Screenos to Junos commands

This should be useful if you are new to junos, but old to screenos

Excellent Junoscript tutorial

Here is an excellent video by Juniper on how to get started with Junoscript. This video is excellent! I have been writing Junoscripts for a while now and learned some new things from this video, highly recommended.

Download it

Qemu and vmware internetworking

Good info on how to get qemu and vmware vms to talk

What I have been up to: SRX performance is off the charts

Well I kind of hate just putting something about nothing, but just for updates sake. I have been stoopid busy lately. I just got through testing an srx3400 (which is the low-end midrange box, there are three other higher performing boxes) for performance using breaking point elite box. All I can say is wow, these product line is off the charts in terms of performance, mind boggling connections per second.  I have also been working on some new junoscripts to display in the cli a more concise summary of the policy hit counts much like you would see in IOS. I have also been working on a UAC/NAC proof of concept using juniper’s UAC, SA 2500, ex 4200, an SSG5 and an enterasys 2G4072-52.

Here is what i tested in SRX and some perf numbers (Junos 9.5)

Perf numbers:

Ran IMIX of tcp traffic, ramping up 150K new connections per second up to 1M concurrent sessions, 10Gbps throuhput for 10 mins. This was with full stateful firewall. This test was done using a breaking point elite with 2x10GE ports.

Also successfully ran 10Gbps udp at 1400bytes packets, 512 byte packets, no problem. 64 byte packets are a problem because there is a hard limit of 1M pps on each SPC.

Other SRX tests:

Jsrp – sessions are replicated, as of 9.5 only link detection for failover, 9.6 you can do track ip

NSM management – everything we wanted to see was there

Traffic logs – you can log session init, session close, idp deny, acl deny, however this must be sent out an IOC, not outa management port. this is because of the sheer volume of logs.

IDP – was able to block chat (Yahoo, gmail chat, aol IM)

Also working on some similar ns5k testing. I can post configs for any of this if anyone is interested.

Posted in Uncategorized. Tags: , . 6 Comments »

Juniper appliances in virtual machines

Just a quick recap of what I know works and what does not, and what I am not sure about. Any ideas or comments please post.


Secure Junos template

At my last job I created a NIST secure checklist for our cisco routers and applied it to each of them. I have been keeping my eye out for a Junos secure template and found one that seems reasonable. Tell me what you think.

Link …

Installing Juniper Networks NSM (Network and Security Manager) on CentOS

Juniper Networks NSM is their central manager for most of their products, soon to encompass their entire line of products. If you want to learn Juniper, you should take some time to learn NSM because it is going to be around a while. Here is a doc on how to create your own NSM server.

Link …

Mpls now part of Junos on EX switches

I have been waiting a while for this, the EX switches, at least the 3200 and 4200 support MPLS, L2 and L3 Vpns as of 9.5R1.8. No support for LDP signaled Mpls yet. I thought the EX8208 would not get MPLS until a few more releases down the road, but I could be wrong. Once I have a confirmation either way I will post it here.

Gre tunnel between a linux host and Junos

I wrote an article on how to set up GRE between a linux host and a Junos device.

Link …

BGP path selection

This is the way that BGP selects paths, which can be fairly involved, but the most common manner in which it is selected can remembered very easily.

Link …

Posted in bgp. Tags: . Leave a Comment »