Tuesday, August 16, 2016

Runnng JUNOS CLI from Shell

This is one tips how to execute JUNOS CLI from shell ( BSD shell ).

Execute / running command from JUNOS CLI

lab@D23_EX4200> show version 
fpc0:
--------------------------------------------------------------------------
Hostname: D23_EX4200
Model: ex4200-48t
JUNOS Base OS boot [12.3R9.4]
JUNOS Base OS Software Suite [12.3R9.4]
JUNOS Kernel Software Suite [12.3R9.4]
JUNOS Crypto Software Suite [12.3R9.4]
JUNOS Online Documentation [12.3R9.4]
JUNOS Enterprise Software Suite [12.3R9.4]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R9.4]
JUNOS Routing Software Suite [12.3R9.4]
JUNOS Web Management [12.3R9.4]
JUNOS FIPS mode utilities [12.3R9.4]

{master:0}

lab@D23_EX4200>

Execute / running command from BSD shell

lab@D23_EX4200> start shell 
% cli show version
fpc0:
--------------------------------------------------------------------------
Hostname: D23_EX4200
Model: ex4200-48t
JUNOS Base OS boot [12.3R9.4]
JUNOS Base OS Software Suite [12.3R9.4]
JUNOS Kernel Software Suite [12.3R9.4]
JUNOS Crypto Software Suite [12.3R9.4]
JUNOS Online Documentation [12.3R9.4]
JUNOS Enterprise Software Suite [12.3R9.4]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R9.4]
JUNOS Routing Software Suite [12.3R9.4]
JUNOS Web Management [12.3R9.4]
JUNOS FIPS mode utilities [12.3R9.4]

%

Friday, August 5, 2016

Juniper JUNOS Configuration Check-out Failed

Below is one example / case of configuration check-out failed in Juniper JUNOS. Even JUNOS allow you to set command line, isn't sure the command is correct one, verify with commit check or straight with commit, you will see failed.

This example is interface access mode with VLAN member more than one members, if you want the interface with more than one member of VLAN, you must set port-mode trunk.

awa@D22_EX2200# show interfaces ge-1/0/7  
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members TEST;
        }
    }
}

awa@D22_EX2200# set interfaces ge-1/0/7 unit 0 family ethernet-switching port-mode access vlan members MGMT 

{master:1}[edit]
awa@D22_EX2200# show interfaces ge-1/0/7                                                                       
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members [ TEST MGMT ];
        }
    }
}

{master:1}[edit]
awa@D22_EX2200# commit                                                                                         
error: Access interface has more than one vlan member: and
error: configuration check-out failed

{master:1}[edit]

awa@D22_EX2200#

Wednesday, July 13, 2016

Juniper SRX1500 Firewall Performance 9 Gbps (1518 bytes)

Product Overview

The SRX1500 Services Gateway is a next-generation firewall and security services gateway offering outstanding protection, performance, scalability, availability, and security service integration. Designed for port density, a high-performance security services architecture, and seamless integration of networking and security in a single platform, the SRX1500 is best suited for client protection in enterprise campus, regional headquarters or cloud-based security solutions with a focus on application visibility and control, intrusion prevention, and advanced threat protection. The SRX1500 is powered by Junos OS, the industry-leading operating system that keeps the world’s largest and most mission-critical enterprise networks secure.


SRX1500 is one of newest product from security family of Juniper Networks. Juniper SRX1400 is a previous product with the similar performance and capacity with SRX1500.

SRX1400 SRX1500
Form Factor 3U (3RU) 1U (3RU)
Firewall Performance    10 Gbps 10 Gbps
(max)
Firewall Performance       -  9 Gbps
(1518 bytes)

*performance of data is based on datasheet

I have tested with simple test for one of performance SRX1500 in lab environment use traffic generator with parameter mention in datasheet 1518 bytes. Next time I will test Juniper SRX1500 to get maximum firewall performance.

Datasheet Actual Test

Firewall Performance         9 Gbps 9227892208 bps
(1518 bytes)

- 9227892208 bps
- 768991 pps
- CPU: 33% (FPC)
- memory: 19% (FPC)

hermawan@SRX1500> show interfaces | match "Desc|rate" | except "0 pps"
    Description: ge-0/0/1.0 - 001
  Output rate    : 9227892208 bps (768991 pps)
    Description: xe-0/0/16.0 - 003
  Input rate     : 9227898200 bps (768991 pps)

hermawan@SRX1500> show security monitoring

                  Flow session   Flow session     CP session     CP session 
FPC PIC CPU Mem        current        maximum        current        maximum

  0   0  33  19              1        2097152              0              0