I am happy to announce that Juniper has just released a new Day One Guide entitled "Junos Tips, Techniques, and Templates 2011". For this particular Day One Guide, Juniper Networks Books and J-Net joined forces and requested the best and brightest Junos tips and techniques from the Junos user community. In fact, the book was created after a thorough selection process which included reviewing over 300 submitted tips by over 100 individuals on the J-Net community boards at forums.juniper.net.
I am honored that Juniper accepted my contributions and decided to include them in this guide. My contribution "Automatically Allow Configured BGP Peers in a Loopback Firewall Filter" covers how to configure a Junos prefix-list in conjunction with the apply-path features to parse a configuration and then dynamically build a list of matching prefixes for use in a firewall filter.
Outside of my meager contribution, this guide is chock full of dozens of useful tips and techniques and is an indispensable guide for anyone involved in managing Juniper platforms on a daily basis.
So the theme of the day is Network Virtualization, Software defined networks and taking virtualization to its logical conclusion i.e. server, storage and network in a giant resource pool that can be allocated/assigned any which way. Although its easier said then done. Server and Storage virtualization were a bit simpler since we were dealing with one OS that needed to provide the right abstraction layer. The H/W resource pool (disk, cpu, network, memory, etc) was managed by the single OS so provisioning it between various virtual machines or storage pool was a bit simpler. The network by definition is useful only when multiple devices are connected and trying to treat them as a single resource pool is harder. A virtual networks has to deal with not just links, bandwidth, latency and queues but also
higher level functionality like routing, load balancing, firewalling, DNS, DHCP, VPN, etc. etc. And we haven’t even talked about how this all will hook up together along with virtual machines and virtual storage pool in a easy manner. Now before you argue that every component is already virtualized (which is very true), one could argue that it still doesn’t give me a virtual network. It Continue reading
The proper design of a network infrastructure should allow for a number of key traits that are very desirable in an overall network design. First, the infrastructure needs to provide redundancy and resiliency without a single point of failure. Second, the infrastructure must be scalable in both geographic reach as well as bandwidth and throughput capacity.
Ideally, as one facet of the network is improved, such as resiliency; it should also improve on bandwidth and throughput capacity as well. Certain technologies work on the premise of an active/standby method. In this manner, there is one primary active link – all other links are in a standby state that will only become active upon the primary links failure. Examples of this kind of approach are 802.1d spanning tree and its descendants rapid and multiple spanning trees in the layer 2 domain and non-equal cost distance vector routing technologies such as RIP.
While these technologies do provide resiliency and redundancy they do so at the assumption that half of the network infrastructure is unusable and that a state of failure needs to occur in order to leverage those resources. As a result, it becomes highly desirable to implement active/active resiliency Continue reading
A pretty long post that summarizes the characteristics of OSPF protocol when using it on a CE-PE link. Read along to review its features, learn about BGP extended communities and loop prevention mechanisms for OSPF on CE-PE links.
Portfast + bpdufilter (used together) can be enabled globally or at interface level.
Although the first impression is that the only difference is the global or per-interface effect, this is not entirely true and another subtle and important difference is described in this post.
Welcome on my very first post on my new fresh technical blog!
This post shows different ways of how to match packets based on their length. While this may not be very common in real production, you will find it useful during your CCIE preparations.