FC2ブログ

下流ネットワークエンジニアの生活

上流工程を夢見る下流工程のネットワークエンジニアがネットワーク技術や資格、身の回りのことを情報発信! Juniper Cisco YAMAHA DELL D-Link AlaxalA F5 CCNA CCNP CCIE ネットワークスペシャリスト

Juniper の記事一覧

Juniper MXシリーズにおけるレイヤ3ポートミラーリング パケットキャプチャ

2018.10.22 (Mon)

MXルーターにてパケットキャプチャーを実施する機会があったのでメモ



□概要
・ge-0/0/1ポートのout方向のすべてのパケットをミラーリングする
・ミラーリングしたパケットをge-0/0/0の先に接続している
ノートPC(192.168.0.2)に出力する















1) ポートミラーリング用のフィルターを作成

set firewall family inet filter pcap term 1 then port-mirror
set firewall family inet filter pcap term 1 then accept



2)ミラーリングしたいI/Fに 1)で作成したフィルターを適用

set interfaces ge-0/0/1 unit 0 family inet filter output pcap



3) ミラーリング出力先のポートを設定

set interfaces ge-0/0/0 unit 0 family inet address 192.168.0.1/30



4) ミラーリングを設定

set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring family inet output interface ge-0/0/0.0 next-hop 192.168.0.2
set forwarding-options port-mirroring family inet output no-filter-check



5) ノートPCのIP設定

IP:192.168.0.2
MASK:255.255.255.252

MXルーターのge-0/0/0にノートPCを接続









スポンサーサイト



Juniper JUNOSのshowコマンドで正規表現が使えるので抽出がとても便利 CLIコマンド

2018.06.07 (Thu)


Juniper EX2300とEX4300スイッチを触っているが、
特定のタイプのインターフェイス情報のみを表示させたい時、
たとえば、ge-からはじまるインターフェイスのみを、
show interfaces terseの結果から抽出したい時、
これまでは以下のようにパイプ(|)でつないでmatchオプションを使っていた。





{master:0}
admin@EX4300> show interfaces terse | match ge-
ge-0/0/0 up up
ge-0/0/0.0 up up eth-switch
ge-0/0/1 up up
ge-0/0/1.0 up up eth-switch
ge-0/0/2 up down
ge-0/0/3 up down
ge-0/0/4 up up
ge-0/0/4.0 up up eth-switch
ge-0/0/5 up down
ge-0/0/6 up down
ge-0/0/7 up down
ge-0/0/8 up down
ge-0/0/9 up down
ge-0/0/10 up down
ge-0/0/11 up down
ge-0/0/12 up up
ge-0/0/12.0 up up eth-switch
ge-0/0/13 up up
ge-0/0/13.0 up up eth-switch
ge-0/0/14 up down
ge-0/0/15 up up
ge-0/0/15.0 up up eth-switch
ge-0/0/16 up down
ge-0/0/17 up down
ge-0/0/18 up up
ge-0/0/18.0 up up eth-switch
ge-0/0/19 up down
ge-0/0/20 up down
ge-0/0/21 up up
ge-0/0/21.0 up up eth-switch
ge-0/0/22 up up
ge-0/0/22.0 up up eth-switch
ge-0/0/23 up up
ge-0/0/23.0 up up eth-switch













しかし、いくつかの特定のインターフェイスをまとめて表示させたい時があり、
その場合は、1つ1つコマンドを実行していた。
たとえば、ge-0/0/1とge-0/0/2の2ポートのみを表示させたい場合、
show interfaces ge-0/0/1 terse
show interfaces ge-0/0/2 terse
の2行のコマンドを実行していた。

確認したいポート数が増えるに連れてだんだん面倒となるため、
できればコマンド1行で表示させたいと思って調べたところ、
正規表現が使えることがわかったので早速ためしてみた。



○アスタリスク
ge-にマッチするすべてのインターフェイスを指定する場合


{master:0}
admin@EX4300> show interfaces ge-* terse
ge-0/0/0 up up
ge-0/0/0.0 up up eth-switch
ge-0/0/1 up up
ge-0/0/1.0 up up eth-switch
ge-0/0/2 up down
ge-0/0/3 up down
ge-0/0/4 up up
ge-0/0/4.0 up up eth-switch
ge-0/0/5 up down
ge-0/0/6 up down
ge-0/0/7 up down
ge-0/0/8 up down
ge-0/0/9 up down
ge-0/0/10 up down
ge-0/0/11 up down
ge-0/0/12 up up
ge-0/0/12.0 up up eth-switch
ge-0/0/13 up up
ge-0/0/13.0 up up eth-switch
ge-0/0/14 up down
ge-0/0/15 up up
ge-0/0/15.0 up up eth-switch
ge-0/0/16 up down
ge-0/0/17 up down
ge-0/0/18 up up
ge-0/0/18.0 up up eth-switch
ge-0/0/19 up down
ge-0/0/20 up down
ge-0/0/21 up up
ge-0/0/21.0 up up eth-switch
ge-0/0/22 up up
ge-0/0/22.0 up up eth-switch
ge-0/0/23 up up
ge-0/0/23.0 up up eth-switch









○カッコ
ge-0/0/1とge-0/0/2にマッチのみを表示させたい場合


{master:0}
admin@EX4300> show interfaces ge-0/0/[12] terse
ge-0/0/0 up up
ge-0/0/0.0 up up eth-switch
ge-0/0/1 up up
ge-0/0/1.0 up up eth-switch




非常に便利である。



JUNOSをもっと学びたい方におすすめ





Juniper MXシリーズ 無停止アップグレード JUNOS ISSU

2018.05.08 (Tue)


◯ISSUの条件

・GRES、NSR、commit syncが有効になっていること

※以下のコマンドが入っていること
set chassis redundancy graceful-switchover
set routing-options nonstop-routing
set system commit synchronize



・ルーティングエンジンが2つ搭載されていること

admin@MX480> show chassis hardware
Routing Engine 0 REV 01 740-xxxxxx xxxxxxxxx xxxxxxxxxxx
Routing Engine 1 REV 01 740-xxxxxx xxxxxxxxx xxxxxxxxxxx
















◯作業前の準備

・両ルーティングエンジンが同一バージョンで動作していることを確認

admin@MX480> show version invoke-on all-routing-engines
re0:
--------------------------------------------------------------------
Hostname: host
Model: mx480
Junos: 13.3R6.5
JUNOS Base OS boot [13.3R6.5]
JUNOS Base OS Software Suite [13.3R6.5]
JUNOS 64-bit Kernel Software Suite [13.3R6.5]
JUNOS Crypto Software Suite [13.3R6.5]
JUNOS Packet Forwarding Engine Support (M/T/EX Common) [13.3R6.5]
JUNOS Packet Forwarding Engine Support (MX Common) [13.3R6.5]
JUNOS Online Documentation [13.3R6.5]

re1:
--------------------------------------------------------------------
Hostname: host
Model: mx480
Junos: 13.3R6.5
JUNOS Base OS boot [13.3R6.5]
JUNOS Base OS Software Suite [13.3R6.5]
JUNOS 64-bit Kernel Software Suite [13.3R6.5]
JUNOS Crypto Software Suite [13.3R6.5]
JUNOS Packet Forwarding Engine Support (M/T/EX Common) [13.3R6.5]
JUNOS Packet Forwarding Engine Support (MX Common) [13.3R6.5]
JUNOS Online Documentation [13.3R6.5]




・snapshot取得

admin@MX480> request system snapshot
admin@MX480> request routing-engine login re1
admin@MX480> request system snapshot
admin@MX480> exit





・JUNOSイメージをダウンロード

admin@MX480> file copy ftp://anonymous@10.0.0.2/jinstall64-14.1R4.10-domestic-signed.tgz /var/tmp/jinstall64-14.1R4.10-domestic-signed.tgz






◯ISSU実行


admin@MX480> request system software in-service-upgrade /var/tmp/jinstall64-14.1R4.10-domestic-signed.tgz reboot
Chassis ISSU Check Done
ISSU: Validating Image
FPC 0 will be offlined (In-Service-Upgrade not supported)
PIC 0/0 will be offlined (In-Service-Upgrade not supported)
PIC 0/1 will be offlined (In-Service-Upgrade not supported)
Do you want to continue with these actions being taken ? [yes,no] (no) yes

Checking compatibility with configuration
Initializing...
Using jbase-13.3R6.5
Verified manifest signed by PackageProductionEc_2015
Using /var/tmp/jinstall64-14.1R4.10-domestic-signed.tgz
Verified jinstall64-14.1R4.10-domestic.tgz signed by PackageProductionEc_2015
Using jinstall64-14.1R4.10-domestic.tgz
Using jbundle64-14.1R4.10-domestic.tgz
Checking jbundle requirements on /
Using jbase-14.1R4.10.tgz
Verified manifest signed by PackageProductionEc_2015
Verified jbase-14.1R4.10 signed by PackageProductionEc_2015
Using /var/v/c/tmp/jbundle/jboot-14.1R4.10.tgz
Using jcrypto64-14.1R4.10.tgz
Verified manifest signed by PackageProductionEc_2015
Verified jcrypto64-14.1R4.10 signed by PackageProductionEc_2015
Using jdocs-14.1R4.10.tgz
Verified manifest signed by PackageProductionEc_2015
Verified jdocs-14.1R4.10 signed by PackageProductionEc_2015
Using jkernel64-14.1R4.10.tgz
Using jpfe-14.1R4.10.tgz
Verified SHA1 checksum of jpfe-M10-14.1R4.10.tgz
Verified SHA1 checksum of jpfe-M120-14.1R4.10.tgz
Verified SHA1 checksum of jpfe-M160-14.1R4.10.tgz
Verified SHA1 checksum of jpfe-M320-14.1R4.10.tgz
Verified SHA1 checksum of jpfe-M40-14.1R4.10.tgz
Verified SHA1 checksum of jpfe-M7i-14.1R4.10.tgz
Verified SHA1 checksum of jpfe-T-14.1R4.10.tgz
Verified SHA1 checksum of jpfe-X2000-14.1R4.10.tgz
Verified SHA1 checksum of jpfe-X960-14.1R4.10.tgz
Verified SHA1 checksum of jpfe-common-14.1R4.10.tgz
Using jplatform-14.1R4.10.tgz
Verified manifest signed by PackageProductionEc_2015
Verified jplatform-14.1R4.10 signed by PackageProductionEc_2015
Using jroute-14.1R4.10.tgz
Verified manifest signed by PackageProductionEc_2015
Verified jroute-14.1R4.10 signed by PackageProductionEc_2015
Using jruntime-14.1R4.10.tgz
Verified manifest signed by PackageProductionEc_2015
Verified jruntime-14.1R4.10 signed by PackageProductionEc_2015
Using jruntime64-14.1R4.10.tgz
Verified manifest signed by PackageProductionEc_2015
Verified jruntime64-14.1R4.10 signed by PackageProductionEc_2015
Using jservices-14.1R4.10.tgz
Using jservices-crypto-14.1R4.10.tgz
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
mgd: commit complete
Validation succeeded
ISSU: Preparing Backup RE
Pushing /var/tmp/jinstall64-14.1R4.10-domestic-signed.tgz to re1:/var/tmp/jinstall64-14.1R4.10-domestic-signed.tgz
Installing package '/var/tmp/jinstall64-14.1R4.10-domestic-signed.tgz' ...
Verified jinstall64-14.1R4.10-domestic.tgz signed by PackageProductionEc_2015
Verified jinstall64-14.1R4.10-domestic.tgz signed by PackageProductionRSA_2015
Adding jinstall64...
Verified manifest signed by PackageProductionEc_2015

WARNING: This package will load JUNOS 14.1R4.10 software.
WARNING: It will save JUNOS configuration files, and SSH keys
WARNING: (if configured), but erase all other files and information
WARNING: stored on this machine. It will attempt to preserve dumps
WARNING: and log files, but this can not be guaranteed. This is the
WARNING: pre-installation stage and all the software is loaded when
WARNING: you reboot the system.

Saving the config files ...
NOTICE: uncommitted changes have been saved in /var/db/config/juniper.conf.pre-install
Installing the bootstrap installer ...

WARNING: A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
WARNING: 'request system reboot' command when software installation is
WARNING: complete. To abort the installation, do not reboot your system,
WARNING: instead use the 'request system software delete jinstall'
WARNING: command as soon as this operation completes.

Saving state for rollback ...
Backup upgrade done
Rebooting Backup RE

Rebooting re1
ISSU: Backup RE Prepare Done
Waiting for Backup RE reboot
GRES operational
Initiating Chassis In-Service-Upgrade
Chassis ISSU Started
ISSU: Preparing Daemons
ISSU: Daemons Ready for ISSU
ISSU: Starting Upgrade for FRUs
ISSU: Preparing for Switchover
ISSU: Ready for Switchover
Checking In-Service-Upgrade status
Item Status Reason
FPC 0 Offline Offlined by cli command
Resolving mastership...
Complete. The other routing engine becomes the master.
ISSU: RE switchover Done
ISSU: Upgrading Old Master RE
Installing package '/var/tmp/jinstall64-14.1R4.10-domestic-signed.tgz' ...
Verified jinstall64-14.1R4.10-domestic.tgz signed by PackageProductionEc_2015
Verified jinstall64-14.1R4.10-domestic.tgz signed by PackageProductionRSA_2015
Adding jinstall64...
Verified manifest signed by PackageProductionEc_2015

WARNING: This package will load JUNOS 14.1R4.10 software.
WARNING: It will save JUNOS configuration files, and SSH keys
WARNING: (if configured), but erase all other files and information
WARNING: stored on this machine. It will attempt to preserve dumps
WARNING: and log files, but this can not be guaranteed. This is the
WARNING: pre-installation stage and all the software is loaded when
WARNING: you reboot the system.

Saving the config files ...
NOTICE: uncommitted changes have been saved in /var/db/config/juniper.conf.pre-install
Installing the bootstrap installer ...

WARNING: A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
WARNING: 'request system reboot' command when software installation is
WARNING: complete. To abort the installation, do not reboot your system,
WARNING: instead use the 'request system software delete jinstall'
WARNING: command as soon as this operation completes.

Saving package file in /var/sw/pkg/jinstall64-14.1R4.10-domestic-signed.tgz ...
Saving state for rollback ...
ISSU: Old Master Upgrade Done
ISSU: IDLE
Shutdown NOW!
[pid 10149]

{master}
admin@MX480>

{backup}
admin@MX480>
*** FINAL System shutdown message from admin@MX480 ***

System going down IMMEDIATELY


Connection closed by foreign host.

 | HOME |  Next »