MY CCIE JOURNEY

Hello all in my certification rush got through some gift vouchers from my friends and went on to attempt my first ever 70-290 just to try my luck .. went through the study guide and poof went through exam .

Hello all two good news to start wtih

Hello guys , i have made a video on deploying and implementing syslog server in gns3 environment . A syslog server logs all messages from routers in gns3 and records them .

Dont know why my mind has been in an unpredictable state .. nothing settling down .. wanted to for jncia-ex as per my last posting .. dint get chance as i was attracted by cisco v4 written beta . done with mpls and ipv6 which were troubling me in two days .. now after that a thought came into my mind to prepare for jncia-ex switching which was obviously easy when compared with other tracks atleast .. quickly went through the study guide ..

Hello myself and another friend of mine are going for our rs studies and were on gtalk last night discussing some multicasting and general prep stuff . I suddenly got an idea on remote desktop and heard about team viewer few months ago. Quickly went to their website and downloaded the stuff .

Hello everyone as you know if i come across any exciting stuff i share with most of you . I happened to get narbik 'demo' of his cod which was roughly around 10min on ospf filtering techniques and the entire cod was awesome ... In ten minutes he covered most of the info with minute details . The demo vod should be up with in a day or two . can't wait to get hands on that one as iam going for rs v4 which includes troubleshooting.

for more info you can always visit his site @

http://www.net-workbooks.com/index.html

will update you if i happen to find any interesting stuff again ..

guday and take care

Rakesh

A sudden catastrophic change of plans has taken place in past 12 hours . i was happy that i got all of the juniper voucher and was about to take jncia-er exam this week until i went to cisco's website and found that ccie written v4 is now in beta phase and offered for as low as 50$ . Well who wont take that price (atleast students like me ;) ) to go out and take a dreadful exam which was 350$ and that too completely changed with mpls and troubleshooting introduced.

so , cant help for another month . i have been studying stuff seriously .. done with ipv6 stuff and will let you know if possible . iam excited about this beta exam even though i know it would be insanely tough to pass i still give the exam hell before it declares me as fail hehe

Thank you and sorry for change of plans

Topology :

-> minimum of requirement is that there must be multiple routers which are capable of running vrrp in a lan segment.

-> if there are two wan circuits and if there is any routing policy in place which uses only one wan link out of two vrrp should be tuned in such way.

Master or Backup:

->Beefy configuration router is obviously preferred over the non-beefy one as master ;)

-> Assignment of VIP address is one among the important aspects.


Load Balancing:


-> load balancing can be a tricky part . well not let us agree not that hard. assign two routers as masters. assign half routers with one vip address and others with other vip address. Load balancing will be done swiftly.


Preemption:

-> By default preemption is enabled by default. Disable preemption to eliminate unneeded mastership changes during failure and recovery scenarios if you have both routers as masters.

Security:

-> option exists for security vrrp exchanges.

first option : No Authentication

second option : simple text password

third option : most secure : HMAC-MD5-96 (md5)


Avoid Wan link Failure:

-> Either have complete Redundancy

-> Other implement Interface Tracking

-> 4 STATES

* INITIALIZE

* MASTER

* BACKUP

* TRANSITION

-> Initialize:

-> All routers begin in initializing state which essentially announces each vrrp participating routers capability , priority and other parameters

-> No forwarding of packets will be done in this stage as there is no master vrrp router to do the forward.


->Master/Backup:

-> A master router assumes the responsibility to forward packets and answer arp requests to the VIP address from the hosts

-> Master sends periodic announcements which indicates master router's state and priority.If these announcements are not received for a specific period of time the back up router takes the role of the master router.

-> Routers in the backup state observe masters presence and be ready to take the role if master is down.


->Transition:

-> In the event of mastership change, the backup router might fora very brief moment , be in what is known as the transition state. This state is simply a transitional step in which a router changes from the backup state to the master state where in no forwarding occurs for LAN.

-> Vrrp version 2 uses common advertisement packet (Buzz word) to communicate with other vrrp routers.

-> vrrp uses multicast address of 224.0.0.18 and has TTL of 255.

-> Default interval can be changed if needed . default being 1 and range being 1-255 subseconds can also be configured from 100-999 milliseconds which must be supported by all vrrp routers.

-> The above can be done with "fast-interval" option

-> Fields which should match in a vrrp packet for all vrrp routers

-> VRID
-> Authentication Parameters

if not then packets are discarded

-> Vrrp router uses Virtual mac address as its mac address when it sends a packet.
format may be some thing like this 00-00-5E-00-01-VRID


Determining Master:

-> Higher priority wins in a vrrp election process. The default being 100 and range being 1-255

-> A router can become a Master Router only when it has VIP address and in that case the priority must be set to 255. preemption is supported by default . If master happens to fail the other router which has higher priority will take over and if by chance master returns the other router will be down and this will take over the master role.

-> We can administratively disable preemption where vrrp routers do not own VIP address.

vrrp:

-> An election protocol used to designate one of multiple vrrp routers as master , which assumes forwarding responsibilites for a lan. similar to hsrp , glbp in cisco terms . not to say that vrrp is not there but it gives you an idea

-> All routers that could potentially assume the role of the master vrrp router for that subnet are known as backup vrrp routers .

Terms :

-> Virtual Router: The virtual router is a logical entity that functions as the default router on a lan segment or network

-> VRID : Virtual Router ID which identifies one virtual router from another

-> VIP : Virtual ip is managed by the virtual router and is attached to the vrrp router
functioning as the master of that network.



-> VRRP ROUTER : A vrrp router is any router participating in VRRP , including the master and backup routers. A vrrp router may belong to more than one virtual router group


->Master Router: Master router is responsible for forwarding packets on lan segment. also perform some arp functions for virtual router. election is typically based on user-define priority.


->Backup Router:As the name indicates it will take role of master when master is down .

Topics include :

-> VRRP

-> DHCP

-> OTHER COMMONLY USED FEATURES

Configuration of nat:

-> STEP 1 : DEFINE A SERVICES INTERFACE

-> STEP 2: CREATE A NAT POOL

-> STEP 3: DEFINE NAT RULES

-> STEP 4: CREATE SERVICE SET


Services Interface :

-> The services interface takes the form of sp-0/0/0 on all j-series routers and M-series routers it is named according to its position.

-> The services interface is used for processing nat traffic, and you configure it with a single logical unit and family inet


-> creating a nat pool and nat rule are obvious for nat and when we define a service set , that liks the nat rule and services interface so kind a important step.


once this is done , you can apply the service set to both the input and output directions on the untrusted interface.



Monitoring nat:

-> "show service nat pool" -> to view nat pools and pool details

-> "show services stateful firewall flows" -> to view nat flow details




Done with chapter 7

The basic definitions of nat / pat are obvious and we need no further explanations . so we will move on with some thing important with juniper ie, APPLICATION-LEVEL GATEWAYS

-> some protocols include some combination of IP addresses and TCP or UDP ports in their payload.If a router is configured to perform nat and translates only the layer 3 and layer 4 headers , some combination of the ip addresses and the TCP or UDP ports included in the payload by these protocols will be wrong and may prevent application from running properly

->additionally some protocols have control connections that begin other sessions.Because these sessions are created dynamically and often use random port numbers, the firewall rules will likely not allow these sessions.

->Application-level gateways (ALG'S) allow router to interact with protocols at Layer 4 and above.

->when you configure the router to use ALG, it inspects payload of connections, translating IP addresses and ports in the payload and updating the sessions started by control connection.

-> When you configure MLPPP, the router first sends the traffic to the PIC with the logical bundle interface for processing.

-> The pic performs any necessary fragmentation and determines how to distribute the traffic between the constituent links.

-> It then sends packets to PFE (packet forwarding engine) which sends to the output interfaces for transmission

-> You can configure upto 8 links per bundle

-> A member link is considered up when the PPP link control protocol (lcp) phase transitions to open state.

"show interface ls-0/0/0" for monitoring PPP

J-series services Architecture:

->J-series include virtual AS pic available.

->Implemented as real-time thread within the j-series forwarding process.

->Services thread presents itself as a virtual sp-0/0/0 interface in the JUNOS software


MLPPP: Multilink ppp

->Multilink Point-to-point is a protocol that facilitates the bundling of multiple point-to-point circuits

->MLPPP is a layer 2 service that you can configure in Junos software


BENEFITS OF MLPPP:

->Creates a virtual link that provides greater bandwidth than individual member links

->provides load balancing across member links by splitting , recombining and sequencing datagrams across multiple logical data links

cost effective solution while getting incrementing bandwidth

*** These are the core points from the student guide with some modifications if possible


Chapter objectives :

-> service architectures
-> mlppp
-> nat/pat

layer 2 services include

MLPPP -> multilink point-to-point
MLFR -> multilink frame-relay
CRTP -> compressed real-time protocol


layer 3 services

AS pic (BUZZ WORD)

-> Provides services through service sets and its adaptive services interfaces (sp-)

-> stateful firewalls , nat , ipsec vpn , ids can be provided by as pic


Service Interfaces:

Different services are provided by different Pics

-> AS pic : AS pic supports all services

-> ASM is an optional component that you can order with the M7I router

-> J-series router

-> Has software processes that support the same services as the AS pic

-> Interface on J-series router will be designated as ls- rather than lsq-


-> Link services pic

-> Provides MLPPP and MLFR support and designated as ls- similar to j-series

-> Tunnel services

-> gre , ip-in-ip

-> Multiservice Pic and AS pic service

-> Multiservice pic or as pic should be configured so that they provide Layer 2 or Layer 3 but not both

-> as pic defaults to settings of Layer 3

"show chassis hardware" -> to determine the service-package

hello all i have made up my mind that i would be taking this first exam may be somewhere in next week .. i went through the study guide and its absolutely simple .

mean while i will be highlighting you some core points about juniper systems and my plan for next three days

here i go

thursday / friday

i will be starting off with chapter 7 services section and will be working my way from there on

chapter 7 -> services

chapter 8 -> miscellaneous features

chapter 9 -> troubleshooting

-----------------------------------------------------------------


saturday

chapter 5 -> operational monitoring and maintenance

chapter 6 -> routing protocols and policy


-------------------------------------------------------------------

sunday

chapter 1 -> intro (no big deal)

chapter 2 -> juniper networks enterprise routers (already done different router stuff)

chapter 3 -> junos user interface (again no big deal)

chapter 4 -> installation and initial configuration (this needs to be brushed up)


--------------------------------------------------------------------


for all this work i will be using vmware image of a junos router lets see how this goes . i dont see many people highlighting some important points about juniper stuff let me be among few ;)

Best Regards
Rakesh

As you probably know i have started to get into juniper exams because of their fast track program . initially i thought i should give about 10 days for each exam so altogether it should take good 40 days for 4 exams .. but after going through the books and flash presentations there is nothing complex and the best thing is its organaisation which is flawless in most of the cases .. the logic flows step by step and there is no means that we can forget a step .. good one

as far as routing protocols all of them are pretty same . will highlight you with more info

Best regards
Rakesh