Managing Junos Commit Time

I’ve been working with an ISP that is going to be using a large amount of configuration in the ‘groups’ section.  The statements there will be inherited into the main configuration using the ‘apply-groups’ statement.

This is a clever way of writing commands once and having them apply to multiple parts of the configuration.  At a basic level you could match on interfaces beginning with ‘ge-‘ or ‘xe-‘ and set an MTU on them all using one group statement. This MTU setting would not appear in the main configuration unless the configuration was displayed using “show | display inheritance”. There’s a nice explanation of how groups work over at this Packetpushers blog.

The downside is that if large amounts of configuration work is done in groups, applying the config can become slow during the ‘commit’ process.  

What happens under the hood when the user issues a commit in Junos?  You can see what happens if you issue a ‘commit | display detail’.  There is an example in this KB article.   As you can see there is a lot of parsing for commit-scripts, interface ranges and apply-groups at the start.  The config in these needs to be expanded and incorporated Continue reading

Managing Junos Commit Time

I’ve been working with an ISP that is going to be using a large amount of configuration in the ‘groups’ section.  The statements there will be inherited into the main configuration using the ‘apply-groups’ statement.

This is a clever way of writing commands once and having them apply to multiple parts of the configuration.  At a basic level you could match on interfaces beginning with ‘ge-‘ or ‘xe-‘ and set an MTU on them all using one group statement. This MTU setting would not appear in the main configuration unless the configuration was displayed using “show | display inheritance”. There’s a nice explanation of how groups work over at this Packetpushers blog.

The downside is that if large amounts of configuration work is done in groups, applying the config can become slow during the ‘commit’ process.  

What happens under the hood when the user issues a commit in Junos?  You can see what happens if you issue a ‘commit | display detail’.  There is an example in this KB article.   As you can see there is a lot of parsing for commit-scripts, interface ranges and apply-groups at the start.  The config in these needs to be expanded and incorporated Continue reading

F5 Virtual Appliance – How to install the VE LTM on ESXi

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
In my opinion F5 are the market leader in load balancing appliances. If you are just starting out and want to get some experience on the platform how do you do it? With a new F5 4000s coming in around $30,000 its not a cheap box to put in your lab. The answer is the F5 virtual […]

Other pages of interest:

Post taken from CCIE Blog

Original post F5 Virtual Appliance – How to install the VE LTM on ESXi

Risky Business #383 — Inside FireEye’s research gag

On this week's show we take a look at what the hell it happening in Germany, where FireEye sought and obtained an ex parte injunction against a bunch of security researchers over a presentation they were about to do at 44Con. We speak with infosec lawyer Alex Urbelis -- he was at 44Con when all this came to light and he shares his insights.

read more

Python up and running

Python has certainly become one of the top languages of the day.  In this post, I want to spend some time to get you up and running with it.  We’ll start with a base install of Python and then walk through an example to introduce some basic Python concepts.  If you’re in infrastructure, particularly networking, then Python is a language you should be putting some time towards learning.  Most of the vendors out there are coming out with some level of Python integration for their products.  Matt Oswalt spends some time in one of his recent posts talking about how important this integration is as well as gives a couple of examples.  Bottom line – all of us in infrastructure should be finding better ways to do things and Python is a good place to start. 

Note: If you’re interested in the future of networking as a whole, check out this other post from Matt Oswalt where he talks about next gen networking skills.  Good stuff.

I always like to start from the beginning so let’s start from absolute scratch.  I’m going to start with a CentOS 7 host that has Continue reading

CCIE Recert Should Be Like Wilderness Medicine Recert

Last winter I had to recertify CCIE. This time it felt like a negative, adversarial ordeal: reviewing and relearning a lot of stuff that I don’t use in order to justify the sunk costs of obtaining the certification. It’s also a zero-sum game: time spent on recertification is time not spent learning newer, more relevant things. I’ve seen a couple of blog posts (here and here) lately related to this issue. How could recertification be done better?

Outside my professional life, I’ve long been a search and rescue volunteer here in rural Colorado. As part of that, I maintain a Wilderness First Responder (WFR) certification. WFR is a certification for remote emergency medical care that starts as an 80-hour class. It’s required for most types of guiding and outdoor education careers.

Unlike with the CCIE, I always look forward to WFR recertification, even though it’s expensive and I have to take vacation time in order to do it. Why? It’s fun, cooperative, progressive, educational, and encouraging. It’s done as a 16-24 hour class that mixes classroom review, hands-on lab practice, and new material that’s been introduced or updated in the preceding years. This allows recertification candidates to interact Continue reading

Juniper vSRX Automation with Ansible

Virtual appliances not only provide for a great lab environment, but are the future of how network services will be tested, validated, and delivered within an Enterprise. And Juniper gets this – they spent a lot of time covering the vSRX and vMX product lines at the most recent Networking Field Day event.

Over the next few months, I’ll more than likely be spending a lot of time on Juniper gear, and it will be the virtual platforms, so it was good timing to get to be in the room to learn more about them along with many of the automation capabilities Juniper supports across their product families.

NETCONF Rules All for Juniper

While I have not spent as much time on Juniper kit as I would have liked over the past few years, the one awesome thing to see and experience first-hand is that they have a unified API (NETCONF) across all of their products.

Why is this so valuable? Well, for one, we get to use the same libraries and integrations across platforms. As an example, we can use the Juniper Ansible modules across any of their devices. In this post, we’ll take a look at using one Continue reading

Obama advisors: Encryption backdoors would hurt cybersecurity, net infrastructure vendors

Making encryption backdoors available to law enforcement would be bad for cybersecurity in general and hurt vendors that make encryption gear, a presidential advisory group says.While the FBI argues that it needs legislation to require access points into encryption platforms, the National Security Council is preparing to tell President Obama that the downsides include weakening the privacy of Internet communications, according to a draft NSC report obtained by the Washington Post.“[B]ecause any access point to encrypted data increases risk, if government efforts to secure access are successful, this approach would reduce cybersecurity,” the document says.To read this article in full or to leave a comment, please click here

There are two sides to every story

In today's "clock" controversy, the clock didn't look like these:


Instead, this is the picture of the device (from the police department):



It's in a "pencil case", not a briefcase. You can compare the size to the plug on the right.

They didn't think it was a bomb, but a "hoax bomb". If they thought it might be a real bomb, they would've evacuated the school. Texas has specific laws making illegal to create a hoax bomb -- it is for breaking this "hoax bomb" law that the kid was arrested.

This changes the tenor of the discussion. It wasn't that they were too stupid they thought it was a bomb, it was that they were too fascist believing it was intentionally a hoax.

These questioned him, and arrested him because his answers were "passive aggressive". This is wrong on so many levels it's hard to know where to begin. Of course, if the kid's innocent his answers are going to be passive aggressive, because it's just a clock!!!

It was the english teacher who turn him in. Probably for using a preposition at the end of a sentence. The engineering teacher thought it was a good project.

It's actually Continue reading

CloudFlare + WHMCS: Faster Websites For Your Customers

We’re at the cPanel Conference in Denver this week, so feel free to drop by our booth and say hello. It’s a great opportunity to connect with our partners and better understand their needs. We’re always trying to streamline our partners’ user experience, and we thought it would be a fitting time to walk through our recently updated WHMCS integration.

CloudFlare’s WHMCS 6.0 plugin lets hosting providers and registrars extend all the benefits of CloudFlare directly to their customers. You can offer your entire user base a global CDN with 62 points of presence, automatic web content optimization, basic DDoS protection, reputation-based threat protection, and much more with virtually no extra work.

These benefits are seamlessly integrated into your WHMCS client. All your customers need to do is click a button, and a new CloudFlare account will be configured for them.

Screenshot of WHMCS CloudFlare Integration

While signing up for an account on www.cloudflare.com only takes a few minutes, users do need to point the relevant DNS records to CloudFlare’s nameservers. Offerring a one-click solution via our WHMCS integration is a great opportunity for hosting providers and registrars to streamline the process for their customers.

Universal SSL with WHMCS

CloudFlare’s Universal Continue reading

Maybe with less hate

I wanted to point out President's rather great tweet in response to Ahmed Mohamed's totally-not-a-bomb:


The reason this tweet is great is that it points out the great stupidity of the teachers/police, but by bringing Ahmed up rather than bringing them down. It brings all America up. Though the school/police did something wrong, the President isn't attacking them with hate.

The teachers/police were almost certainly racist, of course, but they don't see themselves that way. Attacking them with hate is therefore unlikely to fix anything. It's not going to change their behavior, because they think they did nothing wrong -- they'll just get more defensive. It's not going change the behavior of others, because everyone (often wrongly) believes they are part of the solution and not part of the problem.

Issues like Ahmed's deserve attention, but remember that reasonable people will disagree. Some believe the bigger issue is the racism. Other's believe that the bigger issue is the post 9/11 culture of ignorance and suspicion, where Continue reading

7 security and privacy concerns at the polls

Presidential raceImage by ReutersA recent poll by Wakefield Research delved into the psyche of the American voter asking them many questions about who will lead them through cyberspace the next four years. According to the survey, which was sponsored by PKWARE, the majority (64 percent) of registered U.S. voters believe it is likely that a 2016 presidential campaign will be hacked.To read this article in full or to leave a comment, please click here

1 3,258 3,259 3,260 3,261 3,262 3,780