ScreenOS Cookbook
Stefan Brunner
Vik Davar
David Delcourt
Ken Draper
Joe Kelly
Sunil Wadhwa
Beijing Cambridge Farnham Kln Sebastopol Tokyo
Special Upgrade Offer
If you purchased this ebook directly from oreilly.com, you have the following benefits:
DRM-free ebooksuse your ebooks across devices without restrictions or limitations
Multiple formatsuse on your laptop, tablet, or phone
Lifetime access, with free updates
Dropbox syncingyour files, anywhere
If you purchased this ebook from another retailer, you can upgrade your ebook to take advantage of all these benefits for just $4.99. to access your ebook upgrade.
Please note that upgrade offers are not available from sample content.
Credits
Stefan Brunner has been a technology consultant for more than 15 years, helping enterprise organizations leverage technology for their business models and deploy technology solutions. Stefan is the lead architect in Juniper Networks Service Layer Technology Professional Services group. Prior to Juniper, Stefan worked with NetScreen Technologies as a network security consultant. Stefan holds an MBA in innovations research and technology management from Ludwig-Maximilians-University of Munich, and a certificate degree in telecommunications engineering from the University of California at Berkeley. He lives with his wife and two daughters in the Hill Country of Austin, Texas. Stefan wrote Chapters .
Vik Davar has been working in the IT field for more than 15 years, holding positions in financial services firms and technology companies, including Juniper Networks and Goldman Sachs. Vik is the president of 9 Networks, an IT services company. He has a masters degree in electrical engineering from Columbia University and a bachelors degree in electrical engineering from The Cooper Union in New York City. He is also a CISSP and CCIE #8377. He lives in New Jersey with his wife and two children. Vik wrote Chapters .
David Delcourt has worked in the data communications industry for the past 13 years for enterprise equipment vendors, including Cabletron Systems and NetScreen Technologies. He has held a variety of positions, including advanced TAC engineer, technical trainer, product manager at Cabletron Systems, and senior security consultant at NetScreen Technologies. He is currently the security practice manager in Professional Services for Juniper Networks, supporting the Americas. He lives in New Hampshire with his wife and daughter, and their two dogs and two cats. David wrote Chapters .
Ken Draper has spent the past 20 years in the networking industry, and has focused on security solutions for the past 11 years. He is CISSP certification #22627 and holds numerous other certifications. Ken has worked at such networking equipment manufacturers as Infotron, Gandalf, Synoptics, Bay Networks, Nortel, NetScreen, and now, Juniper Networks. He has more than six years of experience with ScreenOS and large-scale security solutions. He has held a variety of technical engineering positions, including systems engineer and solutions architect, and he is currently a Juniper Networks consulting engineer specializing in large-scale virtual private networks (VPNs), firewalls, intrusion prevention, and centralized management markets. Ken lives outside Dallas with his wife and two dogs. Ken wrote Chapters .
Joe Kelly has been involved in data networking for more than 12 years, focusing on the realms of network security and routing. He started his career in the service provider space at IDT Corporation, where he held roles in network operations and engineering. After IDT, he spent time with various network service providers in engineering and architectural capacities. In 2001, Joe joined NetScreen Technologies as a senior systems engineer in the Financial and Service Provider verticals, where he specialized in high-availability, high-performance networks. Joe joined Juniper Networks in 2004 with the acquisition of NetScreen, and he is currently the technical lead on the Global Banking and Finance team. He lives in New Jersey with his beautiful wife, Jacqueline, and their three children, Hannah, Ben, and Tristan. Joe wrote Chapters .
Sunil Wadhwa has been in the data networking industry for more than 13 years, focusing on systems, network routing, and security in enterprise and service provider organizations. He started his career in India at GTL Limited and SAP India, and then held a variety of roles in technical support, network operations, and engineering. He moved to the United States and worked with E4E as a network consultant for routing and security, and then joined Juniper Networks as an advanced technical support engineer for firewall/VPN products. He currently leads the Advance Technical Support team for Juniper Networks, supporting enhanced services products. He lives in California with his beautiful wife, Lavanya, and little angel daughter, Sneha. Sunil wrote Chapters .
Glossary
802.11a
Wireless local area network (WLAN) standard that provides up to 54 Mbps in the 5 GHz radio band.
802.11b
Wireless local area network (WLAN) standard that provides up to 11 Mbps in the 2.4 GHz radio band.
802.11g
Wireless local area network (WLAN) standard that provides 20+ Mbps in the 2.4 GHz radio band.
802.11 SuperG
Wireless local area network (WLAN) standard that provides up to 108 Mbps in the 2.4 GHz radio band.
ABR
See Area Border Router (ABR).
Access-Challenge
Additional condition required for a successful Telnet login by an authentication user via a Remote Access Dial-In User Service (RADIUS) server.
Access Control List (ACL)
Identifies clients by their Media Access Control (MAC) addresses, and specifies whether the wireless device allows or denies access for each address.
Access List
A list of network prefixes that are compared to a given route. If the route matches a network prefix defined in the access list, the route is either permitted or denied.
Access Point (AP)
See Wireless Access Point (AP).
Access Point Name (APN)
Information element (IE) included in the header of a GTP packet that provides information regarding how to reach a network. It is composed of a network ID and an operator ID.
ACL
See Access Control List (ACL).
Address Shifting
Mechanism for creating a one-to-one mapping between any original address in one range of addresses and a specific translated address in another range.
Adjacencies
When two routers can exchange routing information, they are considered to have constructed an adjacency. Point-to-point networks, which have only two routers, automatically form an adjacency. Point-to-multipoint networks are a series of several point-to-point networks. When routers pair in this more complex networking scheme, they are considered to be adjacent to one another.
ADSL
See Asymmetric Digital Subscriber Line (ADSL).
Aggregate State
A router is in an aggregate state when it is one of multiple virtual Border Gateway Protocol (BGP) routing instances bundled into one address. See also Border Gateway Protocol (BGP).
Aggregation