Difference between revisions of "Junos"

From neil.tappsville.com
Jump to navigationJump to search
m
m
Line 95: Line 95:
 
  show ddos-protection protocols dhcpv6 violations
 
  show ddos-protection protocols dhcpv6 violations
 
  jddosd[20065]: DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for protocol/exception Sample:aggregate has returned to normal. Its allowed bandwith was exceeded at fpc 1 for 181 times, from 2017-09-30 12:36:18 NZDT to 2017-09-30 12:36:28 NZDT
 
  jddosd[20065]: DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for protocol/exception Sample:aggregate has returned to normal. Its allowed bandwith was exceeded at fpc 1 for 181 times, from 2017-09-30 12:36:18 NZDT to 2017-09-30 12:36:28 NZDT
 +
 +
==Firewalls - IP Spoofing==
 +
If there is a rule that is meant to allow the flow, most probable that the source address has no route, so the firewall drops the traffic before the rule is attempted.
 +
[junos@2636.1.1.1.2.137 attack-name="IP spoofing!" source-address="10.0.0.27" destination-address="10.254.254.10" protocol-id="17" source-zone-name="ZONE_A" interface-name="xe-0/0/17.9" action="drop"]
 +
 
==Inital Build==
 
==Inital Build==
 
  request system configuration rescue save
 
  request system configuration rescue save

Revision as of 01:56, 23 December 2019

Cisco vs Juniper commands https://networking.ringofsaturn.com/Cisco/ciscojuniper.php

Configuration

  • Deactivate - configuration is not loaded
  • Disable - Configuration is loaded by ignored
  • Trunk - has vlan tags
  • Access - naked ethernet
  • Fx / ex0 = management
show configuration | display inheritance no-comments
show configuration | display inheritance no-comments | display set | match foo

Loading config

configure private
load replace /var/tmp/someconfig.cfg
show | compare
commit check
commit <synchronize> and-quit


Common MX Interfaces

ge Gbit (Fibre)

xe 10Gb

et 100Gb (some 10Gb, 40Gb, 100GB)

xe-1/2/0.1 Vlan tag 1

xe-1/2/0:140Gb interface channelised to operate as individual 10Gb interfaces (since 40Gb = 4 x 10Gb physically anyhow)


Routing

Display all routes in a routing-instance (cant use auto complete)

show route table <routing-instance_name>
show route receive-protocol bgp <neighbour IP>
show route instance <name> detail
deactivate routing-instances <name> protocols bgp group <group name / Domestic> neighbour <IP>


What mpls connections there are

 show bgp summary

get the IPAddress of the connection (looking for advertised prefixes)

show bgp neighbour 123.123.123.123

Find out what the advertised prefixes are

show route advertising-protocol bgp 123.123.123.123


Change isis metric (set it high so traffic will not perfer this interface

set protocols isis interface et-0/0/16.0 level 2 metric 200

MTU testing

ping routing-instance <name> <IP> size 1500

Disable an interface carrying MPLS

  • Disable ISIS @ both ends set protocols isis interface [x] level 2 metric 30 disable
  • Wait for tarffic to close /end then shutdown the interface

CGN

show services nat mappings address-pooling-paired

BNG Subscribers

Clearing subscribers, only need to clear the L3 sessions - this automatically clears the L2 sessions (or should):
clear dhcp relay binding routing-instance Customers dual-stack 116.yyy.yyy.yyy
or
clear dhcp relay binding routing-instance Customers ps1.xxxx
clear dhcpv6 relay binding routing-instance Customers ps1.xxxx
clear dhcpv6 relay binding routing-instance Customers ps0.*
clear dhcpv6 relay binding routing-instance Customers ps2.*
clear dhcpv6 relay binding routing-instance Customers ps3.*
clear dhcpv6 relay binding routing-instance Customers ps4.*
  • or PPPoE subs:
clear pppoe sessions pp0.3221225754


  • Clear the VLAN interface
clear auto-configuration interfaces ps6.3221273839

Show the dynamic-profile attributes that are applied and their values to a subscriber session

show dynamic-configuration session information session-id <session-id> 

ddos

show ddos-protection protocols dhcpv6 violations
jddosd[20065]: DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for protocol/exception Sample:aggregate has returned to normal. Its allowed bandwith was exceeded at fpc 1 for 181 times, from 2017-09-30 12:36:18 NZDT to 2017-09-30 12:36:28 NZDT

Firewalls - IP Spoofing

If there is a rule that is meant to allow the flow, most probable that the source address has no route, so the firewall drops the traffic before the rule is attempted.
[junos@2636.1.1.1.2.137 attack-name="IP spoofing!" source-address="10.0.0.27" destination-address="10.254.254.10" protocol-id="17" source-zone-name="ZONE_A" interface-name="xe-0/0/17.9" action="drop"] 

Inital Build

request system configuration rescue save
request system autorecovery state save
request system snapshow slice alternative

Hardware

show interfaces diagnostics optics xe-1/0/0
show system processes extensive | match chassisd
help topic interfaces family
  • Ifdown set interfaces ge-0/0/7 disable
  • Ifup delete set interfaces ge-0/0/7 disable

Monitor

Will only the traffic to/from the bng loopback

monitor traffic interface ps1.0

How packet stats in realtime

monitor interface ps4.12345