This is the 5th and final post of my MPLS series. You can find all posts under mpls-tutorial tag. So far I have run all SRX devices in packet mode which means we weren’t able to use service features of SRX firewall. With this new config, we can also inspect the traffic. You can find
Read More »
This post is the 4th post of my MPLS series. You can find the first three here: #1, #2 , #3 In an MPLS network, PE routers keep the site specific VPN routes inside VRF (Virtual Routing and Forwarding) tables and send the routes that they learned from CE routers to remote PE routers by
Read More »
This is the 3rd post of my MPLS/RSVP series. In the first and second, I set up an MPLS cloud with some sort of redundancy. In this post, I will enable traffic engineering support on OSPF in order to use CSPF and fast reroute feature. To explain fast reroute I need the topology again; In
Read More »
In my previous post MPLS/RSVP configuration & troubleshooting I have configured two LSPs between two MPLS routers. Now I will continue where I left off. Just one thing I must inform you that MPLS labels in the previous post won’t match this post as I restarted my routers. We will again use the same topology;
Read More »
I would like to show how I configured my MPLS cloud with RSVP signaling in this post. This is the first post of my RSVP,MPLS/VPNs series. I will use the topology below throughout my posts. In a real world MPLS core, things may be different but this is just a lab. I have a provider
Read More »
There are two types of logging mechanism in SRX: event and stream. Event logging isn’t recommended for sending traffic logs as it can cause high CPU in the routing engine. If you enable stream logging, you should also pay attention to several things on branch SRX; 1) Traffic log can’t be forwarded via fxp0 interface
Read More »
Starting from 12.1X44-D10, an SRX box can also run as a cache only DNS server or dns proxy if we are to adhere to what is called in the documentation. It has also view support i.e you can direct DNS queries to specific DNS servers based on the source address. In this topology, I
Read More »
Did you know that if you enable packet-mode in traffic interface of an SRX box, host inbound traffic isn’t allowed anymore? Device can still process transit traffic but inbound traffic won’t work. For example, apply a filter like below to an interface and try to SSH to IP 98.1.1.1, you shouldn’t be allowed. #show interfaces
Read More »
I have taken the first step and scheduled my JNCIE-SEC exam for November. I think I have sufficient time to finish my studies. I will also try to share my case studies as much as I can, since case study is the best way for me to learn any topic. Recommendation for these type of
Read More »
If you have confusion about Security Director and Junos Space, here is a simple description of these two; Security Director (previously known as Security Design) is the application that manages Juniper SRX firewalls. You can think of this as a module which is only responsible for security platforms of Juniper. It is a subset of
Read More »
You must be logged in to post a comment.