Configuration Archives — Page 3 of 7

BGP Multipath load-sharing in Cisco!

Some years ago I was consulting a project and there the team faced an issue with load-sharing the outbound traffic towards different eBGP neighbors from different ASs. They reached out to me and it took me some times to find the solution. Suddenly I was skimming through my documents and saw that, so I’m gonna share it here too.

When implementing BGP in a Cisco environment, you may want to load-share the outgoing traffic between multiple next-hops which you have. The first command which probably you are thinking of is maximum-path 4 to use 4 different paths.

Yeah, that’s somehow true, but it requires the following attributes to match:

weight
local preference
AS path
origin code
MED,
IGP metric.

And for sure, the next-hop address for each path must also be different in order for that path to be considered. (imagine when multi-homing to the same router)

The point here is that, the router should receive the routes from the same AS.

So, what if we wanna load-share between different eBGP neighbors from different ASs?

Now we are delighted with an undocumented (unsupported) Cisco command:

csr1000v(config-router)#bgp bestpath as-path multipath-relax

Share this!

Aggregated Ethernet not showing up in JunOS!

In case you have configured an Aggregated-Ethernet (ae) interface on your juniper device, and it doesn’t show up in show interface and show lacp interfaces, then you should take a look at the following:

moghaddas@ex4500> show configuration chassis aggregated-devices ethernet device-count device-count 9;

Share this!

HowTo : (Linux) Keep SSH session alive and run scripts on login/logout

Some task which I always do when owning a private Linux machine (Debian, bash).

Keeping SSH session open:
With the setting below, my SSH client will send a keepalive to the SSH server every 30 seconds to keep the session up, and prevent session time-out

mmoghaddas@debian:~$ egrep 'Host|Alive' /etc/ssh/ssh_config
Host *
ServerAliveInterval 30

Obviously you can also set similar settings on SSH server:

moghaddas@debian:~$ egrep Alive /etc/ssh/sshd_config 
ClientAliveInterval 60
ClientAliveCountMax 0
TCPKeepAlive yes

Run scripts immediately on login:
Just create a script and put inside /etc/profile.d/SCRIPT.sh

Run scripts immediately on logout:
Easily by adding everything in .bash_logout For example creating different scripts, and referencing them inside this file.

Run scripts on session timeout:
Well, this is actually not 100% on timeout, but when a session times out and then someone logs in. You can create a script, then tail the auth.log (if available) and awk for Timeout, then run the script:

moghaddas@debian:~$ cat /etc/profile.d/
bash_completion.sh SCRIPT.sh
moghaddas@debian:~$ cat /etc/profile.d/SCRIPT.sh
tail /var/log/auth.log | awk '/Timeout, client not responding/ { system("sh TIMEOUT.sh") }'

Share this!

Script to generate reverse DNS records

Pretty simple script to generate reverse DNS records

for i in `seq 1 255`; do  echo "$i.192.168.46.in-addr.arpa. 600    IN      PTR     ip46-168-192-$i.moghaddas.com." ; done

Share this!

Renaming security policies on JunOS

Be careful while renaming a security policy on JunOS, since it will close the current session.

Unfortunately, what JunOS does, is removing the old-named policy and adds a new one.

I tried also with adding a new policy, inserting it before the old one, commit, then removing the old one and commit. But again interruption, which logically makes sense.

Test environment: JunOS 12.1X44-D35.5 on a SRX240h

UPDATE:
I tried on vsrx firefly-perimeter with JunOS 12.1X47-D20.7 and faced no drop!

Share this!