≡ Menu

The following JunOS configuration has been tested on PlusNet Fibre broadband running with external BT Openreach Modem. This setup should work with other VDSL/FTTC providers since they use the same underlaying BT infrastructure.

  • The configuration has been tested on SRX210H running JunOS 11.4R9.4 & 12.1X44-D35.5
  • BT Openreach modem connect to interfaces fe-0/0/7 on the SRX

Set the underlaying interface encapsulation to be PPP-Over-Ethernet.

set interfaces fe-0/0/7 unit 0 encapsulation ppp-over-ether

Set PPP Options with Authentication method CHAP.

If your ISP happen to use PAP Authentication method, then you need to reflect that.

set interfaces pp0 unit 0 ppp-options chap default-chap-secret YOUR-PASSWORD
set interfaces pp0 unit 0 ppp-options chap local-name YOUR-USERNAME
set interfaces pp0 unit 0 ppp-options chap no-rfc2486
set interfaces pp0 unit 0 ppp-options chap passive

[click to continue…]

How to Configure Failover on Cisco ASA Firewall

Configuring a Cisco ASA firewall to achieve resiliency is straightforward. Implementing the failover feature in the firewall to be on Active Standby mode can achieved by the following commands.

Please note that it is not recommended to use the Management interface for failover purposes, especially for stateful failover in which the security appliance constantly sends the connection information from one security appliance to the other.

Furthermore, we have to consider the future implication of using such Management Interface, as you may be want to create a completely new network for the Out Of Bound (OOB) access where the Management Interface on each device will participate. Therefore, using a Management Interface might cause design issues in the future.

On this example below, I will be using GigabitEthernet0/5 on both devices as the Failover interface.
[click to continue…]

Border Gateway Protocol (BGP) as SDN Backbone

Border Gateway Protocol (BGP) is the core of Internet and yet its versatility is hardly utilised by majority of the networking community within a data centre environment. BGP is widely used by the service provides and also in conjunction with MPLS. In the introduction of Software-Defined Networking (SDN), the whole concept of network will change dramatically in the coming years; some could say it has already changed, and I agree. We will hardly be managing devices individually and it will become impractical to manage 100s or even 1000s of devices in a data centre architecture.

Why Border Gateway Protocol?

I will try and justify my views as how BGP would be the perfect candidate as a SDN backbone. However, other protocols will still tick some of the boxes but those won’t be able to tick every boxes as BGP does.

Versatility

I can’t think of a protocol which is versatile enough to handle control plane and data plane separate, yet when it comes to talking between control and data plane, it does it efficiently. After all, SDN is all about separating Control Plane from Data Plane.
[click to continue…]

Is SecureCRT worth it?

You are probably here becasue you have asked the same question as I did before purchasing SecureCRT: Is it worth me forking out $100 for a terminal emulator software?

This is probably one of the question every Network/Systems Engineer asks when it comes to buying a terminal emulator, or stick with freeware like Putty/TeraTerm etc on Windows, iTerm2 on Mac and Terminal on Linux.

There is a great post covered by Greg Ferro here, where he iterates that is it not good value for money. I do agree with him 100% where you could get such application on Mac App Store for around $25. However, when it comes to evaluating a software or any matter, one needs to consider the individual requirement before committing themselves financially to the purchase.

There are a number of questions I have asked myself before going ahead with the purchase…
[click to continue…]

4 Byte BGP Autonomous System Numbers

Like IPv4 Address space depletion, the 2-Byte (16 bit) BGP AS number is also running out. As per RFC4893 (BGP Support for Four-octet AS Number Space) 4-Byte Autonomous Systems (AS) numbers have been issued by the Regional Internet Registry (RIR).

2-Byte (16 Bit) Autonomous System Numbers
We have a total of 216 = 65536 Possible AS Numbers
Private AS Numbers: 64512 – 65534
Reserved AS Numbers: 59392 – 64511, 65535

4-Byte (16 Bit) Autonomous System Numbers
We have a total of 232 = 4,294,967,296 Possible AS Numbers
Any numbers ranging from 65536 to 4294967295 are considered 32Bit AS Numbers.

ASPLAIN
This is the IETF preferred notation of AS Numbers, where a 2-Byte AS Number such as 65535 is represented in the form of text in both command and CLI. Where a 4-Byte As number such as 65546 will be represented in the form of “65546″

ASDOT
As mentioned above, the ASDOT notation for the 2-Byte AS Numbers are represented in decimal format.
4-Byte AS Numbers is represented in the following format.
[click to continue…]

How to Upgrade Juniper SRX

In this case, I will be upgrading an SRX210H. This step is rather straight forward and If you require further clarification, please refer to the appropriate guide from Juniper Network’s Website.

First of all, Copy the JunOS Software into a USB FAT32 Formatted drive.

Make sure you have checked the integrity of the file by runnning md5sum, and compare it with the one listed on Juniper Network’s Website.

nish@WS /media/nish/JunOS $ md5sum junos-srxsme-11.4R9.4-domestic.tgz 
ac7a405477544d4a81b382f9816931d2  junos-srxsme-11.4R9.4-domestic.tgz
nish@WS /media/nish/JunOS $ 

Go into the Shell prompt by issuing the command nish@iNET> start shell if you are not already in there

Check the devices to see before plugging in the USB Drive containing JunOS.

% ls /dev/da*
/dev/da0        /dev/da0s1c     /dev/da0s2c     /dev/da0s3e     /dev/da0s4a
/dev/da0s1      /dev/da0s2      /dev/da0s3      /dev/da0s3f     /dev/da0s4c
/dev/da0s1a     /dev/da0s2a     /dev/da0s3c     /dev/da0s4
% 

[click to continue…]