Category Archives: junos

Changes bringing interface down in Junos

I don’t know if there is any comprehensive list of changes which brings down an interface apart from specifically disabling the interface.
So far I recall two of them which are striking and might not be expected to flap interface. If anyone has also experience, it might be a good
place to share.

Years back I didn’t know that this change (i.e adding or removing this) was flapping the interface. If you have any routing protocol or any other component depending on the interface, be aware!

MTU change
If you change the MTU of an interface and again if you are running e.g BGP you will see a flap as traceoptions will clearly tell you that interface is going down.

Any other change you know affecting interface status? Please feel free to share!

error: put-file failed on Junos

I have got the following error while I was trying to copy a file via SCP on Junos. As per the error, I thought it is something
to do with my local permissions but I could read the source backup.conf file. I searched online, numerous entries showed up.

In the end, error turns out to be so funny. It is the “~” character which is causing this issue. As soon as I changed the destination
path as follows;

it just went through. Apparently this isn’t interpreted as “HOME” directory in Junos the way it works in Linux.
Another lesson learned!

Wonderful tool traceroute monitor

There is one traceroute option which you might not have noticed so far: It is the monitor. I use this option during packet drop issues from time to time to see if there is any hop on the path which might be causing some drop or latency. It is extremely handy and you can also modify your monitoring parameters. I believe this is a very useful troubleshooting option. The column names are also intuitive but you can take a look at the documentation here for this command if you like.

This command helped you in any troubleshooting, then drop here a comment!

According to Matt’s comment, both Linux and FreeBSD has this tool. For more info about the tool and its history check the wiki page. Tool was originally called Matt’s traceroute due to its first writer 🙂 On an ubuntu host, “apt-get install mtr” will bring you this handy tool in a few seconds!


This post is the 4th post of my MPLS series. You can find the first three here: #1, #2 , #3
In an MPLS network, PE routers keep the site specific VPN routes inside VRF (Virtual Routing and Forwarding) tables and send the routes that they learned from CE routers to remote PE routers by using MP-BGP (Multiprotocol BGP). LSPs we have configured so far will be used to send our L3VPN traffic.
One of the greatest things that VRF along with MP-BGP is that in your PE router you can keep the same network addresses in different sites and completely isolated from each other.


I will setup a BGP-L3VPN between CustC ( and CustA (

I can start configuring VRF tables on both sides. VRF is a simple routing instance in a junos box but its instance type is vrf. For simplicity I won’t configure BGP between CE and PE routers but you can also do that.

Continue reading

MPLS/RSVP configuration & troubleshooting #2

In my previous post MPLS/RSVP configuration & troubleshooting I have configured two LSPs between two MPLS routers. Now I will continue where I left off. Just one thing I must inform you that MPLS labels in the previous post won’t match this post as I restarted my routers. We will again use the same topology;


Previously we had two LSPs but didn’t know what to do with them. Now we will see how we can make use of them. When we create the LSP, one new routing table inet.3 will be populated.

inet.3 is the MPLS routing table. Once an LSP is established, you can find it here. You can see this table in an Ingress MPLS router but not in transit one in which you can see mpls.0 switching table populated.

BGP has very close connection with this table. For example, the network has been discovered via IBGP from J40 to J35. This means protocol next hop is address. BGP first look in the inet.3 table and if it finds there, it will install the physical next hop in inet.0

Continue reading

SRX Inventory

For troubleshooting purposes I find the file /var/log/inventory quite useful. You know why? If you haven’t displayed this file so far, go and run the command

With this new information, if you type

You will see the history of your JUNOS upgrades. Believe me you may need it one day!

scripting commands in junos

One of the things that I need during troubleshooting sessions is to run a specific command at regular intervals. Instead of doing this manually you can create a tiny script to run your command every second for you. Here is how you can do it;

My operational command that I want to monitor is “show route receive-protocol bgp” as I am interested in the change in the number of routes advertised from BGP speaker

Create this file under the operating system shell by vi editor and save it into a file e.g then run it like;

You will see that script will sleep 1 sec and then run the operational command for you. The operational show command is just a silly example. You can replace it with anything you like e.g neighbor monitoring etc.

Configuring virtual router


I just want to talk about briefly how you can configure a simple virtual router in Junos. For this I have drawn a physical and a logical view of my simple topology. In physical view, you can see that there is only one SRX but logically there are actually one virtual router connected from interface ge-0/0/2 to ge-0/0/3. There are different ways of connecting a virtual router to the physical one but I have chosen to use the physical interfaces to inter connect. These two interfaces can be connected over a switch or back to back.

As it can be seen in the config, I have configured a virtual router instance named “custA” and assigned ge-0/0/2.0 interface to this VR but we must configure the interface under the main interfaces configuration stanza.

Continue reading

Junos per packet load balancing

If you have two multiple equal cost paths to the same destination, JunOS behavior is to pick up one of the next-hops and use that one. For example in the following scenario, Junos keeps sending the packets via the ge-0/0/0.41 interface.

but you can change this behavior ;

1) Write a policy statement

Continue reading

Effect of MRU setting on EX Switch

MRU (Maximum Receive Unit) has a close relation to MTU but as far as I can see it has different effects in various active devices.
For example setting an MTU value of 1000 on an Ethernet interface of a Linux machine or an SRX box doesn’t prevent the larger packet from being accepted. However if the very same interface tries to return a similar size packet then it has to be fragmented. However on EX switch I saw something else. Let me explain;

I connected two PCs to my ex2200 test switch’s ge-0/0/8 and 9 port and assigned to the same vlan. Then I pinged from the PC connected to the port 8 to PC on 9. port with size 1000bytes and it worked. Then I set the interface MTU of port 8 to 900bytes and checked the MRU value.

As it can be seen MRU is 908 since Junos adds 8 bytes to calculate this value. After this setting I again tried to send a ping with 1000 size but no success. Here is the point because it is a switch and also it is MRU but not MTU your sender won’t get notified by any ICMP message even if you have PMTU discovery is turned on. You can literally beat the air if you have a small MRU setting on the switch this is my humble opinion:)