Archive

Category Archives for "Networking"

DMVPN Configurations on Juniper Router

Today I am going to talk about the configurations of DMVPN on Juniper routers and then associate Dynamic VPN with remote clients step by step. I talked about DMVPN earlier in my articles as well where i explained the basics of the DMVPN. I promised at that time that I will come up with the configurations of DMVPN on each and every vendor. Now I am coming up with the DMVPN configurations on Juniper routers first and I will come up with the configurations on Cisco, Huawei and HP routers later on.

Below are some of the links where i started with the DMVPN explanations
DMVPN Basics
DMVPN Vs IPSEC Basics
Quick Comparison: IPSEC vs DMVPN vs EasyVPN vs GETVPN


The configurations used here are for the demo purposes and has no relevance with any of the live and the enterprise networks. What kind of Topology it looks like, So i am pasting here the sample DMVPN topology and has no relevance with the configuration defining below. The configuration is just for your reference to take it further.

Fig 1.1- Sample DMVPN Topology

To configure the VPN tunnel, 
First you need to configure the IKE policy.

ISIS Authentication types (packet captures)

In this post i would like to highlight a couple of “features” of ISIS.
More specifically the authentication mechanism used and how it looks in the data plane.

I will do this by configuring a couple of routers and configure the 2 authentication types available. I will then look at packet captures taken from the link between them and illustrate how its used by the ISIS process.

The 2 types of Authentication are link-level authentication of the Hello messages used to establish an adjacency and the second type is the authentication used to authenticate the LSP’s (Link State Packet) themselves.

First off, here is the extremely simple topology, but its all thats required for this purpose:

Simple, right? 2 routers with 1 link between them on Gig1. They are both running ISIS level-2-only mode, which means they will only try and establish a L2 adjacency with their neighbors. Each router has a loopback interface, which is also advertised into ISIS.

First off, lets look at the relevant configuration of CSR-02 for the Link-level authentication:

key chain MY-CHAIN
 key 1
  key-string WIPPIE
!
interface GigabitEthernet1
 ip address 10.1.2.2 255.255.255.0
 ip router isis 1
 negotiation auto
 no  Continue reading

EVPN-VXLAN INTER-TENANT ROUTING ON JUNIPER QFX / MX

evpn-vxlan-title

I’ve recently started working on a project focused on EVPN-VXLAN based on Juniper technology. I figured I’d take the opportunity to share some experiences specifically around inter-VXLAN routing. Inter-VXLAN routing can be useful when passing traffic between different tenants. For example, you may have a shared-services tenant that needs to be accessed by a number of different customer tenants whilst not allowing reachability between customer tenants. By enabling inter-VXLAN routing on the MX we can use various route-leaking techniques and policy to provide a technical point of control.

To read the article then please head over to the iNET ZERO blog

Notes from IETF 99 – The IEPG Meeting

Many years ago the IEPG had a role in allowing network operators to talk to other operators about what they were seeing and what they were thinking about. Those days are long since over, and today the IEPG meetings present an opportunity for an eclectic set of diehards to listen to an equally eclectic collection of presentations that wander over much of the topics of today's Internet, without any particular common theme or filter.

JUNIPER NORTHSTAR UPGRADE 2.1 TO 3.0

In this post, I’m quickly going to describe how to upgrade NorthStar 2.1 to 3.0. For a detailed installation and user guide refer to the 3.0 release notes here.

Firstly, let’s start off by verifying the current host OS and NorthStar versions. Note. NorthStar 3.0 requires a minimum of Centos 6.7 or above.

[root@northstar ~]# cat /etc/redhat-release
CentOS release 6.9 (Final)

To check the current version of NorthStar, navigate to the about section via the drop down menu located at the top right of the GUI

northstar-about

Download NorthStar, Extract & Copy:

Download the NorthStar 3.0 application from Juniper.net NorthStar download page. Once downloaded, extract the RPM and copy to your host machine. Below I have copied the NorthStar-Bundle-3.0.0-20170630_141113_70366_586.x86_64.rpm to the /root/rpms/ directory.

[root@northstar ~]# ls /root/rpms/ -l
total 3843976
-rw-r–r–. 1 root root 881371892 Mar 11 2016 NorthStar-Bundle-2.0.0-20160311_005355.x86_64.rpm
-rw-r–r– 1 root root 856402720 Jul 11 2016 NorthStar-Bundle-2.1.0-20160710_201437_67989_360.x86_64.rpm
-rw-r–r– 1 root root 2148942508 Jun 30 19:24 NorthStar-Bundle-3.0.0-20170630_141113_70366_586.x86_64.rpm
-rw-r–r– 1 root root 21878016 Dec 28 2016 NorthStar-Patch-2.1.0-sp1.x86_64.rpm
-rw-r–r–. 1 root root 27610536 Mar 11 Continue reading

Worth Reading: AMD and the Infinity Fabric

Starting with AMD’s Ryzen desktop processor and Epyc server architecture, AMD will implement their scalable Infinity Fabric across all its SoC and MCM products. Think of Infinity Fabric as a superset of HyperTransport, AMD’s previous socket-to-socket interconnect architecture, now managed by the HyperTransport Consortium. Infinity Fabric is a coherent high-performance fabric that uses sensors embedded in each die to scale control and data flow from die to socket to board-level. —The Next Platform

The post Worth Reading: AMD and the Infinity Fabric appeared first on rule 11 reader.

Beware of companies claiming products have AI capabilities

Software companies are exploiting the current artificial intelligence (AI) craze by exaggerating the scope and capabilities of AI in their products, according to a report from Gartner. Gartner tracks product marketing hype with a tool it calls the Hype Cycle, measuring the growth and decline of products as they mature. It calls the process of overhyping AI "AI washing," similar to the way the term “greenwashing” was used to describe exaggerated claims of environmental-friendliness in various products or practices. Gartner said more than 1,000 vendors say their products employ AI, but many are "applying the AI label a little too indiscriminately." And it has happened fast.To read this article in full or to leave a comment, please click here

Context From The People

Are you ready for the flood of context-based networking solutions? If not, it’s time to invest in sandbags. After the launch of Cisco’s Intuitive Network solution set at Cisco Live, the rest of the context solutions are coming out to play. Granted, some of them are like Apstra and have been doing this for a while. Others are going to be jumping on the bandwagon of providing a solution that helps with context. But why are we here and why now?

Creating Context

The truth is that we’ve had context in the network for decades now. It’s not a part number that we can order from a vendor. It’s not a command that we type into the CLI to activate. In fact, it’s nothing that you can see at all right now, unless there’s a mirror handy.

The context in networks has been provided by people for as far back as anyone can remember. You do it every day without consciously realizing it. You interpret error messages and disregard those that aren’t important. People know how to program VLANs correctly to segment traffic in certain ways. Security context, application context, and more are delivered by breathing, thinking humans.

We have Continue reading

Worth Reading: Is Decentralized Storage Sustainable?

There are many reasons to dislike centralized storage services. They include business risk, as we see in le petit musée des projets Google abandonnés, monoculture vulnerability and rent extraction. There is thus naturally a lot of enthusiasm for decentralized storage systems, such as MaidSafe, DAT and IPFS. —DHSR

The post Worth Reading: Is Decentralized Storage Sustainable? appeared first on rule 11 reader.

1 1,664 1,665 1,666 1,667 1,668 3,420