My Techie Guy: June 2016

Friday, June 17, 2016

How to configure port mirroring on juniper MX series routers?

Summary:

How to configure port mirroring on juniper MX series routers?

Problem or Goal:

You are in a situation where you want to capture and analyse live traffic in/out of a juniper MX series router interface. The most common network analyzer tool is wireshark.

Cause:

There are so many scenarios why you might want to capture and analyze network traffic at protocol level, in many cases you would be troubleshooting an application or network problem.

Solution:

In this example, a laptop with a network analyzer tool (Wireshark) is connected to port ge-1/1/2 of the router.
The traffic of interest is in/out of interfaces ge-1/1/0 and ge-1/1/1, i.e. from the clients laptops towards the webserver, two-way.

Port Mirroring on Juniper MX series routers

1. Configure the interface where you are going to connect the wireshark laptop

set interface ge-1/1/2 description to_wireshark_laptop
set interface ge-1/1/2 unit 0 family inet address 192.168.0.1/30
set interfaces ge-1/1/2 unit 0 family inet address 192.168.0.1/30 arp 192.168.0.2 mac A0:1D:48:B3:A1:26

2. Create the filter for example this filter is called "wireshark_capture"

set firewall filter wireshark_capture term 1 from source-address 0.0.0.0/0
set firewall filter wireshark_capture term 1 from destination-address 0.0.0.0/0
set firewall filter wireshark_capture term 1 then port-mirror
set firewall filter wireshark_capture term 1 then count output-pm
set firewall filter wireshark_capture term 1 then accept

set firewall filter wireshark_capture term allow-all-else then accept

3. Apply the filter to the interfaces carrying the traffic of interest

set interfaces ge-1/1/0 unit 0 family inet filter output wireshark_capture
set interfaces ge-1/1/0 unit 0 family inet filter input wireshark_capture
set interfaces ge-1/1/1 unit 0 family inet filter output wireshark_capture
set interfaces ge-1/1/1 unit 0 family inet filter input wireshark_capture

4. Configure the port mirror

set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring input run-length 1
set forwarding-options port-mirroring family inet output interface ge-1/1/2.0 next-hop 192.168.0.2
set forwarding-options port-mirroring family inet output no-filter-check

5. Commit the configuration

#commit check
#commit

Wednesday, June 15, 2016

How to manually switch virtual chassis mastership for EX series switches VC

Summary:

Manually switch virtual chassis master-ship for mixed EX4500 and EX4550

Problem or Goal: Cause:

Command to Toggle mastership between routing engines

Solution:

>edit

#set chassis redundancy graceful-switchover

#commit synchronize

#exit

>request chassis routing-engine master switch

References:

Graceful Routing Engine Switchover (GRES)

Problem Solved?

Yes

Monday, June 13, 2016

How to setup BGP with GREoverIPsec Juniper SRX Firewall?

Summary:

Setting up BGP between two sites connected by GRE over IPsec tunnel

Problem or Goal:

Today i was tasked with connecting two remote sites to exchange BGP routing information via GRE over IPsec tunnels.

Cause:

Solution:

References:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB19372&actp=search
http://kb.juniper.net/InfoCenter/index?page=content&id=KB19371&actp=search
http://myitnotes.info/doku.php?id=en:jobs:vpn_gre_over_ipsec_1
https://overlaid.net/2014/02/01/juniper-cisco-gre-ipsec-with-ospf/

Problem Solved?

MS Outlook Error 0x800ccc0f (The Connection to the Server was Interrupted) when sending email with attachment

Summary:

Some of our customers using our SMTP server have been facing this error while try to send emails that have attachments.
Emails without any attachment would send out fine without any problem, however whenever a user would try to send an email with an attachment, it would stay in the outbox trying and would eventually pop this error:

"Error 0x800ccc0f (The Connection to the Server was Interrupted)"

Problem or Goal:

The confusing part is that it works fine on the office LAN but fails on the 4G network.
works fine on other SMPT servers on the 4G network but only one specific SMTP was failing to upload files.

Cause:

Upload is more senstive to network statability than download, an upload is more likely to fail in a network with losses that a download.

Solution:

I ran two seperate traceroutes off the office LAN and 4G networks and indeed the traffic was taking a different PATH towards the last 3 hops to the SMTP server.

I also ran a test PING to the SMTP server on the different networks 4G and office LAN.
Office LAN was without losses yet 4G had losses towards the SMTP server.
I tested another PING to another SMTP server on 4G and it was lossless which points me to an issue on the PATH to my SMTP server.

The ping would reply for about 1 minute and then timeout for another minute, this makes the upload to fail because for the upload to work, there has to be connectivity for the whole time the file is trying to be uploaded.

I also ran a tracert to the SMTP server during the ping timeout and identifies a problematic hop in the last 3 hops towards the SMTP.

Next step is to engage my SMTP server hosts to sort out this network issue with their ISP.

Problem Solved?

Am still waiting for the feedback but hopefully it gets resolved.

Sunday, June 12, 2016

Troubleshooting Juniper EX Series Virtual Chassis Issues

Summary:
I have a mixture of juniper EX4500 with EX4550, today the would be backup routing engine isolated itself from the virtual chassis and was showing up as master.

Problem or Goal:

Backup routing-engine isolated itself from the VC and was showing to be master.

Cause:

Not yet sure what could have caused this.

Solution:

I powered off the would be backup routing-engine (EX4550) and powered it back on, it managed to join the VC again, but took up the master routing-engine role.

1. Resolution Guide - EX - Troubleshoot Virtual Chassis (VC)

Problem Solved?

Tuesday, June 7, 2016

Become an UBER Driver Partner in Kampala Uganda and start making money

UBER is finally here in Kampala and Ugandan drivers have a chance of being part of this transport revolution. Even you a regular commuter has a chance of making some extra cash by signing up as an UBER driver.

Do you own a decent car and want to turn it into a money making machine while you sit in your office doing your daily 8 to 5 Job? UBER has a profile that fits you. Sign Up as driver or business partner with UBER and employ more drivers under your profile. There is no limit to the number of cars or drivers you can employ.

Click Here to Sign UP as an UBER Driver and it will be the best decision you have made today.

Happy money making with UBER.

"Drive with Uber and earn great money as an independent contractor. Get paid weekly just for helping our community of riders get rides around town. Be your own boss and get paid in fares for driving on your own schedule."

Saturday, June 4, 2016

Vodafone Uganda Introduces UBER rides in Kampala

Vodafone Uganda has partnered with UBER to introduce UBER rides in Uganda, Kampala.

Uber is a technology platform that connects driver-partners with riders through a smartphone app.

In cities where Uber operates, you can use the app to request a ride. When a nearby driver-partner accepts your request, your app displays an estimated time of arrival for the driver-partner heading to your pickup location ... read more about uber

Vodafone Uganda is launching UBER with free rides this weekend

Message from Vodafone Uganda:

"The long weekend is upon us and some of us are planning to paint the city red. Don’t ruin a perfectly great weekend being caught by the ‘Kawunyemu’ chaps! Grab your reliable and FREE Uber to get home safe and sound, that’s if you are in Kampala !!! All you have to do is download the app on your smart phone and sign up with the code MOVEUGANDA to get six (6) free rides up to UGX 20K each."

"All Vodafone customers can now also request for a safe, reliable and affordable ride, this weekend at zero cost, to any of our stores and different parts of Kampala at the tap of a button. Vodafone is proud to be a part of the revolution in Uganda as technology powers transport solutions. Look out for updates on this partnership in the coming days!!!!"