Masood Ahmad Shah

very cool Internet visualization application

Very, very cool Internet visualization application for Android and Iphones, they are using data from the folks at CAIDA.

http://money.cnn.com/2013/03/06/technology/innovation/map-of-the-internet/  

Juniper pathfinder

JNCIP-SP Certification Cleared

Earned my JNCIP-SP certification on May 20, 2011 (A completely new certification by Juniper Networks ). 

I hope to finish JNCIE-SP within next 3-4 week. Wish me all the luck :)

How to calculate CAR rate-limit

Here's just a quick and handy tip for anyone who is after how to calculate CAR rate-limit.

normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds

extended burst = 2 * normal burst 

Its Official...No more IPv4 left

disable interface TX laser (JUNOS)

VLANs Cisco/Juniper

If you are familiar with Cisco switches, and using Cisco switches fairly well, this post will help you to boost your confidence as a Juniper network engineer.

 If you can configure a Cisco switch, then you also can configure a JUNOS based switch :)  here you go.. 

 IOS

JUNOS

Assign an IP addressto a VLAN:

IOS

JUNOS

Assigning a port to aVLAN (Access):

IOS

JUNOS

Assigning a port to aVLAN (6 Trunked with 5 Native)

IOS

JUNOS

Firewall Filter on Juniper's EX-series Switches

MTR on Juniper JUNOS

You may have used traceroute in a Micrsoft OS or in Unix.  It’s quite simple and can tell you a few things about the connection between you and any other device on the internet.
So what if the problem were intermittent, or traceroute did not show any problems because perhaps the choke point is experiencing intermittent bursts of data?  Enter MTR, the big brother to traceroute.  MTR (or My Trace Route) can show you a constant display of each link and how it’s holding up.

Since JUNOS 8.0 there is a new option which allows to run traceroute in a 'MTR-like' mode:

jahil@R1> traceroute monitor 4.2.2.2

where 4.2.2.2 is an IP or domain-name of the target host.

You can do a more intensive version of this through the JUNOS shell. Requires root access

jahil@R1> start shell
 % su
Password:
jahil@R1% mtr -i 0.02 4.2.2.2

Viewing default/hidden config on JUNOS

Would you like to see JUNOS defaults configuration. To view certain JUNOS default settings for dynamic profiles/system/services/applications, you must type the full command:

jahil@voyager# show configuration groups junos-defaults

Note: TAB/SPACE autocomplete does not work here :)

Cisco IOS 15.0 (new features).. Awesome

Cisco released IOS 15.0. This is the next major release after 12.4. It’s been over 4 years since Cisco has delivered a major release of IOS code.
The new features listed in the documentation include: 

•BGP Event Based VPN Import;
•BGP Per Neighbor Graceful Restart Configuration;
•BGP RT Changes Without PE-CE Neighbor Impact;
•BGP local convergence in MPLS VPN networks (the feature has already been available in 12.2 SRC, now it’s available on more platforms);
•Full BFD support, including static routes, BFD-in-VRF and BFD-over-Frame Relay (next step: test it on a 2800-series router);
•DHCP authentication;
•DMVPN tunnel health monitoring;
•EEM 3.1 (whatever that is, the EEM documentation hasn’t been updated yet);
•Interaction between IS-IS and LDP;
•OSPF graceful shutdown and OSPF TTL security check features are available on more platforms;
•Intra-zone traffic inspection in zone-based firewall;
•VRF Aware RSVP Agent and Gateway;
•WCCP: VRF Support;

nd many more http://www.cisco.com/en/US/docs/ios/15_0/15_0_1_m/15_0_1_m_newfeatlist.html#wp1055140 Good job; finally we have something new to play with :)

JUNOS Command Completion

The JUNOS command completion feature saves you lots of time and energy, and it provides syntax checking as you type. Gone are the days when you type a command on a line and after you press Enter the command is either invalid or not supported on that version of software. Any error or ambiguity will be detected early, and the router/switch will present a list of valid completions for the current command.

You can disable command completion on a per-login basis by modifying the CLI environment with an operational mode set cli command:

jahil@R1> set cli ?
Possible completions:
complete-on-space Set whether typing space completes current word

But a good reason to do so has not yet been noted.

You can evoke command completion by using either the space bar or the Tab key. Note that the Tab key also completes user-assigned variables such as interface names, IP addresses, firewall filters, and filenames.

Note: The most confusing thing about command completion is when to use space and when to use tab. The space bar is used until a variable is reached, at which time the Tab key is used to auto-complete the user variable for the filter name of test_JUNOS-JAHIL-FILTER.

Juniper's JUNOS Emacs style cursor movement/Page manipulation

Remember Juniper's JUNOS is heavily influenced by Unix, afterall it does sit on top of FreeBSD. You can use EMACS commands for cursor movement, which include:

Ctrl-a  Moves the cursor to the beginning of the command line, back to the prompt
Ctrl-e Moves the cursor to the end of the command line
Ctrl-b Moves the cursor back one character
Ctrl-k Delete everything from the current cursor position to the end of the line
Ctrl-x Delete the entrie line.
Ctrl-l Bring back the current line
Ctrl-p Scroll back through command history (analogous to up arrow)
Ctrl-n Scroll forward through command history (analogous to down arrow)
Ctrl-r Search command history for a string

Just like in GNU less you can

say you run a show, this has been pageanated, that is split into pages if the output of the command shows more than one screen. You can go all the way to end by hitting
G
similarly you can return to the first of the output by typing
g

You can also search for a string in the page by
/(your search string)

JUNOS Aggregated Ethernet Interfaces

Aggregated ethernet interface increases bandwidth, provides graceful degradation as failure occurs, and of course increases availability.

To configure an aggregated ethernet interface on Juniper's boxes, you can use the link aggregation feature to aggregate one or more links to form a virtual link.The client will treat this virtual link as if it were a single link.

To configure aggregated ethernet interfaces, using the JUNOS CLI:

1.Specify the number of aggregated ethernet interfaces to be created:

[edit chassis]
jahil@Voyager#set aggregated-devices device-count 2

2.Specify the minimum number of links for the aggregated Ethernet interface (aex):, that is, the defined bundle, to be labeled “up”: 

[edit interfaces]
jahil@Voyager#set ae0 aggregated-ether-options minimum-links 2

3.Specify the link speed for the aggregated ethernet bundle:

[edit interfaces]
jahil@Voyager#set ae0 aggregated-ether-options link-speed 1g

4.Specify the members to be included within the aggregated ethernet bundle:

[edit interfaces]
jahil@Voyager#set ge-0/1/0 ether-options 802.ad ae0
jahil@Voyager#set ge-1/1/0 ether-options 802.ad ae0

5.Specify an interface family for the aggregated ethernet bundle:

[edit interfaces]
jahil@Voyager#set ae0 unit 0 family inet address 1.1.1.1/24

Note: An interface with an already configured IP address cannot form part of the aggregation group.

Netflow on Juniper Router

On Juniper Router's if you want to sample all traffic, you don't really need a firewall filter, you can use the following simple form:

    ge-0/0/0 {
        unit 0 {
            family inet {
                sampling {
                    input;
                }
            }
        }
    }

Packet sampling can also be done by defining a firewall filter to accept and sample specific traffic, applying that rule to the interface and then configuring the sampling forwarding option. just like...

forwarding-options {
     sampling {
         input {
             family inet {
                 rate 100; /* packet sampling rate */
             }
         }
         output {
             cflowd <flow collector IP address> {
                 port 9991; /* port number */
                 source-address <source IP>;
                 version 5;  /* netflow version number */
             }
             flow-active-timeout 60; /*the tool you're using may want something different */
             }
         }
}

These settings are per-interface:

interfaces {
   <interface> {
    family inet {
   sampling {
    input;
   }
   ...
    }
    ...
      }
     ...
  }

Note: If you want to use Jflow on M Series routers you will have to buy specialised hardware (AS/MS PIC or you can buy an M7i with embedded AS PIC).

One can use Jflow on the RE, but I personally don't reccomend it as you could flood out routing updates etc. Hardware wise you'd probably be best off with one of the new MultiService PICs (PE-MS-100-1 would fit). More info about the MS PICs can be found here: http://www.juniper.net/us/en/local/pdf/datasheets/1000199-en.pdf

With regards to licencing you will need a licence (S-ACCT) for use with AS or MS PICs.