Wednesday, February 6, 2019

How to set the debug file in juniper device for ospf



How to set the debug file in juniper device for ospf 



set protocols ospf traceoptions file ospf-log
set protocols ospf traceoptions file size 10k
set protocols ospf traceoptions file files 5
set protocols ospf traceoptions flag lsa-ack
set protocols ospf traceoptions flag database-description
set protocols ospf traceoptions flag hello
set protocols ospf traceoptions flag lsa-update
set protocols ospf traceoptions flag lsa-request
set protocols ospf traceoptions flag error



 show log ospf-log | last 10

Feb  6 05:35:09.041161 OSPF hello from 194.154.4.28 (IFL 81, area 0.0.0.0) absorbed
Feb  6 05:35:09.046626 OSPF periodic xmit from 194.154.4.232 to 224.0.0.5 (IFL 81 area 0.0.0.0)
Feb  6 05:35:09.926405 OSPF periodic xmit from 194.154.4.232 to 224.0.0.5 (IFL 81 area 0.0.0.0)
Feb  6 05:35:09.951517 OSPF hello from 194.154.4.28 (IFL 81, area 0.0.0.0) absorbed
Feb  6 05:35:10.712453 OSPF hello from 194.154.4.28 (IFL 81, area 0.0.0.0) absorbed
Feb  6 05:35:10.893468 OSPF periodic xmit from 194.154.4.232 to 224.0.0.5 (IFL 81 area 0.0.0.0)


NOTE

The Routing Engine copies the forwarding table to the Packet Forwarding Engine, the part of the router that is responsible for forwarding packets. To display the entries in the Packet Forwarding Engine's forwarding table, use the show pfe route command.


root@> show pfe route summary

================ master ================
IPv4 Route Tables:
Index         Routes     Size(b)
--------  ----------  ----------
Default          109       10024
1                 12        1100
2                  6         548
3                  9         824
5                  5         456

 MPLS Route Tables:
Index         Routes     Size(b)
--------  ----------  ----------
Default            5         456
7                  1          88

 IPv6 Route Tables:
Index         Routes     Size(b)
--------  ----------  ----------
Default            4         388
1                  4         388
5                  4         388

 CLNP Route Tables:
Index         Routes     Size(b)
--------  ----------  ----------
Default            1          88
5                  1          88

 MSTP-instance Route Tables:
Index         Routes     Size(b)
--------  ----------  ----------
Default            1          88
root@>

By - No comments:
Labels:

Monday, February 4, 2019

Fortigate Vdom

VDOM administration

Super _admin profile can have access to all VDOM

Policy- based routes configuration in

Network > policy routes

Enable the ipv6 / or any other feature

System>Feature visibility    (to view the feature set)

Fortigate ECMP

Config system settings

Set v4-ecmp-mode [source-ip-based ] by default
---------------------------------------------------------------------
Learning mode :- in Fortinet Enable devices detection on the source interfaces

Traffic shapers  :- - Shared traffic

For mapping the more than one services we can create  :- services object


Session table in fortigate

Session diagnose (output)

Session table >   Fortiview > all sessions

TCP default TTL vale for session table on firewall

3600 sec default vale

Firewall services> firewall policies >global sessions

Clear any previous filters
------------------------------------------------------------
Diagnose sys session filter clear
Diagnose sys session list
Diagnose sys session clear


Eg :- Diagnose sys session filter dst 10.200.1.254
Diag sys session filter dport 80
Diag sys session list


Show the routing table
------------------------------------------
Get router info routing-table all 
By - No comments:
Labels:

What criteria are used to install routes in the "bgp.l3vpn.0" routing table?

Nice one

What criteria are used to install routes in the "bgp.l3vpn.0" routing table?


https://kb.juniper.net/InfoCenter/index?page=content&id=KB1534
By - No comments:
Labels:

Steps to create VPNv4 routes in Juniper

Steps to create VPNv4 routes in Juniper 

(CE)-----(PE-A)-------(OSPF-MPLS-LDP-IBGP--VPNv4PEERING)----(PE-B)--(CE)


1, Create a routing path between PE to PE(using IGP or IBGP)

2, Create VPN VRF instances in PE routers (eg VRF_Customer1)

3, Create the L3vpn BGP peer 

4, Create a policy for import and export to filter the VPNV4 routes from neighbors 


Create a policy in PE's and bring them to VRF instances

PE-A                                                        PE-B
------------                                            ---------------------------
Import : 100300                              Export 100300
Export :100301                              Import 100301   


Use policy to redistribute routes from OSPF to BGP 
By - No comments:
Labels:

Import and Export VRF in juniper


Import and Export VRF in juniper 
--------------------------------------------

The simple explanation for Import and Export routing instances.

So the export targets from the services vrf need to be the import target in customer vrf and import target from the services vrf will be the export targets in customer vrf. 


The export command in juniper

VRF Export if you see in any juniper devices it means it is exporting(giving) the routes to VRF/VR/Other routing tables etc.... 
In summary, it is giving its routes to other routing tables.

Import command in juniper 

VRF Import if you see in juniper devices it means it importing(accepting)the routes from neighbor devices or VR, VRF etc...
In summary, it is taking the routes from Peer devices 


By - No comments:
Labels:
Subscribe to: Posts (Atom)

Optimization of fortigate IPS

IPS signature need select according to infrastructure environment  Eg:-  if  we are not have Linux servers this ips signature can disable (d...