Author Archives: rtoodtoo

About rtoodtoo

Genco has worked for more than 10 years either as a Network or Support Engineer. Currently lives in the Netherlands and works as a Technical Support Engineer at Juniper Networks.

Slow file transfer and TCP Zero Window Probe

Slow file transfers must be really bothering everyone. I have a ZyXEL NSA325 NAS device which has a gigabit interface but I am getting extremely low throughput. Unfortunately this has been a problem I think since I bought this device. Now I could finally get hold of time to troubleshoot the issue. Here is my topology I used in testing this scenario.


As per the topology above, my laptop and this NAS device are connected to two ports of this Juniper EX2200 switch. I have enabled jumbo frame on the ports, laptop and NAS device.

Continue reading

Palo Alto Networks #1: Initial Configuration (for beginners)

This post aims to give an introduction to configuring Palo Alto Networks firewall for initial deployment as it is for beginners, I would like to cover the following topics;

  • Configure management interface settings (i.e IP Address, default gateway) via console
  • Assign IP addresses to ethernet interfaces and default gateway
  • Configure NAT and Security Policies to allow Internet access to internal clients

For this purpose, we will be using the following simple topology;


Continue reading

Differences between Juniper SRX and Palo Alto Networks firewalls

Once you are familiar with one firewall, sometimes it is difficult to be comfortable on another firewall. Here I will list 2 things that you do differently on these firewalls. At least these were the first things I noticed.


On an SRX firewall, if you ping a remote address, command will be accepted.

However if you run the same command on a Palo Alto firewall, you get an invalid syntax.

However this isn’t really the difference I would like to tell. The correct syntax on Palo Alto is like this

Continue reading

OSPF route withdraw

OSPF has slightly different way of removing routes compared to BGP. On this short post, I will present how a link failure is propagated to other routers on OSPF domain. For this test, I have the following topology section in which AREA3 is connected to AREA0 and we simulate a link failure on the Junos router J39 which has the subnet


Before the failure, we can see that is contained in router LSA.

Continue reading

BGP Route Refresh in JUNOS

What happens when you change a BGP import routing policy in your neighbor configuration? Changes take effect immediately or we need to issue the soft-inbound command to request the routes? Let’s see by an example.

We received the route from already as you see below.

Now I change the local preference from 2000 to 1999 in the import policy and commit the config.

Continue reading

BGP open message receives a TCP RST

On this micro post, I would like to show one reason why a BGP open message receives a TCP RST. For this test, I set up a BGP neighborship between two peers: PeerA( and PeerB(

PeerA initiates the connection and look what happens in the packet capture.


According to the sequence, TCP seems to have established properly. 3WAY handshake is done and PeerA thinks it can send its capabilities in its OPEN message and it actually sends it but something weird happens. Remote side PeerB first closes the connection [FIN,ACK] and then sends a RST segment to our OPEN message but why does he do that?

Continue reading

OSPF Loop prevention

On this post, I will show an example of loop prevention on OSPF protocol. There is a nice document at here about the principles of loop prevention. What I will just do is to show this on Junos. In order to show this, I am using the following topology;


On this topology, J40 and J32 are ABRs. J40 has a connection to Area3 in broadcast segment and J32 also has a link to Area3 via J201. It looks like we have multiple paths towards the same Area3 from backbone area. Let’s see how OSPF handles this.

Continue reading