Troubleshooting a @JuniperNetworks SRX Flow

How I troubleshoot on an SRX Prerequisite: Log Everything! Look for logs If you see denied logs, the SRX is not allowing the flow. Check the policy configuration: Make sure this traffic is hitting the correct policy Change the policy or reorder policies to allow the traffic If you see permitted logs, the SRX is … Continue Reading

IDP isn’t a job, it’s a profession

Originally Posted on the Juniper Champion Community There are network engineers, there are security engineers, and then there are IDP (intrusion detection and prevention) engineers. Or at least there should be. I can’t count the number of times I’ve told enterprises during an IDP integration, “The configuration and setup I’m giving you is a good … Continue Reading

The Value of a Certification

Originally Featured on The Champion Community Blog “What’s in a name?”  Who would have thought that Shakespeare’s observations about names in Romeo and Juliet would still have relevance almost 400 years later, especially in the tech field.  These were two star crossed lovers who could care less about names and identification, but not the rest … Continue Reading

Juniper Route Selection Process (BGP)

I’ve had to look this up more than a few times, so I figured I’d throw it here for anyone else looking. Yes, I know it’s all over the Internet, but one more place doesn’t hurt does it? And remember, the LOCAL PREFERENCE value is the only value where HIGHER is better. Route Preference (BEFORE BGP Path … Continue Reading

SRX Clustering (cluster-id 0)

You can disable clustering in a Juniper SRX with the following command: set chassis cluster disable You can also disable clustering with this command: set chassis cluster cluster-id 0 This goes against the way most things work inside JUNOS. Typically, if you have a numbered field, it always starts at Zero. Not the case for … Continue Reading

Route Distinguishers (auto vs. manual)

Automatic Route-Distinguishers vs. Manual Route-Distinguishers Every MPLS VRF needs a unique route distinguisher.  This is needed for BGP to tell the difference between two of the same prefixes on two different VPNs.  You wouldn’t want the route-selection process to perform a route-selection between the two because they’re in separate routing domains. Both JUNOS and IOS-XR … Continue Reading

JUNOS BGP Damping Policies

Attached is a good starting point for damping policies.  You could create different damping policies per BGP group/neighbor, but a standard set allows an enforced “network-wide” BGP damping policy. Download BGP_Damping_config_template_stanza.txt To apply the policy, you just add the damping knob and add the policy to the import policy list before any ACCEPT actions are done. I … Continue Reading

Rate Limit Per IP in JUNOS

If you want to rate limit certain IP’s in JUNOS, here’s an easy way to do it! This policer will set each IP to a bandwidth limit of 64 Kbps and allow up to 128 KBps of burst. Remember that burst-size is BYTES whereas bandwidth is BITS.  

The New Global Language #JUNOS

Originally posted on the Juniper Champion Blog Secondary post on the Proteus Networks’ Blog Everyone has always said math is the global language. It’s true. No matter where you go in the world, 1+1=2 is expressed the same way and means the same thing. After traveling to several continents over the past few years implementing … Continue Reading