Академический Документы
Профессиональный Документы
Культура Документы
Networking Essentials
IJNR-6.b.6.1.2
Module Objectives
After successfully completing this module, you will be
able to:
Identify the components of an internetwork and explain the
Internetwork Example
Network 1
192.168.1.0
Network 2
192.168.2.0
Local-Area Networks
A computer network that spans a small area
Confined to a single building or corporate campus
Can connect to other LANs through telephone lines
Wide-Area Networks
A computer network that spans a large geographical
area
WANs interconnect LANs
Computers connected to WAN through public
telephone system, leased lines, or wireless connection
The Internet consists of many WANs and WAN links
Routers
Connect multiple LANs but maintain LAN boundaries
Connect LANs across WAN links
LAN and WAN links may be different media types
Switches
High-speed multi-port bridges with many ports
Many implement Virtual LANs (VLANs)
Network 1
192.168.1.0
Network 2
192.168.2.0
Application
Application
End-to-End Delivery
TCP/UDP
IP Address X
IP Protocol
Network-Dependent
Internet (IP)
TCP/UDP
IP Protocol
IP Address Y
Network-Dependent
Application
Presentation
Session
Transport
Network
LLC
MAC
Physical
IP Address
802.2 Logical Link Control
802.3
CSMA/CD
802.4
Token Bus
802.5
Token Ring
IP: 192.168.2.1
IP: 192.168.2.23
MAC: 0000.2222.1111
MAC: 0000.2222.2323
IP: 192.168.2.2
IP: 192.168.2.11
IP: 192.168.2.43
MAC: 0000.2222.2222
MAC: 0000.2222.0011
MAC: 0000.2222.4343
Two ends/"stations"
Typical for WANs
Example: T1
Router A
Router B
Review Questions
1. How does a router differ from a bridge?
2. What is ARP?
3. What are two types of Logical Networks?
Juniper Networks
Networking Essentials
Module 2: IP Addressing
.
IJNR-6.b.6.1.2
Module Objectives
After successfully completing this module, you will be
able to:
Create IP addresses in binary notation and decimal format,
Importance of IP Addressing
Unique addresses make information delivery systems
work
Telephone numbers
Postal addresses
Classful IP Addressing
Original Classful IP addressing defines a 32-bit IP
address
Two-part Internet address structure
32-Bit IP Address
Network Part
Host Part
Binary Overview
7
Bit position
27
26
25
24
23
22
21
20
2^(bit position)
1
2
8
6
4
3
2
1
6
Decimal value
128+16+8+2=154
16+4+2+1=23
128+64+32+8=232
64+1=65
128+64+32+16+8+4+2+1=255
128+32+8+4=172
No. of bits
Class A
24
Network
128 64 32 16 8
Host
2
Host
16
Class B
1 0
Network
Host
16
Network
Host
24
Class C
1 1 0
Network
Network
Host
8
Network
Host
Bit#
31
10101100
172
00010000
00100011
16
00001000
35
172.16.35.8
High-Order Bits
Class addresses specified by the high-order bits:
Class
Class A
Class B
Class C
High-Order Bits
0
10
110
address:
Class
Class A
Class B
Class C
Address
Class
172. 18.192.34
10101100.00010010.11000000.00100010
10.155.128.2
00001010.10011011.10000000.00000010
192.12.3.42
11000000.00001100.00000011.00101010
Default Masks
Identify the location of the network part (1s) and host
11111111.00000000.00000000.00000000
255 .
0
.
0
.
0
11111111.11111111.00000000.00000000
255 . 255
.
0
.
0
11111111.11111111.11111111.00000000
255 . 255
.
255 .
0
Reserved Addresses
Network Address: all host bits are binary 0
10.0.0.0
172.23.0.0
192.168.14.0
Broadcast Address: all host bits are binary 1
10.255.255.255
172.23.255.255
192.168.14.255
IP Subnetting
All Classful IP addresses can be divided into smaller
Network
Network
Host
Host
Subnet
Host
Network
Network
utilization
Contains broadcast traffic; broadcast will not cross a
router
Subnets under local administrator control
External users and organizations see only single
network
Subnet Mask
Network
Binary 1 1 1 1 1 1 1 1
Representation
Dotted Decimal
Representation
255
Subnet
1 1 1 1 1 1 1 1
255
Host
1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0
255
Subnet Example 1
Assigned Network Number: 172.25.0.0/16
Create 256 subnets
172.25.0.0/24
172.25.1.0/24
172.25.2.0/24
172.25.3.0/24
.
172.25.255.0/24
Subnet Example 2
Assigned Network Number: 192.168.1.0/24
Create 4 subnets
192.168.1.0/26
192.168.1.64/26
192.168.1.128/26
192.168.1.192/26
Subnet Example 3
Assigned Network Number: 10.0.0.0/11
Create 8 subnets
10.0.0.0/11
10.32.0.0/11
10.64.0.0/11
10.96.0.0/11
10.128.0.0/11
10.160.0.0/11
10.192.0.0/11
10.224.0.0/11
routing information
Additional factors include:
Increased CPU processing speed for routing table topology
updates
Dynamic nature of todays WWW
Increased volume of diverse information
192.168.64.0
.65.0
.66.0
No CIDR
CIDR
192.168.64 /24
192.168.65 /24
192.168.66 /24
192.168.67 /24
.67.0
192.168.64 /22
addresses
Supports route aggregation where single routing table entry
can represent address space of thousands of traditional
classful routes
192.168.30.0/23
192.168.28.0/23
Block
#4
Block
#3
Block
#1
Block
#2
192.168.24.0/22
192.168.16.0/21
ISP 1
Organization 2
172.25.24.0/22
Internet
172.16.0.0/16
Organization 3
172.25.28.0/23
ISP 2
Organization 4
172.25.30.0/23
Review Questions
1. To select IP addresses for an ISP, where would you
begin?
2. How are subnets implemented on an IP network?
3. When would you implement CIDR on an IP network?
4. What is the purpose of Private Addressing and how is
it useful?
Lab 1: IP Subnetting
Note: Various Junos CLI commands will be used during
this lab that have not yet been discussed. All CLI
commands will be fully explained in the sunsequent
sections.
Juniper Networks
Networking Essentials
IJNR-6.b.6.1.2
Module Objectives
After successfully completing this module, you should
be able to:
Describe the function of a router and explain how a router
What Is Routing?
Act of moving information across logical path from a
source to a destination
Routers
Determine the best routing paths
Transport information groups, or packets, through an
internetwork
Application Layer
Consists of applications and
processes that use the network
Internetwork Layer
Frames are switched from one
interface to another, based on
packet information
Select interface to
which to send
encapsulated frames
Encapsulate frames
(such as Ethernet)
Transmit bits of the frame
Packet Processing
(2) IP lookup
Packet
(1) Inbound:
Receive bits
(4) Outbound:
Detect frame
Remove
encapsulation
Transmit bits
Re-encapsulate
1.
2.
3.
4.
5.
IP Packet Format
32 BITS
VERSION
IHL TYPE-OF-SERVICE
FLAGS
IDENTIFICATION
TIME-TO-LIVE
TOTAL LENGTH
PROTOCOL
FRAGMENT OFFSET
HEADER CHECKSUM
SOURCE ADDRESS
DESTINATION ADDRESS
OPTIONS (+ PADDING)
Router reads
destination
address to determine
how to route the packet
DATA (VARIABLE)
24
Network
128 64 32 16 8
4 2
Host
Host
14
Class B
1 0
Network
Host
16
Network
Host
21
Class C
1 1 0 Network
Network
Host
8
Network
Host
Routing
Table
Best
Routes
Yes
Forwarding
Table
Routing Tables
Packets destination address is for:
One of the routers interfaces or a broadcast address
Packet is for an internal router process
Unknown address
Look for default route. If none exists, packet is dropped
Packet In
Packet Out
10.0.21.0/24
*[Direct/0] 17:48:31
10.0.21.2/32
*[Local/0] 17:48:31
Local
10.0.29.0/24
*[Direct/0] 17:48:31
10.0.29.1/32
*[Local/0] 17:48:31
Local
192.168.16.0/24
*[RIP/100] 00:03:45
192.168.17.0/24
*[RIP/100] 00:03:45
192.168.28.0/24
*[Static/5] 16:48:05
Discard
192.168.29.0/24
*[Static/5] 16:48:05
Discard
*[Direct/0] 01:00:31
10.0.21.2/32
*[Local/0] 01:00:31
10.0.29.0/24
*[Direct/0] 01:00:31
10.0.29.1/32
*[Local/0] 01:00:31
192.168.16.0/24
*[RIP/100] 00:03:45
Route Selection
Route selection is based on:
Longest, or most specific, match
Preferences, for different protocols
Routing metrics, for same protocol
Given multiple routes to a destination, the router must
best route
overhead
Metrics are protocol-specific
Used to determine the best route for a single protocol
Dont compare metrics from different routing protocols
Forwarding Table
nancy@sluggo.lab>
nancy@sluggo.lab> show
show route
route forwarding-table
forwarding-table
Internet:
Internet:
Destination
Type
Destination
Type RtRef
RtRef Nexthop
Nexthop
10.100.71.0/24
user
00 10.100.67.254
10.100.71.0/24
user
10.100.67.254
10.100.71.224/27
user
22 10.100.67.254
10.100.71.224/27
user
10.100.67.254
10.250.1.36/30
intf
0
ff.3.0.21
10.250.1.36/30
intf
0 ff.3.0.21
10.250.1.37/32
intf
00 10.250.1.37
10.250.1.37/32
intf
10.250.1.37
10.250.1.103/32
dest
00 10.250.1.103
10.250.1.103/32
dest
10.250.1.103
---(more)-----(more)---
Type
Type Index
Index NhRef
NhRef Netif
Netif
ucst
18
ucst
18 74212
74212 GigE0.0
GigE0.0
ucst
18
ucst
18 74212
74212 GigE0.0
GigE0.0
ucst
27
1
so-2/0/0.0
ucst
27
1 so-2/0/0.0
locl
26
11
locl
26
bcst
37
11 ge-7/2/0.0
bcst
37
ge-7/2/0.0
Metrics
Possible routing metrics include:
Hop count
Composite index/metric
Bandwidth: Amount of data that can be transmitted in a fixed amount
of time
Delay: Transit latency of path
Review Questions
1. What functions does a router perform?
2. What functions does a routing algorithm perform?
3. What is the relationship between a routing table and a
forwarding table?
4. What factors affect how a router makes a route
selection?
5. What is a metric and how does a router use metrics to
make routing decisions?
IJNR-6.b.6.1.2
Module Objectives
After successfully completing this module, you will be
able to:
Match Juniper Networks, Inc. products with typical
M20 router
M40 router
M40e router
M160 router
T320 router
M320 Router
Separation of two equally complex problemsInternet control and highperformance packet forwarding
Mission:
To be the primary supplier of scalable, reliable,
high-performance IP systems for the new IP infrastructure
Market:
Supplies systems to numerous worldwide markets that
Service Provider
Network
Core
Residential
Education
PSTN/
Mobile
M-series/T-series
Platforms
SOHO/ROBO
Business Edge
(E-series/M-series
Routers)
Large Enterprise
servers (B-RAS)
ERX-310
ERX-700
ERX-1440
E-series
edge router operation and configuration is
M5/M10
Routers
M20
Router
Forwarding
Performance
per Rack Inch
Copyright
2003,
March 2000Networks,
Sep. 1998
Sep. 2000
Dec.
1999 Juniper
Inc.
...
T320 Router
M7i
M10i
T640 Internet
Routing Node
...
A Continuing History
of Rapid Innovation
Routing Engine
RT
FT
JUNOS
Software
fxp1
CLI
FT
Packets Out
Packets In
design philosophy
Engine
Not directly involved with packet forwarding
Runs various routing protocols
Implements CLI
Manages Packet Forwarding Engine
Processor/clock
Feature
Memory
Solid state
flash storage
Hard disk storage
External media
Supported Platforms
RE-333
RE-400
RE-600
Celeron/400 MHz
768 MB
512, 2 GB
80 MB
256 MB
(Optional)
128 MB/256 MB
6.4+ GB
20 GB
30+ GB
PCMCIA
flash card/LS-120*
PCMCIA
flash card
(Optional)
PCMCIA
flash card/LS-120*
Originally shipped
on: M5/10/20/40/40e,
and M160
M7i/M10i Only
All M-series
and T-series except
M7i/M10i
Divide-and-conquer architecture
Each ASIC provides a piece of the forwarding puzzle
spare
Five SIBS comprise the T640 switch fabricfour active, one
spare
Switch Fabric
Memory
to 48 physical ports
type
Status indicators
Hot-swappable on all
platforms except M20 and
M40 routers
Physical
Interface
Card (PIC)
PIC
PIC
ASIC
FPC
PIC
Switch Fabric
Memory
FPC
PIC
The numbersCopyright
quoted are two
times
the unidirectional
(Simplex) capacity of each
2003,
Juniper
Networks,
FPC.
Inc.
T640/T320 control
Control provided by Control Board (CB); the CB is paired with
a Routing Engine to form a Host Subsystem
System midplane
Connector Interface Panel
1 2 3 4 5 6
Primary SSB
Secondary SSB
Craft Interface
0
1
2
ACopyright
Typical Craft
Interface
(T320)
2003,
JuniperPanel
Networks,
Inc.
Blinking = starting
Solid = running
FAIL
Online/offline buttons
Press and hold for three seconds to take FPC (or PIC) offline
Alarm Indications
Red alarm
Major failure that affects service/safety
Yellow alarm
Minor failure that needs attention but does not affect
service
LCD Display
LCD display is available on M40, M160, T640, and T320 platforms only
Displays general system status when no alarms are present
Displays alarm information when alarms are present
Identifies the total number and types of alarms that are active
Currently, the navigation buttons are only used to obtain the status of certain PICs
Interface
Copyright
Front
Inc.
Back
M7i
Router
M10
Router
Chassis
Throughput
(Aggregate)
6.4 Gbps
(40 Mpps)
9.4 Gbps
(8 Mpps)
12.8 Gbps
(40 Mpps)
Slot Throughput
(Aggregate)
6.4 Gbps
6.4 Gbps
1/4
Power
M10i
Router
M20
Router
M40
Router
12.8 Gbps
(16 Mpps)
25.6 Gbps
(40 Mpps)
51.2 Gbps
(40 Mpps)
51.2 Gbps
(40 Mpps)
204 Gbps
(160
Mpps)
6.4 Gbps
6.4 Gbps
6.4 Gbps
6.4 Gbps
6.4 Gbps
25.6 Gbps
1/6 (2
built-in
PICs)
2/8
2/8
4/16
8/32
8/32
8/32
AC/DC
AC/DC
AC/DC
AC/DC
AC/DC
AC/DC
AC/DC
DC Only
15 per
rack
21 per
rack
15 per
rack
8 per rack
5 per rack
2 per rack
2 per rack
2 per rack
RE/Control
Redundancy
No
No
No
Yes
Yes
No
65 Lbs/29.5
Kg
65 Lbs/29.5
Kg
150
Lbs/68 Kg
Feature
Slots/PICs
Weight (Max)
61 Lbs/27.7
36.5
Kg
Lbs/16.6Kg
M40e
Router
Yes
M160
Router
Yes
280
370.5
370.5
Lbs/127 Kg Lbs/168 Kg Lbs/168 Kg
* Numbers quoted are two times the unidirectional (simplex) capacity for each FPC or chassis.
T640 Internet
Routing Node
T320
Router
Chassis
Throughput
(Aggregate)
320+ Gbps
(320 Mpps)
Slot
Throughput
(Aggregate)
FPC3 = 80+
Gbps
FPC 2 and 3
FPC3 = 40+
Gbps
FPC 1, 2, and 3
Slots/PICS
8/32
8/16
DC only
DC only
2 per
rack
3 per
rack
Yes
Yes
Power
565Lbs/256.28Kg
369.9
Lbs/167.78Kg
* Numbers quoted are two times the unidirectional (simplex) capacity for each FPC or chassis.
PICs
Where we are going
Listing of common PICs
4-port and 48-port Fast Ethernet, 2-port STM1/OC3c ATM, and
OC-192c
Common PICs
Basic
ATM
Channelized OC-12, STM1, DS3
DS-3, 4 port
T1, E1, T3, E3
Fast Ethernet
Gigabit Ethernet, 10 Gigabit Ethernet
SONET/SDH
IP Services
Tunnel Services, Encryption Services, Link Services, Multilink
Inc.
PIC Examples
4-port Fast Ethernet (M5/M10)
2-port STM1/OC3Copyright
ATM (M20/M40)
2003,
Inc.
Quad-wide
STM-64/OC192c (M160)
Juniper
Networks,
Internet Processor II
M-series ASICs
Internet
Processor II
FPC
PICs
I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
M
E
M
Forwarding
Table
Buffer
Manager 2
I/O
Manager
M
E
M
I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
M
E
M
PIC I/O
Manager
PIC I/O
Manager
PIC
PIC I/O
I/O ASIC
ASIC
Connects
to
Connects
to FPC
FPC I/O
I/O ASIC
ASIC
Packet
Forwarding
Manages
Manages
physical-layer
Engine
Systemphysical-layer
framing
framing and
and bit-stream
bit-stream
Controller
signaling
(SSB, signaling
SFM, etc.)
Buffer
Detects
Detects link-layer
link-layer errors
errors (CRC)
(CRC)
Manager 1
Generates
data
link-layer
Generates data link-layer
alarms
alarms
FPC
PICs
I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
Forwarding
Table
Internet
Processor II
M
E
M
Key
Buffer
Manager 2
I/O
Manager
M
E
M
Data
Notification
I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
M
E
M
PIC I/O
Manager
PIC I/O
Manager
Buffer
Manager 1
FPC
PICs
I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
M
E
M
Forwarding
Table
I/O
Buffer ASIC
I/O Manager
Manager
ASIC
Decodes
Manager 2
Layer
Decodes
Layer 22
encapsulation
encapsulation
Identifies
Identifies protocol
protocol and
and
checks
checks Layer
Layer 33 header
header
validity
validity
M
Classifies
traffic
Classifies
traffic
for CoS
CoSM
I/O
I/Ofor
E
E
Chops
incoming
packets
Manager
Manager
Chops
incoming
packets
M
M
into
into 64-byte
64-byte
chunks
chunks (J-cells)
(J-cells)
PIC I/O
PIC I/O
Sends
Sends J-cells
J-cells
to Buffer
Buffer
Managerto
Manager
Manager
Manager 11 ASIC
ASIC
PIC
I/O integrity
PIC I/O
Confirms
Confirms packet
packet
integrity
Manager
Manager
Internet
Processor II
Packet Forwarding
Engine System Controller
(For example, SSB and SFM)
Buffer
Manager 1
Key
Buffer
Manager 2
Data
Notification
FPC
I/O
Manager
PIC I/O
Manager
PICs
PIC I/O
Manager
M
E
M
I/O
Manager
M
E
M
I/O
Manager
PIC I/O
Manager
Manager
ASICs
Distributed
Distributed Buffer
Buffer
Manager
ASICs
PIC I/O
PIC I/O
PIC I/O
Manage
packet
memory
shared
across
FPC
slots
Manager shared across FPC slots Manager
ManageManager
packet memory
Extract
Extract address
address information
information from
from packets
packets
Direct
FPCs
forward
packets
Direct
FPCs where
where
to
forward
packetsNetworks,
Copyright
to
2003,
Juniper
Inc.
M
E
M
PIC I/O
Manager
PIC I/O
Manager
Forwarding
Table
Internet
Processor II
Buffer
Manager 1
Internet
Internet Processor
Processor IIII ASIC
ASIC
Extracts
Extracts next-hop
next-hop
information
information from
from system
system
forwarding
table
FP
forwarding table
M
Passes
C
Passes modified
modified I/O
E
notification
notification (next-hop
(next-hop
Manager
M
information
information added)
added) to
to
Buffer
Buffer Manager
Manager 22 ASIC
ASIC
Applies
PIC
I/O
PIC I/O
filtering
Applies packet
packet
filtering
Manager
Manager
and
and policy
policy rules
rules
PICs
Collects
Collects exception
exception
packets
PIC I/O packets
PIC I/O
for
queuing
to
Routing
Manager
Manager
for queuing to Routing
Engine
Engine
Key
Buffer
Manager 2
I/O
Manager
M
E
M
Data
Notification
I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
M
E
M
PIC I/O
Manager
PIC I/O
Manager
I/O
I/O Manager
Manager ASIC
ASIC
Packet
Forwarding
Receives
Receives 64-byte
64-byte
Internet
Processor II
Forwarding
Table
Enginechunks
Systemfrom
chunks
from Buffer
Buffer
Manager
Controller
Manager 22 ASIC
ASIC
Key
(SSB,
etc.)
SFM,
Adjusts
Buffer
Buffer
Adjusts any
any required
required
Data
protocol
Manager 2
protocol time-to-live
time-to-live Manager 1
Notification
values
values
Encapsulates
Encapsulates chunks
chunks
inside
inside appropriate
appropriate
data
data link
link layer
layer header
header
M
M
M
FPC
I/O
I/O
I/O
Sends
to
PIC
I/O
Sends to PIC I/O
E
E
E
Manager
Manager
Manager
Manager
M
M
M
Manager ASIC
ASIC for
for
transmission
transmission
PICs
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
PIC I/O
Manager
Internet Processor II
SIB 0
SIB 1
SIB 2
FPC 1
FPC 0
F16
F16
F16
Nf
40Gbps
HSLs
(FD)
Copyright
2003, Juniper Networks,
The T320 Switch Fabric
Inc.
Ingress PFE
Data
Notification
Packets
in
SONET
or
GigE
PIC
Layer2/Layer3
Packet
Processing
ASIC
Internet
Switch
Processor
Interface
II ASIC
ASIC
Switch
Interface
ASIC
Queuing
& Memory
Interface
ASIC
RDRAM
Switch
Queuing
& Memory
Interface
ASIC
Packets
Packets arrive
arrive at
at an
an incoming
incoming PIC
PIC
Fabric
RDRAM
interface
interface
Switch
SONET
Layer2/Layer3
Packet
or
Packet manages
Detects
Detects link
link layer
layer CRC
CRC errors
errors
Switch
Internet
Generates
Generates link
link layer
layer alarms
alarms
Processor
Interface
packets
to
FPC
Passes
II
ASIC
Passes packets
to FPC
Copyright
2003, Juniper Networks, ASIC
Inc.
Ingress PFE
Data
Internet
Switch
Processor
Interface
II ASIC
ASIC
Notification
Packets
in
Layer2/Layer3
Packet
Processing
ASIC
SONET
or
GigE
PIC
Switch
Interface
ASIC
Queuing
& Memory
Interface
ASIC
RDRAM
Switch
Queuing
& Memory
Interface
ASIC
2/Layer
33 Packet
Layer
LayerSONET
2/LayerLayer2/Layer3
Packet Processing
Processing
Switch
ASIC
and
validates
Layer
ASIC parses
parses
and
validates
Layer 22
or
Packet
Interface
GigE
Processing
and
33 headers
ASIC
and Layer
Layer
headers
PIC
ASIC
Classifies
Classifies traffic
traffic for
for CoS
CoS processing
processing
Divides
Divides the
the packets
packets into
into 64-byte
64-byte Internet
cells
cells
Processor
II ASIC
Sends
to
Interface
Sends cells
cells
to Switch
Switch
Interface
ASIC
Copyright
2003, ASIC
Juniper
Fabric
RDRAM
Packet
s
out
Inc.
Switch
Interface
Networks, ASIC
Ingress PFE
Data
Notification
Packets
in
SONET
or
GigE
PIC
Layer2/Layer3
Packet
Processing
ASIC
Internet
Switch
Processor
Interface
II ASIC
ASIC
Switch
Interface
ASIC
Queuing
& Memory
Interface
ASIC
RDRAM
Switch
Queuing
& Memory
Interface
ASIC
the
Switch
Switch Interface
Interface ASIC
ASIC extracts
extracts
the
Switch
SONET
Inc.
RDRAM
Layer2/Layer3
route
key
or
Packet
route lookup
lookup
key
Interface
GigE
Processing
ASIC
PIC
Key
is
placed
in
a
notification
ASIC
Key is placed in a notification cell
cell and
and
passed
passed to
to the
the Internet
Internet Processor
Processor
Data
Data cells
cells are
are sent
sent to
to the
the Queuing
Queuing Internet
Processor
and
Interface
ASICs
and Memory
Memory
Interface
ASICs
II ASIC
Copyright 2003, Juniper
Packet
s
out
Fabric
Switch
Interface
Networks,
ASIC
Ingress PFE
Data
Notification
Packets
in
SONET
or
GigE
PIC
Layer2/Layer3
Packet
Processing
ASIC
Internet
Switch
Processor
Interface
II ASIC
ASIC
Switch
Interface
ASIC
Queuing
& Memory
Interface
ASIC
RDRAM
Switch
Queuing
Queuing and
and Memory
Memory Interface
Interface
Queuing
& Memory
Interface
ASIC
Switch
SONET
Layer2/Layer3
ASICs
pass the
data
to
ASICs
data cells
cells
to
orpass the
Packet
Interface
GigE for buffering
Processing
memory
ASIC
memory
for buffering
PIC
ASIC
Internet
Internet Processor
Processor IIII ASIC
ASIC performs
performs
the
the route
route lookup
lookup and
and forwards
forwards the
the
Internet
notification
notification to
to the
the Switch
Switch Interface
InterfaceProcessor
ASIC
II ASIC
ASIC
Copyright 2003, Juniper
Fabric
RDRAM
Packet
s
out
Inc.
Switch
Interface
Networks,
ASIC
Ingress PFE
Data
Notification
Packets
in
SONET
or
GigE
PIC
Layer2/Layer3
Packet
Processing
ASIC
Internet
Switch
Processor
Interface
II ASIC
ASIC
Switch
Interface
ASIC
Queuing
& Memory
Interface
ASIC
RDRAM
Switch
Queuing
& Memory
Interface
ASIC
Switch
Switch Interface
Interface ASIC
ASIC sends
sends
Switch
SONET
Inc.
RDRAM
Layer2/Layer3
bandwidth
requests
through
or
Packet
Interface the
bandwidth
requests
through
the
GigE
Processing
ASIC
switch
the
switchPICfabric
fabric to
toASIC
the destination
destination PFE
PFE
Issues
Issues read
read requests
requests to
to the
the Queuing
Queuing
Internet
and
and Memory
Memory Interface
Interface ASIC
ASIC to
to begin
begin
Processor
reading
cells
out
of
memory
reading data
data
cells
out
of
memory
II ASIC
Copyright 2003, Juniper
Packet
s
out
Fabric
Switch
Interface
Networks,
ASIC
Internet
Processor
Destination
Destination Switch
Switch Interface
Interface ASIC
ASIC
Interface
II ASIC
sends
sends grants
grants through
through the
the switch
switch
fabric
fabric
Layer2/Layer3
SONET
Switch
Switch
Interface
ASIC
Originating
Packet
Originating
Switch
Interface
ASIC
Packet
or
Interface
Queuing
s
Processing
GigE
&
sends
a
cell
through
the
switch
ASICswitch Memory
sends
the
ASIC
in
PIC a cell through
Interface
ASIC
fabric
to
the
destination
PFE
fabric to the destination PFE
ASIC
RDRAM
Switch
Queuing
& Memory
Interface
ASIC
Packets
out
Layer2/Layer3
Packet
Processing
ASIC
SONET
or
GigE
PIC
Notification
Interface
ASIC
Egress PFE
Copyright
2003,
Inc.
RDRAM
Switch
Key
Data
Fabric
Internet
Switch
Processor
Interface
II ASIC
Juniper
Networks,
ASIC
Internet
Switch
Processor
Switch Interface
Interface ASIC
ASIC extracts
extracts the
the
route
route lookup
lookup key,
key, places
places itit in
in aa
notification,
notification, and
and forwards
forwards to
to the
the
Internet
Processor
II
Internet
Processor
Layer2/Layer3II
SONET
Switch
Packet
Packet
or
Internet
Processor
II performs
route
Interface
Internet
Processor
Queuing
s
Processing II performs route
GigE
&
Memory
ASIC
ASIC
in lookup
PIC and
notification
to
lookup
and forwards
forwards
notification
to
Interface
ASIC
Queuing
Queuing and
and Memory
Memory Interface
Interface ASIC
ASIC
Interface
II ASIC
ASIC
RDRAM
Switch
Queuing
& Memory
Interface
ASIC
Packets
out
Layer2/Layer3
Packet
Processing
ASIC
SONET
or
GigE
PIC
Notification
Interface
ASIC
Egress PFE
Copyright
2003,
Inc.
RDRAM
Switch
Key
Data
Fabric
Internet
Switch
Processor
Interface
II ASIC
Juniper
Networks, ASIC
Internet
Processor
Queuing
Queuing and
and Memory
Memory Interface
Interface ASIC
ASIC
forwards
forwards notification
notification to
to the
the Switch
Switch
Interface
Interface ASIC
ASIC
Interface
ASIC
read
Switch
Switch
Interface
ASIC issues
issues
read
Layer2/Layer3
SONET
Switch
Packet requests
Packet
or
to
the
Queuing
and
requests
to
the
Queuing
and
Interface
Queuing
s
Processing
GigE
&
Memory
ASIC passes
ASIC ASIC
in Memory
PIC Interface
Memory
Interface
ASIC and
and
passes
Interface
cells
cells to
to L2/L3
L2/L3 Processing
Processing ASIC
ASIC ASIC
Interface
II ASIC
ASIC
RDRAM
Switch
Queuing
& Memory
Interface
ASIC
Packets
out
Layer2/Layer3
Packet
Processing
ASIC
SONET
or
GigE
PIC
Notification
Interface
ASIC
Egress PFE
Copyright
2003,
Inc.
RDRAM
Switch
Key
Data
Fabric
Internet
Switch
Processor
Interface
II ASIC
Juniper
Networks,
ASIC
Internet
Processor
Layer
Layer 2/Layer
2/Layer 33 Packet
Packet Processing
Processing II ASIC
ASIC
ASIC reassembles
reassembles the
the data
data cells
cells into
into
packets
packets
Layer2/Layer3
SONET
Switch
Adds
2
encapsulation
Packet
Adds Layer
Layer
2
encapsulation
Packet
or
Interface
Queuing
s
Processing
GigE
Sends
the
packets
to
the
outgoing
in
&
Memory
Sends PIC
the packets
outgoingInterface
ASIC to the ASIC
ASIC
PIC
PIC interface
interface
Interface
ASIC
RDRAM
Switch
Queuing
& Memory
Interface
ASIC
Packets
out
Layer2/Layer3
Layer2/Layer3
Packet
Packet
Processing
Processing
ASIC
ASIC
SONET
or
GigE
PIC
Notification
Interface
ASIC
Egress PFE
Copyright
2003,
Inc.
RDRAM
Switch
Key
Data
Fabric
Internet
Switch
Processor
Interface
II ASIC
Juniper
Networks,
ASIC
Switch
Processor
Interface
II ASIC
ASIC
Egress
Egress PIC
PIC ASIC
ASIC adds
adds physical
physical
layer
framing
and
layerSONET
framingLayer2/Layer3
and CRC
CRC Switch
Packet
Packet
or bit stream out toInterface
Sends
out to the
the
s Sends
Processing
GigEbit stream
ASIC
ASIC
in network
PIC
network
Queuing
& Memory
Interface
ASIC
RDRAM
Switch
Queuing
& Memory
Interface
ASIC
Packets
out
Layer2/Layer3
Packet
Processing
ASIC
SONET
or
GigE
PIC
Notification
Interface
ASIC
Egress PFE
Copyright
2003,
Inc.
RDRAM
Switch
Key
Data
Fabric
Internet
Switch
Processor
Interface
II ASIC
Juniper
Networks,
ASIC
Exception Packets
Exception packets
Local delivery
IP options
control CPU
Remaining traffic (local and control) sent to Routing Engine
Rate limiting
Serious error in one module does not impact other modules or packet
forwarding
Internet core
Copyright 2003, Juniper Networks,
Inc.
SNMP
Routing
Engine
Routing
Tables
User
Routing
Protocol
Process
Interface
Process
Forwarding
Table
Forwarding
Table
Command-Line
Interface (CLI)
Chassis
Process
Kernel
Interface
Process
Distributed
ASICs
Chassis
Process
Embedded Microkernel
Packet
Forwarding
Engine
Microkernel
The Kernel
The kernel
Provides the underlying infrastructure for all the JUNOS
software processes
Provides the link between the routing tables and the RE's forwarding
table
Responsible for all communication with the PFE, including keeping the
PFEs copy of the forwarding table synchronized
Routing
Protocol
Process
Forwarding
Table
Interface
Process
CommandLine
Interface (CLI)
Chassis
Process
Kernel
Routing
Tables
Routing
Protocol
Process
(rpd)
JUNOS Kernel
Industrial-Strength Protocols
Unicast routing protocols
Intermediate System-to-Intermediate System (IS-IS)
Open Shortest Path First (OSPF and OSPF3)
Routing Information Protocol (RIP and RIPng)
Border Gateway Protocol (BGP)
Multicast routing protocols
Distance Vector Multicast Routing Protocol (DVMRP)
Protocol Independent Multicast (PIM)
Multicast Source Discovery Protocol (MSDP)
Internet Group Management Protocol (IGMP and MLD)
Session Announcement Protocol and Session Description
Protocol (SAP/SDP)
MPLS application protocols
Multiprotocol Label Switching (MPLS)
Inc.
Review Questions
1. Which Juniper Networks M-series or T-series
2.
3.
4.
5.
6.
Juniper Networks
Networking Essentials
IJNR-6.b.6.1.2
Module Objectives
After completing this module, you should be able to
describe
Important installation issues
Initial configuration process
Software installation from scratch
Software component upgrades
How to back up existing router software
Chassis Installation
FPCs
Fan Trays
Replace components
Powerup
Perform more checks
Powerdown
Shutdown Junos Routing software
Starting PFE
Starting cards
FPC LED
Blink green while testing
Initial Configuration
Machine name
IP address (prefix) and prefix length assigned to
management interface (fxp0)
Default router
DNS server
Troubleshooting
Craft interface
Flash drive
Solid-state nonrotating media
Primary source for booting software
Hard drive
Traditional rotating media
Secondary source for booting software
Software Installation
Arrives preinstalled from factory onto
Flash drive
Hard drive (alternate copy)
Removable LS-120 floppy or PCMCIA flash card (use as a last resort)
media
Upgradable
Upgrade packages available through the Internet or on removable
media
Boot Sequence
Hardware controlled
Software notifies hardware when boot completes
Removable
media
Success?
Done
Solid-state
flash disk
Success?
Done
Rotating
disk
Success?
Done
Halt
Initial Configuration
Root password
Root password not set at factory
Must use console to configure root password
Router and domain name
Management interface IP address and prefix length
Default router IP address
DNS server IP address
Initial Configuration
Enter configuration mode
root@> configure
[edit]
root@#
Pre-encrypted password
root@# set system root-authentication
encrypted-password encrypted-password
Initial Configuration
Set router name
[edit]
root@# set system host-name lab2
Initial Configuration
Set management Ethernet IP address and prefix
[edit]
root@lab2# set interfaces fxp0 unit 0 family inet address ipaddress/prefix-length
Full Installation
Reinstall JUNOS software if storage media fails or is
corrupted
Future major software revisions may require full
installation
Three steps
Prepare to reinstall JUNOS software
Reinstall JUNOS software
Configure JUNOS software
Router name
Management interface IP address and prefix length
Default router IP address
Domain name and DNS server IP address
Located in /config/juniper.conf
Full installation erases both flash and rotating drives
M40LS-120 floppy
All othersPCMCIA flash card
Reboot router
Power-cycle router
Follow prompts
Software Configuration
Log in as root
no-name (ttyd0)
login: root
Last login: date on ttyd0
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
---JUNOS 4.1R1 built 2000-07-24 09:29:44 UTC
#
Start CLI
# cli
root@no-name>
Software Configuration
Enter configuration mode
root@no-name> configure
[edit]
root@no-name#
Pre-encrypted password
root@no-name# set system root-authentication
encrypted-password encrypted-password
SSH key
root@no-name# set system root-authentication
ssh-rsa key
packages
jkernelOperating system
jrouteRouting Engine software
jpfePacket Forwarding Engine software
jdocsOn-line documentation
jbundleAll four upgrade packages combined
jinstall-Upgrade to/from 5.0
installed packages
For example
jbundle-4.1R1.2.tgz
to rotating disk
Best used
Before major upgrade to ensure system recovery if necessary
When system is judged to be stable
www.juniper.net
Add new package
root@lab2> request system software add new-package-name
Checking available free disk space...11200k available,
6076k suggested.
Reboot router
root@lab2> request system reboot
Cautions
5.0 will reformat the disk. Customer configs and other
information in /var/tmp/preinstall
Reboot to come up on the installer:
Perform more checks
Reformat the disk
Lay a base OS (files that are needed but not in jbundle)
Lay the jbundle
Software EOL
Review Questions
1. What JUNOS boot Sequence?
2. What are the JUNOS software update Packages?
3. Describe the Package naming convention.
4. Explain the difference between Jbundle and Jinstall.
Juniper Networks
Networking Essentials
IJNR-6.b.6.1.2
Module Objectives
After successfully completing this module, you should
be able to:
Explain how to gain access to a Juniper router
Describe the difference between the CLI command mode and
configuration mode
Describe how to navigate and modify the Candidate
configuration
Describe how to change the Active configuration
Explain the method used to describe a customer interface
Describe how to configure the physical and logical properties
of an interface on a Juniper router
Access to Router
Console
Management port, using Telnet, ssh, RADIUS
NC
C
NO
FAIL
OK
FAIL
OK
FAIL
OK
FAIL
OK
FPC0
RE0
ACO/LT
AUX/MODEM
MGMT
FPC1
CONSOLE
NC
C
NO
FPC2
RE1
OFFLINE ONLINE MASTER
FPC3
User Authentication
Name and password
Individual accounts
Per-user command "class" permissions
lab2 (ttyd0)
login: nigel
Password:
Features
Line editing
Command history
Command completion
Context-sensitive help
CLI Modes
nigel@lab2>
Operational mode
Monitor and troubleshoot the software, the network
connectivity, and the router
nigel@lab2#
Configuration mode
Configure the router, including interfaces, general routing
CLI Commands
Command hierarchy
clear
bgp
brief
configure
chassis
exact
monitor
interfaces
protocol
set
isis
table
show
ospf
terse
route
version
Logging In
lab2 (ttyd0)
login: nigel
Password:
Last login: Fri Feb 18 19:23:16 on ttyd0
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California.
---JUNOS 4.1R1 built 2000-07-24 09:29:44 UTC
nigel@lab2>
Help
Type ? anywhere on command line
lab@omaha> ?
Possible completions:
clear
configure
file
help
lab@omaha> show ?
Possible completions:
aps
arp
as-path
Command Completion
<space> completes a command
root@lab2> sh<space>ow i<space>
'i' is ambiguous.
Possible completions:
igmp
interfaces
isis
root@lab2> show i
Activating a Configuration
commit
Candidate
Configuration
Active
Configuration
0
rollback n
...
Statement Hierarchy
top
Less Specific
chassis
firewall
alarm
atm
interfaces
clock
e3
ethernet
protocols
system
more
fpc
sonet
t3
More Specific
root@lab2> configure
Entering configuration mode
[edit]
root@lab2#
chassis
firewall
alarm
atm
interfaces
clock
e3
ethernet
protocols
system
fpc
sonet
t3
more
firewall
alarm
interfaces
clock
protocols
system
fpc
up
atm
e3
ethernet
sonet
t3
more
Operational
mode
exit configuration-mode
exit
top
edit/configure
[edit]
edit chassis
[edit chassis]
edit alarm
exit/up
[edit chassis
alarm]
Standard Interfaces
Interface contained on
PIC
PIC plugs into FPC
Physical
Interface
Card
PICs
PIC
PIC
FPC
PIC
Standard Interfaces
System uses consistent names for all customer
interfaces
Based on
Interface port type
FPC slot number
PIC slot number within FPC
Port number within PIC
M40
M2
0
0 1 2 3
4 5 6 7
0
1
2
M16
0
M1
0
0 1 2 3 4 5 6 7
0
1
1
2
3
All others
Right to left
3
Port Numbers
Top to bottom
Right to left
All others
Right to left
Bottom to top
Interface Names
Physical interfaces have
standard names
Type
FPC slot
PIC slot
Port number
so-5/2/3
according to FPC/PIC/port
convention
FPC and PIC numbering
varies by platform
FPCs 07
(Left to right)
PICs 03
(Top to bottom)
Interface Names
Logical interfaces are used to set up Frame
so-5/2/3.43
Permanent Interfaces
Router has two permanent interfaces
Out-of-band management interface is called
fxp0
fxp1
Configure Interfaces
Configure Interfaces
Two steps
Configure physical properties
Configure logical properties
Configure Interfaces
Physical properties
Clocking
Scrambling
Frame check sequence (FCS)
Maximum transmission unit (MTU)
Keepalives
Other link characteristics
Logical properties
Protocol family (Internet, ISO, MPLS)
Addresses (IP address, ISO NET address)
Virtual circuits (VCI/VPI, DLCI)
Other characteristics
Configure Interfaces
Standard configuration statement hierarchy
interfaces {
interface-name {
physical-properties;
[]
unit unit-number {
logical-properties;
[]
}
}
}
set command:
set interface so-1/0/3 no-keepalives
Default Settings
Default settings for an interface are usually enough to
Unit Numbers
Each logical interface has a unit number
Number can be arbitrary
Typically, the unit number is the same as the VC or DLCI number
Some physical interfaces have only one possible logical interface,
and one unit number only, which must be configured as unit zero
members
Most common protocol families are
Internet (inet)
International Standards Organization (iso)
Traffic engineering (mpls)
Multiple families can live on one logical interface
Displayed as
interfaces {
so-1/0/3 {
unit 0 {
family inet {
address 10.0.20.1/24;
}
}
}
}
Review Questions
1.
2.
3.
4.
5.
6.
Lab objective:
Introduction to Juniper CLI
Juniper Networks
Networking Essentials
IJNR-6.b.6.1.2
Module Objectives
After successfully completing this module, you should
be able to:
Explain the difference between static routing and dynamic
Types of Routes
Static
All packets forwarded to predetermined destinations defined
by an administrator
Dynamic
Packets are forwarded to dynamically calculated routes
Static Routing
Benefits
Good for small networks
Can help create a secure network
Efficiently uses router resources
Drawbacks
Does not handle network failures well
Does not scale well
Next Hop
10
Direct
172.16
Router B
192.168.5
Router C
192.168.6
Router C
Network
10
Router A
Destination
Next Hop
10
Router A
172.16
Direct
192.168.5
Router C
192.168.6
Router C
Destination
Next Hop
10
Router A
172.16
Router B
192.168.5
Direct
192.168.6
Router D
Router C
Router B
Network
192.168.5
Network
172.16
Router D
Destination
Next Hop
192.168.6
Direct
Default Router C
Next Hop
10
Direct
172.16
Router B
192.168.5
Router C
192.168.6
Router C
Network
10
Router A
Destination
Next Hop
10
Router A
172.16
Direct
192.168.5
Router C
192.168.6
Router C
Destination
Next Hop
10
Unreachable
172.16
Router B
192.168.5
Direct
192.168.6
Router D
Router C
Router B
Network
192.168.5
Network
172.16
Router D
Destination
Next Hop
192.168.6
Direct
Default Router C
Network 192.168.6
Copyright 2003, Juniper Networks,
Inc.
Router A
Router B
Destination
Next Hop
Destination
Next Hop
Network X
Router C
Network X
Router C
Network X
Router B
Network X
Router A
Router C
Network X
Dynamic Routing
Communicate
what?
Distance-Vector
Link-State
Between
whom?
Routing tables
Neighbors
Interface status
All routers
autonomous systems
AS 1
IGP
AS 2
EGP
IGP
IGPs
RIP
OSPF
IS-IS
Border
Gateway
Protocol
Network A
Network A = 1 hop
Network A = 2 hops
3
R3
4
5
6
R1
R2
network
Different protocols use different names for LSDB
entries
More on that later
Martian Addresses
Host or network addresses about which all routing
information is ignored
Commonly sent by improperly configured systems on
the network and have destination addresses that are
obviously invalid
In IPv4, these are the default martian addresses:
0.0.0.0/8
127.0.0.0/8
128.0.0.0/16
191.255.0.0/16
192.0.0.0/24
223.255.255.0/24
240.0.0.0/4
Route Flapping
What is route flapping?
Instability in the reachability of a prefix
Occurs during a topology change
In an unstable network, routers might be unable to decide on
a route to a destination
Dealing with route flapping
Different protocols have different solutions
routing table
You do not want to advertise all learned routes to
neighboring routers
You want one protocol to receive routes from another
protocol
You want to modify information associated with a route
routing table
Export policy is applied to active paths in the routing
table
Neighbors
Neighbors
Import
Routes
Routing
table
Export
Protocol
Routes
Protocol
PFE
Forwarding
table
Routing Policy
Allows you to filter and control routing information
Neighbors
Neighbors
Import policy #1
Routes
Import policy #2
Routing
table
Export policy #1
Routes
Export policy #2
Protocol
Protocol
PFE
Forwarding
table
Routing Policy
Policies can be chained together to increase their
effectiveness
Accept
Route
Policy
Policy
Reject
Accept
...
Reject
Accept
Last
policy
Accept
Default
policy
Reject
Reject
Routing Policy
Policies contain collections of terms
Terms contain a condition and an action to apply to
each route
Accept
Route
Term
Term
Reject
Accept
...
Reject
Accept
Last
term
Next
policy
Reject
Accept
Accept
Continue
evaluating
Route
Policy
Policy
Reject
Continue
evaluating
until
Reject
Accept
Last
Configured
policy
Accept
Default
policy
action
Reject
Reject
Policy 1
Policy 2
Term
Additional
Policies
Term
Accept
or reject
Term
Accept
or reject
Term
Accept
or reject
Default
action
Term
Accept
or reject
Term
Accept
or reject
Term
Accept
or reject
Accept
or reject
Policy term
Source
Conditions
Destination
Conditions
Match
Does not
match all
conditions
Default
action
Actions
Routing table
Forwarding table
Network interfaces
Review Questions
1. When would you implement static routing? Dynamic
2.
3.
4.
5.
routing?
What are the primary differences between distancevector protocols and link-state protocols?
How does a distance-vector protocol handle router
updates?
What happens when the network converges?
(Describe the process.)
Describe the JUNOS routing policy and its
implementation.
Juniper Networks
Networking Essentials
IJNR-6.b.6.1.2
Module Objectives
After successfully completing this module, you should be able to:
Describe RIP architectural features, standards, limitations, and
packet format
Explain JUNOS support for RIP
Configure a Juniper Networks router with a minimum RIP
configuration
Describe OSPF standards, terminology, routing algorithms, packet
format, external metrics, designated routers, and traffic engineering
extensions
Explain JUNOS software support for OSPF
Configure a Juniper Networks router with a minimum OSPF
configuration
Describe IS-IS standards, terminology, network addressing, packet
format, and traffic engineering extensions
Explain JUNOS software support for IS-IS
Configure a Juniper Networks router with a minimum ISIS
configuration
IGPs vs EGPs
IGP Internal Gateway Protocol
Used to optimize the route a packet takes between points
within an Autonomous System(AS network infrastructure
under a unique set of administrative and technical policies)
EGP External Gateway Protocol
Used to provide for the exchange of routing information
between Autonomous Systems
Typically designed for doing policy routing, providing control
over routes leaving and entering an AS
What Is OSPF?
An interior gateway protocol (IGP) based on the
neighboring routers
OSPF routers send link-state advertisements (LSAs) to
all other routers within the same hierarchical area
Routers store information in a link-state, or topological,
database
Each OSPF router uses the SPF algorithm to calculate
the shortest path to each node
What Is SPF?
Places each router at the root of a tree and calculates
databases
Area Border Routers (ABRs): routers with interfaces in
multiple areas
AS Boundary Routers (ASBRs): routers that act as gateways
to other protocols or another AS
OSPF Backbone
OSPF backbone (Area 0) distributes routing
Inter-area routes
(Summary routes)
Area 3
Area 2
Backbone
(0.0.0.0)
RIP
External routes
BGP
Inter-area routes
(summary routes)
Default route
Not-so-stubby
area
Backbone
(0.0.0.0)
Totally stubby
area
RIP
External routes
BGP
OSPF Neighbors
Routers that share a common segment within a single
OSPF Routing
Link-state advertisements
Summary Links
Types 3 and 4
Router Links
Type 1
ABR
Network Links
Type 2
DR
External Links
Type 5
ASBR
NSSA
ASBR
Originated by an ASBR.
Describe destinations external
to the autonomous system or a
default route to the outside AS.
Link-State Advertisements
Field length,
in bytes
Version
Type
number
# of LSAs
Packet
length
Router ID
LSA
Header
Area ID
LSA Data
Variable
Checksum
Authentication
type
Authentication
Data
LSA
Header
LSA Data
Designated Router
One designated router (DR) and one backup designated
Designated
Router
Backup
Designated
Router
External Routes
ASBRs discover external routes
Static routes
Exterior gateway protocol, such as BGP, for example
External Type 1
Cost = external cost + internal cost
Preferred over Type 2
External Type 2
Cost = external cost
Configuring OSPF
Minimal configuration example
protocols {
ospf {
area 0.0.0.0 {
interface interface-name;
interface interface-name;
}
}
Useful Commands
show ospf neighbor displays state of neighbors/adjacencies
Address
Intf
State
ID
Pri Dead
172.16.30.254
fe-0/0/0.0
Full
10.250.240.8
128
30
area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253
Up 00:10:50, adjacent 00:10:50
172.16.30.253
fe-0/0/0.0
Full
10.250.240.35
area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253
Up 00:10:50, adjacent 00:10:52
128
30
172.16.30.252
fe-0/0/0.0
2Way
10.250.240.32
area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253
Up 00:08:10
64
38
State
DR
DR
Area
0.0.0.0
0.0.0.0
DR ID
192.168.12.1
192.168.12.1
BDR ID
192.168.8.1
0.0.0.0
Nbrs
1
0
Seq
0x800001fc
0x80000217
0x80000232
0x80000291
0x800001cc
0x80000216
0x8000013a
Age
2388
1835
1876
1100
117
1535
2217
Cksum Len
0x3684 36
0x444c 36
0x0158 36
0x4aa5 36
0xab67 40
0x1729 28
0x842f 28
Seq
0x80000267
Age
116
Cksum Len
0x1bb3 36
Review Questions
1. What type of routing protocol is RIP?
2. What algorithm is used by RIP to determine the best
3.
4.
5.
6.
7.
8.
9.
Juniper Networks
Networking Essentials
IJNR-6.b.6.1.2
Module Objectives
After successfully completing this module, you should
be able to:
Describe the definition, use, operation, implementation, and
What Is BGP?
BGP is an inter-domain routing protocol that
systems
Stability is very important to the Internet and BGP
BGP supports CIDR
BGP routers exchange routing information between
peers
Defined in RFC 1771
Copyright 2003, Juniper Networks,
Inc.
BGP Fundamentals
Routes consist of destination prefixes with an AS path
BGP Connections
BGP updates are incremental
No regular refreshes
Except at session establishment, when volume of routing
can be high
BGP runs over TCP connections
TCP port 179
TCP Services
Fragmentation, Acknowledgments, Checksums, Sequencing, and
Flow Control
BGP Peering
BGP sessions are established between peers
BGP Speakers
Two types of peering sessions
E-BGP (external) peers with different AS's
I-BGP (internal) peers within the same AS
Still requires interior gateway protocols (IGPs)
IGP connects BGP speakers within the AS
IGP advertises internal routes
E-BGP
E-BGP
I-BGP
I-BGP
OSPF
OSPF
Customer AS 1
E-BGP
E-BGP
I-BGP
I-BGP
No AS number;
uses default route
to the Internet
Customer 2
ISP-Y AS 3
Lo0: 192.168.255.2/32
Lo0: 192.168.255.1/32
Router A
Router C
Full-Mesh
Full-Mesh
I-BGP
I-BGP
Router B
Lo0: 192.168.255.3/32
AS 1
E-BGP
192.168.1.3
192.168.1.2
AS 1
Router A
Router B
10.1.1.1
AS 1
172.16.0.0
10.2.2.1
Router A
AS 3
E-BGP
10.1.1.2
10.2.2.2
Router B
AS 2
172.18.0.0
unreachable
I-BGP
I-BGP
E-BGP
E-BGP
I-BGP
I-BGP
Customer AS 1
AS1
R11
R22
N22
Advertise
N22
Advertise
N22
N23
X N23
E-BGP
R12
Advertise
N22
N23
AS2
Advertise
N22
N23
R21
I-BGP
N22
Advertise
N23
N23
R23
R13
more ISPs
To support full or partial routes
Internet
ISP 1
ISP 2
Corporate
Network
Internet
RFC 1965, Autonomous System Confederations for BGP
RFC 1966, BGP Route Reflection: An Alternative to Full-Mesh
I-BGP
RFC 1997, BGP Communities Attribute
RFC 2270, Using a Dedicated AS for Sites Homed to a Single
Provider
RFC 2283, Multiprotocol Extensions for BGP-4
RFC 2385, Protection of BGP Sessions through the TCP MD5
Signature Option
RFC 2439, BGP Route Flap Damping
RFC 2842, Capabilities Advertisement with BGP-4
(inet.0)
Routing table stores
Routing information learned from update messages
Local routing information selected by applying local policies
BGP updates
Import and Export policies can be defined
Import policies control which routes are placed in the local
routing table
Export policies control which routes are advertised from local
routing table to neighbors
Peers: 26
AS
45
33
23
432
InPkt
1225
911
10458
10458
Unestablished peers: 2
OutPkt
55263
0
2201
163
State|#Act/Recv/Da
47769/50591/0
Active
0/0/0
Active
Lab objective:
Configure a Juniper Networks router with a minimal
BGP configuration
Review Questions
1. On what type of network would you implement BGP?
2. How does BGP advertise routes?
3. How would a typical ISP design a network to support
Advanced VPNs
IJNR-6.b.6.1.2
Module Objectives
Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary
MPLS Benefits
Fully integrates IP routing and Layer 2 switching
Leverages existing IP infrastructures
Optimizes IP networks by facilitating traffic engineering
Enables multi-service networking
Integrates private and public networks seamlessly
Traffic Engineering
Source
Destination
Layer 3 Routing
Traffic Engineering
Information Distribution
IGP extensions propagate information
IS-IS uses type/length/value (TLV) tuples
OSPF uses opaque LSA type 10
Information is propagated within area/level only
Information propagated
Bandwidth available
Preemption priority
Link affinity (link colors)
Router ID
Path Selection
Egress
LSR
Ingress
LSR
LSP
Path Signaling
Dynamic path creation requires a signaling protocol to:
Coordinate label distribution
Route the LSP explicitly
Reserve bandwidth (optional)
Provide class-of-service capability (DiffServ style)
Reassign resources (like bandwidth)
Preempt existing LSPs
Prevent loops
RSVP
Extends easily for explicit routes and label distribution
Deployed by providers in production networks
A well-known signaling protocol
CR-LDP
Extends LDP to support explicit routes
Functionally identical to RSVP
Not supported by Juniper Networks
Packet Forwarding
Ingress router examines IP header
Packet is then:
Classified for interface output queue
Assigned a label
Encapsulated in an MPLS header
Forwarded toward the next hop in the LSP
MPLS Terminology
Forward equivalence class (FEC)
Stream/flow of IP packets
FEC/label binding mechanism
Label
Fixed length
Local significance
Label distribution, retention, and control
Downstream on demand/unsolicited downstream
Liberal/conservative
Independent/ordered
L2 Header
MPLS Header
CoS S
IP Packet
32
bits
TTL
Port 1
Port 3
In
Out
Label
(port, label) (port, label) Operation
Port 2
Port 4
IP 19
(1, 22)
(2, 17)
Swap
(1, 24)
(3, 17)
(1, 25)
(4, 19)
Swap
Swap
(2, 23)
(3, 12)
Swap
Transit
LSR
New York
Transit
LSR
Penultimate
Router
LSP
Packet Forwarding
Source
Ingress
LSR
Egress
LSR
Paris
Rome
Inc.
134.5.1.5
Lo0:192.168.2.1
200.3.2.7
3
Ingress Routing Table
200.3.2.7 99
Destination
Next Hop
134.5/16
(3,99)
192.168.2.1
200.3.2/24
(3, 99)
192.168.2.1
200.3.2.7
Next Hop
134.5/16
134.5.6.1
200.3.2/24
200.3.2.1
200.3.2.7
200.3.2.7 56
MPLS Table
Destination
MPLS Table
In
Out
In
Out
(1, 99)
(2, 56)
(3, 56)
(5, 3)
200.3.2.1
200.3.2.7
IP
25
IP
42
24
IP
18
24
IP
24
IP
56
Penultimate LSR
Tunneling LSP
What label value does the egress LSR for the tunneling
LSP signal to the penultimate LSR so that label 18 is
popped off the top of the stack?
RSVP Session
Ingress
Router
Egress
Router
PATH
RESV
Host
R1
R4
R8
R9
Host
sessions
Session is data flow defined by three parameters (destination
Ingress
Router
Egress
Router
Path
Resv
Host
R1
R4
R8
Establish Resv
State Block
R9
Host
Optional:
Explicit route object (ERO): specifies predetermined path, independent of
IGP path
Record route object (RRO): lists the LSRs that the LSP tunnel traverses
Session attribute object: aids in session identification, and also controls
path setup priority, holding priority, and local-rerouting features
Optional:
Record route object: returns the LSPs path to the sender of the path
message
Copyright 2003, Juniper Networks,
Inc.
Path Message
Ingress
LSR
R1
PATH
ERO= {R3, R4}
PATH
ERO= {R4}
Egress
LSR
R2
R3
R4
Establish Path
State Block
Establish Path
State Block
Establish Path
State Block
Each router
acts on
because
of router alert
Copyright
RSVP
2003,packet
Juniper
Networks,
option
Inc.
Resv Message
Ingress
LSR
i2
R1
Egress
LSR
Penultimate
LSR
RESV
i3
Label = 17
MPLS Table
i6
R2
RESV
Label = 20
i2
i5
RESV
R3
MPLS Table
i4
Label = 3
R4
MPLS Table
In
Out
In
Out
In
Out
IP Route
(2, 17)
(3, 17)
(6, 20)
(2, 20)
(5, Pop)
Resv message
R4 transmits a resv message to R3
R3 and R2
Stores outbound label, allocates an inbound label
Transmits resv message with inbound label to upstream LSR
ERO
B strict
C strict
E strict
D strict
F strict
A
Ingress
LSR
Strict
Egress
LSR
ERO
D loose
A
Ingress
LSR
Loose
Egress
LSR
ERO
Strict
C strict
D loose
F strict
A
Ingress
LSR
Loose
Egress
LSR
}
isis {
traffic-engineering shortcuts;
interface all {
level 1 disable;
}
}
From
State Rt ActivePath
LSPname
192.168.12.1
192.168.16.1
Up
2 one
Blue2
192.168.24.1
192.168.16.1
Up
5 one
Blue1
Bandwidth
Administrative groups
Priority
Routing Table
Traffic Engineering
Database (TED)
Constrained
Shortest Path First
Explicit Route
RSVP Signaling
User
Constraints
IGP Extensions
Extended IGP
Routing Table
Traffic Engineering
Database (TED)
Constrained Shortest
Path First (CSPF)
Explicit Route
(color)
Mechanisms
Opaque
LSAs for
OSPF
Copyright
2003, Juniper Networks,
NewInc.
TLVs for IS-IS
User
Constraints
User Constraints
Extended IGP
Routing Table
Traffic Engineering
Database (TED)
Constrained Shortest
Path First (CSPF)
to path selection
Explicit Route
Bandwidth requirements
Hop count limitations (for fast reroute)
Administrative groups (colors)
RSVP Signaling
User
Constraints
Routing Table
Traffic Engineering
Database (TED)
Constrained Shortest
Path First (CSPF)
End for
Explicit Route
RSVP Signaling
User
Constraints
RSVP Signaling
CSPF
ERO
Egress
LSR
PATH
RSVP
RESV
Ingress
LSR
RSVP signaling
Explicit route calculated by CSPF is handed to RSVP
Copyright
2003, Juniper Networks,
Resv: Distributes labels and reserves resources
Inc.
Administrative Groups (1 of 7)
Administrative groups
Thirty-two named groups, 0 through 31carried as
32-bit value in IGP updates
Groups assigned to interfaces
Silver
Gold
San
Francisco
Bronze
Administrative Groups (2 of 7)
1 1 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
1 1
Administrative groups
Colors advertised on a per-link basis via IGP: 0xC000000E
Colors on router: internal management, bronze, silver, gold
Administrative Groups (3 of 7)
[edit protocols]
mpls {
admin-groups {
good 1;
silver 2;
bronze 3;
management 30;
internal 31;
}
interface so-0/0/0 {
admin-group [ good management ]
}
interface so-0/1/0 {
admin-group silver;
}
interface so-0/2/0 {
admin-group good;
}
interface so-0/3/0 {
admin-group good;
}
}
Administrative Groups (4 of 7)
CSPF can include and exclude groups in automatic
path calculation
Logical groupings are supported
mpls {
label-switched-path to-miami {
to 1.1.1.1;
primary use-fargo {
admin-group {
Logical
include gold;
exclude [ bronze silver ]
}
}
}
Logical OR
path use-fargo {
10.0.1.2 loose;
}
}
AND
Administrative Groups (5 of 7)
A-D-H has the lowest IGP metric4
1
A
1
5
3
Administrative Groups (6 of 7)
Choose the path from A to H using:
admin group {
include [copper bronze];
exclude admin;
}
d
ol
G
o
r
B
Silver
E
er
Co 2
pp
er
Copp
e
2 ze
n
C
op
Br 3
on
ze
Gold
e
nz
ro
B
Admi
n
Copper
Admin
Bronze
in
Adm
I
Cop
per
1
H
Administrative Groups (7 of 7)
A-D-E-G-I-H is the shortest path excluding the admin
class and including copper or bronze
d
ol
G
o
r
B
Silver
E
er
Co 2
pp
er
Copp
e
2 ze
n
C
op
Br 3
on
ze
Gold
e
nz
ro
B
Admi
n
Copper
Admin
Bronze
in
Adm
I
Cop
per
1
H
Fast-Reroute Overview
Short-term solution to reduce packet lossif node or
Fast-Reroute Operation
Fast reroute in operation:
Configured on ingress router only
Detours around node or link failure
Fast-Reroute Example
Enable fast reroute on ingress LSR
SF creates detour around LA
LA creates detour around Austin
Austin creates detour around Miami
Fargo
New York
San
Francisco
Los Angeles
Miami
Austin Networks,
Copyright 2003, Juniper
Inc.
San
Francisco
Miami
Los Angeles
Austin
San
Francisco
Miami
Los Angeles
Austin
Fast Reroute
protocols mpls
label-switched-path Tom {
to 192.168.24.1;
protocols mpls
path top {
primary top;
192.168.0.1 loose;
secondary bottom {
192.168.2.1 loose;
bandwidth 75m;
priority 5 5;
path bottom {
192.168.8.1 loose;
standby;
192.168.12.1 loose;
}
fast-reroute;
ATM VC 514
IP Backbone
M40
MPLS LSP
M20
ATM VC 590
ATM operation
ATM VC 514
IP Backbone
M40
MPLS LSP1
M20
ATM VC 590
MPLS LSP2
at-7/1/1.514
[edit protocols]
user@M40# show
connections {
remote-interface-switch m40-to-m20
interface at-7/1/1.514;
transmit-lsp lsp1;
receive-lsp lsp2;
}
at-3/0/1.590
[edit protocols]
user@M20# show
connections {
remote-interface-switch m20to-m40
interface at-3/0/1.590;
transmit-lsp lsp2;
receive-lsp lsp1;
}
interface
unit 0
ATM: cannot configure family on unit if atm-ccc-vc-mux
encapsulation is set
Purpose of LDP (1 of 2)
Creates forwarding equivalence class
A group of IP packets which are forwarded in the same
manner (RFC 3031)
Manages LSP to egress router
New concept
LDP associates the FEC with each LSP it creates
Solves problems
Enables VPNs
Allows traffic class mapping
Purpose of LDP (2 of 2)
LDP creates an LSP tree for each FEC from every
possible ingress router to egress router
LDP LSP
Egress
RSVP LSP
G
I
E
D
C
H
F
Upstream
LDP Peer
Discovery (Hello messages)
TCP Session Establishment
Session
Initialization Messages
Label Request Messages
Label Mapping Messages
Advertisement
Inc.
Upstream
LDP Peer
i3
i1
LSR
i4
MPLS Table
In
Out
(3, 35)
(1, 17)
Advertise
Incoming
Label
N
Ne et:
t: 10
La 11. .0.0
be 0.0 .0
l:
.
53 0
Net: 11.0.0.0
Downstream
Net: 10.0.0.0
LDP Peer
Label: 52
i1
i2
i5
MPLS Table
In
Out
(4, 17)
(5, 52)
Receive
Outgoing
Label
i3
i4
MPLS Table
In
Out
(2, 52)
(3, 29)
Net: 10.0.0.0
Label: 29
Net
:1
Lab 1.0.0.0
el:
29
Limitations
LSPs follow the conventional IGP path
Copyright
2003, Juniper
Does
not support explicit routing
Inc.
Networks,
Router A
RSVP
LDP
LDP
protocols {
mpls {
label-switched-path lsp-path-name {
from source;
to destination;
ldp-tunneling;
}
}
P
D
L
LD
P
LDP
LDP
R
SV
P
RS
VP
RS
VP
P
V
RS
protocols)
From
192.168.2.1
State
Up
Rt ActivePath
LSPname
sf-to-ny
se-gold
From
State
192.168.2.1
192.168.8.1
Up
1 FF
NYC-to-SF
192.168.2.1
192.168.8.1
Up
1 FF
NYC2-to-SF
use-gold
State: Up
Include: gold
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 30)
10.0.5.2 S
10.0.7.2 S
10.0.9.2 S
102 Jan
101 Jan
100 Jan
5 12:11:58 Up
99 Jan
98 Jan
97 Jan
100003
100003(S=0)
100004
100004(S=0)
From
Labelout LSPname
192.168.8.1
192.168.2.1
Up
1 FF
100010
sf-to-ny
192.168.8.1
192.168.2.1
Up
1 FF
100058
sf-to-ny
From
Labelout LSPname
192.168.2.1
192.168.8.1
Up
1 FF
NYC-to-SF
192.168.2.1
192.168.8.1
Up
1 FF
NYC2-to-SF
Idle
Up/Dn
LastChange
10.0.3.1
1/0
10.0.4.2
1/0
10.0.5.2
1/0
HelloInt
HelloTx/Rx
5:35:37
2w1d 22:54:25
5:35:42
3
3
MsgRcvd MsgType
29326/6556
448522/448391
29316/6557
850 Path,Resv
61407 Path,Resv
30587 Path,Resv
Available
Reserved
Highwater
BW
BW
BW
mark
Interface
State resv
fxp0.0
Up
100%
100Mbps
100Mbps
0bps
0bps
fe-0/0/2.0
Up
100%
100Mbps
100Mbps
0bps
0bps
ge-0/1/0.0
Up
100%
1000Mbps
1000Mbps
0bps
0bps
I-BGP
.1
SF
192.168.16.1 .1
.1
Denver
10.0.1/30
.2
192.168.1.1
DC
.1
10.0.
24/3
.1 0
192.168.4.1
.2
1021
1056
Dallas
10.0.20/30
.2
192.168.8.1
AS64512
10
.0.
29
/30
/30
.16
0
.
10
.2
Boston
134.112/16
134.112/16
LSP SF-to-NY
lo0 192.168.24.1
AS2
E-BGP
.1
.2
1/30
10.0.2
NY
192.168.24.1
10.0.16.2 (10.0.16.2)
0.766 ms
0.662 ms
0.612 ms
10.0.1.2 (10.0.1.2)
0.709 ms
0.654 ms
0.738 ms
10.0.24.2 (10.0.24.2)
0.648 ms
0.632 ms
0.610 ms
.
.
.
Module Review
1. What are the main benefits of MPLS?
2. How does traffic engineering differ from plain MPLS?
3. Can you describe basic RSVP operation?
4. What is the advantage of using fast reroute?
5. Can you describe the basic operation of LDP?
6. What commands can you use to monitor the
Advanced VPNs
IJNR-6.b.6.1.2
Module Objectives
After successfully completing this module, you will be
able to:
Define the roles of P, PE, and CE routers
Describe the format of VPN-IPv4 addresses
Explain the role of the route distinguisher
Describe the flow of RFC 2547bis control information
Explain the operation of the RFC 2547bis forwarding plane
CE
VPN A
PE
VPN B
CE
CE
CE
PE
VPN B
CE
VPN A
PE
VPN B
CE
CE
CE
PE
VPN B
Provider Routers
Provider Routers
PE
VPN A
CE
VPN A
PE
VPN B
CE
CE
CE
PE
VPN B
VPN Sites
VPN Site
PE
VPN A
CE
VPN A
PE
VPN B
CE
CE
CE
PE
VPN B
VPN A
Site 1
VPN A
Site 2
CEA2
VPN B
Site 2
CEA1
P
VPN B
Site 1
PE 2
CEB2
Static
Routing
VPN A
Site 3
PE 1
CEA3
CEB1
PE 3
BGP
Routing
CEB3
CEC1
VPN C
Site 1
OSPF
Routing
CEC2
VPN B
Site 3
VPN C
Site 2
VRFs
Each VRF is populated with:
Routes received from directly connected CE sites associated
with the VRF
Routes received from other PE routers with acceptable
MP-BGP attributes
Packets from a given site are only matched against the
VPN A
Site 1
VPN A
Site 2
10.1/16
PE 1
CEA2
?
PE 2
10.1/16
VPN B
Site 1
CEB1
CEB2
VPN B
Site 2
10.1/16
MPLS Label
(3 bytes)
(1 byte)
Type
Administrator
Assigned
Number
(2 bytes)
(variable
length)
(variable
length)
(Type)
(Adm)
4-Byte IP
Address
(AN)
Assigned Number Field: number assigned by the
identified authority for a particular purpose
Administration Field: identifies the assigned number authority
2-Byte Type Field: determines the lengths of the other two fields
Copyright
2003, Juniper
Networks,
Examples:
10458:22:10.1.0.0/16
or 1.1.1.1:33:10.1.0.0/16
Inc.
VPN A
Site 1
VPN A
Site 2
10458:22:10.1/16
PE 1
CEA2
PE 2
10458:23:10.1/16
VPN B
Site 1
CEB1
CEB2
VPN B
Site 2
10.1/16
The overlapping routes from A and B cannot be compared as they have unique
route distinguishers
VPN A
Site 2
CEA2
VPN B
Site 2
CEA1
P
PE 2
PE 1
VPN B
Site 1
P
CEB1
CEB2
PE 3
VPN A
Site 3
CEA3
Inc.
Type 0
Type 1
PE-1
CE-3
VPN A
Site 1
MP-IBGP Session
CE-1
CE-2
PE-2
VRF
VRF
VRF
VRF
VPN B
Site 2
CE-4
OSPF
VPN A
Site 2
10.1/16
1
CE-2
PE-2
PE-1
CE-3
VPN A
Site 1
MP-IBGP Session
CE-1
VRF
VRF
VRF
VRF
VPN B
Site 2
CE-4
OSPF
10458:23:10.1/16
2
VPN A
Site 2
10.1/16
CE-2
PE-2
PE-1
CE-3
VPN A
Site 1
MP-IBGP Session
CE-1
VRF
VRF
VRF
VRF
VPN B
Site 2
CE-4
OSPF
10458:23:10.1/16
3 VPN RED Export
community
VPN A
Site 2
10.1/16
MP-IBGP Session
CE-1
CE-2
PE-2
PE-1
VRF
VRF
VRF
VRF
CE-3
VPN A
Site 1
VPN B
Site 2
CE-4
OSPF
10458:23:10.1/16
VPN RED Export
Label Z
Next Hop PE-2
VPN A
Site 2
10.1/16
Route target
Site of origin
CE-2
PE-2
PE-1
CE-3
VPN A
Site 1
MP-IBGP Session
CE-1
VRF
VRF
VRF
VRF
CE-4
OSPF
MBGP
VPN B
Site 2
10458:23:10.1/16
VPN RED Export
Label Z
Next Hop PE-2
VPN A
Site 2
10.1/16
If import route target matches route target attribute in BGP route, the
route is installed into the bgp.l3vpn table and copied into appropriate
VRF(s)
Based on configured route target or import policies, 10458:23:10.1/16
is copied into the red VRF but not the blue VRF
VRF
VRF
VRF
VRF
10458:23:10.1/16
BGP Label (Inner) Label (Z)
MPLS (Outer) Label (y)
MBGP
VPN B
Site 2
CE-4
OSPF
CE-2
PE-2
PE-1
CE-3
VPN A
Site 1
MP-IBGP Session
CE-1
10458:23:10.1/16
VPN RED Export
Label Z
Next Hop PE-2
VPN A
Site 2
10.1/16
Copyright
2003, Juniper Networks,
share a common
label
Inc.
MP-IBGP Session
CE-1
PE-1
CE-3
VPN A
Site 1
CE-2
PE-2
VRF
VRF
VRF
VRF
VPN B
Site 2
CE-4
VPN A
Site 2
Data Flow (1 of 7)
VPN B
Site 1
CE-1
PE-1
CE-3
VPN A
Site 1
LSP
CE-2
PE-2
VRF
VRF
VRF
VRF
VPN B
Site 2
CE-4
VPN A
Site 2
10.1/16
Data Flow (2 of 7)
VPN B
Site 1
CE-2
CE-1
PE-1
VRF
VRF
VRF
VRF
CE-3
VPN A
Site 1
PE-2
IP
10.1.2.3
VPN B
Site 2
CE-4
VPN A
Site 2
10.1/16
Data Flow (3 of 7)
PE-1
1) Look up route in
Red VRF
2) Push BGP label (z)
3) Push outer label (x)
VPN B
Site 1
CE-2
CE-1
PE-1
VRF
VRF
VRF
VRF
CE-3
VPN A
Site 1
PE-2
CE-4
IP
10.1.2.3
VPN B
Site 2
VPN A
Site 2
10.1/16
Data Flow (4 of 7)
PE-1
1) Look up route in
Red VRF
2) Push BGP label (z)
3) Push outer label (x)
VPN B
Site 1
CE-2
CE-1
PE-2
PE-1
VRF
VRF
VRF
VRF
CE-3
VPN A
Site 1
IP
10.1.2.3
IP
10.1.2.3
VPN B
Site 2
CE-4
VPN A
Site 2
10.1/16
Inc.
Data Flow (5 of 7)
VPN B
Site 1
PE-2
PE-1
CE-3
VPN A
Site 1
CE-2
CE-1
VRF
VRF
VRF
VRF
outer label (x)
BGP label (z)
IP
10.1.2.3
VPN B
Site 2
CE-4
VPN A
Site 2
10.1/16
Data Flow (6 of 7)
Penultimate
Pop top label
VPN B
Site 1
CE-2
CE-1
PE-2
PE-1
VRF
VRF
VRF
VRF
CE-3
VPN A
Site 1
VPN B
Site 2
CE-4
VPN A
Site 2
10.1/16
Data Flow (7 of 7)
VPN B
Site 1
CE-2
CE-1
PE-1
VRF
VRF
VRF
VRF
CE-3
VPN A
Site 1
PE-2
VPN B
Site 2
CE-4
VPN A
Site 2
IP
10.1.2.3
10.1/16
Module Review
1. Can you define the roles of P, PE, and CE routers?
2. What is the format of VPN-IPv4 addresses?
3. What is the role of the route distinguisher?
4. Can you describe the flow of 2547bis control
information?
5. Can you explain the operation of the 2547bis
forwarding plane?
IJNR-6.b.6.1.2
Module Objectives
After successfully completing this module, you will be
able to:
State the purpose of routing policy
Explain the difference between import and export policies
Describe the default policy for OSPF, IS-IS, and BGP
Compare route filter match types
Write multiterm policies
Correctly apply policy to BGP
Use the CLI to monitor policy operation
Describe advanced policy capabilities
Routing Policy
Where we are going
Overview
When to use policy
Import vs. export policy
Routing policy flow
Generic policy syntax
Match conditions
Match actions
Default policies
Policy examples
Applying policy
Route filters
Advanced policy overview
Policy Overview
Controls routing information transferred into and out of
Neighbors
Import
Routes
Routing
Table
Export
Routes
Protocol
Protocol
PFE
Copyright
Inc.
Forwarding
Table
2003,
Juniper
Networks,
Route
Policy 1
Policy 2
Term A
Term A
Accept
or Reject
Term B
Policy n
Accept
or Reject
Term A
Accept
or Reject
Default
Policy
Accept
or Reject
Term B
Accept
or Reject
Term C
Term C
Accept
Copyright
or Reject
Inc.
2003,
Accept
Accept
Juniper
Networks,
or Reject
Reject
A policy
can have
multiple
terms
Match Conditions
Policies typically contain some form of match criterion
Possibilities include:
Neighbor address
Protocol (source of information)
OSPF area ID
BGP attributes
communities
Match Actions
The action associated with a given term/policy is
Accept route
Metric
Preference
Color
Next-hop address
Default Policies
Every protocol has a default policy
The default policy is applied implicitly at the end of the policy chain;
can be overridden with default-action statement
IS-IS and OSPF
Import: Accept all routes learned from that protocol
RIP
Import all learned RIP routes, export nothing
BGP
Import all routes learned from BGP neighbors
Export all active routes learned from BGP neighbors to all BGP
neighbors
A Policy Example
Write a policy statement at the [edit policy-
options] hierarchy:
[edit policy-options]
user@host# show policy-statement advertise-ospf
term pick-ospf {
from protocol ospf;
then accept;
}
Applying Policy
You must apply policies before they can take effect
Link-state protocols (IS-IS and OSPF) have only export
filtering points
BGP and RIP support both import and export policies
[edit protocols]
user@host# show
bgp {
import bgp-import;
export bgp-export;
}
ospf {
export ospf-export;
}
Copyright
2003, Juniper Networks,
Inc.
particular peer
Neighbor policy overrides group and global policies
Group policy overrides global policy
Route Filters
Use route filters to match an individual route (or
groups of routes)
You can specify multiple route filters within a single term
General syntax in the form of:
orlonger
Match the specified prefix and mask exactly
Also match any routes that start with the same prefix and have longer
masks
longer
from route-filter 192.168/16 orlonger;
Do not match the specified prefix and mask exactly
Match only the routes that start with the same prefix and have longer
masks
through
Match the first specified prefix and mask exactly
Match the second specified prefix and mask exactly
Match all prefixes directly between the two prefixes
from route-filter 192.168/16 through 192.168.16/20;
prefix-length-range
Match only routes that start with the same prefix and have a
mask between the two values specified (inclusive match)
from route-filter 192.168/16 prefix-length-range /20-/24;
192.168/16
exact
192.168/16
192.168/16
/x
upto
192.168/16
192.168/16
through
LongestMatch
Lookup
match
evaluated
immediately
If specific actions are not defined, the then portion of the term is
executed for matching prefixes
Route
Filters
Import
Policy
Export
Policy
Routing
Table
Neighbors
Routes
Protocol
Protocol
Review Questions
1. What is the purpose of routing policy?
2. The terms import and export are based on the
3.
4.
5.
6.
7.
Lab Objective:
Configure routing policy on your router using
JUNOS software. You will complete this lab by
configuring a policy to the RIP configuration
left in place from the last lab.