Author: rtoodtoo
Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN
// JNCIE-SEC #223 / RHCE / PCNSE
In Linux, in the past I was using iproute2 and multiple routing tables to do some more advance stuff but when I became aware of Namespace, things really changed for me. Namespaces in Linux seem to be similar to logical systems in Junos. It seems to be a bit more than a routing instance in
Read More »
I am going to break my certificate VPN setup in this post and see what sort of log message we will get. If you are looking for how to set up a certificate based IPSEC VPN on SRX, you can check my other post. I have already an established the tunnel between those two peers
Read More »
After a bit of struggle, finally I have passed JNCIE-SEC exam. It was a bit long journey for me. I studied every topic in detail, read thousands of pages and did hundreds of labs. If I should do a self-criticism; when I look back now, I can tell you that I over complicated the things
Read More »
Traceroute is a great tool to discover the path a packet traverses in outgoing direction but if you have an MPLS cloud, you may have some unexpected behavior if you don’t do some tweaks. First of all let’s see how traceroute discovers a path when there isn’t any MPLS cloud. The network above is using
Read More »
On this Saturday evening, I have finally completed my work with TCP SACK analysis. This post was in my mind for sometime but now I have done it after building my big local Internet at home. You will also find some stuff about receive segmentation offload, wireshark tips etc. Here is the topology used for
Read More »
I was doing couple of tests on BGP protocol today between two EBGP peers and monitoring the BGP trace file I enabled on my Junos box during which I have seen the following NOTIFICATION being sent by one of the peers. GW2 rpd[1144]: bgp_pp_recv:3217: NOTIFICATION sent to 212.6.1.1+59825 (proto): code 6 (Cease) subcode 7 (Connection
Read More »
I couldn’t really find a suitable topic for this post actually but I will try to find answers for the following questions: How can we fragment an IP packet manually in scapy How does a fragmented packet look like and how the transport layer (TCP/UDP) header is located How do we forward fragmented packets, do
Read More »
I have prepared a small setup to test Q-in-Q or formally known as IEEE 802.1ad. There are several names given to this technique but the ones I prefer most are Provider Bridging or Stacked VLANs but I think most common name is QinQ. Anyway, I have set up the following lab. This is the physical
Read More »
This is a small post to inform followers of this blog about a common mistake done in SRX cluster configuration. This is something I really need to write. A cluster has two various configuration stanza Node specific Global If you want to set something which is specific to only one node e.g node0 you configure
Read More »
One of the topics that I haven’t written about so far was VPLS but I had already written some posts which lay the foundation for this VPLS setup. On this post, I will try to explain how VPLS is configured and verified on Junos particulary on packet mode Juniper SRX. I believe it will be
Read More »
You must be logged in to post a comment.