networking n stuff

Friday, November 10, 2017

IPv6 Free Core: Configuring IPv6 Labeled Unicast on Juniper MX

Here's just a short note on IPv6 Labeled Unicast - an elegant solution to the case where you need to connect two IPv6 sites through your IPv4-only network. (The other option would, of course, be to enable IPv6 on all of your core routers, which is not always convenient).
So here I'm going to show you the minimal configuration to get this lab up and running, a trick that would make the configuration more optimal and elegant (why would you need "explicit-null"?), and take a quick look on what's going on behind the scene.

That's what my topology looks like:

Saturday, October 14, 2017

Configuring CoA: Juniper MX + FreeRADIUS

Recently I had to configure CoA on Juniper and was surprised by how vague the coverage of this topic is. Juniper's Day One on CoA is not bad, however, in my opinion, sometimes it's focusing on unnecessary details while missing the important ones.

As you probably already know, CoA, or Change of Authorization allows you to modify subscribers sessions "on the flight", without having to disrupt the session. CoA is usually used together with some kind of billing software, so you can implement all kinds of things - for example, implement time-scheduled rate-limiting (imagine, for example, that you as ISP provide a tariff that allows unlimited speed at particular hours and lower speeds at all other time), or abrupting internet access as soon as there's no money left on client's account...and so on.

My topology is as simple as possible and looks like this:

Thursday, August 31, 2017

The Curious Case Of OSPF NSSA LSA on GRE Tunnel

Today I encountered a case which is really easy when you know what exactly to look for but seems puzzling at the first glance.

This is what our topology looks like:

We have two routers connecting two locations with OSPF configured on each. The primary connection is via GRE tunnel while backup connection is just a direct connection (say we have dark fiber or L2VPN between these locations). OSPF neighbor relations are established on both links.

Nodes exchange routes between each other and everything goes on just fine..until the primary connection goes down. Then some of the routes R2 sends to R1 are seen on R1 as connected via the backup link..and some are still seen as connected via tunnel interface, though OSPF neighbor is already considered dead on this link.

Sounds intriguing?