Juniper Routing Policy Examples

Match Neighbor IP

policy-options {
    policy-statement bgp-incoming {
        term from-customer-ACME {
            from neighbor 1.2.3.4;
            then reject;
        }
    }
}

Multiple Match Conditions

This policy will accept routes from a specific neighbor only if they are tagged with a specific community:

policy-options {
    policy-statement bgp-incoming {
        term from-customer-ACME-accept {
            from {
                neighbor 1.2.3.4;
                community A1com;
            }
            then {
                accept;
            }
        term from-customer-ACME-reject {
            from neighbor 1.2.3.4;
            then reject;
            }
        }
    }
}

Regular Expressions

  • RegExr an online tool to help you build regular expressions.
  • Regex Golf an online Regex Golf game to help you sharpen your regex-building skills.

Cannot set device IP in Zenoss

In Zenoss, there is a chance that you might get a failure to set or change the IP of a device in the web interface. This sometimes happens because that specific IP address is already assigned to one of the subinterfaces (typically a Vlan interface) of another device. In this case, you will just get an error that Zenoss Failed to set IP Address.

If you try to set or change the IP address from ZenDMD, then the error is a little bit more informative:

>>> Device = find('web-server.zindilis.net')
>>> Device.setManageIp('1.2.3.4')
2014-01-15 11:18:30 WARNING zen.Device The IP address 1.2.3.4 is already assigned
'The IP address 1.2.3.4 is already assigned'

The problem here is that you can't find an IP by searching for it in the web interface, if that IP is assigned to a subinterface. Enter ZenDMD! Here's how to search of a specific IP, in all the interfaces of all the devices:

>>> for Device in dmd.Devices.getSubDevices_recursive():
...      for Interface in Device.os.interfaces(): 
...           if Interface.getIpAddress() != None and Interface.getIpAddress().startswith('1.2.3.4'):
...                print Device.id, Interface.id, Interface.getIpAddress()

Running the above, will return a result similar to:

router-1.zindilis.net Fa0/1.900 1.2.3.4

This tells you the device on which that IP address exists, and the specific subinterface on which it is assigned to.

mysqldump

These are my favorite MySQL backup and restore one-liners.

Backup

To back up a database named stuff:

time mysqldump -u root -p stuff | gzip > stuff.sql.gz

This pipes the clear text output from mysqldump directly into gzip, and prints the duration of the operation in the end.

Restore

To restore the stuff database:

time gunzip -c stuff.sql.gz | pv | mysql -u root -p stuff

This decompresses the dump back in clear text, and feeds it to mysql through pv, which adds the perk of an indication of progress.

XMPP

Clients

  • Candy, a JavaScript-based multi-user chat client

Benchmarking the Apache Server

  • Using boom!, an Apache benchmarking tool written in Python.
  • Using boom, a rewrite of boom! in Go.
  • Using siege.

FTP and ftp

These are some notes on the FTP protocol, and on the ftp command line client.

Active Vs Passive Mode

Two network connection are required for FTP transfers. In active mode, the client initiates a connection to the server's port 21, and the server initiates a connection back to the client's port 21. This incoming connection (from the client's point of view) is often blocked by firewalls, and/or not available in LANs that are NATed. To overcome this problem, in passive mode, the client initiates both connections to the server.

In the ftp CLI utility, the default mode is active. You can switch between modes with the passive command:

[email protected] ~ $ ftp
ftp> open ftp.zindilis.net
Name (ftp.zindilis.net:marios): 
331 Please specify the password.
Password: 
ftp> passive
Passive mode on.
ftp> passive
Passive mode off.
ftp>

There is no active command, modes are toggled with passive.

ASCII Vs Binary Transfers

There are two transfer modes, ASCII and Binary. In ASCII, files are transferred as characters, some of which (like newlines) are converted to match the operating system of the client. This works well for text files, but is almost certain to corrupt any other type of file. In binary mode, files are transferred unaltered. This helps maintain the integrity of files, but increases the possibility of text files appearing broken when transferred between different operating systems.

In the ftp CLI utility, the commands ascii and binary switch transfer modes:

[email protected] ~ $ ftp
ftp> open ftp.zindilis.net
Name (ftp.zindilis.net:marios): 
331 Please specify the password.
Password:
ftp> ascii
200 Switching to ASCII mode.
ftp> binary
200 Switching to Binary mode.
ftp>

hostname (Cisco Command)

The hostname command defines the name of the device. This is the name displayed (among other places) in the command prompt, and in the CDP neighbors list of other devices.

Example:

cisco> enable
cisco# configure terminal
cisco(config)# hostname router-5
router-5(config)#

Juniper Equivalent

The Juniper equivalent of the hostname command is:

[email protected]# set system hostname <HOSTNAME>

See also

set system host-name (Juniper Command)

The set system host-name command defines the name of the device, as displayed (among other places) in the command prompt. For example:

[email protected]> configure
[email protected]# set system host-name router-4
[email protected]# commit
commit complete
[email protected]ter-4#

Cisco Equivalent

The Cisco equivalent of the set system host-name command is:

cisco# hostname router-5

See also

About

Hello, I'm Marios Zindilis and this is my website. Opinions are my own. You also find me on LinkedIn and GitHub.

Unless otherwise specified, content is licensed under CC0.

Search