It is not really about the website, more about the infrastructure it is running on. This week I moved my website to this new infrastructure, which currently equates to this;



scenario

First, a little bit on the old more...


for old times’ sake, I wanted to do a Cisco MPLS VPN. Since I no longer have a lot of access to Cisco hardware, I used GNS3 and the C7200-SPSERVICESK9-M image. The setup is as follows:


scenario

The service provider routers are all running OSPF, LDP and BGPmore...


This article is about a hub-and-spoke layer 3 VPN on Juniper MX routers. The hub-and-spoke VPN is similar to the one in a previous post, except for one thing. This time, the hub site is connected to the IP-VPN using only 1 interface The lab is setup as follows:


scenario

Before diving into the configuration, I’d like to clarify how this version of the hub and spoke VPN works.more...


This article is about a hub-and-spoke layer 3 VPN on Juniper MX routers. The hub-and-spoke VPN will be built to resemble the following topology:


scenario

There will be three spokes. All spokes will have connectivity with each other. This connectivity will not be the same as in a regular full mesh VPN. In a regular full mesh VPN, devices on each site that is connected to the VPN can communicate directly with other sites in the VPN. The service provider that provides the customer with the VPN will route all traffic directly from one site to another;

more...


A central services VPN is a topology that a service provider can use to offer services to IP-VPNs belonging to different customers. The service provider can do this by using a single central service IP-VPN, sort of like a ‘Hub VPN’ that can service ‘spoke VPNs’: more...


For JNCIP SP, the Interprovider VPN is listed among the topics that you need to know. For that reason, and because I have only had real world experience with Interprovider VPN option A, I decided to post a lab on this subject. I'll try to do option C in a later post.

RFC 4364 describes BGP/MPLS IP Virtual Private Networks (VPNs). Chapter 10 describes three solutions to a VPN spanning Multi-AS Backbones. The three options are presented in order of increasing scalability;
     a. VRF-to-VRF connections
     b. EBGP redistribution of labeled VPN-IPv4 routes from AS to neighboring AS more...


The lab topology is the following;


scenario
more...


These notes cover IS-IS on Juniper devices. The list of topics covered here correspond to the JNCIP-SP exam objectives.

more...


These notes cover CoS on Juniper devices. The list of topics covered here correspond to the JNCIP-SP exam objectives. One objective is missing. I will cover the 'Given a scenario, demonstrate knowledge of how to configure and monitor CoS' somewhere else.

more...


This is an example configuration for a logical-interface-policer on a Juniper MX router. The logical-interface-policer is a policer that will treat traffic for a logical interface as an aggregate. This means that the policer will police traffic from multiple families to a single desired rate.

more...


Due to a pending Brocade MLX/NetIron to MX swap, I had to get into the MPLS VPLS interoperability between Brocade MLX/NetIron and MX. I decided to share a lab on a VPLS between using an MX router and a Brocade MLX. What I’ll do here, is create the following scenario:


scenario
more...


This is an example on using the OSPF sham link in a BGP signaled MPLS VPN. The scenario is as follows:


scenario
more...


The command to activate storm-control on an MLX is.......Well, it isn’t there. Instead of entering a single configuration command, you have to configure two layer 2 access-lists. One access-list that matches broadcast traffic and another one that matches multicast traffic:

 
access-list 400 permit any ffff.ffff.ffff ffff.ffff.ffff any etype any
access-list 401 permit any 0100.0000.0000 ff00.0000.0000 any etype any
                
more...


Policing, also known as rate-limiting, can be used as an instrument to control how much traffic is allowed to flow in a certain direction. In Junos, you can do this by using a policer as an action in a firewall filter. This article is about the configuration of two simple and straightforward examples involving a policer on a Juniper device that is referenced in a firewall filter. Both examples are performed on an EX4200 and both use the most common or standard policer; the single-rate two-color policer. This policer allows for both hard and soft policing meaning that traffic exceeding the policer can be dropped or remarked.

more...


This article offers some insight into how you could decide to build a multihomed Layer 3 IP VPN or Layer 3 MPLS VPN. First I’ll go over the topology. After this, you will find the PE and CPE configuration. I’ll end with some verification and show commands.


scenario
more...


A sample configuration for a very common scenario:



scenario

more...


A QFX5100 allows for dot1q-tunneling, or Q-in-Q. If you ever configured dot1q-tunneling on an EX-switch, this configuration differs a lot from what you may be used to. This article offers an attempt to clarify and explain the configuration of a dot1q-tunnel on a standalone QFX5100 without an enhanced feature license.

I will use the following setup in the next examples:

scenario
more...


Configuring a vlan interface for vlan 20 and enabling Ethernet0/0/0 as an access-port for that vlan:

 
#
vlan 20
 name EXAMPLE
#
interface Vlanif20
ip address 1.1.1.1 255.255.255.248
#
interface Ethernet0/0/0
 port link-type access
 port default vlan 20
 undo shutdown
#
                
more...


This article explains how you can analyze the forwarding table on Junos. On this lab, I altered several metrics to make the traffic flow look like this:



scenario
more...


For a little while now, I have been wanting to do a Juniper IP VPN lab. I wanted to gather most of the basics into one post. In this post, I will elaborate on the different protocols and how they are configured.more...


scenario


In this post you will only find the configuration. The lab was done on a MX104 running 13.2R2.4. more...


A BGP route using a next-hop that is affected by rapid link flapping can cause routing instability throughout the entire AS. BGP routers receiving an update message have to propagate this message to their peers and at the same time, the BGP router has to recalculate it’s tables. To provide for more stability and to be able to cope with route flapping, the BGP protocol was extended with route dampening (defined in RFC 2439).

more...


more...


BFD is not a very complicated protocol and the Juniper implementation and configuration is rather straightforward.

more...


more...


This article aims to offer a short explanation of BGP load balancing on a Juniper MX series router. Normally, a Juniper router running BGP will select a single best route based on the following selection procedure. By default, only one route will be selected as active and only one next-hop is installed in the forwarding table. As a result, routers peering across multiple links will only use one of these links.

more...


BGP, being the inter-autonomous system path vector routing protocol that is, uses the AS path attribute to detect loops. When an Update is received, a BGP speaking router checks the AS path attribute to see if its own AS is already listed. If it is, the routing update is discarded. Since the AS path attribute is only updated across EBGP sessions, this mechanism does not work for IBGP. Because there is no AS based loop detection possible, the default IBGP behavior is that routes learned from IBGP neighbors are not advertised to other IBGP neighbors. Because these IBGP learned routes are not advertised to other IBGP peers, a full mesh of IBGP peerings is required. Without the full mesh, some routers would miss out on routing information.

more...


Recently, I deployed a VCF consisting of some QFX5100's and some EX4300's. I found that the default configuration did not really protect the network well enough and I thought I’d share it in this post.

more...


Just a little thing I ran into the other day. I suddenly found a subnet, which was used only for management purposes, installed in the routing table on all routers running OSPF. This was odd because the subnet was not supposed to be advertised all over the network.

more...


Juniper's Junos offers a lot of flexibility as well as nifty little tricks. I recently ran into the situation in which 'apply-path' really came in handy. For a particular service, a different subnet was provisioned under the same interface over and over again. I wanted to advertise all of the prefixes configured on subinterfaces under this interface through BGP. At the same time, however, I did not want to advertise all the subnets that were configured on the router. Another thing I wanted to avoid was having to alter the prefix-list for every future subnet configured for that particular service. To this end, I configured the following prefix list:

 
set policy-options prefix-list direct-xe-2/0/2 apply-path "interfaces xe-2/0/2 unit <*> family inet address <*>"
                
more...


OSPFv3 is specified in RFC 5340. The RFC starts out by saying that, even though the protocol is updated, most of the fundamental mechanics (flooding, DR/BDR, area’s, SPF, etc.) remain unaltered. In chapter 2 of the RFC, you can find a list of things that have been altered.

more...


After being done with the building of an IPv4 OSPF lab, I wanted to delve into OSPFv3 a little more. In this post, I will turn the OSPFv2 configuration into the OSPFv3 equivalent.

The topology for which I will show the side-by-side configuration is the following:

more...


To amuse myself I wanted to do a little something with OSPF and several different vendors. I ended up doing some OSPF on a Juniper MX480, a Cisco 2921 and a Huawei AR1220F:

more...


Previously, I configured OSPF neighbor relationships between a Juniper MX480, a Cisco 2921 and a Huawei AR1220F. In this second part, I wanted to look at how I can inject a prefix on each individual router.

more...


A post about configuring VRRP between a Huawei AR and a Cisco router. After briefly touching the theory behind VRRP, I will show a configuration example accompanied with some commands to verify the configuration.

more...


In Junos , OSPF authentication can come in one of three ways; none, simple or MD5.

more...


What if you are reselling transparent EVCs that are delivered to you on a wholesale Interconnect, and the vlan-id is not what you wanted? Take the following example:

more...


Since MPLS is one of my favorite subjects, I'll do a more extensive lab on this subject. I'll mix some theory as I'll gradually expand the lab until most of the topics from JNCIS-SP are covered.

more...


After going through MPLS basics, label distribution protocols and L3-VPN, I decided to do another lab on Layer 2 MPLS applications. I’ll focus on all four possibilities mentioned in the study guide and create a (very) basic scenario for all of them.

The picture below shows the four types of layer 2 connections on the left side and the lab topology on the right side.



scenario
more...


Just a little thing I ran into.
Huawei has timers for NAT sessions that differ from those of Cisco and a lot of other vendors.

more...



About me
.