Juniper
MX Routers
Redundancy, Graceful Switchover, Graceful Restart, NSR, etc
General HA
VRRP
In Service Software Upgrades (ISSU)
Non-Stop Routing
Graceful Restart
Misc Notes
Isolating a customer to one provider
- Use rib-group import-policy with a separate routing instance: see here
- To inject only a default route into the routing instance (x.x.x.x is provider):
set routing-instance [name] routing-options static route 0/0 next-hop x.x.x.x
Another way:
- instance-type of virtual-router, use instance-import knob to reference a policy-statement
Config example:
interfaces { vlan { unit 100 { family inet { filter { input classify-vlans; } address 192.168.1.15/24; } } unit 200 { family inet { filter { input classify-vlans; } address 192.168.2.15/24; } } } } policy-options { policy-statement accept-from-inet.0 { term 1 { then accept; } } } firewall { family inet { filter classify-vlans { term route-to-isp1 { from { source-address { 192.168.1.0/24; } } then { routing-instance isp1; } } term route-to-isp2 { from { source-address { 192.168.2.0/24; } } then { routing-instance isp2; } } term default { then accept; } } } } routing-instances { isp1 { instance-type virtual-router; interface vlan.100; routing-options { static { route 0.0.0.0/0 next-hop 10.0.0.1; } instance-import accept-from-inet.0; } } isp2 { instance-type virtual-router; interface vlan.200; routing-options { static { route 0.0.0.0/0 next-hop 10.0.0.5; } instance-import accept-from-inet.0; } } }
EX Switches
Generic Info
- EX Series Switch Software Features Overview Matrix
- Layer 3 Protocols Not Supported on EX Series Switches
- Layer 3 Protocols Supported on EX Series Switches
- Setting up a mirrored port
- EX2200 DHCP - Snooping and IP-Guard
Config Snippets
Disabling Flow Control
Flow control is enabled by default on all ports on at least EX3200, EX4200, and EX8216. To disable:
[edit interfaces] + interface-range flow-control { + member-range ge-0/0/0 to ge-2/0/23; + ether-options { + no-flow-control; + } + }
Helpful shell commands
ifmon
Time-elapsing interface counters: i/o bytes, i/o packets, errors, etc.
Pass the interface name when calling the command.
Usage: ifmon [-v] [-JL <lrname>] [interface]
What do the other flags do..?
iftop
Time-elapsing overview of interface counters: for all interfaces
Gives each port's rate in pps or bps, etc.
Usage: iftop [-v] [-d]
- -v : shows version
- -d : same as running without arguments, but adds interface descriptions
mtr
Yes.. Juniper actually includes mtr: pass it a hostname, watch a time-lapse
traceroute occur. Lookup the details online; widely available tool.
tcpdump
Juniper includes a modified version of tcpdump; again, look it up elsewhere.
lcdd: Line Card Daemon
"lcdd" from a shell (not the cli) connects you to various other parts of the switch,
including the software forwarding infrastructure (sfid), chassis manager (chassism),
and the virtual chassis system (vccpd). You don't need to be root to get into these.
The general idea is:
> lcdd 0 <area>
Where area is one of the above/below items. The digit (0) is the FPC slot number. EX switches only have FPC0.
sfid: Software Forwarding Infrastructure
chassism: Chassis Manager
vccpd: Virtual Chassis'
vty: Shell out to other parts of the system
"vty fpc0": connect to PFE
root@3200-24t:RE:0% vty fpc0 BSD platform (MPC 8544 processor, 48MB memory, 0KB flash) PFEM0(vty)# show version Juniper Embedded Microkernel Version 10.1R1.8 Built by builder on 2010-02-12 17:42:57 UTC Copyright (C) 1998-2010, Juniper Networks, Inc. All rights reserved. BSD platform (MPC 8544 processor, 48MB memory, 0KB flash) Current time : Fri Nov 19 14:36:37 2010 Elapsed time : 15+01:46:39
Security
To disable physical LCD menu: set chassis lcd fpc 0 maintenance-menu disable (repeat for each FPC)
Firewall / Packet Filtering
Generic Info
External Documentation
- TechDoc: Firewall Filters for EX Series Switches Overview
- TechDoc: Firewall Filter Configuration Statements Supported by JUNOS Software for EX Series Switches
- TechDoc: Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX Series Switches
- Firewall Filter Match Conditions and Actions for EX Series Switches
Archiving and Restore
Archiving
VLANs
Generic Info
External Documentation
Tag Swapping (VLAN Translation)
External Documentation
QinQ / Stacked Tags
External Documentation
- TechDoc: Understanding Q-in-Q Tunneling on EX Series Switches
- TechDoc: Example: Setting Up Q-in-Q Tunneling on EX Series Switches
- TechDoc: Configuring Q-in-Q Tunneling (CLI Procedure)
- TechDoc: Verifying That Q-in-Q Tunneling Is Working
MPLS
Generic Info
- MPLS Applications Configuration Guide
- TechDoc: JUNOS MPLS for EX-series Switches Overview
- TechDoc: Understanding JUNOS MPLS Components for EX-series Switches
- TechDoc: Example: Configuring MPLS on EX-series Switches
Path Protection
- TechDoc: Understanding MPLS and Path Protection on EX-series Switches
- TechDoc: Configuring Path Protection in an MPLS Network (CLI Procedure)
Network Topology
Rings
External Documentation
- Implementation Guide: MX/EX ethernet ring
- TechDoc: Ethernet Ring Protection Switching Configuration Example
- TechDoc: Ethernet Ring Protection