Download ppt - Junos routing overview from Juniper

Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2

Juniper NetworksNetworking Essentials

Module 1: TCP/IP Internetworking

Copyright © 2003, Juniper Networks, Inc.

Module Objectives

After successfully completing this module, you will be able to:

– Identify the components of an internetwork and explain the role of each component

– Explain how packets are routed on a TCP/IP network– Describe the role of an IP address on an internetwork


Internetwork Example

Network 2

192.168.2.0

Network 1

192.168.1.0


Local-Area Networks

A computer network that spans a small area Confined to a single building or corporate campus Can connect to other LANs through telephone lines and

wireless connections LAN characteristics differentiated by:

– Topology– Protocols– Media


Wide-Area Networks

A computer network that spans a large geographical area

WANs interconnect LANs Computers connected to WAN through public

telephone system, leased lines, or wireless connection The Internet consists of many WANs and WAN links


Intermediate Internetworking Devices

Bridges– Connect multiple LAN segments to form a larger LAN

Usually the same media type

– Bridges forward broadcasts by default

Routers– Connect multiple LANs but maintain LAN boundaries– Connect LANs across WAN links

LAN and WAN links may be different media types

– Implement logical network structure (e.g., IP networks)– Routers block broadcasts by default

Switches– High-speed multi-port bridges with many ports– Many implement Virtual LANs (VLANs)


Routing on a TCP/IP Network

Network 2

192.168.2.0

Network 1

192.168.1.0


Role of IP and the IP Address

Application

TCP/UDP

IP Address X

Application

Network-Dependent Network-Dependent

TCP/UDP

Internet (IP)IP Protocol IP Protocol

End-to-End Delivery

IP Address Y


Format of the IP Address

IP address is a 32-bit numeric address Written as four numbers separated by periods:

– ‘Dotted Quad’ notation for human convenience– Examples

10.0.15.1

172.20.10.24

192.168.94.122

The IP address is used to identify a particular network and host on that network

– Must be globally unique (with some exceptions)


Relationship of the IP Address to the Hardware Address

Application

Presentation

Session

Transport

Network

MAC

Physical

OSI Reference Model

7

6

5

4

3

2

1

LLC

802.3CSMA/CD

802.4Token Bus

802.5Token Ring

802.2 Logical Link Control

IP Address


Mapping Address Layers: ARP

Address Resolution Protocol (ARP) maps an IP address to a physical MAC address

– Host broadcasts an ARP request to obtain a physical address

IP: 192.168.2.1

MAC: 0000.2222.1111

IP: 192.168.2.23

MAC: 0000.2222.2323

IP: 192.168.2.2

MAC: 0000.2222.2222

IP: 192.168.2.11

MAC: 0000.2222.0011

IP: 192.168.2.43

MAC: 0000.2222.4343

(1) Requester sends BROADCAST ARP_REQUEST (MAC dest = ffff.ffff.ffff, target

IP = 192.168.2.23)

(2) ALL hosts read ARP_REQUEST, but do not

respond if they’re not the

target

(3) Target host responds to requester via UNICAST (192.168.2.23 maps to MAC 0000.2222.2323, MAC dest =

0000.2222.1111)

(4) Requester stores the mapping in local ARP cache and can now communicate

directly with target


Logical Network Types

Broadcast

– Multiple sources and destinations "on the wire"

– One packet can be read by many receivers

– Typical for LANs– Example: Ethernet

Point-to-Point

– Two ends/"stations"– Typical for WANs– Example: T1

Router A Router B


Review Questions

1. How does a router differ from a bridge?

2. What is ARP?

3. What are two types of Logical Networks?



Module 2: IP Addressing

.


Module Objectives


– Create IP addresses in binary notation and decimal format, and identify the corresponding address classes

– Define subnetting and subnet masks, and create effective subnets for a given network

– Define classless interdomain routing (CIDR), and aggregate a given range of network addresses to the highest degree possible


Importance of IP Addressing

Unique addresses make information delivery systems work

– Telephone numbers– Postal addresses

IP addressing scheme integral to process of routing IP data through an internetwork

Two major Internet scaling issues:– IPv4 address space depletion– Routing traffic given increasing number of networks that

make up the Internet


Classful IP Addressing

Original Classful IP addressing defines a 32-bit IP address

Two-part Internet address structure

Network Part Host Part

32-Bit IP Address


Binary Overview

7 6 5 4 3 2 1 0 Bit position

27 26 25 24 23 22 21 20 2^(bit position)

128

64

32

16

8 4 2 1 Decimal value

1 0 0 1 1 0 1 0 128+16+8+2=154

0 0 0 1 0 1 1 1 16+4+2+1=23

1 1 1 0 1 0 0 0 128+64+32+8=232

0 1 0 0 0 0 0 1 64+1=65

1 1 1 1 1 1 1 1 128+64+32+16+8+4+2+1=255

1 0 1 0 1 1 0 0 128+32+8+4=172


Primary Address Classes

Host

8

Host

16

Host

24

Host

HostHostNetwork

Network

NetworkNetwork

0

Network01 1

Network01

128 64 32 16 8 4 2 1

24

16

8

Class A

Class B

Class C

No. of bits


Dotted Decimal Notation

10101100 00010000 00100011 00001000

31 0Bit#

172 16 35 8

172.16.35.8

. . .


High-Order Bits

Class addresses specified by the high-order bits:

Class High-Order Bits

Class A 0

Class B 10

Class C 110

IP Address 192.168.21.40 is a Class C address:

11000000.10101000.00010101.00101000


First Octet Rule

Class determined by location of first 0 in binary address:

Class First Octet Range

Class A 00000001 – 01111110 (Binary)

1 – 126* (Decimal)

Class B 10000000 – 10111111

128 – 191

Class C 11000000 – 11011111

192 – 223 *0 and 127 reserved


First Octet Rule Examples

Address Class

172. 18.192.3410101100.00010010.11000000.00100010

B

10.155.128.200001010.10011011.10000000.00000010

A

192.12.3.4211000000.00001100.00000011.00101010

C


Default Masks

Identify the location of the network part (1s) and host part (0s) of an address

Class A 11111111.00000000.00000000.00000000

255 . 0 . 0 . 0

Class B 11111111.11111111.00000000.00000000

255 . 255 . 0 . 0

Class C 11111111.11111111.11111111.00000000

255 . 255 . 255 . 0


Reserved Addresses

Network Address: all host bits are binary 0– 10.0.0.0– 172.23.0.0– 192.168.14.0

Broadcast Address: all host bits are binary 1– 10.255.255.255– 172.23.255.255– 192.168.14.255


IPv4 Address Management Issues

Central authority: IANA Inefficient allocation of limited address space IPv4 32-bit address space Address allocations based on organizations requests

rather than actual need Early depletion of Class B addresses


IP Subnetting

All Classful IP addresses can be divided into smaller networks called subnets

HostHostNetworkNetwork01

Class B Address: Before Subnetting

HostSubnetNetworkNetwork01

Class B Address: After Subnetting


Problems Solved with Subnetting

Provides network administrators with extra flexibility Provides more efficient use of network address

utilization Contains broadcast traffic; broadcast will not cross a

router Subnets under local administrator control External users and organizations see only single

network


Subnet Mask

HostSubnetNetworkNetwork

Example subnet mask for Class B address

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0BinaryRepresentation

Dotted DecimalRepresentation

255 255 255 0...


Subnet Example 1

Assigned Network Number: 172.25.0.0/16 Create 256 subnets

– 172.25.0.0/24– 172.25.1.0/24– 172.25.2.0/24– 172.25.3.0/24– .– .– .– 172.25.255.0/24


Subnet Example 2


– 192.168.1.0/26– 192.168.1.64/26– 192.168.1.128/26– 192.168.1.192/26


Subnet Example 3


– 10.0.0.0/11– 10.32.0.0/11– 10.64.0.0/11– 10.96.0.0/11– 10.128.0.0/11– 10.160.0.0/11– 10.192.0.0/11– 10.224.0.0/11


Growth of the Internet

The Internet is today’s largest public data network Connects millions of users worldwide Ongoing technical advancements in networking

hardware contribute to growth Increasing number of networks over the past decade


Growth of Internet Routing Tables

Caused by Internet expansion Backbone routers must maintain complete Internet

routing information Additional factors include:

– Increased CPU processing speed for routing table topology updates

– Dynamic nature of today’s WWW– Increased volume of diverse information

IP Next Generation (IPv6)– Long-term solution, but deployment is limited

IPv4 modified to allow continued growth


Classless Inter-Domain Routing

CIDR ignores the concept of Network Address Classes Reduces the amount of route advertisements

No CIDR

192.168.65 /24

CIDR

192.168.64 /22

192.168.64.0

.65.0

.66.0

.67.0

192.168.66 /24192.168.67 /24

192.168.64 /24


Implications of CIDR on the Router

CIDR officially documented in 1993 CIDR supports following important features that benefit

global Internet routing system:– Ignores traditional concept of Class A, B, and C network

addresses– Supports route aggregation where single routing table entry

can represent address space of thousands of traditional classful routes


CIDR Address Allocation Example

Allocate variable-length blocks from 192.168.16/20

Block#1

192.168.16.0/21

192.168.30.0/23

192.168.28.0/23

192.168.24.0/22

Block#2

Block#3

Block#4


CIDR Routing in a Classless Environment

ISP 1

Internet

Organization 2172.25.24.0/22

ISP 2

192.168.0.0/16

172.16.0.0/16





JUNOS Support for CIDR

JUNOS supports CIDR Defined in RFC 1519, Classless Inter-Domain Routing

(CIDR): An Address Assignment and Aggregation Strategy


Private IP Addresses (RFC 1918)

Sustained growth in TCP/IP technology Increasing number of enterprises use TCP/IP for intra-

enterprise communications only Concerns:

– Limited global address space– Routing overhead increasing beyond capabilities of ISPs

RFC1918 allows enterprises and ISPs to use specific address space so long as it is not advertised back out to the Internet

– 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 ISPs continue to obtain blocks of public address space

from address registry and assign customers addresses from within block based on customer requirement


Review Questions

1. To select IP addresses for an ISP, where would you begin?

2. How are subnets implemented on an IP network?

3. When would you implement CIDR on an IP network?

4. What is the purpose of Private Addressing and how is it useful?


Lab 1: IP Subnetting

Note: Various Junos CLI commands will be used during this lab that have not yet been discussed. All CLI commands will be fully explained in the sunsequent sections.



Module 3: Router Basics


Module Objectives

After successfully completing this module, you should be able to:

– Describe the function of a router and explain how a router works to route packets on a network

– Explain the concepts of routing metrics and route selection on an Internet network


What Is Routing?

Act of moving information across logical path from a source to a destination

Routers – Determine the best routing paths – Transport information groups, or packets, through an

internetwork

Routers vs. bridges and switches– Bridges and switches operate at Layer 2, the Data Link layer– Routers operate at Layer 3 (the Network layer)


Basic Router Functions

Route determination/topology awareness– Routes are learned and recorded in the route table– Selection criteria are applied to determine the preferred route

or routes to each destination– The preferred routes are recorded in the forwarding table

Packet forwarding– Incoming packets are switched to outgoing interfaces based

on the forwarding table entries


How Routers Operate

Network Access LayerIdentifies bits on the mediumat router interfaces

Internetwork LayerFrames are switched from one interface to another, based on packet information

Host-to-Host Transport Layer

Transmit bits of the frame

Encapsulate frames(such as Ethernet)

Select interface towhich to sendencapsulated frames

Application LayerConsists of applications andprocesses that use the network

4

3

2

1


Packet Processing

1. Receive packet, check L2 info.

2. Read L3 header to determine destination address.

3. Perform longest-match lookup for L3 destination in forwarding table and select the appropriate outbound physical interface.

4. Encapsulate the packet with the appropriate L2 header/trailer and transmit.

5. GO TO STEP 1: Receiving router does it all over again.…

Packet

(1) Inbound:

• Receive bits

• Detect frame

• Removeencapsulation

(2) IP lookup (3) Select outbound interface

(4) Outbound:

• Re-encapsulate

• Transmit bits


IP Packet Format

Router readsdestinationaddress to determinehow to route the packet

VERSION IHL TOTAL LENGTH

IDENTIFICATION FLAGS FRAGMENT OFFSET

TIME-TO-LIVE PROTOCOL HEADER CHECKSUM

SOURCE ADDRESS

DESTINATION ADDRESS

OPTIONS (+ PADDING)

32 BITS

DATA (VARIABLE)

TYPE-OF-SERVICE


IP Addresses Determine Route Destination

What is the longest-match prefix for this packet?

Network Host Host HostClass A

24

Network Network Host HostClass B

16

Network Network Network HostClass C

8

14

21

No. Bits 7

0

1 0

1 1 0

1248163264128


Selecting Routes for Forwarding

Routing updatesStatic routesLocal addresses

RoutingTable

RoutingTable

Policy

ForwardingTable

ForwardingTable

YesBestRoutes


Routing Tables

Packet’s destination address is for:– One of the router’s interfaces or a broadcast address

Packet is for an internal router process

– Any other known address Packet must be routed

– Unknown address Look for default route. If none exists, packet is dropped

Packet In Packet Out


Contents of a Routing Table

Minimum contents of routing table:– Destination prefix– Next-hop IP address

The next router downstream, closer to the destination

inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.0.21.0/24 *[Direct/0] 17:48:31 > via GigE0.0

10.0.21.2/32 *[Local/0] 17:48:31 Local

10.0.29.0/24 *[Direct/0] 17:48:31 > via GigE1.0

10.0.29.1/32 *[Local/0] 17:48:31 Local

192.168.16.0/24 *[RIP/100] 00:03:45 > to 10.0.21.1 via fxp0.0

192.168.17.0/24 *[RIP/100] 00:03:45 > to 10.0.21.1 via fxp0.0

192.168.28.0/24 *[Static/5] 16:48:05 Discard

192.168.29.0/24 *[Static/5] 16:48:05 Discard


Populating a Routing Table

Static and default routes– Specific prefixes not learned via a protocol– Default used when a partial match cannot be made

Dynamic routing protocols– Routers communicate reachability information

inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)


10.0.21.0/24 *[Direct/0] 01:00:31 > via GigE0.0

10.0.21.2/32 *[Local/0] 01:00:31 Local

10.0.29.0/24 *[Direct/0] 01:00:31 > via GigE1.0

10.0.29.1/32 *[Local/0] 01:00:31 Local

192.168.16.0/24 *[RIP/100] 00:03:45 > to 10.0.21.1 via GigE0.0


Route Selection

Route selection is based on:– Longest, or most specific, match– Preferences, for different protocols– Routing metrics, for same protocol

Given multiple routes to a destination, the router must select the best route

Load balancing may be considered


Route Selection: Longest Match

Most specific address is matched:– Host route– Subnet– Summary route, or group of subnets– Major network number– Supernet, or group of major networks– Default address


Route Selection: Preference

Routing protocol processes calculate the active route from all routes in the routing table

Preference routes are placed in the forwarding table The active route is the route with the lowest preference

value– Preference is a value in the range of 0 through 255– Preference is used to rank routes received from different

protocols, interfaces, or remote systems

Identifies the believability of a source in determining best route


Route Selection: Routing Metrics

Routing metrics are generally a measurement of cost or overhead

Metrics are protocol-specific– Used to determine the best route for a single protocol– Don’t compare metrics from different routing protocols—

apples vs. oranges


Forwarding Table

[email protected]> show route forwarding-table

Internet:

Destination Type RtRef Nexthop Type Index NhRef Netif

10.100.71.0/24 user 0 10.100.67.254 ucst 18 74212 GigE0.0

10.100.71.224/27 user 2 10.100.67.254 ucst 18 74212 GigE0.0

10.250.1.36/30 intf 0 ff.3.0.21 ucst 27 1 so-2/0/0.0

10.250.1.37/32 intf 0 10.250.1.37 locl 26 1

10.250.1.103/32 dest 0 10.250.1.103 bcst 37 1 ge-7/2/0.0

---(more)---

[email protected]> show route forwarding-table

Internet:

Destination Type RtRef Nexthop Type Index NhRef Netif

10.100.71.0/24 user 0 10.100.67.254 ucst 18 74212 GigE0.0

10.100.71.224/27 user 2 10.100.67.254 ucst 18 74212 GigE0.0

10.250.1.36/30 intf 0 ff.3.0.21 ucst 27 1 so-2/0/0.0

10.250.1.37/32 intf 0 10.250.1.37 locl 26 1

10.250.1.103/32 dest 0 10.250.1.103 bcst 37 1 ge-7/2/0.0

---(more)---


Metrics

Possible routing metrics include:– Hop count– Composite index/metric

Bandwidth: Amount of data that can be transmitted in a fixed amount of time

Delay: Transit latency of path

Common practice is to link bandwidth as a measure of cost, like a toll for the router

Path metrics are calculated by adding the interface metrics along the path


Review Questions

1. What functions does a router perform?

2. What functions does a routing algorithm perform?

3. What is the relationship between a routing table and a forwarding table?

4. What factors affect how a router makes a route selection?

5. What is a metric and how does a router use metrics to make routing decisions?


Introduction to Juniper Networks Routers

Module 4: M-series and T-series Product Overview


Module Objectives


– Match Juniper Networks, Inc. products with typical applications in a service provider network

– Describe the architecture of Juniper Networks M-series and T-series platforms

– Describe the function of the RE, FPCs, PICs, System, and Control boards

– Operate the Craft Interface– Describe packet flow through M-series and T-series platforms – List three characteristics of JUNOS software


Juniper Networks Role in the Internet

Where we are going…– Networking hardware evolution– Juniper Networks: the company– Juniper Networks M-series and T-series platforms overview

M5/M10 and the M7i/M10i routers

M20 router

M40 router

M40e router

M160 router

T640 Internet routing node

T320 router

M320 Router


Networking Hardware Evolution The first routers were general-purpose computers

– Single CPU, RAM, monolithic operating system – Low-speed serial interfaces

Networking advancements:– More PCs attached to networks – Increased application bandwidth consumption– Increased transmission speeds – Single-CPU router architecture could not keep up!

Juniper Networks broke tradition with: – Specialized operating system

Protected memory, multi-tasking

– Hardware-based packet forwarding Juniper Networks M-series and T-series routers implement key functions on

ASICs

Separation of two equally complex problems—Internet control and high-performance packet forwarding


Juniper Networks: The Company

Business:– Converts bandwidth into scalable, differentiable IP services

using a new class of integrated silicon- and software-based routing systems

Juniper Networks sells solutions, not just routers

Mission:– To be the primary supplier of scalable, reliable,

high-performance IP systems for the new IP infrastructure

Market:– Supplies systems to numerous worldwide markets that

provide high-speed IP services in both the core and edge environments


Juniper Networks Product Positioning

PSTN/PSTN/MobileMobile M-series/T-series

Platforms

Small/Medium Enterprise

SOHO/ROBO Large Enterprise

Education

Service ProviderNetworkConsumer

Edge: B-RAS(E-series Routers)

Business Edge(E-series/M-series

Routers)

ResidentialResidential

Core


Series of high-performance broadband remote access servers (B-RAS)

– The result of Unisphere acquisition in mid-2002

E-series edge router operation and configuration is covered in various E-series router-specific class offerings

– See http://www.juniper.net/training for details

The E-series Family of Edge Routers

ERX-700

ERX-1440

ERX-310


M-series and T-series Product Line (1 of 2) Family of router platforms that deliver:

– Industry-leading core and dedicated-access platforms Solutions that scale in multiple dimensions with market-leading port

density

– Flexible and manageable traffic control– High reliability features

March 2000Dec. 1999

M40Router M20

Router

M160 Router

Sep. 2000

M5/M10Routers

Forwarding Performanceper Rack Inch

Sep. 1998

. . .


M-series and T-series Product Line (2 of 2)

Common software image/feature set across all platforms!

A Continuing Historyof Rapid Innovation

A Continuing Historyof Rapid Innovation

Feb. 2002

M40eRouter

Sept. 2003

T640 InternetRouting Node

T320 Router

August 2002

. . .

Dec. 2001

M7i

M10i



M-series and T-series Hardware Overview

Where we are going…– General M-series and T-series platform architecture– Hardware overview

Routing Engine

Packet Forwarding Engine (M-series and T-series)

– The Craft Interface– Field Replaceable Units (FRUs)– Summary of platform characteristics


All M-series and T-series platforms share the same basic design philosophy

– Clean separation of control and forwarding Routing Engine maintains routing table (RT) and primary

copy of forwarding table (FT) Packet Forwarding Engine receives FT from Routing

Engine

Separation of Control and Forwarding

Packet Forwarding Engine

Routing Engine

fxp1

Packets In Packets Out

FT RT

FT

JUNOSSoftwareCLI


Routing Engine Overview

JUNOS software resides in flash memory– Backup copy available on hard drive

Provides forwarding table to the Packet Forwarding Engine

– Not directly involved with packet forwarding– Runs various routing protocols

Implements CLI Manages Packet Forwarding Engine


Current Routing Engine Characteristics

PCMCIAflash card/LS-120*

External media

6.4+ GBHard disk storage

80 MBSolid state

flash storage

768 MBMemory

Pentium III/333 MHzProcessor/clock

RE-333

Fe

atu

re

* The M40 router continues to use the original LS-120 drive for external storage regardless of RE model.

Supported PlatformsOriginally shipped

on: M5/10/20/40/40e, and M160

RE-400

20 GB

256 MB

(Optional)

256, 512, 768 MB

Celeron/400 MHz

PCMCIAflash card

(Optional)

M7i/M10i Only

RE Model

RE-600

30+ GB

128 MB/256 MB

512, 2 GB

Pentium III/600 MHz

PCMCIAflash card/LS-120*

All M-seriesand T-series except

M7i/M10i


Packet Forwarding Engine Overview

Custom ASICs implement forwarding path– No process switching– Value-added services and features implemented in hardware

Multicast

CoS/queuing

Firewall filtering

Accounting

Divide-and-conquer architecture– Each ASIC provides a piece of the forwarding puzzle


PFE Components: M-series Physical Interface Cards (PICs) Flexible PIC Concentrators (FPCs) The system midplane For M5/M10, M7i/M10i, M20, and M40

– System Control M5/M10 and M7i /M10i routers—Forwarding Engine Board/Compact

Forwarding Engine Board, combined FPC and System Control Board

M20 router—System Switching Board (SSB)

M40 router—System Control Board (SCB)

For M40e and M160– Switching and Forwarding Module (SFM)– Miscellaneous Control Subsystem (MCS)– Packet Forwarding Engine Clock Generator


PFE Components: T-series Physical Interface Cards (PICs) T-series FPCs contain one or two PFE complexes

– PFEs interface to other PFEs through the T-series switch fabric

Nonblocking crossbar switch matrix with high-speed lines to each FPC

Switch fabric redundancy

Switching between PFEs performed by Switch Interface Boards (SIBs)

– Three SIBs comprise a T320 switch fabric—two active, one spare

– Five SIBS comprise the T640 switch fabric—four active, one spare

The system midplane


Physical Interface Cards

PICs currently support from 0 to 48 physical ports

– Some PICs support channelized and advanced CoS options

– IP Service PICs (Tunnel, Multilink, Monitoring, etc.)

Services PIC normally have no physical ports

Custom ASIC for each media type

Status indicators Hot-swappable on all

platforms except M20 and M40 routers

Physical Interface

Card (PIC)

PIC

PIC

PIC

FPC

Sw

itch

Fab

ric

Mem

ory

ASIC


The Flexible PIC Concentrator General FPC features

– Supports from 1 to 4 PICs– Hot-swappable on most platforms– PowerPC supervisory processor

Not used for packet forwarding

– From 64 MB to 1.2 GB of memory Pooled to create shared memory

switch fabric on M-series platforms

High aggregate throughput rates*– M5/M10, M7i/M10i, M20, M40, and

M40e routers: 6.4 Gbps per FPC– M160 router: 25.6 Gbps per FPC2– T640 Internet Routing Node: 80+

Gbps with FPC3– T320 router: 40+ Gbps with FPC3

ASIC

FPC

PIC

PIC

PIC

PIC

Sw

itch

Fab

ric

Mem

ory

* The numbers quoted are two times the unidirectional (Simplex) capacity of each FPC.


M-series System Boards

General System Board functions:– Forwarding table updates and route lookups– Management of ASICs and PFE hardware components– Environmental monitoring– Stratum 3 SONET clock generation– Handling exception/control packets

Names vary by platform– M5 and M10—FEB– M20 and M40—SSB and SCB– M7i and M10i—CFEB

Enhanced System Boards feature the second generation Internet Processor II ASIC


Control Boards: M-series and T-series

General Control Board functions:– Component power up/down– Handling hardware faults– Controlling redundancy– Environmental monitoring– Distribution/generation of SONET clocking

M160/M40e control– Control provided by Miscellaneous Control Subsystem

(MCS); paired with a Routing Engine to form a Host Module Host Module redundancy supported

T640/T320 control– Control provided by Control Board (CB); the CB is paired with

a Routing Engine to form a Host Subsystem Host Subsystem redundancy supported


Internet Processor II ASIC

The Internet Processor II– Provides industry-leading performance for longest-match

packet lookup– Numerous packet processing features:

Filtering, sampling, logging, counting, and improved load balancing

– Second generation Internet Processor II available on enhanced system boards


System Midplane Examples

M10 System midplane:– FEB contains built-in FPCs,

eight PIC slots

M40e, M160, T640, and T320 System midplane

– Connector Interface Panel (CIP), eight FPC slots

M20 System midplane– System Switching Board

slots, Craft Interface slot, four FPC slots

1

0

0 1 2 3 4 5 6 7

Co

nn

ec

tor In

terfa

ce

Pa

ne

l

3

2

1

0

Craft Interface

Primary SSB

Secondary SSB


The Craft Interface

Craft Interface overview– LCD display (M40, M40e, M160, T640, and T320 routers only)– FPC online/offline buttons (M20, M40, M40e, M160, T640,

and T320 platforms)– PIC online/offline buttons (M5/M10 and M7i/M10i routers)– Status LEDs

A Typical Craft Interface Panel (T320)


Craft Interface Status LEDs Status LEDs

– OK Blinking = starting

Solid = running

– FAIL Solid = taken offline because of failure

Online/offline buttons– Press and hold for three seconds to take FPC (or PIC) offline


Alarm Indications

Red alarm– Major failure that affects service/safety

Yellow alarm– Minor failure that needs attention but does not affect

service


LCD Display LCD display is available on M40, M160, T640, and T320 platforms only

– Displays general system status when no alarms are present– Displays alarm information when alarms are present

Identifies the total number and types of alarms that are active

– Currently, the navigation buttons are only used to obtain the status of certain PICs


Dry Relay Contacts Activated with first alarm

– Yellow and red alarms Can be disabled with ACO/LT button on Craft

Interface– New alarms reactivate relay– Alarm contacts supported on M20, M40, M40e,

M160, and T-series platforms Relay contacts located on the Craft Interface or

Connector Interface panel


Typical Router Components (T640)

Front Back


M160Router

M40eRouter

M5Router

M10Router

M40Router

M20Router

M7iRouter

M10iRouter

2 per rack

DC Only

8/32

25.6 Gbps

204 Gbps (160

Mpps)

2 per rack

AC/DC

8/32

6.4 Gbps

51.2 Gbps (40 Mpps)

15 per rack

AC/DC

1/4

6.4 Gbps

6.4 Gbps (40 Mpps)

15 per rack

AC/DC

2/8

6.4 Gbps

12.8 Gbps (40 Mpps)

2 per rack

AC/DC

8/32

6.4 Gbps

51.2 Gbps (40 Mpps)

5 per rack

AC/DC

4/16

6.4 Gbps

25.6 Gbps (40 Mpps)

21 per rack

AC/DC

1/6 (2 built-in PICs)

6.4 Gbps

9.4 Gbps (8 Mpps)

8 per rack

AC/DC

2/8

6.4 Gbps

12.8 Gbps (16 Mpps)

Product Comparison: M-series

Units per Rack

Power

Slots/PICs

Slot Throughput (Aggregate)

Chassis Throughput (Aggregate)

Feature

Platform

RE/Control Redundancy

Weight (Max)

No No Yes No Yes Yes

61 Lbs/27.7 Kg

36.5 Lbs/16.6Kg

65 Lbs/29.5 Kg

150 Lbs/68 Kg

280 Lbs/127 Kg

370.5 Lbs/168 Kg

370.5 Lbs/168 Kg

65 Lbs/29.5 Kg

No Yes

* Numbers quoted are two times the unidirectional (simplex) capacity for each FPC or chassis.


3 per

rack

Product Comparison: T-series

2 per

rack

DC only

8/32

FPC3 = 80+

Gbps

FPC 2 and 3

640+ Gbps (640 Mpps)

T640 Internet Routing Node

Units Per Rack

Power

Slots/PICS

Slot Throughput (Aggregate)

Chassis Throughput (Aggregate)

Feature T320Router

320+ Gbps (320 Mpps)

8/16

FPC3 = 40+

Gbps

FPC 1, 2, and 3

DC only

Platform

Weight (typical)

RE/Control Redundancy

Yes Yes

565Lbs/256.28Kg369.9

Lbs/167.78Kg

* Numbers quoted are two times the unidirectional (simplex) capacity for each FPC or chassis.


PICs

Where we are going…– Listing of common PICs– 4-port and 48-port Fast Ethernet, 2-port STM1/OC3c ATM, and

OC-192c


Common PICs Basic

– ATM– Channelized OC-12, STM1, DS3– DS-3, 4 port– T1, E1, T3, E3– Fast Ethernet– Gigabit Ethernet, 10 Gigabit Ethernet– SONET/SDH

IP Services – Tunnel Services, Encryption Services, Link Services,

Multilink Services, Monitoring services, and Adaptive Services PIC (ASP)

Services (Q Performance Processor)– Channelized Services (E1, DS3, STM1, and OC12)– ATM Services (ATM-2)– Ethernet Services


PIC Examples

4-port Fast Ethernet (M5/M10) 48-port Fast Ethernet (M40e)

2-port STM1/OC3 ATM (M20/M40) Quad-wide STM-64/OC192c (M160)


M-series ASICs and Packet Flow

Where we are going…– The M-series Packet Forwarding Engine

PIC Controller ASIC

I/O Manager ASIC

Distributed Buffer Management ASIC

Internet Processor II

– M-series packet flow


M-series ASICs


ForwardingTable

Buffer Manager 1

Buffer Manager 2

I/OManager

I/OManager

I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

FPC

PICs

M-series System Board (For example, SSB, SFM)

MEM

MEM

MEM

PIC I/OManager

PIC I/OManager



ForwardingTable

Buffer Manager 1

Buffer Manager 2

I/OManager

I/OManager

I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

FPC

PICs

Packet Forwarding Engine System

Controller(SSB, SFM, etc.)

MEM

MEM

MEM

PIC I/OManager

PIC I/OManager

M-series Packet Flow (1 of 5)

PIC I/O ASIC– Connects to FPC I/O ASIC– Manages physical-layer

framing and bit-stream signaling

– Detects link-layer errors (CRC)

– Generates data link-layer alarms

PIC I/O ASIC– Connects to FPC I/O ASIC– Manages physical-layer

framing and bit-stream signaling

– Detects link-layer errors (CRC)

– Generates data link-layer alarms

Data

Notification

Key


MEM



ForwardingTable

Buffer Manager 1

Buffer Manager 2

I/OManager

I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

FPC

PICs

Packet Forwarding Engine System Controller

(For example, SSB and SFM)

MEM

MEM

PIC I/OManager

PIC I/OManager

I/O Manager ASIC– Decodes Layer 2

encapsulation– Identifies protocol and

checks Layer 3 header validity

– Classifies traffic for CoS– Chops incoming packets

into 64-bytechunks (J-cells)

– Sends J-cells to Buffer Manager 1 ASIC

– Confirms packet integrity

I/O Manager ASIC– Decodes Layer 2

encapsulation– Identifies protocol and

checks Layer 3 header validity

– Classifies traffic for CoS– Chops incoming packets

into 64-bytechunks (J-cells)

– Sends J-cells to Buffer Manager 1 ASIC

– Confirms packet integrity

I/OManager


MEM


ForwardingTable

Buffer Manager 1

I/OManager

I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

FPC

PICs



MEM

MEM

PIC I/OManager

PIC I/OManager

I/OManager


Distributed Buffer Manager ASICs– Manage packet memory shared across FPC slots – Extract address information from packets– Direct FPCs where to forward packets

Distributed Buffer Manager ASICs– Manage packet memory shared across FPC slots – Extract address information from packets– Direct FPCs where to forward packets

Data

Notification

KeyBuffer

Manager 2


FPC



MEM


ForwardingTable

Buffer Manager 1

Buffer Manager 2

I/OManager

I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PICs

MEM

MEM

PIC I/OManager

PIC I/OManager

I/OManager


Internet Processor II ASIC– Extracts next-hop

information from system forwarding table

– Passes modified notification (next-hop information added) to Buffer Manager 2 ASIC

– Applies packet filtering and policy rules

– Collects exception packets for queuing to Routing Engine

Internet Processor II ASIC– Extracts next-hop

information from system forwarding table

– Passes modified notification (next-hop information added) to Buffer Manager 2 ASIC

– Applies packet filtering and policy rules

– Collects exception packets for queuing to Routing Engine

Data

Notification

Key


MEM


ForwardingTable

Buffer Manager 1

Buffer Manager 2

I/OManager

I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

PIC I/OManager

FPC

PICs

Packet Forwarding Engine System

Controller(SSB, SFM, etc.)

MEM

MEM

PIC I/OManager

PIC I/OManager

I/OManager


I/O Manager ASIC– Receives 64-byte

chunks from Buffer Manager 2 ASIC

– Adjusts any required protocol time-to-live values

– Encapsulates chunks inside appropriate data link layer header

– Sends to PIC I/O Manager ASIC for transmission

I/O Manager ASIC– Receives 64-byte

chunks from Buffer Manager 2 ASIC

– Adjusts any required protocol time-to-live values

– Encapsulates chunks inside appropriate data link layer header

– Sends to PIC I/O Manager ASIC for transmission

Data

Notification

Key

PIC I/OManager


ASIC Functionality and Packet Flow

Where we are going…– The T-series Packet Forwarding Engine

PIC Controller ASIC

Layer 2/Layer 3 Packet Processing ASIC

Switch Interface ASIC

Queuing and Memory Interface ASIC


– T-series switch fabric overview– T-series packet flow


T-series Packet Forwarding Engine

Each T-series PFE consists of:– One or more media-specific PIC ASIC

Handles physical layer signaling, alarms, and CRC processing

– Layer 2/Layer 3 Packet Processing ASIC Provides Link layer encapsulation and decapsulation

Manages division and reassembly of packets into J-cells

– Queuing and Memory Interface ASICs Manage data cell memory buffering

Manage notification queuing

– Internet Processor II ASIC Performs route lookups in forwarding table

– Switch Interface ASICs Extract route lookup keys

Manage cell flow across the switch fabric


The T-series Switch Fabric Nonblocking topology with any-to-any connectivity No single point of failure, all SIBs fully redundant

– Graceful degradation for multiple failures T640 switch fabric consists of 5 Switch Interface Boards (SIBs) (5th is a

spare)

T320 switch fabric consists of 3 Switch Interface Boards (SIBs) (3rd is a spare)

Packet order and CoS maintained across fabric

SIB 0

SIB 1

SIB 2

F16

F16

F16

Nf

FPC 0FPC 1

40Gbps(FD)

The T320 Switch Fabric

HSLs


T-series Packet Flow (1 of 10)

Layer2/Layer3 Packet

Processing ASIC

SONETor

GigEPIC

SONETor

GigEPIC

Switch

Interface

ASIC


Processing ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Switch

Fabric

Queuing& Memory Interface

ASIC


ASIC

Packetsin

Packets

out

Packets arrive at an incoming PIC interface

PIC controller ASIC manages link layer framing of bit stream

Detects link layer CRC errors Generates link layer alarms Passes packets to FPC

Packets arrive at an incoming PIC interface

PIC controller ASIC manages link layer framing of bit stream

Detects link layer CRC errors Generates link layer alarms Passes packets to FPC

RDRAM

RDRAM

Ingress PFEData

Notification

Key




Processing ASIC

SONETor

GigEPIC

SONETor

GigEPIC

Switch

Interface

ASIC


Processing ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Switch

Fabric


ASIC


ASIC

Packetsin

Packets

out

Layer 2/Layer 3 Packet Processing ASIC parses and validates Layer 2 and Layer 3 headers

Classifies traffic for CoS processing Divides the packets into 64-byte

cells Sends cells to Switch Interface ASIC

Layer 2/Layer 3 Packet Processing ASIC parses and validates Layer 2 and Layer 3 headers

Classifies traffic for CoS processing Divides the packets into 64-byte

cells Sends cells to Switch Interface ASIC

RDRAM

RDRAM

Ingress PFEData

Notification

Key




Processing ASIC

SONETor

GigEPIC

SONETor

GigEPIC

Switch

Interface

ASIC


Processing ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Switch

Fabric


ASIC


ASIC

Packets

out

Switch Interface ASIC extracts the route lookup key

Key is placed in a notification cell and passed to the Internet Processor

Data cells are sent to the Queuing and Memory Interface ASICs

Switch Interface ASIC extracts the route lookup key

Key is placed in a notification cell and passed to the Internet Processor

Data cells are sent to the Queuing and Memory Interface ASICs

RDRAM

RDRAM

Packetsin

Ingress PFEData

Notification

Key




Processing ASIC

SONETor

GigEPIC

SONETor

GigEPIC

Switch

Interface

ASIC


Processing ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Switch

Fabric


ASIC


ASIC

Packets

out

Queuing and Memory Interface ASICs pass the data cells to memory for buffering

Internet Processor II ASIC performs the route lookup and forwards the notification to the Switch Interface ASIC

Queuing and Memory Interface ASICs pass the data cells to memory for buffering

Internet Processor II ASIC performs the route lookup and forwards the notification to the Switch Interface ASIC

RDRAM

RDRAM

Packetsin

Ingress PFEData

Notification

Key




Processing ASIC

SONETor

GigEPIC

SONETor

GigEPIC

Switch

Interface

ASIC


Processing ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Switch

Fabric


ASIC


ASIC

Packets

out

Switch Interface ASIC sends bandwidth requests through the switch fabric to the destination PFE

Issues read requests to the Queuing and Memory Interface ASIC to begin reading data cells out of memory

Switch Interface ASIC sends bandwidth requests through the switch fabric to the destination PFE

Issues read requests to the Queuing and Memory Interface ASIC to begin reading data cells out of memory

RDRAM

RDRAM

Packetsin

Ingress PFEData

Notification

Key




Processing ASIC

SONETor

GigEPIC

SONETor

GigEPIC

Switch

Interface

ASIC


Processing ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Fabric


ASIC


ASIC

Packetsin

Packetsout

Destination Switch Interface ASIC sends grants through the switch fabric

Originating Switch Interface ASIC sends a cell through the switch fabric to the destination PFE

Destination Switch Interface ASIC sends grants through the switch fabric

Originating Switch Interface ASIC sends a cell through the switch fabric to the destination PFE

RDRAM

RDRAM

Egress PFE

Switch

Interface

ASICData

Notification

Key




Processing ASIC

SONETor

GigEPIC

SONETor

GigEPIC

Switch

Interface

ASIC


Processing ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Switch

Fabric


ASIC


ASIC

Packetsin

Switch Interface ASIC extracts the route lookup key, places it in a notification, and forwards to the Internet Processor II

Internet Processor II performs route lookup and forwards notification to Queuing and Memory Interface ASIC

Switch Interface ASIC extracts the route lookup key, places it in a notification, and forwards to the Internet Processor II

Internet Processor II performs route lookup and forwards notification to Queuing and Memory Interface ASIC

RDRAM

RDRAM

Packetsout

Egress PFE

Switch

Interface

ASIC

Internet

Processor

II ASICData

Notification

Key




Processing ASIC

SONETor

GigEPIC

SONETor

GigEPIC

Switch

Interface

ASIC


Processing ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Switch

Fabric


ASIC

Packetsin

Queuing and Memory Interface ASIC forwards notification to the Switch Interface ASIC

Switch Interface ASIC issues read requests to the Queuing and Memory Interface ASIC and passes cells to L2/L3 Processing ASIC

Queuing and Memory Interface ASIC forwards notification to the Switch Interface ASIC

Switch Interface ASIC issues read requests to the Queuing and Memory Interface ASIC and passes cells to L2/L3 Processing ASIC

RDRAM

RDRAM

Packetsout

Egress PFE

Switch

Interface

ASIC


ASIC

Data

Notification

Key




Processing ASIC

SONETor

GigEPIC

SONETor

GigEPIC

Switch

Interface

ASIC


Processing ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Switch

Fabric


ASIC


ASIC

Packetsin

Layer 2/Layer 3 Packet Processing ASIC reassembles the data cells into packets

Adds Layer 2 encapsulation Sends the packets to the outgoing

PIC interface

Layer 2/Layer 3 Packet Processing ASIC reassembles the data cells into packets

Adds Layer 2 encapsulation Sends the packets to the outgoing

PIC interface

RDRAM

RDRAM

Packetsout

Egress PFE


Processing ASIC

Data

Notification

Key




Processing ASIC

SONETor

GigEPIC

Switch

Interface

ASIC


Processing ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Internet

Processor

II ASIC

Switch

Interface

ASIC

Switch

Fabric


ASIC


ASIC

Packetsin

Egress PIC ASIC adds physical layer framing and CRC

Sends bit stream out to the network

Egress PIC ASIC adds physical layer framing and CRC

Sends bit stream out to the network

RDRAM

RDRAM

Packetsout

Egress PFE

SONETor

GigEPIC

Data

Notification

Key


Exception Packets

Exception packets– Local delivery– IP options

Source route, router alert, etc.

– ICMP message generation

Generally processed by Packet Forwarding Engine control CPU

– Remaining traffic (local and control) sent to Routing Engine via internal link

Rate limiting

Hardware-based WRR ensures control traffic is not starved


JUNOS Software Overview

Where we are going…– Features– Processes– Protocol support


JUNOS Software Features

A single image runs on all M-series and T-series platforms with all features

– Free BSD-based environment

Fully independent software processes– Routing, interface control, management, chassis

management, SNMP, CLI, APS, VRRP, sampling, CoS, etc.– Protected memory environment

Serious error in one module does not impact other modules or packet forwarding

Automatic core dumps for serious faults

Purpose built for performance and stability in the Internet core


JUNOS Software Processes

User

RoutingTables

RoutingProtocol Process

InterfaceProcess

Command-LineInterface (CLI)

ChassisProcess

SNMP

ForwardingTable

Kernel

ForwardingTable

InterfaceProcess

ChassisProcess

Microkernel

DistributedASICs

JUNOS Internet Software

RoutingEngine

Embedded Microkernel

PacketForwardingEngine


The Kernel

The kernel– Provides the underlying infrastructure for all the JUNOS

software processes Provides the link between the routing tables and the RE's forwarding

table

Responsible for all communication with the PFE, including keeping the PFE’s copy of the forwarding table synchronized


InterfaceProcess

Command-Line

Interface (CLI)ChassisProcess

ForwardingTable

Kernel


Routing Protocol Process

Core functions– Controls routing protocols running on router– Starts all configured protocols– Handles all routing messages– Maintains routing tables– Implements routing policy

RoutingTables


(rpd)

JUNOS Kernel


Industrial-Strength Protocols Unicast routing protocols

– Intermediate System-to-Intermediate System (IS-IS)– Open Shortest Path First (OSPF and OSPF3)– Routing Information Protocol (RIP and RIPng)– Border Gateway Protocol (BGP)

Multicast routing protocols– Distance Vector Multicast Routing Protocol (DVMRP) – Protocol Independent Multicast (PIM)– Multicast Source Discovery Protocol (MSDP)– Internet Group Management Protocol (IGMP and MLD) – Session Announcement Protocol and Session Description

Protocol (SAP/SDP) MPLS application protocols

– Multiprotocol Label Switching (MPLS) Provider-provisioned VPN support (Layer 2 and 3)

– Resource Reservation Protocol (RSVP)– Label Distribution Protocol (LDP)


Review Questions

1. Which Juniper Networks M-series or T-series routers are aimed at the Internet core? What about the edge?

2. What are the primary responsibilities of the Routing Engine and the Packet Forwarding Engine?

3. What is the purpose of and relationship between FPCs and PICs?

4. What is the purpose of the Craft Interface?5. Describe packet flow through Juniper Networks

M-series and T-series platforms 6. Which software process maintains the routing

tables and implements routing policy?



Module 5: Installation andInitial Configuration


Module Objectives

After completing this module, you should be able to describe

– Important installation issues– Initial configuration process– Software installation from scratch– Software component upgrades– How to back up existing router software


Chassis Installation

M40/M160 Craft interface displays

– Typical M160 weighs 300 pounds (135 kg)– Typical M40 weighs 220 pounds (100 kg)– Typical M20 weighs 120 pounds (53 kg)– Lifting requires three or more people

Remove heaviest components first

– Power supplies– FPCs– Fan Trays

Lift into rack

– Do not lift M40 by Routing Engine handles Replace components


Power Up and Power Down

Powerup

– Perform more checks

– Connect all cables

– Turn on one power supply

– Turn on second power supply

Powerdown

– Shutdown Junos Routing software– CLI request system halt command– Turn off Power Supplies


Visible Activity at Startup

M40/M160 Craft interface displays

– Starting Routing Engine– Starting PFE– Starting cards

FPC LED

– Blink green while testing– Become solid green when tests pass

Alarm LEDs light as needed


Initial Configuration

Using serial console

– Root password– Machine name– IP address (prefix) and prefix length assigned to

management interface (fxp0)– Default router– DNS server


Troubleshooting

Craft interface

– Red LEDs indicate failure– M40/M160 LCD displays all major and minor alarms

Syslog messages

– Contain more detailed information– CLI show log messages command

CLI

– Interactive failure analysis using show commands– monitor log files using monitor command


Boot Devices and Media

Removable media– Used for install and upgrade, normally left empty– M40—120-MB high-capacity floppy drive– M20/M160—110-MB PCMCIA flash card

Flash drive– Solid-state nonrotating media– Primary source for booting software

Hard drive– Traditional rotating media– Secondary source for booting software


Software Installation

Arrives preinstalled from factory onto– Flash drive– Hard drive (alternate copy)– Removable LS-120 floppy or PCMCIA flash card (use as a last resort)

Can boot from alternate copy– If flash drive fails, router can still boot from hard drive or removable

media Upgradable

– Upgrade packages available through the Internet or on removable media


Boot Sequence

Hardware controlled– Software notifies hardware when boot completes

Success? Success? Success?

Removablemedia

Halt

Done

Solid-stateflash disk

Rotatingdisk

Done Done



Root password– Root password not set at factory– Must use console to configure root password

Router and domain name Management interface IP address and prefix length Default router IP address DNS server IP address



Enter configuration moderoot@> configure

[edit]

root@#

Set root password– Plain text known

root@# set system root-authenticationplain-text-password

– Pre-encrypted passwordroot@# set system root-authentication

encrypted-password encrypted-password

– SSH (secure shell) keyroot@# set system root-authentication

ssh-rsa key



Set router name[edit]

root@# set system host-name lab2

Set router domain name [edit]

root@# set system domain-name juniper.net

Commit changes so far[edit]

root@# commit

commit complete

[edit]

root@lab2#



Set management Ethernet IP address and prefix[edit]

root@lab2# set interfaces fxp0 unit 0 family inet address ip-address/prefix-length

Set default route[edit]

root@lab2# set system backup-router gateway-address

root@lab2# set routing-options static route default nexthop gateway-address retain no-readvertise

Set name server address[edit]

root@lab2# set system name-server ns-address


Full Installation

Reinstall JUNOS software if storage media fails or is corrupted

Future major software revisions may require full installation

Three steps– Prepare to reinstall JUNOS software– Reinstall JUNOS software– Configure JUNOS software


Full Installation: Preparation

Record basic information– Router name– Management interface IP address and prefix length– Default router IP address– Domain name and DNS server IP address

Copy existing configuration file to a safe place on the network– Located in /config/juniper.conf– Full installation erases both flash and rotating drives

Locate your Juniper installation media– LS-120 floppy or PCMCIA card contains entire JUNOS distribution


Full Installation: Reinstallation

Insert installation media into Routing Engine– M40—LS-120 floppy– All others—PCMCIA flash card

Reboot router– Use the CLI from the serial console

root@lab2> request system halt

– Power-cycle router Follow prompts

– Enter configuration information saved during installation preparation System reboots automatically after installation completes


Software Configuration

Log in as root

no-name (ttyd0)

login: root

Last login: date on ttyd0

Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994

The Regents of the University of California. All rights reserved.

---JUNOS 4.1R1 built 2000-07-24 09:29:44 UTC

#

Start CLI# cli

root@no-name>


Software Configuration

Enter configuration moderoot@no-name> configure

[edit]

root@no-name#

Set root password– Plain-text

root@no-name# set system root-authenticationplain-text-password text-password

– Pre-encrypted passwordroot@no-name# set system root-authentication

encrypted-password encrypted-password

– SSH keyroot@no-name# set system root-authentication

ssh-rsa key


Software Update Packages

JUNOS software updates are contained in four packages

– jkernel–Operating system– jroute–Routing Engine software– jpfe–Packet Forwarding Engine software– jdocs–On-line documentation– jbundle–All four upgrade packages combined– jinstall-Upgrade to/from 5.0

Packages can be upgraded individually CLI show system software command displays

installed packages


Jinstall vs. Jbundle

When to use jinstall– Upgrade 4.x to 5.y– Downgrade 5.y to 4.x

When to use jbundle– 4.x to 4.y transition– 5.x to 5.y transition


Package Naming Convention

Software packages have standard namespackage-m.nZnumber.tgz

– m.n is the major version number– Z is a single uppercase letter

A–Alpha

B–Beta

R–Release

I–Internal

– number is the release number, which might include the build number for that release

For examplejbundle-4.1R1.2.tgz


Back Up Existing Software

System software and configuration can be backed up to rotating disk

Best used– Before major upgrade to ensure system recovery if necessary– When system is judged to be stable

CLI request system snapshot command


Upgrade Software Jbundle

Download current package from software download page at www.juniper.net

Add new packageroot@lab2> request system software add new-package-name

Checking available free disk space...11200k available,6076k suggested.

Reboot routerroot@lab2> request system reboot


Upgrade Software jinstall

Prep the machine:

– cli> file copy jinstall-url /var/tmp/jinstall-pkg

– Copy customer configs and other files/executables

– Do not worry about JUNOS configs, uncommitted config, log files, SSH keys


How to use jinstall

Add jinstall

– cli> request system software add /var/tmp/ jinstall-pkg

Installing package '/var/tmp/jinstall-package name'...

WARNING: This package will load JUNOS software release-number.WARNING: It will save JUNOS configuration files, log files, and SSH keysWARNING: (if configured), but erase all other files and informationWARNING: stored on this machine. This is the pre-installation stageWARNING: and all the software is loaded when you reboot the system.WARNING: If you do not wish to proceed, you will be able to abort theWARNING: installation.

Saving the config files ...Installing the bootstrap installer ...


How to use jinstall

Type yes to reboot:

WARNING: A reboot is required to load this software correctly. If youWARNING: wish to abort the installation, enter 'no' below.

Reboot the system (yes/no) [no] ? yes

Shutting down in 10 seconds ...Saving package file in /var/sw/pkg/jinstall-packagename ...Saving state for rollback ...*** FINAL System shutdown message from user@host ***System going down IMMEDIATELYShutdown NOW!

Go for a coffee. Router will be up in 5-7 min.


Cautions

5.0 will reformat the disk. Customer configs and other files/executables will be lost.

Connect to the router via the management ethernet

If the juniper.conf has statements not supported in the new release, then mgd may fail during commit


Jinstall internal mechanics

Preinstall phase does various checks. Stores preinstall information in /var/tmp/preinstall

Reboot to come up on the installer:

– Perform more checks

– Reformat the disk

– Lay a base OS (files that are needed but not in jbundle)

– Lay the jbundle

Second reboot to come up on the new JUNOS


End of Life Procedures

Hardware EOL– Notifcation 180 day in Advance– During notification period can continue to purchase– Repaired or Replaced upto 3 years after EOL date

Software EOL– Software Support covers most recent release and two

previous (e.g. 4.3, 4.2, 4.1)

– New Releases schedule for FRS every 3 months

– Major Release – 6 month notice of EOL


Review Questions

1. What JUNOS boot Sequence?

2. What are the JUNOS software update Packages?

3. Describe the Package naming convention.

4. Explain the difference between Jbundle and Jinstall.



Module 6: JUNOS Configuration Basics


Module Objectives


– Explain how to gain access to a Juniper router– Describe the difference between the CLI command mode and

configuration mode– Describe how to navigate and modify the Candidate

configuration– Describe how to change the Active configuration– Explain the method used to describe a customer interface– Describe how to configure the physical and logical properties

of an interface on a Juniper router


Access to Router

Console Management port, using Telnet, ssh, RADIUS

NCC

NO

NCC

NO

ACO/LT AUX/MODEM MGMT CONSOLE

OFFLINE ONLINE MASTER

OFFLINE ONLINE MASTER

RE0

RE1

FPC0

FPC1

FPC2

FPC3

FAIL OK

FAIL OK

FAIL OK

FAIL OK


User Authentication

Name and password Individual accounts Per-user command "class" permissions

lab2 (ttyd0)

login: nigel

Password:


Features

Line editing Command history Command completion Context-sensitive help


CLI Modes

Operational mode– Monitor and troubleshoot the software, the network

connectivity, and the router

Configuration mode– Configure the router, including interfaces, general routing

information, routing protocols, user access, and system hardware properties

nigel@lab2>

nigel@lab2#


CLI Commands

Command hierarchy

brief

exact

protocol

table

terse

bgp

chassis

interfaces

isis

ospf

route

version

clear

configure

monitor

set

show


Logging In

lab2 (ttyd0)

login: nigel

Password:

Last login: Fri Feb 18 19:23:16 on ttyd0

Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994

The Regents of the University of California.

---JUNOS 4.1R1 built 2000-07-24 09:29:44 UTC

nigel@lab2>


Help

Type ‘?’ anywhere on command line

lab@omaha> ?Possible completions:

clear Clear information in the system

configure Manipulate software configuration information

file Perform file operations

help Provide help information

…

lab@omaha> show ?Possible completions:

aps Show APS information

arp Show system ARP table entries

as-path Show table of known AS paths

…


Editing Command Lines

lab@omaha> show interfaces

Ctrl-b


Ctrl-a


Ctrl-f


Ctrl-e



Command Completion

<space> completes a command

root@lab2> sh<space>ow i<space>

'i' is ambiguous.

Possible completions:

igmp Show information about IGMP

interfaces Show interface information

isis Show information about IS-IS

root@lab2> show i


Software Configuration Overview

Create a hierarchy of configuration statements– Enter commands in CLI configuration mode

root@lab2# set chassis alarm sonet lol red

– ASCII text file and displaychassis {

alarm {

sonet {

lol red;

}

}

}


Activating a Configuration

commit

rollback n

CandidateConfiguration

ActiveConfiguration

1 2 ...

0

Rollback files stored in/config/juniper.conf.n (n=1-3)/var/db/config/juniper.conf.n (n=4-9)

Rollback files stored in/config/juniper.conf.n (n=1-3)/var/db/config/juniper.conf.n (n=4-9)


Statement Hierarchy

atm e3 sonet t3

clock fpc

firewall interfaces protocols system more…

ethernet

alarm

chassis

Less Specific

More Specific

top


Entering Configuration Mode

Type configure or edit at the CLI operational mode prompt

root@lab2> configure

Entering configuration mode

[edit]

root@lab2#


Moving between levels of the statement hierarchy[edit]

user@host# edit chassis alarm ethernet

[edit chassis alarm ethernet]

Moving Between Levels

atm e3 sonet t3

clock fpc


ethernet

alarm

chassis

top


Moving Between Levels

user@host# up[edit chassis alarm]

user@host# top

[edit]

atm e3 sonet t3

clock fpc


ethernet

alarm

chassis

top

top

up


Displaying Current Configuration

[edit]user@host# show chassis alarmsonet { lol red; pll yellow; }[edit]user@host# edit chassis alarm[edit chassis alarm]user@host# showsonet { lol red; pll yellow; }[edit chassis alarm]


Exiting Configuration Mode

exit from top level

exit configuration-mode from any level

Operational mode

[edit]

[edit chassis]

[edit chassis alarm]

top

exit/up

exit configuration-modeexit

edit/configure

edit chassis

edit alarm


Standard Interfaces

Interface contained on PIC

PIC plugs into FPC– FPC has room for four

PICs

FPC plugs into chassis

Physical Physical Interface Interface

CardCard

PICPIC

PICPIC

PICPIC

FPC


Standard Interfaces

System uses consistent names for all customer interfaces

Based on– Interface port type– FPC slot number– PIC slot number within FPC– Port number within PIC


Interface Port Type

at— ATM over SONET/SDH ports e1— E1 ports e3— E3 ports fe— Fast Ethernet ports so— SONET/SDH ports t1— T1 ports t3— DS-3 ports ge— Gigabit Ethernet ports ae- Bundled Ethernet ports


FPC Slot Numbers

M40

3

2

1

0

0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7M160

M20

1

0M10


PIC Slot Numbers

0

1

3

2

M40 and M160– Top to bottom

All others– Right to left

013 2


Port Numbers

0

1

2

3

M40 and M160 Top to bottom Right to left

All others Right to left Bottom to top 01

23


Interface Names

Physical interfaces have standard names

– Type– FPC slot– PIC slot– Port number

so-5/2/3


Typical FPC and PIC Placement

Transient interfaces identified according to FPC/PIC/port convention

FPC and PIC numbering varies by platform

– M40/M160 platforms support eight FPCs, numbered from left to right

PICs numbered from top to bottom (0–3)

– M20 platform supports four FPCs numbered from top to bottom

PICs numbered from right to left (0–3)

FPC slot and PIC port numbers are labeled!

Typical FPC and PIC Numbering (T640)

FPCs 0–7

(Left to right)

PICs 0–3

(Top to bottom)


Interface Names

Logical interfaces are used to set up Frame Relay DLCIs or ATM virtual circuits

Interface number is separate in meaning from the actual DLCI or ATM VC and can be any arbitrary value

Suggested convention is to keep them the same whenever possible

so-5/2/3.43


Permanent Interfaces

Router has two permanent interfaces– Out-of-band management interface is called fxp0– Internal Routing Engine to PFE connection is called fxp1


Configure Interfaces



Two steps– Configure physical properties– Configure logical properties



– Physical properties Clocking

Scrambling

Frame check sequence (FCS)

Maximum transmission unit (MTU)

Keepalives

Other link characteristics

– Logical properties Protocol family (Internet, ISO, MPLS)

Addresses (IP address, ISO NET address)

Virtual circuits (VCI/VPI, DLCI)

Other characteristics



Standard configuration statement hierarchyinterfaces {

interface-name {

physical-properties;

[…]

unit unit-number {

logical-properties;

[…]

}

}

}


Configure Physical Properties

Configure physical properties of the interface using the set command:set interface so-1/0/3 no-keepalives

Or park yourself in the interfaces section of the hierarchy and set many optionslab@omaha> configure

[edit]

lab@omaha# edit interfaces so-1/0/3

[edit interfaces so-1/0/3]

lab@omaha# set no-keepalives

lab@omaha# set sonet-options fcs 32

lab@omaha# commit


Default Settings

Default settings for an interface are usually enough to get you talking

Most interfaces do not need complex setup


Logical Interface Settings

Each physical interface has one or more logical interfaces Logical interface separates configuration information for each

ATM virtual circuit, Frame Relay DLCI, or VLAN Some physical interface encapsulations allow only one possible

logical interface– PPP– HDLC


Logical Interface Settings

Logical settings– Protocol family (Internet, ISO, MPLS)

Protocol MTU

IP address

Other protocol options

– Virtual circuit identifiers (VPI.VCI, DLCI)– Other according to-circuit characteristics


Unit Numbers

Each logical interface has a unit number Number can be arbitrary

– Typically, the unit number is the same as the VC or DLCI number Some physical interfaces have only one possible logical interface,

and one unit number only, which must be configured as unit zero


Configure Logical Interfaces

Use the set command to configure a logical interface, using the unit number

For exampleset interface so-1/0/3 unit 40 dlci 40

Or park yourself at the unit levellab@omaha> configure[edit]lab@omaha# edit interfaces so-1/0/3 unit 40[edit interfaces so-1/0/3 unit 40]lab@omaha# set dlci 40lab@omaha# set family inet address 10.0.20.1/24lab@omaha# commit


Configure Protocol Families

Each major protocol is called a family Internet protocol has TCP, UDP, and ICMP as family

members Most common protocol families are

– Internet (inet)– International Standards Organization (iso)– Traffic engineering (mpls)– Multiple families can live on one logical interface



Internet protocol family (inet) Allows you to set

– IP address: address A.B.C.D/prefix_length – Remote address on point-to-point links: destination A.B.C.D– Broadcast address: broadcast A.B.C.D– MTU size: mtu bytes– ICMP redirect control: no-redirects



Minimal sample configurationlab@omaha> configure

[edit]

lab@omaha# edit interfaces so-1/0/3

[edit interfaces so-1/0/3]

lab@omaha# set unit 0 family inet address 10.0.20.1/24

lab@omaha# commit

Displayed asinterfaces {

so-1/0/3 {

unit 0 {

family inet {

address 10.0.20.1/24;

}

}

}

}


Review Questions

1. What are the two types of CLI modes?

2. What are the interface types and names?

3. What are the two permanent interfaces?

4. What are the two basic interface characteristics?

5. What are some examples of physical interface settings?

6. What are some examples of logical interface settings?


Lab 2: CLI Configuration

Lab objective:

Introduction to Juniper CLI



Module 7: Routing Protocol Basics


Module Objectives


– Explain the difference between static routing and dynamic routing, and explain when to use each type of routing

– Describe the characteristics and operation of distance vector and link-state routing protocols

– Explain how network convergence occurs and provide real-life examples

– Explain how routes are selected on a routed network and routing metrics

– Explain the role of interior gateway protocols and exterior gateway protocols, including Border Gateway Protocol (BGP)

– Explain how JUNOS software implements routing tables and routing policy


Types of Routes

Static– All packets forwarded to predetermined destinations defined

by an administrator

Dynamic– Packets are forwarded to dynamically calculated routes

determined by a routing protocol


Static Routing

Benefits– Good for small networks– Can help create a secure network– Efficiently uses router resources

Drawbacks– Does not handle network failures well– Does not scale well


Static Routing Example

Network192.168.5

Network172.16

Network10

Network 192.168.6

Destination Next Hop

10Direct

172.16Router B

192.168.5Router C

192.168.6Router C


10Router A

172.16Router B

192.168.5Direct

192.168.6Router D


10Router A

172.16Direct

192.168.5Router C

192.168.6Router C


192.168.6Direct

Default Router C

Router A

Router B Router C

Router D


Static Routing with Link Failure

Network192.168.5

Network172.16

Network10

Network 192.168.6


10Direct

172.16Router B

192.168.5Router C

192.168.6Router C


10Unreachable

172.16 Router B

192.168.5 Direct

192.168.6 Router D


10Router A

172.16Direct

192.168.5Router C

192.168.6Router C


192.168.6Direct

Default Router C

Router A

Router B Router C

Router D


Floating Static Routes

Static routes CAN handle link failures!

A floating static route is a backup static route that is less preferred than more direct routes (static or dynamic)

Floating static route is used only when the preferred route is unavailable

Use with caution!

Router A Router B

DestinationNext Hop

Network XRouter C

Network XRouter B

Router C

Network X

DestinationNext Hop

Network XRouter C

Network XRouter A


Dynamic Routing

Routing tables Neighbors

Interface status All routers

Distance-Vector

Link-State

Communicatewhat?

Betweenwhom?


Routing Protocol Convergence

Convergence: when all routers in a given routing domain achieve a consistent view of that routing domain

Routing protocols must achieve convergence in order to route packets consistently from one location to another


Interior and Exterior Gateway Protocols

AS 1 AS 2

IGP IGPEGP

• Border Gateway Protocol

IGPs

• RIP

• OSPF

• IS-IS

Interior Gateway Protocols (IGPs)– Routing protocols that run within an autonomous system (AS)

to exchange network reachability information

Exterior Gateway Protocols (EGPs)– Routing protocols that exchange routing information between

autonomous systems


Distance Vector Protocols

Distance vector neighbors exchange vectors – Metric is typically hop count– Vectors reflect both distance and direction– Vectors are stored in the routing table– Entire table or a portion of table is sent

The longest network path is limited Each router sends a routing table update periodically


When to Use Distance Vector Routing

Use in very small networks that have few, if any, redundant paths and no stringent network performance requirements

Epitome of the distance-vector routing protocol is Routing Information Protocol (RIP)

Distance vector drawbacks:– Long convergence time– Simplistic metrics


Distance Vector Stability Issues

Counting to infinity Routing loops

Network A

R1 R2

R3

Network A = 1 hop

Network A = 2 hops

3

4

5

6

…


Link-State Routing Protocols

Link-state routing protocols build and maintain a database of link state information

Hello messages are used to discover neighbors Costs are associated with links Updates are sent to communicate link state changes Information is flooded to all neighbors who create a

link state database


The Link-State Database (LSDB)

The LSDB is like a puzzle that, when complete, is an accurate picture of the network

LSDB entries are like puzzle pieces that can describe:– Routers and their attached links– Links and their attached routers– Routing information from outside the network– Link metrics, often represented as Cost

Each router maintains its own copy of the LSDB Each router stores a copy of every LSDB entry in the

network Different protocols use different names for LSDB

entries– More on that later…


When to Use Link-State Routing

Use link-state routing with:– Any size, well-designed network– Any network that requires network scalability – Larger, more complicated networks– Faster convergence required

Drawbacks– Can flood the network's transmission facilities, thereby

significantly decreasing the network's capability to transport data

– Memory and processor intensive


Martian Addresses

Host or network addresses about which all routing information is ignored

Commonly sent by improperly configured systems on the network and have destination addresses that are obviously invalid

In IPv4, these are the default martian addresses: – 0.0.0.0/8 – 127.0.0.0/8 – 128.0.0.0/16 – 191.255.0.0/16 – 192.0.0.0/24 – 223.255.255.0/24 – 240.0.0.0/4


Route Flapping

What is route flapping?– Instability in the reachability of a prefix– Occurs during a topology change – In an unstable network, routers might be unable to decide on a

route to a destination

Dealing with route flapping– Different protocols have different solutions


JUNOS Routing Policy

Controls routing information transferred between routing table and each routing protocol

– Incoming routing information can be ignored or changed– Outgoing routing information can be suppressed or changed

Some match conditions are protocol-specific


When to Apply Policy

You do not want to import all learned routes into the routing table

You do not want to advertise all learned routes to neighboring routers

You want one protocol to receive routes from another protocol

You want to modify information associated with a route


Import and Export

Policy filtering is done with respect to the JUNOS routing table

Export policy is applied to active paths in the routing table

NeighborsNeighbors

ProtocolProtocol

Routingtable

Routingtable

Forwardingtable

Forwardingtable

ProtocolProtocol

ImportRoutes Routes

PFE

Export

NeighborsNeighbors


Routing Policy

Allows you to filter and control routing information entering and leaving the router

Separate policy for each routing protocol

NeighborsNeighbors

ProtocolProtocol

Routingtable

Routingtable

Forwardingtable

Forwardingtable

ProtocolProtocol

Routes Routes

PFE

NeighborsNeighbors

Import policy #1

Import policy #2

Export policy #1

Export policy #2


Routing Policy

Policies can be chained together to increase their effectiveness

Route PolicyPolicy

Accept

Reject

PolicyPolicy

Accept

Reject

...Last

policyLast

policyDefaultpolicy

Defaultpolicy

Accept

Reject

Accept

Reject


Routing Policy

Policies contain collections of terms Terms contain a condition and an action to apply to

each route

Route TermTerm

Accept

Reject

TermTerm

Accept

Reject

...LasttermLastterm

NextpolicyNext

policy

Accept

Reject


Default Routing Policy Actions

Different default policies for each protocol being imported or exported describe default protocol behavior

Reaching the end of a policy, or chain of policies, invokes default policy for that protocol


How Routing Policies Are Evaluated

RouteRoute PolicyPolicy

Accept

Reject

PolicyPolicy

Accept

Reject

LastConfigured

policy

LastConfigured

policy

Defaultpolicyaction

Defaultpolicyaction

Accept

Reject

Accept

Reject

Continueevaluating

Continueevaluating

until…


Routing Policy Example

RouteRoute

TermTermAccept

or reject

TermTerm

TermTerm

Acceptor reject

Acceptor reject

Policy 1

TermTermAccept

or reject

TermTerm

TermTerm

Acceptor reject

Acceptor reject

Policy 2

TermTermAccept

or reject

Defaultaction

Defaultaction

Additional Policies


Routing Policy Example

RouteRoute

SourceConditions

SourceConditions

ActionsActions

Does not match all

conditions

Policy term

Defaultaction

Defaultaction

Match

DestinationConditionsDestinationConditions


JUNOS Routing Databases

Routing table

Master forwarding table

Forwarding table

Network interfaces

Packet Forwarding Engine

Routing Engine

Routing Protocol Process

JUNOS kernel


Review Questions

1. When would you implement static routing? Dynamic routing?

2. What are the primary differences between distance-vector protocols and link-state protocols?

3. How does a distance-vector protocol handle router updates?

4. What happens when the network converges? (Describe the process.)

5. Describe the JUNOS routing policy and its implementation.


Lab 3: Static Routing



Module 8: Interior Gateway Protocols


Module Objectives

After successfully completing this module, you should be able to:– Describe RIP architectural features, standards, limitations, and

packet format– Explain JUNOS support for RIP– Configure a Juniper Networks router with a minimum RIP

configuration– Describe OSPF standards, terminology, routing algorithms, packet

format, external metrics, designated routers, and traffic engineering extensions

– Explain JUNOS software support for OSPF– Configure a Juniper Networks router with a minimum OSPF

configuration– Describe IS-IS standards, terminology, network addressing, packet

format, and traffic engineering extensions– Explain JUNOS software support for IS-IS– Configure a Juniper Networks router with a minimum ISIS

configuration


IGP’s vs EGP’s

IGP – Internal Gateway Protocol– Used to optimize the route a packet takes between points

within an Autonomous System(AS – network infrastructure under a unique set of administrative and technical policies)

EGP – External Gateway Protocol– Used to provide for the exchange of routing information

between Autonomous Systems– Typically designed for doing policy routing, providing control

over routes leaving and entering an AS


What Is OSPF?

An interior gateway protocol (IGP) based on the shortest path first (SPF) algorithm, also known as the Dijkstra algorithm

Created to fill the need for a high-functionality, standards-based IGP for the TCP/IP protocol family

Main RFCs:– 1587 – OSPF NSSA Option– 2328 – OSPF Version 2 (current implementation)


What Is a Link-State Protocol ?

Link = router interface State = description of interface and its relationship to

neighboring routers OSPF routers send link-state advertisements (LSAs) to

all other routers within the same hierarchical area Routers store information in a link-state, or topological,

database Each OSPF router uses the SPF algorithm to calculate

the shortest path to each node


What Is SPF?

Places each router at the root of a tree and calculates the shortest path to each destination based on the cumulative cost to reach that destination

Each router has its own view of the topology, even though all the routers build a shortest-path tree using the same link-state database


OSPF Routing Hierarchy

Largest entity is the autonomous system (AS) An AS can be divided into areas, groups of contiguous

networks, and hosts– Routers within a single area have identical link-state

databases– Area Border Routers (ABRs): routers with interfaces in

multiple areas– AS Boundary Routers (ASBRs): routers that act as gateways

to other protocols or another AS


OSPF Backbone

OSPF backbone (Area 0) distributes routing information between areas

– Contains all area border routers and backbone routers– All traffic between areas goes through the backbone

Backbone is itself an OSPF area If backbone is configured as not contiguous, must

configure virtual links– Between any backbone routers that share a link to a

nonbackbone area, or the transit area– Function as direct links


OSPF Area Relationships

Backbone

Area 1

Area 3Area 2

(0.0.0.0)

RIP

BGPExternal routes

Inter-area routes(Summary routes)

Intra-area routes


OSPF Stub Areas

Stub areas– Do not carry external routes– Virtual links cannot be configured across– Cannot contain ASBR

Totally stubby areas– Stub area that only receives the default route from the

backbone

Not-so-stubby areas– Allows limited importing of external routes

Transit areas– Used to pass traffic from one adjacent area to the backbone,

or to another area if the backbone is more than two hops away from an area


OSPF Area Types

Backbone

Stub area

(0.0.0.0)

RIP

BGPExternal routes

Inter-area routes(summary routes) Default route

Totally stubby area

Not-so-stubbyarea

Intra-area routes


OSPF Neighbors

Routers that share a common segment within a single area are neighbors

Neighbors become adjacent to exchange LSAs The goal: to achieve identical link-state databases


Neighbors Exchange Link-State Info

Neighbors exchange link-state update packets containing LSAs at initialization and when routing information changes

Link-states exchanged by flooding: Each router that receives a link-state update stores a copy in its link-state database and then propagates the update to other routers

Once the database is complete, the router calculates an SPF Tree to all destinations using the Dijkstra algorithm

OSPF activity determined by the amount of change – the less change, the less activity


OSPF Packet Types

Hello: Establishes and maintains neighbor relationships Database Description: Describes the contents of the link-state

database by sending LSA headers. Exchanged when an adjacency is initialized.

Link-State Request: Requests specific LSAs from neighbor routers. Exchanged after a router discovers that parts of its database are missing or out of date.

Link-State Update: Responds to a link-state request packet. Also used for the regular dispersal of LSAs to reflect topology changes. Several LSAs can be included within a single link-state update packet.

Link-State Acknowledgment: Acknowledges receipt of link-state update packets. Implements guaranteed flooding.


OSPF Routing

Link-state advertisements

NSSA

NSSA External LinksType 7

Used by not-so-stubby areas to import external routes into a stub area.

ASBR

External LinksType 5

Originated by an ASBR.Describe destinations externalto the autonomous system or adefault route to the outside AS.

DR

Network LinksType 2

Originated for multi-access segments with more than one attached router. Describe all routers attached to the specific segment. Originated by a Designated Router (discussed later on).

Router LinksType 1

Describe the state and cost of the router’s links (interfaces) to the area (Intra-area).

Summary LinksTypes 3 and 4

Originated by ABRs only.Describe networks in the AS but outside of area (Inter-area).Also describe the location of the ASBR.

ABR

ASBR


Link-State Advertisements

# of LSAsLSA

HeaderLSA Data

LSA Header

LSA Data …

Field length,in bytes 1 1 2 4 4 2 2 8 Variable

DataAuthenticationAuthent-ication

type

Check-sum

Area IDRouter IDPacketlength

TypeVersionnumber


Designated Router

One designated router (DR) and one backup designated router (BDR) per multi-access segment

Minimizes amount of information exchange on the segment

Designated Router

BackupDesignated Router


External Routes

ASBRs discover external routes – Static routes– Exterior gateway protocol, such as BGP, for example

External Type 1– Cost = external cost + internal cost– Preferred over Type 2

External Type 2– Cost = external cost


When to Use OSPF

Faster convergence than distance vector Supports much larger networks Less susceptible to bad routing information


OSPF Design Tips

Number of routers per area– Depends on many factors

Number of neighbors– Fewer neighbors = better performance– Link State Database grows proportionately to the number of

links in an area

Number of areas per ABR– Fewer areas = better performance

Full mesh vs. partial mesh – Partial works better


JUNOS OSPF Support

OSPF Version 2, including: – Virtual links– Stub areas– Authentication


Configuring OSPF

Minimal configuration example protocols {

ospf {

area 0.0.0.0 {

interface interface-name;

interface interface-name;

}

}


Useful Commands

show ospf neighbor – displays state of neighbors/adjacencies Address Intf State ID Pri Dead

172.16.30.254 fe-0/0/0.0 Full 10.250.240.8 128 30

area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253

Up 00:10:50, adjacent 00:10:50

172.16.30.253 fe-0/0/0.0 Full 10.250.240.35 128 30

area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253

Up 00:10:50, adjacent 00:10:52

172.16.30.252 fe-0/0/0.0 2Way 10.250.240.32 64 38

area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253

Up 00:08:10

show ospf interface – displays state of interfaces

Interface State Area DR ID BDR ID Nbrs

fe-0/0/0.0 DR 0.0.0.0 192.168.12.1 192.168.8.1 1

fe-0/0/1.0 DR 0.0.0.0 192.168.12.1 0.0.0.0 0


Useful Commands (cont’d)

show ospf database – displays all learned OSPF LSAs OSPF link state database, area 0.0.0.0

Type ID Adv Rtr Seq Age Cksum Len

Router *10.250.240.8 10.250.240.8 0x800001fc 2388 0x3684 36

Router 10.250.240.17 10.250.240.17 0x80000217 1835 0x444c 36

Router 10.250.240.32 10.250.240.32 0x80000232 1876 0x0158 36

Router 10.250.240.35 10.250.240.35 0x80000291 1100 0x4aa5 36

Network 192.168.254.230 10.250.240.8 0x800001cc 117 0xab67 40

Summary 10.1.2.0 10.250.240.17 0x80000216 1535 0x1729 28

Summary 10.1.3.34 10.250.240.8 0x8000013a 2217 0x842f 28

OSPF link state database, area 1.0.0.0

Type ID Adv Rtr Seq Age Cksum Len

Router 10.250.240.9 10.250.240.9 0x80000267 116 0x1bb3 36

[additional information]


Lab 5: OSPF Configuration Lab

Lab objective:

Configure a Juniper Networks router with a minimal OSPF configuration


Review Questions

1. What type of routing protocol is RIP?

2. What algorithm is used by RIP to determine the best path to forward data?

3. What type of metric does RIP use?

4. What is the maximum network diameter, in terms of hop count, for RIP?

5. What is a Link-State protocol?

6. Describe the types of areas that can be used by OSPF?

7. Describe the purpose of the DR in OSPF?

8. What are ISIS packets called?

9. Describe some similarities between OSPF and ISIS?



Module 9: BGP Protocol


Module Objectives


– Describe the definition, use, operation, implementation, and interoperability considerations for BGP

– Describe BGP standards, autonomous systems, AS path and attributes, external and internal operational features, routes, and messages

– Explain JUNOS software support for BGP


What Is BGP?

BGP is an inter-domain routing protocol that communicates prefix reachability

BGP is a path vector protocol– Similar to distance vector

BGP views the Internet as a collection of autonomous systems

Stability is very important to the Internet and BGP BGP supports CIDR BGP routers exchange routing information between

peers Defined in RFC 1771


BGP Fundamentals

Routes consist of destination prefixes with an AS path and BGP-specific attributes

Each BGP update contains one path advertisement and attributes

– Many destinations can share the same path

BGP compares the AS path and attributes to choose the best path

Unfeasible routes can be advertised– Unreachable routes are withdrawn


BGP Connections

BGP updates are incremental– No regular refreshes– Except at session establishment, when volume of routing

can be high

BGP runs over TCP connections– TCP port 179– TCP Services

Fragmentation, Acknowledgments, Checksums, Sequencing, and Flow Control

– No automatic neighbor discovery


BGP Peering

BGP sessions are established between peers– BGP Speakers

Two types of peering sessions– E-BGP (external) peers with different AS's– I-BGP (internal) peers within the same AS

Still requires interior gateway protocols (IGPs)– IGP connects BGP speakers within the AS– IGP advertises internal routes


E-BGP and I-BGP

OSPFOSPF

I-BGPI-BGPE-BGPE-BGP

E-BGPE-BGPCustomer AS 1

ISP-X AS 2

I-BGPI-BGP

ISP-Y AS 3Customer 2

No AS number;uses default route

to the Internet


I-BGP Loopback Interfaces

I-BGP peering is often done using loopback interfaces– Loopback interfaces are more stable– Not tied to a single physical path

The AS needs an IGP so that I-BGP speakers can reach each others’ loopback address

Router ARouter B

AS 1

Lo0: 192.168.255.2/32

Full-MeshI-BGP

Full-MeshI-BGP

Router C

Lo0: 192.168.255.1/32

Lo0: 192.168.255.3/32


E-BGP Multihop and Load Balancing

Router A Router B AS 3

Loopback interface 0: 10.22.11.1Loopback interface 0: 172.25.1.1E-BGP

AS 1

E-BGP Multihop

192.168.1.2

192.168.1.3

Router A Router BAS 2

172.18.0.0

Loopback interface 0: 172.18.1.1Loopback interface 0: 172.16.10.1

E-BGP

AS 1172.16.0.0

E-BGP Load Balancing

10.1.1.110.1.1.2

10.2.2.110.2.2.2

Need TTL >1

Don’t limit E-BGP session to 1 physical link


BGP Route Advertisement

Advertise only the active BGP routes to peers– BGP next-hop must be reachable

Never forward I-BGP routes to I-BGP peers– Prevents loops

Withdraw routes if active BGP routes become unreachable


Default BGP Advertisement Rules

(1) I-BGP advertises routes learned from E-BGP, and…

(2) E-BGP advertises any route learned from I-BGP or E-BGP, but…

I-BGPI-BGP

I-BGPI-BGPE-BGPE-BGP

Customer AS 1

ISP 1 AS 2

(3) I-BGP does not advertise any routes learned via I-BGP


The Need for a Full I-BGP Mesh

AS1AS2

R11

R12

R13

R22

R23

R21N22

Advertise N22

X

X N23

AdvertiseN22N23

I-BGP

E-BGP

How do the default rules of I-BGP/E-BGP impact

AS2?N22

Advertise N23 N23

AdvertiseN22N23

AdvertiseN22N23


BGP Message Types

Four BGP message types:– Open– Update– Keepalive– Notification

Messages use a common header


When to Use BGP

Enterprise network that is multihomed to two or more ISPs

– To support full or partial routes

To participate as an Internet Backbone Provider

Internet

ISP 1 ISP 2

CorporateNetwork


JUNOS Software Support for BGP

RFC 1771, A Border Gateway Protocol 4 (BGP-4) RFC 1772, Application of the Border Gateway Protocol in the

Internet RFC 1965, Autonomous System Confederations for BGP RFC 1966, BGP Route Reflection: An Alternative to Full-Mesh

I-BGP RFC 1997, BGP Communities Attribute RFC 2270, Using a Dedicated AS for Sites Homed to a Single

Provider RFC 2283, Multiprotocol Extensions for BGP-4 RFC 2385, Protection of BGP Sessions through the TCP MD5

Signature Option RFC 2439, BGP Route Flap Damping RFC 2842, Capabilities Advertisement with BGP-4


JUNOS BGP Routing Table

BGP stores routes in the JUNOS software routing table (inet.0)

Routing table stores

– Routing information learned from update messages– Local routing information selected by applying local policies

to routes received in update messages– Information selected to advertise to BGP peers


Basic BGP Configuration

routing-options { autonomous-system 64;}protocols { bgp { group external-peer1 { type external; peer-as 1234; neighbor 10.0.0.1; } group internal-peers { type internal; local-address 192.168.1.1; neighbor 10.0.5.1; neighbor 10.0.6.1; } }}


Basic Routing Policy

JUNOS software policy is used to insert prefixes into BGP updates

Import and Export policies can be defined– Import policies control which routes are placed in the local

routing table– Export policies control which routes are advertised from local

routing table to neighbors


Basic Policy Configuration

First, define the policy:

policy-statement redistribute-static-routes {from protocol static;then accept;

}

Then apply the policy under BGP:

protocols {bgp {

export redistribute-static-routes;}

}


Show BGP Neighbor

user@host> show bgp neighborPeer: 10.1.1.2+179 AS 29 Local: 10.1.1.1+1048 AS 29 Type: Internal State: Established Flags: <> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Options: <Preference HoldTime> Holdtime: 90 Preference: 170 Number of flaps: 1 Error: "Cease" Sent: 1 Recv: 0 Peer ID: 10.1.1.2 Local ID: 0.0.0.0 Active Holdtime: 90 NLRI advertised by peer: unicast NLRI for this session: unicast Group Bit: 0 Send state: in sync Table inet.0 Active Prefixes: 0 Received Prefixes: 0 Suppressed due to damping: 0 Table inet.2 Active Prefixes: 0 Received Prefixes: 0 Suppressed due to damping: 0 Last traffic (seconds): Received 25 Sent 21 Checked 21 Input messages: Total 4143 Updates 0 Octets 78717 Output messages: Total 4156 Updates 10 Octets 79303 Output Queue[0]: 0 Output Queue[1]: 0


Show BGP Summary

show bgp summary – View basic information about all BGP neighbors

Groups: 12 Peers: 26 Unestablished peers: 2

Peer AS InPkt OutPkt OutQ Flaps Last Up/Dn State|#Act/Recv/Da…

172.17.0.2 45 1225 55263 50511 0 18:22:14 47769/50591/0

192.168.1.1 33 911 0 0 0 18:22:27 Active

192.168.1.97 23 10458 2201 41043 0 18:22:03 0/0/0

192.168.1.100 432 10458 163 17643 0 17:01:18 Active


Show BGP Routes

show route receive-protocol bgp <addr>– Look at routes received by a peer before policy is applied

user@host> show route receive-protocol bgp 11.1.1.1inet.0: 6 destinations, 6 routes (5 active, 0 holddown, 1 hidden)Prefix Nexthop MED Lclpref AS path10.0.0.0/8 192.168.1.1 100 I172.16.0.0/12 172.19.1.1 100 I

show route advertising-protocol bgp <addr>– Look at routes being advertised to a specific peer

user@host> show route advertising-protocol bgp 10.1.1.2inet.0: 10 destinations, 10 routes (8 active, 0 holddown, 2 hidden)Prefix Nexthop MED Lclpref AS path10.0.0.0/8 Self 100 I172.16.0.0/12 Self 100 I


Lab 7: BGP Configuration Lab

Lab objective:

Configure a Juniper Networks router with a minimal BGP configuration


Review Questions

1. On what type of network would you implement BGP?

2. How does BGP advertise routes?

3. How would a typical ISP design a network to support BGP? Draw a sample network.


Advanced VPNs

Module 10: MPLS Review and Background Information


Module Objectives

Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary


Agenda: MPLS Review



MPLS Benefits

Fully integrates IP routing and Layer 2 switching Leverages existing IP infrastructures Optimizes IP networks by facilitating traffic engineering

– Enables multi-service networking– Integrates private and public networks seamlessly


Traffic Engineering

Ability to control traffic flows in the network– Optimizes available resources– Moves traffic from IGP path to less congested path

Source Destination

Layer 3 Routing Traffic Engineering


Traffic Engineering Uses

With traffic engineering, you can:– Route paths around bottlenecks– Provide concise traffic control– Provide efficient bandwidth use– Enhance an ISP’s traffic-oriented performance– Enhance statistically bound performance characteristics of

the network– Provide more options, lower costs, and better service



Agenda: MPLS Review



High-Level Overview of Traffic Engineering

Information distribution component Path selection component Path signaling component Packet forwarding component




Information Distribution

IGP extensions propagate information– IS-IS uses type/length/value (TLV) tuples– OSPF uses opaque LSA type 10– Information is propagated within area/level only

Information propagated– Bandwidth available– Preemption priority– Link affinity (link colors)– Router ID



Path Selection

Two main approaches or a hybrid approach– Offline path calculation (in-house or third-party tools)

– Online path calculation (constraint-based routing)

– Hybrid approach provides the accuracy of offline approach with failure recovery capability

LSP

IngressLSR

EgressLSR


Path Signaling

Dynamic path creation requires a signaling protocol to:

– Coordinate label distribution

– Route the LSP explicitly

– Reserve bandwidth (optional)

– Provide class-of-service capability (DiffServ style)

– Reassign resources (like bandwidth)

– Preempt existing LSPs

– Prevent loops


Path Signaling Protocols

The IETF MPLS architecture does not assumea single protocol for assigning and distributing labels

– LDP Executes hop by hop

Selects same physical path as IGP

Supports reduced LSP complexity

– RSVP Extends easily for explicit routes and label distribution

Deployed by providers in production networks

A well-known signaling protocol

– CR-LDP Extends LDP to support explicit routes

Functionally identical to RSVP

Not supported by Juniper Networks



Packet Forwarding

Ingress router examines IP header Packet is then:

– Classified for interface output queue– Assigned a label– Encapsulated in an MPLS header– Forwarded toward the next hop in the LSP


Agenda: MPLS Review



MPLS Terminology

Forward equivalence class (FEC)– Stream/flow of IP packets – FEC/label binding mechanism

Label– Fixed length– Local significance– Label distribution, retention, and control

Downstream on demand/unsolicited downstream

Liberal/conservative

Independent/ordered

LSR label processing– Push/swap/pop/multi-push/swap-push



MPLS Terminology: MPLS Shim Header

MPLS shim header fields:– Label (L)– Experimental (CoS)– Stacking bit (S)– Time to live (TTL)

Reserved and pre-defined label values

32 bits

TTLLabel (20 bits) CoS S

IP PacketIP PacketL2 HeaderL2 Header MPLS Header




MPLS Terminology: Label Swapping

Port 1

Port 3

Port 2

Port 4

Connection Table

In(port, label)

Out(port, label)

(1, 22)

(1, 24)

(1, 25)

(2, 23)

(2, 17)

(3, 17)

(4, 19)

(3, 12)

LabelOperation

Swap

Swap

Swap

Swap

25IP

19IP


MPLS Terminology: Router Types

SanFrancisco

New York

LSP

IngressLSR Transit

LSRTransit

LSR

EgressLSR

PenultimateRouter



Packet Forwarding

Ingress LSR determines FEC and assigns a label– Forwards Paris traffic on the green LSP– Forwards Rome traffic on the blue LSP

Traffic is label-swapped at each transit LSR Egress LSR

– Removes MPLS header (dependent upon penultimate hop pop)

– Forwards packet based on destination address

EgressLSRIngress

LSRParis

Rome

Source


200.3.2.7

Packet Forwarding Example

134.5.1.5

200.3.2.7

1

200.3.2.1

134.5.6.1

Ingress Routing TableDestination Next Hop

134.5/16

200.3.2/24

(3,99)

(3, 99)

MPLS TableIn Out

(1, 99) (2, 56)

MPLS TableIn Out

(3, 56) (5, 3)

Destination

Egress Routing TableNext Hop

134.5/16

200.3.2/24

134.5.6.1

200.3.2.1

200.3.2.7

99200.3.2.7

200.3.2.756200.3.2.7

3

2 3 5

BGP Next Hop

192.168.2.1

192.168.2.1

Lo0:192.168.2.1


Test for Understanding

What label value does the egress LSR for the tunneling LSP signal to the penultimate LSR so that label 18 is popped off the top of the stack?

424224IP

181824IP

25IP24IP

56IP

Penultimate LSR

Penultimate Hop Pops LabelLabel Stacking

Tunneling LSP


Agenda: MPLS Review



Resource Reservation Protocol

Internet standard for resource reservation– Originally intended for IP QoS

Not a routing protocol– Transports and maintains traffic and policy parameters that

are opaque to RSVP

Simplex reservations for unicast traffic– Receiver-oriented resource allocation– Maintains soft state for graceful changes of:

Multicast membership

Routing

– Multiple reservation styles– Supports IPv4 and IPv6


RSVP Session

Can have simultaneous, multiple, independent sessions

– Session is data flow defined by three parameters (destination address, protocol ID, destination port)

– RSVP sessions are between hosts, not just routers– Use traceoptions to show session creation information:

R1 R4 R8 R9

RESV

PATH

IngressRouter

EgressRouter

Host

Host

May 8 13:26:42 RSVP new Session 192.168.80.1(port 17) Proto 0

May 8 13:26:42 RSVP new path state, session 192.168.80.1(port 17) Proto 0

May 8 13:26:42 RSVP new resv state, session 192.168.80.1(port 17) Proto 0


RSVP Messaging Protocol

RSVP message types– Path: establishes state– Resv: reserves resources– PathTear: removes path state– ResvTear: removes reservation state– PathErr: error message sent upstream to sender– ResvErr: establishes blockade state– ResvConf: message confirming reservation request

Path and resv state block data structures store soft state information

R1 R4 R8 R9

Resv

Path

IngressRouter

EgressRouter

Host Host

Establish Path State Block

Establish Resv State Block



Traffic Engineering Extensions Path message extensions

– Mandatory: Session object: identifies that the RSVP session will be an LSP tunnel Label request object: requests LSRs to provide a label binding

– Optional: Explicit route object (ERO): specifies predetermined path, independent of

IGP path Record route object (RRO): lists the LSRs that the LSP tunnel traverses Session attribute object: aids in session identification, and also controls

path setup priority, holding priority, and local-rerouting features

Resv message extensions– Mandatory:

Label object: performs the upstream-on-demand label distribution process

Session object: uniquely identifies the LSP being established Style object: specifies the reservation style (fixed-filter or

shared-explicit)

– Optional: Record route object: returns the LSPs path to the sender of the path

message


Path Message

RSVP path message– Explicit route is passed to R1– R1 transmits a path message addressed to R4

Label request object requests label binding ERO = {strict R2, strict R3, strict R4} (optional field) Record route object lists nodes visited (optional field) Session object identifies LSP name Session attributes controls priority, preemption, fast reroute (optional

field) Sender Tspec requests bandwidth reservation

– Each router acts on RSVP packet because of router alert option



Establish PathState Block

IngressLSR

EgressLSR

Explicit Route = {R1, R2, R3, R4}

PATHERO= {R2, R3, R4}

PATHERO= {R3, R4}

PATHERO= {R4}

R1 R2 R3 R4




Resv Message

IngressLSR

EgressLSR

R1 R2 R3 R4RESV

Label = 20

RESV

Label = 3

RESV

Label = 17

MPLS TableIn Out

(6, 20)(3, 17)

MPLS TableIn Out

(2, 17)IP Route

MPLS TableIn Out

(5, Pop)(2, 20)

i3 i6 i2 i5 i4i2

PenultimateLSR

Resv message– R4 transmits a resv message to R3

Label = 3 (indicates that penultimate LSR should pop header) Session object uniquely identifies the LSP Style object identifies fixed filter or shared explicit Record route object lists nodes visited (optional field)

– R3 and R2 Stores outbound label, allocates an inbound label Transmits resv message with inbound label to upstream LSR

– R1 binds label to FEC



Agenda: MPLS Review



Named Path via Explicit Route Object

Permits explicit path assignment– Used to specify the route RSVP path messages take for

setting up LSP

Can specify loose or strict routes– Loose routes rely on routing table to find destination– Strict routes specify the directly connected next hop– A route can have both loose and strict components

Uses ERO processing algorithm



Named Path ERO: Strict Route

Next hop must be directly connected to previous hop

A

FE

D

C

B

IngressLSR

Egress LSR

B strictC strictE strictD strictF strict

ERO

Strict


Named Path ERO: Loose Route

Consult the routing table at each hop to determine the best path

A

FE

D

C

B

Egress LSR

IngressLSR

D loose

ERO

Loose


Named Path ERO: Strict/Loose Path

Strict and loose routes can be mixed

A

FE

D

C

B

Egress LSR

IngressLSR

C strictD looseF strict

ERO

Strict

Loose


Named Path Code mpls {

traffic-engineering bgp-igp;

label-switched-path Blue1 {

to 192.168.24.1;

primary one;

}

label-switched-path Blue2 {

to 192.168.12.1;

primary one;

}

path one {

192.168.20.1 loose;

}

isis {

traffic-engineering shortcuts;

interface all {

level 1 disable;

}

}

Use loopback addressinstead of interface address,so loose section of pathcan reroute if necessary


lab@HongKong> show mpls lsp

Ingress LSP: 2 label-switched paths

To From State Rt ActivePath P LSPname

192.168.12.1 192.168.16.1 Up 2 one * Blue2

192.168.24.1 192.168.16.1 Up 5 one * Blue1

Total 2 displayed, Up 2, Down 0

Egress RSVP: 0 sessions


Transit RSVP: 0 sessions


Named Path Verification


Agenda: MPLS Review



Constraint-Based Routing Overview (1 of 2)

Modified shortest path first algorithm Integrates TED data

– IGP topology information– Available bandwidth– Link color– Path determined according to administrative constraints of

LSP Maximum hop count Bandwidth Strict or loose routing Administrative groups Priority

Prunes non-qualifying paths then performs an SPF algorithm on remaining routes


Constraint-Based Routing Overview (2 of 2)

Routing Table

Extended IGP

Traffic EngineeringDatabase (TED)

UserConstraints

ConstrainedShortest Path First

Operations Performed by the Ingress LSR

1) Stores information from IGP flooding

3) Examines user-defined constraints

4) Calculates the physical path for the LSP

5) Represents path as an explicit route

6) Passes ERO to RSVP for signaling

2) Stores traffic engineering informationExplicit Route

RSVP Signaling


IGP Extensions

Routing Table

Extended IGP


UserConstraints

Constrained ShortestPath First (CSPF)

Explicit Route

RSVP Signaling

Distributes topology and traffic engineering information using IGP extensions

– Maximum reservable bandwidth– Remaining reservable bandwidth– Link administrative groups

(color) Mechanisms

– Opaque LSAs for OSPF– New TLVs for IS-IS


Traffic Engineering Database

Traffic engineering database– Used exclusively for calculating explicit paths for the

placement of LSPs across the physical topology– Maintains traffic engineering information learned from the

extended IGP

Contents– Up-to-date network topology information– Current reservable bandwidth of links– Link administrative groups (colors)– Link priority information


User Constraints

User-defined constraints appliedto path selection

– Bandwidth requirements– Hop count limitations (for fast

reroute)– Administrative groups (colors)– Priority (setup and hold)– Explicit route (strict or loose)*

* Also specified for signaled LSPs (no-cspf)

Routing Table

Extended IGP


UserConstraints


Explicit Route

RSVP Signaling


Constrained Shortest Path First

Routing Table

Extended IGP


UserConstraints


Explicit Route

RSVP Signaling

For LSP = (highest priority) to (lowest priority)

– Prune links with insufficient bandwidth

– Prune links that do not contain an included color

– Prune links that contain an excluded color

– Calculate shortest path from ingress to egress consistent with ERO

– Select among equal-cost paths (least hop, then fill)

– Pass explicit route to RSVP

End for


RSVP Signaling

RSVP signaling– Explicit route calculated by CSPF is handed to RSVP

RSVP is unaware of how the ERO was calculated

– RSVP establishes LSP Path: Establishes state and requests label assignment

Resv: Distributes labels and reserves resources

EgressLSR

CSPF

PATHPATH

RESVRESVIngress

LSR

RSVP

ERO


Agenda: MPLS Review



Administrative Groups (1 of 7)

Administrative groups– Thirty-two named groups, 0 through 31—carried as

32-bit value in IGP updates– Groups assigned to interfaces

SanFrancisco

Gold

Bronze

Silver



0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 00 0 0 0 0 0 01 1 0

Administrative groups

– Colors advertised on a per-link basis via IGP: 0xC000000E

– Colors on router: internal management, bronze, silver, gold


[edit protocols]mpls {

admin-groups {good 1;silver 2;bronze 3;management 30;internal 31;

}interface so-0/0/0 {

admin-group [ good management ]}interface so-0/1/0 {

admin-group silver;}interface so-0/2/0 {

admin-group good;}interface so-0/3/0 {

admin-group good;}

}



CSPF can include and exclude groups in automatic path calculation

Logical groupings are supported

mpls {label-switched-path to-miami {

to 1.1.1.1;primary use-fargo {

admin-group {include gold;exclude [ bronze silver ]

}}

}path use-fargo {

10.0.1.2 loose;}

}


Logical AND

Logical OR



A-D-H has the lowest IGP metric—4

C

D

E

F

G

H

B

A

I1

2

3

4

1

3

51

56

2

3

2

3



Choose the path from A to H using:admin group {

include [copper bronze];

exclude admin;

}

C

D

E

F

G

H

B

A

I

Copper

Copper Copper

BronzeBro

nze

AdminBronze

Bronze

Gold

Copper

Admin

Silver

Gold

Ad

min

Copp

er

1

2

3

4

1

31

36

2

3

2

1

6

5



C

D

E

F

G

H

B

A

I

Copper

Copper Copper

BronzeBro

nze

AdminBronze

Bronze

Gold

Copper

Admin

Silver

Gold

Ad

min

Copp

er

1

2

3

4

1

31

36

2

3

2

1

6

5

A-D-E-G-I-H is the shortest path excluding the admin class and including copper or bronze


Agenda: MPLS Review



Fast-Reroute Overview

Short-term solution to reduce packet loss—if node or link fails, upstream node:

– Immediately detours– Signals failure to ingress LSR

Ingress LSR knows traffic engineering constraints– Ingress router computes alternate route based on configured

secondary paths; tries to reestablish primary path– Initiates long-term reroute solution– By default, reroute paths inherit administrative groups only—

no other parameters


Fast-Reroute Operation

Fast reroute in operation:– Configured on ingress router only– Detours around node or link failure

~100s of ms reroute time

– Detour paths immediately available– Uses TED to calculate detour


Fast-Reroute Example

Enable fast reroute on ingress LSR – SF creates detour around LA– LA creates detour around Austin– Austin creates detour around Miami

SanFrancisco

Miami

Austin

Los Angeles

New York

Fargo


Fast-Reroute Example: Short Term

LA to Austin link fails – LA immediately detours around Austin– LA signals to SF that failure occurred

SanFrancisco

Miami

Austin

Los Angeles

New York

Fargo


Fast-Reroute Example: Long Term

SF fails over to secondary path

SanFrancisco

Miami

Austin

Los Angeles

New York

Fargo


protocols mpls

label-switched-path Tom {

to 192.168.24.1;

primary top;

secondary bottom {

bandwidth 75m;

priority 5 5;

standby;

}

fast-reroute;

}

Fast Reroute

…protocols mpls

path top {

192.168.0.1 loose;

192.168.2.1 loose;

}

path bottom {

192.168.8.1 loose;

192.168.12.1 loose;

}


Agenda: MPLS Review



Circuit Cross-Connect Overview

Connects two Layer 2 circuits– Supports:

PPP, Cisco HDLC, Frame Relay, ATM, and VLAN 802.1Q

– Based on Layer 2 circuit ID Carries any protocol

Connects only like interfaces (for example, Frame Relay to Frame Relay, or ATM to ATM)

Three types of cross-connects:– Layer 2 switching– MPLS tunneling– Stitching MPLS LSPs


CCC MPLS Interface Tunneling (1 of 2)

Transports packets from one interface through an MPLS LSP to a remote interface

– Supports tunneling between two like interfaces, such as ATM, Frame Relay, PPP, and Cisco HDLC connections

– Bridges Layer 2 packets from end to end

ATM operation

A BATM VC 514 ATM VC 590

M20MPLS LSP

ATM Access Network ATM Access NetworkIP Backbone

M40


CCC MPLS Interface Tunneling (2 of 2)

[edit protocols]

user@M40# show

connections {

remote-interface-switch m40-to-m20

interface at-7/1/1.514;

transmit-lsp lsp1;

receive-lsp lsp2;

}

[edit protocols] user@M20# show connections { remote-interface-switch m20-

to-m40 interface at-3/0/1.590; transmit-lsp lsp2; receive-lsp lsp1; }

A BATM VC 514 ATM VC 590

M20MPLS LSP1

ATM Access Network ATM Access NetworkIP Backbone

M40MPLS LSP2

at-7/1/1.514 at-3/0/1.590


Special Caveats for CCC

VLAN CCC caveats– VLAN tagging at physical interface

VLAN 0-511 on unit with ccc-encap support 802.1Q VLAN VLAN 512-4094 only VLAN IDs that support CCC GE PICs must be Rev B

– Frame Relay: encapsulates frame-relay-ccc at physical interface

DLCI 1-511 on unit is normal Frame Relay DLCI 512-1022 on unit is CCC Frame Relay

– Layer 2 switching cross-connect: PPP and HDLC must be unit 0

– ATM: cannot configure family on unit if atm-ccc-vc-mux encapsulation is set



Agenda: MPLS Review



Purpose of LDP (1 of 2)

Creates forwarding equivalence class– A group of IP packets which are forwarded in the same

manner (RFC 3031) Manages LSP to egress router

– New concept LDP associates the FEC with each LSP it creates

– Solves problems Enables VPNs

Allows traffic class mapping


Purpose of LDP (2 of 2)

LDP creates an LSP tree for each FEC from every possible ingress router to egress router

C

D

E

F

G

H

B

A

I

Egress

LDP LSP

RSVP LSP

Only one LDP LSP,

while four RSVP

LSPs


Label Distribution Protocol (1 of 2)

Distributes label binding information– Runs on LSRs in conjunction with IP routing protocols – Labels are periodically refreshed

LDP messages types– Discovery: locates potential LDP peers– Session: manages peer-to-peer TCP sessions– Advertisement: creates, changes, or deletes label mappings– Notification: provides advisory information

UpstreamLDP Peer

DownstreamLDP Peer

TCP Session Establishment

Initialization Messages

Label Request Messages

Discovery (Hello messages)

Label Mapping Messages

Session

Advertisement



Label Distribution Protocol (2 of 2)

LDP label mapping– Downstream peer assigns labels – Benefits

Traffic engineering information is not piggybacked on routing protocols

– Limitations LSPs follow the conventional IGP path Does not support explicit routing

Net: 10.0.0.0

Net: 11.0.0.0

Label: 53

UpstreamLDP Peer

DownstreamLDP PeerrLSR

i3i2i5i4i1i3

Net: 11.0.0.0Net: 10.0.0.0

Label: 52

(3, 29)

Net: 10.0.0.0 Label: 29

MPLS TableIn Out

(2, 52)

MPLS TableIn Out

(1, 17)

MPLS TableIn Out

(5, 52)

ReceiveOutgoing

Label(4, 17)

Net: 11.0.0.0Net: 10.0.0.0

Label: 17

AdvertiseIncoming

Label(3, 35)

Net: 11.0.0.0 Label: 29

i4

i1


LDP Tunneling through RSVP-TE LSP (1 of 2)

protocols {

mpls {

label-switched-path lsp-path-name {

from source;

to destination;

ldp-tunneling;

}

}

}

Router A Router B

RSVP

LDP LDP


LDP Tunneling through RSVP-TE LSP (2 of 2)

LDP

LDPLDP

LDP

RSVP

RSVP RSVP

RSVP


Agenda: MPLS Review



Basic MPLS Configuration Summary

MPLS configuration summary

– Configure MPLS and RSVP protocols

– Configure family MPLS on interfaces

– Configure an LSP

– Configure basic IP stuff (for example, addresses and protocols)


Basic RSVP-Signaled LSP

[EDIT]#

Lab@host#set protocols mpls interface all

Lab@host#set protocols rsvp interface all

Lab@host#set interface IN-#/#/# unit 0 family mpls

Lab@host#set protocols mpls label-switched-path TOM to IP address no-cspf


Displaying MPLS LSPs

lab@SanFrancisco> show mpls lsp


To From State Rt ActivePath P LSPname

192.168.8.1 192.168.2.1 Up 1 se-gold * sf-to-ny


Egress RSVP: 2 sessions, 1 detours

To From State Rt Style Labelin Labelout LSPname

192.168.2.1 192.168.8.1 Up 0 1 FF 3 - NYC-to-SF

192.168.2.1 192.168.8.1 Up 0 1 FF 3 - NYC2-to-SF






Displaying Additional MPLS Information

lab@SanFrancisco> show mpls lsp extensive


192.168.8.1

From: 192.168.2.1, State: Up, ActiveRoute: 1, LSPname: sf-to-ny

ActivePath: use-gold (primary)

LoadBalance: Random

*Primary use-gold State: Up

Include: gold

Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 30)

10.0.5.2 S 10.0.7.2 S 10.0.9.2 S

102 Jan 5 12:12:28 Selected as active path

101 Jan 5 12:11:58 Record Route: 10.0.5.2 S 10.0.7.2 S 10.0.9.2 S

100 Jan 5 12:11:58 Up

99 Jan 5 12:11:58 Clear Call

98 Jan 5 12:11:58 CSPF: computation result accepted

97 Jan 5 12:11:43 Record Route: 10.0.3.1 S 10.0.1.2 S 10.0.14.1 S



Displaying the MPLS Switching Table

lab@Montreal>show route table mpls.0

mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)


0 *[MPLS/0] 02:47:47, metric 1

Receive

1 *[MPLS/0] 02:47:47, metric 1

Receive

100003 *[RSVP/7] 00:00:53, metric 1

> to 10.0.24.2 via fe-0/0/2.0, label-switched-path HK-AM1

100003(S=0) *[RSVP/7] 00:00:53, metric 1


100004 *[RSVP/7] 00:00:53, metric 1


100004(S=0) *[RSVP/7] 00:00:53, metric 1



Displaying RSVP Session Informationlab@SanFrancisco> show rsvp session

Ingress RSVP: 2 sessions


192.168.8.1 192.168.2.1 Up 1 1 FF - 100010 sf-to-ny

192.168.8.1 192.168.2.1 Up 0 1 FF - 100058 sf-to-ny


Egress RSVP: 2 sessions, 1 detours


192.168.2.1 192.168.8.1 Up 0 1 FF 3 - NYC-to-SF

192.168.2.1 192.168.8.1 Up 0 1 FF 3 - NYC2-to-SF






Displaying Neighbor Information

lab@SanFrancisco> show rsvp neighbor

RSVP neighbor: 3 learned

Address Idle Up/Dn LastChange HelloInt HelloTx/Rx MsgRcvd MsgType

10.0.3.1 0 1/0 5:35:37 3 29326/6556 850 Path,Resv

10.0.4.2 0 1/0 2w1d 22:54:25 3 448522/448391 61407 Path,Resv

10.0.5.2 5 1/0 5:35:42 3 29316/6557 30587 Path,Resv


Displaying RSVP-Enabled Interfaces

lab@SanFrancisco> show rsvp interface

RSVP interface: 3 active

Active Subscr- Static Available Reserved Highwater

Interface State resv iption BW BW BW mark

fxp0.0 Up 0 100% 100Mbps 100Mbps 0bps 0bps

fe-0/0/2.0 Up 0 100% 100Mbps 100Mbps 0bps 0bps

ge-0/1/0.0 Up 0 100% 1000Mbps 1000Mbps 0bps 0bps


Next Hop Resolution

Denver DC

NY

192.168.16.1

192.168.1.1 192.168.4.1

192.168.24.1SF

10.0.24/30.1

.2

10.0.1/30 .2.1

10.0.16/30.2

.1

134.112/16E-BGP

134.112/16I-BGP

Boston

AS2NJ

10.0

.29/

30

.1

210561021

Dallas 192.168.8.1 .1.210.0.20/30

10.0.21/30

.1

.2

AS64512Configure nexthop self

LSP SF-to-NY lo0 192.168.24.1

lab@SF> show route 192.168.24.1 inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) 192.168.24.1/32 *[IS-IS/18] 00:26:50, metric 30, tag 2 > to 10.0.16.2 via fe-0/0/0.0 inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) 192.168.24.1/32 *[RSVP/7] 00:00:53, metric 0 > to 10.0.16.2 via fe-0/0/0.0, label-switched-path to_ny


Using traceroute to Prove LSP Works

lab@SF> traceroute 134.112.1.1

traceroute to 134.112.1.1 (134.112.1.1), 30 hops max, 40 byte packets

1 10.0.16.2 (10.0.16.2) 0.766 ms 0.662 ms 0.612 ms

MPLS Label=1056 CoS=0 TTL=1 S=1

2 10.0.1.2 (10.0.1.2) 0.709 ms 0.654 ms 0.738 ms

MPLS Label=1021 CoS=0 TTL=1 S=1

3 10.0.24.2 (10.0.24.2) 0.648 ms 0.632 ms 0.610 ms

.

.

.


Module Review

1. What are the main benefits of MPLS?

2. How does traffic engineering differ from plain MPLS?

3. Can you describe basic RSVP operation?

4. What is the advantage of using fast reroute?

5. Can you describe the basic operation of LDP?

6. What commands can you use to monitor the operational status of LSPs on Juniper Networks M-series and T-series routers?



Advanced VPNs

Module 11: Layer 3 VPNs


Module Objectives


– Define the roles of P, PE, and CE routers– Describe the format of VPN-IPv4 addresses– Explain the role of the route distinguisher– Describe the flow of RFC 2547bis control information– Explain the operation of the RFC 2547bis forwarding plane


Agenda: Layer 3 MPLS VPNs

RFC 2547bis Terminology

VPN-IPv4 Address Structure

Operational Characteristics– Policy-Based Routing Information Exchange

– Traffic Forwarding



RFC 2547bis Terminology VPN-IPv4 Address Structure Operational Characteristics

– Policy-Based Routing Information Exchange– Traffic Forwarding


Customer Edge Routers

Customer edge (CE) routers – Located at customer premises – Provide access to the service provider network– Can use any access technology or routing protocol for the

CE/PE connection

CEPP

PE

PE

CE

Customer Edge

CE

CE

PE

VPN AVPN A

VPN B VPN B


Provider Edge Routers

Provider edge (PE) routers– Maintain VPN-specific forwarding tables– Exchange VPN routing information with other PE routers

using BGP– Use MPLS LSPs to forward VPN traffic

CEPP

PE

PE

CE

Provider Edge

CE

CE

PE

VPN AVPN A

VPN B VPN B


Provider Routers

Provider (P) routers – Forward VPN data transparently over established LSPs– Do not maintain VPN-specific routing information

CEPP

PE

PE

CE

Provider Routers

CE

CE

PE

VPN AVPN A

VPN B VPN B


VPN Sites

A site is a collection of machines that can communicate without traversing the service provider backbone

Each VPN site is mapped to a PE router interface – Routing information is stored in different tables for each

site

VPN Site

CEPP

PE

PE

CE

CE

CE

PE

VPN AVPN A

VPN B VPN B


VPN Routing and Forwarding Tables

P

P

P PE 2

VPN ASite 3

VPN ASite 1

VPN BSite 2

VPN BSite 1

PE 1

PE 3

VPN ASite 2

CE–A1

CE–B1CE–A3

CE–A2

CE–B2

P

VPN BSite 3

CE–B3CE–C1

VPN CSite 1

VPN CSite 2

CE–C2

A VRF is createdfor each site

connected to the PE

OSPF OSPF RoutingRouting

Static Static RoutingRouting

BGP BGP RoutingRouting


VRFs

Each VRF is populated with:– Routes received from directly connected CE sites associated

with the VRF– Routes received from other PE routers with acceptable

MP-BGP attributes

Packets from a given site are only matched against the site’s corresponding VRF

– Provides isolation between VPNs





Operational Characteristics

– Policy-Based Routing Information Exchange



Overlapping Address Spaces

VPNs A and B use the same address space– PE 1 uses a separate routing table (VRF) for each VPN site– PE 2 would normally choose between the two 10.1/16 routes

– MPLS/BGP VPNs solve this problem with the route distinguisher

VPN ASite 2

VPN ASite 1

VPN BSite 1

PE 1

CE–A1

CE–B1

CE–A2

VPN BSite 2

CE–B2

10.1/16

10.1/16

PE 2

10.1/16

10.1/16

?


Route Distinguisher

VPN-IPv4 NLRI Format

VPN-IPv4 address family – New BGP-4 sub-address family identifier (SAFI 128)

Consists of MPLS label + route distinguisher + subscriber IPv4 prefix

– Route distinguisher disambiguates IPv4 addresses Allows service provider to administer its own numbering space

VPN-IPv4 addresses are distributed by MP-BGP– Uses multiprotocol extensions for BGP4 (RFC 2283)

A /32 IPv4 prefix produces a mask of /120 (15 octets)– JUNOS software CLI displays (and the examples in this class)

only show IPv4 prefix length (that is, /32)

Type AdministratorAssignedNumber Subscriber IPv4 Prefix

(2 bytes)(variablelength)

(variablelength)

(0–4 bytes)

MPLS Label

(3 bytes)

Mask

(1 byte)


Route Distinguisher Formats

Two values are defined for type field: 0 and 1– Type 0: adm field = 2 bytes, AN field = 4 bytes

Adm field should contain an autonomous system number (ASN) from IANA

AN field is a number assigned by service provider

– Type 1: adm field = 4 bytes, AN field = 2 bytes Administration field should contain an IP address assigned by IANA Assigned number field is a number assigned by service provider

– Examples: 10458:22:10.1.0.0/16 or 1.1.1.1:33:10.1.0.0/16

2-Byte Type Field: determines the lengths of the other two fields

Administration Field: identifies the assigned number authority

Assigned Number Field: number assigned by the identified authority for a particular purpose

(Type) (Adm) (AN)

8-Byte Route Distinguisher 4-Byte IP Address


The VPN-IPv4 Address Family

Route distinguisher disambiguates IPv4 addresses VPN-IPv4 routes

– Ingress PE router prepends route distinguisher to IPv4 prefix of routes received from each CE device

– VPN-IPv4 routes are exchanged between PE routers using MP-BGP

– Egress PE router converts VPN-IPv4 routes into IPv4 routes before inserting into site’s routing table (VRF)

VPN-IPv4 is used only in the control plane– Data plane uses MPLS-encapsulated IPv4 packets


Using Route Distinguishers to Disambiguate Addresses

The overlapping routes from A and B cannot be compared as they have unique route distinguishers

VPN ASite 2

VPN ASite 1

VPN BSite 1

PE 1

CE–A1

CE–B1

CE–A2

VPN BSite 2

CE–B2

10.1/16

10.1/16

PE 2

10458:22:10.1/16

10458:23:10.1/16









2547bis: Operational Overview

Control flow (signaling plane)– Routing information exchange between CE and PE routers

Independent at both ends

– Routing information exchange between PE routers– LSP establishment between PE routers (RSVP or LDP signaling)

Data flow (forwarding plane)– Forwarding user traffic

P

P

P

PE 2

VPN ASite 3

VPN ASite 1 VPN B

Site 2

VPN BSite 1

PE 1

PE 3

VPN ASite 2

CE–A1

CE–B1 CE–A3

CE–A2

CE–B2

P


RFC 2547bis Policies

VPNs defined by administrative policies– Used for connectivity and QoS guarantees– Defined by customers– Implemented by service providers

Full-mesh or hub-and-spoke connectivity– Logical VPN topology results from the application of export

and import route target policies


PE-PE Route Distribution

Distribution of routes is controlled by BGP extended community attributes and VRF policy

– Route target Identifies a set of VRFs to which a PE router distributes routes

– Site of origin/route origin Identifies the specific site from which a PE router learns a route

Structured similarly to the route distinguisher– 8 bytes in length

2-byte type field, 6-byte value field

– Type 0 2-byte global administrator subfield (ASN) 4-byte local administrator subfield

– Type 1 4-byte global administrator subfield (IANA-assigned IP Address) 2-byte local administrator subfield


Route Target Extended Community

Each VPN-IPv4 route advertised through MP-BGP is associated with a route target community

– Export policy or explicit configuration define the targets associated with routes a PE router sends

Upon receipt of a VPN-IPv4 route, a PE router decides whether to add that route to a VRF

– Import policies or explicit configuration define which routes to add to a given VRF

Route isolation between VRFs is accomplished through careful policy administration

– Service provider provisioning tools can determine the appropriate export and import targets automatically


Exchange of Routing Information (1 of 7)

CE device advertises route to PE router– Using traditional routing techniques (for example, OSPF,

RIP, BGP, and static routes)

PE-2

CE-4

PE-1MP-IBGP Session CE-2

CE-3

CE-1

10.1/16

OSPF

VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

1

VRF

VRF

VRF

VRF


IPv4 address is added to the appropriate VRF

PE-2

CE-4

PE-1

MP-IBGP Session CE-2

CE-3

CE-1

10.1/16

OSPF

10458:23:10.1/16


VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

2

VRF

VRF

VRF

VRF


VRF is configured to advertise the routes in the VRF as L3VPN routes using MP-BGP

– VRF configuration adds “VPN RED” route target community

PE-2

CE-4

PE-1


CE-3

CE-1

10.1/16

OSPF


VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

10458:23:10.1/16

“VPN RED” Export3

VRF

VRF

VRF

VRF


VPN-IPv4 NLRI is advertised to other PE routers– Inner label (a.k.a VRF label, BGP label)– Extended communities

Route target

Site of origin

– BGP next hop (RID of advertising PE router)

PE-2

CE-4

PE-1


CE-3

CE-1

OSPF

10458:23:10.1/16“VPN RED” ExportLabel Z Next Hop PE-2

10.1/16


VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

4

VRF

VRF

VRF

VRF


Each PE router is configured with import route targets– Import route target is used to incorporate VPN-IPv4 routes

into VRFs selectively If import route target matches route target attribute in BGP route, the

route is installed into the bgp.l3vpn table and copied into appropriate VRF(s)

Based on configured route target or import policies, 10458:23:10.1/16 is copied into the red VRF but not the blue VRF

“VPN RED” Import MBGP

PE-2

CE-4

PE-1


CE-3

CE-1

OSPF


10.1/16


VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

5

VRF

VRF

VRF

VRF


Each VPN-IPv4 route in a VRF is associated with:– Inner (VRF) label to reach the advertised NLRI (carried in

MP-BGP update)– Outer label to reach the PE router

All routes associated with the same VRF interface can share a common label

10458:23:10.1/16

BGP Label (Inner) Label (Z)MPLS (Outer) Label (y)

“VPN RED” Import MBGP

PE-2

CE-4

PE-1


CE-3

CE-1

OSPF


10.1/16


VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

6

VRF

VRF

VRF

VRF


Each IPv4 route installed in a VRF can be advertised to the CEs associated with that VRF

– For example, RIP, OSPF, and BGP– Routing policy can be used on the PE-CE link to control

the exchange of routing information further

10.1/16 Next Hop PE1

PE-2

CE-4

PE-1


CE-3

CE-1


VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

7

VRF

VRF

VRF

VRF







Traffic Forwarding


Data Flow (1 of 7)

The PE-to-PE LSP must be in place before forwarding data across the MPLS backbone

– LSPs are signaled through LDP or RSVP

PE-2

CE-4

PE-1

CE-2

CE-3

CE-1

VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

LSP

10.1/16

VRF

VRF

VRF

VRF


Data Flow (2 of 7)

The CE device performs a traditional IPv4 lookup and sends packets to the PE router

IP10.1.2.3

PE-2

CE-4

PE-1

CE-2

CE-3

CE-1

10.1/16

VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

VRF

VRF

VRF

VRF


Data Flow (3 of 7)

The PE router consults the appropriate VRF for the inbound interface

Two labels are derived from the VRF route lookup and are pushed onto the packet

IP10.1.2.3

PE-2

CE-4

PE-1

CE-2

CE-3

CE-1

PE-1 1) Look up route in Red VRF2) Push BGP label (z)3) Push outer label (x)

10.1/16

VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

VRF

VRF

VRF

VRF


Data Flow (4 of 7)

Packets are forwarded using two-level label stack– Outer (MPLS) label

Identifies the LSP to egress PE router Resolves BGP next hop through inet.3 Distributed by RSVP or LDP

– Inner (MP-BGP) label Identifies outgoing interface from egress PE to CE Communicated in MP-BGP updates (control plane)

IP10.1.2.3

PE-2

CE-4

PE-1

CE-2

CE-3

CE-1

PE-1 1) Look up route in Red VRF2) Push BGP label (z)3) Push outer label (x)

IP10.1.2.3

BGP label (z)

outer label (x)

10.1/16

VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

VRF

VRF

VRF

VRF


Data Flow (5 of 7)

After packets exit the ingress PE router, the outer label is used to traverse the service provider

– P routers are not VPN-aware

PE-2

CE-4

PE-1

CE-2

CE-3

CE-1

IP10.1.2.3

BGP label (z)

outer label (x)

10.1/16

VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

VRF

VRF

VRF

VRF


Data Flow (6 of 7)

Penultimate hop popping (before reaching the egress PE router) removes the outer label

PE-2

CE-4

PE-1

CE-2

CE-3

CE-1

IP10.1.2.3

BGP label (z)

PenultimatePop top label

10.1/16

VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

VRF

VRF

VRF

VRF


Data Flow (7 of 7)

The inner label is removed at the egress PE router The native IPv4 packet is sent to the outbound

interface associated with the label

PE-2

CE-4

PE-1

CE-2

CE-3

CE-1

IP10.1.2.3

10.1/16

VPN ASite 1

VPN BSite 1

VPN BSite 2

VPN ASite 2

VRF

VRF

VRF

VRF


Module Review

1. Can you define the roles of P, PE, and CE routers?

2. What is the format of VPN-IPv4 addresses?

3. What is the role of the route distinguisher?

4. Can you describe the flow of 2547bis control information?

5. Can you explain the operation of the 2547bis forwarding plane?



Introduction to Juniper Networks Routers

Module 12: Routing Policy


Module Objectives


– State the purpose of routing policy– Explain the difference between import and export policies– Describe the default policy for OSPF, IS-IS, and BGP– Compare route filter match types– Write multiterm policies– Correctly apply policy to BGP– Use the CLI to monitor policy operation– Describe advanced policy capabilities


Routing Policy

Where we are going…– Overview– When to use policy– Import vs. export policy– Routing policy flow– Generic policy syntax– Match conditions– Match actions– Default policies– Policy examples– Applying policy– Route filters– Advanced policy overview


Policy Overview

Controls routing information transferred into and out of the routing table

– Can ignore or change incoming routing information – Can suppress or change outgoing routing information

Policies are made up of match/action pairs – Match conditions can be protocol specific


When to Apply Policy

Apply policy when:– You do not want to import all learned routes into the routing

table– You do not want to advertise all learned routes to

neighboring routers– You want one protocol to receive routes from another

protocol– You want to modify information associated with a route


Import and Export Policies

Perform policy filtering with respect to the JUNOS software routing table

– JUNOS software applies import policy prior to inclusion in the routing table

– JUNOS software applies export policy only to active routes in the routing table

Neighbors

Protocol

RoutingTable

ForwardingTable

Neighbors

Protocol

ImportRoutes Routes

PFE

Export


Routing Policy Flow Policies can be chained together Evaluation normally proceeds left to right until a

terminating action is reached– Terminating actions are accept or reject

Individual policies can contain a collection of terms– Flow control actions such as next-policy supported

RouteRoute

Term ATerm AAccept

or Reject

Term BTerm B

Term CTerm C

Acceptor Reject

Acceptor Reject

Policy 1

Term ATerm AAccept

or Reject

Term BTerm B

Term CTerm C

Acceptor Reject

Acceptor Reject

Policy 2

Term ATerm AAccept

or Reject

DefaultPolicy

DefaultPolicy

Policy n

Accept

Reject


Generic Policy Syntax

Basic policy syntax:

policy-options {policy-statement policy-name {

term term-name {from {

match-conditions;}then {

action;}

}}

}

A policycan have multiple

terms


Match Conditions

Policies typically contain some form of match criterion Possibilities include:

– Neighbor address– Protocol (source of information)

BGP, direct, DVMRP, IS-IS, local, MPLS, OSPF, PIM, RIP, static, aggregate

– Routing protocol information OSPF area ID

IS-IS level number

BGP attributes

– Regular expression-based matches for AS path and communities


Match Actions

The action associated with a given term/policy is performed for matching routes:

– Terminating actions Accept route

Reject (or suppress) route

– Flow control actions Skip to next policy

Skip to next term

– Modify attributes actions Metric

Preference

Color

Next-hop address


Default Policies Every protocol has a default policy

– The default policy is applied implicitly at the end of the policy chain; can be overridden with default-action statement

IS-IS and OSPF– Import: Accept all routes learned from that protocol

Technically, accept all LSPs/LSAs flooded by that protocol

– Export: Reject everything LSP/LSA flooding announces (IS-IS/OSPF) learned and local routes

RIP– Import all learned RIP routes, export nothing

RIP requires export policy to announce RIP (or other) routes

BGP– Import all routes learned from BGP neighbors– Export all active routes learned from BGP neighbors to all BGP

neighbors EBGP-learned routes are exported to all BGP peers IBGP-learned routes are exported to all EBGP peers (assumes logical IBGP full

mesh)


[edit policy-options]user@host# show policy-statement advertise-ospf term pick-ospf { from protocol ospf; then accept;}

[edit protocols bgp]user@host# set export advertise-ospf

Write a policy statement at the [edit policy-options] hierarchy:

Apply the policy to one or more routing protocol in the import, export, or both directions:

A Policy Example


[edit]user@host# show policy-options policy-statement isis-level2 { term find-level2-routes { from { protocol isis; level 2; } then accept; }}

Another Policy Example

Specifying multiple conditions in a from statement means that all criteria must match before the action is taken

Logical AND Function


Applying Policy

You must apply policies before they can take effect Link-state protocols (IS-IS and OSPF) have only export

filtering points BGP and RIP support both import and export policies

[edit protocols]

user@host# show

bgp {

import bgp-import;

export bgp-export;

}

ospf {

export ospf-export;

}


Apply Routing Policy to BGP

BGP has three filtering points per direction:– Global– Groups of neighbors– Individual neighbors

Only the most specific policies are applied to a particular peer

– Neighbor policy overrides group and global policies– Group policy overrides global policy


BGP Policy Application Example

[edit protocols]user@host# show bgp { export local-customers; group meganet-inc { type external; import [ martian-filter long-prefix-filter as-47-filter ]; peer-as 47; neighbor 1.2.2.4; neighbor 1.2.2.5; } group problem-child { type external; import [ as-47-filter long-prefix-filter martian-filter ]; export kill-private-addresses; peer-as 54; neighbor 1.2.2.6; neighbor 1.2.2.7; neighbor 1.2.2.8 { import [ reject-unwanted as-666-routes ]; } }}


Route Filters

Use route filters to match an individual route (or groups of routes)

– You can specify multiple route filters within a single term– General syntax in the form of:

route-filter prefix/prefix-length match-type actions;

Route filter evaluation has special rules according to the match type

– Match types specify different sets of routes: exact

orlonger

longer

upto

through

prefix-length-range

– Policy test function is useful for route-filter debugging


Route Filter Match Types (1 of 2)

exact– Match the specified prefix and mask exactly– No other routes will be included

orlonger– Match the specified prefix and mask exactly– Also match any routes that start with the same prefix and have

longer masks

longer– Do not match the specified prefix and mask exactly– Match only the routes that start with the same prefix and have

longer masks

from route-filter 192.168/16 exact;

from route-filter 192.168/16 orlonger;

from route-filter 192.168/16 longer;


Route Filter Match Types (2 of 2)

upto– Match the specified prefix and mask exactly– Also match any routes that start with the same prefix and

have a mask no longer than the second value specified

through– Match the first specified prefix and mask exactly– Match the second specified prefix and mask exactly– Match all prefixes directly between the two prefixes

prefix-length-range– Match only routes that start with the same prefix and have

a mask between the two values specified (inclusive match)

from route-filter 192.168/16 upto /24;

from route-filter 192.168/16 through 192.168.16/20;

from route-filter 192.168/16 prefix-length-range /20-/24;


Match Types SummaryGiven a starting prefix of 192.168/16, what matches with each option?

exact

……

……

192.168/16192.168/16

orlonger (down to /32)

……

……

192.168/16192.168/16

……

……

192.168/16192.168/16

……

……

192.168/16192.168/16

……

……

192.168/16192.168/16

longer (down to /32)

/x/x

/y/ythrough

……

……

192.168/16192.168/16

prefix-length-range /x-/y upto


Route Filter Actions

term term-name {from {

route-filter dest-prefix match-type actions;route-filter dest-prefix match-type actions;

}then actions;

}

Only one route filter in a given term can be considered a match

– Longest-match lookup is performed on the prefix being evaluated

If an action is specified to a route filter, it takes effect immediately

– The global then portion of the term is ignored If specific actions are not defined, the then portion of the term is

executed for matching prefixes

Longest- Match Lookup


Test Your Knowledge (1 of 2)

Which action is taken when this policy evaluates 10.0.67.43/32?

[edit policy-options policy-statement pop-quiz]

user@host# show

from {

route-filter 10.0.0.0/16 orlonger accept;

route-filter 10.0.67.0/24 orlonger;

route-filter 10.0.0.0/8 orlonger reject;

}

then {

metric 10;

accept;

}


Test Your Knowledge (2 of 2)

Which action is taken when this policy evaluates 10.0.55.2/32?

[edit policy-options policy-statement pop-quiz]

user@host# show

from {

route-filter 10.0.0.0/16 orlonger accept;

route-filter 10.0.67.0/24 orlonger;

route-filter 10.0.0.0/8 orlonger reject;

}

then {

metric 10;

accept;

}


Monitoring Policy Operation

The show route receive-protocol and show route advertising-protocol commands:

– Display routing updates received before import and after export policy processing, respectively

Filtered routes are the exception for import policy

Question: How can you monitor the effects of your import policy?

Neighbors

Protocol

RoutingTable

Neighbors

Protocol

ImportPolicy

Routes Routes

ExportPolicy

show route receive-protocol bgp neighbor

show route advertising-protocol bgp neighbor

Show routes before import policy

Shows routes after export policy

RouteFilters


Review Questions

1. What is the purpose of routing policy?

2. The terms import and export are based on the perspective of which entity within the router?

3. How does the default policy for OSPF differ from that of BGP?

4. What types of match conditions are supported in policy?

5. What types of match actions can you use in policy?

6. Explain the difference between applying policy at the global, group, and peer levels of BGP.

7. What command would you use to monitor the effects of your import policy?


Lab 5: Routing Policy

Lab Objective:Configure routing policy on your router using JUNOS software. You will complete this lab by configuring a policy to the RIP configuration

left in place from the last lab.