Juniper SRX Op Script: op-monitor

On the data center SRX’s running “show security flow session summary” will return all of the sessions on each SPC.  This can be a bit time consuming when your SRX is fully loaded with SPCs.  A great way to find out how many sessions are on each SPC at any given moment is the “srx-monitor” … Continue Reading

Serial Port to Named Pipe in VMware Fusion

If you need to be able to input information to a serial port in VMware Fusion, it can be a royal pain. I tried to gather all of the info I could to help those with VMware Fusion view serial port information. Programs to install: XCode (updated) (Link) XCode Command Line Developer Tools (link) Macports … Continue Reading

Troubleshooting a @JuniperNetworks SRX Flow

How I troubleshoot on an SRX Prerequisite: Log Everything! Look for logs If you see denied logs, the SRX is not allowing the flow. Check the policy configuration: Make sure this traffic is hitting the correct policy Change the policy or reorder policies to allow the traffic If you see permitted logs, the SRX is … Continue Reading

The Value of a Certification

Originally Featured on The Champion Community Blog “What’s in a name?”  Who would have thought that Shakespeare’s observations about names in Romeo and Juliet would still have relevance almost 400 years later, especially in the tech field.  These were two star crossed lovers who could care less about names and identification, but not the rest … Continue Reading

Juniper Route Selection Process (BGP)

I’ve had to look this up more than a few times, so I figured I’d throw it here for anyone else looking. Yes, I know it’s all over the Internet, but one more place doesn’t hurt does it? And remember, the LOCAL PREFERENCE value is the only value where HIGHER is better. Route Preference (BEFORE BGP Path … Continue Reading

SRX Clustering (cluster-id 0)

You can disable clustering in a Juniper SRX with the following command: set chassis cluster disable You can also disable clustering with this command: set chassis cluster cluster-id 0 This goes against the way most things work inside JUNOS. Typically, if you have a numbered field, it always starts at Zero. Not the case for … Continue Reading

Route Distinguishers (auto vs. manual)

Automatic Route-Distinguishers vs. Manual Route-Distinguishers Every MPLS VRF needs a unique route distinguisher.  This is needed for BGP to tell the difference between two of the same prefixes on two different VPNs.  You wouldn’t want the route-selection process to perform a route-selection between the two because they’re in separate routing domains. Both JUNOS and IOS-XR … Continue Reading

JUNOS BGP Damping Policies

Attached is a good starting point for damping policies.  You could create different damping policies per BGP group/neighbor, but a standard set allows an enforced “network-wide” BGP damping policy. Download BGP_Damping_config_template_stanza.txt To apply the policy, you just add the damping knob and add the policy to the import policy list before any ACCEPT actions are done. I … Continue Reading

Rate Limit Per IP in JUNOS

If you want to rate limit certain IP’s in JUNOS, here’s an easy way to do it! This policer will set each IP to a bandwidth limit of 64 Kbps and allow up to 128 KBps of burst. Remember that burst-size is BYTES whereas bandwidth is BITS.