Clouds, Networking and Technology

I have written a tech wiki article on how to install Juniper's OpenStack FWaaS Plugin @ http://forums.juniper.net/t5/Data-Center/How-to-set-up-OpenStack-firewall-as-a-service-plugin-for-SRX-and/ta-p/282050 This article covers the configuration that needs to be done on the OpenStack side as well as the configuration that needs to be done for the plugin. A reference topology is used and the whole configuration is done as a walk through using the reference model.

Juniper has come out with their latest version of VSRX 2.0 (formerly called as Firefly or VSRX 1.0). This release supports a broader set of features and is more performant than the earlier version. More details about the product can be obtained here I had recently tried out instantiating VSRX 2.0 on Virtualbox. The process required a few minor tweaks and this blog will cover them. Prerequisites Download VSRX KVM Applicance from Juniper Website (You need to take care of the legal formalities) Virtualbox 4.3 and above Download qemu-img converter for Windows  The image provided by Juniper is in QCOW2 format. In order to use it in Virtual box you need to convert it to VDI format. To do this you can use the tool qemu-img converter as follows: #qemu-img.exe convert media-srx-ffp-vsrx-vmdisk-15.1X49-D15.4.qcow2 -O vdi vsrx2.0-1.vdi The conversion will take a few seconds and you should have the VDI created in the directory. At this piont, you can proceed to create a VM by f...

I have written a blog on Juniper's solution for FWaaS plugin which integrates SRX/vSRX with OpenStack Firewall flow. It has got published on Juniper's website. You can read it here

When inter VLAN routing needs to be configured on Juniper devices the first thing that comes to mind is to use RVI (SVI in cisco land) and be done with it. But, there are certain situations where this approach may not work and this article explores the alternative ways of configuring inter VLAN routing on Juniper devices. Lets say we have a router on a stick topology where an MX/SRX is acting as the router. Depending upon whether its MX or SRX the approach to configure inter VLAN routing varies. The below picture acts as our reference topology for this article: In this topology, we have a switch which has two VLANs 100 & 200 and the tagged packets are sent across to MX/SRX on a trunk port ge-0/0/1. VLAN 100 is assigned to a subnet 10.1.0.0/24 having a gateway ip set to 10.1.0.1. Similarly, VLAN 200 is assigned to a subnet 10.2.0.0/24 having a gateway ip set to 10.2.0.1 Note : In this article I will use an RI instead of the global routing table. Scenario 1 (RVI) ...

Juniper has released a virtual form factor SRX called Firefly Perimeter (vSRX). It provides security and networking features of the SRX Series Gateways in a virtual machine format. It can be spawned as a VM on a KVM+QEMU/VMWare hypervisor running on a X86 server. This post will give details on how to set it up as a standalone SRX box which can be used in any of your network deployments just like a normal SRX. Pre-requisites Have an X86 server with atleast 4 GB ram, 4 GB harddisk space and two ethernet ports. Install Ubuntu 14.04 on it (Centos should also work provided KVM related changes are taken care of) Assumption: You have logged into the system as root user. Get the Software Firefly Perimeter can be download as a part of Juniper's software evaluation program and can be tried out for 60 days. You will need a Juniper account to download it here . For the purpose of this post I will be using the appliance at "Firefly KVM Appliance - FOR EVALUATION ". Configure...