DDOS_PROTOCOL_VIOLATION_SET warning
All of a sudden things may start go wrong in your juniper switches and when you examine the logs you see the followings;
Cisco Viptela vEdge LAB High CPU
I am currently deploying a Viptela vEdge 17.2.x series in my ESX lab however as soon as I fired up multiple vEdges I noticed CPU utilisation went through the roof. Server couldn’t handle 4-5 instances as each consumes around 8GHz. This was very familiar to me from virtual SRX experience due to continuous polling and
Read More »
Layer 2 loop troubleshoothing
Check that stupid interface statistics first if things are god damn wrong One network guy says I thought it is better to write the summary of the ports first. I have had multiple layer 2 loops in my career and they were mostly disastrous. I think there is nothing more scary than a layer 2
Read More »
PXE for network engineers
As a network engineer, you might receive a request from your colleagues probably Desktop team to configure network devices for PXE server. If you don’t know what PXE, how it works and configured, I will try to answer those questions on this post. Mostly I will focus on Windows imaging which I mostly configured devices
Read More »
Advertising a non-existent route to BGP in PAN
Normally if you want to advertise a route to your BGP neighbor, the route you want to announce must be available in your routing table but in Palo Alto Networks there is a nice trick which is quite handy. Where can it be really handy? For example you have a subnet which you only use
Read More »
Convert SRX zone policy to global
SRX platform has two types of security policy: Zone Based and Global and you can mix these two but when mixed it is also posing some challenges. If you want to convert all zone based policies to global, normally there is no builtin tool. Maybe Junos Space provides such tool but I am not aware
Read More »
Juniper SNMPv2 on routing instance
When I need to configure SNMPv2 on a Juniper device and routing instance is involved, I always forget to enable some knobs. Here is a quick one which allowed me to query an EX switch through its VR (in my example VR name is ISP1). You can also specify your specific VR name under “routing-instance-access”
Read More »
List trunk ports on Juniper Switch
Have you ever wanted to list the trunk ports on a Juniper EX switch? Unfortunately there doesn’t seem to exist a single dedicated command for this purpose. In the past I used to use the following command: > show ethernet-switching interfaces detail | match Trunk but this is not working on new releases. Juniper keeps
Read More »
migrating zone based address book to global in Juniper SRX
I have written a small python3 script to convert SRX address books which are in zone base format to global. There was already a ready script on juniper forums but I saw they lack duplicate address checks and it couldn’t connect to some SRX devices. Below is the link to the code and how it
Read More »
SRX240 and SRX340 failure rates
Recently I upgraded dozens of SRX240H2 and SRX340 series Juniper firewalls and around %10 of SRX240H2 boxes either crashed during upgrade or after upgrade and none on 340 series. Although 340 is a newer platform, I would like to be positive and believe the fact that Juniper has improved both hardware and software quality. What
Read More »