Welcome to Next Header

A networker's blog

Virtual Chassis Fabric – Part II – Control and Forwarding Plane

In the Virtual Chassis Fabric – Part I – Overview we saw the high level details of VCF technology proposed by Juniper for small to mid-size datacenter. In this post we are going to discuss about the control and forwarding planes of VCF. The strong ties between forwarding plane and its discovery mechanism and the… Keep reading »

Virtual Chassis Fabric – Part I – Overview

In this post I will cover the basics of Virtual Chassis Fabric technology that Juniper recommends to deploy small and medium-sized datacenters. Virtual Chassis Fabric(VCF) allows to build a plug-and-play Ethernet fabric that scales up to 32 members and provides deterministic latency and over-subscription with an internal 3-stage Clos topology. A VCF is constructed using… Keep reading »

Link aggregation between Juniper and Linux

I had recently to configure link aggregation between a Linux host and a Juniper device. On Linux this is called bonding and the logical interface is usually called bondX. On Juniper this is called link aggregation and the logical interface is called aggregated ethernet, aeX. For this example I used Ubuntu and based on the… Keep reading »

MACsec on Linux

Starting with kernel 4.6, support for MACsec has been added in Linux so it won’t be needed to use a release candidate to test this feature. There are two ways to implement MACsec: manually configure secure channel(SC), security association(SA) and the keys(this is what we are going to see) use dot1x with MACsec extensions that… Keep reading »

MACsec over l2circuit

In two older posts, Media Access Control Security(MACsec IEEE 802.1AE) – static secure association keys and Media Access Control Security(MACsec IEEE 802.1AE) – static connectivity association key we saw how you can configure MACsec on EX4550 switches. In both examples, the two devices where MACsec was configured were directly connected. But what happens when you… Keep reading »

L2circuit for L2 protocol tunneling

Remember that in the QinQ and L2PT on Junos ELS post we discussed how to configure QinQ and L2PT on EX4600 and how we saw that actually L2PT is not supported on EX4600. Well, in this post we will discuss about a workaround and that is to configure a L2 Circuit(EoMPLS in Cisco world). L2… Keep reading »

QinQ and L2PT on Junos ELS

I recently had to test QinQ on EX4600 along with Layer 2 Protocol Tunneling for Spanning Tree Protocol. LE: L2PT is supported on EX4600 starting with 17.4R1. Q-in-Q tunneling and VLAN translation allow service providers to create a Layer 2 Ethernet connection between two customer sites. Q-in-Q tunneling is useful when customers have overlapping VLAN… Keep reading »

Consistent Management IP address

I was asked recently by a less experienced colleague of mine if there is a way to configure a single IP address that you can always use to connect to the master Routing Engine of a device that supports dual Routing Engine. My colleague already knew about re0 and re1 configuration groups that allows you… Keep reading »

Junos-defaults group

Have you ever tried to to configure a user’s password that is shorter than 6 characters during the initial configuration and found out that you cannot do this? If you did, you should have seen this:   {master:0}[edit] root@qfx5100# set system login user test authentication plain-text-password New password: error: minimum password length is 6 {master:0}[edit]… Keep reading »

Sending Junos traceoptions to a syslog server

We discussed in this post how to enable remote tracing on Junos. The problem is that the feature can be enabled only for some specific processes. There is another way how to send any traceoptions to a syslog server. It’s not a Junos specific feature, but a combination of different Junos and Linux/Unix features. Let’s… Keep reading »