Wow! A Junos post! Amazing.
We all know that the configuration on a Junos box is very hierarchical. Sometimes it doesn’t make a lot of sense, but it’s all a pretty cascade of code. One of the big messes that I’ve found is the VPN configuration hierarchy; there are way more items to configure than on an IOS device. To reinforce the stpes in my head, I thought I’d get some of the pieces into a post. These aren’t all the options, but it’s all you need to get a static IPSec tunnel up and running.
Man, time is hard to come by of late. I’ve had so little time to rest that’s it’s hard to get my thoughts together. It’s a good thing in this case, though, since it’s my fantastic job that’s taking all my time. It’s great to see new network and learn their internals…especially when they were designed by some long-time CCIEs who actually knew what they were doing.
One of the big things that I’m dealing with lately is VRFs. I’ve implemented some VRF-lite stuff, but I’ve never had any practical experience with the full force of them. I’m definitely learning here. Since the blog here is really about my sharing what I’ve learned, let’s go through something that came up recently - terminating VPNs on one VRF while passing traffic to another.
Here are some packet overhead numbers for a few popular protocols to help with doing bandwidth requirement calculations. This may be another add-as-we-go post, so please comment with additions or corrections.
Ethernet : 20 bytes
Frame Relay : 4 - 6 bytes
PPP : 6 bytes
MLPPP: 10 bytes
MPLS : 4 bytes
IP : 20 bytes
TCP : 20+ bytes
UDP : 8 bytes
GRE: 4 - 20+ bytes