The TechFest2018 (Berlin) is here

It’s finally my favourite time of the year – time for the Juniper TechFest 2018 (Juniper EMEA SE-Summit) #JNPRTECH2018
Make sure to grab your shirt and glasses at the registration (this year’s Shirt is light-blue).

Christian Scholz - Tech Fest 2018

Christian Scholz - Tech Fest 2018

Christian Scholz - Tech Fest 2018

There are so many things and interesting presentations to discover this year as you can imagine. I can’t wait until the speakers start.

My first surprise was getting a J-Coin this morning (thank you sooooooo much guys – especially Sue), that had nothing to do with the Tech-Fest itself – this was a coin for me 🙂 When I get back home I will post a picture of my J-Coin book, which I bought for my Coin-Collection 😉
Christian Scholz - Tech Fest 2018
I was so excited that I almost forgot my breakfast – almost 😛

First stop for me (after registration, which I already finished yesterday) was of course the certification room, where the Juniper Certification-Team thankfully prepared a quiet place for free written exams.

I know that I said this a couple of times, but this can’t be said enough:
Thank you for all doing this every year – it’s greatly appreciated.

This year I got some really nice PIN’s from the Team:

Christian Scholz - Tech Fest 2018

Christian Scholz - Tech Fest 2018

From JNCIA to JNCIS to JNCIP and now finally JNCIE – memories came back…
You should all stop by the examroom – not primary to collect your pins and badges but to get certified / re-certified.
Up to 3 exams are free for everybody – It’s best to pre-register them through pearsonvue (you should have got an email) to guarantee a seat – usually there are “rush times” with waiting periods around breakfast and lunch that you can easily avoid by registering your seat.

“Welcome Lunch” will start at 12.15, first presentation at 14.00 – the roomnames are shown on the big screens next to the registration.

In case you want to meet up, here’s my schedule for today:

Welcome Lunch, 12.15 till 13.45
Tungsten Fabric (Track 2), 14.00 – 15.30
Security – Strategy and Roadmap (Track 1), 16.30 – 18.00
Drink reception & Networking Dinner, 19.00 till 21.30

Also make sure to stop by the 2 “booth’s” this year to collect some bonus-presents 🙂

 

EDIT: Seems, that the Agenda is changing – make sure to stay up to date:
http://emea.juniper.net/EMEA_TECH_FEST_2018_Part-Agenda

 

How to deploy vMX with multiple RE’s and multiple FPC’s in EVE-NG (KVM)

As promised (little late but better late than never) I wanted to show you guys an amazing thing, that I recently saw myself at Twitter:
Deploying the vMX with Dual-RE and multiple Linecards (PFE’s) – awesome, right?

For this Setup I followed http://www.eve-ng.net/documentation/howto-s/109-howto-juniper-vmx-16-x-17-x but made slight modifications (added metadata files for each Device) so that both RE’s and all PFE’s would come up correct – it’s obviously not enough to just deploy multiple VM’s 😉

 

Inside your decompressed vMX-Bundle Folder you will find the following files (example for v18.1, click to enlarge):

 

Create folders for VCP-RE0 and VCP-RE1 and also for FPC-0 up to FPC-11 (I personally tried up to 5 due to lack of CPU)  and copy the files (see below example) into the right folders for every fpc and vcp:

 

Don’t forget to fix EVE’s permissions after you have created :
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

 

When adding nodes to your topology you need to select “RE-0″, RE-1” and your PFE’s – do not add RE0 or PFE0 multiple times – this will not work – for each chassis you can deploy the appropriate VM’s. Connect them through interface “int” – with a bridge this is done quite easy.

Power up and down as many fpc’s as you need – they will now come up with the correct fpc-slot-no and will no longer interfere each other as compared to deploying just fpc0’s which will obviously not work:

By default RE0 will be Master and RE1 will be backup – but like the real MX you can change this via config and request them to failover and so on. Also “commit synchronize” is your friend 😉

 

 

 

Enjoy your “Powerhorse vMX” 😉

vQFX 17.4R1.16 on EVE-NG (Professional and Community)

Hi all,

a couple of days the new vQFX came out in Version 17.4R1.16 – and you know me – of course it had to be “eved” 😉
Here’s how I got it flying:

 

1.) Create a new folderstructure for your new vQFX:

2.) Move your files (extracted from vbox) to the new folders:

Hint:
To get the vmdk you need to download the “Vagrant” Virtualbox-Files and extract them twice with 7zip to uncover the vmdk’s
You start with the .tgz, extract this, get a file without an extension and extract this again (all with 7zip)

3.) Convert the vmdk (PFE and RE) to qcow2-format:

And now you can spin-up your new vQFX17.1R1.16 under EVE-NG 😉

Enjoy – if you have questions feel free to ask in the comment section below.

EVE-NG Professional – First Preview

This morning something exciting happened: Thanks to Alain, the Head-Dev of EVE I got my Hands on a „Trial-License“ of EVE-NG-PRO, which will come out very very soon. This Post will review some Features and my Lab-Tests. Stay tuned and watch eve-ng.net for News about the Release-Date – if eve PRO is out, you will see it there.

 

 

 

 

 

 

As you can see, EVE-PRO will start with Version 2.0.4-4 and you will be greeted with 3 Modes:
+ Native
+ HTML5
+ HTML5 Desktop

Native and HTML5 are well known from the Community Edition. HTML5 Desktop is based on Docker and in my Opinion the world’s greatest way to Lab – this will change everything…

 

 

 

 

 

 

 

After Login to HTML5-Desktop you are presented with the „Full-blown“ Desktop of your labbing Dreams. It has Wireshark over RDP so you don’t need to install Wireshark on your PC, which is G R E A T if you want to Lab at Work, where you are usually not allowed to install Software or access ssh or access any „cli-opening“ commands. Isn’t this just awesome? Now EVE brings the Term „labbing everywhere“ to a whole new Level. Regardless where you are – even at the Hotel-Bar, where you only have Web browser access – you can login into your Lab and do whatever you want.

 

 

 

 

 

I was amazed, how smooth this actually works – Docker runs really nice on Ubuntu 16.04LTS which EVE is based on. It comes with Firefox and Chromium installed, however Firefox is preferred and used by default. So from HTML5-Desktop you are able to do some things:

+ run EVE in Firefox in Native or HTML-Mode and work normally on it
+ ssh into your EVE-Host and access it’s CLI (for upgrading or downloading new Software etc.)

I started my JNCIE-SEC Lab and tested the Capturing on ge-0/0/1 – worked like a charm – I could see all packets as they would flow in real-life – and all this from my Work-PC which is very strict. No Problems at all.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

My Lab runs smooth as always – and now there is a shiny new „Docker“ node running 😉

Also a new feature ist the NAT Network – you can now add a NAT-Network to your topology – it runs a DHCP-Server for your nodes to fetch an address and access the Internet through the EVE-hosts IP – great if you want your V-Appliances to fetch the latest updates.

Another nice Feature is the possibility to close a running Lab and go to a second Lab. I often had the problem, that due to extremely long boot-time form y full-blown Lab I wouldn’t close my full-blown Lab to test some other things real quick – no more do I have to worry about this. Running labs can be accessed again at any time and are placed under „running“ folder.

 

 

 

 

What I also like is the new “hot add”-Link Feature – you can now finally delete and add links while the Devices are running. I tested this 6 times – 5 times from Juniper to Juniper it worked very nice – one time I had to disable the interface at the cli and enable it again – but since I shut every Interface that I don’t use in real-life also, this is not a problem – after enabling the Interface everything works fine – another sweet feature, which mainly helps my “laziness” to stay lazy – and for quick-testing this feature is really handy – add a note, enable some interfaces, hot-add-link, test and after test, simply destroy – you can pop-up parts of the Lab now in no-time.

 

 

 

 

I was honored to get the chance to test eve-pro and of course I will be one of the first to buy eve-Pro as soon as it gets out to support the amazing devs for this in my opinion „Masterpiece of Lab-Technology“. Stay tuned – in the coming days I will test EVE-NG-Pro „Bare“ VS ESX 6.5 for labbing and do some “pressure-tests” on PRO.

My first J-Coin from “oversea”

Everytime I drive home, I talk to my Wife over the Phone (yes, EVERY time). This evening she told me, that Mail from Juniper arrived and I was extremely curious, what it could be. And I must say, that I wasn’t disappointed 😀

Now I have 2 J-Coins – one from EMEA Summit 2017 and one from the Circle – can’t wait to get tham all – I already purchased a Book for all the coins 🙂

 

An era has ended and another era starts – taking my Juniper-Career to the next Level

Maybe some of you already heared it – Beginning tomorrow (1st of February 2018) I will no longer be working for Dimension Data.
In the recent years the Juniper-Projects were getting few and so I decided to take my career to the next level by moving to Telonic.
I’m very excited to get the opportunity to work at a “Juniper-Focused” Company and getting the Opportunity to work even closer with Juniper and Juniper-Focused colleagues. The first big step to achieve this is to finally get the JNCIE-SEC, which due to lost time I couldn’t complete when working at DiData. Thank you DiData for all the good years and “see you soon” – the IT-World is a small Village 🙂

Disable IPv6 Router-Advertisements on Windows Server 2012 / 2016

Lately I did a huge amount of IPv6-Setups and I noticed something in the vCenter: All the Boxes with static IP’s still had 2 IPv6-Adresses (one static and one per RA-Feature).

Since I didn’t want them to use the address that they got from the RA and disabling RA at the Router was not an option I googled a bit and found this:

Tadaa – only my static IP is left 😉
Maybe this does not impact anything – but still it feels wrong to me that a static IPv6 Host gains a second address from the same subnet…

Maybe this will help you on your way to IPv6 – if so please leave a comment

On Linux you would simply put this into your /etc/sysconfig/network (for RHEL/CentOS):