CJNR_V2
Transcript of CJNR_V2
-
8/10/2019 CJNR_V2
1/316
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Part Number: xxx-xxxxxx-xx, Revision 1
Product FamilySecond Line of Product Family
Optional Third Line of Product Family
Optional Fourth Line of Product Family
Configuring Juniper Networks Routers
Student Guide, Volume 2
Release 6.a
-
8/10/2019 CJNR_V2
2/316
2
Check with your manager for replacement boilerplate for each release.Software documentation boilerplate located: \\neptune\techpubs\software\boilerplate-swHardware documentation boilerplate located: \\neptune\techpubs\hardware\boilerplate-hw
Replace with the trademark information. The latest trademark information can be found on \\Neptune.
-
8/10/2019 CJNR_V2
3/316
: 3
Table of Contents
List of Tables 15
List of Figures 17
Preface 21
Course Overview ............... ............. ............... .............. ............... ............... .............. ...22
Objectives ................ ............... .............. ............... ............... .............. ................ ..........22
Intended Audience......................................................................................................23Course Level...............................................................................................................23
Prerequisites................................................................................................................23
Course Agenda ...........................................................................................................23
Day 1 ...................................................................................................................23
Day 2 ...................................................................................................................24
Document Conventions ..............................................................................................26
Additional Information ............. ............... .............. ............... ............... .............. .........27
Education Services Offerings..............................................................................27
About This Publication........................................................................................27
Technical Publications.........................................................................................27
Juniper Networks Support ............... .............. ............... .............. ............... ..........27
Chapter 1 Module 1: Traffic Engineering Overview 29Module Objectives......................................................................................................30
This Module Discusses........................................................................................30
Traffic Engineering Overview....................................................................................31
MPLS: The Concept ................ ............. ............... ................ ............. ............... ...........32
Mechanism for Traffic Engineering .............. ............... .............. ............... ..........32
Packet Analysis ...................................................................................................32
Handles Packets at Layer 2 through the Tunnel..................................................32
RFC Support........................................................................................................32
Early Internet ............... .............. ............... ............. ................ ............... ............. .........34
In the Early Days.................................................................................................34
IGP Metric-Based Forwarding ...................................................................................35
Forwarding Based on the IGP .............................................................................35
Drawbacks of IGP Metric Forwarding ............... .............. ............... ............... ............36Some Drawbacks of IGP Forwarding..................................................................36
Additional Drawbacks of IGP Metrics ................ ............... ............... ............... ..........37
Additional Drawbacks.........................................................................................37
Growth Requires Changes ............. ............. ............... ............... .............. ............... .....38
Growth of the Internet ............. ............... .............. ............... ............. ................ ...38
Overlay Networks Are Born.......................................................................................39
Behavior of ATM Switches.................................................................................39
Overlay Networks................................................................................................39
ATM PVCs..........................................................................................................39
Benefits................................................................................................................40
-
8/10/2019 CJNR_V2
4/316
4
:
Configuring Juniper Networks Routers - Stujdent Guide V2
Overlay Networks.......................................................................................................41
Overlay Network Blueprint .............. .............. ............... ............... .............. .........41
Overlay Network Drawbacks .....................................................................................42
Scalability Issues ............. .............. ................ ................ ............... ............... ........42
ATM PVCs Not Well Integrated.........................................................................42
More Overlay Network Drawbacks............................................................................43
ATM Cell Overhead .............. .............. ............... ............... .............. ................ ....43
ATM SAR Speed.................................................................................................43
Routers Evolve ...........................................................................................................45
Routers Today .....................................................................................................45
Solution ...............................................................................................................45
Why Engineer Traffic? ............ ............... .............. ............... ............. ............... ...........46
Purpose of Traffic Engineering ........... ............... ............... .............. ............... .....46
Review Questions ............. ............. ................ ............. ................ ............... .............. ...47
This Module Discussed: ............. .............. ............... ............... .............. ............. ..47
Lab 1: MPLS Setup Lab ........... ............... ................ .............. ............... ............... ......48
Chapter 2 Module 2: Multiprotocol Label Switching Fundamentals 49
Module Objectives......................................................................................................50
This Module Discusses:.......................................................................................50
MPLS Fundamentals ..................................................................................................51
Benefits of MPLS ............. .............. ............... .............. ............... ............... .............. ...52
Virtual Circuits for IP..........................................................................................52
Faster Routers? ............. ................ ............... ............. ............... .............. ..............52
Real Value of MPLS Today ............. .............. ............... ............... .............. .........52
IGP-Based Traffic Engineering ................ ............. ............... ................ ............. .........53
IGP Routing and Traffic Engineering .............. .............. ................ ............. ........53
Physical Next Hop and IP Prefixes .....................................................................53
MPLS-Based Traffic Engineering .............. ............... ............. ................ ............... .....54
Unidirectional Paths for Traffic Engineering......................................................54
MPLS Traffic Engineering Paths ...............................................................................55
Label-Switched Paths and IP Addresses .............................................................55
MPLS Terminology....................................................................................................56
MPLS Domains...................................................................................................56
Label-Switching Routers ............. .............. ............... .............. ............... ................ .....57
MPLS Performed by Label-Switching Routers...................................................57
Router = LSR.......................................................................................................57
MPLS Router Functions: Ingress ...............................................................................58
The Functions of the Ingress Router ...................................................................58
MPLS Router Functions: Transit................................................................................59
The Functions of the Transit Router....................................................................59
MPLS Router Functions: Penultimate........................................................................60
The Function of the Penultimate Router .............................................................60
MPLS Router Functions: Egress ................................................................................61The Functions of the Egress Router .............. ............... .............. ............... ..........61
MPLS Labels ................ ............. ................ ............... .............. ............... ................ .....62
Assigned Manually or by Signaling Protocol......................................................62
Changing Labels by Segment..............................................................................62
Label Swapping ................ ............. ............... ................ ............. ............... ...........62
Local Significance and Labels.............................................................................62
Labeled Packets ............. ................ ............... .............. ............... .............. ............... ....63
Labeled Packets...................................................................................................63
IP Packet Restored at Egress .............. ............... .............. ............... ................ .....63
MPLS Shim Header Structure ............. ................ ............... .............. ................ ..........64
-
8/10/2019 CJNR_V2
5/316
:
: 5
The MPLS Header (Label) Structure ..................................................................64
Reserved MPLS Label Values.............................................................................65
MPLS Processing Example: Ingress...........................................................................66
Following the 134.112.1.5/32 Packet..................................................................66
Ingress Node Pushes a Label...............................................................................66
MPLS Processing Example: Transit...........................................................................67
Transit Router Processing....................................................................................67
MPLS Processing Example: Egress ...........................................................................68
Penultimate and Egress Router Processing ............. ................ .............. ..............68
Penultimate Hop Popping....................................................................................68
Egress Router.......................................................................................................68
Label Stacking .............. ................ ............. ................ ............. ................ ............... .....70
Stacking for Scalability ................ ............... .............. ................ ................ ..........70
Review Questions ............. ............. ................ ............. ................ ............... .............. ...71
This Module Discussed: ............. .............. ............... ............... .............. ............. ..71
Chapter 3 Module 3: RSVP-Signaled LSPs 73
Module Objectives......................................................................................................74
This Module Discusses:.......................................................................................74
RSVP-Signaled LSPs Agenda ............. ............... .............. ............... ................ ...........75
Static LSPs: Pros and Cons ........................................................................................76
Static LSP Advantages ............... .............. ................ ............... .............. ..............76
Static LSP Disadvantages....................................................................................76
Static LSP Configuration............................................................................................78
Manual Configuration .........................................................................................78
Reserved Labels for Static LSPs .........................................................................78
Static LSP Label Mapping Example ..........................................................................79
Sample Static LSP Configuration........................................................................79
Static LSP Configuration Statements ............. ............... .............. ................ ............. ..80
Static LSP Configuration Example .....................................................................80
Static LSPs and the Routing Table ............. ............... ................ .............. ............... ....82
Static LSPs on the Ingress Router .............. .............. ............... .............. ..............82
Static LSPs and the Forwarding Table ............... .............. ............... ................ ...........83
Static LSPs on Transit Routers............................................................................83
Summary: Static versus Signaled LSPs......................................................................84
Static LSPs ..........................................................................................................84
Signaled LSPs......................................................................................................84
Signaled LSP Overview..............................................................................................86
Configured at Ingress Router Only......................................................................86
Controlling the Path of a Signaled LSP...............................................................86
LSP Signaling Options ...............................................................................................87
LSP Signaling Protocol Options..........................................................................87
JUNOS Software Support for LDP Signaling.....................................................88
RSVP Signaling..........................................................................................................89RSVP Background......................................................................................................90
RSVP Background ..............................................................................................90
RFC 2205 ............................................................................................................90
Basic RSVP Path Signaling........................................................................................91
RSVP Data Flows................................................................................................91
RSVP Is a Soft State Protocol ............. ............... ............... .............. ................ ....91
More RSVP Message Types.......................................................................................93
RSVP Message Types .........................................................................................93
Extended RSVP ............. ............... .............. ............... ............... .............. ............... .....94
Traffic Engineering Extensions to RSVP............................................................94
-
8/10/2019 CJNR_V2
6/316
6
:
Configuring Juniper Networks Routers - Stujdent Guide V2
Now Positioned as a Router Signaling Protocol ................. ............... .............. ...94
MPLS Extensions to RSVP ................ ............... .............. ................ ............... ............95
RSVP Message Objects.......................................................................................95
Explicit Route Objects................................................................................................96
Explicit Route Objects for Traffic Engineering .............. ................ ............... .....96
Label Objects..............................................................................................................97
Requesting Labels ...............................................................................................97
Assigning Labels ............. ............. ............... .............. ............... ............... ............97
The Record Route Object ............. .............. ............... ............. ................ ............... .....98
Record Route ObjectDownstream via Path Message......................................98
Record Route ObjectUpstream via Reservation Message...............................98
Session Attribute Object...........................................................................................100
Session Attribute Object....................................................................................100
Tspec Object ............... .............. ............... .............. ............... ............. ................ .......101
Tspec Object......................................................................................................101
RSVP Neighbor and Path Maintenance....................................................................102
Adjacency Maintenance ...........................................................................................103
Establishing an RSVP Adjacency .....................................................................103Rapid Node-to-Node Failure Detection.............................................................103
Path Maintenance .....................................................................................................104
Path Refresh.......................................................................................................104
RSVP Message Aggregation .............. ............. ................ ............... ............. .............105
Aggregation of RSVP Messages ............. ................ ............. ............... ..............105
RSVP Signaling Example: Path ...............................................................................106
Signaled Path from San Francisco to New York...............................................106
RSVP Signaling Example: Reservation ...................................................................107
Returning a Reservation Establishes LSP State ................ ............... ............... ..107
Configuring RSVP-Signaled LSPs...........................................................................108
Configuring Baseline MPLS Functionality ............... ............... .............. ................ ..109
Enabling Labeled Packets on Interfaces............................................................109
Configuring the MPLS Instance........................................................................109Configuring RSVP....................................................................................................110
Configuring RSVP ............................................................................................110
Add RSVP Authentication........................................................................................111
Authentication Support......................................................................................111
Configuration Example .....................................................................................111
Minimal LSP Configuration Example......................................................................112
Defining a Basic LSP ............. ............. ................ ............... ............. ................ ..112
Adding a Bandwidth Reservation.............................................................................113
Adding a Bandwidth Reservation......................................................................113
RSVP Monitoring and Troubleshooting...................................................................114
Displaying RSVP Interface Information ..................................................................115
Displaying RSVP Interface Information .............. ................ ............... ..............115
Displaying RSVP Neighbors ............ .............. ............... .............. ............... ..............117
Displaying RSVP Neighbors.............................................................................117
Displaying RSVP Statistics ............... ............... .............. ................ ............. ......118
Displaying RSVP Statistics ............... ............... .............. ................ ............. ......118
Displaying RSVP Session Status..............................................................................119
Displaying RSVP Session Status ......................................................................119
Troubleshooting LSP Problems................................................................................121
Troubleshooting LSP Problems.........................................................................121
Clearing LSPs ........... ............... ............... .............. ............... .............. ............... ........122
Clearing LSPs....................................................................................................122
-
8/10/2019 CJNR_V2
7/316
:
: 7
Tracing RSVP...........................................................................................................123
RSVP Tracing....................................................................................................123
Review Questions ............. ............. ................ ............. ................ ............... .............. .124
This Module Discussed: ............. ............. ............... .............. ............... ............. .124
Lab 2: RSVP Signaling.............................................................................................125
Chapter 4 Module 4: LSPs and Routing Table Integration 127
Module Objectives....................................................................................................128
This Module Discusses:.....................................................................................128
Routing Table Integration.........................................................................................129
Mapping BGP Next Hops to LSPs ............. ................ ............... .............. ............... ..130
The Use of the inet.3 Routing Table .................................................................130
BGP Installs LSP as Next Hop..........................................................................130
Route Resolution Example ............. ............... ............. ............... .............. ............... ..131
Route Resolution .............. ............. ............... ................ ............. ............... .........131
Unusable BGP Next Hop..........................................................................................132
Unusable BGP Next Hop...................................................................................132The Problem .............................................................................................................133
Why the Route Is Hidden ............. ............... .............. ............... ............. ............133
One Solution: Next-Hop Self at NY.........................................................................134
LSP to New York Is Configured ..............................................................................135
LSP from San Francisco to New York Is Configured.......................................135
LSP to New York Is Established .............. ............... .............. ................ ............. ......136
Lowest Preference Wins...........................................................................................137
BGP Installs LSP as Next Hop ............. ................ ................ ............... .............. .......138
BGP Installs LSP as Forwarding Next Hop for 134.112/16 .............................138
Ingress Router Behavior ............ ............... ............... ............. ............... .............. .......139
Route Resolution at Ingress Router...................................................................139
Ingress Resolves BGP Next Hop..............................................................................141
BGP Resolves Its Next Hop Using Both Tables ............. ............... ............... ....141
Ingress Installs LSP for Forwarding.........................................................................142
BGP Selects inet.3 over inet.0...........................................................................142
LSP Installed as Forwarding Next Hop in inet.0...............................................142
Route Resolution Summary......................................................................................143
LSPs Are Installed in Ingress Routers inet.3 Table..........................................143
Only BGP Is Aware of inet.3 ............................................................................143
Routing Table Summary...........................................................................................144
Routing Tables Used in MPLS..........................................................................144
Effects of Passive IGP versus Next-Hop Self ..........................................................145
The Ramifications of a Passive IGP Solution ............... ............... .............. .......145
A Thought-Provoking Question ...............................................................................147
The 60,000-Dollar Question..............................................................................147
The Answer...............................................................................................................148
Traffic to 192.168.24.1......................................................................................148Traffic to 192.168.24.5......................................................................................148
Review Questions ............. ............. ................ ............. ................ ............... .............. .149
This Module Discussed: ............. ............. ............... .............. ............... ............. .149
Lab 3: Routing Table Integration .............................................................................150
Chapter 5 Module 5: Named Paths and Routing Constraints 151
Module Objectives....................................................................................................152
This Module Discusses:.....................................................................................152
Explicit Route Objects..............................................................................................153
-
8/10/2019 CJNR_V2
8/316
8
:
Configuring Juniper Networks Routers - Stujdent Guide V2
Explicit Route Objects: A Definition .......................................................................154
Explicit Route Objects Defined.........................................................................154
Path Contains All Hops Specified .............. .............. ................ ............... ..........154
Loose and Strict Hops .......................................................................................154
Strict EROs ............. ................ .............. ............... ............... .............. ............... .........156
Strict EROs........................................................................................................156
Loose EROs..............................................................................................................157
Loose Hops........................................................................................................157
Using Both Strict and Loose EROs ............... ............. ............... .............. ............... ..158
Combining Strict and Loose Hops ....................................................................158
A Little ERO Is Goodbut More Is Better .............................................................159
A Little Is Good.................................................................................................159
Partial ERO Example................................................................................................160
Partial ERO Example ........................................................................................160
ERO Processing Summary .......................................................................................161
RSVP Message Addresses to Local Router.......................................................161
Nonegress Router ERO Processing ............. .............. ............... ............. ............161
Named Path Configuration Example ............. ............. ............... ............. ............... ...162Named Path Configuration Example............. ............... .............. ............... ........162
ERO Case Study ............... ............. ............... .............. ............... ............. ............... ...163
ERO Configuration Case Study ........................................................................163
Modifying Named Paths...........................................................................................164
Ways to Modify Named Paths...........................................................................164
Confirming LSP Routing..........................................................................................166
Confirming LSP Routing...................................................................................166
Review Questions ............. ............. ................ ............. ................ ............... .............. .168
This Module Discussed: ............. ............. ............... .............. ............... ............. .168
Lab 4: Routing Constraints.......................................................................................169
Chapter 6 Module 6: Firewall Filters 171
Module Objectives....................................................................................................172
This Module Discusses:.....................................................................................172
Firewall Filters..........................................................................................................173
Firewall Filters ..................................................................................................173
Firewall Filters..........................................................................................................174
Actions...............................................................................................................174
Accept/Reject/Discard.......................................................................................174
Internet Processor II Filtering............................................................................174
Analysis ............... .............. ............... .............. ............... ............. ................ .......174
Overview of Firewall Filter Syntax ................ ............... .............. ............... ..............175
Syntax................................................................................................................175
Hierarchy Level ............... .............. ............... ............... .............. ............... .........175
One or More Terms ............... .............. ............... ............. ............... ............... ....175
Actions and Modifiers ............... .............. ............. ............... ............... .............. .176One Filter per Unit, per Direction .....................................................................176
Current Firewall Filter Syntax..................................................................................177
Current and Old Firewall Syntax.......................................................................177
How Filters Are Evaluated ............. ............... .............. ................ ............... ..............178
Single Terms......................................................................................................178
Multiple Terms ............. ............... ............... .............. ............... ............. .............178
Overview of Match Conditions ................................................................................179
Firewall Match Conditions................................................................................179
The from Statement Sets Match Conditions......................................................179
Match Condition Categories..............................................................................179
-
8/10/2019 CJNR_V2
9/316
:
: 9
Numeric Range Filter Match Condition .............. ............... ............... ............... ........181
Numeric Matches........ ............... .............. ............... .............. ............... ..............181
Format ...............................................................................................................181
Keywords...........................................................................................................181
Address Filter Match Condition ............... ............... .............. ................ ............... ....183
IP Prefixes .........................................................................................................183
Keywords...........................................................................................................183
Longest Match...................................................................................................183
Bit-Field Match Condition........................................................................................184
Matching on Bits ...............................................................................................184
Symbolic Names................................................................................................184
Bit Matching......................................................................................................184
Logical Operators ............. ................ ............. ............... .............. ............... ........185
Bit-Field Match Examples........................................................................................186
Bit-Field Match Conditions...............................................................................186
Firewall Actions Overview.......................................................................................188
Firewall Actions ................................................................................................188
Action Statements.....................................................................................................189Action Statements..............................................................................................189
Reject Message Options ...........................................................................................191
Reject Options ...................................................................................................191
Action Modifiers.......................................................................................................192
Counters.............................................................................................................192
Logging .............................................................................................................192
Sampling............................................................................................................193
Applying Firewall Filters..........................................................................................194
Applying Filters.................................................................................................194
Common Filters.................................................................................................194
Input and Output................................................................................................194
Protecting the Routing Engine ..........................................................................194
Transit versus Routing Engine Filters ............. ............... ............... .............. .............195Protecting the Routing Engine ..........................................................................195
Careful!..............................................................................................................196
Default Discard All............................................................................................196
Sample Topology......................................................................................................197
Example.............................................................................................................197
Spoof Prevention ......................................................................................................198
Stopping Spoofs ................................................................................................198
Inbound Spoof Prevention ............. ............. ............... ............. ............... ............. ......199
Inbound Spoofs..................................................................................................199
Remember to Apply! .............. ............. ............... ............. ............... ............. ......199
Pop Quiz!..................................................................................................................200
Quiz ...................................................................................................................200
Preventing Fragmentation Exploits ..........................................................................201
Problems with Fragments..................................................................................201
Securing the FTP/WWW Server ..............................................................................203
Server Security ..................................................................................................203
Outgoing Service Restriction....................................................................................204
Restricting Services...........................................................................................204
Rate Policing.............................................................................................................205
Filters Identify Traffic for Rate-Limiting..........................................................205
Rate Limits ........................................................................................................205
Excess Traffic....................................................................................................206
Rate Policing Example .............................................................................................207
-
8/10/2019 CJNR_V2
10/316
10
:
Configuring Juniper Networks Routers - Stujdent Guide V2
Example.............................................................................................................207
Interface-Based Policers ............. ............... .............. ............... ............... .............. .209
Two-Level Policers ...........................................................................................209
Viewing Interface Policers .......................................................................................210
Viewing Policers (Part 1) ..................................................................................210
Firewall-Related Operational Commands ............... .............. ............... .............. ......211
Internet Processor II Operational Commands ...................................................211
Displaying Counter and Policer Statistics ................ ............. ............... .............. ......212
Displaying Counter and Policer Statistics ............... ................ ............. .............212
Displaying Entries in the Kernel Cache ...................................................................213
Displaying Entries in the Kernel Cache ............. ............... .............. ................ ..213
View Firewall-Related Syslog Entries .....................................................................214
Displaying Firewall-Related Syslog Entries .....................................................214
Clearing Firewall Filter Counters ............. ............... .............. ............... .............. ......215
Clearing Firewall Filter Counters......................................................................215
Review Questions ............. ............. ................ ............. ................ ............... .............. .216
This Module Discussed: ............. ............. ............... .............. ............... ............. .216
Lab 5: JUNOS Software Firewall Filters .................................................................217
Chapter 7 Module 7: Multicast Theory 219
Module Objectives....................................................................................................220
This Module Discusses:.....................................................................................220
IP Multicast Agenda .............. .............. ............... .............. ................ ............... .........221
Traffic Flow..............................................................................................................222
Address Types and Traffic Flow .............. ............... ............. ................ .............222
IP Multicast Addressing ...........................................................................................223
Multicast Addresses...........................................................................................223
Registered Groups ............ ............... .............. ............... ............. ............... .........223
Scoped Range ............. ............. ............... .............. ............... ............. ............... ..223
IP Multicast-to-Ethernet Mapping............................................................................224
Address Mapping...............................................................................................224
IP Multicast-to-Ethernet Mapping Example.............................................................225
Address Mapping Example ...............................................................................225
Multicast Components..............................................................................................226
Sources and Group Members ............................................................................226
Host Protocols ...................................................................................................226
Routing Protocols ............. ............... .............. ............... ............. ................ ........226
Other Multicast Features ............. ............... .............. ................ ............... ..........227
The IGMP Protocol ..................................................................................................228
Operation and Software Support for IGMP.......................................................228
IGMP ........................................................................................................................229
IGMP.................................................................................................................229
IGMP Message Exchange ............. ............... ................ ............. ............... .........229
JUNOS Software Support..................................................................................229Multicast Groups and Routing..................................................................................230
Group Membership Protocols versus Multicast Routing Protocols ............... ...230
IGMP Versions ............... .............. ............... .............. ............... ............. ................ ..231
IGMP Version 1 ................................................................................................231
IGMP Version 2 ................................................................................................231
IGMP Version 3 ................................................................................................232
IGMP Version 2.......................................................................................................233
IGMP Version 2 ................................................................................................233
Querier Election.................................................................................................233
Leave-Group Message.......................................................................................233
-
8/10/2019 CJNR_V2
11/316
:
: 11
IGMPv2 Join Process ...............................................................................................234
Joining a Multicast Group ............... .............. ............... .............. ................ .......234
IGMPv2 Query-Response Process ...........................................................................235
Query-Response Model ............... ............... .............. ............... ............. .............235
IGMPv2 Group Leave ............. ............. ............... ............... .............. ............... .........237
IGMPv2 Group Leave ............. ............... ............. ............... .............. ............... ..237
IGMPv3 and SSM ....................................................................................................238
IGMPv3 and SSM .............................................................................................238
Multicast Routing .............. ............... .............. ............... .............. ............... ..............240
Multicast Routing .............. ............... .............. ............... ............... .............. .......240
Multicast Routing Protocol Characteristics ................ ............... .............. ................ .241
Multicast Routing Differs from Unicast Routing..............................................241
Reverse-Path Forwarding .............. ............... ............. ............... ............... ..........241
Distribution Trees..............................................................................................241
Reverse-Path Forwarding ............. ............. ............... .............. ............... ............... ....242
Reverse-Path Forwarding .............. ............... ............. ............... ............... ..........242
The RPF Check (1 of 2)............................................................................................243
The RPF Check: Part 1......................................................................................243The RPF Check (2 of 2)............................................................................................244
The RPF Check: Part 2......................................................................................244
Dense-Mode Routing Protocols................................................................................245
Dense-Mode Routing Protocol Behavior ............. ............... ............... .............. .245
Source-Based Distribution Tree .............. ............... .............. ............... ..............245
Dense-Mode Protocols ......................................................................................245
PIM Dense Mode Operation.....................................................................................246
PIM Dense Mode Operation..............................................................................246
Pruning Unwanted Traffic ............. ............... .............. ............... ............. ............... ...247
Pruning Unwanted Traffic.................................................................................247
After the Prune..........................................................................................................248
After the Prune ..................................................................................................248
A Shortest-Path Tree ................................................................................................249Source Distribution Tree .............. ................ ............. ................ ............... .........249
PIM Sparse Mode ............. .............. ............... ............. ............... .............. ............... ..250
PIM Independence.............................................................................................250
PIM Sparse Mode Trees ............ .............. ............... .............. ............... ..............250
Design Considerations.......................................................................................250
Sparse-Dense Mode...........................................................................................251
PIM Sparse Mode: The Shared Tree ........................................................................252
PIM Sparse Mode: The Shared Tree .............. ............... ................ ............. .......252
PIM Sparse Mode: Switch to SPT (1 of 3)...............................................................253
PIM Sparse Mode: Switch to SPT (Part 1)........................................................253
PIM Sparse Mode: Switch to SPT (2 of 3)...............................................................254
PIM Sparse Mode: Switch to SPT (Part 2)........................................................254
PIM Sparse Mode: Switch to SPT (3 of 3)...............................................................255
PIM Sparse Mode: Switch to SPT (Part 3)........................................................255
PIM Register Messages ............... .............. ............... .............. ............... ............. ......256
PIM Register Messages ............... ............... .............. ............... .............. ............256
The Result.................................................................................................................257
When All Is Said and Done ................ ............... .............. ............... ............... ....257
Joining a Shared Tree Example: Step 1....................................................................258
Joining a Shared Tree Example.........................................................................258
Joining a Shared Tree Example: Step 2....................................................................260
Traffic Flows Over the Shared Tree..................................................................260
Analyzing Join State: Shared Tree ...........................................................................261
-
8/10/2019 CJNR_V2
12/316
12
:
Configuring Juniper Networks Routers - Stujdent Guide V2
Shared-Tree Join State.......................................................................................261
Joining the Shortest-Path Tree..................................................................................263
Joining the SPT .................................................................................................263
Traffic Flows over the SPT ......................................................................................264
Traffic Now Follows the SPT............................................................................264
Sydney after Joining the SPT ..................................................................................265
Sydney after Joining the SPT .............. ............... ................ .............. ............... ..265
Confirming SPT State: Sao Paulo ...........................................................................266
Confirming Sao Paulo Is on the SPT.................................................................266
Confirming RPF State: Sao Paulo ............ ................ ............. ............... .............. ......267
Confirming the RPF State on the Sao Paulo Router .........................................267
PIM RP Discovery Options ............... ............. ............... .............. ............... ............. .268
PIM RP Discovery Options...............................................................................268
Determining the RP ............. ............... ............... .............. ............... .............. ............269
Dynamic RPs.....................................................................................................269
Auto-RP ............. ................ ............. ............... .............. ............... ............... .............. .270
Dynamic RP Assignment ..................................................................................270
Dense Groups Needed ............. ............... ............. ............... .............. ............... ..270Failover Capabilities..........................................................................................270
Mapping Agents ................................................................................................271
Bootstrap Router (1 of 2)..........................................................................................272
Priority for Becoming the Bootstrap Router .....................................................272
Mechanism to Select the RP..............................................................................272
Bootstrap Router (2 of 2)..........................................................................................273
Bootstrap Mechanism........................................................................................273
Load Balancing..................................................................................................273
SAP and SDP Protocols............................................................................................275
SAP and SDP Protocols ....................................................................................275
Overview of SDP and SAP.......................................................................................276
Session Description Protocol.............................................................................276
Session Announcement Protocol.......................................................................276Displaying Session Details ............... .............. ............... .............. ................ .............277
Displaying Session Details ................ ............. ................ ............... .............. ......277
Module Review.........................................................................................................278
This Module Discussed: ............. ............. ............... .............. ............... ............. .278
Chapter 8 Module 8: Multicast Configuration and Monitoring 279
Module Objectives....................................................................................................280
This Module Discusses:.....................................................................................280
Multicast Support .....................................................................................................281
JUNOS Software Multicast Support .................................................................281
Configuring Multicast...............................................................................................282
Configuring IGMP....................................................................................................283
IGMP Configuration..........................................................................................283PIM Configuration: General.....................................................................................285
PIM Configuration: General..............................................................................285
PIM Configuration: RP Properties ...........................................................................287
General PIM Configuration: RP Properties.......................................................287
Configuration Example: Static RP ...........................................................................289
Static RP Configuration Example .....................................................................289
Configuration Example: Auto-RP ............. ............... .............. ............... ............. ......290
Auto-RP Configuration Example ............. ............... ................ ............. .............290
Configuration Example: Bootstrap...........................................................................292
Bootstrap Configuration Example.....................................................................292
-
8/10/2019 CJNR_V2
13/316
:
: 13
Monitoring Multicast Operation...............................................................................294
Multicast Operational Commands.....................................................................294
Obtaining IGMP Interface Information ................ ............... .............. ............... ........295
Displaying the IGMP Interface .........................................................................295
Displaying IGMP Group Information ......................................................................296
Displaying IGMP Group Information .............. .............. ............... ............. .......296
Displaying IGMP Statistics .............. .............. ................ ............... .............. .............297
Displaying IGMP Statistics ................ ............... .............. ................ ............... ...297
Displaying the Bootstrap Router ..............................................................................298
Displaying the Bootstrap Router ............. ............. ................ ............... ............. .298
Determining RP Status .............................................................................................299
Determining RP Status .............. .............. ............. ................ ............... ............. .299
Viewing Extended RP Information ..........................................................................300
Viewing Extended RP Information .............. ............. ............... ............... ..........300
Displaying PIM Interfaces........................................................................................301
Displaying Interfaces Running PIM..................................................................301
Displaying PIM Neighbors.......................................................................................302
Listing PIM Neighbors......................................................................................302Displaying PIM Join State........................................................................................303
Displaying PIM Join States .............. .............. ................ ............... .............. ......303
Examining Source RPF State ...................................................................................304
Displaying Source RPF State .............. ............... ............... .............. ............... ...304
Displaying PIM Statistics .............. ................ .............. ............... ................ ..............305
Displaying PIM Message Types........................................................................305
Viewing Usage Statistics .............. .............. ............... ................ .............. ............... ..307
Viewing Usage Statistics...................................................................................307
Displaying Multicast Routing Table.........................................................................308
Displaying Multicast Routes .............. ................ ............... .............. ................ ..308
Displaying Outgoing Interface Lists.........................................................................309
Displaying Next-Hop ID to Outgoing Interface List Mappings........................309
Confirming Presence of Tunnel Services PIC..........................................................310Verifying Tunnel Services PIC Presence ............. ............... ............... .............. .310
No Configuration Needed........... .............. ............... ............. ............... ..............311
Module Review.........................................................................................................312
This Module Discussed: ............. ............. ............... .............. ............... ............. .312
Labs 6 and 7: IP Multicast........................................................................................313
Index ........................................................................................................................315
-
8/10/2019 CJNR_V2
14/316
14
:
Configuring Juniper Networks Routers - Stujdent Guide V2
-
8/10/2019 CJNR_V2
15/316
: List of Tables 15
List of Tables
Table 1: Keywords Used with Numeric Match Conditions..................................181
Table 2: Bit-Field Logical Operators....................................................................185
Table 3: Bit-Field Match Conditions Used in a Firewall Filter............................186
Table 4: Text Synonyms Used in a Firewall Filter...............................................187
Table 5: Filter Actions..........................................................................................189
Table 6: Action Modifiers.....................................................................................189
-
8/10/2019 CJNR_V2
16/316
16
: List of Tables
Configuring Juniper Networks Routers - Stujdent Guide V2
-
8/10/2019 CJNR_V2
17/316
: List of Figures 17
List of Figures
Figure 1: IGP Metric-Based Forwarding .................................................................35
Figure 2: Drawbacks of IGP Metric Forwarding .....................................................36
Figure 3: Overlay Networks.....................................................................................41
Figure 4: IGP-Based Traffic Engineering ................................................................53
Figure 5: MPLS-Based Traffic Engineering............................................................54
Figure 6: MPLS Traffic Engineering Paths .............................................................55
Figure 7: MPLS Terminology..................................................................................56
Figure 8: Label-Switching Routers ..........................................................................57Figure 9: MPLS Router Functions: Ingress .............................................................58
Figure 10: MPLS Router Functions: Transit..............................................................59
Figure 11: MPLS Router Functions: Penultimate......................................................60
Figure 12: MPLS Router Functions: Egress ..............................................................61
Figure 13: Labeled Packets ............... .............. ............... ................ .............. ..............63
Figure 14: MPLS Shim Header Structure ................ .............. ............... ................ .....64
Figure 15: MPLS Processing Example: Ingress.........................................................66
Figure 16: MPLS Processing Example: Transit.........................................................67
Figure 17: MPLS Processing Example: Egress .........................................................68
Figure 18: Label Stacking ............. ............... .............. ............... .............. ............... ....70
Figure 19: Static LSP Label Mapping Example ........................................................79
Figure 20: Static LSP Configuration Statements ............. ............... ................ ...........80
Figure 21: Static LSPs and the Routing Table ............... ............... .............. ...............82Figure 22: Static LSPs and the Forwarding Table ............... ................ .............. ........83
Figure 23: Basic RSVP Path Signaling......................................................................91
Figure 24: RSVP Signaling Example: Path .............................................................106
Figure 25: RSVP Signaling Example: Reservation .................................................107
Figure 26: Displaying RSVP Session Status............................................................119
Figure 27: Troubleshooting LSP Problems..............................................................121
Figure 28: Route Resolution Example ............... .............. ............... ............. ............131
Figure 29: Unusable BGP Next Hop........................................................................132
Figure 30: BGP Next Hop Problem.........................................................................133
Figure 31: One Solution: Next-Hop Self at NY.......................................................134
Figure 32: LSP to New York Is Configured ............................................................135
Figure 33: LSP to New York Is Established .............. ................ ............... .............. .136
Figure 34: Lowest Preference Wins.........................................................................137Figure 35: BGP Installs LSP as Next Hop ................ ............. ................ ............... ...138
Figure 36: Ingress Router Behavior ........... ............... ............. ............... ............. ......139
Figure 37: Ingress Resolves BGP Next Hop............................................................141
Figure 38: Ingress Installs LSP for Forwarding.......................................................142
Figure 39: Effects of Passive IGP versus Next-Hop Self ........................................145
Figure 40: Strict EROs ............. ............... ............. ................ ............. ............... ........156
Figure 41: Loose EROs............................................................................................157
Figure 42: Using Both Strict and Loose EROs ............. .............. ............... ............. .158
Figure 43: Partial ERO Example..............................................................................160
Figure 44: Named Path Configuration Example......................................................162
-
8/10/2019 CJNR_V2
18/316
18
: List of Figures
Configuring Juniper Networks Routers - Stujdent Guide V2
Figure 45: ERO Case Study .............. ............. ............... .............. ............... ............. .163
Figure 46: Modifying Named Paths .............. ............. ............... .............. ............... ..164
Figure 47: Confirming LSP Routing........................................................................166
Figure 48: Bit-Field Match Examples......................................................................186
Figure 49: Transit versus Routing Engine Filters ............ ............... ................ .........195
Figure 50: Sample Topology....................................................................................197
Figure 51: Spoof Prevention ....................................................................................198
Figure 52: Inbound Spoof Prevention ............. ............... ............. ............... ............. .199
Figure 53: Pop Quiz .................................................................................................200
Figure 54: Preventing Fragmentation Exploits ............. .............. ............... ............. .201
Figure 55: Securing the FTP/WWW Server ............................................................203
Figure 56: Outgoing Service Restriction..................................................................204
Figure 57: Rate Policing Example ...........................................................................207
Figure 58: Interface-Based Policers ........... ............... ............... .............. ............... ...209
Figure 59: Viewing Interface Policers .....................................................................210
Figure 60: Traffic Flow............................................................................................222
Figure 61: IP Multicast Addressing .........................................................................223
Figure 62: IP Multicast-to-Ethernet Mapping..........................................................224Figure 63: IP Multicast-to-Ethernet Mapping Example...........................................225
Figure 64: Multicast Groups and Routing................................................................230
Figure 65: IGMPv2 Join Process .............................................................................234
Figure 66: IGMPv2 Query-Response Process .........................................................235
Figure 67: IGMPv2 Group Leave ............. ............... .............. ............... ............. ......237
Figure 68: IGMPv3 and SSM ..................................................................................238
Figure 69: The RPF Check (1 of 2)..........................................................................243
Figure 70: The RPF Check (2 of 2)..........................................................................244
Figure 71: PIM Dense Mode Operation...................................................................246
Figure 72: Pruning Unwanted Traffic ............. ............... ............... .............. .............247
Figure 73: After the Prune........................................................................................248
Figure 74: A Shortest-Path Tree ..............................................................................249
Figure 75: PIM Sparse Mode: The Shared Tree ......................................................252Figure 76: PIM Sparse Mode: Switch to SPT (1 of 3).............................................253
Figure 77: PIM Sparse Mode: Switch to SPT (2 of 3).............................................254
Figure 78: PIM Sparse Mode: Switch to SPT (3 of 3).............................................255
Figure 79: PIM Register Messages .............. .............. ............... ............. ............... ...256
Figure 80: Receiver and RPT on SPT (Result) .............. ............. ............... ..............257
Figure 81: Joining a Shared Tree Example: Step 1..................................................258
Figure 82: Joining a Shared Tree Example: Step 2..................................................260
Figure 83: Analyzing Join State: Shared Tree .........................................................261
Figure 84: Joining the Shortest-Path Tree................................................................263
Figure 85: Traffic Flows over the SPT ....................................................................264
Figure 86: Sydney after Joining the SPT .................................................................265
Figure 87: Confirming SPT State: Sao Paulo ..........................................................266
Figure 88: Confirming RPF State: Sao Paulo ............... .............. ................ .............267
Figure 89: Overview of SDP and SAP.....................................................................276
Figure 90: Displaying Session Details ............... .............. ................ ............... .........277
Figure 91: Configuring IGMP..................................................................................283
Figure 92: PIM Configuration: General...................................................................285
Figure 93: PIM Configuration: RP Properties .........................................................287
Figure 94: Configuration Example: Static RP .........................................................289
Figure 95: Configuration Example: Auto-RP ............. ............... ............... .............. .290
Figure 96: Configuration Example: Bootstrap.........................................................292
Figure 97: Displaying the Bootstrap Router ............................................................298
Figure 98: Determining RP Status ...........................................................................299
-
8/10/2019 CJNR_V2
19/316
: List of Figures
: List of Figures 19
Figure 99: Viewing Extended RP Information ........................................................300
Figure 100:Displaying PIM Interfaces .....................................................................301
Figure 101:Displaying PIM Neighbors ....................................................................302
Figure 102:Displaying PIM Join State .....................................................................303
Figure 103:Examining Source RPF State.................................................................304
Figure 104:Viewing Usage Statistics .......................................................................307
Figure 105:Displaying Multicast Routing Table ............. ............... ............. .............308
Figure 106:Displaying Outgoing Interface Lists .............. ............... ............... ..........309
Figure 107:Confirming Presence of Tunnel Services PIC .......................................310
-
8/10/2019 CJNR_V2
20/316
20
: List of Figures
Configuring Juniper Networks Routers - Stujdent Guide V2
-
8/10/2019 CJNR_V2
21/316
21
: Preface
Preface
Course Overview on page 22
Objectives on page 22
Intended Audience on page 23
Course Level on page 23
Prerequisites on page 23
Course Agenda on page 23
Document Conventions on page 26
Additional Information on page 27
-
8/10/2019 CJNR_V2
22/316
Configuring Juniper Networks Routers - Stujdent Guide V2
22 Course Overview
Course Overview
Configuring Juniper Networks Routers (CJNR) Volume 2 is an instruc-
tor-led course that covers the configuration and support of MPLS, fire-wall filters, multicast, and class of service on Juniper Networks
M-series and T-series platforms. This class is a combination of lecture
and lab with ample time for hands-onexposure to the JUNOS software
configuration and operational-mode troubleshooting.
Objectives
After successfully completing this volume, you will be able to:
Describe the concept of traffic engineering and how to configure
MPLS on a Juniper Networks M-series or T-series platform;
Describe how packet filtering can control the flow of IP packets and
provide security within the Juniper Networks M-series and T-series
platforms and;
Configure and monitor IP multicasting on a Juniper Networks
M-series or T-series platform.
-
8/10/2019 CJNR_V2
23/316
Intended Audience 23
: Preface
Intended Audience
The primary audiences for this course include the following:
Personnel who are unfamiliar with Juniper Networks M-series and
T-series platform configuration;
Internet engineers; and
Network operations center engineers.
The secondary audiences for this course include the following:
Juniper Networks and partner sales representatives;
Juniper Networks and partner systems engineers; and
Juniper Networks employees (such as hardware engineers, software
engineers, TAC engineers).
Course Level
CJNR Volume 2 is an intermediate-level course designed to provide a
strong product knowledge foundation, and to prepare students for the
more advanced courses available in the Juniper Networks training cur-
riculum.
Prerequisites
The prerequisites for CJNR Volume 2 are:
Configuring Juniper Networks Routers Volume 1 or the equivalent
experience.
Course Agenda
Day 1
Module 1: Traffic Engineering Overview
The Concept of MPLS
The Need for Traffic Engineering
Overlay Networks and Their Drawbacks
Traffic Engineering: A Definition
Module 2: MPLS Fundamentals
MPLS vs. IGP Traffic Engineering
MPLS Terminology
MPLS Labels
MPLS Processing Examples
-
8/10/2019 CJNR_V2
24/316
Configuring Juniper Networks Routers - Stujdent Guide V2
24 Course Agenda
Module 3: RSVP-Signaled LSPs
Static vs. Signaled LSPs
Signaled LSP Overview
RSVP Signaling
RSVP Extensions That Support MPLS Traffic Engineering
Path and Neighbor Maintenance
Configure RSVP Signaling
Monitor RSVP-Signaled LSPs
Module 4: LSP and Routing Table Integration
Mapping Next Hops to LSPs
Default Ingress Router Behavior
Using Next-Hop Self vs. a Passive IGP
Overview of LSP Integration Options
Module 5: Named Paths and Routing Constraints
Explicit Route Objects
Strict and Loose Hops
Named Path Configuration
Confirming LSP Routing
Day 2
Module 6: Internet Processor II Firewall Filters
Overview of Firewall Filter Syntax
Match Conditions
Actions
Applying Firewall Filters
Filter Examples
Rate Policing
Operational Analysis of Counters and Policers
Module 7: Multicast Theory
The benefits of Multicast
Multicast Addressing
IGMPMulticast Routing
Dense and Sparse Mode Operation
RP Discovery Options
SAP and SDP
-
8/10/2019 CJNR_V2
25/316
Course Agenda 25
: Preface
Module 8:Multicast Configuration and Monitoring
JUNOS Software Multicast Support
Configuring Multicast
Auto-RP and BootstrapMonitor Multicast operation
Confirming Presence of Tunnel Services PIC
-
8/10/2019 CJNR_V2
26/316
Configuring Juniper Networks Routers - Stujdent Guide V2
26 Document Conventions
Document Conventions
The following table lists the syntax-related style conventions used throughout thisdocument:
Style Description Usage Example
Arial Lab instructions anddescriptive text.
If told to do so by your instructor, enter thefollowing commands to restore the factorydefault configuration.
Courier New Operational displays andnoncommand-relatedsyntax.
commit complete
Exiting configuration mode
Courier New italic
underline
A syntax variable that thereader is expected to definelocally.
You will now apply yourospfexport-policyto the OSPFrouting instance as an export policy.
Courier New bold Command syntax isdisplayed in bold todifferentiate commandsfrom descriptive text.
Please note that the CourierNew bold style can becombined with other stylesas needed, for example, toindicate a command thatinvolves the use of a locallydefined named variable.
erx1:isp-1#configure terminal
Or
The user can display interface status withthe show interfacescommand andmay make use of the extensive switch, asneeded, to obtain additional information.
Courier New italic Predefined syntax vari-ables suchas namedpolicies orpasswords.
You will now apply the ospf-test-pol-
icyto the OSPF routing
instance as an exportpolicy.
Courier New italic
underline
A syntax variable that thereader isexpected todefinelocally.
You will now apply yourospfexport-policy
to the OSPF routinginstance as an exportpolicy.
-
8/10/2019 CJNR_V2
27/316
Additional Information 27
: Preface
Additional Information
Education Services OfferingsYou can obtain information on the latest Education Services offerings, coursedates, and class locations from the World Wide Web by pointing your Webbrowser to: http://www.juniper.net/training/.
About This Publication
The Configuring Juniper Networks RoutersStudent Guide was developed andtested using software Release 6.13R1.3. Previous and later versions of softwaremay behave differently so you should always consult the documentation andrelease notes for the version of code you are running before reporting errors.
This document is written and maintained by the Juniper Networks Education
Services development team. Please send questions and suggestions forimprovement to mailto:[email protected].
Technical Publications
You can print technical manuals and release notes directly from the Internet in avariety of formats:
1. Go to http://www.juniper.net/support/.
2. On the left side of the page, click the Technical Documentationbutton to bedirected to the technical documentation area of the Juniper NetworksWebsite.
3. Locate the specific software or hardware release and title you need, andchoose the format in which you want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networkssales office or account representative.
Juniper Networks Support
For technical support, contact Juniper Networks at [email protected], or at1-888-314-JTAC (within the United States) or 408-745-2121 (from outside theUnited States).
-
8/10/2019 CJNR_V2
28/316
Configuring Juniper Networks Routers - Stujdent Guide V2
28 Additional Information
-
8/10/2019 CJNR_V2
29/316
29
Chapter 1: Module 1: Traffic Engineering Overview
Chapter 1
Module 1: Traffic Engineering Overview
-
8/10/2019 CJNR_V2
30/316
Configuring Juniper Networks Routers - Stujdent Guide V2
30 Module Objectives
Module Objectives
After successfully completing this module, you will be able to:
Describe the basic concept of MPLS
Explain the evolution of traffic engineering
Explain why IGP-ba