, having the use experience of Cisco IOS is a not a bad thing before you start to learn JUNOS. I believe if you can leverage your previously IOS command knowledge then map to JUNOS relative statements, it…

[POC] Juniper SRX IPSec tunnel (Aggressive mode) SOP configuration

In order to prepare the future migration from Juniper SSG to SRX, so I tried to use SRX GUI interface to see how its easy for operation team to sustain this.

This is the first time I tried to use GUI to manage a router, and if you are not familiar with Juniper SRX features and functions, I have to say its a quick start to have a glance overview of Juniper SRX by web interface.

For many junior engineers, if they can have what-you-see-what-you-get interface, they will accept new technology as fast as they can or they might refuse to try or to learn new technology if there's no time pressure or instructions from high-level managers directly .
We are still using CLI to control most routing and switching network device today, but I believe someday the condition may change if the network virtualization come true.(I think no one would like to control firewall by CLI, isn't it ?)

How to use SecureCRT to access your AWS EC2 instance ?

Image
Cloud era is coming, so its time to learn those you are not familiar with.

Amazon Web Services, aka AWS, nevertheless to say is the No.1 cloud service you should know immediately now.


Setup Openstack in a VM w/ Devstack Step-by-Step

Image
Learning openstack is not an easy task for me, because I don't have much linux knowledge. During the openstack setup process followed by Openstack.org official installation guide, I spent more than 3 hours to install necessary modules and modified the configuration files one by one. But I failed and I cannot figure out what the problem is...maybe I should spend more time to understand each action and verify it one-by-one.

But I don't have so much time to waste on installation procedure, I need to familiar the openstack as soon as possible to test its feature.
So I tried to leverage Devstack all-in-one install script to help me to learn what is openstack and see how it works.

However, its still not just so simple just like Devstack.org said if you are installing openstack first time:

JUNOS CoS processing building block with related CLI commands

Image
Juniper CLI learning is a little challenge for junior network engineers or Cisco IOS engineers, because the JUNOS modular and hierarchical structure design.
Some features may need several command line which were configured under different hierarchical levels, then combined all of them together in another hierarchical level.
Such kind of CLI design especially not easy to learn when apply CoS on juniper device.(I believe many Cisco IOS engineers don't want to switch to JUNOS because of this...)


As above figure is my understanding about the related JUNOS command which is using in our production network.

[POC] Use Juniper Firefly Perimeter to support RTBH BGP scale with 120 BGP Peers

Image
As Juniper FIREFLY-PERIMETER is an ideal candidate of virtual router solution for RTBH router, because its just need control plane and memory(it will not be limited by hardware) for BGP exchange route with community. No much data forwarding plane packet process was needed.

So I rebuild the lab with Juniper firefly to see the difference with physical routers as below topology.



In my vmware workstation lab, I assigned two interface to each firefly, ge-0/0/0 was used for BGP connections and ge-0/0/1 was used for SSH purpose only(to be more easier for config copy/paste.

The most obviously advantage of firefly is the response time of commit action, it was almost done immediately after you press Enter key when I initialized the configuration clean-up, its great!
...But after I copy & paste all my configurations to it then the response time still became longer.

[edit]
lab@FIREFLY-PERIMETER-1# run show chassis hardware
Hardware inventory:
Item             Version  Part number  Serial number    …

[POC] Use Juniper SRX100H to support RTBH BGP scale with 120 BGP Peers

Image
Since our company current RTBH router was EOL(Cisco 1800), and our security team would like to expand the RTBH scope to all office SSL VPN all over the world(more than 100s), so we are trying to survey a good candidate for this position.

We have a spare Juniper M10i and I believe it can meet the requirement for sure, but its too big so our operation team tried to leverage the lab device - Juniper SRX100H for this purpose. That's why I did this POC to prove the BGP scalability of SRX100H.

As below is the Juniper SRX100H hardware features, as a such small device but has 1GB RAM so it can do much more than my expectation in its control plane:
DDR Memory: 1 GBPower supply adapter: 30 wattsAC input voltage: 100 to240 VACFastEthernetports: 8Consoleport: 1USB port: 1LEDs: 4NAND flash: 1 GB My POC topology as below is very simple and straight, I used a single cable connect between two SRX100H, then setup a trunk w/ 120 VLANs between them, each VLAN will have a direct connect EBGP session. Aft…