November 2017 – Research and Education Network for Uganda

Traffic Analysis is a critical component in network planning, security and troubleshooting. For you to perform traffic analysis, you need to collect network traffic flows from the different aggregation points in your network such as routers and switches.

In Juniper, they take advantage of ‘sampling’ packets and frames going through a switch or router. The sampled flows can used by third party applications such as nfsen and ntop.

This configuration solution was done on a Juniper Mx 5 Router using ipfix .

Create a sampling instance at the chassis level in this case it was named ‘1to1’
set chassis tfeb slot 0 sampling-instance 1to1

Place the flow table size at the chassis level on tfeb for both IPv4 and IPv6
set chassis tfeb slot 0 inline-services flow-table-size ipv4-flow-table-size 5
set chassis tfeb slot 0 inline-services flow-table-size ipv6-flow-table-size 5

Continue reading “Traffic Flow Sampling in Juniper Mx-5 and Mx-480 Routers IPv4 and IPv6” →

In networks where end-users determine the vlan-id’s to be ran across your backbone network with a possibility that these vlans-id’s will clash, Q-in-Q vlan translation is the solution for you.

Q-in-Q vlan translation allows you bundle end-user vlans into a single vlan giving you the power to determine what vlan-id to use without requesting the end-users to change their vlan-id schemes.

With Q-in-Q vlan translation, the end-user id’s are not critical and this is what makes it a very suitable solution for service providers.

This configuration solution was done on a Juniper Ex 2200 switch.

Set the switch to be aware of the Q-in-Q vlan translation
set ethernet-switching-options dot1q-tunneling ether-type 0x8100

Set the Q-in-Q vlan translation vlan – Vlan ID ‘1049’ named ‘qinqvlan’
set vlans qinqvlan vlan-id 1049

Attach the enduser interface and backbone facing interface to the Q-in-Q vlan translation vlan
set vlans qinqvlan interface ge-0/1/0.0
set vlans qinqvlan interface ge-0/0/22.0

Attach the end-user vlan in this case ‘187’ to the Q-in-Q vlan translation vlan definition
set vlans qinqvlan dot1q-tunneling customer-vlans 187

On the interface ge-0/0/22 facing the end-user, run the command push on input and pop on output.
set interfaces ge-0/0/22 unit 0 input-vlan-map push
set interfaces ge-0/0/22 unit 0 output-vlan-map pop

Make the interface ge-0/0/22 facing the end-user an access port. This is key for the Q-in-Q vlan translation solution to identify the end-user facing interface.
set interfaces ge-0/0/22 unit 0 family ethernet-switching port-mode access

Attach the Q-in-Q vlan translation vlan.
set interfaces ge-0/0/22 unit 0 family ethernet-switching vlan members 1049

Make the interface ge-0/1/0 facing the network backbone a trunk port. This is key for the Q-in-Q vlan translation solution to identify the backbone facing interface.
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk
Attach the Q-in-Q vlan translation vlan.
set interfaces ge-0/1/0 unit 0 family ethernet-switching vlan members 1049

Month: November 2017

Traffic Flow Sampling in Juniper Mx-5 and Mx-480 Routers IPv4 and IPv6

Q-in-Q Vlan Translation for Juniper