This just daily simply note.

If we used to copy paste easily configuration in Cisco, then we should be able to do so in JunOS.
Usuallythis method implemented on new Cisco Router with Old Configuration.
Though yes, some rows still missing

Anyway,

Here the Command how to do that in JunOS.
Ensure that you have ‘root’ user in your brand new JunOS with a default configuration set at the beginning unless the copy and paste process doesn’t work.

admin@JunOS#load replace terminal [Enter]
“bla bla bla end with ctrl d”…

[paste all desired configuration here]
[ctrl d]

admin@JunOS#commit

Done

a. rahman isnaini r.sutan

Enabling IPv6 on Juniper SRX series needs a bit extra configuration.
After standard IPv6 Address configured & with rib inet6.0 in routing-option, you have to add
“security forwarding-options family inet6 mode packet-based” at the global configuration to have IPv6 routable.
rib inet6.0 {
static {
route 0::/0 next-hop 2001:df0:48::1;
}
}

SELF PING
=================================================================
admin@SRX# run ping 2001:df0:48::50
PING6(56=40+8+8 bytes) 2001:df0:48::50 –> 2001:df0:48::50
16 bytes from 2001:df0:48::50, icmp_seq=0 hlim=64 time=0.888 ms
16 bytes from 2001:df0:48::50, icmp_seq=1 hlim=64 time=0.368 ms

Read the rest of this entry »

Nope Sure Yet,

SRX 650 is a good choice for SOHO security solution.
One thing we found last week “If the IPv6 features enabled in Juniper SRX 650, all security features will Off”. ?

So the SRX can only act as an usual Packet Forwarder.

a. rahman isnaini r.sutan
“Juniper Issue This Week ?”

Situation :

- Your Admin Colleagues made changes on Router Configuration & not Committed yet.
- Your Admin Colleagues logged out improperly
- Your Admin Colleagues Unreachable by Phone, SMS, what ever
- You have to Commit your changes urgently
- Your Juniper said “The configuration has been changed but not committed” by the last logged admin.

Do this to see what changes made by last admin on the configuration. “Show | Compare” on Top Level configuration.
Or just simply do “Rollback” and re-commit to the last configuration before new uncommitted configuration added by last admin.

a. rahman isnaini r.sutan
“Juniper Daily Note”

Good features from Juniper :

1. Commit Check
Gives me, a good analyse on new added configuration.
Whether the config is right or any missing statement related to the changes made.
Similar to Commit, some boxes using “Apply” to have the configuration affected.
The point is, all added configuration can be verified before applied/commited,
while some boxes the change directly affected after pressing “Enter”.

2. Commit Confirmed [Very Good One !]
Gives me, a watching & waiting period during a change[s] made to a remote router.
If the new config was completely right & success, try to re-login and do commit before 10 minutes.
If the new config was failed & remote router couldn’t be accessed,
just wait for 10 minutes untill router does a rollback to the last config.
You should be able to re-login again after 10 minutes, this would save you from a journey / hiring remote engineer.

a. rahman isnaini r.sutan
“Daily Juniper Note”…

Activate / Deactivate Command is more like disabling / enabling configuration in JunOS.
The purpose is just to keep the setting / configuration by disabling / deactivating it.
Once you need to activate just one step to do

Drawback is keeping more config file size.
For small config changes is fine to have.

Here the steps example deactivating a term in a policy option - policy statement named “IMPORT-PCCW”

Steps :
===================================================
admin@junOS# deactivate term prefered-outgoing

[edit policy-options policy-statement IMPORT-PCCW]
admin@junOS# show
inactive: term prefered-outgoing {
from as-path PACNET;
then {
local-preference 6200;
accept;
}
}
term else {
from as-path ALL ;
then reject;
}

[edit policy-options policy-statement IMPORT-PCCW]

admin@junOS# commit
commit complete

[edit policy-options policy-statement IMPORT-PCCW]
====================================================

The Effect :

a. Before :

admin@junOS# run show bgp summary
Groups: 11 Peers: 13 Down peers: 4
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0            926409     313202          0          0          0          3
Peer               AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Damped…
xxx.yyy.ddd.aaa     ABCD     349732    19848       0       0  6d 21:04:56    40/300121/0          0/0/0

b. After :

admin@junOS# run show bgp summary
Groups: 11 Peers: 13 Down peers: 4
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0            926409     313202          0          0          0          3
Peer               AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Damped…
xxx.yyy.ddd.aaa   ABCD     349732    19848       0       0  6d 21:04:56    0/300123/0          0/0/0

– Daily Juniper Simple Notes
– a. rahman isnaini r.sutan

Your Interface :
==========

admin@JunOS#show
description ***TO-BGP-PEER***;
vlan-id 8;
family inet6 {
address 2404:170:251::A:A:1A/126;
}
[edit interfaces ge-1/3/0 unit 8]

The Command : refer to http://www.ip-stories.com/

BGP Setting :
=========

admin@JunOS#show
type external;
neighbor 2404:170:251::A:A:19 {
description CUSTOMER-IPV6;
import IPv6-CUSTOMER-IMPORT;
export IPv6-CUSTOMER-EXPORT;
peer-as 3940;
}

[edit protocols bgp group eBGP-IPv6]

The command :
admin@JunOS# set type external [different ASN]
admin@JunOS# set neighbor 2404:170:251::A:A:19 import IPv6-CUSTOMER-IMPORT export IPv6-CUSTOMER-EXPORT peer-as 3940
admin@JunOS# commit

Policy Setting :
==========

admin@JunOS#
policy-statement IPv6-CUSTOMER-IMPORT {
from as-path ALL;
then accept;
}
policy-statement IPv6-CUSTOMER-EXPORT {
from as-path ALL;
then reject;
}

as-path ALL .*

[edit policy-options]

The command :

admin@JunOS# set policy-statement IPv6-CUSTOMER-IMPORT from as-path ALL

[edit policy-options]
admin@JunOS# set policy-statement IPv6-CUSTOMER-IMPORT then accept

[edit policy-options]
admin@JunOS# set policy-statement IPv6-CUSTOMER-EXPORT from as-path ALL

[edit policy-options]
admin@JunOS# set policy-statement IPv6-CUSTOMER-EXPORT then reject
admin@JunOS# set as-path ALL .*
admin@JunOS# commit

BGP Status :
========

admin@JunOS# run show bgp summary
Groups: 17 Peers: 18 Down peers: 4
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0           1206977     309046          0          0          0          0
inet6.0             2416       2414          0          0          0          0
Peer               AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Damped…
2404:170:251::a:a:19  9340       1897          6       0       0        1:31 Establ
inet6.0: 2414/2416/0

a. rahman isnaini r.sutan

/64 is kind of waste of IPv6 Point to Point Address between two devices.
So, let’s work with /127

admin@JunOS# show
description ***UPSTREAM***;
vlan-id 510;
family inet {
address 192.168.224.221/30;
}
family inet6 {
address 2001:E00:F003::1/127;
}

[edit interfaces ge-1/3/0 unit 510]

admin@JunOS# run ping 2001:e00:f003::1
PING6(56=40+8+8 bytes) 2001:e00:f003::1 –> 2001:e00:f003::1
16 bytes from 2001:e00:f003::1, icmp_seq=0 hlim=64 time=0.212 ms
^C
— 2001:e00:f003::1 ping6 statistics —
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.212/0.212/0.212 ms

[edit interfaces ge-1/3/0 unit 510]
admin@JunOS# run ping 2001:e00:f003::0
PING6(56=40+8+8 bytes) 2001:e00:f003::1 –> 2001:e00:f003::
16 bytes from 2001:e00:f003::, icmp_seq=0 hlim=64 time=1.123 ms
16 bytes from 2001:e00:f003::, icmp_seq=1 hlim=64 time=0.892 ms
16 bytes from 2001:e00:f003::, icmp_seq=2 hlim=64 time=0.777 ms
16 bytes from 2001:e00:f003::, icmp_seq=3 hlim=64 time=1.151 ms
16 bytes from 2001:e00:f003::, icmp_seq=4 hlim=64 time=1.026 ms
16 bytes from 2001:e00:f003::, icmp_seq=5 hlim=64 time=0.981 ms
16 bytes from 2001:e00:f003::, icmp_seq=6 hlim=64 time=1.02 ms
^C
— 2001:e00:f003::0 ping6 statistics —
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max = 0.777/0.995/1.151 ms

[edit interfaces ge-1/3/0 unit 510]

a. rahman isnaini r.sutan

Configure IPv6 Address
======================

Configured yes, under interface mode.
Belows example shows IPv4 & IPv6 at one sub interface [Dual Stack]

admin@JunOS# set family inet6 address 2404:170:251::A:A:1A/126

[edit interfaces ge-1/3/0 unit 4]
admin@JunOS# show
description ***TO-CUST***;
vlan-id 4;
family inet {
address 192.168.224.45/30;
}
family inet6 {
address 2404:170:251::A:A:1A/126;
}

[edit interfaces ge-1/3/0 unit 4]

admin@JunOS# run ping 2404:170:251::A:A:19
PING6(56=40+8+8 bytes) 2404:170:251::a:a:1a –> 2404:170:251::a:a:19
16 bytes from 2404:170:251::a:a:19, icmp_seq=0 hlim=64 time=1.082 ms
16 bytes from 2404:170:251::a:a:19, icmp_seq=1 hlim=64 time=0.871 ms
16 bytes from 2404:170:251::a:a:19, icmp_seq=2 hlim=64 time=1.377 ms

Set Default Route
==================

Configured under routing-Option.
Please re-ensure that Ipv6 Static Route “NOT” under static mode but under rib mode named inet6.0 [what ever you named it].

admin@JunOS# set rib inet6.0 static route 0::/0 next-hop 2404:170:251::A:A:19
[edit routing-options]
admin@JunOS#commit

admin@JunOS# show
interface-routes {
rib-group inet all-ribs;
}
rib inet6.0 {
static {
route 0::/0 next-hop 2404:170:251::A:A:19;
}
}

admin@JunOS# run traceroute 2001:200:0:8002:203:47ff:fea5:3085 no-resolve
traceroute6 to 2001:200:0:8002:203:47ff:fea5:3085 (2001:200:0:8002:203:47ff:fea5:3085) from 2404:170:251::a:a:1a, 30 hops max, 12 byte packets
1  2404:170:251::a:a:19  1.314 ms  1.49 ms  1.121 ms
2  2404:c000:4000:4514:7:3852:5:1  29.669 ms  1.326 ms  4.286 ms
3  2404:c000:0:1::5  3.332 ms  3.122 ms  1.599 ms
4  2001:7fa:0:1::ca28:a1db  283.406 ms  288.813 ms  280.211 ms
5  2001:218:0:6000::13d  281.033 ms  281.488 ms  284.32 ms
6  2001:218:0:2000::101  269.061 ms  272.352 ms 2001:218:0:2000::15a  291.264 ms
7  2001:218:0:2000::5  289.404 ms 2001:218:0:6000::116  283.702 ms  282.235 ms
8  2001:218:0:6000::116  284.39 ms  285.519 ms 2001:218:2000:5000::82  274.299 ms
9  2001:200:0:10::141  274.942 ms 2001:218:2000:5000::82  277.802 ms  277.253 ms
10  2001:200:0:11::66  273.719 ms  274.504 ms  272.959 ms
11  2001:200:0:12::74  273.844 ms 2001:200:0:11::66  275.37 ms  275.73 ms
12  2001:200:0:4803:212:e2ff:fe28:1ca2  277.486 ms  276.499 ms 2001:200:0:12::74  276.379 ms
13  2001:200:0:4803:212:e2ff:fe28:1ca2  281.574 ms 2001:200:0:8002:203:47ff:fea5:3085  275.133 ms  275.072 ms

rgs
a. rahman isnaini r.sutan

If you are [used to] so familiar with CISCO .IlI..IlI. [Purchase "Used & Refurbished" Cisco]
And it always hard to find the online JunOS documentation sometimes
Next-Hop Self command was one of them.

Anyway directly I’d like to tell that you WILL NEVER found this next-hop self command in BGP configuration of M Series.
It’s located under a term of a Policy Statement as a choice of action to be taken after “THEN”.
Here :

admin@JunOS# set term policy-options policy-statement LINK-1-EXPORT term PREFIX-1 then next-hop self

Here the policy-statement LINK-1-EXPORT looks like :

admin@JunOS# show
term PREFIX-1 {
from {
prefix-list PREFIX-NETWORK-A;
}
then {
local-preference 5000;
next-hop self;
accept;
}
}
term ISP-D {
from {
as-path ISP-D;
}
then {
local-preference 5000;
next-hop self;
accept;
}
}
term else {
then reject;
}

This kind of configuration is very useful two load balance routes/prefixes volume between two routers which connected by two non-equal link using iBGP.
Why ? it might happened these ways :

- You have announced separated prefixes over this two links [bgp session].
- You might have configured local-preference to have some prefixes to pass first link and others to the second link.
- The traffic would only fill one link ?.
- You have to announce each of prefix next-hops to the right link ?

It’s all waste of your time.
Just do as a Simple of above configuration, you will have your traffic fills both link follows the number of announced prefixes.

.
== BEFORE ===
admin@JunOS2> show route 192.168.250.0

192.168.250.0/23    *[BGP/170] 00:00:01, MED 0, localpref 2500, from 10.172.224.100
AS path: 4390 I
> to 10.172.224.113 via fe-1/1/2.0
[BGP/170] 03:06:29, MED 0, localpref 100
AS path: 4390 I
> to 10.172.224.113 via fe-1/1/2.0

admin@JunOS2> show route 192.168.250.0

192.168.250.0/23    *[BGP/170] 00:00:01, MED 0, localpref 2500, from 10.172.224.100
AS path: 4390 I
> to 10.172.224.113 via fe-1/1/2.0
[BGP/170] 03:06:29, MED 0, localpref 100
AS path: 4390 I
> to 10.172.224.113 via fe-1/1/2.0

admin@JunOS2> show route 192.168.250.0

192.168.250.0/23    *[BGP/170] 00:00:01, MED 0, localpref 2500, from 10.172.224.100
AS path: 4390 I
> to 10.172.224.113 via fe-1/1/2.0
[BGP/170] 03:06:29, MED 0, localpref 100
AS path: 4390 I
> to 10.172.224.113 via fe-1/1/2.0

== AFTER ===
admin@JunOS2> show route 192.168.250.0

192.168.250.0/23    *[BGP/170] 00:00:01, MED 0, localpref 2500, from 10.172.224.100
AS path: 4390 I
> to 10.172.224.109 via fe-1/1/1.0
[BGP/170] 03:06:29, MED 0, localpref 100
AS path: 4390 I
> to 10.172.224.113 via fe-1/1/2.0

a. rahman isnaini r.sutan