Thursday, May 31, 2018

Junos Event Scripts Automation

Previously I have posted simple example for Junos Op Script or Operation Script, Now I'm posting simple example for On-box Scripts about Junos Event Scripts Automation when detect interface down and execute health check command to get realtime evidence.

awa@JUNOS# show event-options                  
May 30 17:41:20
policy LINK_DOWN_LOG {
    events snmp_trap_link_down;
    then {
        execute-commands {
            commands {
                "show interfaces extensive {$$.interface-name}";
            }
            output-filename show_interfaces_extensive;
            destination LOCAL_VAR_TMP;
            output-format text;
        }
    }
}
destinations {
    LOCAL_VAR_TMP {
        archive-sites {
            /var/tmp;
        }
    }
}

{master:0}[edit]

awa@JUNOS# 

How to test that event scripts ?

awa@JUNOS# run file list /var/tmp/ | grep show 
May 30 17:42:23 

{master:0}[edit]
awa@JUNOS# set interfaces xe-0/0/1 disable 
May 30 17:42:33

{master:0}[edit]
awa@JUNOS# commit           
May 30 17:42:43
configuration check succeeds
commit complete

{master:0}[edit]
awa@JUNOS# run file list /var/tmp/ | grep show    
May 30 17:42:50
JUNOS_20180530_174245_show_interfaces_extensive

{master:0}[edit]
awa@JUNOS# run file show /var/tmp/JUNOS_20180530_174245_show_interfaces_extensive | no-more 
May 30 17:43:06


root@JUNOS> show interfaces extensive "xe-0/0/1"

Physical interface: xe-0/0/1, Administratively down, Physical link is Up
  Interface index: 650, SNMP ifIndex: 512, Generation: 141
  Link-level type: Ethernet, MTU: 2000, LAN-PHY mode, Speed: 10Gbps, Duplex: Full-Duplex, BPDU Error: None, Loop Detect PDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Media type: Fiber
  Device flags   : Present Running
  Interface flags: Down SNMP-Traps Internal: 0x4000
  Link flags     : None
  CoS queues     : 8 supported, 8 maximum usable queues
  Hold-times     : Up 0 ms, Down 0 ms
  Current address: 02:05:86:71:2d:07, Hardware address: 02:05:86:71:2d:07
  Last flapped   : 2018-05-30 17:28:23 UTC (00:14:22 ago)
  Statistics last cleared: Never
  Traffic statistics:
   Input  bytes  :                    0                    0 bps
   Output bytes  :               176652                    0 bps
   Input  packets:                    0                    0 pps
   Output packets:                    0                    0 pps
   IPv6 transit statistics:
    Input  bytes  :                   0
    Output bytes  :                   0
    Input  packets:                   0
    Output packets:                   0
  Input errors:
    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0
  Output errors:
    Carrier transitions: 5, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
  Egress queues: 8 supported, 4 in use
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
    0              16045690984503098046                    0 16045690984503098046
    3              16045690984503098046                    0 16045690984503098046
    4              16045690984503098046                    0 16045690984503098046
    7              16045690984503098046                    0 16045690984503098046
  Queue number:         Mapped forwarding classes
    0                   best-effort
    3                   fcoe
    4                   no-loss
    7                   network-control
  Active alarms  : None
  Active defects : None
  MAC statistics:                      Receive         Transmit
    Total octets                             0           176652
    Total packets                            0                0
    Unicast packets                          0                0
    Broadcast packets                        0             4206
    Multicast packets                        0                0
    CRC/Align errors                         0                0
    FIFO errors                              0                0
    MAC control frames                       0                0
    MAC pause frames                         0                0
    Oversized frames                         0
    Jabber frames                            0
    Fragment frames                          0
    VLAN tagged frames                       0
    Code violations                          0
  MAC Priority Flow Control Statistics:
    Priority :  0                             0                0
    Priority :  1                             0                0
    Priority :  2                             0                0
    Priority :  3                             0                0
    Priority :  4                             0                0
    Priority :  5                             0                0
    Priority :  6                             0                0
    Priority :  7                             0                0
  Filter statistics:
    Input packet count                       0
    Input packet rejects                     0
    Input DA rejects                         0
    Input SA rejects                         0
    Output packet count                                       0
    Output packet pad count                                   0
    Output packet error count                                 0
    CAM destination filters: 2, CAM source filters: 0
  Packet Forwarding Engine configuration:
    Destination slot: 0 (0x00)
  CoS information:
    Direction : Output
    CoS transmit queue               Bandwidth               Buffer Priority   Limit
                              %            bps     %           usec
    0 best-effort            15     1500000000    15              0      low    none
    3 fcoe                   35     3500000000    35              0      low    none
    4 no-loss                35     3500000000    35              0      low    none
    7 network-control        15     1500000000    15              0      low    none
  Interface transmit statistics: Disabled

  Logical interface xe-0/0/1.0 (Index 565) (SNMP ifIndex 519) (HW Token 4094) (Generation 174)
    Flags: Device-Down SNMP-Traps 0x4004000 Encapsulation: ENET2
    Traffic statistics:
     Input  bytes  :                    0
     Output bytes  :                 3738
     Input  packets:                    0
     Output packets:                   89
    Local statistics:
     Input  bytes  :                    0
     Output bytes  :                 3738
     Input  packets:                    0
     Output packets:                   89
    Transit statistics:
     Input  bytes  :                    0                    0 bps
     Output bytes  :                    0                    0 bps
     Input  packets:                    0                    0 pps
     Output packets:                    0                    0 pps
    Protocol inet, MTU: 1986, Generation: 199, Route table: 0
      Flags: Sendbcast-pkt-to-re
      Addresses, Flags: Dest-route-down Is-Preferred Is-Primary
        Destination: 192.168.111/24, Local: 192.168.111.1, Broadcast: 192.168.111.255, Generation: 169

{master:0}[edit]

awa@JUNOS# 

Monday, January 15, 2018

Junos Op Script Hello World

This is example and demo uses Junos on-box script for hello world. Basically on-box script divide into 3: operational script (op script), commit script and event script. On this posting I will show you the very simple about op script.

# Running Op Script from operational mode


awa@JUNOS> show configuration system scripts 

op {
    file hello.slax;
    file show.slax;
}

{master:0}

awa@JUNOS> file list /var/db/scripts/op 

/var/db/scripts/op:

hello.slax
show.slax*

{master:0}

awa@JUNOS> file show /var/db/scripts/op/hello.slax 
version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";

ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

import "../import/junos.xsl";


match / {

    {
  "Hello World";
    }
}

{master:0}

awa@JUNOS> op hello 
Hello World

{master:0}

awa@JUNOS> 

# Running Op Script from start shell

*not all op script can running from start shell

awa@JUNOS> start shell 

% cd /var/db/scripts/op
% ls -l
total 16
-rw-r--r—  1 awa  wheel  275 Jan  9 17:02 hello.slax
-rwxrws---  1 awa  wheel  442 Jan  8 16:29 show.slax
% cat hello.slax
version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";

ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

import "../import/junos.xsl";


match / {

    {
  "Hello World";
    }
}
% cli op hello
Hello World

%

Tuesday, October 31, 2017

Juniper vSRX Flow-based to Packet-based

This posting explains how to change the forwarding mode on Juniper vSRX from flow-based to packet-based for IPv4 traffic.


Juniper vSRX 'show version'
So basically An Juniper vSRX can operate in two different modes: packet mode and flow mode. In flow mode, vSRX processes all traffic by analyzing the state or session of traffic. This is also called stateful processing of traffic. In packet mode, vSRX processes the traffic as a traditional router on a per-packet basis. This is also known as stateless processing of traffic. Security features like IPsec, NAT, UTM, and so on, do not work in packet mode. By default, Junos OS on Juniper vSRX devices works in flow mode.

Juniper vSRX or vSRX is virtual form of security platform from Juniper Networks, as we know appliance form called Juniper SRX or SRX.

1. To check the forwarding mode 'show security flow status'.


Juniper vSRX flow-based 'show security flow status'

2. To change Juniper vSRX from flow-based to packet-based, delete the security feature configuration then change the mode to packet-mode using following command and commit.


change the mode to packet-mode

3. Reboot the vSRX to make the changes effective.


reboot needed to change to packet mode

4. Once the vSRX is up after reboot, check the flow status again. As you can see, the forwarding mode is now packet-based.


Juniper vSRX packet-based