Traffic shaping is a method to control the rate at which packets are sent and Linux does a pretty good job in doing this. I am currently developing a shell-like interface for TC in python and the following script is the framework for the application. I will update this post as I have more experience
Read More »
Here is a simple junos commit script that checks if a given interface is assigned to trust zone or not. It is very basic of course but can be extended using junos automation reference documents. /* basic-sanity-check.slax */ version 1.0; ns junos = "http://xml.juniper.net/junos/*/junos"; ns xnm = "http://xml.juniper.net/xnm/1.1/xnm"; ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0"; import "../import/junos.xsl"; match
Read More »
I would like to add a quick note on how to forward some traffic received from one interface to a vsys configured in a netscreen device. From time to time, I need to do this and I always have to search for it again. This may not be the right way of doing or not
Read More »
A quick NSRP configuration for reference purposes; VSD: Virtual Security Device, it is a container for VSIs. VSI: Virtual Security Interface. NSRP is slightly different than VRRP when it comes to IP floating. In VRRP, nodes have their own IPs and acquire master IP during failover. However in NSRP, there is only one interface IP
Read More »
In this post I would like to explain how to upgrade JunOS on a router remotely. Imagine that you have dozens of routers and you would like to script it somehow. Below is a script I have written in python. I must say that it really took me some time to comprehend paramiko API but
Read More »
I would like to write about Path MTU discovery and IP Fragmentation in this post and the relation between them. As per the topology above, if the host LINUX1 is sending a packet to LINUX3 device. Packet has to go through a path in which there are various MTU sizes involved. In the past I
Read More »
Before reading this post you may have a look at the link http://en.wikipedia.org/wiki/Large_segment_offload which is the main motive of this post. While I was trying to troubleshoot some TCP communication, I wanted to investigate something which I have ignored so far. Maybe one screenshot is more than many words; Have a look at total length field of
Read More »
Here is my simple dynamic vpn configuration. I have tested it and it works:) However I could only use windows clients in my setup although I tried so hard to get a working linux client, debugging didn’t provide me any useful information. Here is the config: 1) First configure profile config which contains users and
Read More »
After a little struggle, I have managed to establish an IPSEC VPN tunnel between an SRX box and a Linux machine. In case someone else needs below is my configuration. SRX 650, JunOS 10.4R5.5 IKE CONFIG [edit security] root@host# show ike traceoptions { file ike.log; flag all; } proposal pro-basic { authentication-method pre-shared-keys; dh-group group2;
Read More »
According to exam topics I will focus on routing instances, routing between instances and filter based forwarding. Lets get started; Routing Instances Routing instances may be considered to be virtual routers within a physical router configured like below. I have two virtual routers configured each of which inherits one interface from physical router. In configuring
Read More »
You must be logged in to post a comment.