CJNR_V2

8/10/2019 CJNR_V2

1/316

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089

USA

408-745-2000

www.juniper.net

Part Number: xxx-xxxxxx-xx, Revision 1

Product FamilySecond Line of Product Family

Optional Third Line of Product Family

Optional Fourth Line of Product Family

Configuring Juniper Networks Routers

Student Guide, Volume 2

Release 6.a

8/10/2019 CJNR_V2

2/316

2

Check with your manager for replacement boilerplate for each release.Software documentation boilerplate located: \\neptune\techpubs\software\boilerplate-swHardware documentation boilerplate located: \\neptune\techpubs\hardware\boilerplate-hw

Replace with the trademark information. The latest trademark information can be found on \\Neptune.

8/10/2019 CJNR_V2

3/316

: 3

Table of Contents

List of Tables 15

List of Figures 17

Preface 21

Course Overview ............... ............. ............... .............. ............... ............... .............. ...22

Objectives ................ ............... .............. ............... ............... .............. ................ ..........22

Intended Audience......................................................................................................23Course Level...............................................................................................................23

Prerequisites................................................................................................................23

Course Agenda ...........................................................................................................23

Day 1 ...................................................................................................................23

Day 2 ...................................................................................................................24

Document Conventions ..............................................................................................26

Additional Information ............. ............... .............. ............... ............... .............. .........27

Education Services Offerings..............................................................................27

About This Publication........................................................................................27

Technical Publications.........................................................................................27

Juniper Networks Support ............... .............. ............... .............. ............... ..........27

Chapter 1 Module 1: Traffic Engineering Overview 29Module Objectives......................................................................................................30

This Module Discusses........................................................................................30

Traffic Engineering Overview....................................................................................31

MPLS: The Concept ................ ............. ............... ................ ............. ............... ...........32

Mechanism for Traffic Engineering .............. ............... .............. ............... ..........32

Packet Analysis ...................................................................................................32

Handles Packets at Layer 2 through the Tunnel..................................................32

RFC Support........................................................................................................32

Early Internet ............... .............. ............... ............. ................ ............... ............. .........34

In the Early Days.................................................................................................34

IGP Metric-Based Forwarding ...................................................................................35

Forwarding Based on the IGP .............................................................................35

Drawbacks of IGP Metric Forwarding ............... .............. ............... ............... ............36Some Drawbacks of IGP Forwarding..................................................................36

Additional Drawbacks of IGP Metrics ................ ............... ............... ............... ..........37

Additional Drawbacks.........................................................................................37

Growth Requires Changes ............. ............. ............... ............... .............. ............... .....38

Growth of the Internet ............. ............... .............. ............... ............. ................ ...38

Overlay Networks Are Born.......................................................................................39

Behavior of ATM Switches.................................................................................39

Overlay Networks................................................................................................39

ATM PVCs..........................................................................................................39

Benefits................................................................................................................40

8/10/2019 CJNR_V2

4/316

4

:

Configuring Juniper Networks Routers - Stujdent Guide V2

Overlay Networks.......................................................................................................41

Overlay Network Blueprint .............. .............. ............... ............... .............. .........41

Overlay Network Drawbacks .....................................................................................42

Scalability Issues ............. .............. ................ ................ ............... ............... ........42

ATM PVCs Not Well Integrated.........................................................................42

More Overlay Network Drawbacks............................................................................43

ATM Cell Overhead .............. .............. ............... ............... .............. ................ ....43

ATM SAR Speed.................................................................................................43

Routers Evolve ...........................................................................................................45

Routers Today .....................................................................................................45

Solution ...............................................................................................................45

Why Engineer Traffic? ............ ............... .............. ............... ............. ............... ...........46

Purpose of Traffic Engineering ........... ............... ............... .............. ............... .....46

Review Questions ............. ............. ................ ............. ................ ............... .............. ...47

This Module Discussed: ............. .............. ............... ............... .............. ............. ..47

Lab 1: MPLS Setup Lab ........... ............... ................ .............. ............... ............... ......48

Chapter 2 Module 2: Multiprotocol Label Switching Fundamentals 49

Module Objectives......................................................................................................50

This Module Discusses:.......................................................................................50

MPLS Fundamentals ..................................................................................................51

Benefits of MPLS ............. .............. ............... .............. ............... ............... .............. ...52

Virtual Circuits for IP..........................................................................................52

Faster Routers? ............. ................ ............... ............. ............... .............. ..............52

Real Value of MPLS Today ............. .............. ............... ............... .............. .........52

IGP-Based Traffic Engineering ................ ............. ............... ................ ............. .........53

IGP Routing and Traffic Engineering .............. .............. ................ ............. ........53

Physical Next Hop and IP Prefixes .....................................................................53

MPLS-Based Traffic Engineering .............. ............... ............. ................ ............... .....54

Unidirectional Paths for Traffic Engineering......................................................54

MPLS Traffic Engineering Paths ...............................................................................55

Label-Switched Paths and IP Addresses .............................................................55

MPLS Terminology....................................................................................................56

MPLS Domains...................................................................................................56

Label-Switching Routers ............. .............. ............... .............. ............... ................ .....57

MPLS Performed by Label-Switching Routers...................................................57

Router = LSR.......................................................................................................57

MPLS Router Functions: Ingress ...............................................................................58

The Functions of the Ingress Router ...................................................................58

MPLS Router Functions: Transit................................................................................59

The Functions of the Transit Router....................................................................59

MPLS Router Functions: Penultimate........................................................................60

The Function of the Penultimate Router .............................................................60

MPLS Router Functions: Egress ................................................................................61The Functions of the Egress Router .............. ............... .............. ............... ..........61

MPLS Labels ................ ............. ................ ............... .............. ............... ................ .....62

Assigned Manually or by Signaling Protocol......................................................62

Changing Labels by Segment..............................................................................62

Label Swapping ................ ............. ............... ................ ............. ............... ...........62

Local Significance and Labels.............................................................................62

Labeled Packets ............. ................ ............... .............. ............... .............. ............... ....63

Labeled Packets...................................................................................................63

IP Packet Restored at Egress .............. ............... .............. ............... ................ .....63

MPLS Shim Header Structure ............. ................ ............... .............. ................ ..........64

8/10/2019 CJNR_V2

5/316

:

: 5

The MPLS Header (Label) Structure ..................................................................64

Reserved MPLS Label Values.............................................................................65

MPLS Processing Example: Ingress...........................................................................66

Following the 134.112.1.5/32 Packet..................................................................66

Ingress Node Pushes a Label...............................................................................66

MPLS Processing Example: Transit...........................................................................67

Transit Router Processing....................................................................................67

MPLS Processing Example: Egress ...........................................................................68

Penultimate and Egress Router Processing ............. ................ .............. ..............68

Penultimate Hop Popping....................................................................................68

Egress Router.......................................................................................................68

Label Stacking .............. ................ ............. ................ ............. ................ ............... .....70

Stacking for Scalability ................ ............... .............. ................ ................ ..........70

Review Questions ............. ............. ................ ............. ................ ............... .............. ...71

This Module Discussed: ............. .............. ............... ............... .............. ............. ..71

Chapter 3 Module 3: RSVP-Signaled LSPs 73

Module Objectives......................................................................................................74

This Module Discusses:.......................................................................................74

RSVP-Signaled LSPs Agenda ............. ............... .............. ............... ................ ...........75

Static LSPs: Pros and Cons ........................................................................................76

Static LSP Advantages ............... .............. ................ ............... .............. ..............76

Static LSP Disadvantages....................................................................................76

Static LSP Configuration............................................................................................78

Manual Configuration .........................................................................................78

Reserved Labels for Static LSPs .........................................................................78

Static LSP Label Mapping Example ..........................................................................79

Sample Static LSP Configuration........................................................................79

Static LSP Configuration Statements ............. ............... .............. ................ ............. ..80

Static LSP Configuration Example .....................................................................80

Static LSPs and the Routing Table ............. ............... ................ .............. ............... ....82

Static LSPs on the Ingress Router .............. .............. ............... .............. ..............82

Static LSPs and the Forwarding Table ............... .............. ............... ................ ...........83

Static LSPs on Transit Routers............................................................................83

Summary: Static versus Signaled LSPs......................................................................84

Static LSPs ..........................................................................................................84

Signaled LSPs......................................................................................................84

Signaled LSP Overview..............................................................................................86

Configured at Ingress Router Only......................................................................86

Controlling the Path of a Signaled LSP...............................................................86

LSP Signaling Options ...............................................................................................87

LSP Signaling Protocol Options..........................................................................87

JUNOS Software Support for LDP Signaling.....................................................88

RSVP Signaling..........................................................................................................89RSVP Background......................................................................................................90

RSVP Background ..............................................................................................90

RFC 2205 ............................................................................................................90

Basic RSVP Path Signaling........................................................................................91

RSVP Data Flows................................................................................................91

RSVP Is a Soft State Protocol ............. ............... ............... .............. ................ ....91

More RSVP Message Types.......................................................................................93

RSVP Message Types .........................................................................................93

Extended RSVP ............. ............... .............. ............... ............... .............. ............... .....94

Traffic Engineering Extensions to RSVP............................................................94

8/10/2019 CJNR_V2

6/316

6

:


Now Positioned as a Router Signaling Protocol ................. ............... .............. ...94

MPLS Extensions to RSVP ................ ............... .............. ................ ............... ............95

RSVP Message Objects.......................................................................................95

Explicit Route Objects................................................................................................96

Explicit Route Objects for Traffic Engineering .............. ................ ............... .....96

Label Objects..............................................................................................................97

Requesting Labels ...............................................................................................97

Assigning Labels ............. ............. ............... .............. ............... ............... ............97

The Record Route Object ............. .............. ............... ............. ................ ............... .....98

Record Route ObjectDownstream via Path Message......................................98

Record Route ObjectUpstream via Reservation Message...............................98

Session Attribute Object...........................................................................................100

Session Attribute Object....................................................................................100

Tspec Object ............... .............. ............... .............. ............... ............. ................ .......101

Tspec Object......................................................................................................101

RSVP Neighbor and Path Maintenance....................................................................102

Adjacency Maintenance ...........................................................................................103

Establishing an RSVP Adjacency .....................................................................103Rapid Node-to-Node Failure Detection.............................................................103

Path Maintenance .....................................................................................................104

Path Refresh.......................................................................................................104

RSVP Message Aggregation .............. ............. ................ ............... ............. .............105

Aggregation of RSVP Messages ............. ................ ............. ............... ..............105

RSVP Signaling Example: Path ...............................................................................106

Signaled Path from San Francisco to New York...............................................106

RSVP Signaling Example: Reservation ...................................................................107

Returning a Reservation Establishes LSP State ................ ............... ............... ..107

Configuring RSVP-Signaled LSPs...........................................................................108

Configuring Baseline MPLS Functionality ............... ............... .............. ................ ..109

Enabling Labeled Packets on Interfaces............................................................109

Configuring the MPLS Instance........................................................................109Configuring RSVP....................................................................................................110

Configuring RSVP ............................................................................................110

Add RSVP Authentication........................................................................................111

Authentication Support......................................................................................111

Configuration Example .....................................................................................111

Minimal LSP Configuration Example......................................................................112

Defining a Basic LSP ............. ............. ................ ............... ............. ................ ..112

Adding a Bandwidth Reservation.............................................................................113

Adding a Bandwidth Reservation......................................................................113

RSVP Monitoring and Troubleshooting...................................................................114

Displaying RSVP Interface Information ..................................................................115

Displaying RSVP Interface Information .............. ................ ............... ..............115

Displaying RSVP Neighbors ............ .............. ............... .............. ............... ..............117

Displaying RSVP Neighbors.............................................................................117

Displaying RSVP Statistics ............... ............... .............. ................ ............. ......118

Displaying RSVP Statistics ............... ............... .............. ................ ............. ......118

Displaying RSVP Session Status..............................................................................119

Displaying RSVP Session Status ......................................................................119

Troubleshooting LSP Problems................................................................................121

Troubleshooting LSP Problems.........................................................................121

Clearing LSPs ........... ............... ............... .............. ............... .............. ............... ........122

Clearing LSPs....................................................................................................122

8/10/2019 CJNR_V2

7/316

:

: 7

Tracing RSVP...........................................................................................................123

RSVP Tracing....................................................................................................123

Review Questions ............. ............. ................ ............. ................ ............... .............. .124

This Module Discussed: ............. ............. ............... .............. ............... ............. .124

Lab 2: RSVP Signaling.............................................................................................125

Chapter 4 Module 4: LSPs and Routing Table Integration 127

Module Objectives....................................................................................................128

This Module Discusses:.....................................................................................128

Routing Table Integration.........................................................................................129

Mapping BGP Next Hops to LSPs ............. ................ ............... .............. ............... ..130

The Use of the inet.3 Routing Table .................................................................130

BGP Installs LSP as Next Hop..........................................................................130

Route Resolution Example ............. ............... ............. ............... .............. ............... ..131

Route Resolution .............. ............. ............... ................ ............. ............... .........131

Unusable BGP Next Hop..........................................................................................132

Unusable BGP Next Hop...................................................................................132The Problem .............................................................................................................133

Why the Route Is Hidden ............. ............... .............. ............... ............. ............133

One Solution: Next-Hop Self at NY.........................................................................134

LSP to New York Is Configured ..............................................................................135

LSP from San Francisco to New York Is Configured.......................................135

LSP to New York Is Established .............. ............... .............. ................ ............. ......136

Lowest Preference Wins...........................................................................................137

BGP Installs LSP as Next Hop ............. ................ ................ ............... .............. .......138

BGP Installs LSP as Forwarding Next Hop for 134.112/16 .............................138

Ingress Router Behavior ............ ............... ............... ............. ............... .............. .......139

Route Resolution at Ingress Router...................................................................139

Ingress Resolves BGP Next Hop..............................................................................141

BGP Resolves Its Next Hop Using Both Tables ............. ............... ............... ....141

Ingress Installs LSP for Forwarding.........................................................................142

BGP Selects inet.3 over inet.0...........................................................................142

LSP Installed as Forwarding Next Hop in inet.0...............................................142

Route Resolution Summary......................................................................................143

LSPs Are Installed in Ingress Routers inet.3 Table..........................................143

Only BGP Is Aware of inet.3 ............................................................................143

Routing Table Summary...........................................................................................144

Routing Tables Used in MPLS..........................................................................144

Effects of Passive IGP versus Next-Hop Self ..........................................................145

The Ramifications of a Passive IGP Solution ............... ............... .............. .......145

A Thought-Provoking Question ...............................................................................147

The 60,000-Dollar Question..............................................................................147

The Answer...............................................................................................................148

Traffic to 192.168.24.1......................................................................................148Traffic to 192.168.24.5......................................................................................148



Lab 3: Routing Table Integration .............................................................................150

Chapter 5 Module 5: Named Paths and Routing Constraints 151



Explicit Route Objects..............................................................................................153

8/10/2019 CJNR_V2

8/316

8

:


Explicit Route Objects: A Definition .......................................................................154

Explicit Route Objects Defined.........................................................................154

Path Contains All Hops Specified .............. .............. ................ ............... ..........154

Loose and Strict Hops .......................................................................................154

Strict EROs ............. ................ .............. ............... ............... .............. ............... .........156

Strict EROs........................................................................................................156

Loose EROs..............................................................................................................157

Loose Hops........................................................................................................157

Using Both Strict and Loose EROs ............... ............. ............... .............. ............... ..158

Combining Strict and Loose Hops ....................................................................158

A Little ERO Is Goodbut More Is Better .............................................................159

A Little Is Good.................................................................................................159

Partial ERO Example................................................................................................160

Partial ERO Example ........................................................................................160

ERO Processing Summary .......................................................................................161

RSVP Message Addresses to Local Router.......................................................161

Nonegress Router ERO Processing ............. .............. ............... ............. ............161

Named Path Configuration Example ............. ............. ............... ............. ............... ...162Named Path Configuration Example............. ............... .............. ............... ........162

ERO Case Study ............... ............. ............... .............. ............... ............. ............... ...163

ERO Configuration Case Study ........................................................................163

Modifying Named Paths...........................................................................................164

Ways to Modify Named Paths...........................................................................164

Confirming LSP Routing..........................................................................................166

Confirming LSP Routing...................................................................................166



Lab 4: Routing Constraints.......................................................................................169

Chapter 6 Module 6: Firewall Filters 171



Firewall Filters..........................................................................................................173

Firewall Filters ..................................................................................................173

Firewall Filters..........................................................................................................174

Actions...............................................................................................................174

Accept/Reject/Discard.......................................................................................174

Internet Processor II Filtering............................................................................174

Analysis ............... .............. ............... .............. ............... ............. ................ .......174

Overview of Firewall Filter Syntax ................ ............... .............. ............... ..............175

Syntax................................................................................................................175

Hierarchy Level ............... .............. ............... ............... .............. ............... .........175

One or More Terms ............... .............. ............... ............. ............... ............... ....175

Actions and Modifiers ............... .............. ............. ............... ............... .............. .176One Filter per Unit, per Direction .....................................................................176

Current Firewall Filter Syntax..................................................................................177

Current and Old Firewall Syntax.......................................................................177

How Filters Are Evaluated ............. ............... .............. ................ ............... ..............178

Single Terms......................................................................................................178

Multiple Terms ............. ............... ............... .............. ............... ............. .............178

Overview of Match Conditions ................................................................................179

Firewall Match Conditions................................................................................179

The from Statement Sets Match Conditions......................................................179

Match Condition Categories..............................................................................179

8/10/2019 CJNR_V2

9/316

:

: 9

Numeric Range Filter Match Condition .............. ............... ............... ............... ........181

Numeric Matches........ ............... .............. ............... .............. ............... ..............181

Format ...............................................................................................................181

Keywords...........................................................................................................181

Address Filter Match Condition ............... ............... .............. ................ ............... ....183

IP Prefixes .........................................................................................................183

Keywords...........................................................................................................183

Longest Match...................................................................................................183

Bit-Field Match Condition........................................................................................184

Matching on Bits ...............................................................................................184

Symbolic Names................................................................................................184

Bit Matching......................................................................................................184

Logical Operators ............. ................ ............. ............... .............. ............... ........185

Bit-Field Match Examples........................................................................................186

Bit-Field Match Conditions...............................................................................186

Firewall Actions Overview.......................................................................................188

Firewall Actions ................................................................................................188

Action Statements.....................................................................................................189Action Statements..............................................................................................189

Reject Message Options ...........................................................................................191

Reject Options ...................................................................................................191

Action Modifiers.......................................................................................................192

Counters.............................................................................................................192

Logging .............................................................................................................192

Sampling............................................................................................................193

Applying Firewall Filters..........................................................................................194

Applying Filters.................................................................................................194

Common Filters.................................................................................................194

Input and Output................................................................................................194

Protecting the Routing Engine ..........................................................................194

Transit versus Routing Engine Filters ............. ............... ............... .............. .............195Protecting the Routing Engine ..........................................................................195

Careful!..............................................................................................................196

Default Discard All............................................................................................196

Sample Topology......................................................................................................197

Example.............................................................................................................197

Spoof Prevention ......................................................................................................198

Stopping Spoofs ................................................................................................198

Inbound Spoof Prevention ............. ............. ............... ............. ............... ............. ......199

Inbound Spoofs..................................................................................................199

Remember to Apply! .............. ............. ............... ............. ............... ............. ......199

Pop Quiz!..................................................................................................................200

Quiz ...................................................................................................................200

Preventing Fragmentation Exploits ..........................................................................201

Problems with Fragments..................................................................................201

Securing the FTP/WWW Server ..............................................................................203

Server Security ..................................................................................................203

Outgoing Service Restriction....................................................................................204

Restricting Services...........................................................................................204

Rate Policing.............................................................................................................205

Filters Identify Traffic for Rate-Limiting..........................................................205

Rate Limits ........................................................................................................205

Excess Traffic....................................................................................................206

Rate Policing Example .............................................................................................207

8/10/2019 CJNR_V2

10/316

10

:


Example.............................................................................................................207

Interface-Based Policers ............. ............... .............. ............... ............... .............. .209

Two-Level Policers ...........................................................................................209

Viewing Interface Policers .......................................................................................210

Viewing Policers (Part 1) ..................................................................................210

Firewall-Related Operational Commands ............... .............. ............... .............. ......211

Internet Processor II Operational Commands ...................................................211

Displaying Counter and Policer Statistics ................ ............. ............... .............. ......212

Displaying Counter and Policer Statistics ............... ................ ............. .............212

Displaying Entries in the Kernel Cache ...................................................................213

Displaying Entries in the Kernel Cache ............. ............... .............. ................ ..213

View Firewall-Related Syslog Entries .....................................................................214

Displaying Firewall-Related Syslog Entries .....................................................214

Clearing Firewall Filter Counters ............. ............... .............. ............... .............. ......215

Clearing Firewall Filter Counters......................................................................215



Lab 5: JUNOS Software Firewall Filters .................................................................217

Chapter 7 Module 7: Multicast Theory 219



IP Multicast Agenda .............. .............. ............... .............. ................ ............... .........221

Traffic Flow..............................................................................................................222

Address Types and Traffic Flow .............. ............... ............. ................ .............222

IP Multicast Addressing ...........................................................................................223

Multicast Addresses...........................................................................................223

Registered Groups ............ ............... .............. ............... ............. ............... .........223

Scoped Range ............. ............. ............... .............. ............... ............. ............... ..223

IP Multicast-to-Ethernet Mapping............................................................................224

Address Mapping...............................................................................................224

IP Multicast-to-Ethernet Mapping Example.............................................................225

Address Mapping Example ...............................................................................225

Multicast Components..............................................................................................226

Sources and Group Members ............................................................................226

Host Protocols ...................................................................................................226

Routing Protocols ............. ............... .............. ............... ............. ................ ........226

Other Multicast Features ............. ............... .............. ................ ............... ..........227

The IGMP Protocol ..................................................................................................228

Operation and Software Support for IGMP.......................................................228

IGMP ........................................................................................................................229

IGMP.................................................................................................................229

IGMP Message Exchange ............. ............... ................ ............. ............... .........229

JUNOS Software Support..................................................................................229Multicast Groups and Routing..................................................................................230

Group Membership Protocols versus Multicast Routing Protocols ............... ...230

IGMP Versions ............... .............. ............... .............. ............... ............. ................ ..231

IGMP Version 1 ................................................................................................231

IGMP Version 2 ................................................................................................231

IGMP Version 3 ................................................................................................232

IGMP Version 2.......................................................................................................233

IGMP Version 2 ................................................................................................233

Querier Election.................................................................................................233

Leave-Group Message.......................................................................................233

8/10/2019 CJNR_V2

11/316

:

: 11

IGMPv2 Join Process ...............................................................................................234

Joining a Multicast Group ............... .............. ............... .............. ................ .......234

IGMPv2 Query-Response Process ...........................................................................235

Query-Response Model ............... ............... .............. ............... ............. .............235

IGMPv2 Group Leave ............. ............. ............... ............... .............. ............... .........237

IGMPv2 Group Leave ............. ............... ............. ............... .............. ............... ..237

IGMPv3 and SSM ....................................................................................................238

IGMPv3 and SSM .............................................................................................238

Multicast Routing .............. ............... .............. ............... .............. ............... ..............240

Multicast Routing .............. ............... .............. ............... ............... .............. .......240

Multicast Routing Protocol Characteristics ................ ............... .............. ................ .241

Multicast Routing Differs from Unicast Routing..............................................241

Reverse-Path Forwarding .............. ............... ............. ............... ............... ..........241

Distribution Trees..............................................................................................241

Reverse-Path Forwarding ............. ............. ............... .............. ............... ............... ....242

Reverse-Path Forwarding .............. ............... ............. ............... ............... ..........242

The RPF Check (1 of 2)............................................................................................243

The RPF Check: Part 1......................................................................................243The RPF Check (2 of 2)............................................................................................244

The RPF Check: Part 2......................................................................................244

Dense-Mode Routing Protocols................................................................................245

Dense-Mode Routing Protocol Behavior ............. ............... ............... .............. .245

Source-Based Distribution Tree .............. ............... .............. ............... ..............245

Dense-Mode Protocols ......................................................................................245

PIM Dense Mode Operation.....................................................................................246

PIM Dense Mode Operation..............................................................................246

Pruning Unwanted Traffic ............. ............... .............. ............... ............. ............... ...247

Pruning Unwanted Traffic.................................................................................247

After the Prune..........................................................................................................248

After the Prune ..................................................................................................248

A Shortest-Path Tree ................................................................................................249Source Distribution Tree .............. ................ ............. ................ ............... .........249

PIM Sparse Mode ............. .............. ............... ............. ............... .............. ............... ..250

PIM Independence.............................................................................................250

PIM Sparse Mode Trees ............ .............. ............... .............. ............... ..............250

Design Considerations.......................................................................................250

Sparse-Dense Mode...........................................................................................251

PIM Sparse Mode: The Shared Tree ........................................................................252

PIM Sparse Mode: The Shared Tree .............. ............... ................ ............. .......252

PIM Sparse Mode: Switch to SPT (1 of 3)...............................................................253

PIM Sparse Mode: Switch to SPT (Part 1)........................................................253





PIM Register Messages ............... .............. ............... .............. ............... ............. ......256

PIM Register Messages ............... ............... .............. ............... .............. ............256

The Result.................................................................................................................257

When All Is Said and Done ................ ............... .............. ............... ............... ....257

Joining a Shared Tree Example: Step 1....................................................................258

Joining a Shared Tree Example.........................................................................258

Joining a Shared Tree Example: Step 2....................................................................260

Traffic Flows Over the Shared Tree..................................................................260

Analyzing Join State: Shared Tree ...........................................................................261

8/10/2019 CJNR_V2

12/316

12

:


Shared-Tree Join State.......................................................................................261

Joining the Shortest-Path Tree..................................................................................263

Joining the SPT .................................................................................................263

Traffic Flows over the SPT ......................................................................................264

Traffic Now Follows the SPT............................................................................264

Sydney after Joining the SPT ..................................................................................265

Sydney after Joining the SPT .............. ............... ................ .............. ............... ..265

Confirming SPT State: Sao Paulo ...........................................................................266

Confirming Sao Paulo Is on the SPT.................................................................266

Confirming RPF State: Sao Paulo ............ ................ ............. ............... .............. ......267

Confirming the RPF State on the Sao Paulo Router .........................................267

PIM RP Discovery Options ............... ............. ............... .............. ............... ............. .268

PIM RP Discovery Options...............................................................................268

Determining the RP ............. ............... ............... .............. ............... .............. ............269

Dynamic RPs.....................................................................................................269

Auto-RP ............. ................ ............. ............... .............. ............... ............... .............. .270

Dynamic RP Assignment ..................................................................................270

Dense Groups Needed ............. ............... ............. ............... .............. ............... ..270Failover Capabilities..........................................................................................270

Mapping Agents ................................................................................................271

Bootstrap Router (1 of 2)..........................................................................................272

Priority for Becoming the Bootstrap Router .....................................................272

Mechanism to Select the RP..............................................................................272

Bootstrap Router (2 of 2)..........................................................................................273

Bootstrap Mechanism........................................................................................273

Load Balancing..................................................................................................273

SAP and SDP Protocols............................................................................................275

SAP and SDP Protocols ....................................................................................275

Overview of SDP and SAP.......................................................................................276

Session Description Protocol.............................................................................276

Session Announcement Protocol.......................................................................276Displaying Session Details ............... .............. ............... .............. ................ .............277

Displaying Session Details ................ ............. ................ ............... .............. ......277

Module Review.........................................................................................................278


Chapter 8 Module 8: Multicast Configuration and Monitoring 279



Multicast Support .....................................................................................................281

JUNOS Software Multicast Support .................................................................281

Configuring Multicast...............................................................................................282

Configuring IGMP....................................................................................................283

IGMP Configuration..........................................................................................283PIM Configuration: General.....................................................................................285

PIM Configuration: General..............................................................................285

PIM Configuration: RP Properties ...........................................................................287

General PIM Configuration: RP Properties.......................................................287

Configuration Example: Static RP ...........................................................................289

Static RP Configuration Example .....................................................................289

Configuration Example: Auto-RP ............. ............... .............. ............... ............. ......290

Auto-RP Configuration Example ............. ............... ................ ............. .............290

Configuration Example: Bootstrap...........................................................................292

Bootstrap Configuration Example.....................................................................292

8/10/2019 CJNR_V2

13/316

:

: 13

Monitoring Multicast Operation...............................................................................294

Multicast Operational Commands.....................................................................294

Obtaining IGMP Interface Information ................ ............... .............. ............... ........295

Displaying the IGMP Interface .........................................................................295

Displaying IGMP Group Information ......................................................................296

Displaying IGMP Group Information .............. .............. ............... ............. .......296

Displaying IGMP Statistics .............. .............. ................ ............... .............. .............297

Displaying IGMP Statistics ................ ............... .............. ................ ............... ...297

Displaying the Bootstrap Router ..............................................................................298

Displaying the Bootstrap Router ............. ............. ................ ............... ............. .298

Determining RP Status .............................................................................................299

Determining RP Status .............. .............. ............. ................ ............... ............. .299

Viewing Extended RP Information ..........................................................................300

Viewing Extended RP Information .............. ............. ............... ............... ..........300

Displaying PIM Interfaces........................................................................................301

Displaying Interfaces Running PIM..................................................................301

Displaying PIM Neighbors.......................................................................................302

Listing PIM Neighbors......................................................................................302Displaying PIM Join State........................................................................................303

Displaying PIM Join States .............. .............. ................ ............... .............. ......303

Examining Source RPF State ...................................................................................304

Displaying Source RPF State .............. ............... ............... .............. ............... ...304

Displaying PIM Statistics .............. ................ .............. ............... ................ ..............305

Displaying PIM Message Types........................................................................305

Viewing Usage Statistics .............. .............. ............... ................ .............. ............... ..307

Viewing Usage Statistics...................................................................................307

Displaying Multicast Routing Table.........................................................................308

Displaying Multicast Routes .............. ................ ............... .............. ................ ..308

Displaying Outgoing Interface Lists.........................................................................309

Displaying Next-Hop ID to Outgoing Interface List Mappings........................309

Confirming Presence of Tunnel Services PIC..........................................................310Verifying Tunnel Services PIC Presence ............. ............... ............... .............. .310

No Configuration Needed........... .............. ............... ............. ............... ..............311

Module Review.........................................................................................................312


Labs 6 and 7: IP Multicast........................................................................................313

Index ........................................................................................................................315

8/10/2019 CJNR_V2

14/316

14

:


8/10/2019 CJNR_V2

15/316

: List of Tables 15

List of Tables

Table 1: Keywords Used with Numeric Match Conditions..................................181

Table 2: Bit-Field Logical Operators....................................................................185

Table 3: Bit-Field Match Conditions Used in a Firewall Filter............................186

Table 4: Text Synonyms Used in a Firewall Filter...............................................187

Table 5: Filter Actions..........................................................................................189

Table 6: Action Modifiers.....................................................................................189

8/10/2019 CJNR_V2

16/316

16

: List of Tables


8/10/2019 CJNR_V2

17/316

: List of Figures 17

List of Figures

Figure 1: IGP Metric-Based Forwarding .................................................................35

Figure 2: Drawbacks of IGP Metric Forwarding .....................................................36

Figure 3: Overlay Networks.....................................................................................41

Figure 4: IGP-Based Traffic Engineering ................................................................53

Figure 5: MPLS-Based Traffic Engineering............................................................54

Figure 6: MPLS Traffic Engineering Paths .............................................................55

Figure 7: MPLS Terminology..................................................................................56

Figure 8: Label-Switching Routers ..........................................................................57Figure 9: MPLS Router Functions: Ingress .............................................................58

Figure 10: MPLS Router Functions: Transit..............................................................59

Figure 11: MPLS Router Functions: Penultimate......................................................60

Figure 12: MPLS Router Functions: Egress ..............................................................61

Figure 13: Labeled Packets ............... .............. ............... ................ .............. ..............63

Figure 14: MPLS Shim Header Structure ................ .............. ............... ................ .....64

Figure 15: MPLS Processing Example: Ingress.........................................................66

Figure 16: MPLS Processing Example: Transit.........................................................67

Figure 17: MPLS Processing Example: Egress .........................................................68

Figure 18: Label Stacking ............. ............... .............. ............... .............. ............... ....70

Figure 19: Static LSP Label Mapping Example ........................................................79

Figure 20: Static LSP Configuration Statements ............. ............... ................ ...........80

Figure 21: Static LSPs and the Routing Table ............... ............... .............. ...............82Figure 22: Static LSPs and the Forwarding Table ............... ................ .............. ........83

Figure 23: Basic RSVP Path Signaling......................................................................91

Figure 24: RSVP Signaling Example: Path .............................................................106

Figure 25: RSVP Signaling Example: Reservation .................................................107

Figure 26: Displaying RSVP Session Status............................................................119

Figure 27: Troubleshooting LSP Problems..............................................................121

Figure 28: Route Resolution Example ............... .............. ............... ............. ............131

Figure 29: Unusable BGP Next Hop........................................................................132

Figure 30: BGP Next Hop Problem.........................................................................133

Figure 31: One Solution: Next-Hop Self at NY.......................................................134

Figure 32: LSP to New York Is Configured ............................................................135

Figure 33: LSP to New York Is Established .............. ................ ............... .............. .136

Figure 34: Lowest Preference Wins.........................................................................137Figure 35: BGP Installs LSP as Next Hop ................ ............. ................ ............... ...138

Figure 36: Ingress Router Behavior ........... ............... ............. ............... ............. ......139

Figure 37: Ingress Resolves BGP Next Hop............................................................141

Figure 38: Ingress Installs LSP for Forwarding.......................................................142

Figure 39: Effects of Passive IGP versus Next-Hop Self ........................................145

Figure 40: Strict EROs ............. ............... ............. ................ ............. ............... ........156

Figure 41: Loose EROs............................................................................................157

Figure 42: Using Both Strict and Loose EROs ............. .............. ............... ............. .158

Figure 43: Partial ERO Example..............................................................................160

Figure 44: Named Path Configuration Example......................................................162

8/10/2019 CJNR_V2

18/316

18

: List of Figures


Figure 45: ERO Case Study .............. ............. ............... .............. ............... ............. .163

Figure 46: Modifying Named Paths .............. ............. ............... .............. ............... ..164

Figure 47: Confirming LSP Routing........................................................................166

Figure 48: Bit-Field Match Examples......................................................................186

Figure 49: Transit versus Routing Engine Filters ............ ............... ................ .........195

Figure 50: Sample Topology....................................................................................197

Figure 51: Spoof Prevention ....................................................................................198

Figure 52: Inbound Spoof Prevention ............. ............... ............. ............... ............. .199

Figure 53: Pop Quiz .................................................................................................200

Figure 54: Preventing Fragmentation Exploits ............. .............. ............... ............. .201

Figure 55: Securing the FTP/WWW Server ............................................................203

Figure 56: Outgoing Service Restriction..................................................................204

Figure 57: Rate Policing Example ...........................................................................207

Figure 58: Interface-Based Policers ........... ............... ............... .............. ............... ...209

Figure 59: Viewing Interface Policers .....................................................................210

Figure 60: Traffic Flow............................................................................................222

Figure 61: IP Multicast Addressing .........................................................................223

Figure 62: IP Multicast-to-Ethernet Mapping..........................................................224Figure 63: IP Multicast-to-Ethernet Mapping Example...........................................225

Figure 64: Multicast Groups and Routing................................................................230

Figure 65: IGMPv2 Join Process .............................................................................234

Figure 66: IGMPv2 Query-Response Process .........................................................235

Figure 67: IGMPv2 Group Leave ............. ............... .............. ............... ............. ......237

Figure 68: IGMPv3 and SSM ..................................................................................238

Figure 69: The RPF Check (1 of 2)..........................................................................243

Figure 70: The RPF Check (2 of 2)..........................................................................244

Figure 71: PIM Dense Mode Operation...................................................................246

Figure 72: Pruning Unwanted Traffic ............. ............... ............... .............. .............247

Figure 73: After the Prune........................................................................................248

Figure 74: A Shortest-Path Tree ..............................................................................249

Figure 75: PIM Sparse Mode: The Shared Tree ......................................................252Figure 76: PIM Sparse Mode: Switch to SPT (1 of 3).............................................253

Figure 77: PIM Sparse Mode: Switch to SPT (2 of 3).............................................254

Figure 78: PIM Sparse Mode: Switch to SPT (3 of 3).............................................255

Figure 79: PIM Register Messages .............. .............. ............... ............. ............... ...256

Figure 80: Receiver and RPT on SPT (Result) .............. ............. ............... ..............257

Figure 81: Joining a Shared Tree Example: Step 1..................................................258

Figure 82: Joining a Shared Tree Example: Step 2..................................................260

Figure 83: Analyzing Join State: Shared Tree .........................................................261

Figure 84: Joining the Shortest-Path Tree................................................................263

Figure 85: Traffic Flows over the SPT ....................................................................264

Figure 86: Sydney after Joining the SPT .................................................................265

Figure 87: Confirming SPT State: Sao Paulo ..........................................................266

Figure 88: Confirming RPF State: Sao Paulo ............... .............. ................ .............267

Figure 89: Overview of SDP and SAP.....................................................................276

Figure 90: Displaying Session Details ............... .............. ................ ............... .........277

Figure 91: Configuring IGMP..................................................................................283

Figure 92: PIM Configuration: General...................................................................285

Figure 93: PIM Configuration: RP Properties .........................................................287

Figure 94: Configuration Example: Static RP .........................................................289

Figure 95: Configuration Example: Auto-RP ............. ............... ............... .............. .290

Figure 96: Configuration Example: Bootstrap.........................................................292

Figure 97: Displaying the Bootstrap Router ............................................................298

Figure 98: Determining RP Status ...........................................................................299

8/10/2019 CJNR_V2

19/316

: List of Figures

: List of Figures 19

Figure 99: Viewing Extended RP Information ........................................................300

Figure 100:Displaying PIM Interfaces .....................................................................301

Figure 101:Displaying PIM Neighbors ....................................................................302

Figure 102:Displaying PIM Join State .....................................................................303

Figure 103:Examining Source RPF State.................................................................304

Figure 104:Viewing Usage Statistics .......................................................................307

Figure 105:Displaying Multicast Routing Table ............. ............... ............. .............308

Figure 106:Displaying Outgoing Interface Lists .............. ............... ............... ..........309

Figure 107:Confirming Presence of Tunnel Services PIC .......................................310

8/10/2019 CJNR_V2

20/316

20

: List of Figures


8/10/2019 CJNR_V2

21/316

21

: Preface

Preface

Course Overview on page 22

Objectives on page 22

Intended Audience on page 23

Course Level on page 23

Prerequisites on page 23

Course Agenda on page 23

Document Conventions on page 26

Additional Information on page 27

8/10/2019 CJNR_V2

22/316


22 Course Overview

Course Overview

Configuring Juniper Networks Routers (CJNR) Volume 2 is an instruc-

tor-led course that covers the configuration and support of MPLS, fire-wall filters, multicast, and class of service on Juniper Networks

M-series and T-series platforms. This class is a combination of lecture

and lab with ample time for hands-onexposure to the JUNOS software

configuration and operational-mode troubleshooting.

Objectives

After successfully completing this volume, you will be able to:

Describe the concept of traffic engineering and how to configure

MPLS on a Juniper Networks M-series or T-series platform;

Describe how packet filtering can control the flow of IP packets and

provide security within the Juniper Networks M-series and T-series

platforms and;

Configure and monitor IP multicasting on a Juniper Networks

M-series or T-series platform.

8/10/2019 CJNR_V2

23/316

Intended Audience 23

: Preface

Intended Audience

The primary audiences for this course include the following:

Personnel who are unfamiliar with Juniper Networks M-series and

T-series platform configuration;

Internet engineers; and

Network operations center engineers.

The secondary audiences for this course include the following:

Juniper Networks and partner sales representatives;

Juniper Networks and partner systems engineers; and

Juniper Networks employees (such as hardware engineers, software

engineers, TAC engineers).

Course Level

CJNR Volume 2 is an intermediate-level course designed to provide a

strong product knowledge foundation, and to prepare students for the

more advanced courses available in the Juniper Networks training cur-

riculum.

Prerequisites

The prerequisites for CJNR Volume 2 are:

Configuring Juniper Networks Routers Volume 1 or the equivalent

experience.

Course Agenda

Day 1

Module 1: Traffic Engineering Overview

The Concept of MPLS

The Need for Traffic Engineering

Overlay Networks and Their Drawbacks

Traffic Engineering: A Definition

Module 2: MPLS Fundamentals

MPLS vs. IGP Traffic Engineering

MPLS Terminology

MPLS Labels

MPLS Processing Examples

8/10/2019 CJNR_V2

24/316


24 Course Agenda

Module 3: RSVP-Signaled LSPs

Static vs. Signaled LSPs

Signaled LSP Overview

RSVP Signaling

RSVP Extensions That Support MPLS Traffic Engineering

Path and Neighbor Maintenance

Configure RSVP Signaling

Monitor RSVP-Signaled LSPs

Module 4: LSP and Routing Table Integration

Mapping Next Hops to LSPs

Default Ingress Router Behavior

Using Next-Hop Self vs. a Passive IGP

Overview of LSP Integration Options

Module 5: Named Paths and Routing Constraints

Explicit Route Objects

Strict and Loose Hops

Named Path Configuration

Confirming LSP Routing

Day 2

Module 6: Internet Processor II Firewall Filters

Overview of Firewall Filter Syntax

Match Conditions

Actions

Applying Firewall Filters

Filter Examples

Rate Policing

Operational Analysis of Counters and Policers

Module 7: Multicast Theory

The benefits of Multicast

Multicast Addressing

IGMPMulticast Routing

Dense and Sparse Mode Operation

RP Discovery Options

SAP and SDP

8/10/2019 CJNR_V2

25/316

Course Agenda 25

: Preface

Module 8:Multicast Configuration and Monitoring

JUNOS Software Multicast Support

Configuring Multicast

Auto-RP and BootstrapMonitor Multicast operation

Confirming Presence of Tunnel Services PIC

8/10/2019 CJNR_V2

26/316


26 Document Conventions

Document Conventions

The following table lists the syntax-related style conventions used throughout thisdocument:

Style Description Usage Example

Arial Lab instructions anddescriptive text.

If told to do so by your instructor, enter thefollowing commands to restore the factorydefault configuration.

Courier New Operational displays andnoncommand-relatedsyntax.

commit complete

Exiting configuration mode

Courier New italic

underline

A syntax variable that thereader is expected to definelocally.

You will now apply yourospfexport-policyto the OSPFrouting instance as an export policy.

Courier New bold Command syntax isdisplayed in bold todifferentiate commandsfrom descriptive text.

Please note that the CourierNew bold style can becombined with other stylesas needed, for example, toindicate a command thatinvolves the use of a locallydefined named variable.

erx1:isp-1#configure terminal

Or

The user can display interface status withthe show interfacescommand andmay make use of the extensive switch, asneeded, to obtain additional information.

Courier New italic Predefined syntax vari-ables suchas namedpolicies orpasswords.

You will now apply the ospf-test-pol-

icyto the OSPF routing

instance as an exportpolicy.

Courier New italic

underline

A syntax variable that thereader isexpected todefinelocally.

You will now apply yourospfexport-policy

to the OSPF routinginstance as an exportpolicy.

8/10/2019 CJNR_V2

27/316

Additional Information 27

: Preface

Additional Information

Education Services OfferingsYou can obtain information on the latest Education Services offerings, coursedates, and class locations from the World Wide Web by pointing your Webbrowser to: http://www.juniper.net/training/.

About This Publication

The Configuring Juniper Networks RoutersStudent Guide was developed andtested using software Release 6.13R1.3. Previous and later versions of softwaremay behave differently so you should always consult the documentation andrelease notes for the version of code you are running before reporting errors.

This document is written and maintained by the Juniper Networks Education

Services development team. Please send questions and suggestions forimprovement to mailto:[email protected].

Technical Publications

You can print technical manuals and release notes directly from the Internet in avariety of formats:

1. Go to http://www.juniper.net/support/.

2. On the left side of the page, click the Technical Documentationbutton to bedirected to the technical documentation area of the Juniper NetworksWebsite.

3. Locate the specific software or hardware release and title you need, andchoose the format in which you want to view or print the document.

Documentation sets and CDs are available through your local Juniper Networkssales office or account representative.

Juniper Networks Support

For technical support, contact Juniper Networks at [email protected], or at1-888-314-JTAC (within the United States) or 408-745-2121 (from outside theUnited States).

8/10/2019 CJNR_V2

28/316


28 Additional Information

8/10/2019 CJNR_V2

29/316

29

Chapter 1: Module 1: Traffic Engineering Overview

Chapter 1

Module 1: Traffic Engineering Overview

8/10/2019 CJNR_V2

30/316


30 Module Objectives

Module Objectives

After successfully completing this module, you will be able to:

Describe the basic concept of MPLS

Explain the evolution of traffic engineering

Explain why IGP-ba

CJNR_V2

Documents

Transcript of CJNR_V2