The year is finally coming to an end, so it’s time yet again to look at goals and embarrass myself by publicly admitting that I didn’t meet them.  Oh, well.  Let’s get this done so I can go back to sleep.

I changed the layout of the blog, so the page with my goals isn’t really visible.  Here’s what I claimed I would do this past year.

• Select a CCIE training vendor - Yeah…this didn’t happen.  This is a very high-priced item, and I simply couldn’t afford the packages I wanted.  We’re talking $8k - $10k for everything.  Yikes!  I asked management at work to pay for it.  They said they would but that I would have to agree not to leave the company for some long length of time.  I didn’t want to put myself in a situation where finding a new job meant writing a check for $10k, so I decided to pass on it.  Without the financial backing, this ended with me just sighing pitifully on my couch.
• Take the CCIE R&S lab - Of course this didn’t happen without the first one.  I guess I could have bought the materials that I could and just got on a bus to Raleigh to see what happens.  This whole thing was complicated by the fact that the new job is 95% Juniper.  My waking hours at work and my study time at home were spent trying to figure out how Junos works; I tried my best, but it was just too difficult for me to study both at the same time.  For the trifecta of excuses, I also had an issue with my study area. I went from a 4-bedroom house to a 1-bedroom apartment when we moved for the new job.  There’s no quiet space at all to study at all - a huge problem I need to fix.
• Pass JNCIA-Junos exam - Wo!  I actually did this one.  I took this exam a few months back and passed it without any problems.  Good for me!  One out of three!

As for my goals, it really wasn’t a very good year.  Even for me, it was bad.  I’ll tell you, though, it’s very hard to study when you don’t have one subject or a place to do so.  Definitely things I need to work on in 2013.

Here’s one that I use every day at work. We have multiple customers coming into the same router, and, as luck would have it, they all use 192.168.1.0/24 (OK…not really but it might happen). That means we have to separate them into their own routing instance, or virtual router, so pass traffic to their firewall.  Think VRF lite on a Cisco router.  Let’s conflagrate.

First, we configure the instance as a virtual-router.

We’ve been looking for a new Network Engineer for quite a while but are having no luck at all.  There is plenty of talent out there, but finding a high-end Juniper guy is almost impossible around here.  We’ve loosened up our requirement for Juniper experience just to get someone in for interviews.  This led us to one prospect and an interesting story.

This guy’s resume was very impressive.  For the last 5 years, he’s been the Network Architect at a very large company.  His experiences were off the chart.  Large-scale Enterprise deployments.  Monster PCI environments.  Years of Juniper experience.  Years of Cisco experience.  I had to talk to this guy, so I got a phone interview with him.

I’m stuck deep in Junos these days.  I mean deep.  I have an F5 load balancer and an ASA 5520; the rest of my stuff is Juniper.  That means I have some learning to do.

Here’s one of the basics in Junos - configuring BGP.  I guess I’ve always said that BGP is BGP.  How much different can it  be from IOS?  Well, the end result is the same, but it’s different enough to have to look up how to do it.  :)  The first difference is the fact that all BGP configuration is done with groups just like peer groups in IOS.  You can act like you’re configuring neighbors, but there’s no way around using groups.  After going back and forth, I just settled with an group for eBGP neighbors and another for iBGP neighbors.  If settings are different, I just set them in the neighbor.  Here’s an example of that.

It has been quite a spring so far.  I’ve spent the last two months at our data center racking, railing, mounting, cabling, extending, labeling, and documenting a whole pile of switches, routers, and firewalls for our new environment.  I won’t and can’t go into the details, but it’s a huge project for the company that I’m proud to be trusted with.  Anyway, now that the physical build is finished (for definitions), I’m finally getting really deep into the configuration.  Since we’re a Juniper shop, I’m finding all sorts of stuff that’s fun to explore.

My Juniper account exec let some news slip yesterday.  We were on the phone talking about how great the SRX platform was and that I wanted to put one in my house instead of my ASA 5505.  Of course, I don’t want to spend too much on a new gateway device, so I asked if there was anything below the $100 mark.  He said there wasn’t anything on the books but there was something in the works.  I think he had a little too much to drink at dinner.  :)

Here’s another story from the late night.  I’ve changed the details to protect the innocent, but you’ll get the idea.

I think most of you know that I started a new job late last year, and I’ve spent my waking hours getting caught up on how the new company works, how everything fits together, and all that jazz.  One of the big reasons that I (and a number of others) were brought in was to fix the biggest problem; the company doesn’t have a real central control over customer-facing technologies.  There’s a group that does central IT for the company (Exchange, SharePoint, Oracle apps, etc.), but there are dozens and dozens of applications out there.  That means there are dozens of “network teams” around the world doing their own thing.

Maybe not epic, but a win nonetheless.

My boss is over all the network guys in the company, and that includes guys that support different divisions and departments.  He told me he was tired of waking up at 2am every morning to fix a problem the other groups can’t handle, so he’s working to get the junior guys motivated to learn for themselves.  One technique he’s implemented is to force them to get their CCNAs and JNCIAs by June.  Since he made it part of the job description, that means that everyone above the Analysts has to meet those requirements, too.  I made the deadline with plenty of time to spare.

Oh, my.  Another Junos post.  Somebody stop me before I get my JNCIA!

This isn’t hard stuff at all.  I’m sure there are a couple of cool tricks I don’t know yet, but let’s try anyway.  I"m working on an SRX240 here running 11.1 and some change.

Let’s put interfaces ge-0/0/0.0 and lo0.0 in OSPF area 0. If you know the Junos configuration hierarchy, this will be very easy to you. Even if you don’t, you can stare at the config for a little bit and see what we’re doing.