dokucama

User Tools

Site Tools

Trace: networking
network_stuff:juniper:mx

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

network_stuff:juniper:mx [2021/03/09 13:11] jotasandokunetwork_stuff:juniper:mx [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 14: Line 14:
  
 Example eBGP config Example eBGP config
 +  set routing-options autonomous-system 65000
   set protocols bgp group PEER type external   set protocols bgp group PEER type external
   set protocols bgp group PEER local-address x.x.x.x   set protocols bgp group PEER local-address x.x.x.x
Line 448: Line 449:
   * Junos OS chooses the OSPF route, because of the default preference 10 for an internal OSPF route and 150 for an external OSPF route   * Junos OS chooses the OSPF route, because of the default preference 10 for an internal OSPF route and 150 for an external OSPF route
   * **In our case OSPF is less preferred than xBGP set protocols ospf external-preference 200**   * **In our case OSPF is less preferred than xBGP set protocols ospf external-preference 200**
-  * IOS follows Rfc 1771 and eBGP routes are advertised to iBGP peers. Junos: Not by default (on purpose as rfc behaviour might clog ibgp and even traffic loops).to make junos compliant with rfc and IOS we can do advertise inactive.+  * IOS follows Rfc 1771 and eBGP routes are advertised to iBGP peers. Junos: Not by default (on purpose as rfc behaviour might clog ibgp and even traffic loops).In order to make Junos compliant (with rfc and IOSwe can do advertise inactive.
   *  Juniper created a compatibility knob for this situation, called advertise-inactive. When applied to an EBGP peering session, this knob results in the advertisement of the best BGP route that happens to be inactive because of IGP preference.   *  Juniper created a compatibility knob for this situation, called advertise-inactive. When applied to an EBGP peering session, this knob results in the advertisement of the best BGP route that happens to be inactive because of IGP preference.
   * junos 'route preferences': **OSPF-IA 10** ; IS-IS-L1-int 15 ; IS-IS-L1-int 18 ; **OSPF-E 150** ; IS-IS-L1-ext 160 ; IS-IS-L1-ext 165 ; **BGP 170**   * junos 'route preferences': **OSPF-IA 10** ; IS-IS-L1-int 15 ; IS-IS-L1-int 18 ; **OSPF-E 150** ; IS-IS-L1-ext 160 ; IS-IS-L1-ext 165 ; **BGP 170**
Line 658: Line 659:
  
 IPSEC VPN (MS-MIC MS-MPC):\\ IPSEC VPN (MS-MIC MS-MPC):\\
-  * [[https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/settingupIPsec.htm]] +  * [[https://docs.cloud.mycompany2.com/en-us/iaas/Content/Network/Tasks/settingupIPsec.htm]] 
-  * [[https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Reference/junipermxCPE.htm]] +  * [[https://docs.cloud.mycompany2.com/en-us/iaas/Content/Network/Reference/junipermxCPE.htm]] 
-  * [[https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/connectivity-redundancy-guide.pdf]]+  * [[https://docs.cloud.mycompany2.com/en-us/iaas/Content/Resources/Assets/whitepapers/connectivity-redundancy-guide.pdf]]
   * [[https://www.juniper.net/documentation/en_US/junos/topics/example/ipsec-configuring-on-ms-mic.html]]   * [[https://www.juniper.net/documentation/en_US/junos/topics/example/ipsec-configuring-on-ms-mic.html]]
  
Line 672: Line 673:
   set firewall family inet filter vpn-filter term admin-services-esp then accept   set firewall family inet filter vpn-filter term admin-services-esp then accept
  
-TROUBLESHOOT:\\+TROUBLESHOOTING IPSEC:\\
   show services ipsec-vpn ipsec security-associations detail  # like 'sho crypto isakmp sa'   show services ipsec-vpn ipsec security-associations detail  # like 'sho crypto isakmp sa'
   show services ipsec-vpn ipsec statistics    show services ipsec-vpn ipsec statistics 
   show services ipsec-vpn ipsec security-associations ipsec_ss_ms_5_2_01 # # like 'sho crypto ipsec ' # like 'sho crypto ipsec sa'   show services ipsec-vpn ipsec security-associations ipsec_ss_ms_5_2_01 # # like 'sho crypto ipsec ' # like 'sho crypto ipsec sa'
 +
 +
 +----
 +
 +__TROUBLESHOOTING NETFLOW (troubleshooting jflow)__
 +\\
 +Jflow and Netflow are essentially [[https://community.juniper.net/communities/community-home/digestviewer/viewthread?MID=73286|identical]].
 +\\
 +cflowd (netflow from alcatel), netstream (netflow from huawei)
 +
 +  show services accounting flow inline-jflow fpc-slot 0
 +  show services accounting flow inline-jflow fpc-slot 3
 +  show services accounting flow inline-jflow fpc-slot 7
 +  From Shell
 +  start shell pfe network fpc0
 +  debug cos halp show ifds local-only
 +  debug cos halp all_stats non-zero
 +  exit
 +  start shell pfe network fpc3
 +  debug cos halp show ifds local-only
 +  debug cos halp all_stats non-zero
 +  exit
 +  start shell pfe network fpc7
 +  debug cos halp show ifds local-only
 +  debug cos halp all_stats non-zero
 +  exit
 +  From mspmand
 +  start shell
 +  vty -s mspmand fpc0
 +  plugin jflow show statistics
 +  quit
 +  vty -s mspmand fpc3
 +  plugin jflow show statistics
 +  quit 
 +  vty -s mspmand fpc7
 +  plugin jflow show statistics
 +  quit
 + 
      
network_stuff/juniper/mx.1615295510.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki