DMVPN Configurations on Juniper Router

Today I am going to talk about the configurations of DMVPN on Juniper routers and then associate Dynamic VPN with remote clients step by step. I talked about DMVPN earlier in my articles as well where i explained the basics of the DMVPN. I promised at that time that I will come up with the configurations of DMVPN on each and every vendor. Now I am coming up with the DMVPN configurations on Juniper routers first and I will come up with the configurations on Cisco, Huawei and HP routers later on.

Below are some of the links where i started with the DMVPN explanations
DMVPN Basics
DMVPN Vs IPSEC Basics
Quick Comparison: IPSEC vs DMVPN vs EasyVPN vs GETVPN


The configurations used here are for the demo purposes and has no relevance with any of the live and the enterprise networks. What kind of Topology it looks like, So i am pasting here the sample DMVPN topology and has no relevance with the configuration defining below. The configuration is just for your reference to take it further.

Fig 1.1- Sample DMVPN Topology

To configure the VPN tunnel, 
First you need to configure the IKE policy.

ISIS Authentication types (packet captures)

In this post i would like to highlight a couple of “features” of ISIS.
More specifically the authentication mechanism used and how it looks in the data plane.

I will do this by configuring a couple of routers and configure the 2 authentication types available. I will then look at packet captures taken from the link between them and illustrate how its used by the ISIS process.

The 2 types of Authentication are link-level authentication of the Hello messages used to establish an adjacency and the second type is the authentication used to authenticate the LSP’s (Link State Packet) themselves.

First off, here is the extremely simple topology, but its all thats required for this purpose:

Simple, right? 2 routers with 1 link between them on Gig1. They are both running ISIS level-2-only mode, which means they will only try and establish a L2 adjacency with their neighbors. Each router has a loopback interface, which is also advertised into ISIS.

First off, lets look at the relevant configuration of CSR-02 for the Link-level authentication:

key chain MY-CHAIN
 key 1
  key-string WIPPIE
!
interface GigabitEthernet1
 ip address 10.1.2.2 255.255.255.0
 ip router isis 1
 negotiation auto
 no  Continue reading

Defending anti-netneutrality arguments

Last week, activists proclaimed a "NetNeutrality Day", trying to convince the FCC to regulate NetNeutrality. As a libertarian, I tweeted many reasons why NetNeutrality is stupid. NetNeutrality is exactly the sort of government regulation Libertarians hate most. Somebody tweeted the following challenge, which I thought I'd address here.


The links point to two separate cases.
  • the Comcast BitTorrent throttling case
  • a lawsuit against Time Warning for poor service
The tone of the tweet suggests that my anti-NetNeutrality stance cannot be defended in light of these cases. But of course this is wrong. The short answers are:

  • the Comcast BitTorrent throttling benefits customers
  • poor service has nothing to do with NetNeutrality

The long answers are below.

The Comcast BitTorrent Throttling

The presumption is that any sort of packet-filtering is automatically evil, and against the customer's interests. That's not true.

Take GoGoInflight's internet service for airplanes. They block access to video sites like NetFlix. That's because they often have as little as 1-mbps for the entire plane, which is enough to support many people checking email and browsing Continue reading

EVPN-VXLAN INTER-TENANT ROUTING ON JUNIPER QFX / MX

evpn-vxlan-title

I’ve recently started working on a project focused on EVPN-VXLAN based on Juniper technology. I figured I’d take the opportunity to share some experiences specifically around inter-VXLAN routing. Inter-VXLAN routing can be useful when passing traffic between different tenants. For example, you may have a shared-services tenant that needs to be accessed by a number of different customer tenants whilst not allowing reachability between customer tenants. By enabling inter-VXLAN routing on the MX we can use various route-leaking techniques and policy to provide a technical point of control.

To read the article then please head over to the iNET ZERO blog

Notes from IETF 99 – The IEPG Meeting

Many years ago the IEPG had a role in allowing network operators to talk to other operators about what they were seeing and what they were thinking about. Those days are long since over, and today the IEPG meetings present an opportunity for an eclectic set of diehards to listen to an equally eclectic collection of presentations that wander over much of the topics of today's Internet, without any particular common theme or filter.

JUNIPER NORTHSTAR UPGRADE 2.1 TO 3.0

In this post, I’m quickly going to describe how to upgrade NorthStar 2.1 to 3.0. For a detailed installation and user guide refer to the 3.0 release notes here.

Firstly, let’s start off by verifying the current host OS and NorthStar versions. Note. NorthStar 3.0 requires a minimum of Centos 6.7 or above.

[root@northstar ~]# cat /etc/redhat-release
CentOS release 6.9 (Final)

To check the current version of NorthStar, navigate to the about section via the drop down menu located at the top right of the GUI

northstar-about

Download NorthStar, Extract & Copy:

Download the NorthStar 3.0 application from Juniper.net NorthStar download page. Once downloaded, extract the RPM and copy to your host machine. Below I have copied the NorthStar-Bundle-3.0.0-20170630_141113_70366_586.x86_64.rpm to the /root/rpms/ directory.

[root@northstar ~]# ls /root/rpms/ -l
total 3843976
-rw-r–r–. 1 root root 881371892 Mar 11 2016 NorthStar-Bundle-2.0.0-20160311_005355.x86_64.rpm
-rw-r–r– 1 root root 856402720 Jul 11 2016 NorthStar-Bundle-2.1.0-20160710_201437_67989_360.x86_64.rpm
-rw-r–r– 1 root root 2148942508 Jun 30 19:24 NorthStar-Bundle-3.0.0-20170630_141113_70366_586.x86_64.rpm
-rw-r–r– 1 root root 21878016 Dec 28 2016 NorthStar-Patch-2.1.0-sp1.x86_64.rpm
-rw-r–r–. 1 root root 27610536 Mar 11 Continue reading

Worth Reading: AMD and the Infinity Fabric

Starting with AMD’s Ryzen desktop processor and Epyc server architecture, AMD will implement their scalable Infinity Fabric across all its SoC and MCM products. Think of Infinity Fabric as a superset of HyperTransport, AMD’s previous socket-to-socket interconnect architecture, now managed by the HyperTransport Consortium. Infinity Fabric is a coherent high-performance fabric that uses sensors embedded in each die to scale control and data flow from die to socket to board-level. —The Next Platform

The post Worth Reading: AMD and the Infinity Fabric appeared first on rule 11 reader.

Beware of companies claiming products have AI capabilities

Software companies are exploiting the current artificial intelligence (AI) craze by exaggerating the scope and capabilities of AI in their products, according to a report from Gartner. Gartner tracks product marketing hype with a tool it calls the Hype Cycle, measuring the growth and decline of products as they mature. It calls the process of overhyping AI "AI washing," similar to the way the term “greenwashing” was used to describe exaggerated claims of environmental-friendliness in various products or practices. Gartner said more than 1,000 vendors say their products employ AI, but many are "applying the AI label a little too indiscriminately." And it has happened fast.To read this article in full or to leave a comment, please click here

Context From The People

Are you ready for the flood of context-based networking solutions? If not, it’s time to invest in sandbags. After the launch of Cisco’s Intuitive Network solution set at Cisco Live, the rest of the context solutions are coming out to play. Granted, some of them are like Apstra and have been doing this for a while. Others are going to be jumping on the bandwagon of providing a solution that helps with context. But why are we here and why now?

Creating Context

The truth is that we’ve had context in the network for decades now. It’s not a part number that we can order from a vendor. It’s not a command that we type into the CLI to activate. In fact, it’s nothing that you can see at all right now, unless there’s a mirror handy.

The context in networks has been provided by people for as far back as anyone can remember. You do it every day without consciously realizing it. You interpret error messages and disregard those that aren’t important. People know how to program VLANs correctly to segment traffic in certain ways. Security context, application context, and more are delivered by breathing, thinking humans.

We have Continue reading

Stuff The Internet Says On Scalability For July 21st, 2017

Hey, it's HighScalability time:

Afraid of AI? Fire ants have sticky pads so they can form rafts, build towers, cross streams, & order takeout. We can CRISPR these guys to fight Skynet. (video, video, paper)

If you like this sort of Stuff then please support me on Patreon.

 

  • 222x: Bitcoin less efficient than a physical system of metal coins and paper/fabric/plastic; #1: Python use amongst Spectrum readers; 3x: time spent in apps that don't make us happy; 1 million: DigitalOcean users; 11.6 million: barrels of oil a day saved via tech and BigData; 200,000: cores on Cray super computer;$200B: games software/hardware revenue by 2021; $3K: for 50 Teraflops AMD Vega Deep Learning Box; 24.4 Gigawatts: China New Solar In First Half Of 2017; 

  • Quotable Quotes:
    • sidlls: I think instead there is a category error being made: that CS is an appropriate degree (on its own) to become a software engineer. It's like suggesting a BS in Physics qualifies somebody to work as an engineer building a satellite.
    • Elon Musk: AI is a fundamental existential risk for human civilization, and I don’t think people fully appreciate that
    • Mike Elgan: Continue reading

Docker Community Spotlight: Adina-Valentina Radulescu

Adina-Valentina Radulescu, a DevOps/Integration Engineer for Pentalog Romania, has been organizing meetups for not one but two meetup groups.

In February of last year, Adina founded Docker Brasov and Docker Timisoara, and has since done an amazing job creating and fostering a sense of belonging in her community. This month, we’re happy to shine the community spotlight on Adina to learn more about her Docker story.

Tell us about your first experience with Docker.

The first time I heard about Docker was back in 2014. I played around with Docker and I was impressed with the simplicity of integration so I wanted to learn more. I was able to attend DockerCon EU in 2015 in Barcelona where I completed some labs and attended the talks to learn as much as I could about Docker. It was a powerful feeling.

Why did you start Docker Brasov and Docker Timisoara?

I wanted to have a Docker sharing exchange experience when I get back in Romania. I relocated from Timisoara to a beautiful mountain city, Brasov. In Timisoara, I knew people and companies. In Brasov, I knew almost no one. This is why I decided to start the two groups so I Continue reading

1 2,008 2,009 2,010 2,011 2,012 3,876