JNCIA Juniper Networks Certified Internet helot/ipad/JNCIA/Ch04_from_JNCIA_ ¢  JNCIA Juniper

  • View

  • Download

Embed Size (px)

Text of JNCIA Juniper Networks Certified Internet helot/ipad/JNCIA/Ch04_from_JNCIA_ ¢  JNCIA...

  • JNCIA Juniper™ Networks Certified Internet Associate

    Study Guide - Chapter 4

    by Joseph M. Soricelli with John L. Hammond, Galina Diker Pildush, Thomas E. Van Meter, and Todd M. Warble

    This book was originally developed by Juniper Networks Inc. in conjunction with Sybex Inc. It is being offered in electronic format because the original book (ISBN: 0-7821-4071-8) is now out of print. Every effort has been made to remove the original publisher's name and references to the original bound book and its accompanying CD. The original paper book may still be available in used book stores or by contacting, John Wiley & Sons, Publishers. www.wiley.com.

    Copyright © 2003-6 by Juniper Networks Inc. All rights reserved.

    This publication may be used in assisting students to prepare for a Juniper JNCIA exam but Juniper Networks Inc. cannot warrant that use of this publication will ensure passing the relevant exam.

  • Chapter


    Routing Policy


    Describe JUNOS software routing policy design considerations—import; export; terms; match criteria; actions; default actions; policy evaluation

    List the main reasons to create and apply policies

    Define the locations within a BGP configuration where a policy may be applied

    Identify the components of a route filter and the various match types

    Evaluate the outcome of a policy

  • In this chapter, we explore how you implement a basic routing policy in a Juniper Networks router. We first examine why you need a routing policy and when it would be appropriate to imple-

    ment it. Then we see how to create policies and, finally, how to apply policies within the JUNOS software.

    A routing policy is an integral part of any effective network. Without it, a network is subject to the rules of its Interior Gateway Protocol (IGP) and Border Gateway Protocol (BGP) config- uration. Using routing policies allows you to modify or ignore the default behavior of the rout- ing protocols. This gives you a significant amount of control over the routing behavior of the network. A complete understanding of how and when to use a routing policy is essential to run- ning an optimal network, so let’s start there.

    What Is a Routing Policy?

    Although it is tempting to jump right into configuring routing policies, we first need to understand why policies are needed and how they are implemented. In this section, we review the purpose of routing tables, the selection process for active routes, and reasons for modifying the selection pro- cess. After that, we consider how routing policies affect the router’s view of the network.

    The Routing Table

    If you think back to

    Routing 101

    , you will recall that a router is a Layer 3 device that utilizes IP addresses to determine the best path to an end destination. The router works with the routing protocols to learn about the network’s destinations. For the most part, the end goal of the rout- ing protocols is the same—to learn about all possible routes and to send those routes to all pos- sible neighbors. How this is actually accomplished varies, but the general goal remains the same.

    A router stores all the routes (and paths) that it learns about in a routing table. The router then references this table to make forwarding decisions. As you saw in Chapter 3, “Protocol- Independent Routing,” a Juniper Networks router uses


    as a selection process to determine the active route for each destination. Once the network installs this route in the for- warding table, it can simply forward all user packets out of the proper interface.

    The active route plays another important role. The routing protocols will send the active routes in the routing table to all their neighbors. Through this learn-and-send process, each router is able to build its own map of the entire network. In a fully operational and converged network, all routers should see a valid path to any destination. This simple process is highly effective. In some cases, it works extremely well. So why change it?

  • What Is a Routing Policy?


    Why Modify the Routing Table?

    Using the default behavior of routing protocols is certainly enough to maintain connectivity in a simple network, but what happens when the network grows in complexity? A single protocol often cannot maintain enough information to ensure that all routers are utilizing the best paths available. The key word in the previous sentence is


    . In short, different protocols define the best path differently. Making sure that the best path is taken, even in a small network, can be a very tricky proposition.

    The JUNOS software routing policy framework is your tool to guarantee that the best path in your network is the one you want to use. It can override and alter the selections made by the routing protocols and inject new information into the network. Let’s see how this might work.

    Modifying the Default Protocol Route Selection

    Distance-vector routing protocols rely on hop counts to determine the optimal path. This means that the protocol has no knowledge of the physical network topology. Figure 4.1 shows a simple distance-vector network. In the diagram, the router Shiraz sees Merlot via two distinct paths. The path via Cabernet costs two hops, while the path via Riesling costs three hops. Since the protocol selects the route with the fewest hops, Shiraz will install a route to Merlot via Cabernet. Of course, 99.9 percent of you would rather use the path via Riesling because of its larger bandwidth con- nections. Clearly, the distance-vector protocol did not choose our best path through the network.

    F I G U R E 4 . 1

    A simple distance-vector network

    While this is a simple and contrived example, it does prove an important point. The routing protocols in your network will do only what they are configured to do, not what you want them to do! You would like the ability to change, or even ignore, any information in your routing table. This is a perfect situation for using a routing policy.

    OC-48 OC-48


    T1 T1


    Shiraz Merlot


  • 152

    Chapter 4 �

    Routing Policy

    Redistributing Routes

    You can also use routing policies to redistribute routes from one protocol into another. Remem- ber, routing protocols advertise only routes that have been learned by that specific protocol. To move routes from one protocol into another, a policy is again required.

    Figure 4.2 shows a simple multiprotocol network. Here, Shiraz is connected to a server farm that uses the Routing Information Protocol (RIP) for its network connectivity. Shiraz is also running Open Shortest Path First (OSPF) to communicate with the backbone network of Cab- ernet, Chardonnay, and Riesling. Without a policy, the RIP network will have no knowledge of the OSPF backbone. Similarly, the OSPF backbone will have no knowledge of the RIP server farm network. In essence, the networks are completely segmented from each other. One solu- tion might be to use some default and static routes, but this is not scalable beyond our small net- work here. The preferred solution is to have all routers in the two networks utilize the routing protocols themselves for connectivity. After all, that’s what they’re there for!

    F I G U R E 4 . 2

    A simple multiprotocol network

    Route redistribution

    is a much more dynamic and scalable solution because it will allow the networks to expand without significant reconfiguration. To reach this goal, we place a routing policy on Shiraz to modify the protocol’s default behavior. The policy allows the RIP process to advertise the OSPF learned routes and vice versa.

    You may have noticed a trend by now. It looks like we can use a routing policy when we want to alter the default behavior of a protocol. In fact, you are right. With a policy, you can modify or ignore routes that are advertised to you as well as routes that you advertise to other neighbors. Don’t forget that we can also use a routing policy to redistribute routes from one protocol into another.

    Shiraz Chardonnay





  • Forming a Policy


    Changing the Map

    When you modify or ignore (suppress) the routes that are sent and received by the local router, you change the network map. It is extremely important that you understand which router’s map you are changing.

    By changing a route’s properties prior to installing it into your routing table, you have mod- ified how the local router perceives the network. If you change a route’s properties prior to send- ing it to your neighbors, you will be modifying the remote router’s perception of the network. So the question becomes, whose behavior do you want to modify? How might you apply a rout- ing policy to accomplish that?

    The application of a routing policy is always performed from the perspective of the routing table. Routes being placed into the routing table are said to be “inbound.” Routes being extracted from the routing table are said to be “outbound.” When your goal is to modify your view of the network, you need to apply a policy to all inbound routes. If your goal is to modify your neigh- bor’s view of the network, you apply a policy to all outbound routes. In the sect