Posts

Juniper MX SNMP Logical-System

So it seems on a Juniper MX, SNMP on an Logical-system is not the easiest to figure out, so here was my issue I have a loopback interface configured on an logical-system with an ipv4 address. I tried to do an SNMP walk on this but kept failing all access was permitted but kept failing, after some head bashing and some assistance from a colleague we found some documentation which helped shed some light on this, ref links:

  1. Features That Are Supported on Logical Systems
  2. Identifying a Routing Instance – page 99
  3. Identifying a Routing Instance

Existing configuration of SNMP failing

So from the documentation and from what we could figure out it seems to fix this we had enable SNMP to access other routing-instances/logical-systems below is the configuration that allowed us to configure this, however when making the SNMP call we found it very Odd!! syntax see extract:

This name should be used when querying data for that routing instance (for example, LS/[email protected]). For v3 requests, the name logical system/routing instance should be identified directly in the context field.

Solution to configuring SNMP polling with Logical-Systems

juniper copy scripts to other virtual-chassis

Recently added some op scripts and commit scripts on an juniper ex-4500 cluster with 3 members in the virtual-chassis. When you copy the scripts to the device it does not copy the scripts to the member devices you need to do this manually, you can do this from the device that contains the scripts to copy them over to the members in the virtual-chassis

to copy the scripts to the other members you can simply just do the following:

Below is the problem I saw on our devices:

juniper error: could not open op script: Permission denied

Permission denied when trying to open an op script

Recently I was updating an op-script and uploaded it with a different user and got the following error:

How to fix op script: Permission denied

It seems when you upload the script the permissions are only allowed for that particular user and no one else is able to read this file therefore we would update the permissions for the file using chmod, I believe there are other ways you can fix this but this is what i quickly figured out, see below the solution:

How to Install junos olive 12.1 on virtualbox

This guide below shows you where and how to download junos olive 12.1 and install it on virtualbox in very simple steps, you can then further extend this and create a mini lab, I’ve installed it to help me test my junos scripts.

1. download and install VirtualBox if you don’t already have it.
2. download the Juniper olive image: Download Juniper Junos Olive 12.1
3. double click the image file which will open in virtual-box

4. Apply the following base code if you would like access to the shell, I used a bridged interface which meant I was using my LAN (192.168.1.x/24) please select a free IP address in your LAN and adjust the config below, if you copy the encrypted hash the password is: [email protected]:

default username: root, with no password.

5. Open a shell and try access ssh [email protected]

Download Juniper Junos Olive 12.1

Note: From here you can download “JunOS Olive 12.1” VM image, you can run it with GNS3 or virtualbox for simulating juniper router. (Please note that this image is only provide to you for informational purpose and not to be used in production networks)

aspath-regex junos examples

I was working on looking at the juniper route table on a mx480 looking at the “show route receive-protocol bgp 38.104.127.169”.

Scenario 1: BGP including 3 or more or less AS paths with first element is constant

Reference:
Juniper : show route aspath-regex

default interface on juniper

When i first started using juniper i was unsure how to clear the interface configuration and “default interface” on juniper like the cisco command “default interface”, juniper doesn’t have such a similar command but you can do something similar to the below which has the same effect:

Logging UP and DOWN events for routing protocols on juniper

Recently we found that having the junos logging level at notice level, we were not getting recovery events for our routing protocols, this is because juniper is logging DOWN events and UP events with different levels of severity (warning vs info).

In order to resolve this basically we can overwrite the severity levels of certain events we want to see all routing status information (up and down), and the below covers this.

Juniper logging config

additional config to show recorvery of routing protocols and bfd with notice level logging

Logging Results

OSPF flap logs

ISIS flap logs

BGP flap logs

Send an test SNMP trap on juniper device

test snmp on juniper

test snmp on juniper

If you need to test SNMP on a juniper device without having to trigger an event you can do the following which will send an SNMP trap which will allow you to test the functionality:

you can send different spoof-traps see more details from the below link:

http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/command-summary/request-snmp-spoof-traps-command.html#jd0e141

Freeup memory on cisco 6500 router with full BGP route tables

In the olden days, we had to have the soft-reconfig setting on our BGP sessions to accept route updates without reloading the entire BGP table.

This takes up a lot of memory, especially when you have 3 ISP;s connecting with full BGP Tables, In these times where the Internet route table is ~488,000 routes and we accept full tables from multiple providers, we can’t afford the memory usage – and we don’t have to!

Today’s Internet providers support a better idea, route-refresh, effectively doing the same thing without the negative. This feature provides a soft reset mechanism that allows the dynamic exchange of route refresh requests and routing information between BGP peers and the subsequent re-advertisement of the outbound or inbound routing table.

is route-refresh supported on cisco 6500

is route-refresh supported on juniper device

According to the above it sure is supported in fact most devices enable and support this, so if you are memory concoius and you can afford to be without soft-reconfig then route-refresh is sufficient enough. On the 6500 device you will not see the memory free up until the router is rebooted.

Troubleshooting juniper SRX traffic flow

Recently I had an issue where traffic was hitting the juniper SRX from a cisco ASA and for whatever reason the traffic was not being permitted, I saw the traffic being permitted on the the cisco ASA, but fell short on understanding how I could Troubleshoot juniper SRX:

following flow was of interest:
source: 10.255.50.129
destination: 10.251.134.51
destination-port: icmp

Real-time capture on Cisco ASA

Capture on Juniper SRX

These captures help in troubleshooting the issue, and can find issues if any on your policy.