Archive

Archive for the ‘Work’ Category

Link aggregation on Redback SMS routers

April 7th, 2009
No comments

To configure link aggregation on Redback SMS routers you need to do the following.

Create the link group interface and assign an IP address to it

[local]Redback(config)#context local
[local]Redback(config-ctx)#interface AMS-IX
[local]Redback(config-if)#ip address 195.69.x.x/23
[local]Redback(config-if)#exit

Create the link group and bind it to its interface

[local]Redback(config)#link-group AMS-IX ether
[local]Redback(config-link-group)#bind interface AMS-IX local

Configure an ethernet port and add it to the link group

[local]Redback(config-config)#port ethernet 1/1
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#link-group AMS-IX
[local]Redback(config-port)#exit

Configure another ehternet port and add it to the link group

[local]Redback(config-config)#port ethernet 1/2
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#link-group AMS-IX
[local]Redback(config-port)#exit

To match the AMS-IX arp timeout (4 hours) you need to configure this under the interface

[local]Redback(config)#context local
[local]Redback(config-ctx)#int AMS-IX
[local]Redback(config-if)#ip arp timeout 14400
[local]Redback(config-port)#exit

Also, you can set your aggregated min-links to a value that will cause the bundle to drop in the event that your links can no longer support the amount of traffic you move trough the link-group.Thus, 2-port aggregated link, pushing 1.2 Gbps sustained across, drop bundle if n == 1;

[local]Redback(config)#link-group AMS-IX ether
[local]Redback(config-link-group)#minimum-links 2
[local]Redback(config-link-group)#exit

This config is made to interconnect with an aggregated link towards the AMS-IX. For other Link aggregation interconnects you need to make changes towards this config.

Networking, Tech, Work

JUNOS software Upgrade Redundant Routing Engines

August 31st, 2007
No comments

To upgrade Junos on a M-series Juniper with redundant routing engines you do it the following way. 

  1.  Log in to the master Routing Engine.

  1.  Enter the JUNOS software configuration mode:

    2. 	{master}

	marcel@re0.lab2> configure

  2.  Disable Routing Engine redundancy.

    3. 	{master} [edit]

	marcel@re0.lab2# delete chassis redundancy

  3.  Save the configuration change on both Routing Engines.

    4. 	{master} [edit]

	marcel@re0.lab2# commit synchronize and-quit

  4.  Log in to the backup Routing Engine.

    5.        {master}
            marcel@re0.lab2> request routing-engine login other routing-engine

    	{backup}

	marcel@re1.lab2> request system software add

	/var/home/marcel/jinstall-8.xxx.x-domestic-signed.tgz reboot

  1.  Switchover to the other Routing Engine to change the role.

    2.        {backup}
            marcel@re1.lab2> quit

           {master}
           marcel@re0.lab2> request chassis routing-engine master switch
          
               marcel@re0.lab2>

  1.  Install the new software version on the Backup Routing Engine.

    2. 	{backup}

	marcel@re0.lab2> request system software add

	/var/home/marcel/jinstall-8.xxx.x-domestic-signed.tgz reboot

  2.  Enable Routing Engine Redundancy again 

    3. 	{master}

	marcel@re1.lab2> configure

	[edit]

	marcel@re1.lab2# rollback 1



  3.  Save the configuration change on both Routing Engines

    4. 	[edit]	marcel@re1.lab2> commit synchronize and-quit



  4.  If you are satisfied that the new software is running smoothly

                     {master}

    	marcel@re1.lab2> request routing-engine login other routing-engine
    	{backup}

	marcel@re0.lab2> request system snapshot
    	{backup}

	marcel@re0.lab2> quit

Juniper, Networking, Work

Juniper Aggregated Links

August 28th, 2007
No comments

Something about aggregated links on Juniper M series.

It is not hard to config aggregated links.
[edit]
marcel@lab2# show chassis
aggregated-devices {
    ethernet {
        device-count 2;
    }
}
---
[edit]
marcel@lab2# show interfaces ge-1/0/0
gigether-options {
    802.3ad ae0;
}

[edit]
marcel@lab2# show interfaces ge-1/1/0
gigether-options {
   802.3ad ae0;
}
[edit]
marcel@lab2# show interfaces ae0
description "AE0 towards lab-1";
unit 0 {
   family inet {
       filter {
           input AMSIX-in;
           output AMSIX-out;
       }
       address 10.10.4.2/30;
   }
   family inet6 {
       address 2001:0960:1300:1144::1/64;
   }
}
It is also possible to use load balancing per packet.

Juniper, Networking, Work

Blog update

August 15th, 2007
No comments

I’m going to change my weblog a bit i don’t like the Font i’m using plus i don’t like it to have technical stuff between my other posts. http://tech.ten-berg.nl will be my weblog with techtalk in a few day’s Old postings will remain in this weblog new stuff will go in a new thingie :) So get back in a few day’s and you will find some stuff changed

Tech, Work

Netscreen IPv6 Configuration

April 24th, 2007
No comments

IPv6 is possible on a Netscreen device. JTAC only gives support on the bigger models ( I used an 5gt-wireless to setup a tunnel)

Be advised that the IPv6 part of the webinterface is buggy.

I build the tunnel between an Juniper M7i and a Netscreen 5gt-wireless
You only will find the config to configure your Netscreen device in this document.

First step to do is to enable ipv6 in the device. You have to do this on the commandline (serialconsole/telnet/ssh).

Config needs to be done on the command line of your netscreen device

set envar ipv6=yes

Save your config and reset the device.

Some Background info:

  • Trust interface 10.10.10.1 – Trust
  • Untrust interface – Untrust
  • IPv6 broker (choose any you like. SixXs is preffered) – 213.204.x.x
  • IPv6 subnet – 2001:960:2000::/48

First configure the Trust interface:

set interface "Trust" ipv6 mode "router"
set interface "Trust" ipv6 ip 2001:960:2000::2/48
set interface "Trust" ipv6 enable
unset interface Trust ipv6 ra link-address
set interface Trust ipv6 ra transmit
set interface Trust ipv6 nd nud
The trust interface is configured with the IPv6 subnet, also auto configuration of other devices behind the trust interface should be working.

Time to configure the tunnel:

set interface "tunnel.6" zone "Untrust"
set interface tunnel.6 ip unnumbered interface Untrust
set interface "tunnel.6" ipv6 mode "host"
set interface "tunnel.6" ipv6 enable
set interface tunnel.6 tunnel encap ip6in4 manual
set interface tunnel.6 tunnel local-if bgroup2 dst-ip 213.204.x.x

Next step is to setup a static route towards the far end side:

set route ::/0 interface tunnel.6 gateway :: preference 20

Now we need a policy to allow traffic in/out:

set policy id 77 from "Trust" to "Untrust" "Any-IPv6" "Any-IPv6" "ANY" permit log
set policy id 77
set policy id 78 from "Untrust" to "Trust"  "Any-IPv6" "Any-IPv6" "ANY" permit log
set policy id 78

Use these policy’s at your own risk. Your IPv6 network is now fully open. You need to configure strict policy’s to keep your network safe.

NOTE: Do not ask me questions how to configure your clients behind a netscreen. Google is your friend.
I’m not a tunnel-broker so stop bugging me with questions to get an IPv6 Tunnel !!!!

Read more…

Netscreen, Networking, Work