Restart VRRP on JUNOS to fix master/master issues

I spent about 30 min this evening chasing a non-existing VRRP issue between 2 JUNOS SRX devices after a hardware drop-in replacement. One was configured as master, one as backup. Both were in the master status (normally indicating a lack of L2 connectivity), but each could ping the other on their interface address. The solution, ultimately, was to run restart vrrp gracefully on each router, which restored the expected master / backup behavior.

Copying SSH host private keys between JUNOS devices to when replacing hardware

A certain customer of mine is (rightly or wrongly) pedantic about security warnings. Recently, we did a hardware replacement of a JUNOS device (an SRX240 firewall). While the config was a drop-in replacement, users who tried to SSH to the host post-migration would normally see an SSH “host key has changed” warning. In this environment, we wanted to eliminate this friction (and stop training our users to ignore security warnings), so we copied the following from the old device:


