Tuesday, August 16, 2016

Runnng JUNOS CLI from Shell

This is one tips how to execute JUNOS CLI from shell ( BSD shell ).

 Execute / running command from JUNOS CLI
lab@D23_EX4200> show version 
fpc0:
--------------------------------------------------------------------------
Hostname: D23_EX4200
Model: ex4200-48t
JUNOS Base OS boot [12.3R9.4]
JUNOS Base OS Software Suite [12.3R9.4]
JUNOS Kernel Software Suite [12.3R9.4]
JUNOS Crypto Software Suite [12.3R9.4]
JUNOS Online Documentation [12.3R9.4]
JUNOS Enterprise Software Suite [12.3R9.4]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R9.4]
JUNOS Routing Software Suite [12.3R9.4]
JUNOS Web Management [12.3R9.4]
JUNOS FIPS mode utilities [12.3R9.4]

{master:0}

lab@D23_EX4200>

 Execute / running command from BSD shell
lab@D23_EX4200> start shell 
% cli show version
fpc0:
--------------------------------------------------------------------------
Hostname: D23_EX4200
Model: ex4200-48t
JUNOS Base OS boot [12.3R9.4]
JUNOS Base OS Software Suite [12.3R9.4]
JUNOS Kernel Software Suite [12.3R9.4]
JUNOS Crypto Software Suite [12.3R9.4]
JUNOS Online Documentation [12.3R9.4]
JUNOS Enterprise Software Suite [12.3R9.4]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R9.4]
JUNOS Routing Software Suite [12.3R9.4]
JUNOS Web Management [12.3R9.4]
JUNOS FIPS mode utilities [12.3R9.4]

%
Posted by Hermawan Widiyanto at 2:23 PM 0 comments

Friday, August 5, 2016

Juniper JUNOS Configuration Check-out Failed

Below is one example / case of configuration check-out failed in Juniper JUNOS. Even JUNOS allow you to set command line, isn't sure the command is correct one, verify with commit check or straight with commit, you will see failed.

This example is interface access mode with VLAN member more than one members, if you want the interface with more than one member of VLAN, you must set port-mode trunk.

awa@D22_EX2200# show interfaces ge-1/0/7  
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members TEST;
        }
    }
}

awa@D22_EX2200# set interfaces ge-1/0/7 unit 0 family ethernet-switching port-mode access vlan members MGMT 

{master:1}[edit]
awa@D22_EX2200# show interfaces ge-1/0/7                                                                       
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members [ TEST MGMT ];
        }
    }
}

{master:1}[edit]
awa@D22_EX2200# commit                                                                                         
error: Access interface has more than one vlan member: and
error: configuration check-out failed
{master:1}[edit]

awa@D22_EX2200#
Posted by Hermawan Widiyanto at 6:01 PM 0 comments

Wednesday, July 13, 2016

Juniper SRX 1500 Firewall Performance 9 Gbps (1518 bytes)

Product Overview

The SRX 1500 Services Gateway is a next-generation firewall and security services gateway offering outstanding protection, performance, scalability, availability, and security service integration. Designed for port density, a high-performance security services architecture, and seamless integration of networking and security in a single platform, the SRX 1500 is best suited for client protection in enterprise campus, regional headquarters or cloud-based security solutions with a focus on application visibility and control, intrusion prevention, and advanced threat protection. The SRX 1500 is powered by Junos OS, the industry-leading operating system that keeps the world’s largest and most mission-critical enterprise networks secure.

 SRX 1500 is one of newest product from security family of Juniper Networks. Juniper SRX 1400 is a previous product with the similar performance and capacity with SRX 1500.

 SRX 1400 SRX 1500
Form Factor 3U (3RU) 1U (3RU)
Firewall Performance    10 Gbps 10 Gbps
(max)
Firewall Performance       -  9 Gbps
(1518 bytes)

 *performance of data is based on datasheet

 I have tested with simple test for one of performance SRX 1500 in lab environment use traffic generator with parameter mention in datasheet 1518 bytes. Next time I will test Juniper SRX 1500 to get maximum firewall performance.

 Datasheet Actual Test
Firewall Performance         9 Gbps 9227892208 bps
(1518 bytes)

 - 9227892208 bps
- 768991 pps
- CPU: 33% (FPC)
- memory: 19% (FPC)

 hermawan@SRX1500> show interfaces | match "Desc|rate" | except "0 pps"
    Description: ge-0/0/1.0 - 001
  Output rate    : 9227892208 bps (768991 pps)
    Description: xe-0/0/16.0 - 003
  Input rate     : 9227898200 bps (768991 pps)

 hermawan@SRX1500> show security monitoring
                  Flow session   Flow session     CP session     CP session 
FPC PIC CPU Mem        current        maximum        current        maximum

   0   0  33  19              1        2097152              0              0
Posted by Hermawan Widiyanto at 4:39 PM 0 comments

Thursday, June 30, 2016

Bandwidth VS Speed

I have not updated this blog for long time, due to busy and enjoy with new role on my daily job. My current role is Sales Engineer or some of people say Solution Architect. This is very different with my previous role in mostly as Project and Support Engineer with daily activity hands-on devices. Sales Engineer is combine technical perspective and soft skill to communicate product and solution to customer.

Lets back to main topic 'Bandwidth VS Speed'.

Some of people understand bandwidth and speed is same but for actual both is very different meaning. Bandwidth is how much or how many or how wide the way go to destination or to reach destination or to get something from destination, the unit on internet network world is bit or byte. We can say bandwidth is capacity of the way go to destination. Speed is how fast the source go to destination or to get something from destination, the unit on internet network world is bit/s ( bit per second ) or byte/s ( byte per second ) Even bandwidth and speed is different meaning but the both is related, lets look below tested.

# Server (receiver):

$ iperf -u -s
------------------------------------------------------------
Server listening on UDP port 5001
Receiving 1470 byte datagrams
UDP buffer size:   107 KByte (default)
------------------------------------------------------------
[  3] local 10.0.1.5 port 5001 
connected with 10.0.1.10 port 65299
[  3]  0.0-10.0 sec  1.25 MBytes  1.05 Mbits/sec  0.008 ms    
0/893 (0%)

# Client (sender):
# Please look at below with bold text ( sentence is confusing ), Bandwidth value use Mbits/sec

$ iperf -u -c 10.0.1.5 -b 1M
------------------------------------------------------------
Client connecting to 10.0.1.5, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 9.00 KByte (default)
------------------------------------------------------------
[  3] local 10.0.1.10 port 65300 
connected with 10.0.1.5 port 5001
[ ID] Interval      Transfer     Bandwidth
[  3]  0.0-10.0 sec 1.25 MBytes  1.05 Mbits/sec
[  3] Server Report:
[  3]  0.0-10.0 sec  1.25 MBytes  1.05 Mbits/sec  0.003 ms 
0/893 (0%)
[  3] Sent 893 datagrams
Posted by Hermawan Widiyanto at 12:01 PM 0 comments
Subscribe to: Posts (Atom)