Showing posts from March 2, 2014

JUNOS CoS processing building block with related CLI commands

Juniper CLI learning is a little challenge for junior network engineers or Cisco IOS engineers, because the JUNOS modular and hierarchical structure design.
Some features may need several command line which were configured under different hierarchical levels, then combined all of them together in another hierarchical level.
Such kind of CLI design especially not easy to learn when apply CoS on juniper device.(I believe many Cisco IOS engineers don't want to switch to JUNOS because of this...)

As above figure is my understanding about the related JUNOS command which is using in our production network.

[POC] Use Juniper Firefly Perimeter to support RTBH BGP scale with 120 BGP Peers

As Juniper FIREFLY-PERIMETER is an ideal candidate of virtual router solution for RTBH router, because its just need control plane and memory(it will not be limited by hardware) for BGP exchange route with community. No much data forwarding plane packet process was needed.

So I rebuild the lab with Juniper firefly to see the difference with physical routers as below topology.

In my vmware workstation lab, I assigned two interface to each firefly, ge-0/0/0 was used for BGP connections and ge-0/0/1 was used for SSH purpose only(to be more easier for config copy/paste.

The most obviously advantage of firefly is the response time of commit action, it was almost done immediately after you press Enter key when I initialized the configuration clean-up, its great!
...But after I copy & paste all my configurations to it then the response time still became longer.

lab@FIREFLY-PERIMETER-1# run show chassis hardware
Hardware inventory:
Item             Version  Part number  Serial number    …

[POC] Use Juniper SRX100H to support RTBH BGP scale with 120 BGP Peers

Since our company current RTBH router was EOL(Cisco 1800), and our security team would like to expand the RTBH scope to all office SSL VPN all over the world(more than 100s), so we are trying to survey a good candidate for this position.

We have a spare Juniper M10i and I believe it can meet the requirement for sure, but its too big so our operation team tried to leverage the lab device - Juniper SRX100H for this purpose. That's why I did this POC to prove the BGP scalability of SRX100H.

As below is the Juniper SRX100H hardware features, as a such small device but has 1GB RAM so it can do much more than my expectation in its control plane:
DDR Memory: 1 GBPower supply adapter: 30 wattsAC input voltage: 100 to240 VACFastEthernetports: 8Consoleport: 1USB port: 1LEDs: 4NAND flash: 1 GB My POC topology as below is very simple and straight, I used a single cable connect between two SRX100H, then setup a trunk w/ 120 VLANs between them, each VLAN will have a direct connect EBGP session. Aft…