JNCIE-SP: Using help from the Junos CLI

One of the tools at your disposal during the JNCIE-SP exam is the JUNOS CLI itself and there is an awful lot of documentation stored in it.

Help Apropos

The first tool you will need to learn how to use to take advantage of this is “help apropos XXX”.

Here are a couple of example outputs:

 lab@R1> help apropos anycast                       
 help topic pim examples anycast 
     Overview of anycast RP example
 help reference pim local-address 
     Local address for anycast rendezvous point
 help reference pim address-anycast 
     Anycast rendezvous point addresses in RP set
 help reference pim anycast-pim 
     Anycast rendezvous point using PIM
 help reference pim rp-set 
     Set of up to 15 rendezvous point addresses for anycast RP

 lab@R1> help apropos interpro 
 help topic layer3-vpns examples-cofc 
     Sample interprovider and carrier-of-carriers VPNs
 help topic layer3-vpns examples-cofc interprovider-ebgp 
     Overview of interprovider with multihop MP-EBGP
 help topic layer3-vpns examples-cofc interprovider-isp 
     Overview of interprovider with MP-EBGP between ISP peers
 help topic layer3-vpns examples-cofc terms 
     Terms in carrier-of-carriers and interprovider examples
 help topic layer3-vpns interprovider 
     Overview of interprovider VPNs

As you can see above, “help apropos…” acts as a sort of keyword search for the help system.

Beyond that, “help apropos…” can provide a context-sensitive search CLI commands.

Operational

 lab@R1> help apropos pfe      
 clear pfe 
     Clear Packet Forwarding Engine information
 show pfe 
     Show Packet Forwarding Engine information
 show pfe version 
     Show pfe version
 ...

lab@R1> help apropos uptime      
show system uptime
    Show time since system and processes started
show chassis pic
    Show Physical Interface Card state, type, and uptime

Configuration

 [edit protocols bgp]
 lab@R1# help apropos override 
 set group  as-override 
     Replace neighbor AS number with our AS number
 set group  neighbor <address> as-override 
     Replace neighbor AS number with our AS number

 [edit policy-options]
 lab@R1# help apropos route-type 
 set policy-statement  term  from route-type 
     Route type
 set policy-statement  from route-type 
     Route type

Help Reference and Help Topic

Your mileage will vary with these help outputs. The output seems to be nearly verbatim copy from the JUNOS documentation. Where you would normally have images, you instead find a URL for a GIF. That may not turn out to be too helpful for someone who is completely blanking on how to configure something but if you forget a detail or two, it can probably save you a lot of time.

For instance, I forgot about which MPLS TTL mechanism supported LDP. So I ran a search and pulled up the reference for no-propagate-ttl

 lab@R1&gt; help apropos no-prop                  
 help topic mpls no-propagate-ttl 
     TTL value is decremented by 1 only
 help reference mpls no-propagate-ttl 
     TTL value is set to 255

 lab@R1&gt; help reference mpls no-propagate-ttl 
 ...

     Description

    Disable normal TTL decrementing. You configure this statement once per
    router, and it affects all RSVP-signaled or LDP-signaled LSPs. When this
    router acts as an ingress router for an LSP, it pushes an MPLS header with
    a TTL value of 255, regardless of the IP packet TTL. When the router acts
    as the penultimate router, it pops the MPLS header without writing the
    MPLS TTL into the IP packet.

By chance, this happened to be the correct one to configure to support LDP.

There is some seriously detail information available if you need it. For an example, see “help topic pim auto-rp”. It tells you just about every step you need to configure.

Good luck!

JUNOS - Using The 'chassisd' Log To Determine Boot Times

You can use “show system uptime” to determine the time that the system last booted but if you need to know about how long the system was up prior to the last boot you have to dig a bit deeper.

 fluong@re0.mx960-1.eng> show system uptime 
 Feb 01 11:26:13
 Current time: 2013-02-01 11:26:13 EST
 System booted: 2013-01-04 10:34:28 EST (4w0d 00:51 ago)
 Protocols started: 2013-02-01 11:17:44 EST (00:08:29 ago)
 Last configured: 2013-02-01 11:17:45 EST (00:08:28 ago) by root
 11:26AM  up 28 days, 52 mins, 1 user, load averages: 0.02, 0.15, 0.13

The “messages” log, though handy, is also very noisy. Because of this, we can try to use the “chassisd” log instead and look for the “built by” string, which occurs each time the chassis control process initiates itself.

That line, unfortunately, is on the line after the timestamp, so we need some other nearby log messages to determine the rough time of system startup.

Also important to note is that the “built by” string occurs when you “restart chassis-control”, so we need to inspect those logs to see if a SIGTERM occurred within seconds of chassisd restarting. If it is a few minutes apart, that is probably a reboot. If it is seconds apart, that means someone triggered a process restart.

 fluong@re0.mx960-1.eng> show log chassisd | match "(built by|rtsock_init s|sigterm)" 
 Feb 01 11:28:45
 Dec 19 11:14:52 CHASSISD_TERM_SIGNAL: Received SIGTERM request, shutting down
 Dec 19 11:14:58 CHASSISD_TERM_SIGNAL: Received SIGTERM request, shutting down
 CHASSISD release 10.4R3.4 built by builder on 2011-03-19 21:10:47 UTC
 Dec 19 11:22:37 rtsock_init synchronous socket
 Jan  4 10:27:25 CHASSISD_TERM_SIGNAL: Received SIGTERM request, shutting down
 Jan  4 10:27:31 CHASSISD_TERM_SIGNAL: Received SIGTERM request, shutting down
 CHASSISD release 11.4R6.5 built by builder on 2012-11-28 21:35:45 UTC
 Jan  4 10:35:54  rtsock_init synchronous socket
 Feb  1 11:17:31 CHASSISD_TERM_SIGNAL: Received SIGTERM request, shutting down
 CHASSISD release 11.4R6.5 built by builder on 2012-11-28 21:35:45 UTC
 Feb  1 11:17:32  rtsock_init synchronous socket

We can tell from looking at these logs:

  • System was rebooted and chassisd started on Dec 19 11:22:37. Ditto, Jan 4 10:35:54.
  • “restart chassis-control” was invoked on Feb 1 11:17:31

JNCIE-SP Notes on Configuring BGP for IPv6 Unicast NLRI over an IPv4 Peering session

When configuring MP-BGP over an ipv4 peering session, you probably already know that you have to enable family inet6 on your interface. But you also have to make sure to configure an ipv4-mapped inet6 address for your interface because your Juniper device will probably be setting the next-hop to that address unless you’re running older code.

Here is an example of config to get you going.

Diagram

diagram

R2 Config

set interfaces ge-0/0/0 description “Connection to R1”
set interfaces ge-0/0/0 unit 0 family inet address 172.27.0.2/30
set interfaces ge-0/0/0 unit 0 family inet6 address ::ffff:172.27.0.2/126
set protocols bgp group R1-R2 type external
set protocols bgp group R1-R2 family inet unicast
set protocols bgp group R1-R2 family inet6 unicast
set protocols bgp group R1-R2 peer-as 1
set protocols bgp group R1-R2 neighbor 172.27.0.1

R1 Config

set interfaces ge-0/0/0 description “Connection to R2”
set interfaces ge-0/0/0 unit 0 family inet address 172.27.0.1/30
set interfaces ge-0/0/0 unit 0 family inet6 address ::ffff:172.27.0.1/126
set protocols bgp group R1-R2 type external
set protocols bgp group R1-R2 family inet unicast
set protocols bgp group R1-R2 family inet6 unicast
set protocols bgp group R1-R2 peer-as 2
set protocols bgp group R1-R2 neighbor 172.27.0.2

One Last Note

You may need an extra bit of config to get your router to forward packets addressed to ipv4-mapped-addresses:

set system allow-v4mapped-packets

IPv4-Compatible Addressing… A Possible Pitfall

Older versions of JUNOS used IPv4-Compatible addresses for the next-hop field of a BGP update. This would have been something like “::172.27.0.1”.

If you try to configure IPv4-compatible addresses on your interfaces, you will probably see a log message which looks like this:

Jan 16 13:19:02  mrgarrison rpd[1197]: bgp_nexthop_sanity: peer 172.27.0.1 (External AS 701) next hop ::ffff:172.27.0.1 unexpectedly remote, ignoring routes in this update.

Do yourself a favor and check your logs for sanity messages if it looks like you’re not receiving any IPv6 routes that the other route claims it is advertising.

See also: JNCIE-SP: IPv6 NLRIs over IPv4 BGP Peering When You’re Not Using Mapped Addresses.

JNCIE-SP Notes on BGP Troubleshooting

General tips
 - Get to know the diagram/topology.  Mark it up: add notes and draw AS boundaries so that you don’t get your numbers mixed up.
 - Read the requirements carefully and, as you are reading, start forming a list of requirements to validate.
 - Traceoptions will probably take too long to be useful so if you can use show commands, the messages log, or “monitor traffic…” you are better off.

Getting Established - IBGP
 - Check pings from all loopbacks, to all other loopbacks.  Remember to specify the loopback address as the source or “set system default-address-selection”.
 - Be prepared to troubleshoot the IGP and protocol-independent routing configs.
 - For adjacency issues, check the messages log and grep on the host IP.
 - Misconfigured authentication may cause problems.

Getting Established - EBGP
 - As with IBGP, check pings and look in the messages log for entries matched against the peer address.
 - Make sure multihop is configured where needed and supporting static routes are active.
 - Prefix limits can make for problems staying established.  These are logged in “messages”.
 - Look for mismatched AS configurations.

Verifying Policy and Routing
 - Hopefully you took good notes on which peers must be preferred over others because that will come in handy now.
 - Use “show route receive-protocol bgp <neighbor_addr> all” to identify key routes that you can use to verify that prefixes are received and reachable from your whole network.  Make sure you check against the requirements so that you don’t pick a route that is supposed to be filtered.
 - Use “show route resolution unresolved” to deal with problems with unresolvable next-hops.
 - Use “show route receive-protocol bgp <neighbor_addr> hidden” to verify that the policy is not filtering routes which should be permitted per the requirements.
 - Verify that advertisements to customers are as expected:
   * Summary Aggregates may need to be advertised, possibly with specific routes suppressed.
   * a missing address-family configuration in BGP may mean that you are not advertising IPv6 when you need to.  ditto IPv4.


JNCIE-SP / JNCIP-SP - Notes on OSPF Area types using Juniper's Vernacular

Notes from studying and discussion of OSPF Areas for the JNCIE-SP and JNCIP-SP exams.

Stub Areas

Stub - Do not permit OSPF External routes (Type 5 LSAs) into the area.  Re-generate OSPF Internal routes as Summary Type 3 LSAs.

Stub w/ default metric XXX - Same as above, but advertise a Type 3 Summary default-route into the area with metric XXX to reach external routes.

Stub, no-summaries, default metric XXX (aka Totally Stubby Area) - Do not permit OSPF internal or external routes into the area.  Instead, advertise a Type 3 Summary default-route with metric XXX.

===

Not-So-Stubby-Areas

NSSA - Fundamentally similar to Stub Area (see above), but ASBR can reside within the area and generates an NSSA External Type 7 LSA for each route exported into OSPF.  Type 7s are regenerated as Type 5s into the backbone area by the ABR.

NSSA w/ default-lsa default-metric XXX - Same as above, but advertise a Type 3 Summary default-route into the area with metric XXX to reach external routes.

NSSA, no-summaries, default metric XXX - Do not permit OSPF internal or external routes into the area.  Instead, advertise a Type 3 Summary default-route with metric XXX.  ASBR can reside within the area…

Optional configuration for NSSA: -
  default-lsa {
    default-metric XXX;
    metric-type YYY;
    type-7;

  }
NSSA default-routes can be generated as Type 7 for backward compatibility.  This affords you the opportunity to set the external metric-type as “1” if you want one to be preferred when available.

==

References

 - Examples: Configuring OSPF Stub and Not-So-Stubby Areas - http://www.juniper.net/techpubs/en_US/junos11.4/topics/topic-map/ospf-stub-and-not-so-stubby-areas.html

Tip: Update Your Online Billpay When You Get a New Credit Card Number

There will be times in your life when you need to get a new credit card number because your existing one has been compromised. You might think you’re done when you receive your new card and activate it but there are some additional steps you should think of after you’re done activating your new shining spending card.

Chief lesson I learned today: Remember to update your online billpay and e-bill delivery if this happens or you might miss a bill like I did. I tend to be very habit driven when it comes to bills and I rely on the online billpay to let me know when I have an unpaid bill.  Until I can get that set back up, I will have to get these statements outside of that system.  I’ve updated my monthly calendar reminders to pay bills with a note to make sure that I try to get statements for bills that are not in online Billpay.

My statement from Chase this month included a late fee and finance charge.  Chase was willing to waive charges with little hassle given the circumstances involved.  Don’t be afraid to ask politely for them to work with you in a case like this.

(Image Credit: http://www.flickr.com/photos/68751915@N05/6280507539/)

For Juniper Network Connect on Linux Make Sure You Have Xterm

Juniper’s Network Connect SSL-VPN client is a bit quirky on linux.  I’ve had to set this up a few times so I know my way around them but if you don’t it helps to know a few things:

  • You need Oracle’s version of Java.  For Ubuntu, I installed it using info from this ubuntugeek.com.
  • You need xterm.  Why? because when you try to start NC, it want to prompt you for your sudo password and it uses xterm to do so.  If your system doesn’t have it, it just falls to pieces without much of an explanation.  Install it using: “sudo apt-get xterm”

Some Dude Named Kerstein Doesn't Think Much of Chomsky. Says Interesting Things While Elaborating

  • …I think you’ll agree that, of all the bad things people are capable of, their refusal to think is one of the worst, mainly because it leads to most of the other bad things of which they are capable.
  •  I think its impossible to understand Chomsky’s politics without understanding that, to him, the US is morally equivalent to Nazi Germany and needs to be dealt with accordingly.

Dr. Hurd on Love

Good thoughts from the Doctor:

  • Live life fully and leave room for a relationship.
  • It sounds paradoxical, but the people who cherish their own lives tend to be the best lovers. They have the most to give because they have given the most to themselves. 
  • make yourself the person you want to be, by having the kind of life you want to have – and always leaving room for a relationship, when you find the right one.
  • (on ‘mending’ a broken heart) You cannot actively “mend” it. You have to let it heal.
  • Anything a couple enjoys sharing together is intimate.

Believe you can change" by Aaron Swartz

Two mindsets on ability: Fixed-ability and growth mindsets.  Interesting quotes follow:

  • “I think intelligence is something you have to work for…it isn’t just given to you… Most kids, if they’re not sure of an answer, will not raise their hand… But what I usually do is raise my hand, because if I’m wrong, then my mistake will be corrected. Or I will raise my hand and say… ‘I don’t get this. Can you help me?’ Just by doing that I’m increasing my intelligence.”
  • In relationships, growth-mindset people looked for partners who would push them to be better, fixies just wanted someone who would put them on a pedestal

The Disciplined Pursuit of Less by Greg McKeown

Interesting reading on essentializing, decluttering, and saying no to perfectly good things.  Interesting quotes follow:

  • Curiously, and overstating the point in order to make it, success is a catalyst for failure
  • If we ask, “Do I absolutely love this?” then we will be able to eliminate the clutter and have space for something better. 
  • Tom Stafford describes a cure for this that we can apply to career clarity: Instead of asking, “How much do I value this item?” we should ask “If I did not own this item, how much would I pay to obtain it?” And the same goes for career opportunities. We shouldn’t ask, “How much do I value this opportunity?” but “If I did not have this opportunity, how much would I be willing to sacrifice in order to obtain it?”

Kickstarting My Quest to Discover My Statement of Purpose

I’m devoting a bit of time tonight and in the nights to come to studying and thinking about how I can develop a coalesced statement of purpose which can serve as an integrating guide for my actions and investments.  I spend a lot of time doing a lot of things.  And many of them are worth doing.  But I feel that the products of my efforts are a bit scattered and I would be interested do see what might happen if I can apply some focus.

So… how am I to begin?  Well, I have studied Objectvism a lot, and thus I’ve read a lot of writings by others who have worked through some of the same curiosities questions I have had.  This has yielded interesting writers such as John Drake and Burgess Laughlin.

I’ve also been following the work of some bloggers and podcasters who focus on personal development and who are not obviously readers of Rand.  Steever Robbins, who blogs and podcasts at Get it Done Guy, and Steve Pavlina.

These are some of the tour guides I have selected to try to find my way through how to get started with what feels like asking oneself an enormously huge question, which understandably risks causing a sudden onset of writer’s block.

I have started tonight by re-reading Burgess Laughlin’s piece on what is a central purpose in life.  

This is a concept that comes directly from Ayn Rand in her discussions of her own relationship to her work, which she documents in The Romantic Manifesto, and Laughlin does some interesting treatment of it in this post to break it down and identify what a CPL is and what it is not.  My sense of it after re-reading is that a CPL is a broad and abstract personal statement of action describing what ambitious but achievable thing you wish to do. As a further note, this should be a joy to do and hopefully can be a source of income, though that is not always feasible. 

Laughlin does a lot of follow-up in the comments section of his blog to expand on this discussion including treatment of how a person might approach discovering his own CPL statement.  This, I think will be quite valuable to me.  The basic version was described as: what have you done, what are you doing, what do you want to do?  The more complex version was broken down into observation, abstraction, and testing/experimentation.

I’ve run out of time for the night but I’ll definitely be looking to spend some time itemizing for myself what I have been doing in professional life and in my personal time.  I would invite any of you are interested to chat about this with me to reach out to me because I’d certainly be glad to have smart people to toss ideas back and forth with on this matter.

-Franco

(photo credit: Ready, Set, Go! by Prescott Pym via Flickr)

Francis Luong Employment Information

Francis Luong is a Resident Engineer with Juniper Networks. He is assigned directly to a client as a subject matter expert for Juniper systems and IP/MPLS network implementations in order to improve the quality and outcomes of support interactions between the client and Juniper Networks to the benefit of both parties.

Regular Expressions

I often forget syntax details on regular expressions and this guide is quite handy for a tutorial or refresher.

Juniper Stuff: When you need to know about your pluggable optics

I had a guy ask me today about some funky output he was seeing on his router when he was trying to get info on his SFP optics from “show chassis hardware”.  I directed him instead to check out “show chassis pic fpc-slot <#> pic-slot <#>”.  It’s a lot more detailed and reliable.

user@host> show chassis pic fpc-slot 4 pic-slot 1
FPC slot 4, PIC slot 1 information:
  Type                             10x 1GE(LAN)
  State                            Online    
  PIC version                  0.0
  Uptime                         18 days, 5 hours, 41 minutes, 54 seconds

PIC port information:
                          Fiber                    Xcvr vendor
  Port  Cable type        type  Xcvr vendor        part number       Wavelength
  0     SFP-1000BASE-BX10-D SM  SumitomoElectric   SBP6H44-J3-BW-49  1490 nm 
  1     SFP-1000BASE-BX10-D SM  SumitomoElectric   SBP6H44-J3-BW-49  1490 nm 
  2     SFP-1000BASE-BX10-D SM  SumitomoElectric   SBP6H44-J3-BW-49  1490 nm 
  3     SFP-1000BASE-BX10-D SM  OCP                TRXBG1LXDBVM2-JW  1490 nm 
  4     SFP-1000BASE-BX10-D SM  OCP                TRXBG1LXDBVM2-JW  1490 nm 
  5     SFP-1000BASE-BX10-U SM  SumitomoElectric   SBP6H44-J3-BW-31  1310 nm 
  6     SFP-1000BASE-BX10-U SM  SumitomoElectric   SBP6H44-J3-BW-31  1310 nm 
  7     SFP-1000BASE-BX10-U SM  OCP                TRXBG1LXDBBMH-J1  1310 nm 
  8     SFP-1000BASE-BX10-U SM  OCP                TRXBG1LXDBBMH-J1  1310 nm 
  9     SFP-1000BASE-BX10-U SM  SumitomoElectric   SBP6H44-J3-BW-31  1310 nm

Extracting Userpic from Mac OSX

I had a devil of a time figuring out how to extract my account picture from my Mac to a JPEG.  Then I found an article which had the answer.  Man… it’s ugly.

If you wish to extract a 320x320 version of your account picture you can do so by running the following command: dscl . -read /Users/short_username JPEGPhoto | tail -1 | xxd -r -p > /PATH/TO/accountImage.jpg