• Simple DNS Administration with NSD & Unbound - OmniOS

    NLnetLab Logo This post will cover a very simple Domain Name System server installation and will implement the NSD server to respond authoritatively for requests on the private network 192.168.1.0/24. Also, Unbound will act as a caching server, to provide query results, that local hosts on the network can quickly refer to. Both NSD and Unbound are developed by NLnetLabs and are available in the OmniOS Extra Repository.

    To follow this post you should have a recent version of OmniOS installed and have the OmniOS Extra Repository enabled. The purpose of the post is more to get a DNS implementation running quickly, rather than going into fine details of DNS configuration. I have provided some links when further information is desirable. This post will not cover DNSSEC in any way, nor will it cover nsd-control which is disabled as a default setting. You should not need to set aside more than an hour to follow this post (including additional reading).

  • OpenBSD guest with bhyve - OmniOS

    bhyve Logo Today I will be creating a OpenBSD guest via bhyve on OmniOS. I will also be adding a Pass Through Ethernet Controller so I can have a multi-homed guest that will serve as a firewall/router.

    This post will cover setting up bhyve on OmniOS, so it will also be a good introduction to bhyve. As well, I look into OpenBSD’s uEFI boot loader so if you have had trouble with this, then you are in the right place.

  • Bacula Data Encryption

    Bacula Logo Today’s post covers Bacula Data Encryption. This is the third and final post on Bacula with OpenSSL, the other two posts are, PostgreSQL SSL Connection with Bacula & Bacula TLS Encryption.

    This is by far the most simple to configure of the three posts on securing Bacula, however, it is one of the most important. First, it concerns data storage that may not be in your hands. Leaving backups unencrypted with a third party creates a risk of having them taken, if not sufficiently guarded. This is tantamount to giving someone access to your entire systems. Secondly, importance lies with the possibility that if you lose your PKI Keypair that backs up your data, in effect you lose all your backups.

  • Bacula TLS Encryption

    Bacula Logo Bacula is an open-source, enterprise-level computer backup system for heterogeneous networks. Bacula is by far the most popular Open Source backup program. It is designed to automate backup tasks that had often required intervention from a systems administrator or computer operator. Bacula supports Linux, UNIX, Windows, and macOS backup clients, and a range of professional backup devices including tape libraries.

    Continuing from my last post on Securing the connection to PostgreQSL from Bacula via SSL, this post will focus on Transport Layer Security in Bacula.

    This post assumes that you have a working installation of Bacula. If you have not already set up you can find a very detailed series of posts on the Blog Index covering all aspects of installing Bacula. This post also assumes you have access to a Certificate Authority. I have also made a post on installing and configuring a Certificate Authority which can be found here.

  • PostgreSQL SSL Connection with Bacula

    PostgreSQL Logo PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance. When installing Bacula on FreeBSD it is also the default database for the catalog.

    In my previous posts on Bacula, the PostgreSQL database has resided on the same server as the Bacula Director and there has been no need to secure the Login Credentials for PostgreSQL as these never traversed the network. I have recently moved the PostgreSQL server of the Bacula Director machine and now it is advisable that these credentials are secured.

    Today I will enable SSL on both PostgreSQL and Bacula. The following instructions are for a Bacula server that is already in place. If you need to set up from scratch this post will help you most of the way, however, I highly recommend viewing Staf Wagemakers post on the subject as it goes into much more detail.

  • omnios-extra Build System - Part III - OmniOS

    UPDATE: I have updated the README.md at https://github.com/omniosorg/omnios-extra with a much more detailed view on building packages for OmniOS and this should be your first port of call, should you be interested in creating packages for OmniOS.

    omniosce Logo OmniOS Community Edition is a free and open-source Unix operating system derived from OpenSolaris and based on Illumos. Developers forked OpenSolaris after Oracle Corporation discontinued it, in order to continue development and distribution of the source code. The OmniOSce project is stewarded by the OmniOS Community Edition Association. OmniOSce’s goal is to produce a self-hosting, minimalist Illumos-based release suitable for production deployment.

    The Image Packaging System, also known as IPS, is a cross-platform (written in Python) package management system created by the OpenSolaris community in coordination with Sun Microsystems. IPS is designed to eliminate some long-standing issues with previous software distribution, installation, and maintenance mechanisms that have caused significant problems for Solaris users, developers, and maintainers.

    Today I will be using the build system for the OmniOS Extra IPS Repository. This allows a convenient and standardized manner to build IPS Packages. I will package the Apache httpd web server as I have been demonstrating in the last two posts.

  • IPS Packaging - Part II - OmniOS

    omniosce Logo OmniOS Community Edition is a free and open-source Unix operating system derived from OpenSolaris and based on Illumos. Developers forked OpenSolaris after Oracle Corporation discontinued it, in order to continue development and distribution of the source code. The OmiOSCE project is stewarded by the OmniOS Community Edition Association. OmniOSCE’s goal is to produce a self-hosting, minimalist Illumos-based release suitable for production deployment.

    The Image Packaging System, also known as IPS, is a cross-platform (written in Python) package management system created by the OpenSolaris community in coordination with Sun Microsystems. IPS is designed to eliminate some long-standing issues with previous software distribution, installation, and maintenance mechanisms that have caused significant problems for Solaris users, developers, and maintainers.

    Today I will set up an IPS repository and make it available on the the local network. After this I will package the Apache httpd server and its dependecies, including the SMF Manifest and Method, & also the Apache 2.0 license. This will later be published to the local IPS Repository. The post will cover the various pkg tools, such as pkgdepend, pkglint, pkgmogrify, pkgrepo & pkgsend. These tools allow us to build a package manifest automatically and apply transforms to its contents. Further, pkglint runs a series of checks on the package manifest.

  • IPS Packaging - Part I - OmniOS

    omniosce Logo OmniOS Community Edition is a free and open-source Unix operating system derived from OpenSolaris and based on Illumos. Developers forked OpenSolaris after Oracle Corporation discontinued it, in order to continue development and distribution of the source code. The OmniOSCE project is stewarded by the OmniOS Community Edition Association. OmniOSCEs goal is to produce a self-hosting, minimalist Illumos-based release suitable for production deployment.

    The Image Packaging System, also known as IPS, is a cross-platform (written in Python) package management system created by the OpenSolaris community in coordination with Sun Microsystems. IPS is designed to eliminate some long-standing issues with previous software distribution, installation, and maintenance mechanisms that have caused significant problems for Solaris users, developers, and maintainers.

    Today I will compile and build an application from source to publish to a local IPS Repository. I have chosen to create the Apache httpd Server as it demonstrates dealing with dependencies & using SMF services. That will be as far as I get with today’s post and it will be followed up in a new post, by creating the Apache httpd package and publishing it to an IPS repository.

  • Pretty Easy Privacy Email Encryption - Thunderbird

    PEP Logo pretty Easy privacy (abbreviated as p≡p) is a part of the enigmail plugin, that enables easy PGP encryption for the Thunderbird Email Client. Whilst PGP Email Encryption has been available for almost 30 years, adoption has been very low, as it can be difficult to implement without a high level of computing knowledge. p≡p comes a long way to solving this problem.

    p≡p is also available for Microsoft Outlook, Android & iOS. Today, I will only cover installation and operation on Thunderbird.

  • Nagios - Add New Hostgroup & Administrator - FreeBSD 12.0

    Nagios Logo Nagios is a tool for system monitoring. Nagios constantly checks if other machines are working properly. It also verifies that various services on those machines are working fine. In addition, Nagios accepts other processes or machines reporting their status, for example, a web server can directly report if it is not overloaded to Nagios. The main purpose of system monitoring is to detect as soon as possible any system that is not working properly so that users of that system will not report the issue to you first.

    It is a common task to add new Hostgroups to Nagios, this entails setting up the Hostgroup, hosts and the associated services. You may also want to give access to the Nagios Web Interface for the Hostgroup Administrator, which will involve creating a new contact. You would only want to give this Administrator access to the hosts that they are responsible for, so I will cover all these themes today.

  • Gogs - A Painless Self-Hosted Git Service - FreeBSD 12.0

    Gogs Logo Gogs is a painless self-hosted Git service. It is similar to GitHub, Bitbucket, and GitLab. The goal of the project is to provide the easiest, fastest, and most painless way of setting up a self-hosted Git service. With Go, this can be done with an independent binary distribution across all platforms and architectures that Go supports. This support includes FreeBSD, Linux, macOS, and Windows, on architectures like amd64, i386, ARM, PowerPC, and others.

    Today I will cover installing Gogs on FreeBSD. I will look at setting up Apache to serve Gogs via a Proxy and also cover SSL Certificates.

    So without further ado, let’s start to setup up our own web-facing code repository.

  • SSH with Key Usage Confirmation - Fedora

    Fedora Logo The use of SSH Agent Forwarding, enables us to simplify the re-use of SSH keys. From your desktop environment it is possible to traverse through multiple hosts over SSH. However, this method comes with an inherent risk where the agent can be hijacked. This means a malicious actor could use the SSH keys to compromise downstream hosts, oblivious to the original users knowledge.

    In this post, I will cover a simple way to protect against SSH Agent Hijacking. Also, I will detail what it takes to configure a system-wide agent that runs under Gnome.

  • Bacula 9.4 Installation with PostgreSQL 11.5 - FreeBSD 12.0

    Bacula Tapes Bacula is an open-source, enterprise-level computer backup system for heterogeneous networks. Bacula is by far the most popular Open Source backup program. It is designed to automate backup tasks that had often required intervention from a systems administrator or computer operator. Bacula supports Linux, UNIX, Windows, and macOS backup clients, and a range of professional backup devices including tape libraries.

    In this post, I will install and configure Bacula with PostgreSQL. PostgreSQL is the default database for Bacula on FreeBSD. Using MySQL requires installing Bacula from ports and setting make options, which I will not be covering in this post.

  • Quick Start Samba 4.8 - FreeBSD 12.0

    Samba Logo Samba is a free software re-implementation of the SMB networking protocol. Samba provides file and print services for Linux and Microsoft Windows clients. Samba can integrate with a Microsoft Windows Server domain, either as a Domain Controller or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.

    Today I will look at setting up Samba, in particular, sharing for groups. Using groups means you can achieve a more efficient means of controlling user access. I will cover installation on FreeBSD, setting up Samba shares, configuration of the server and adding users. To confirm the installation I will test connecting from a client and also check the logs if the connection is not successful.

  • Fedora copr Build System

    COPR Logo Fedora copr is an easy-to-use automatic build system providing an RPM repository for packages that you build. You can start with making your own repository in three simple steps: create a project, choose a system and architecture that you want to build for; start a new build by providing copr with a github repo where you have your .spec and other associated files; and then sit back and let copr do all the work!

    In this post I will create an example repository to demonstrate how copr can integrate with github. This will create a simple package named fedora-copr-example. While it is an extremely simple C program, I have also included a patch to demonstrate how patch files can be used with the system. In addition, the sources (https://www.pbdigital.org/tarballs/fedora-copr-example-1.0.0.tar.gz) are external and will be downloaded by copr during its build process.

  • Apache Secure Sockets Layer

    Apache Feather Apaches Secure Sockets Layer protocol is a protocol layer based between the TCP/IP protocol and the application protocol layer (HTTP). SSL provides for secure communication between client and server by allowing mutual authentication and the use of digital signatures for integrity and encryption for privacy.

    In todays post I will look at configuring Apache, running on FreeBSD, to use SSL Certificates and provide further security best practices. You can obtain SSL certificates for your web service from Let’s Encrypt. Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.

  • Online Certificate Status Protocol Responder - OpenBSD

    LibreSSL Logo The Online Certificate Status Protocol is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. An OCSP Responder is a web service that indicates to a client the status of the certificate. The response sent by the OCSP responder is digitally signed with its OSCP certificate. OpenSSL/LibreSSL can act as an OSCP Responder, however in this post I will set up an OCSP Responder based on LibreSSL that is served via a cgi-script on the Apache webserver.

    I will cover creating the necessary keys and certificate for the responder, starting a test responder based on OpenSSL and verifying a server certificate from OpenSSL & Firefox. I will then move onto the setup of creating a more permanent solution with Apache webserver.

  • Offline Root Certificate Authority for SSL Certificates - OpenBSD

    LibreSSL Logo For an internal organization, it is a good idea provide SSL certificates to protect data as it crosses your network. You have the option of using Self Signed Certificates or implementing a Certificate Authority. The added benefits of a Certificate Authority is that of being able to add the CA Root Certificate to your browsers so these are accepted as a normal SSL Certificate would be. You also will be able to manage your certificates in a central location, with the ability to revoke certificates and set up an Online Certificate Status Provider Responder to check the validity of these Certificates. This make sense when issuing Client Certificates as these need careful guarding. Finally, creating a Certificate Authority, is a great educational experience and will help you understand security issues in your network much more thoroughly.

    Everything that is need to create a Certificate Authority is provided by OpenSSL. I am using LibreSSL as this is the default under OpenBSD. The will be no differences to the configuration files, however, man pages are different. In this post I will cover setting up an Offline Certificate Authority. When it is not issuing certificates, it can be powered off to increase security. I will go over creating the CA directory structure, creating the root-ca.crt and also creating server and client certificates. Finally I will discuss how to revoke certificates and the use of a Certificate Revocation List. The next post, I will implement an Online Certificate Status Provider Responder which should also be part of a Certificate Authority solution.

  • Nagios Service Check Acceptor - FreeBSD

    Nagios Logo NSCA allows the sending of results directly to the Nagios external command pipe. It consists of two parts: the daemon and the client. The part responsible for receiving check results and passing them to Nagios is the daemon. The daemon listens on a specific TCP port for NSCA clients passing information. It accepts and authenticates incoming connections and passes these results to the Nagios external command pipe. All information is encrypted using the MCrypt library.

    In this post I will cover installation & configuration of the NSCA daemon & client and configuring Nagios to process the received messages. I will also cover writing a script to check the status of a service and testing this, and then latter putting this into the root crontab so that this script is executed every 5 minutes.

  • Nagios 4.4 & PHP 7.2 Installation - FreeBSD 12.0

    Nagios Logo Nagios is a tool for system monitoring. Nagios constantly checks if other machines are working properly. It also verifies that various services on those machines are working fine. In addition, Nagios accepts other processes or machines reporting their status, for example, a web server can directly report if it is not overloaded to Nagios. The main purpose of system monitoring is to detect as soon as possible any system that is not working properly so that users of that system will not report the issue to you first.

    Today I will cover installing Nagios on FreeBSD, with its various dependencies such as PHP. Also, I will look at htpasswd authentication and finally configuring email notifications.

  • Packet Filter Firewall - OpenBSD

    Puffy Logo Packet Filter was developed for OpenBSD, but has been ported to many other operating systems. The filtering syntax is similar to IPFilter, with some modifications to make it clearer. Network Address Translation (NAT) and Quality of Service (QoS) have been integrated into PF, QoS by importing the ALTQ queuing software and linking it with PF’s configuration. Features such as pfsync and CARP for failover and redundancy, authpf for session authentication, and ftp-proxy to ease firewalling the difficult FTP protocol, have also extended PF. Also PF supports SMP (Symmetric multiprocessing) & STO (Stateful Tracking Options).

    One of the many innovative features of Packet Filter is it’s logging. PF’s logging is configurable per rule within the pf.conf and logs are provided from PF by a pseudo-network interface called pflog, which is the only way to lift data from kernel-level mode for user-level programs. Logs may be monitored using standard utilities such as tcpdump, which in OpenBSD has been extended especially for the purpose, or saved to disk in the tcpdump/pcap binary format using the pflogd daemon.

    In this post, I will create a pf.conf that will control access for the VLANs that I have setup in the previous posts and also allow internet access via NAT translation. This will be a basic example, so for further reading, I highly recommend reading Peter N. M. Hansteen’s Firewalling with OpenBSD’s PF packet filter Manual.

  • VLANs and Routing - OpenBSD

    Puffy Logo This post continues from my last post where I setup VLANs with a HP Switch.

    A Virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). LAN is the abbreviation for local area network and in this context, virtual refers to a physical object recreated and altered by additional logic. VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed. OpenBSD has supported VLANs since 2001 (OpenBSD 2.9).

    In this post I will setup OpenBSD as an 802.1Q compatible switch. This post will also include configuration to allow routing to send packets between the VLANs. Further I will also setup a DHCP server to allow devices to automatically obtain IP addresses.

    Finally I will touch on the OpenBSD Packet Filter, I will not implement it at this stage, as this will be better covered in its own post which you can find here.

  • HP V1910 VLAN's - Command Line Interface

    HP Logo It is possible to configure the HP v1910 via the command line using a console connection. This comes in handy if you are provisioning switches that are not available on your current net work or if you just prefer to do things the old fashion way. The commandline interface is available via the hidden _cmdline-mode option available for HP engineers.

    This post is part of a bigger post that will later connect with OpenBSD to use as the routing engine to provide the switch internet access. In this post I will cover setting up vlan access ports and a trunk port connecting to the OpenBSD router.

  • Bacula Configuration - Part V - Media - FreeBSD

    Bacula Disks Bacula is an open-source, enterprise-level computer backup system for heterogeneous networks. Bacula is by far the most popular Open Source backup program. It is designed to automate backup tasks that had often required intervention from a systems administrator or computer operator. Bacula supports Linux, UNIX, Windows, and macOS backup clients, and a range of professional backup devices including tape libraries.

    This post covers auto-mounting USB devices under FreeBSD to make available to Bacula. This is done with autofs. I will also look at formatting and labeling these devices under FreeBSD so as to provide a clean device for Bacula to work with. Finally we need to label this media via the bconsole program so that these devices can be allocated to the Bacula Storage Pools that we setup in a previous post.

  • Bacula Configuration - Part IV - Backups - FreeBSD

    Bacula Tapes Bacula is an open-source, enterprise-level computer backup system for heterogeneous networks. Bacula is by far the most popular Open Source backup program. It is designed to automate backup tasks that had often required intervention from a systems administrator or computer operator. Bacula supports Linux, UNIX, Windows, and macOS backup clients, and a range of professional backup devices including tape libraries.

    Today I will look at configuring the Jobs & Schedules resources. These are part of the bacula-dir.conf file. These are responsible for the running of the backups; the Jobs define who and what to back up and the Schedule defines when to backup.

    Throughout the posts I will shamelessly quote the main Bacula Documentation as I see no sense in duplicating the good work that has already been done by the Bacula team. However, I will also go into detail where necessary to point out parts that I feel need extra explanation, relative to the configurations I have made.

  • Bacula Configuration - Part III - Clients - FreeBSD

    Bacula Tapes Bacula is an open-source, enterprise-level computer backup system for heterogeneous networks. Bacula is by far the most popular Open Source backup program. It is designed to automate backup tasks that had often required intervention from a systems administrator or computer operator. Bacula supports Linux, UNIX, Windows, and macOS backup clients, and a range of professional backup devices including tape libraries.

    Today I will look at configuring the Client & FileSets resources. These are part of the bacula-dir.conf file. I will also look at the bacula-fd.conf file, which is responsible for defining the Client Daemon that runs on the client as a daemon.

    Throughout the posts I will shamelessly quote the main Bacula Documentation as I see no sense in duplicating the good work that has already been done by the Bacula team. However, I will also go into detail where necessary to point out parts that I feel need extra explanation, relative to the configurations I have made.

  • Bacula Configuration - Part II - Storage - FreeBSD

    Bacula Tapes Bacula is an open-source, enterprise-level computer backup system for heterogeneous networks. Bacula is by far the most popular Open Source backup program. It is designed to automate backup tasks that had often required intervention from a systems administrator or computer operator. Bacula supports Linux, UNIX, Windows, and macOS backup clients, and a range of professional backup devices including tape libraries.

    Today I will look at configuring the Storage & Pools Resources. These are part of the bacula-dir.conf file. I will also look at the bacula-sd.conf file, which is responsible for defining the Storage Daemon.

    Throughout the posts I will shamelessly quote the main Bacula Documentation as I see no sense in duplicating the good work that has already been done by the Bacula team. However, I will also go into detail where necessary to point out parts that I feel need extra explanation, relative to the configurations I have made.

  • Bacula Configuration - Part I - Director - FreeBSD

    Bacula Tapes Bacula is an open-source, enterprise-level computer backup system for heterogeneous networks. Bacula is by far the most popular Open Source backup program. It is designed to automate backup tasks that had often required intervention from a systems administrator or computer operator. Bacula supports Linux, UNIX, Windows, and macOS backup clients, and a range of professional backup devices including tape libraries.

    Bacula is a vast program, entailing the initial configuration of the server and its daemons, preparing media and day to day operation. In the next 4 posts I will cover the initial configuration to provide a system that will retain backups for a full 12 months. The fifth and final post I will cover preparing media. Day to day operation, I feel, is not one of those things that can be learnt in books, and need hands on experience. However, with the system configured, you will be in a perfect position to gain this experience.

    Throughout the posts I will shamelessly quote the main Bacula Documentation as I see no sense in duplicating the good work that has already been done by the Bacula team. However, I will also go into detail where necessary to point out parts that I feel need extra explanation, relative to the configurations I have made.

  • Bacula Installation with PostgreSQL- FreeBSD

    NOTE: This post is now outdated and the latest post covering Bacula & PostgreSQL can be found here.

    Bacula Tapes Bacula is an open-source, enterprise-level computer backup system for heterogeneous networks. Bacula is by far the most popular Open Source backup program. It is designed to automate backup tasks that had often required intervention from a systems administrator or computer operator. Bacula supports Linux, UNIX, Windows, and macOS backup clients, and a range of professional backup devices including tape libraries.

    In this post, I will install and configure Bacula with PostgreSQL. PostgreSQL is the default database for Bacula on FreeBSD. Using MySQL requires installing Bacula from ports and setting make options, which I will not be covering in this post.

  • Setting up Cyrus IMAPD Server - FreeBSD

    Cyrus Logo The Cyrus IMAP server is an electronic mail server software developed by Carnegie Mellon University. As opposed to POP3, IMAP allows you to access your email messages on which ever device you choose. Basically, email messages are stored on the IMAP server. Whenever you check your inbox, your email client contacts the server to connect you with your messages. When you read an email message using IMAP, you aren’t actually downloading or storing it on your computer; instead, you are reading it off of the server.

    In this post I will cover installing and configuring the Cyrus IMAP server, managing email accounts and integrating the Cyrus IMAP Server with Sendmail.

  • Backup Sendmail MX Server - FreeBSD

    Sendmail Book A Backup Sendmail MX ensures that you won’t lose any emails that are received if your primary mail server experiences downtime. If your mail server becomes unavailable, the Backup Sendmail MX server will accept and hold your emails. Once your primary mail server becomes available again, all that is needed, is to push the mail queue from the backup to the primary.

    I will cover setting the DNS records in relation with the Sendmail Backup MX Sever. Also configuration of Sendmail as a Backup MX and finally resending any mail that has been held on the backup MX to the primary Sendmail server.

  • Sendmail With SMTP AUTH - FreeBSD

    Sendmail Book Sendmail is the default Mail Transfer Agent (MTA) installed with FreeBSD. It accepts mail from mail clients, such as Thunderbird and delivers it to the appropriate mail host, as defined by its configuration. Sendmail can also accept network connections and deliver mail to local mailboxes or to another program.

    I will cover the importance of the DNS records in relation with Sendmail. Also recompiling Sendmail under FreeBSD to accept SMTP-AUTH connections. This will involve installing the cyrus-sasl security layer and touching on a few of Sendmail’s configuration files. Finally we will verify that SMTP-AUTH has been implemented.

  • Juniper vQFX on KVM - Fedora

    Junioer Logo Juniper vQFX10000 Virtual Device makes it easy to explore a high-performance data center switch. Although the virtual version has limited performance, it emulates the same features of the physical switch for the control plane, or both its control and data planes.

    I will cover converting the Juniper supplied .vmdk disks to the raw format so these can be run under KVM. We will also look at setting up network bridges under Fedora. Finally I have included virt-install scripts to install the Routing & Packet Forwarding Engines.

  • Juniper vMX on Fedora

    Juniper Fedora Logo The Juniper vMX Virtual Device is a full-featured, carrier-grade virtual device. The vMX Virtual Device runs the Junos operating system and compiles the programmable Trio chipset microcode for x86 chipsets, which maintains complete feature and operational consistency with physical MX Series 3D Universal Edge Routers.

    I will cover installing required software and altering the Juniper install script so that it runs on Fedora. After making these alterations, the Juniper vMX can be easily installed on Fedora, as a guest on KVM.

  • Using Ansible and the Juniper Junos module with KVM

    Ansible Book Cover I started reading Automating Junos Administration, the Ansible chapter in specific, to get a start on automation. I will note a couple of things that were peculiar as I worked my way through. These are tips and failures that should affect anyone working through this chapter.

    Junos supports several automation tools that provide powerful solutions to common network automation tasks. Whilst setting up the previous posts it was a cinch to write some playbooks and setup the initial configurations for multiple devices. It is worth spending the time to learn a little Ansible if you are provisioning many routers that share many of the same aspects of configuration.

  • Juniper - Day One: This Week - Deploying MPLS Layer 3 VPN

    Juniper Logo This post is part 2, a continuation of the previous Juniper MPLS Jump Start. This post will assist you to add Layer 3 VPN / MP-BGP to MPLS networks. All available configuration files are available at github.com/networkfoo

    You will learn about Layer 3 VPN / MP-BGP. You will also learn about Route Distinguishers and Route Targets in Virtual Routing & Forwarding Tables (VRF’s). In conclusion, we will look at verification of Layer 3 VPN’s.

  • Juniper - Day One: This Week - Deploying MPLS Introduction

    Juniper Logo Consider this a concise jumpstart into the world of Juniper and MPLS. This post will assist you to achieve a fully configured MPLS network with Juniper virtual network devices. All available configuration files are available at github.com/networkfoo.

    You will learn about implementing general RSVP Label Switched Paths and also setting and deleting routes for MPLS. Included in this post are links to Juniper’s excellent series of Day One books. I hope you enjoy this post and if I can be of any help please leave a comment or email me.

Subscribe