awa Network

Thursday, May 31, 2018

Junos Event Scripts Automation

Previously I have posted simple example for Junos Op Script or Operation Script, Now I'm posting simple example for On-box Scripts about Junos Event Scripts Automation when detect interface down and execute health check command to get realtime evidence.

awa@JUNOS# show event-options
May 30 17:41:20
policy LINK_DOWN_LOG {
events snmp_trap_link_down;
then {
execute-commands {
commands {
"show interfaces extensive {$$.interface-name}";
}
output-filename show_interfaces_extensive;
destination LOCAL_VAR_TMP;
output-format text;
}
}
}
destinations {
LOCAL_VAR_TMP {
archive-sites {
/var/tmp;
}
}
}

{master:0}[edit]

awa@JUNOS#

How to test that event scripts ?

awa@JUNOS# run file list /var/tmp/ | grep show
May 30 17:42:23

{master:0}[edit]
awa@JUNOS# set interfaces xe-0/0/1 disable
May 30 17:42:33

{master:0}[edit]
awa@JUNOS# commit
May 30 17:42:43
configuration check succeeds
commit complete

{master:0}[edit]
awa@JUNOS# run file list /var/tmp/ | grep show
May 30 17:42:50
JUNOS_20180530_174245_show_interfaces_extensive

{master:0}[edit]
awa@JUNOS# run file show /var/tmp/JUNOS_20180530_174245_show_interfaces_extensive | no-more
May 30 17:43:06

root@JUNOS> show interfaces extensive "xe-0/0/1"

Physical interface: xe-0/0/1, Administratively down, Physical link is Up
Interface index: 650, SNMP ifIndex: 512, Generation: 141
Link-level type: Ethernet, MTU: 2000, LAN-PHY mode, Speed: 10Gbps, Duplex: Full-Duplex, BPDU Error: None, Loop Detect PDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Media type: Fiber
Device flags : Present Running
Interface flags: Down SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 02:05:86:71:2d:07, Hardware address: 02:05:86:71:2d:07
Last flapped : 2018-05-30 17:28:23 UTC (00:14:22 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 0 0 bps
Output bytes : 176652 0 bps
Input packets: 0 0 pps
Output packets: 0 0 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 5, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 16045690984503098046 0 16045690984503098046
3 16045690984503098046 0 16045690984503098046
4 16045690984503098046 0 16045690984503098046
7 16045690984503098046 0 16045690984503098046
Queue number: Mapped forwarding classes
0 best-effort
3 fcoe
4 no-loss
7 network-control
Active alarms : None
Active defects : None
MAC statistics: Receive Transmit
Total octets 0 176652
Total packets 0 0
Unicast packets 0 0
Broadcast packets 0 4206
Multicast packets 0 0
CRC/Align errors 0 0
FIFO errors 0 0
MAC control frames 0 0
MAC pause frames 0 0
Oversized frames 0
Jabber frames 0
Fragment frames 0
VLAN tagged frames 0
Code violations 0
MAC Priority Flow Control Statistics:
Priority : 0 0 0
Priority : 1 0 0
Priority : 2 0 0
Priority : 3 0 0
Priority : 4 0 0
Priority : 5 0 0
Priority : 6 0 0
Priority : 7 0 0
Filter statistics:
Input packet count 0
Input packet rejects 0
Input DA rejects 0
Input SA rejects 0
Output packet count 0
Output packet pad count 0
Output packet error count 0
CAM destination filters: 2, CAM source filters: 0
Packet Forwarding Engine configuration:
Destination slot: 0 (0x00)
CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec
0 best-effort 15 1500000000 15 0 low none
3 fcoe 35 3500000000 35 0 low none
4 no-loss 35 3500000000 35 0 low none
7 network-control 15 1500000000 15 0 low none
Interface transmit statistics: Disabled

Logical interface xe-0/0/1.0 (Index 565) (SNMP ifIndex 519) (HW Token 4094) (Generation 174)
Flags: Device-Down SNMP-Traps 0x4004000 Encapsulation: ENET2
Traffic statistics:
Input bytes : 0
Output bytes : 3738
Input packets: 0
Output packets: 89
Local statistics:
Input bytes : 0
Output bytes : 3738
Input packets: 0
Output packets: 89
Transit statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
Input packets: 0 0 pps
Output packets: 0 0 pps
Protocol inet, MTU: 1986, Generation: 199, Route table: 0
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Dest-route-down Is-Preferred Is-Primary
Destination: 192.168.111/24, Local: 192.168.111.1, Broadcast: 192.168.111.255, Generation: 169

{master:0}[edit]

awa@JUNOS#

Monday, January 15, 2018

Junos Op Script Hello World

This is example and demo uses Junos on-box script for hello world. Basically on-box script divide into 3: operational script (op script), commit script and event script. On this posting I will show you the very simple about op script.

# Running Op Script from operational mode

awa@JUNOS> show configuration system scripts
op {
file hello.slax;
file show.slax;
}

{master:0}
awa@JUNOS> file list /var/db/scripts/op

/var/db/scripts/op:
hello.slax
show.slax*

{master:0}
awa@JUNOS> file show /var/db/scripts/op/hello.slax
version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

import "../import/junos.xsl";

match / {

{

"Hello World";
}
}

{master:0}
awa@JUNOS> op hello
Hello World

{master:0}
awa@JUNOS>

# Running Op Script from start shell
*not all op script can running from start shell

awa@JUNOS> start shell
% cd /var/db/scripts/op
% ls -l
total 16
-rw-r--r— 1 awa wheel 275 Jan 9 17:02 hello.slax
-rwxrws--- 1 awa wheel 442 Jan 8 16:29 show.slax
% cat hello.slax
version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

import "../import/junos.xsl";

match / {

{

"Hello World";
}
}
% cli op hello
Hello World

%

Tuesday, October 31, 2017

Juniper vSRX Flow-based to Packet-based

This posting explains how to change the forwarding mode on Juniper vSRX from flow-based to packet-based for IPv4 traffic.

Juniper vSRX 'show version'

So basically An Juniper vSRX can operate in two different modes: packet mode and flow mode. In flow mode, vSRX processes all traffic by analyzing the state or session of traffic. This is also called stateful processing of traffic. In packet mode, vSRX processes the traffic as a traditional router on a per-packet basis. This is also known as stateless processing of traffic. Security features like IPsec, NAT, UTM, and so on, do not work in packet mode. By default, Junos OS on Juniper vSRX devices works in flow mode.

Juniper vSRX or vSRX is virtual form of security platform from Juniper Networks, as we know appliance form called Juniper SRX or SRX.

1. To check the forwarding mode 'show security flow status'.

Juniper vSRX flow-based 'show security flow status'

2. To change Juniper vSRX from flow-based to packet-based, delete the security feature configuration then change the mode to packet-mode using following command and commit.

change the mode to packet-mode

3. Reboot the vSRX to make the changes effective.

reboot needed to change to packet mode

4. Once the vSRX is up after reboot, check the flow status again. As you can see, the forwarding mode is now packet-based.

Juniper vSRX packet-based