This article is part of a bigger document that I wrote for myself with notes about Cisco ACI, Openshift, HP Synergy, 3PAR integration and contains the part I found most challenging considering I learned it from 0 in a rather constraining time interval and with some pressure.

As such I felt the need to document it and do a sort of braindump in order to avoid reinventing the wheel in the future in case I start forgetting.

Continue reading

You know those moments when you need to connect to a corporate VPN and all the steps and clicks are just getting terribly annoying?
Well I went through the same phase and decided to write something to make my life a tad easier.

Setup:

  • Cisco Anyconnect
  • After clicking on Connect you get a username and password prompt
  • Password is the token generate inside MobilePASS app (that runs on the Mac and not on the phone:) )
  • MobilePASS app has a token registered inside of it and synced with your employer called generically “My Token”

As this is rather a draft version nothing will block the user from interfering.
As such, if you want it to work successfully then please do not click around or do any action while the script is running in order to not change the focus of the window where it is doing its magic.

Continue reading

I’ll keep this one simple and put here two schemas that I found on the Internet for the concept of redo and undo logs in Oracle.
I don’t know about other people but I work must easier with schemas and a few words rather than 100 pages long documents filled with just text.

Continue reading

What this is?
Pretty simple…Juniper started off automating stuff via SLAX, something that did not get too much traction and then Python took the lead in front of it.
It is an XML/Xpath based language and for simple things you can find it pretty useful and not so complicated to learn.
What the script below does is effectively enabling a MIC upon its insertion into an MX5.
Previously someone from operations would have to go manually on the device and enable it.

Continue reading

Scapy - examples / usage

A customer asked me at some point if we could evaluate how the CoPP DDOS automated filters on a Juniper MX are triggered and how fast they respond to different types of packets.
As such I needed to craft custom traffic. I was not very good at coming up with it for Ostinato or Spirent so I used Scapy to craft the packet.
Afterward I took the packet hexdump and input it into Spirent / Ostinato as what the streams from there should generate (that hexdump has indeed all data needed, source/dst addresses included which meant of course that it needs to match what Spirent thinks it has on the interface facing the Juniper device).

Examples of generated packets:

  • OSPFv3 IPSEC Encrypted Packets
  • BGP Open Packet
  • BGP IPv6 Open Packet
  • IPSEC ESP Packet
  • BGP Update Packet
  • ICMP Echo Request
  • BFD echo



Continue reading

A current customer test desired to see how well the AVI Load Balancer scales and as such they used Ixia BreakingPoint to determine the behavior.
The point was to see when exactly the AVI Controller tells Openstack to spawn a new Instance of an AVI SE (Avi Load Balancer VM that holds a VIP and pool members reachable behind it) and how this process goes.

Following setups were tested:

  • AVI LB VMs doing BGP (BGPaaS) with the Contrail vRouter and announcing VIPs
  • AVI Controller being configured to spawn AVI SEs / LB VMs but using the inbuilt ECMP/AAP features of Contrail (yes, if you are asking yourselves, the VIP does not have to be from the same subnet as the AVI LB directly connected one to the vRouter)
  • AVI LB VMs doing BGP Multihop with the SDN GW inside a VRF (this means that the SDN GW learns the prefixes and reuses the same LSP/label for transport/VPN as it already has for the directly connected IP of the AVI LB VM that originated the prefix)



Continue reading

Have you ever found yourself in a strange situation where:

  • you had a Juniper device with a factory default JunOS
  • it came with no-export version -> just telnet available, no SSH
  • you have the fxp0 or em0 interface configured for remote access
  • you do not have the device next to you and need to upgrade its software so that you can finally have full functionality and SSH?

Let’s say that with a big of creativity you can always find a way in.
Here we go:

Continue reading

Author's picture

Mihai Tanasescu

Network, Security, Servers, Openstack, Openshift. If there’s anything new and cool, then I like to learn about it. I’m also a fan of deep diving under the hood of a product to see what makes it tick, what leftovers from programming make it break and how it does its stuff.

SE @ Cisco

Switzerland