Here is a little script I wrote that logs into a Juniper EX switch and grabs the port status of all interfaces in a down state, then checks to see their "LastFlap" state... which translates into how long the port has been in a down state.
This script depends on a wrapper for SSH (ssh.py) which I grabbed here: http://commandline.org.uk/python/sftp-python-really-simple-ssh/
#!/usr/bin/env python
##
## Mitch - May 17th 2010
## This script logs into a Juniper EX Switch, lists out ports, greps for downed
## ports, and then checks each to see how long they've been in a down state.
##
## This script logs into the switch with the provided username/password
##
import re,sys,getpass,getopt
mesg = """ This script depends on python-paramiko please install it...."""
try:
import ssh
except:
print mesg
sys.exit(1)
def getLastFlapped(port,sshconn):
'''Return the Date and Time of the Last time the port flapped'''
lastflapped = sshconn.execute('show interfaces %s | grep Last' % port)[0]
lastflapped = lastflapped.split(':',1)[1]
return lastflapped.strip()
def main(outfile=None):
# get switch information
switch = raw_input("Switch to connect to: ")
username = raw_input("Username [%s]: " % getpass.getuser())
if username == None:
username = getpass.getuser()
password = getpass.getpass("Password: ")
# connect to switch
try:
s = ssh.Connection(host = switch, username = username, password = password)
except:
print "There was an error connecting to %s." % switch
sys.exit(2)
portList = []
# grab our list and get out
output = s.execute('show interfaces terse | grep down | except \.0 | grep ge-')
for port in output:
port = port.strip()
if port == '': continue
p = port.split()[0]
portList.append({'port': p, 'lastflapped': getLastFlapped(p, s)})
s.close()
# process and write the output to a variable
display = "Ports currently down on switch %s: \n" % switch
for p in portList:
display = display + " %s\t: %s\n" % (p['port'],p['lastflapped'])
# Check to see if we are to write the output to a file
# or the screen
if outfile:
try:
f = open(outfile, 'w')
except:
print "Error... couldn't write to %s" % outfile
sys.exit(3)
f.write(display)
f.close()
else:
print display
if __name__ == '__main__':
try:
opts, args = getopt.getopt(sys.argv[1:], "f:", ["file="])
except getopt.GetoptError, err:
print str(err)
sys.exit(1)
for o, a in opts:
if o in ("-f", "--file"):
outfile = a
try:
main(outfile)
except:
main()
At work, I had a situation arrive where I have two buildings connected together with Metro Optical Ethernet. There are two lines, one 100Mbit Ethernet line through Utopia and another 200Mbit Ethernet line through Qwest.
I initially had a simple /30 subnet static route accross each line, with preferences as to which line to use. However... since these lines have optical to ethernet devices on each end... the only way my simple static route would fail over was if those devices lost power and shut down the link between them and my switches. So something a little more redundant that would check the actual connectivity of the lines was needed.
Enter OSPF, I had decided on using OSPF to enable dynamic routing for these networks. I will past show the relavent bits of my code here for future reference.
From my hub switch (main switch... with default route connected)
policy-options {
policy-statement export_default_route_into_ospf {
from term1
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
term term2 {
then reject;
}
}
}
protocols {
ospf {
export export_default_route_into_ospf;
area 0.0.0.0 {
interface ge-0/0/1.0 {
metric 10;
}
interface ge-1/0/1.0 {
metric 20;
}
}
}
From the spoke switch:
protocols {
ospf {
area 0.0.0.0 {
interface ge-0/0/1.0 {
metric 10;
}
interface ge-1/0/1.0 {
metric 20;
}
interface vlan.101 {
passive;
}
interface vlan.102 {
passive;
}
}
}
}
For simplicity's sake, interface ge-0/0/1.0 is connected to the same interface on the other switch stack... But that should be the whole config... each vlan on the spoke side, needs to be added to the same ospf area to be advertised to the other side.
After adding this... i was able to remove my static routes and everything has worked fine since. I've even had problems with the line since then... it failed over with out much trouble. I didn't even get a call about it.
August 23, 2009 Posted by mitch |
juniper, work |
So, I ran into an issue that didn't seem to be really documented anywhere that I could find anyway.. and it has to deal with a LAG (Link Aggregation Group) between a J6350 (any J-Series would be similar) and a stack of EX4200T switches in the DMZ for a company I'm doing some consulting for. The J6350 has an additional uPIM of 8x1gige ports on it, and I had taken two of them and connected them to two interfaces on the EX switch. I had created three zones on the J6350, one for the Internet drop or Untrust, a second for the Core network or Trust zone, and the third being the DMZ zone. I setup policies permiting the Trust and DMZ zones to access the Untrust zone, and the trust zone is allowed to access the DMZ zone. The DMZ zone is routed on the J6350 for ease of managing access between the different VLANS. This is where the point of confusion came. Zones need the connecting interface added to their zone, and I had been thinking that adding the LAG interface (ae0.0) to the zone would work... It wasn't. Once I added the virtual vlan interfaces (vlan.100, vlan.101, vlan.103 and vlan.190) everything worked as it should.
