network_stuff:juniper:qfx
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| network_stuff:juniper:qfx [2020/10/16 14:33] – jotasandoku | network_stuff:juniper:qfx [2024/09/25 14:18] (current) – jotasandoku | ||
|---|---|---|---|
| Line 15: | Line 15: | ||
| **MC-LAG**\\ | **MC-LAG**\\ | ||
| + | [[https:// | ||
| + | |||
| * Configuration with examples: [[https:// | * Configuration with examples: [[https:// | ||
| * Static arp in vrrp (l3) mc-lag: [[https:// | * Static arp in vrrp (l3) mc-lag: [[https:// | ||
| Line 20: | Line 22: | ||
| * Inter-chassis Control Protocol (ICCP): It uses TCP as a transport protocol and requires Bidirectional Forwarding Detection (BFD) for fast convergence | * Inter-chassis Control Protocol (ICCP): It uses TCP as a transport protocol and requires Bidirectional Forwarding Detection (BFD) for fast convergence | ||
| * Interchassis link-protection link (ICL-PL) : Each ICL can learn up to 512K MAC addresses. | * Interchassis link-protection link (ICL-PL) : Each ICL can learn up to 512K MAC addresses. | ||
| + | * *Consistency tools* (require 'set multi-chassis mc-lag consistency-check' | ||
| Line 71: | Line 74: | ||
| show ospf database router lsa-id 148.64.56.250 detail | show ospf database router lsa-id 148.64.56.250 detail | ||
| show ospf database external lsa-id 0.0.0.0 detail | show ospf database external lsa-id 0.0.0.0 detail | ||
| - | | ||
| - | |||
| - | ---- | ||
| - | **EVPN AND VXLAN**\\ | ||
| - | MAC addresses conveyed via bgp. Datacenter. At the end of the day these are knobs to avoid using L3!. Listen to this [[https:// | ||
| - | * ESI—An Ethernet segment must have a unique nonzero identifier, called the Ethernet segment identifier (ESI). The ESI is encoded as a 10-octet integer. When manually configuring an ESI value, the most significant octet, known as the type byte, must be 00. When a single-homed CE device is attached to an Ethernet segment, the entire ESI value is zero. The Ethernet segment of the multihomed Device CE1 has an ESI value of 00: | ||
| - | * EVI—An EVPN instance (EVI) is an EVPN routing and forwarding instance spanning all the PE routers participating in that VPN. An EVI is configured on the PE routers on a per-customer basis. Each EVI has a unique route distinguisher and one or more route targets.An EVI is configured on Routers PE1, PE2, and PE3. | ||
| - | * Rest of the info in: [[https:// | ||
| - | |||
| - | |||
| ---- | ---- | ||
| + | |||
| PORT MIRRORING: | PORT MIRRORING: | ||
| Line 118: | Line 112: | ||
| set snmp v3 vacm access group SNMPV3GROUP default-context-prefix security-model usm security-level privacy notify-view SNMPVIEW | set snmp v3 vacm access group SNMPV3GROUP default-context-prefix security-model usm security-level privacy notify-view SNMPVIEW | ||
| set snmp view SNMPVIEW oid .1 include | set snmp view SNMPVIEW oid .1 include | ||
| + | \\ | ||
| + | **If snmpv3 fails in EX4600 (after an upgrade or NMS change, try this):** | ||
| + | del snmp v3 | ||
| + | set snmp engine-id local 88e64b801438 | ||
| + | commit | ||
| + | restart snmp gracefully all-members | ||
| + | |||
| + | set snmp location Coresite-LA1 | ||
| + | set snmp contact " | ||
| + | set snmp v3 usm local-engine user ODC authentication-sha authentication-password " | ||
| + | set snmp v3 usm local-engine user ODC privacy-aes128 privacy-password " | ||
| + | set snmp v3 vacm security-to-group security-model usm security-name ODC group SNMPV3GROUP | ||
| + | set snmp v3 vacm access group SNMPV3GROUP default-context-prefix security-model usm security-level privacy read-view SNMPVIEW | ||
| + | set snmp v3 vacm access group SNMPV3GROUP default-context-prefix security-model usm security-level privacy notify-view SNMPVIEW | ||
| + | set snmp view SNMPVIEW oid .1 include | ||
| + | |||
| + | restart snmp gracefully all-members | ||
| + | |||
| + | |||
| + | MERAKI:\\ | ||
| + | So we can monitor snmp through the meraki public IP, we do the following (example): | ||
| + | |||
| + | Meraki > Firewall > forwarding rules | ||
| + | csw3-snmp 1613 > 10.20.3.42 161 (restrict sourc | ||
| + | |||
| + | NMS:\\ | ||
| + | Multiple devices with the same IP (the meraki public IP), then we configure observium with the different forwarded ports (eg: 1613) | ||
| + | cat /etc/hosts | ||
| + | 67.212.55.69 csw2.mydomain.com | ||
| + | 67.212.55.69 csw3.mydomain.com | ||
| + | 67.212.55.69 csw4.mydomain.com | ||
| + | |||
| + | |||
| + | This is to enable non standard ports for certain devices: | ||
| + | |||
| + | [rancid@nms]$ cat .cloginrc | ||
| + | add password fw0* {} {} | ||
| + | add user * rancid | ||
| + | add password * password | ||
| + | add identity * / | ||
| + | add method csw3.la1.mycompany1.co.uk {ssh:1023} | ||
| + | add method csw4.la1.mycompany1.co.uk {ssh:1024} | ||
| + | add method {ssh -o UserKnownHostsFile=/ | ||
| + | add method {ssh -o UserKnownHostsFile=/ | ||
| + | add method * ssh | ||
| + | add noenable fw0* {0} | ||
| + | add cyphertype fw0*.dc.mycompany1.co.uk aes256-cbc | ||
| + | |||
| + | |||
| + | ---- | ||
| + | __AIRFLOW / FANS__ | ||
| + | \\ | ||
| + | * AFI (AIR FLOW IN) - Port-side intake (PI) - refers to the airflow direction where the air is drawn from the **front** (fan side) and exhausted out the **back** (ports side). | ||
| + | * AFO (AIR FLOW OUT) - Port-side exhaust (PE) - refers to the airflow direction where the air is drawn from the **back** of the device (ports side) and exhausted out the **front** (fan side). | ||
| + | {{: | ||
network_stuff/juniper/qfx.1602858806.txt.gz · Last modified: (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
