NETWORK FUN-TIMES

Firewall filters in Junos let you do far more than just filter traffic. They’re really powerful! And, despite their length, you can create them very quickly and easily. Let me show you how!

Networking devices like Junos will cut off your CLI input if you type too much. But did you know there’s an easy fix? Let me show you.

There’s three types of route distinguisher – and one of them unlocks some seriously useful advantages. If you don’t know how to use route distinguishers for load balancing inside an MPLS VPN, then this post is for you. Junos config, but vendor-neutral theory. Give it a read!

It’s the fifth and final part of our lessons on IS-IS! You’re now ready to learn how to troubleshoot and verify everything you’ve done so far. You’re really close to the finish line, so don’t give up!

Is this title clickbait? I don’t think so – because once upon a time, I did exactly the same thing, and it cost me a job! Well, don’t worry: I’m here to help you avoid making the same mistake. Click here to find out my wild story, and how you can bring some commendable precision to your conversations about networking.

It’s time to learn how to configure MPLS segment routing in Junos! In this second part of my ongoing series I show you how easy it is to use SR as a replacement for LDP. The config is easy, and you’ll be itching to do it by the time you read this post.

Every year, more folks are talking abouts segment routing for MPLS. Want to know what the fuss is about? Start here! This post gives you the high-points of some of the most important parts of the theory. Node SIDs, Adjacency SIDs, traffic-engineered LSPs, shortest path LSPs, and more are covered here. Read it and level up!

Struggling to read Junos Class-of-Service config? This post is for you: it shows you where to start, what order to read each piece in, and what to look for. After this you’ll have no problem working out exactly what’s going on!

If you’re a newcomer to networking, chances are you’re struggling to get your head around subnet masks. Well don’t worry: your goth uncle is here to explain how it all works. CCNA and JNCIA/JNCIS students, click here for some cool new knowledge!

The fourth part in this intro to IS-IS series tackles areas, and how they’re different to levels. A lot of new students confuse them, and a lot of documentation gets it wrong too! This post clears everything up for you, and will make you super confident. You’ll also learn about IS-IS default routes, and route leaking from L2 to L1. Give it a click!

A lot of websites tell you that the private AS range is 64512 to 65535. However, this isn’t quite correct – and the reason is really interesting. Click here to go on a BGP journey with me!

Some ISPs like to remove point-to-point prefixes from IS-IS. This keeps their routing tables small and easier to read. But how does it work? Doesn’t this break things? What are the trade-offs? This post shows you how to configure this solution, and the things you’ll want to consider if you deploy it. It’s super-cool, and you’ll definitely enjoy seeing the mechanics in action!

Junos is packed full of CLI time-savers that you might not know about. Copying config, renaming, hiding, and saving config – there’s plenty you can do with one single command, when you know how. Give this post a read to find out how to turn your job from a chore into a joy!

I bet you’ve looked at SNMP Objects like 1.3.6.1.2.1.2.2.1.7 and wondered what on earth it means. Well, let me satisfy your curiosity: by the end of this post you’ll learn how to find SNMP objects to monitor anything you can think of, and you’ll even learn how to know what this number means by sight!

In this post we show how to configure RSVP in Junos – and then we roll up our sleeves to look at some packet captures of the PATH and RESV messages on the wire. There’s some mighty fine learning in this post!

I recently received an email from someone asking if I knew a good complete beginners guide to MPLS. Their mail inspired me, so I wrote one for them – and now, I’m sharing it with you! If you’ve always wanted to know what MPLS is, click here to fulfill your deepest dreams.

Pseudowires are easy on the surface – but dig a bit deeper, and there’s some interesting complexity. Click here to learn the details about BGP-signalled L2VPNs!

Container LSPs let us automatically create MPLS LSPs when we need them, and tear them down when we don’t. We can automate load-balancing, and keep the state in our network to a minimum. It’s really nice! Click here to read all about them, in the third and final part of this series on MPLS bandwidth, and automating our network to get the most out of it.

Setting RSVP bandwidth reservations automatically is very prone to error. Luckily, there’s a better way: we can automate the whole thing using the Junos auto-bandwidth command. Let’s take a look at some cool new Juniper config!

RSVP lets us create LSPs that reserve bandwidth in advance. And that’s exactly what this three-part blog post series is all about! In this first post we’re going to learn how we combine bandwidth and priorities to get the most out of the bandwidth in our network. Click here for good times!

If you’re an ISP running Juniper, it’s essential that you allow MPLS Self-Ping. If you don’t… weird things happen. Click to find out more!

BFD is a protocol that gives all your other protocols sub-second failure detection times. Very useful! This blog post uses Junos config, but the explanation is multi-vendor. Give it a read!

The independent-domain command is a little-known but big-useful command. Let’s see how we can use it in Junos to tunnel localpref info from one VPN customer site to another!

If you leave IS-IS to its default config, you could cause something big to impact your network! And chances are, even if you think you know what that impact is, you might not have worked out the whole story. Click here to read the lesson I learned in my lab!

In Part 3 of this, we see how Junos takes saving configurations to the next level, and gives us HUGE power. Checking our work, rolling back to older configs, automatically rolling back to fix problem – we can do so much with Junos. Let’s find out how!

In this post we use both Cisco IOS and Juniper Junos config to see the difference between route-distinguishers and route-targets in MPLS VPNs. Why do we need both of them? Click here to find out!

In Part 2 of this series we look at how you make configuration changes in Junos – and how you can very easily scrap your changes without doing any damage o your network. Very clean!

This post assumes ZERO Python knowledge on your part! You don’t even need Junos knowledge: I’ll do my best to make this useful for folks of ALL skill levels. If you’ve ever wanted to learn Python, but never knew where to start… read on!

In this first part of my new series, I explain why a Junos config looks the way it does. What’s wth the curly brackets and the spacing? Click to find out!

Are you an IOS engineer? Are you confused as heck about how Junos works? Then you’ve come to the right place. Welcome to this introductory post on Junos For IOS Engineers!

Today we’re looking at what advantages IGMPv3 brings to the table! Give this a read to see packet captures and full config for the whole topology.

If you’re thinking about taking Juniper’s excellent Professional Enterprise exam, give this post a read – I’ve hooked you up with a ton of useful links to help you to succeed!

IGMP is a really simple protocol – but if you want to be an expert, you’ll want to know what’s happening at a packet level. That’s why in this post we have lots of fun with packet captures. If you’re studying for JNCIP or even JNCIE, you won’t want to miss this post!

This is the first in my new series of posts about multicast! In later posts we’ll focus on Junos configuration. But first, let’s get nice and comfortable with the theory. Click here to learn all about it!

It’s official: as of November 2019, I am now JNCIE-SP #2981. And I have the socks to prove it. Click to find out what exam day was like, and whether I think you should take the exam yourself.

Oh boy, studying for networking can be overwhelming! There’s so much to learn, and so little time. If you feel that way, hopefully some of the tips in this post will help you to study smart, not hard.

Hey there: this is part 3 in my series on hub-and-spoke MPLS VPNs! In this post we see the dangers of commands like as-override and independent-domain – and then, we see how to fix the problems they cause. Strap in!

There’s a few different ways of configuring a hub-and-spoke MPLS VPN. In this blog post we learn all about the “one interface” approach. Whether you’re an architect or a student of the JNCIE, you’ll want to know this one inside out!

Hub-and-Spoke VPNs work a little differently than your regular full-mesh MPLS VPN. Want to learn the extra config required for this unique topology? Then click this post for some good learning!

Routing policy in Junos can be a little confusing for beginners – but when it clicks, you’ll see that you can do some truly powerful stuff! Give this post a read to learn all about it!

In this third and final post on Interprovider Option C, we replace LDP with RSVP. Plus, we see the impact of putting BGP-LU in Juniper’s inet.0 table. Put your science hat on, and click here!

In Part 2 of this series we take a look at the label stack in Interprovider Option C. Plus, we look at the use case, and compare it to Option B. Plus: win a trillion pounds! (Not true)

The first in a three-part series explaining Interprovider Option C on Juniper routers! In this post: what is it, and how is it configured? Click here to obtain that 420-69 IQ you’ve always dreamed of.

Traceroute seems such an obvious tool. Who would ever have thought there were so many gotchas? Give this post a read to learn a new one you probably didn’t know!

BGP Labeled-Unicast is the key to making Interprovider Option C work. So, before we learn how to use Option C to extend an MPLS VPn between two ISPs, let’s learn all about this interesting address family. And if you like, we can even hold hands while we learn!

Let’s learn how to stretch an MPLS VPN between ISPs using a thing called “Option B”. It involves a little bit of trust between the ISPs – but as we’ll see, it greatly reduces the complexity in configuration!

Ever wondered whether it’s possible to stretch an MPLS VPN across two ISPs? Well, indeed it is! In fact, there’s three ways to do it, and in this post we learn all about the method officially known as “Option A”.

Hey there: you smell good! That’s probably because you just read Part 1 of this two-part blog post, where we learned all about BGP communities, and how route-targets are used in MPLS VPNs. Well, now you know the theory, let’s look at a problem ticket. Click here to read Part 2!

I fixed a ticket recently that I wanted to share with you, because it hits on three big topics at once: BGP communities, MPLS VPNs, and Junos routing policy. In this first of two posts, we’re going to learn about the theory. Click here to read all about BGP communities!

(DISCLAIMER: This blog post was written at the end of 2018, and was accurate to the JNCIA-Cloud syllabus at the

If you’re thinking about taking Juniper’s excellent Service Provider exam, give this a read – I’ve hooked you up with a ton of useful links!

Regular readers of this blog probably see me as an extremely clever, flawless hunk who knows a lot, never makes mistakes, and is traditionally handsome but with a modern style. And of course, you’re not wrong. Except, here’s the twist: you’re dead wrong.

This is a post about the different ways, and reasons why, we might move prefixes between the inet.3 and inet.0 tables on a Juniper router. You know: like George Clooney does in his spare time. Probably. Don’t look that up.

In this first of a two-part post, I’m going to take you on a magical journey. And by “take you on a magical journey” I mean “teach you what the inet.3 table does on a Juniper router.” Which is basically the same thing as a magical journey, right?

Network engineers often find they need a way to test something, and then take some action if that test fails. Well, you can do these tests oh-so-easily in Junos with a thing called Real-Time Performance Monitoring. RPM is what “other vendors” might call IP SLA. How do they work? Good question, Andrew! Let’s find out.

Imagine a user who says they’re only able to access even-numbered IPs in a destination subnet. “Help!”, they say. “I can’t leave the office until this is fixed, and I need to leave now because my seven large sons require their tri-daily feed of protein shakes. They will whither and die unless I nourish them immediately. The fate of my powerful sons is in your hands, and yours alone.” This exact problem came in to us recently. Well, apart from the bit about the large sons.

It’s the third part in our series on IS-IS! In this post you’re going to learn about interface types, broadcast interfaces, metrics, and the OSPF equivalent of the designated router – the “designated intermediate system”, or DIS. It’s way more efficient than how OSPF does it. I think you’re gonna enjoy this one!

In Part 2 of my ongoing series on IS-IS, we take a look at some real nice packet captures. You’re going to learn how hello and LSP messages work, how adjacencies work, and we even explore our feelings together, so that we can finally find inner-peace with ourselves. Great!!!

Here’s the first post in my five-part guide to IS-IS. Wow, what a Christmas treat! In this first post we compare IS-IS to OSPF; we’ll talk about Level 1 and Level 2; we’ll explain the unique addressing system; we’ll look at a basic config, and we’ll talk about why Googling for IS-IS is very different from Googling for ISIS.

In the 90s, the big fashion was Tamagotchis. In 2017 it was fidget spinners. And of course, in 2018 there’s only one trend on everyone’s lips: route summarisation. In Junos there’s three ways to summarise routes. Want to know what they are? Well gosh damn, you’ve come to the right place!

Want to learn how to configure Chassis Cluster, which lets you configure high-availability failover on Juniper firewalls? Good luck with the official documentation – it weighs in at precisely 638 pages long. 638 pages! That’s the length of two good books! Or one badly edited one. Anyway, this article is my attempt at boiling those 638 pages down into something a bit more manageable. You can thank me by emailing me £700,000.

Once you’ve read my guide to the new link-state advertisement types in OSPFv3, give this post a read, where we take a deep-deep into the OSPFv3 database. Put your topology hat on: we’re going exploring.

When I first heard that OSPFv3 introduced even more link-state advertisement (LSA) types, I despaired. As if the original seven didn’t take us long enough to memorise! Then I actually learned what they do – and honestly, it’s hard to imagine why we ever did it any differently. Let’s learn about them together!

Big-ups to the designers of OSPF for giving very similar names to two totally different things. In this post, we clarify the difference between stub areas and stub networks.

When you’re first getting to grips with your router’s OSPF database, you might see mention of something called a “stub network”. And let me tell you: never before have I seen a phrase so clumsily defined. Let’s take a look, and find out what a stub network actually is.

Stub areas are a very easy concept to understand, but it comes with a ton of specific jargon that can make it super-daunting. So, in this post I’ll take time to explain these concepts, and to define just enough jargon to make you feel like you’re part of the elite. We’ll take it slow, like new lovers, or someone cooking an expensive turkey.

Do you know the difference between a stateful rule and a stateless rule? No? Well, you’d better click this post then!

If you’re brand new to creating access lists, firewall rules, or security policies, you might wonder how the order of your rules can make a difference. In fact, they can make a BIG difference! This post shows you exactly why – and how to potentially avoid an outage.