ip as-path access-list 1 deny _1234$
ip as-path access-list 1 deny _5678$
ip as-path access-list 1 permit .*

router bgp 100
neighbor 192.168.0.1 remote-as 200
neighbor 192.168.0.1 des ebgp-test
neighbor 192.168.0.1 filter-list 1 in

Juniper way:

protocols {
bgp {
group “ebgp-test” {
type external;
import test-in;
peer-as 200;
neighbor 192.168.0.1 {
}
}
policy-options {
policy-statement test {
from as-path [test test1];
then reject;
}
set policy-options as-path a “.*1234″
set policy-options as-path b “.*5678″
}

ae: Aggregated Ethernet A virtual aggregated link.
as: Aggregated SONET/SDH A virtual aggregated link.
at: ATM1 or ATM2 IQ Asynchronous Transfer Mode
cau4: Channelized AU-4 IQ Configured on the Channelized STM-1 IQ PIC.
coc1: Channelized OC-1 IQ Configured on the Channelized OC-12 IQ PIC.
coc12: Channelized OC-12 IQ Configured on the Channelized OC-12 IQ PIC.
cstm1: Channelized STM-1 IQ Configured on the Channelized STM-1 IQ PIC.
ce1: Channelized E1 IQ Configured on the Channelized E1 IQ PIC or Channelized
STM-1 IQ PIC.
ct1: Channelized T1 IQ Configured on the Channelized DS-3 IQ PIC or
Channelized OC-12 IQ PIC.
ct3: Channelized T3 IQ Configured on the Channelized DS-3 IQ PIC or
Channelized OC-12 IQ PIC.
cp: Collector Configured on the Monitoring Services II PIC.
ds: DS-0 Configured on the Channelized DS-3 to DS-0 PIC, Channelized E1 PIC, Channelized OC-12 IQ PIC
dsc: Discard Allows you to identify the ingress point of a denial-of-service (DoS) attack.
e1: E1 Includes the channelized STM-1 to E1 interfaces.
e3: E3 Includes the E3 IQ interfaces.
es: Encryption Allows you to configure a security association (SA) name
with a logical interface.
fe: Fast Ethernet 100Base-TX (Fast Ethernet, 100 Mbps).
fxp0: Management and internal Ethernet The management Ethernet interface is an out-of-bandmanagement interface within the routing platform.
fxp1: Interface that connects the routing engine and packet forwarding engine.
ge: Gigabit Ethernet Includes Gigabit Ethernet IQ interfaces.
gr: Generic Route Encapsulation tunnel Allows you to configure a unicast tunnel using GRE
encapsulation.
gre: Internally generated This interface is internally generated and is not
configurable.
ip: IP-over-IP encapsulation tunnel Allows you to configure a unicast tunnel using IP-IP
encapsulation.
ipip: Internally generated This interface is internally generated and is not
configurable.
lo Loopback This interface is internally generated. The logical
interface lo0.16383 is a non-configurable interface for routing platform control traffic.
ls: Link services Supports bundles that contain links.
lsi: Internally generated This interface is internally generated and is not
configurable.
ml: Multilink Includes Multilink Frame Relay and Multilink PPP.
mo: Monitoring services Includes the monitoring services and monitoring services
II interfaces. The logical interface mo-fpc/pic/port.16383 is an internally generated, non-configurable interface for routing platform control traffic.
mt: Multicast tunnel Internal routing platform interface for VPNs.
mtun: Internally generated This interface is internally generated and is not
configurable.
me0: – out of band management interface on ex switches
oc3: OC-3 IQ Configured on the Channelized OC-12 IQ PIC.
pe: This interface is present on the first-hop routing platform. Encapsulates packets destined for the rendezvous point (RP) routing platform.
pd: This interface is present on the RP De-encapsulates packets at the RP.
pimd: Internally generated This interface is internally generated and is not
configurable.
pime: Internally generated This interface is internally generated and is not
configurable.
rlsq: – a redundant bundle interface, made of two or more lsq interface. If you have redundant AS Pics.
se: Serial Includes the EIA-530, V.35, and X.21 interfaces.
so: SONET/SDH Both are widely used methods for very high speed
transmission of voice and data signals across the numerous world-wide fiber-optic networks.
sp: Adaptive services The logical interface sp-fpc/pic/port.16383 is an
internally generated, non-configurable interface for routing platform control traffic.
t1: T1 Includes the channelized DS-3 to DS-1 interfaces.
t3: T3 Includes the channelized OC-12 to DS-3 interfaces.
tap: Internally generated This interface is internally generated and is not
configurable.
vcp: – virtual chassis interface (EX4200 only)
vsp: Voice services The Adaptive Services (AS) Physical Interface Card (PIC)
supports the compressed real-time transport protocol (RTP) on this interface.
vt: Virtual loopback tunnel On routing platforms equipped with a Tunnel PIC,
enables egress filtering.
xe: – 1GE optical interface on ex switches

Juniper reference:
http://www.juniper.net/techpubs/software/nog/nog-interfaces/download/nog-interfaces.pdf

Download Tacacs from : ftp://ftp.shrubbery.net/pub/tac_plus/ also you will need tcp_wrappers for tac_plus to work.

Install tcp_wrappers and tacacs

yum install -y tcp_wrappers
yum install -y tcp_wrappers-devel
yum install -y tcp_wrappers-libs
Download ftp://ftp.shrubbery.net/pub/tac_plus/tacacs+-F4.0.4.15.tar.gz
tar zxvf tacacs+-F4.0.4.15.tar.gz
cd tacacs+-F4.0.4.15
./configure
make
make install

Setup tacacs.conf

key = “secretkey”
accounting file = /var/log/tac_plus
acl = HomeNet {
permit = 10.2.2.1
}
user = rancid {
default service = permit
login = cleartext mypass
enable = cleartext mypass
service = junos-exec {
local-user-name = operations
}
}
user = giany {
default service = permit
login = cleartext mypass
enable = cleartext mypass
service = junos-exec {
local-user-name = operations
}

}

Configure Juniper Tacacs

set system authentication-order [ tacplus password ]

set system tacplus-server 10.2.2.1 secret secretkey
set system accounting events login
set system accounting events interactive-commands
set system accounting destination tacplus
set system login class network permissions network
set system login class network permissions view
set system login user operations full-name “Users with Full Access”
set system login user operations uid 9999
set system login user operations class super-user
set system login user operations authentication encrypted-password “xxx”
set system login user restricted full-name “Restricted”
set system login user restricted uid 2000
set system login user restricted class read-only
set system login user restricted authentication encrypted-password “xxx”

RANCID

# adduser rancid
Download ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.1.tar.gz
# tar zxvf rancid-2.3.1.tar.gz
# cd rancid-2.3.1
# ./configure –prefix=/home/rancid
# su – rancid
# set CVSROOT /home/rancid/var/CVS
# cvs init
# rancid-cvs

.cloginrc

add method 10.2.2.2 ssh

add method 10.100.100.1 ssh
add user olive rancid
add user cisco rancid
add password olive {mypass} {mypass}
add password cisco {mypass} {mypass}

Debug

[rancid@box ~]$ clogin cisco
cisco
spawn ssh -c 3des -x -l rancid cisco
rancid@cisco’s password:
Corp:2>enable
Password:
Corp:2#

[rancid@box ~]$ jlogin olive
olive
spawn ssh -c 3des -x -l rancid olive

WARNING: You are being watched.
rancid@olive’s password:
— JUNOS 7.4R2.6 built 2006-01-20 14:27:46 UTC
rancid@olive.x83.net>

# tail -f /var/log/tac_plus

Mon Aug 4 16:20:37 2008 10.2.2.2 rancid ttyp0 olive.x83.net stop task_id=1 service=shell elapsed_time=263 process*mgd[7038] cmd=logout
Mon Aug 4 16:26:15 2008 10.100.100.1 rancid tty2 10.100.100.100 start task_id=58 timezone=UTC service=shell
Mon Aug 4 16:26:43 2008 10.100.100.1 rancid tty2 10.100.100.100 stop task_id=58 timezone=UTC service=shell disc-cause=1 disc-cause-ext=1020 connect-progress=101 elapsed_time=28 nas-rx-speed=0 nas-tx-speed=0
Mon Aug 4 16:26:56 2008 10.2.2.2 rancid ttyp0 olive.x83.net start task_id=1 service=shell process*mgd[7045] cmd=login
Mon Aug 4 16:27:03 2008 10.2.2.2 rancid ttyp0 olive.x83.net stop task_id=1 service=shell elapsed_time=8 process*mgd[7045] cmd=logout
Mon Aug 4 16:27:15 2008 10.2.2.2 rancid ttyp0 olive.x83.net start task_id=1 service=shell process*mgd[7049] cmd=login

Set idle-timeout so after a while a user will get disconnect:

login
class admin {
idle-timeout 4;
permissions all;
}
user test {
class admin
}

On terminal you will get smth like that:

test@br0> Warning: session will be closed in 1 minute if there is no activity
Warning: session will be closed in 10 seconds if there is no activity
Idle timeout exceeded: closing session
Connection closed by foreign host.

First you will use a term to set the host from where you will use ssh and then reject the rest. The second term is to allow all traffic pass through your core.

lo0 {
    description "br0 loopback";
    unit 0 {
        family inet {
            filter {
                    input re-filter;
            }
            address 127.0.0.1/32;
            address 172.16.9.1/32 {
                primary;
            }
        }
    }
}

And then the policy filter:

filter lo-filter {
    term ssh {
        from {
            source-address {
            10.0.1.254/32 except;
             }
            destination-port ssh;
        }
        then {
            discard
        }
    }
    term no-ssh {
         then {
             accept
          }
    }
} 

Configuration

R1:

set protocols ospf area 0.0.0.0 interface fxp1.0

R2:

set protocols ospf area 0.0.0.0 interface fxp1.0
set protocols ospf area 0.0.0.0 interface fxp2.0

R3:

set protocols ospf area 0.0.0.0 interface fxp2.0
set protocols ospf area 0.0.0.0 interface fxp1.0
set protocols ospf area 0.0.0.0 interface fxp1.2

R4:

set protocols ospf area 0.0.0.0 interface fxp1.0
set protocols ospf area 0.0.0.0 interface fxp1.2

Debug

[root@box ~]# jlogin -c "show route" 10.0.1.1
spawn ssh -c 3des -x -l rancid 10.0.1.1
rancid@10.0.1.1's password:
--- JUNOS 8.5R3.4 built 2008-04-24 03:40:14 UTC
rancid@br0> 

rancid@br0> set cli complete-on-space off
Disabling complete-on-space

rancid@br0> set cli screen-length 0
Screen length set to 0

rancid@br0> show route 

inet.0: 11 destinations, 11 routes (10 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 00:26:09
                    > to 10.0.1.254 via fxp0.0
10.0.1.0/24        *[Direct/0] 00:26:10
                    > via fxp0.0
10.0.1.1/32        *[Local/0] 00:26:10
                      Local via fxp0.0
172.16.9.1/32      *[Direct/0] 00:26:10
                    > via lo0.0
192.168.5.0/30     *[Direct/0] 00:26:10
                    > via fxp1.0
192.168.5.1/32     *[Local/0] 00:26:10
                      Local via fxp1.0
192.168.6.0/30     *[OSPF/10] 00:12:51, metric 20               // routes from R3
                    > to 192.168.5.2 via fxp1.0
192.168.7.0/29     *[OSPF/10] 00:12:39, metric 30               // routes from R4
                    > to 192.168.5.2 via fxp1.0
192.168.8.0/29     *[OSPF/10] 00:12:39, metric 30               // routes from R4
                    > to 192.168.5.2 via fxp1.0
224.0.0.5/32       *[OSPF/10] 00:26:12, metric 1
                      MultiRecv

rancid@br0> quit
Connection to 10.0.1.1 closed.

As you can see R1 get the routes from R3 and R4. Also ping should work between this 4 routers.

[root@box ~]# jlogin -c "ping rapid 192.168.7.2" 10.0.1.1
spawn ssh -c 3des -x -l rancid 10.0.1.1
rancid@10.0.1.1's password:
--- JUNOS 8.5R3.4 built 2008-04-24 03:40:14 UTC
rancid@br0> 

rancid@br0> set cli complete-on-space off
Disabling complete-on-space

rancid@br0> set cli screen-length 0
Screen length set to 0

rancid@br0> ping rapid 192.168.7.2
PING 192.168.7.2 (192.168.7.2): 56 data bytes
!!!!!
--- 192.168.7.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 8.507/13.222/21.780/5.199 ms

rancid@br0> quit
Connection to 10.0.1.1 closed.

View ospf database:

rancid@br0> show ospf database
    OSPF link state database, Area 0.0.0.0
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Router  *172.16.9.1       172.16.9.1       0x80000004   982  0x22 0xfa8   36
Router   172.16.9.2       172.16.9.2       0x80000008   971  0x22 0x783f  48
Router   172.16.9.3       172.16.9.3       0x80000009   972  0x22 0x872c  60
Router   172.16.9.4       172.16.9.4       0x80000004   976  0x22 0xe2cd  48
Network  192.168.5.2      172.16.9.2       0x80000001   983  0x22 0x175   32
Network  192.168.6.2      172.16.9.3       0x80000001   972  0x22 0x86a   32
Network  192.168.7.1      172.16.9.3       0x80000002   137  0x22 0x96a   32
Network  192.168.8.1      172.16.9.3       0x80000002   437  0x22 0xfd74  32

redistribute routes

Lets say we set on R1 a default route:

set routing-options static route 0.0.0.0/0 next-hop 10.0.1.254

And now you want to send a default route to the rest of the routers. First we need to create a policy statement
from protocol static. Of course you can match specific routes. Check [[ Redistribute routes ]] for details.

set policy-options policy-statement default-route term 1 from protocol static
set policy-options policy-statement default-route term 1 then accept

and then we export that statement into OSPF:

set protocols ospf export default-route

Routing table on R2 will look like:

rancid@R2> show route
0.0.0.0/0          *[OSPF/150] 00:25:16, metric 0, tag 0
                    > to 192.168.5.1 via fxp1.0

As you can see it recieves 0.0.0.0/0 via OSPF.

The local router then sends Hello messages on its operational links to determine whether other link-state routers are operating on the interfaces as well. When a remote router is located, the local router attempts to form an adjacency.
This adjacency enables the two routers to advertise summary link-state database information to each other.

This exchange is not the actual detailed database information, but is truly a summary of the data. Each router evaluates the summary data against its local link-state database to verify that it has the most up-to-date information. Should one side of the adjacency realize that it requires an update, that router requests the new information from the adjacent router.
The update includes the actual data contained in the link-state database. This exchange process continues until both routers have identical link-state databases.

Each router uses the Dijkstra Algorithm to process the database information into a path to each destination in the network. Every link-state router uses the same algorithm to process its database, requiring each router to maintain consistent information to get the same results.

Common Packet Header
All OSPF packets share a common 24-octet header. This header allows the receiving router to determine whether the packet is valid and should be processed. The OSPF header fields includes the following:

Version (1 octet) This field details the current version of OSPF used by the local router. It is set to a value of 2, the default value. Type (1 octet) This field specifies the type of OSPF packet. Possible values include:

*1—Hello packet
*2—Database descriptor
*3—Link-state request
*4—Link-state update
*5—Link-state acknowledgment

Packet Length (2 octets)
This field displays the total length, in octets, of the OSPF packet.
Router ID (4 octets)
The router ID of the advertising router appears in this field.
Area ID (4 octets)
This field contains the 32-bit area ID assigned to the interface used to send
the OSPF packet.
Checksum (2 octets)
This field displays a standard IP checksum for the entire OSPF packet,
excluding the 64-bit authentication field.
Authentication Type (2 octets)
The specific type of authentication used by OSPF is encoded in this field. Possible values are:
*0—Null authentication
*1—Simple password
*2—MD5 cryptographic authentication

Authentication (8 octets)
This field displays the authentication data to verify the packet’s integrity.

I`m running 4 olive instances, each one having 3 interfaces (fxp0,fxp1,fxp2). I interconnect them using ”’tap”’ interfaces and put each interface in separate vlans:

So : fxp0 from each olive in BR0
fxp1 from R1 and R2 in BR1
fxp2 from R2 and R3 in BR2
fxp1 from R3 and R4 in BR3

Set interfaces

For R1:

[rancid@box ~]$ jlogin -c "show configuration interfaces|display set" 10.0.1.1
rancid@R1>
rancid@R1> show configuration interfaces|display set
set interfaces fxp0 unit 0 family inet address 10.0.1.1/24
set interfaces fxp1 vlan-tagging
set interfaces fxp1 unit 0 vlan-id 2
set interfaces fxp1 unit 0 family inet address 192.168.5.1/24

For R2:

[rancid@box ~]$ jlogin -c "show configuration interfaces|display set" 10.0.1.2
rancid@R2> show configuration interfaces|display set
set interfaces fxp0 unit 0 family inet address 10.0.1.2/24
set interfaces fxp1 vlan-tagging
set interfaces fxp1 unit 0 vlan-id 2
set interfaces fxp1 unit 0 family inet address 192.168.5.2/24
set interfaces fxp2 vlan-tagging
set interfaces fxp2 unit 0 vlan-id 3
set interfaces fxp2 unit 0 family inet address 192.168.6.1/24

For R3:

[rancid@box ~]$ jlogin -c "show configuration interfaces|display set" 10.0.1.3
rancid@R3> show configuration interfaces|display set
set interfaces fxp0 unit 0 family inet address 10.0.1.3/24
set interfaces fxp1 vlan-tagging
set interfaces fxp1 unit 0 vlan-id 4
set interfaces fxp1 unit 0 family inet address 192.168.7.1/24
set interfaces fxp2 vlan-tagging
set interfaces fxp2 unit 0 vlan-id 3
set interfaces fxp2 unit 0 family inet address 192.168.6.2/24

For R4:

[rancid@box ~]$ jlogin -c "show configuration interfaces|display set" 10.0.1.4
rancid@R4> show configuration interfaces|display set
set interfaces fxp0 unit 0 family inet address 10.0.1.4/24
set interfaces fxp1 vlan-tagging
set interfaces fxp1 unit 0 vlan-id 4
set interfaces fxp1 unit 0 family inet address 192.168.7.2/24

After all this there is no conectivity between R1 and R4.

Configure rip

To configure RIP you must first set a group that contains the interfaces interfaces on which RIP will be enabled.

R1:
set protocols rip group BR neighbor fxp1.0

R2:

set protocols rip group BR neighbor fxp1.0
set protocols rip group BR neighbor fxp2.0

R3:

set protocols rip group BR neighbor fxp1.0
set protocols rip group BR neighbor fxp2.0

R4:

set protocols rip group BR neighbor fxp1.0

When you simply enable RIP, the default JUNOS behavior is to only receive RIP traffic but not learn any of the routes or send any RIP routes. To have RIP send routing information to its neighbors, you need to configure a routing policy that has RIP export routes to its neighbors.

Add this to all 4 olives:

rip_routes

set protocols rip group BR export advertise-routes-via-rip
set policy-options policy-statement advertise-routes-via-rip term 1 from protocol direct
set policy-options policy-statement advertise-routes-via-rip term 1 from protocol rip
set policy-options policy-statement advertise-routes-via-rip term 1 then accept

To do it faster I use jlogin from the rancid suite smth like:

jlogin -x rip_routes 10.0.1.1

Debug

rancid@R4> show route protocol rip 

10.0.1.0/24         [RIP/100] 06:09:41, metric 2, tag 0
                    > to 192.168.7.1 via fxp1.0
'''192.168.5.0/24     *[RIP/100] 06:09:41, metric 3, tag 0
                    > to 192.168.7.1 via fxp1.0
192.168.6.0/24     *[RIP/100] 06:09:41, metric 2, tag 0
                    > to 192.168.7.1 via fxp1.0'''
224.0.0.9/32       *[RIP/100] 05:12:52, metric 1

rancid@R4> show rip statistics
RIPv2 info: port 520; holddown 120s.
    rts learned  rts held down  rqsts dropped  resps dropped
              3              0              0              0

fxp1.0:  3 routes learned; 1 routes advertised; timeout 180s; update interval 30s
Counter                         Total   Last 5 min  Last minute
-------                   -----------  -----------  -----------
Updates Sent                      780           10            2
Triggered Updates Sent              1            0            0
Responses Sent                      0            0            0
Bad Messages                        0            0            0
RIPv1 Updates Received              0            0            0
RIPv1 Bad Route Entries             0            0            0
RIPv1 Updates Ignored               0            0            0
RIPv2 Updates Received            773           10            2
RIPv2 Bad Route Entries             0            0            0
RIPv2 Updates Ignored               0            0            0
Authentication Failures             0            0            0
RIP Requests Received               0            0            0
RIP Requests Ignored                0            0            0

Tracing RIP traffic:

set protocols rip traceoptions file rip
set protocols rip traceoptions flag update
and to view the file:
rancid@R1> show log rip
Jan 29 13:24:44 trace_on: Tracing to "/var/log/rip" started
Jan 29 13:25:04.547811 received response: sender 192.168.5.2, command 2, version 2, mbz: 0; 3 routes.
Jan 29 13:25:05.504315 Preparing to send RIPv2 updates on nbr fxp1.0, group: BR.
Jan 29 13:25:05.508892 Update job: sending 20 msgs; nbr: fxp1.0; group: BR; msgp: 0x8995a00.
Jan 29 13:25:05.509008  nbr fxp1.0; msgp 0x8995a00.
Jan 29 13:25:05.509089          sending msg 0x8995a04, 1 rtes
Jan 29 13:25:05.524983 Update job done for nbr fxp1.0 group: BR
Jan 29 13:25:34.416932 received response: sender 192.168.5.2, command 2, version 2, mbz: 0; 3 routes.

To clear the file :

rancid@R1> clear log rip
To deactivate:
 deactivate protocols rip traceoptions
]]>
			http://www.x83.net/juniper-rip-howto/feed/
		0
		
		
		
		http://www.x83.net/install-upgrade-a-different-juniper-release/
		http://www.x83.net/install-upgrade-a-different-juniper-release/#comments
		Sat, 13 Jun 2009 19:35:05 +0000
		Giany
				
		
		
		

		http://www.x83.net/blog/?p=99
		 request system software add validate unlink /var/tmp/jinstall-8.3R2.8-domestic-signed.tgz
Checking compatibility with configuration
Initializing...
Using jbase-8.2R4.5
Verified manifest signed by PackageProduction_8_2_0
Using /var/tmp/jinstall-8.3R2.8-domestic-signed.tgz
Verified jinstall-8.3R2.8-domestic.tgz signed by PackageProduction_8_3_0
Using /mfs/validate/tmp/jinstall-signed/jinstall-8.3R2.8-domestic.tgz
Using /mfs/validate/tmp/jinstall/jbundle-8.3R2.8-domestic.tgz
Checking jbundle requirements on /
Using /mfs/validate/tmp/jbundle/jbase-8.3R2.8.tgz
Verified manifest signed by PackageProduction_8_3_0
Using /mfs/validate/tmp/jbundle/jkernel-8.3R2.8.tgz
Verified manifest signed by PackageProduction_8_3_0
Using /mfs/validate/tmp/jbundle/jcrypto-8.3R2.8.tgz
Verified manifest signed by PackageProduction_8_3_0
Using /mfs/validate/tmp/jbundle/jpfe-8.3R2.8.tgz
Verified SHA1 [...]]]>
			
 file copy http://10.1.1.254/jinstalls/jinstall-8.3R2.8-domestic-signed.tgz /var/tmp/

 request system software add validate unlink /var/tmp/jinstall-8.3R2.8-domestic-signed.tgz
root@R1> request system software add validate unlink /var/tmp/jinstall-8.3R2.8-domestic-signed.tgz
Checking compatibility with configuration
Initializing...
Using jbase-8.2R4.5
Verified manifest signed by PackageProduction_8_2_0
Using /var/tmp/jinstall-8.3R2.8-domestic-signed.tgz
Verified jinstall-8.3R2.8-domestic.tgz signed by PackageProduction_8_3_0
Using /mfs/validate/tmp/jinstall-signed/jinstall-8.3R2.8-domestic.tgz
Using /mfs/validate/tmp/jinstall/jbundle-8.3R2.8-domestic.tgz
Checking jbundle requirements on /
Using /mfs/validate/tmp/jbundle/jbase-8.3R2.8.tgz
Verified manifest signed by PackageProduction_8_3_0
Using /mfs/validate/tmp/jbundle/jkernel-8.3R2.8.tgz
Verified manifest signed by PackageProduction_8_3_0
Using /mfs/validate/tmp/jbundle/jcrypto-8.3R2.8.tgz
Verified manifest signed by PackageProduction_8_3_0
Using /mfs/validate/tmp/jbundle/jpfe-8.3R2.8.tgz
Verified SHA1 checksum of jpfe-M10-8.3R2.8.tgz
Verified SHA1 checksum of jpfe-M120-8.3R2.8.tgz
Verified SHA1 checksum of jpfe-M160-8.3R2.8.tgz
Verified SHA1 checksum of jpfe-M320-8.3R2.8.tgz
Verified SHA1 checksum of jpfe-M40-8.3R2.8.tgz
Verified SHA1 checksum of jpfe-M7i-8.3R2.8.tgz
Verified SHA1 checksum of jpfe-T-8.3R2.8.tgz
Verified SHA1 checksum of jpfe-X960-8.3R2.8.tgz
Verified SHA1 checksum of jpfe-common-8.3R2.8.tgz
WARNING: hw.product.model='unknown' using jpfe-M40
Using /mfs/validate/tmp/jbundle/jdocs-8.3R2.8.tgz
Verified manifest signed by PackageProduction_8_3_0
Using /mfs/validate/tmp/jbundle/jroute-8.3R2.8.tgz
Verified manifest signed by PackageProduction_8_3_0
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
mgd: commit complete
Validation succeeded
Installing package '/var/tmp/jinstall-8.3R2.8-domestic-signed.tgz' ...
Verified jinstall-8.3R2.8-domestic.tgz signed by PackageProduction_8_3_0
Adding jinstall...
Verified manifest signed by PackageProduction_8_3_0

WARNING:     This package will load JUNOS 8.3R2.8 software.
WARNING:     It will save JUNOS configuration files, and SSH keys
WARNING:     (if configured), but erase all other files and information
WARNING:     stored on this machine.  It will attempt to preserve dumps
WARNING:     and log files, but this can not be guaranteed.  This is the
WARNING:     pre-installation stage and all the software is loaded when
WARNING:     you reboot the system.

Saving the config files ...
NOTICE: uncommitted changes have been saved in /var/db/config/juniper.conf.pre-install
Installing the bootstrap installer ...

WARNING:     A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
WARNING:     'request system reboot' command when software installation is
WARNING:     complete. To abort the installation, do not reboot your system,
WARNING:     instead use the 'request system software delete jinstall'
WARNING:     command as soon as this operation completes.

Saving package file in /var/sw/pkg/jinstall-8.3R2.8-domestic-signed.tgz ...
Saving state for rollback ...
Removing /var/tmp/jinstall-8.3R2.8-domestic-signed.tgz

The ”’validate”’ option checks that the new software is compatible with your current router configuration file. When you are updating to a different release of the JUNOS software, the validation check is performed automatically. The ”’unlink”’ option removes the software package from the router as soon as possible to make more room on the hard disk for the installation to complete.
One error that came up was :
Setting isupgrade=jboot-8.3R2.8.tgz

All together now...Somebody please give me some more memory!
List of Memory hogs ....
        cp size 49
        newfs size 20407

Junos requires a minimum of 198MB RAM to run…after an upgrade. After that 48-64 Ram is enough.
]]>
			http://www.x83.net/install-upgrade-a-different-juniper-release/feed/
		0
		
		
		
		http://www.x83.net/juniper-mpls-howto/
		http://www.x83.net/juniper-mpls-howto/#comments
		Fri, 12 Jun 2009 03:59:02 +0000
		Giany
				
		
		
		
		
		
		
		

		http://www.x83.net/blog/?p=78
		
			Interface activation

The MPLS family requires to be activated on all the interfaces using MPLS traffic. Enter the [edit interfaces] mode to start configuring MPLS.
user@juniper> edit
user@juniper# edit interfaces

[edit interfaces]
user@juniper# set ge-0/0/0 unit 0 family mpls

[edit interfaces]
user@juniper# set fe-0/0/1 unit 0 family mpls

[edit interfaces]
user@juniper# show
fe-0/0/1 {
unit 0 {
family inet {
address 192.168.0.1/24;
}
family mpls;
}
}
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
family mpls;
}
}

[edit interfaces]
user@juniper# top

[edit]
Protocol activation
Before MPLS can be implented in your network it must be explicitly be enabled under the [edit protocols] section.
[edit]
user@juniper# edit protocols

[edit protocols]
user@juniper# set mpls interface all

[edit protocols]
user@juniper# show
mpls {
interfaces all;
}

[edit protocols]
user@juniper# commit

[edit]
Default labels
The example shows the default MPLS routing table. There are two labels, 0 and 1, created by JunOS. Label 0 is the IPv4 explicit NULL, and 1 is the router altert label.
[edit]
user@juniper# run show route table mpls.0

mpls.0: 2 destinations, 2 routers )2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0 *[MPLS/0] 00:05:12, metric 1
Receive
1 *[MPLS/1] 00:05:12, metric 1
Receive

[edit]
Static LSP (Labeled Switched Path) configuration
Unverified configuration example.

I have not verified this example. The extracts are generated by changing IP’s from a working setup. If somebody has a spare Juniper router; please verify the setup! If you plan to use this example on a production network read and study the [[MPLS]] protocol before attempting to configure the routers.
The folowing example will show a minimum configuration for a static LSP. We will create an [[MPLS]] connection between InterXion Paris and InterXion Brussels. Normall, an IGP (Interior Gateway Protocol) like OSPF (Open Shortest Path First) or IS-IS (Intermediate System-to-Intermediate System) would determine the path between Brussels and Paris. There is an label-switching router in Luxembourg to swap labels.
The first output shows Paris’ routing table prior to the configuration of a static LSP. Notice that the prefered path is the IGP (OSPF)
user@paris> show route 192.168.0.1

inet.0: 10 destinations, 10 routes (9 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.1/32 *[OSPF/10] 00:00:15, metric 20
> to 192.168.1.1 via fxp1.0
We will configure the static LSP from Paris through Luxembourg and reach the destination in Brussels. The example show the configuration used for Parix. In addition to adding the family mpls to all the required interfaces it’s needed to add the static-path attribute to the configuration. This inserts a static route into the routing table for the address 192.168.0.1/32. Label 50 will be pushed on the packed destinated for 192.168.0.1/32. when they leave the LSR (Label Switching Router) for the next-hop 192.168.1.1
[edit protocols mpls]
user@paris# set static-path inet 192.168.0.1 next-hop 192.168.1.1 push 50

[edit protocols mpls]
user@paris# show
static-path inet {
192.168.0.1/32 {
next-hop 192.168.1.1;
push 50;
}
interface all;
}
Since Luxembourg is a transit router, the only function it will serve is to swap the label. Label 50 is received from Parix and swapped with label 0, which will be sent to Brussels. When Brussels received the label 0 it will know to pop the label and route the packed like normal Ipv4 traffic.
[edit protocols mpls]
user@luxembourg# set interface ge-0/0/0 label-map 50 next-hop 192.168.3.1 swap 0

[edit protocols mpls]
user@luxembourg# show
interface all;
interface ge-0/0/0.0 {
label-map 50 {
next-hop 192.168.3.1;
swap 0;
}
}
We now have a fully working static LSP path. When we look at the route again, we shall see the new labeled path.
user@paris> show route 192.168.0.1

inet.0: 11 destinations, 11 routes (10 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.1/32 *[Static/5] 19:52:42
> to 192.168.1.1 via fxp1.0, Push 50
*[OSPF/10] 19:52:43, metric 20
> to 192.168.1.1 via fxp1.0
References:
Wikipedia: http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
]]>
			http://www.x83.net/juniper-mpls-howto/feed/
		0