Disable IPv6 Router-Advertisements on Windows Server 2012 / 2016

Lately I did a huge amount of IPv6-Setups and I noticed something in the vCenter: All the Boxes with static IP’s still had 2 IPv6-Adresses (one static and one per RA-Feature).

Since I didn’t want them to use the address that they got from the RA and disabling RA at the Router was not an option I googled a bit and found this:

Tadaa – only my static IP is left 😉
Maybe this does not impact anything – but still it feels wrong to me that a static IPv6 Host gains a second address from the same subnet…

Maybe this will help you on your way to IPv6 – if so please leave a comment

On Linux you would simply put this into your /etc/sysconfig/network (for RHEL/CentOS):

 

 

 

 

vSRX D120 is out – and runs fine on EVE

The new vSRX15.1X49-D120 is out and of course I already spinned it up with EVE 😉

What should I say – it runs just fine – just like D100 and D110.
The D120 brings 2 new Features:

+ Support for applying IEEE802.1 rewrite rules to inner and outer VLAN tags [QoS]

+ Packet size configuration for IPsec datapath verification [VPN]

Many People asked me if it is ok to run vSRX on EVE on Virtualbox on Linux on Bare-Metal.
I personally think this is a bad idea, because every Layer you add, will impact your Performance significantly.
I recommend EVE-Bare (EVE on Bare-Metal) if you really want to run big Labs.
But be careful – some Servers (like the HP-Ones) need a special treatment regarding the network interfaces.
You can find more Infos in the EVE-Forums.

JunOS Service restart via cronjob

Some days ago we had trouble on one of our QFXes where the jdhcpd deamon would consume 100% CPU and “crash” – resulting in users not getting IP’s anymore.
While TAC is still investigating, I made a quick Workaround for this – the DHCP-Sheriff 😉

 

This Script restarts the Service if the load of the Service is above 1% (adjustable) – this can be easily adopted to other services and thresholds.

1.) Login as root and in shell type: vi /var/tmp/dhcp-sheriff.sh

2.) Press “i” and paste the above lines, followed by “[Esc-Button]”. Save and Quit with :wq

3.)
chmod +x /var/tmp/dhcp-sheriff.sh

4.)
crontab -e
0 */8 * * * sh /var/tmp/dhcp-sheriff.sh (executes it every 8h)

5.)

crontab -l
0 */8 * * * sh /var/tmp/dhcp-sheriff.sh

6.) in cli check after job has finished to run via show log dhcp-sheriff.log

 

Feel free to use this to your advantage – hopefully this will be a workaround for you in urgent-times until a fix is released.
This is only a workaround – do not use this in production for a long time / use at your own risk.

Running vQFX 15.1X53-D63 on EVE (KVM)

The KVM version of the latest vQFX routing engine VM (vqfx10k-re-15_X53-D63) seems to be broken. If you try to run it, it will crash with a kernel9 panic and will never boot up completely.
However you can “cheat your way around this”:

1.) Simply download the Vagrant .box file of the D63 RE.
2.) Extract the .box File with 7zip – you will extract a file with no extension.
3.) Extract this file again and “magically” a file called packer-virtualbox-ovf-1491593710-disk001.vmdk will appear.
4.) Upload this to eve, convert it to hda.qcow2, fix permissions and run it – voila: D63 on EVE.

 

PFE is the same (no D63 Version available, since the PFE is not tied to a Software Version).

It’s always a good idea to dig around the provided Files from Juniper once something breaks 😉

Download the Files here: http://www.juniper.net/support/downloads/?p=vqfxeval#sw

EVE-NG and the vQFX

Just wanted to give you a short update regarding my attempt to run the vQFX on the latest eve-ng.

Here is how I managed to run it:

1.) Connect to your eve-ng server via ssh and create 2 folders according to the eve-ng naming scheme (important or your vQFX will not be recognized!)

2.) Copy your vmdk-images to the eve-ng server via scp or sftp (I used /tmp as directory)

3.) Convert your harddisks:

4.) Run the script to fix your file-permissions:

5.) Go to your eve-ng webinterface and create 2 nodes inside your lab.
Leave the settings like CPU and RAM at the default.

6.) Enjoy your vQFX 10k on eve-ng 🙂

JunOS ZTP with Windows DHCP Server (SLAX-Method)

Recently I’m working on some SLAX-Scripting due to a Customer-Project.
I really start to like SLAX, since it can gather a lot of your Switches Data on the Device itself.

I am writing a quick How-to for using SLAX to automate your ZTP with the Windows DHCP-Server.
Most Customers use Linux DHCP-Server since you can specify Options and “Configs” for every IP / Device.
With the SLAX-Method you no longer need to configure your DHCP-Server once a new Device comes up – you just have to provide the config and that’s it – highly dynamic, highly hardened, highly customizable – stay tuned for more Infos.