Archiv der Kategorie: Random

Random stuff which i discovered or found in inet.0.

Recover BGP Password in JunOS

Howto recvover a password from JunOS:

# Get a root shell:
juniper@junos> start shell
% su - root

# View the contents of /var/etc/keyadmin.conf
juniper@juniper% less /var/etc/keyadmin.conf
tcp 179 md5 instance default 0x6162636431323334
tcp 179 :: 2001:DB8:1::1 md5 instance default 0x313233717765727479

# Run the following command on a system with Perl :
juniper@juniper:~>perl -e 'print "Hex: ";$_=<>;print "MD5: ";s/(\w\w)/\1:/g;for (split(/:/)) {printf "%s", chr(hex($_))};print "\n"'

Hex: 0x6162636431323334
MD5: abcd1234

juniper@juniper:~>perl -e 'print "Hex: ";$_=<>;print "MD5: ";s/(\w\w)/\1:/g;for (split(/:/)) {printf "%s", chr(hex($_))};print "\n"'

Hex: 0x313233717765727479
MD5: 123qwerty

Differences between VRRPv2 and VRRPv3

During IPv6 testing I discovered several differences between VRRPv2 (RFC 3768 – and VRRPv3 (RFC 5798 – which you should be familiar if you wanna use VRRPv3 for IPv4 and IPv6:

  • VRRPv3is a unified protocol for IPv4 and IPv6
  • Its a real version cut
    • every router in your LAN must speak the same version
    • only hard migration is possible
    • With JunOS 12.2 you can switch via „set protocols vrrp version 3“
  • Authentication dropped in VRRPv3, should be done by sub-protocols
    • the only security you get is by TTL 255 check
  • Virtual MAC Address for IPv4 00-00-5e-00-01-{VID}
  • Virtual MAC Address for IPv6 00-00-5e-00-02-{VID}
  • Sub-Second Advertisments
    •  intervals specified in centiseconds
    • 100 centisecond = 1 second
  • IPv6 need 2 addresses: virtual-link-local addresses + global address
    • since JunOS 12.2 auto-generated link-local/virtual-link-local possible
  • You must have Router-Advertisements enabled
    • thats the new cool way for default-gateway propagation to hosts
IPv4/VRRPv2 vs. IPv6/VRRPv3
IPv4/VRRPv2 vs. IPv6/VRRPv3

You need JunOS 12.2 for the full VRRPv3 implementation of RFC 5798. Prior JunOS versions only implement draft (, which differs in checksum calculation and serveral minor features.