Blogs

Be the first person to recommend this.
All you J-Netters are among the first to know that, on November 18, we’re evolving J-Net into something bigger and better: The Juniper Elevate Community . Months ago, we’d gathered your feedback on the community and found that in general, you wanted better navigation, a simpler design, more recognition, links to other social platforms, and a simplified registration process. We listened and acted. Because that’s what communities do—share ideas and best practices. So we’ve been busy behind the scenes developing an entirely new platform that not only addresses all your input, but also provides a more modern foundation for our new “one-stop-community-shop” ...
0 comments
1 person recommends this.
Junos offers a broad range of automation capabilities, starting from a YANG based configuration and state information base , accessible via CLI, NETCONF and REST over gRPC based JET APIs directly into various Junos daemons. Some readers might even be familiar with custom YANG, allowing operators to extend the functionality in Junos in respect to configuration and operational commands and make them available via CLI, NETCONF and REST. An example can be found in my post about L2VPN Custom YANG . But the ability to customize and extend Junos doesn’t stop here. With the introduction of Junos telemetry streaming , one can turn any available state information ...
2 comments
3 people recommend this.
Importance of Overlays Network overlay technologies have played a key role in modern data centers by improving the efficiency, agility, scalability and manageability of application deployments. Cloud providers are rapidly innovating on cloud connect models to deploy new applications that require specific network topologies, without modifying the underlying physical networks. As overlay methodologies actively evolve, it’s imperative that data center edge routers adopt a new paradigm - to implement overlays that are flexible and can adapt to the changing demands expeditiously. Background of JUNOS Overlays So far, overlays or tunnels in JUNOS ...
1 comment
5 people recommend this.
While many people are still figuring out segment routing, up crops SRv6, and then SRv6+. Read why we want SRv6+, and why we believe it's crucial we get it. Now - that leads to questions - whats going on - and there seems to be some lack of understanding as to what this is - and why we want it - so - here is a kind of 101 on what SRv6+ is - why we want it - and why we believe its crucial we get it. Firstly though - lets step back - and look at what SRv6 is, in brief. Effectively, segment routing has various types of segment identifiers - these can be seen in https://tools.ietf.org/html/draft-ietf-spring-segment-routing-policy-02 . While I won't ...
0 comments
Be the first person to recommend this.
Introduction As we saw in the SPF and TE Single Protocol Solutions blog , when deploying differentiated services it becomes necessary on the ingress router to forward some services, those requiring specific paths constraints, using only the Traffic-Engineered(TE) LSPs or even very specific TE LSPs while other service may be ‘allowed’ to use the SPF LSPs. In this blog we will explore several options for service mapping ranging from implicit techniques to very specific policy driven techniques. We will also explore how attributes associated with a Border Gateway Protocol (BGP) based service destination may be used as match criteria for service mapping ...
0 comments
2 people recommend this.
Introduction There is often a desire to provide shortest-path MPLS tunnels and Traffic-Engineered or explicit-path MPLS tunnels in a network for differentiated services. Traditionally, this has been accomplished by deploying both Label Distribution Protocol (LDP) and Resource Reservation Protocol with Traffic Engineering Extensions (RSVP-TE) side-by-side and mapping “services” to protocol specific paths explicitly. Deploying two protocols for MPLS path signalling can be quite complex for a number of reasons. Each protocol has different operational behaviors leading to increased operational knowledge and potentially increased network ...
1 comment
2 people recommend this.
Introduction Traffic Engineering (TE) has become an indispensable function in many large and small Networks alike. One key objective of modern TE is the optimization of resource utilization. In particular, it is generally desirable to ensure that subsets of network resources do not become over utilized or congested while other subsets along alternate feasible paths remain underutilized. Therefore, a central function of TE is to efficiently manage bandwidth (BW) resources. Let us consider figure 1 below. Due to the resulting IGP shortest path (SPF) computation (SPF algorithms optimize based on a simple additive metric) all data flows between R1 and R6/R7 ...
0 comments
Be the first person to recommend this.
Introduction The trend in recent years with the Internet - cloudification, app-based consumption and interactivity - in connection to rapidly growing our dependence for Internet-based resources for every-day actions, establish new set of requirements for Internet infrastructure - The network: High bandwidth Low round-trip delay between data producer and consumer These two force network topology to become denser and more diverse. The data producers and the consumers are predominantly in two different Autonomous Systems, which may (but not have to) be directly adjacent. For example, content provided DC belong to one AS that is connected ...
0 comments
4 people recommend this.
Getting to Know the Packet Forwarding Engine: An Informal Guide to the Engines of Packet Forwarding By: Salah M. S. Buraiky This article aims at providing the essential concepts for a beginner network engineer to understand the function, basic workings, components and features of the Packet Forwarding Engine (PFE), the intelligent component of the forwarding plane (data plane). It aims at creating a model of the PFE in the mind, leading to an appreciation of its criticality and its central role in a router's performance and features. It assumes that the reader knows the basics of networking and routing protocols. It will not furnish ...
4 comments
Be the first person to recommend this.
Symptoms When working with EX / QFX switches it is often required to collect comprehensive interface status data. Not any single show command will provide all the details and merging the output of several commands is tedious and time consuming. On top of this, it can be tricky to find free ports on switches, because unconfigured ports are simply not shown in many commands and the only way to find out available ports is examining the chassis hardware components. Because I often need to collect such information from multiple switches, I developed a script for Pretty Good Termina l, and I would like to share you its usage in this article. ...
0 comments
1 person recommends this.
The Challenge of Scripting Have you ever been faced with the challenge of querying or changing the configuration of several hundreds or even thousands of devices on your network? Have you ever considered using Python language to create a script that analyses the current configuration and makes changes accordingly? If the answer is yes to any of these questions, you may be interested in reading this article. I want to introduce you to the Pretty Good Terminal and its usage for large scale scripting deployment because I do believe it is an extremely powerful network automation tool, and all who face similar challenges might find it a good friend. ...
0 comments
2 people recommend this.
Being able to download and run Juniper vMX on KVM and ESXi has really helped me learning more about networking, telemetry and build automation solutions. But the software dependencies combined with manual editing and launch of shell scripts per vMX instance felt a bit outdated to me. Why can’t I just get a Docker Container with the vMX deployed using Docker, Docker Compose or Kubernetes? This would allow me to launch a fully virtualized topology with routers and endpoints with a single docker-compose command, try something out, redeploy with different Junos versions and even share the recipe with other users via public Git repo’s. Well, ...
3 comments
6 people recommend this.
Network I mplementation and Test Automation (NITA) is Juniper’s extensible framework that deli ver s network automation solution s l ike automated lab testing and deployment . While automation yields several benefits from a business perspectiv e , t he focus of this article will be on NITA’s technical aspects, covering its use-cases and software architecture. Where does NITA come into play? NITA has been designed with several use cases in mind. The main offerings available with NITA are: Automated Lab Testing (ALT) : tests are executed on pre-production environments ...
0 comments

L2 security on IPv6

Be the first person to recommend this.
When I wrote a blog about using a switch as security device in 2013, I couldn’t have predicted the attention it got. It might have been the fact that I publicly admitted to being aware of my mental state for writing about switches in a security oriented blog space. Or maybe it was the content of the blog after all. Anyway, I got a lot of comments and questions about that blog. So almost five years later my friend Valentijn pointed out to me that a small follow-up was needed. It seems at this point in time IPv6 is actually being used in LAN scenario’s instead of just WAN and 6 to 4 natting. This creates a new set of security risks we can address in the switch ...
3 comments

JUNOS Hashtags

Be the first person to recommend this.
Imagine that you can tag configuration elements in JUNOS with arbitrary strings and selectively display parts of the configuration based on a tag value. Much like you use hashtags in social media networks. The hashtag can represent a customer, a service, a temporary feature, or just about anything meanigful to you. Well, this is possible today, below is a sample output of running a display command that shows all configurations tagged with 'customer-a'. user@router> op hashtag.py hashtag customer-a ## Last commit: 2018-04-01 17:29:41 PDT by user interfaces { xe-1/2/0 { unit 0 { apply-macro ht { customer-a; ...
0 comments

Code-Free Automation

2 people recommend this.
When you hear the word “automation”, what do you visualize? Usually it will be some script, code or program that is executed to repeat the manual activity at machine speeds. There are other simpler ways automation manifests in. With Junos, you get some features that help you automate work flow, reduce configuration size and control when the configurations are active without writing a single line of code. Junos configuration groups is a feature that helps you reduce the size of device configuration, by grouping common configurations together and using inheritance to apply the configurations correctly. A simple visualization and overview of the Junos ...
0 comments
Be the first person to recommend this.
Background, Introduction and New Deployment Design Juniper’s QFX5200 Ethernet Switch supports flexible 10GbE, 25GbE, 40GbE, 50GbE, and 100GbE interfaces for Ethernet connectivity, which delivers a line-rate, low-latency, and high-density platform for building large Hub-and-Spoke IP-fabric data center networks. Previously, customers could apply Priority-based flow control (PFC) and enhanced transmission selection (ETS) to build lossless traffic flows. PFC facilitates the selection of data flows within links and tries to pause them, so that the output forwarding classes attached to the traffic flows do not overflow and drop packets. ETS supports link ...
0 comments
Be the first person to recommend this.
Question What is the supported release upgrade path for Junos Space Network Management Platform Release 17.2? Answer You can upgrade Junos Space Network Management Platform installations running Release 17.1R1, 16.1R1, 16.1R2, or 16.1R3 to Junos Space Network Management Platform Release 17.2R1. Junos Space Platform upgrade from Release 16.1 or 17.1 to 17.2 follows the standard upgrade procedure. For information about the upgrade procedure from Junos Space PlatformRelease 16.1 or 17.1 to Junos Space Platform Release 17.2, see Upgrading Junos Space Network Management Platform Overview and Upgrading Junos Space Network Management Platform ...
0 comments
1 person recommends this.
Starting in Junos OS Release 16.1R3 one can request streaming telemetry data using the gRPC framework with vendor-neutral data models based on OpenConfig. Great, but what configuration is required and is there a simple client available to test and troubleshoot it? I recently faced this question myself and found some great resources, which I documented in this post. For an in-depth discusssion about the various streaming telemetry option from Juniper devices, read thru the 3 parts on Tech Mocha , starting with USING OPENNTI AS A COLLECTOR FOR STREAMING TELEMETRY FROM JUNIPER DEVICES: PART 1 . Ingredients Juniper vMX running Junos 17.3R1 Junos ...
1 comment
1 person recommends this.
Question What is the supported release upgrade path for Junos Space Network Management Platform Release 17.1? Answer You can upgrade Junos Space Network Management Platform installations running Release 16.1R1, 16.1R2, or 16.1R3 to Junos Space Network Management Platform Release 17.1R1. Junos Space Platform upgrade from Release 16.1 to 17.1 follows the standard upgrade procedure. For information about the upgrade procedure from Junos Space PlatformRelease 16.1 to Junos Space Platform Release 17.1, see Upgrading Junos Space Network Management Platform Overview and Upgrading Junos Space Network Management Platform . If the Junos Space Platform ...
0 comments