Category Archives: Junos

vendor operating system

Junos – LDP troubleshooting

1 Reply
I have been working my way through the Day one: MPLS for enterprise engineers and the first basic configuration is for LDP.  I setup the four router topology on my macbook pro and then on my day off I decided to run through it again on my home server for some extra practice.  I will firstly mention that I had forgotten that these vSRX devices had been previously configured with a random topology I was using a few weeks back.
Day One MPLS - Topology
I ran through the 3 basic commands to configure ldp and enable mpls on the routers, firstly on the P router and then on the PE routers.

I used show ldp interface and confirmed that LDP was running on all the core facing links (all the links from the PE routers back to the P router) but not active on the customer facing links:
ldp interface
I could see that the LDP neighbours with the show ldp neighbor command:
ldp neighbours routerid
At this point not having a lot of experience configuring or troubleshooting LDP I expected that all was well, however this was not the case.  As I continued on through the day one guide, verification of the LDP database did not look as expected.  In fact there was no label exchange happening at all.  Closer inspection showed that there were no bindings in the database:
ldp database
The reason I noticed this was because when I was checking for the inet.3 route table neither mpls.0 or inet.3 route tables existed.
empty route table
At this point I double checked all my configuration as per the day one guide and all the config I had was right.  Reachability was working as expected, pings between all interfaces were working as expected.  I noticed that the loopback IPs in the day one guide were all set to 172.16.0.x/32 on each box so I went ahead and configured these but still no dice, No matter what I tried I could not see anything in the ldp database.

Now remember earlier I said these devices had previously been used in another topology?  Well when I checked the output of show ldp neighbor I could see the neighbour listed on the correct interface, however I could not work out where the 1.1.1.1 and 2.2.2.2 neighbour addresses were coming from or why the label space ID was showing these addresses…

Long story short, I review the configuration on the devices again and found that I had the router ID specified under the routing-options hierarchy for each device, eg: vsrx 1 = 1.1.1.1, vsrx2 = 2.2.2.2 and so on.  The issue here is that these prefixes are not actually reachable as they were only used as the router id on the box and they are not present on any of the interfaces or in the routing table.

Once the router ID was removed from under the routing-options section, we saw the label space ID correctly list the respective loopback IP address in both show ldp neighbours and show ldp interface, the ldp database was populated and we could also see the inet.3 and mpls.0 route tables were now available.

end pic 1

I still don’t understand why the devices were trying to use the router-id specified under the routing-options hierarchy in the first place, as the IP on the loopback interfaces were completely different.

According to the day one guide, LDP in Junos attempts to setup the LDP session between the loopback address of each router so obviously if the loopback addresses are not advertised into the IGP they will not form an adjacency.  Junos in this case was taking the router id set in the routing-options hierarchy and enabling this as the loopback interface IP  (which is was not, there was a different IP set on the interface itself) hence the adjacency did not form.

For whatever reason even though the loopback addresses were configured, advertised and reachable via the IGP from each router, LDP was choosing to use the IP address configured in the router-id section of the config which was not advertised or reachable.

If anyone knows why this is the case please feel free to ping me and let me know.

Junos – Using vSRX as a lab router in Virtualbox

Leave a Reply

I have been attempting to work through the kindle book, Day One: MPLS for enterprise engineers by Darren O’Connor to get some more experience with mpls and Junos. I went ahead and setup some vSRX VMs on my lab server and had a mess around, which was cool, however I have a long commute and so I thought it would be a nice to set these up in virtualbox on my macbook pro.

The first attempt was not successful as there are a few setting that need to be changed after creating the VMs, but then I happened across a tweet (I’m sorry I don’t remember who it was) for a link to a Juniper Learning byte on youtube showing how to install and configure vSRX in virtualbox.

Creating a Junos sandbox with vsrx and virtualbox

This was great, but I found as I started to lab up the examples from the Day One guide, I was running into all sorts of weird issues that turned out to be caused by the firewall filter on the vSRX (it is a firewall after all!). I spent a lot of time researching how to get lots of protocols up and working as expected without adding a million firewall rules eg: ping/ssh/traceroute, ldp, ospf etc which in turn was taking time away from working through the day one guide.

Then I stumbled across this link on the Juniper Forums.

If you run the following commands from the top of your config and then reboot the device, you will set the vSRX into packet mode which basically turns off all the firewalling and makes the box act just like a router:

delete security
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based
set security forwarding-options family inet6 mode packet-based

I am not sure if this introduce any other oddities but now I can correctly see the ldp and mpls tables so i think I have found the solution here. I thought I would post this as it took much longer than expected to sort this issue out.

Juniper JNCIA

Leave a Reply

jn_certified_associate_rgb

Inspired by the ICT Networks Junos start program training I went to a couple of weeks back I decided to take a look into the Juniper certification tracks and as part of this I sat and passed the JNCIA-Junos exam yesterday. For those not familiar with the Juniper certification paths the JNCIA is the prerequisite for all certification tracks , similar to what the CCNA used to be on the Cisco side of the house. For study materials I used the free PDF from the Juniper Fast track program and as I worked through these I realised that the free ICT Network Junos start program was a pretty good introduction course for this exam too.

Another bonus of the fast track program is the ability to get a 50% discount voucher for the JNCIA exam just by getting a score of 70% or more on the pre assessment exam, which is available once you log into the fast track website. This brought the exam cost down to only $50US , which after sitting many reassuringly expensive Cisco exams was a nice little bonus.

My goal is the Cisco service provider track but I like what I see from Juniper and I am starting to think it will be beneficial to go down the service provider road with Juniper as well, It also doesn’t hurt that Juniper are quite big in the carrier routing space so I can only see experience on both Cisco and Juniper platforms as a plus. Even with SDN gaining more traction in the industry I think there will always be a need for skilled engineers with a deep understanding of how protocols work, which in my mind is the biggest benefit of vendor certification…plus its also nice sometimes to get a little recognition in the form of a certificate/industry credential to show for it too.

The testing centre was average as usual, the machine took around 10 mins to finally start up the exam and once I finished no score report was printed, even the staff were pretty clueless why this was. I was a little concerned that I might have wasted 50 bucks as it seemed (according to the Pearson Vue website) like I had not attended the appointment, but later on that night the website updated showing the exam had been passed as well as the score report.

The JNCIA exam itself is not too challenging and should be pretty easy if you have some networking knowledge already (CCNA for example) and have read through the fast track PDFs. I wouldn’t say that hands on experience with Juniper gear is a necessity however the vSRX Firefly trial VM is freely available for download and it is very easy to spin up a few VMware instances (or even just one) to explore the cli commands. In terms of difficulty I have read that the Cisco comparison exam is around the CCENT level of but its been so long since I sat that it’s hard for me to gauge so I can’t really compare the two.

While working thorough the training materials I found that there are quite a few nice features in the Junos cli that I liked and thought were pretty interesting. I am putting together a list of useful commands as I find them so that might become a blog post one day.

Overall this was a nice little intro to Junos and I am looking forward to firing up my virtual server and getting into the JNCIS-SP track.  For anyone looking for some more info on Juniper certification or training check out the links below:

Juniper Fast Track Portal
Juniper Certification Tracks
vSRX Trial Download
ICT Networks Junos Start Program