Juniper routers can generate and send flow records to a management server. This allows the administrator to monitor all the traffic that is being routed and better understand the users’ behavior and needs when using the network. Besides that, it also creates a database with every connection originated or destined to your autonomous system for further consultation.
The following tutorial shows how to configure the router and how to set up a management server to receive and store the data using open source tools. In addition, it will also show how to query the information base.
Configuring the Router
1. Define and configure an interface to export flow data, like ge-1/1/0. The flow collector must be reachable through this interface, since flow records cannot be exported if the flow collector is reachable through a management interface like fxp0.
set interfaces ge-1/1/0 unit 0 family inet address 172.16.200.4/16
Continue reading “Netflow on Juniper”
This article shows how to configure a Juniper router to authenticate users on a RADIUS server.
1. Configure the router with the RADIUS server information:
set system radius-server 10.0.12.1 port 1812
set system radius-server 10.0.12.1 secret yourpassword
set system radius-server 10.0.12.1 timeout 5
set system radius-server 10.0.12.1 retry 3
set system radius-server 10.0.12.1 source-address 192.168.120.4
In this case, the RADIUS server is with the IP address of 10.0.12.1, UDP port 1812.
Continue reading “RADIUS Authentication on Juniper”
This article explains how to add new Netflow listeners to Cacti. By default, Cacti is not able to show Netflow reports. So, to follow the steps in this article, the Flowview plugin have to be installed on Cacti.
1. Configure Cacti server to receive and store the netflow files adding the lines shown below, one line for each router:
-V 5 -w /var/flow/ABC-Router -n 275 -N 3 -E500M 0/0/3001
-V 5 -w /var/flow/DEF-Router -n 275 -N 3 -E500M 0/0/3002
-V 5 -w /var/flow/GHI-Router -n 275 -N 3 -E500M 0/0/3003
-V 5 -w /var/flow/JKL-Router -n 275 -N 3 -E500M 0/0/3004
-V 5 -w /var/flow/MNO-Router -n 275 -N 3 -E500M 0/0/3005
-V 5 -w /var/flow/PQR-Router -n 275 -N 3 -E500M 0/0/3006
-V 5 -w /var/flow/STU-Router -n 275 -N 3 -E500M 0/0/3007
-V 5 -w /var/flow/VWX-Router -n 275 -N 3 -E500M 0/0/3008
-V 5 -w /var/flow/XYZ-Router -n 275 -N 3 -E500M 0/0/3009
Continue reading “Adding a Netflow Listener to Cacti”
1. The QoS service offered by the ISP allows for control of how traffic is prioritised and bandwidth is reserved, with three queues available (multimedia – VoIP, critical data and normal data). Packets must be remarked with the following values to be classified on a each queue:
Continue reading “Traffic Classification and Marking on HP Switches”
In this article we will configure the HP7510 switch to limit the bandwidth for two specific applications. The switch is placed in the company central building and is connected to the WAN router that provides access to offices in different remote locations. Continue reading “Limiting Application Bandwidth on HP Switches”
In this article I will show how to mark IP packets to prioritize multimedia and critical applications following a QoS policy that will be later enforced inside the ISP cloud.
1. The QoS service offered by the ISP allows for control of how traffic is prioritized and bandwidth is reserved, with three queues available as shown in the figure below.
Continue reading “Traffic Classification and Marking on Cisco IOS”
In this article we will configure a Cisco IOS Router to limit the bandwidth usage of an user that is watching video of a security camera. To that goal, we will use a traffic policer, but will also show how to reach the same objective using traffic shapping.
Continue reading “Limiting Bandwidth with Cisco IOS”
A few show commands to verify the performance of routers with JUNOS: Continue reading “Verifying Performance on Juniper”
- This command will start capturing packets on the given interface and save the capture in the file capture.pcap.
monitor traffic interface ge-1/0/1.0 extensive matching "dst host 184.108.40.206" no-resolve print-ascii write-file capture.pcap
Continue reading “Capturing Packets at a Juniper Router”
This article shows 2 ways to control the path of packets leaving an autonomous system:
- Changing the exit route to a given prefix
- Changing the exit route to a given autonomous system
The commands below are related to the following diagram: Continue reading “BGP Path Control on Junos”