Service & Support
Showing results for 
Search instead for 
Do you mean 

I really like this resource...

 

http://www.juniper.net/techpubs/en_US/release-independent/nce/information-products/pathway-pages/nce...

 

Various example configurations for a wide variety of network solutions - across all the main Juniper products.

 

I like to browse this every now and agian - always likely to learn something and a great first place to visit when tasked with something new.

Read more...

One of the most common network issues in a network engineers’ dreams, or perhaps nightmares, is packet loss. When packet loss is caused by a congested link, it is very easy to locate the problem. When everything seems to be running fine, however, locating the loss can be challenging. There is a solution, though: firewall filters. In  this post, I will guide you how to use them to find packets that have left home without a forwarding address.

 

Consider the L3VPN scenario below where the customer is complaining about packet loss from PC2 to PC1.

 

 

The first thing to do in this type of failure is to identify where packets are being lost. To achieve this, deploy a firewall filter on points 1 to 4 to count the ICMP packets hitting the interface. The more specific your firewall filter is, the easier the identification will be.  Below is one example for this firewall filter:

 

firewall {
    family inet {
        filter count_icmp {
            interface-specific;
            term echo_reply {
                from {
                    protocol icmp;
                    icmp-type echo-reply;
                }
                then {
                    count icmp_reply;
                    accept;
                }
            }
            term echo_request {
                from {
                    protocol icmp;
                    icmp-type echo-request;
                }
                then {
                    count icmp_request;
                    accept;
                }
            }
            term others {
                then {
                    count others;
                    accept;
                }
            }
        }
    }
}

 Once the firewall filters are deployed, ask your customer to execute a ping command that will send 10 packets from PC2 to PC1. Once the ping command on PC2 finishes, it is time to check the firewall filter counters at all the points you have applied it to. In all cases, you should expect to see 10 echo request packets and 10 echo reply packets. This is the command used to check the counter:

 

root@PE2> show firewall filter count_icmp-ge-0/0/2.0-i

Filter: count_icmp-ge-0/0/2.0-i
Counters:
Name                                                Bytes              Packets
icmp_reply-ge-0/0/2.0-i                                 0                    0
icmp_request-ge-0/0/2.0-i                             420                    5
others-ge-0/0/2.0-i                                   738                   12

root@PE2>

 

Now check for the last point where you got all the expected ICMP packets and the first point where you find they are missing. That sub-section of the network is where your packet loss issue is located. Now, you can further troubleshoot that section to isolate the cause.

 

Firewall filters are one of the most powerful tools for investigating packet loss because they are simple, easy and efficient. Have a look in the book A Packet Life of Ping by Antonio Sanches-Monge. In it, Antonio dives deep into  troubleshooting scenarios using the most basic and established tools of the networking world: the ping and traceroute tools.

 

And what if your scenario includes a BRAS where all subscribers have dynamic created interfaces ? Watch out for the next post!

Cheap - Fast - Secure, Pick 2

by Juniper Employee ‎04-26-2013 05:17 AM - edited ‎04-26-2013 05:25 AM

This is a variation on the old mantra; cheap, fast, and good, you can only ever have 2.  Regardless if good is substituted with secure, my experiences corroborate with that mantra.  While many vendors and consultants make promises of being able to do all 3, delivery on that promise is a whole different animal.  Also, as I've seen, security is the choice often left out. 

Read more...

This post is the last of four discussing a set of challenges experienced in recent private cloud projects.  This time: challenges in orchestrating and automating private enterprise cloud environments.

Read more...

This post continues a series discussing challenges experienced in recent private cloud projects.  This time the discussion looks at challenges in securing and monitoring private enterprise cloud environments.

Read more...

This post continues a series examining challenges experienced in recent private cloud projects.  This time:  managing private enterprise cloud environments.

Read more...

Private Clouds - Part 1 of 4: What are the challenges?

by Juniper Employee ‎04-09-2013 12:09 AM - edited ‎04-16-2013 06:26 PM

As more and more enterprises look to private clouds to drive down IT costs and add nimbleness to their businesses, some very interesting networking and security challenges are becoming apparent.  This blog begins a series of four posts discussing experience and learnings from recent cloud networking projects.

Read more...

A New Way To Learn SLAX

by Juniper Employee ‎04-08-2013 10:04 PM - edited ‎04-09-2013 03:30 PM

Ever wanted to learn Junoscript but found it just isn’t that easy? Here’s a solution: Try SLAX. It’s a learning tool that will help you on your journey to becoming a SLAX developer.

Read more...

Creating SRX login user with security-only context

by Juniper Employee ‎03-20-2013 10:48 PM - edited ‎03-21-2013 12:17 AM

 

Trying to create a user who, upon login on the SRX, is able to view only security-related statistics and configure and view only security stanza? This is the right post for you.

Read more...

Understanding How The SNMP Utility MIB Works

by Juniper Employee ‎03-20-2013 04:00 PM - edited ‎03-22-2013 08:26 AM

In my previous post, I presented how to leverage the SNMP Utility MIB to customise your router’ SNMP Agent. Now, let’s see how it works  – starting with this  picture.

The picture demonstrates the process of using the SNMP Utility MIB.

Read more...