Archive
Latest Articles
DevOps against DDoS II: Monitoring BGP FlowSpec with Junos PyEz

DevOps against DDoS II: Monitoring BGP FlowSpec with Junos PyEz

This article continues my previous DevOps against DDoS I: Programming BGP FlowSpec with Junos PyEz post by providing basic machinery to monitor BGP Flow Specification route installation and enforcement.

 

This monitoring tool chest is also based on Junos PyEz and I will be leveraging YAML views and operational tables to provide a more programmatic, scalable and intuitive solution baseline.

 

Read more...

Juniper Employee
DevOps against DDoS I: Programming BGP FlowSpec with Junos PyEz

DevOps against DDoS I: Programming BGP FlowSpec with Junos PyEz

Distributed Denial of Service (DDoS) attacks are increasingly important in the networking industry. Their sophisticated magnitude, crafted impact and widely spread side-effects beyond a specific objective are leading to unexpected and severe economical consequences for both enterprises and service providers.

 

 

Read more...

Juniper Employee
Tweaking BGP add-paths

Tweaking BGP add-paths

 

This post follows-up my previous article Granular BGP advertise-external for MPLS L3VPNs with the intention to tweak and illustrate the BGP add-path feature implementation in Junos OS for IPv4 unicast and IPv6 labeled-unicast (6PE) routes. BGP add-paths provide a more comprehensive path diversity approach than diverse paths or advertise-external and in my view, multiple applications can be based on Junos OS BGP add-path tactical deployment in default instance tables.

 

 

Read more...

Juniper Employee
Granular BGP advertise-external for MPLS L3VPNs

Granular BGP advertise-external for MPLS L3VPNs

In some BGP multi-homed environments between networks, it is possible to achieve shorter convergence times by using certain features beyond traditional [RFC4271] BGP rules. One of these features is the so-called BGP advertise-external or best-external, so that Autonomous System Border Routers (ASBRs) also advertise the best externally received path, even though it may not result as the ultimate best path from the selection algorithm.

 

 

Read more...

Juniper Employee
Inter-AS Option B for IPv4 and IPv6 L3VPNs

Inter-AS Option B for IPv4 and IPv6 L3VPNs

 

Interprovider or Inter-AS Option B is a well-known documented MPLS L3VPN connectivity option under [RFC4364], Section 10B.

 

This article is actually motivated by some feedback comments to a previous post with regards to next-hop settings when extending an Inter-AS Option B interconnect to support IPv6 L3VPNs. Even though the control plane for router and label binding advertisement is based on IPv4, it is required to adjust the next hop at the NNI (Network-to-Network Interface) in current Junos OS releases for adequate route resolution, as per [RFC4659], Section 3.2.1.2.

 

 

Read more...

Juniper Employee
Traffic engineering inet6 shortcuts to connect IPv6 islands - Part II

Traffic engineering inet6 shortcuts to connect IPv6 islands - Part II

inet6-shortcuts-calculations.jpgIn my previous Traffic engineering inet6 shortcuts to connect IPv6 islands - Part I post, I reviewed the specification for the per-family Traffic-Engineering shortcuts feature with the intention to apply it to connect IPv6 islands over an MPLS-based but IPv6-unaware network core. Effectively, to be considered as a replacement for the 6PE model or a transition mechanism. I also outlined a sample Junosphere topology to analyze the architecture.

 

But we still need to go deeper down into final details of certain end-to-end connectivity use cases. And based on these use cases, I can finally compare some aspects from both the 6PE model and this architecture. These aspects are covered in this second post.

 

I am pretty sure many readers will find some other advantages or caveats and I would much appreciate some other points of view on this topic. Please feel yourself invited to drop here your opinion and comments, take the attached Junosphere topology, and modify it and break it if possible!

Read more...

Juniper Employee
Latest Comments
Archive | 06-17-2020
Re: Netconf and YANG – explained in a layman’s term
Archive | 04-09-2020
Re: Per-prefix LFA
By  Knox
Archive | 01-08-2019
Re: Netconf and YANG – explained in a layman’s term
Feedback