Using Ansible to deploy Juniper configurations

Ansible_plus_Juniper
Automation is a growing technology in enterprise IT departments.  The ability to automate hundreds of steps for developing, building, deploying, and scaling applications and servers is a huge win for many of our fellow engineers.  Both DevOps and SysOps are loving the new power that it brings.  But, what about NetOps?  Is there any love there?  Well, there is now, thanks to a few developers at Juniper Networks, Ansible, and others. In this video, I will show you how to deploy a configuration to Junos devices using Ansible.  The configuration is just a simple single-line configuration, but I...
More

Using Python for Juniper on a Mac

stock_175px-juniper-networks
Juniper Networks has developed a python library to manage their devices.  The library is called "junos-eznc" hosted at GitHub.  This library is meant to be able to handle commands programmatically that you would usually do at a CLI.  In order to use it, you will need to also install "ncclient" which implements NETCONF in python.  The easiest way to install is to use PIP. MacPro:~ aaronpaxson$  sudo pip install ncclient MacPro:~ aaronpaxson$  sudo pip install junos-eznc If you receive an error regarding "error: 'cc' failed with exit status 1", this is because you don't have the C compiler in...
More

Starting Juniper Certs? There’s an app for that!

Junos-Genius-Icon
For those starting on your Juniper journey into certifications, Juniper Networks has created a fantastic app for your Apple Devices to help you prepare for your entry-level exams.  But, you droid users out there aren't left out.  Called "JUNOS GENIUS", this app helps you determine if you are ready for entry-level exams.  JNCIA is the base exam that all other certifications require, building on concepts and foundations of the Junos Operating System.  Building up from that, are the "Specialist" exams.  In Cisco parlance, they would be the equivalent to the CCNA certifications. Juniper release...
More

DNS Doctoring

DNS-Icon
DNS Doctoring is a very useful tool, if your firewall supports it.  It does pretty much what the title says, it "doctors" the responses of DNS.  I use it alot in my existing infrastructure using my Cisco ASA firewalls.  Recently, we are migrating away from Cisco ASA, and I needed to know how to preform DNS Doctoring on Juniper SRX's.  Google to the rescue. While Juniper does an 'ok' job documenting this, in my searches, I ran across this blog post from Bart Jansens, where he gave his opinions about DNS Doctoring on a Juniper SRX.  The author made this comment, which I do not necessarily agr...
More

Juniper 2200EX-C Fanless switch

stock_175px-juniper-networks
A few weeks ago, we had a small project to get a remote desk location setup.  This location is 1000' from the nearest IDF, so we had to come up with a new demarc.  Since only 2 computers will be running here, there was not a need for an expensive cabinet with high-density switch.  Instead, I decided to just run fiber to a smaller switch.  So, I purchased the Juniper 2200EX-C 16-port PoE fanless switch. Once you take it out of the box, the first thing you'll notice is the weight.  For something so small, you'll be surprised how much weight it has.  Once you pull it out of the anti-static ba...
More

Custom Functions for HP IMC

One of the best features of HP's Intelligent Management Center is not that it's modular and can do so many different things.  It's not that it's scalable, and can handle tens of thousands of managed devices.  It's not even it's alarming and event system.  No, the best feature of HP's IMC, is that you can do things that it wasn't programmed to do. Take this use case for example.  As a network administrator, you are constantly being blamed for poor access into the network.  After drinking 3 cups of coffee and reviewing everything at your desk, you see nothing wrong. ...
More

Juniper Gear – Got some work to do

Juniper gear just arrived last week.  I know, I know... many of you are saying, "so what?" or "Big deal".  You might even say, "I setup and eat QFabric for breakfast".  I say, "good for you".  But for guys like me who are still learning Juniper, it's an exciting time.  Baby steps, and all. So, that's 5 Juniper 2200's.  Upgrading some wiring closets from old Cisco gear and building a better topology and speeds.  There are also 3 SRX's that will be replacing Cisco ASA's.  Well, 2 clustered, and one in a lab.   If you have been following my bl...
More

Configure Juniper SFlow for HP IMC

I’ve been really interested and excited with what HP has done with the IMC (Intelligent Management Center) over the last couple of years. I’m sure it was a great product before then, but I’ve only been following it for the last 2. This month, HP released IMC version 5.1, which has alot of new features that I wanted to check out, including 802.1x auditing. After I installed the demo version, I decided, to export some Juniper SFlow to the Network Traffic Analyzer (NTA). Not a new feature, but, c’mon, how cool is flow data? First and foremost, gotta get the device added to IMC. Now that the...
More

Is Cisco Losing in Switching/Routing?

I'll start off by saying, I'm not an analyst.  I'm not going to quote or link you to analytical articles or mention Gartner's Quadrants (oh crap, I just did!).  What I am going to write about, is my personal opinions on where Cisco is going with their data networking in the enterprise, and why.  I do make many generalizations in this post, so please comment on your thoughts. First off, 4 years ago, Cisco was number 1 in any kind of enterprise switching and routing market (for the most part).  Even though there were other vendors in the industry, you boug...
More

How I use Juniper 4200 for Servers

I love my Juniper switches.  I've been using Cisco for years, but the Junos system just rocks.  Add to that, their Virtual Chassis system, and I've been very pleased on the results.  I wanted to put together a quick post on how I use the 4200's in a server environment.  See the image for reference:   Basically, because each switch is connected via "Virtual Chassis", they operate as a single switch.  So, for each of my VMWare hosts, or physical servers, I build a link aggregation (some call it teaming, etherchannel, or 802.3ad) to different switches.  Beca...
More