Está en la página 1de 445

Juniper Networks

Networking Essentials

Module 1: TCP/IP Internetworking

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After successfully completing this module, you will be

able to:
Identify the components of an internetwork and explain the

role of each component


Explain how packets are routed on a TCP/IP network
Describe the role of an IP address on an internetwork

Copyright 2003, Juniper Networks,


Inc.

Internetwork Example
Network 1
192.168.1.0

Network 2
192.168.2.0

Copyright 2003, Juniper Networks,


Inc.

Local-Area Networks
A computer network that spans a small area
Confined to a single building or corporate campus
Can connect to other LANs through telephone lines

and wireless connections


LAN characteristics differentiated by:
Topology
Protocols
Media

Copyright 2003, Juniper Networks,


Inc.

Wide-Area Networks
A computer network that spans a large geographical

area
WANs interconnect LANs
Computers connected to WAN through public
telephone system, leased lines, or wireless connection
The Internet consists of many WANs and WAN links

Copyright 2003, Juniper Networks,


Inc.

Intermediate Internetworking Devices


Bridges
Connect multiple LAN segments to form a larger LAN
Usually the same media type

Bridges forward broadcasts by default

Routers
Connect multiple LANs but maintain LAN boundaries
Connect LANs across WAN links
LAN and WAN links may be different media types

Implement logical network structure (e.g., IP networks)


Routers block broadcasts by default

Switches
High-speed multi-port bridges with many ports
Many implement Virtual LANs (VLANs)

Copyright 2003, Juniper Networks,


Inc.

Routing on a TCP/IP Network

Network 1
192.168.1.0

Network 2
192.168.2.0

Copyright 2003, Juniper Networks,


Inc.

Role of IP and the IP Address

Application

Application
End-to-End Delivery

TCP/UDP
IP Address X

IP Protocol

Network-Dependent

Internet (IP)

TCP/UDP
IP Protocol

IP Address Y

Network-Dependent

Copyright 2003, Juniper Networks,


Inc.

Format of the IP Address


IP address is a 32-bit numeric address
Written as four numbers separated by periods:
Dotted Quad notation for human convenience
Examples
10.0.15.1
172.20.10.24
192.168.94.122

The IP address is used to identify a particular network

and host on that network


Must be globally unique (with some exceptions)

Copyright 2003, Juniper Networks,


Inc.

Relationship of the IP Address to the


Hardware Address
7

Application

Presentation

Session

Transport

Network

LLC
MAC

Physical

IP Address
802.2 Logical Link Control

802.3
CSMA/CD

802.4
Token Bus

OSI Reference Model

Copyright 2003, Juniper Networks,


Inc.

802.5
Token Ring

Mapping Address Layers: ARP


Address Resolution Protocol (ARP) maps an IP address

to a physical MAC address


Host broadcasts an ARP request to obtain a physical address

IP: 192.168.2.1

IP: 192.168.2.23

MAC: 0000.2222.1111

MAC: 0000.2222.2323

(1) Requester sends


BROADCAST ARP_REQUEST
(MAC dest = ffff.ffff.ffff, target
IP = 192.168.2.23)

(4) Requester stores the


mapping in local ARP cache
and can now communicate
directly with target

(3) Target host responds to


requester via UNICAST
(192.168.2.23 maps to MAC
0000.2222.2323, MAC dest =
0000.2222.1111)

(2) ALL hosts read


ARP_REQUEST, but do not
respond if theyre not the
target

IP: 192.168.2.2

IP: 192.168.2.11

IP: 192.168.2.43

MAC: 0000.2222.2222

MAC: 0000.2222.0011

MAC: 0000.2222.4343

Copyright 2003, Juniper Networks,


Inc.

Logical Network Types


Broadcast

Multiple sources and

destinations "on the wire"


One packet can be read by
many receivers
Typical for LANs
Example: Ethernet
Point-to-Point

Two ends/"stations"
Typical for WANs
Example: T1

Router A

Copyright 2003, Juniper Networks,


Inc.

Router B

Review Questions
1. How does a router differ from a bridge?
2. What is ARP?
3. What are two types of Logical Networks?

Copyright 2003, Juniper Networks,


Inc.

Juniper Networks
Networking Essentials

Module 2: IP Addressing
.

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After successfully completing this module, you will be

able to:
Create IP addresses in binary notation and decimal format,

and identify the corresponding address classes


Define subnetting and subnet masks, and create effective
subnets for a given network
Define classless interdomain routing (CIDR), and aggregate a
given range of network addresses to the highest degree
possible

Copyright 2003, Juniper Networks,


Inc.

Importance of IP Addressing
Unique addresses make information delivery systems

work
Telephone numbers
Postal addresses

IP addressing scheme integral to process of routing IP

data through an internetwork


Two major Internet scaling issues:
IPv4 address space depletion
Routing traffic given increasing number of networks that

make up the Internet

Copyright 2003, Juniper Networks,


Inc.

Classful IP Addressing
Original Classful IP addressing defines a 32-bit IP

address
Two-part Internet address structure

32-Bit IP Address

Network Part

Host Part

Copyright 2003, Juniper Networks,


Inc.

Binary Overview
7

Bit position

27

26

25

24

23

22

21

20

2^(bit position)

1
2
8

6
4

3
2

1
6

Decimal value

128+16+8+2=154

16+4+2+1=23

128+64+32+8=232

64+1=65

128+64+32+16+8+4+2+1=255

128+32+8+4=172

Copyright 2003, Juniper Networks,


Inc.

Primary Address Classes


8

No. of bits

Class A

24

Network

128 64 32 16 8

Host
2

Host

16

Class B

1 0

Network

Host

16
Network

Host

24

Class C

1 1 0

Network

Network

Host

8
Network

Copyright 2003, Juniper Networks,


Inc.

Host

Dotted Decimal Notation

Bit#

31

10101100
172

00010000

00100011

16

00001000

35

172.16.35.8

Copyright 2003, Juniper Networks,


Inc.

High-Order Bits
Class addresses specified by the high-order bits:
Class
Class A
Class B
Class C

High-Order Bits
0
10
110

IP Address 192.168.21.40 is a Class C address:


11000000.10101000.00010101.00101000

Copyright 2003, Juniper Networks,


Inc.

First Octet Rule


Class determined by location of first 0 in binary

address:
Class
Class A
Class B
Class C

First Octet Range


00000001 01111110 (Binary)
1 126*
(Decimal)
10000000 10111111
128 191
11000000 11011111
192 223
*0 and 127 reserved

Copyright 2003, Juniper Networks,


Inc.

First Octet Rule Examples

Address

Class

172. 18.192.34

10101100.00010010.11000000.00100010

10.155.128.2

00001010.10011011.10000000.00000010

192.12.3.42
11000000.00001100.00000011.00101010

Copyright 2003, Juniper Networks,


Inc.

Default Masks
Identify the location of the network part (1s) and host

part (0s) of an address


Class A
Class B
Class C

11111111.00000000.00000000.00000000
255 .
0
.
0
.
0
11111111.11111111.00000000.00000000
255 . 255
.
0
.
0
11111111.11111111.11111111.00000000
255 . 255
.
255 .
0

Copyright 2003, Juniper Networks,


Inc.

Reserved Addresses
Network Address: all host bits are binary 0
10.0.0.0
172.23.0.0
192.168.14.0
Broadcast Address: all host bits are binary 1
10.255.255.255
172.23.255.255
192.168.14.255

Copyright 2003, Juniper Networks,


Inc.

IPv4 Address Management Issues


Central authority: IANA
Inefficient allocation of limited address space
IPv4 32-bit address space
Address allocations based on organizations requests

rather than actual need


Early depletion of Class B addresses

Copyright 2003, Juniper Networks,


Inc.

IP Subnetting
All Classful IP addresses can be divided into smaller

networks called subnets

Class B Address: Before Subnetting


1 0

Network

Network

Host

Host

Subnet

Host

Class B Address: After Subnetting


1 0

Network

Network

Copyright 2003, Juniper Networks,


Inc.

Problems Solved with Subnetting


Provides network administrators with extra flexibility
Provides more efficient use of network address

utilization
Contains broadcast traffic; broadcast will not cross a
router
Subnets under local administrator control
External users and organizations see only single
network

Copyright 2003, Juniper Networks,


Inc.

Subnet Mask

Example subnet mask for Class B address


Network

Network

Binary 1 1 1 1 1 1 1 1
Representation

Dotted Decimal
Representation

255

Subnet

1 1 1 1 1 1 1 1

255

Host

1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0

255

Copyright 2003, Juniper Networks,


Inc.

Subnet Example 1
Assigned Network Number: 172.25.0.0/16
Create 256 subnets
172.25.0.0/24
172.25.1.0/24
172.25.2.0/24
172.25.3.0/24

.
172.25.255.0/24

Copyright 2003, Juniper Networks,


Inc.

Subnet Example 2
Assigned Network Number: 192.168.1.0/24
Create 4 subnets
192.168.1.0/26
192.168.1.64/26
192.168.1.128/26
192.168.1.192/26

Copyright 2003, Juniper Networks,


Inc.

Subnet Example 3
Assigned Network Number: 10.0.0.0/11
Create 8 subnets
10.0.0.0/11
10.32.0.0/11
10.64.0.0/11
10.96.0.0/11
10.128.0.0/11
10.160.0.0/11
10.192.0.0/11
10.224.0.0/11

Copyright 2003, Juniper Networks,


Inc.

Growth of the Internet


The Internet is todays largest public data network
Connects millions of users worldwide
Ongoing technical advancements in networking

hardware contribute to growth


Increasing number of networks over the past decade

Copyright 2003, Juniper Networks,


Inc.

Growth of Internet Routing Tables


Caused by Internet expansion
Backbone routers must maintain complete Internet

routing information
Additional factors include:
Increased CPU processing speed for routing table topology

updates
Dynamic nature of todays WWW
Increased volume of diverse information

IP Next Generation (IPv6)


Long-term solution, but deployment is limited
IPv4 modified to allow continued growth

Copyright 2003, Juniper Networks,


Inc.

Classless Inter-Domain Routing


CIDR ignores the concept of Network Address Classes
Reduces the amount of route advertisements

192.168.64.0

.65.0
.66.0

No CIDR

CIDR

192.168.64 /24
192.168.65 /24
192.168.66 /24
192.168.67 /24

.67.0

Copyright 2003, Juniper Networks,


Inc.

192.168.64 /22

Implications of CIDR on the Router


CIDR officially documented in 1993
CIDR supports following important features that benefit

global Internet routing system:


Ignores traditional concept of Class A, B, and C network

addresses
Supports route aggregation where single routing table entry
can represent address space of thousands of traditional
classful routes

Copyright 2003, Juniper Networks,


Inc.

CIDR Address Allocation Example


Allocate variable-length blocks from 192.168.16/20

192.168.30.0/23

192.168.28.0/23

Block
#4
Block
#3

Block
#1

Block
#2
192.168.24.0/22

Copyright 2003, Juniper Networks,


Inc.

192.168.16.0/21

CIDR Routing in a Classless Environment


Organization 1
172.25.16.0/21
192.168.0.0/16

ISP 1

Organization 2
172.25.24.0/22

Internet

172.16.0.0/16

Organization 3
172.25.28.0/23

ISP 2
Organization 4
172.25.30.0/23

Copyright 2003, Juniper Networks,


Inc.

JUNOS Support for CIDR


JUNOS supports CIDR
Defined in RFC 1519, Classless Inter-Domain Routing

(CIDR): An Address Assignment and Aggregation


Strategy

Copyright 2003, Juniper Networks,


Inc.

Private IP Addresses (RFC 1918)


Sustained growth in TCP/IP technology
Increasing number of enterprises use TCP/IP for intra-

enterprise communications only


Concerns:

Limited global address space


Routing overhead increasing beyond capabilities of ISPs

RFC1918 allows enterprises and ISPs to use specific

address space so long as it is not advertised back out


to the Internet
10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16

ISPs continue to obtain blocks of public address space

from address registry and assign customers addresses


from within block based on customer requirement
Copyright 2003, Juniper Networks,
Inc.

Review Questions
1. To select IP addresses for an ISP, where would you

begin?
2. How are subnets implemented on an IP network?
3. When would you implement CIDR on an IP network?
4. What is the purpose of Private Addressing and how is
it useful?

Copyright 2003, Juniper Networks,


Inc.

Lab 1: IP Subnetting
Note: Various Junos CLI commands will be used during
this lab that have not yet been discussed. All CLI
commands will be fully explained in the sunsequent
sections.

Copyright 2003, Juniper Networks,


Inc.

Juniper Networks
Networking Essentials

Module 3: Router Basics

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After successfully completing this module, you should

be able to:
Describe the function of a router and explain how a router

works to route packets on a network


Explain the concepts of routing metrics and route selection on
an Internet network

Copyright 2003, Juniper Networks,


Inc.

What Is Routing?
Act of moving information across logical path from a

source to a destination
Routers
Determine the best routing paths
Transport information groups, or packets, through an

internetwork

Routers vs. bridges and switches


Bridges and switches operate at Layer 2, the Data Link layer
Routers operate at Layer 3 (the Network layer)

Copyright 2003, Juniper Networks,


Inc.

Basic Router Functions


Route determination/topology awareness
Routes are learned and recorded in the route table
Selection criteria are applied to determine the preferred route
or routes to each destination
The preferred routes are recorded in the forwarding table
Packet forwarding
Incoming packets are switched to outgoing interfaces based
on the forwarding table entries

Copyright 2003, Juniper Networks,


Inc.

How Routers Operate


4

Application Layer
Consists of applications and
processes that use the network

Host-to-Host Transport Layer

Internetwork Layer
Frames are switched from one
interface to another, based on
packet information

Select interface to
which to send
encapsulated frames

Network Access Layer


Identifies bits on the medium
at router interfaces

Encapsulate frames
(such as Ethernet)
Transmit bits of the frame

Copyright 2003, Juniper Networks,


Inc.

Packet Processing
(2) IP lookup

(3) Select outbound interface

Packet

(1) Inbound:
Receive bits

(4) Outbound:

Detect frame
Remove
encapsulation

Transmit bits

Re-encapsulate

1.

Receive packet, check L2 info.

2.

Read L3 header to determine destination address.

3.

Perform longest-match lookup for L3 destination in


forwarding table and select the appropriate outbound physical
interface.

4.

Encapsulate the packet with the appropriate L2 header/trailer


and transmit.

5.

GO TO STEP 1: Receiving router does it all over again.

Copyright 2003, Juniper Networks,


Inc.

IP Packet Format
32 BITS
VERSION

IHL TYPE-OF-SERVICE

FLAGS

IDENTIFICATION
TIME-TO-LIVE

TOTAL LENGTH

PROTOCOL

FRAGMENT OFFSET

HEADER CHECKSUM

SOURCE ADDRESS
DESTINATION ADDRESS
OPTIONS (+ PADDING)

Router reads
destination
address to determine
how to route the packet

DATA (VARIABLE)

Copyright 2003, Juniper Networks,


Inc.

IP Addresses Determine Route Destination


No. Bits
Class A

24

Network

128 64 32 16 8

4 2

Host

Host

14
Class B

1 0

Network

Host

16
Network

Host

21
Class C

1 1 0 Network

Network

Host

8
Network

What is the longest-match


prefix for this packet?

Copyright 2003, Juniper Networks,


Inc.

Host

Selecting Routes for Forwarding


Routing
updates
Static
routes
Local
addresses
Policy

Routing
Table

Best
Routes

Yes

Forwarding
Table

Copyright 2003, Juniper Networks,


Inc.

Routing Tables
Packets destination address is for:
One of the routers interfaces or a broadcast address
Packet is for an internal router process

Any other known address


Packet must be routed

Unknown address
Look for default route. If none exists, packet is dropped

Packet In

Packet Out

Copyright 2003, Juniper Networks,


Inc.

Contents of a Routing Table


Minimum contents of routing table:
Destination prefix
Next-hop IP address
The next router downstream, closer to the destination

inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

10.0.21.0/24

*[Direct/0] 17:48:31

> via GigE0.0

10.0.21.2/32

*[Local/0] 17:48:31

Local

10.0.29.0/24

*[Direct/0] 17:48:31

> via GigE1.0

10.0.29.1/32

*[Local/0] 17:48:31

Local

192.168.16.0/24

*[RIP/100] 00:03:45

> to 10.0.21.1 via fxp0.0

192.168.17.0/24

*[RIP/100] 00:03:45

> to 10.0.21.1 via fxp0.0

192.168.28.0/24

*[Static/5] 16:48:05

Discard

192.168.29.0/24

*[Static/5] 16:48:05

Discard

Copyright 2003, Juniper Networks,


Inc.

Populating a Routing Table


Static and default routes
Specific prefixes not learned via a protocol
Default used when a partial match cannot be made
Dynamic routing protocols
Routers communicate reachability information
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.21.0/24

*[Direct/0] 01:00:31

10.0.21.2/32

*[Local/0] 01:00:31

10.0.29.0/24

*[Direct/0] 01:00:31

10.0.29.1/32

*[Local/0] 01:00:31

192.168.16.0/24

*[RIP/100] 00:03:45

> via GigE0.0


Local
> via GigE1.0
Local
> to 10.0.21.1 via GigE0.0

Copyright 2003, Juniper Networks,


Inc.

Route Selection
Route selection is based on:
Longest, or most specific, match
Preferences, for different protocols
Routing metrics, for same protocol
Given multiple routes to a destination, the router must

select the best route


Load balancing may be considered

Copyright 2003, Juniper Networks,


Inc.

Route Selection: Longest Match


Most specific address is matched:
Host route
Subnet
Summary route, or group of subnets
Major network number
Supernet, or group of major networks
Default address

Copyright 2003, Juniper Networks,


Inc.

Route Selection: Preference


Routing protocol processes calculate the active route

from all routes in the routing table


Preference routes are placed in the forwarding table
The active route is the route with the lowest preference
value
Preference is a value in the range of 0 through 255
Preference is used to rank routes received from different

protocols, interfaces, or remote systems

Identifies the believability of a source in determining

best route

Copyright 2003, Juniper Networks,


Inc.

Route Selection: Routing Metrics


Routing metrics are generally a measurement of cost or

overhead
Metrics are protocol-specific
Used to determine the best route for a single protocol
Dont compare metrics from different routing protocols

apples vs. oranges

Copyright 2003, Juniper Networks,


Inc.

Forwarding Table
nancy@sluggo.lab>
nancy@sluggo.lab> show
show route
route forwarding-table
forwarding-table
Internet:
Internet:
Destination
Type
Destination
Type RtRef
RtRef Nexthop
Nexthop
10.100.71.0/24
user
00 10.100.67.254
10.100.71.0/24
user
10.100.67.254
10.100.71.224/27
user
22 10.100.67.254
10.100.71.224/27
user
10.100.67.254
10.250.1.36/30
intf
0
ff.3.0.21
10.250.1.36/30
intf
0 ff.3.0.21
10.250.1.37/32
intf
00 10.250.1.37
10.250.1.37/32
intf
10.250.1.37
10.250.1.103/32
dest
00 10.250.1.103
10.250.1.103/32
dest
10.250.1.103
---(more)-----(more)---

Type
Type Index
Index NhRef
NhRef Netif
Netif
ucst
18
ucst
18 74212
74212 GigE0.0
GigE0.0
ucst
18
ucst
18 74212
74212 GigE0.0
GigE0.0
ucst
27
1
so-2/0/0.0
ucst
27
1 so-2/0/0.0
locl
26
11
locl
26
bcst
37
11 ge-7/2/0.0
bcst
37
ge-7/2/0.0

Copyright 2003, Juniper Networks,


Inc.

Metrics
Possible routing metrics include:
Hop count
Composite index/metric
Bandwidth: Amount of data that can be transmitted in a fixed amount
of time
Delay: Transit latency of path

Common practice is to link bandwidth as a measure of

cost, like a toll for the router


Path metrics are calculated by adding the interface
metrics along the path

Copyright 2003, Juniper Networks,


Inc.

Review Questions
1. What functions does a router perform?
2. What functions does a routing algorithm perform?
3. What is the relationship between a routing table and a

forwarding table?
4. What factors affect how a router makes a route
selection?
5. What is a metric and how does a router use metrics to
make routing decisions?

Copyright 2003, Juniper Networks,


Inc.

Introduction to Juniper Networks Routers

Module 4: M-series and T-series


Product Overview

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After successfully completing this module, you will be

able to:
Match Juniper Networks, Inc. products with typical

applications in a service provider network


Describe the architecture of Juniper Networks M-series and
T-series platforms
Describe the function of the RE, FPCs, PICs, System, and
Control boards
Operate the Craft Interface
Describe packet flow through M-series and T-series platforms
List three characteristics of JUNOS software

Copyright 2003, Juniper Networks,


Inc.

Juniper Networks Role in the Internet


Where we are going
Networking hardware evolution
Juniper Networks: the company
Juniper Networks M-series and T-series platforms overview

M5/M10 and the M7i/M10i routers

M20 router

M40 router

M40e router

M160 router

T640 Internet routing node

T320 router

M320 Router

Copyright 2003, Juniper Networks,


Inc.

Networking Hardware Evolution


The first routers were general-purpose computers
Single CPU, RAM, monolithic operating system
Low-speed serial interfaces
Networking advancements:
More PCs attached to networks
Increased application bandwidth consumption
Increased transmission speeds
Single-CPU router architecture could not keep up!

Juniper Networks broke tradition with:


Specialized operating system

Protected memory, multi-tasking

Hardware-based packet forwarding

Juniper Networks M-series and T-series routers implement key functions on


ASICs

Separation of two equally complex problemsInternet control and highperformance packet forwarding

Copyright 2003, Juniper Networks,


Inc.

Juniper Networks: The Company


Business:
Converts bandwidth into scalable, differentiable IP services
using a new class of integrated silicon- and software-based
routing systems

Juniper Networks sells solutions, not just routers

Mission:
To be the primary supplier of scalable, reliable,
high-performance IP systems for the new IP infrastructure
Market:
Supplies systems to numerous worldwide markets that

provide high-speed IP services in both the core and edge


environments

Copyright 2003, Juniper Networks,


Inc.

Juniper Networks Product Positioning


Consumer
Edge: B-RAS
(E-series Routers)

Service Provider
Network
Core

Residential

Education

PSTN/
Mobile

M-series/T-series
Platforms

SOHO/ROBO

Business Edge
(E-series/M-series
Routers)

Large Enterprise

Copyright 2003, Juniper Networks,


Small/Medium Enterprise
Inc.

The E-series Family of Edge Routers


Series of high-performance broadband remote access

servers (B-RAS)

The result of Unisphere acquisition in mid-2002

ERX-310
ERX-700

ERX-1440
E-series
edge router operation and configuration is

covered in various E-series router-specific class offerings

See http://www.juniper.net/training for details

Copyright 2003, Juniper Networks,


Inc.

M-series and T-series Product Line (1 of 2)


Family of router platforms that deliver:
Industry-leading core and dedicated-access platforms

Solutions that scale in multiple dimensions with market-leading port


density

Flexible and manageable traffic control


High reliability features
M160
Router
M40
Router

M5/M10
Routers

M20
Router

Forwarding
Performance
per Rack Inch

Copyright
2003,
March 2000Networks,
Sep. 1998
Sep. 2000
Dec.
1999 Juniper
Inc.

...

M-series and T-series Product Line (2 of 2)


Common software image/feature set across all platforms!
M40e
Router

T320 Router

M7i
M10i

T640 Internet
Routing Node

...

A Continuing History
of Rapid Innovation

Copyright 2003, Juniper Networks,


Dec. 2001
August 2002
Sept. 2003
Inc. Feb. 2002

Copyright 2003, Juniper Networks,


Inc.

M-series and T-series Hardware Overview


Where we are going
General M-series and T-series platform architecture
Hardware overview

Routing Engine

Packet Forwarding Engine (M-series and T-series)

The Craft Interface


Field Replaceable Units (FRUs)
Summary of platform characteristics

Copyright 2003, Juniper Networks,


Inc.

Separation of Control and Forwarding


Routing Engine

RT

FT

JUNOS
Software

fxp1

Packet Forwarding Engine

CLI

FT
Packets Out

Packets In

All M-series and T-series platforms share the same basic

design philosophy

Clean separation of control and forwarding

Routing Engine maintains routing table (RT) and primary

copy of forwarding table (FT)


Packet Forwarding Engine receives FT from Routing
Engine

Copyright 2003, Juniper Networks,


Inc.

Routing Engine Overview


JUNOS software resides in flash memory
Backup copy available on hard drive
Provides forwarding table to the Packet Forwarding

Engine
Not directly involved with packet forwarding
Runs various routing protocols

Implements CLI
Manages Packet Forwarding Engine

Copyright 2003, Juniper Networks,


Inc.

Current Routing Engine Characteristics


RE Model

Processor/clock

Feature

Memory
Solid state
flash storage
Hard disk storage

External media

Supported Platforms

RE-333

RE-400

RE-600

Pentium III/333 MHz

Celeron/400 MHz

Pentium III/600 MHz

768 MB

256, 512, 768 MB

512, 2 GB

80 MB

256 MB
(Optional)

128 MB/256 MB

6.4+ GB

20 GB

30+ GB

PCMCIA
flash card/LS-120*

PCMCIA
flash card
(Optional)

PCMCIA
flash card/LS-120*

Originally shipped
on: M5/10/20/40/40e,
and M160

M7i/M10i Only

All M-series
and T-series except
M7i/M10i

Copyright 2003, Juniper Networks,


* The M40 router continues to use the original LS-120 drive for external storage regardless of RE model.
Inc.

Packet Forwarding Engine Overview


Custom ASICs implement forwarding path
No process switching
Value-added services and features implemented in hardware
Multicast
CoS/queuing
Firewall filtering
Accounting

Divide-and-conquer architecture
Each ASIC provides a piece of the forwarding puzzle

Copyright 2003, Juniper Networks,


Inc.

PFE Components: M-series


Physical Interface Cards (PICs)
Flexible PIC Concentrators (FPCs)
The system midplane
For M5/M10, M7i/M10i, M20, and M40
System Control

M5/M10 and M7i /M10i routersForwarding Engine Board/Compact


Forwarding Engine Board, combined FPC and System Control Board

M20 routerSystem Switching Board (SSB)

M40 routerSystem Control Board (SCB)

For M40e and M160


Switching and Forwarding Module (SFM)
Miscellaneous Control Subsystem (MCS)
Packet Forwarding Engine Clock Generator

Copyright 2003, Juniper Networks,


Inc.

PFE Components: T-series


Physical Interface Cards (PICs)
T-series FPCs contain one or two PFE complexes
PFEs interface to other PFEs through the T-series switch
fabric

Nonblocking crossbar switch matrix with high-speed lines to each FPC

Switch fabric redundancy

Switching between PFEs performed by Switch

Interface Boards (SIBs)


Three SIBs comprise a T320 switch fabrictwo active, one

spare
Five SIBS comprise the T640 switch fabricfour active, one
spare

The system midplane

Copyright 2003, Juniper Networks,


Inc.

Physical Interface Cards


PICs currently support from 0
Some PICs support channelized

and advanced CoS options


IP Service PICs (Tunnel,
Multilink, Monitoring, etc.)
Services PIC normally have no
physical ports

Switch Fabric
Memory

to 48 physical ports

Custom ASIC for each media

type
Status indicators
Hot-swappable on all
platforms except M20 and
M40 routers

Physical
Interface
Card (PIC)

PIC
PIC

ASIC

FPC

Copyright 2003, Juniper Networks,


Inc.

PIC

General FPC features


Supports from 1 to 4 PICs
Hot-swappable on most platforms
PowerPC supervisory processor

Not used for packet forwarding

From 64 MB to 1.2 GB of memory

Pooled to create shared memory


switch fabric on M-series platforms

High aggregate throughput rates*


M5/M10, M7i/M10i, M20, M40, and
M40e routers: 6.4 Gbps per FPC
M160 router: 25.6 Gbps per FPC2
T640 Internet Routing Node: 80+
Gbps with FPC3
T320 router: 40+ Gbps with FPC3
*

Switch Fabric
Memory

The Flexible PIC Concentrator


PIC
PIC
PIC
ASIC

FPC

PIC

The numbersCopyright
quoted are two
times
the unidirectional
(Simplex) capacity of each

2003,
Juniper
Networks,
FPC.

Inc.

M-series System Boards


General System Board functions:
Forwarding table updates and route lookups
Management of ASICs and PFE hardware components
Environmental monitoring
Stratum 3 SONET clock generation
Handling exception/control packets
Names vary by platform
M5 and M10FEB
M20 and M40SSB and SCB
M7i and M10iCFEB
Enhanced System Boards feature the second

generation Internet Processor II ASIC


Copyright 2003, Juniper Networks,
Inc.

Control Boards: M-series and T-series


General Control Board functions:
Component power up/down
Handling hardware faults
Controlling redundancy
Environmental monitoring
Distribution/generation of SONET clocking
M160/M40e control
Control provided by Miscellaneous Control Subsystem

(MCS); paired with a Routing Engine to form a Host Module

Host Module redundancy supported

T640/T320 control
Control provided by Control Board (CB); the CB is paired with
a Routing Engine to form a Host Subsystem

Host Subsystem redundancy supported

Copyright 2003, Juniper Networks,


Inc.

Internet Processor II ASIC


The Internet Processor II
Provides industry-leading performance for longest-match
packet lookup
Numerous packet processing features:

Filtering, sampling, logging, counting, and improved load balancing

Second generation Internet Processor II available on

enhanced system boards

Copyright 2003, Juniper Networks,


Inc.

System Midplane Examples


M10 System midplane:
FEB contains built-in FPCs,
eight PIC slots

System midplane
Connector Interface Panel

(CIP), eight FPC slots

M20 System midplane


System Switching Board
slots, Craft Interface slot, four
FPC slots

Connector Interface Panel

M40e, M160, T640, and T320

1 2 3 4 5 6

Primary SSB
Secondary SSB
Craft Interface
0
1
2

Copyright 2003, Juniper Networks,3


Inc.

The Craft Interface


Craft Interface overview
LCD display (M40, M40e, M160, T640, and T320 routers only)
FPC online/offline buttons (M20, M40, M40e, M160, T640,
and T320 platforms)
PIC online/offline buttons (M5/M10 and M7i/M10i routers)
Status LEDs

ACopyright
Typical Craft
Interface
(T320)
2003,
JuniperPanel
Networks,
Inc.

Craft Interface Status LEDs


Status LEDs
OK

Blinking = starting

Solid = running

FAIL

Solid = taken offline because of failure

Online/offline buttons
Press and hold for three seconds to take FPC (or PIC) offline

Copyright 2003, Juniper Networks,


Inc.

Alarm Indications
Red alarm
Major failure that affects service/safety
Yellow alarm
Minor failure that needs attention but does not affect

service

Copyright 2003, Juniper Networks,


Inc.

LCD Display
LCD display is available on M40, M160, T640, and T320 platforms only
Displays general system status when no alarms are present
Displays alarm information when alarms are present

Identifies the total number and types of alarms that are active

Currently, the navigation buttons are only used to obtain the status of certain PICs

Copyright 2003, Juniper Networks,


Inc.

Dry Relay Contacts


Activated with first alarm
Yellow and red alarms
Can be disabled with ACO/LT button on Craft

Interface

New alarms reactivate relay


Alarm contacts supported on M20, M40, M40e, M160,

and T-series platforms

Relay contacts located on the Craft Interface or


Connector Interface panel

Copyright 2003, Juniper Networks,


Inc.

Typical Router Components (T640)

Copyright
Front
Inc.

2003, Juniper Networks,

Back

Product Comparison: M-series


Platform
M5
Router

M7i
Router

M10
Router

Chassis
Throughput
(Aggregate)

6.4 Gbps
(40 Mpps)

9.4 Gbps
(8 Mpps)

12.8 Gbps
(40 Mpps)

Slot Throughput
(Aggregate)

6.4 Gbps

6.4 Gbps

1/4

Power

M10i
Router

M20
Router

M40
Router

12.8 Gbps
(16 Mpps)

25.6 Gbps
(40 Mpps)

51.2 Gbps
(40 Mpps)

51.2 Gbps
(40 Mpps)

204 Gbps
(160
Mpps)

6.4 Gbps

6.4 Gbps

6.4 Gbps

6.4 Gbps

6.4 Gbps

25.6 Gbps

1/6 (2
built-in
PICs)

2/8

2/8

4/16

8/32

8/32

8/32

AC/DC

AC/DC

AC/DC

AC/DC

AC/DC

AC/DC

AC/DC

DC Only

Units per Rack

15 per
rack

21 per
rack

15 per
rack

8 per rack

5 per rack

2 per rack

2 per rack

2 per rack

RE/Control
Redundancy

No

No

No

Yes

Yes

No

65 Lbs/29.5
Kg

65 Lbs/29.5
Kg

150
Lbs/68 Kg

Feature

Slots/PICs

Weight (Max)

61 Lbs/27.7
36.5
Kg
Lbs/16.6Kg

M40e
Router

Yes

M160
Router

Yes

280
370.5
370.5
Lbs/127 Kg Lbs/168 Kg Lbs/168 Kg

Copyright 2003, Juniper Networks,


Inc.

* Numbers quoted are two times the unidirectional (simplex) capacity for each FPC or chassis.

Product Comparison: T-series


Platform
Feature

T640 Internet
Routing Node

T320
Router

Chassis
Throughput
(Aggregate)

640+ Gbps (640


Mpps)

320+ Gbps
(320 Mpps)

Slot
Throughput
(Aggregate)

FPC3 = 80+
Gbps
FPC 2 and 3

FPC3 = 40+
Gbps
FPC 1, 2, and 3

Slots/PICS

8/32

8/16

DC only

DC only

2 per
rack

3 per
rack

Yes

Yes

Power

Units Per Rack


RE/Control
Redundancy
Weight (typical)

565Lbs/256.28Kg

369.9
Lbs/167.78Kg

Copyright 2003, Juniper Networks,


Inc.

* Numbers quoted are two times the unidirectional (simplex) capacity for each FPC or chassis.

PICs
Where we are going
Listing of common PICs
4-port and 48-port Fast Ethernet, 2-port STM1/OC3c ATM, and
OC-192c

Copyright 2003, Juniper Networks,


Inc.

Common PICs
Basic
ATM
Channelized OC-12, STM1, DS3
DS-3, 4 port
T1, E1, T3, E3
Fast Ethernet
Gigabit Ethernet, 10 Gigabit Ethernet
SONET/SDH
IP Services
Tunnel Services, Encryption Services, Link Services, Multilink

Services, Monitoring services, and Adaptive Services PIC


(ASP)

Services (Q Performance Processor)


Channelized Services (E1, DS3, STM1, and OC12)
ATM Services (ATM-2)
Copyright
Ethernet
Services 2003, Juniper Networks,

Inc.

PIC Examples
4-port Fast Ethernet (M5/M10)

2-port STM1/OC3Copyright
ATM (M20/M40)
2003,

Inc.

48-port Fast Ethernet (M40e)

Quad-wide
STM-64/OC192c (M160)
Juniper
Networks,

M-series ASICs and Packet Flow


Where we are going
The M-series Packet Forwarding Engine

PIC Controller ASIC

I/O Manager ASIC

Distributed Buffer Management ASIC

Internet Processor II

M-series packet flow

Copyright 2003, Juniper Networks,


Inc.

M-series ASICs
Internet
Processor II

M-series System Board


(For example, SSB, SFM)
Buffer
Manager 1

FPC

PICs

I/O
Manager
PIC I/O
Manager
PIC I/O
Manager

PIC I/O
Manager
PIC I/O
Manager

M
E
M

Forwarding
Table

Buffer
Manager 2

I/O
Manager

M
E
M

I/O
Manager
PIC I/O
Manager
PIC I/O
Manager

Copyright 2003, Juniper Networks,


Inc.

M
E
M

PIC I/O
Manager
PIC I/O
Manager

M-series Packet Flow (1 of 5)

PIC
PIC I/O
I/O ASIC
ASIC
Connects
to
Connects
to FPC
FPC I/O
I/O ASIC
ASIC
Packet
Forwarding
Manages
Manages
physical-layer
Engine
Systemphysical-layer

framing
framing and
and bit-stream
bit-stream
Controller
signaling
(SSB, signaling
SFM, etc.)
Buffer
Detects
Detects link-layer
link-layer errors
errors (CRC)
(CRC)
Manager 1
Generates
data
link-layer
Generates data link-layer
alarms
alarms

FPC

PICs

I/O
Manager
PIC I/O
Manager
PIC I/O
Manager

PIC I/O
Manager
PIC I/O
Manager

Forwarding
Table

Internet
Processor II

M
E
M

Key

Buffer
Manager 2

I/O
Manager

M
E
M

Data
Notification

I/O
Manager
PIC I/O
Manager
PIC I/O
Manager

Copyright 2003, Juniper Networks,


Inc.

M
E
M

PIC I/O
Manager
PIC I/O
Manager

M-series Packet Flow (2 of 5)


Internet
Processor II

Packet Forwarding Engine


System Controller
(For example, SSB and SFM)

Buffer
Manager 1

FPC

PICs

I/O
Manager
PIC I/O
Manager
PIC I/O
Manager

PIC I/O
Manager
PIC I/O
Manager

M
E
M

Forwarding
Table

I/O
Buffer ASIC
I/O Manager
Manager
ASIC

Decodes
Manager 2
Layer
Decodes
Layer 22

encapsulation
encapsulation
Identifies
Identifies protocol
protocol and
and
checks
checks Layer
Layer 33 header
header
validity
validity
M
Classifies
traffic
Classifies
traffic
for CoS
CoSM
I/O
I/Ofor
E
E
Chops
incoming
packets
Manager
Manager
Chops
incoming
packets
M
M
into
into 64-byte
64-byte
chunks
chunks (J-cells)
(J-cells)
PIC I/O
PIC I/O
Sends
Sends J-cells
J-cells
to Buffer
Buffer
Managerto
Manager
Manager
Manager 11 ASIC
ASIC
PIC
I/O integrity
PIC I/O
Confirms
Confirms packet
packet
integrity
Manager
Manager

Copyright 2003, Juniper Networks,


Inc.

M-series Packet Flow (3 of 5)


Forwarding
Table

Internet
Processor II

Packet Forwarding
Engine System Controller
(For example, SSB and SFM)

Buffer
Manager 1

Key

Buffer
Manager 2

Data
Notification

FPC

I/O
Manager
PIC I/O
Manager

PICs

PIC I/O
Manager

M
E
M

I/O
Manager

M
E
M

I/O
Manager
PIC I/O
Manager

Manager
ASICs
Distributed
Distributed Buffer
Buffer
Manager
ASICs
PIC I/O
PIC I/O
PIC I/O
Manage
packet
memory
shared
across
FPC
slots
Manager shared across FPC slots Manager
ManageManager
packet memory
Extract
Extract address
address information
information from
from packets
packets
Direct
FPCs
forward
packets
Direct
FPCs where
where
to
forward
packetsNetworks,
Copyright
to
2003,
Juniper

Inc.

M
E
M

PIC I/O
Manager
PIC I/O
Manager

M-series Packet Flow (4 of 5)


Packet Forwarding
Engine System Controller
(For example, SSB and SFM)

Forwarding
Table

Internet
Processor II

Buffer
Manager 1

Internet
Internet Processor
Processor IIII ASIC
ASIC
Extracts
Extracts next-hop
next-hop
information
information from
from system
system
forwarding
table
FP
forwarding table
M
Passes
C
Passes modified
modified I/O
E
notification
notification (next-hop
(next-hop
Manager
M
information
information added)
added) to
to
Buffer
Buffer Manager
Manager 22 ASIC
ASIC
Applies
PIC
I/O
PIC I/O
filtering
Applies packet
packet
filtering
Manager
Manager
and
and policy
policy rules
rules
PICs
Collects
Collects exception
exception
packets
PIC I/O packets
PIC I/O
for
queuing
to
Routing
Manager
Manager
for queuing to Routing
Engine
Engine

Key

Buffer
Manager 2

I/O
Manager

M
E
M

Data
Notification

I/O
Manager
PIC I/O
Manager
PIC I/O
Manager

Copyright 2003, Juniper Networks,


Inc.

M
E
M

PIC I/O
Manager
PIC I/O
Manager

M-series Packet Flow (5 of 5)

I/O
I/O Manager
Manager ASIC
ASIC
Packet
Forwarding
Receives
Receives 64-byte
64-byte

Internet
Processor II

Forwarding
Table

Enginechunks
Systemfrom
chunks
from Buffer
Buffer
Manager
Controller
Manager 22 ASIC
ASIC
Key
(SSB,
etc.)
SFM,
Adjusts
Buffer
Buffer
Adjusts any
any required
required
Data
protocol
Manager 2
protocol time-to-live
time-to-live Manager 1
Notification
values
values
Encapsulates
Encapsulates chunks
chunks
inside
inside appropriate
appropriate
data
data link
link layer
layer header
header
M
M
M
FPC
I/O
I/O
I/O
Sends
to
PIC
I/O
Sends to PIC I/O
E
E
E
Manager
Manager
Manager
Manager
M
M
M
Manager ASIC
ASIC for
for
transmission
transmission
PICs

PIC I/O
Manager
PIC I/O
Manager

PIC I/O
Manager
PIC I/O
Manager

PIC I/O
Manager
PIC I/O
Manager

Copyright 2003, Juniper Networks,


Inc.

PIC I/O
Manager
PIC I/O
Manager

ASIC Functionality and Packet Flow


Where we are going
The T-series Packet Forwarding Engine

PIC Controller ASIC

Layer 2/Layer 3 Packet Processing ASIC

Switch Interface ASIC

Queuing and Memory Interface ASIC

Internet Processor II

T-series switch fabric overview


T-series packet flow

Copyright 2003, Juniper Networks,


Inc.

T-series Packet Forwarding Engine


Each T-series PFE consists of:
One or more media-specific PIC ASIC

Handles physical layer signaling, alarms, and CRC processing

Layer 2/Layer 3 Packet Processing ASIC

Provides Link layer encapsulation and decapsulation

Manages division and reassembly of packets into J-cells

Queuing and Memory Interface ASICs

Manage data cell memory buffering

Manage notification queuing

Internet Processor II ASIC

Performs route lookups in forwarding table

Switch Interface ASICs

Extract route lookup keys

Manage cell flow across the switch fabric

Copyright 2003, Juniper Networks,


Inc.

The T-series Switch Fabric


Nonblocking topology with any-to-any connectivity
No single point of failure, all SIBs fully redundant
Graceful degradation for multiple failures

T640 switch fabric consists of 5 Switch Interface Boards (SIBs) (5th is a


spare)

T320 switch fabric consists of 3 Switch Interface Boards (SIBs) (3rd is a


spare)

Packet order and CoS maintained across fabric

SIB 0
SIB 1
SIB 2

FPC 1
FPC 0

F16
F16
F16

Nf
40Gbps
HSLs

(FD)

Copyright
2003, Juniper Networks,
The T320 Switch Fabric
Inc.

T-series Packet Flow (1 of 10)


Key

Ingress PFE

Data
Notification

Packets
in

SONET
or
GigE
PIC

Layer2/Layer3
Packet
Processing
ASIC

Internet

Switch

Processor

Interface

II ASIC

ASIC

Switch
Interface
ASIC

Queuing
& Memory
Interface
ASIC

RDRAM
Switch

Queuing
& Memory
Interface
ASIC

Packets
Packets arrive
arrive at
at an
an incoming
incoming PIC
PIC

Fabric

RDRAM

interface
interface
Switch
SONET
Layer2/Layer3
Packet
or
Packet manages

Interface link layer


ASIC
s PIC
PIC controller
controller
ASIC
manages
link layer
GigE
Processing
ASIC
PIC of
out framing
ASIC
framing
of bit
bit stream
stream

Detects
Detects link
link layer
layer CRC
CRC errors
errors
Switch
Internet

Generates
Generates link
link layer
layer alarms
alarms
Processor
Interface

packets
to
FPC
Passes
II
ASIC
Passes packets
to FPC
Copyright
2003, Juniper Networks, ASIC

Inc.

T-series Packet Flow (2 of 10)


Key

Ingress PFE

Data

Internet

Switch

Processor

Interface

II ASIC

ASIC

Notification

Packets
in

Layer2/Layer3
Packet
Processing
ASIC

SONET
or
GigE
PIC

Switch
Interface
ASIC

Queuing
& Memory
Interface
ASIC

RDRAM
Switch

Queuing
& Memory
Interface
ASIC

2/Layer
33 Packet
Layer
LayerSONET
2/LayerLayer2/Layer3
Packet Processing
Processing
Switch

ASIC
and
validates
Layer
ASIC parses
parses
and
validates
Layer 22
or
Packet
Interface
GigE
Processing
and
33 headers
ASIC
and Layer
Layer
headers
PIC
ASIC
Classifies
Classifies traffic
traffic for
for CoS
CoS processing
processing
Divides
Divides the
the packets
packets into
into 64-byte
64-byte Internet
cells
cells
Processor
II ASIC
Sends
to
Interface
Sends cells
cells
to Switch
Switch
Interface
ASIC
Copyright
2003, ASIC
Juniper

Fabric

RDRAM

Packet
s
out

Inc.

Switch
Interface

Networks, ASIC

T-series Packet Flow (3 of 10)


Key

Ingress PFE

Data
Notification

Packets
in

SONET
or
GigE
PIC

Layer2/Layer3
Packet
Processing
ASIC

Internet

Switch

Processor

Interface

II ASIC

ASIC

Switch
Interface
ASIC

Queuing
& Memory
Interface
ASIC

RDRAM
Switch

Queuing
& Memory
Interface
ASIC

the
Switch
Switch Interface
Interface ASIC
ASIC extracts
extracts
the
Switch
SONET

Inc.

RDRAM

Layer2/Layer3

route
key
or
Packet
route lookup
lookup
key
Interface
GigE
Processing
ASIC
PIC
Key
is
placed
in
a
notification
ASIC
Key is placed in a notification cell
cell and
and
passed
passed to
to the
the Internet
Internet Processor
Processor

Data
Data cells
cells are
are sent
sent to
to the
the Queuing
Queuing Internet
Processor
and
Interface
ASICs
and Memory
Memory
Interface
ASICs
II ASIC
Copyright 2003, Juniper
Packet
s

out

Fabric

Switch
Interface

Networks,

ASIC

T-series Packet Flow (4 of 10)


Key

Ingress PFE

Data
Notification

Packets
in

SONET
or
GigE
PIC

Layer2/Layer3
Packet
Processing
ASIC

Internet

Switch

Processor

Interface

II ASIC

ASIC

Switch
Interface
ASIC

Queuing
& Memory
Interface
ASIC

RDRAM
Switch

Queuing
Queuing and
and Memory
Memory Interface
Interface

Queuing
& Memory
Interface
ASIC

Switch
SONET
Layer2/Layer3
ASICs
pass the
data
to
ASICs
data cells
cells
to
orpass the
Packet
Interface
GigE for buffering
Processing
memory
ASIC
memory
for buffering
PIC
ASIC

Internet
Internet Processor
Processor IIII ASIC
ASIC performs
performs
the
the route
route lookup
lookup and
and forwards
forwards the
the
Internet
notification
notification to
to the
the Switch
Switch Interface
InterfaceProcessor
ASIC
II ASIC
ASIC
Copyright 2003, Juniper

Fabric

RDRAM

Packet
s
out

Inc.

Switch
Interface

Networks,

ASIC

T-series Packet Flow (5 of 10)


Key

Ingress PFE

Data
Notification

Packets
in

SONET
or
GigE
PIC

Layer2/Layer3
Packet
Processing
ASIC

Internet

Switch

Processor

Interface

II ASIC

ASIC

Switch
Interface
ASIC

Queuing
& Memory
Interface
ASIC

RDRAM
Switch

Queuing
& Memory
Interface
ASIC

Switch
Switch Interface
Interface ASIC
ASIC sends
sends
Switch
SONET

Inc.

RDRAM

Layer2/Layer3

bandwidth
requests
through
or
Packet
Interface the
bandwidth
requests
through
the
GigE
Processing
ASIC
switch
the
switchPICfabric
fabric to
toASIC
the destination
destination PFE
PFE

Issues
Issues read
read requests
requests to
to the
the Queuing
Queuing
Internet
and
and Memory
Memory Interface
Interface ASIC
ASIC to
to begin
begin
Processor
reading
cells
out
of
memory
reading data
data
cells
out
of
memory
II ASIC
Copyright 2003, Juniper
Packet
s
out

Fabric

Switch
Interface

Networks,

ASIC

T-series Packet Flow (6 of 10)


Switch

Internet

Processor

Destination
Destination Switch
Switch Interface
Interface ASIC
ASIC

Interface

II ASIC

sends
sends grants
grants through
through the
the switch
switch
fabric
fabric
Layer2/Layer3
SONET
Switch

Switch
Interface
ASIC
Originating
Packet
Originating
Switch
Interface
ASIC
Packet
or
Interface
Queuing
s
Processing
GigE
&
sends
a
cell
through
the
switch
ASICswitch Memory
sends
the
ASIC
in
PIC a cell through
Interface
ASIC
fabric
to
the
destination
PFE
fabric to the destination PFE

ASIC

RDRAM
Switch

Queuing
& Memory
Interface
ASIC

Packets
out

Layer2/Layer3
Packet
Processing
ASIC

SONET
or
GigE
PIC

Notification

Interface
ASIC

Egress PFE
Copyright
2003,

Inc.

RDRAM

Switch

Key
Data

Fabric

Internet

Switch

Processor

Interface

II ASIC
Juniper
Networks,

ASIC

T-series Packet Flow (7 of 10)


Switch

Internet

Switch
Processor
Switch Interface
Interface ASIC
ASIC extracts
extracts the
the

route
route lookup
lookup key,
key, places
places itit in
in aa
notification,
notification, and
and forwards
forwards to
to the
the
Internet
Processor
II
Internet
Processor
Layer2/Layer3II
SONET
Switch
Packet
Packet
or

Internet
Processor
II performs
route

Interface
Internet
Processor
Queuing
s
Processing II performs route
GigE
&
Memory
ASIC
ASIC
in lookup
PIC and
notification
to
lookup
and forwards
forwards
notification
to
Interface
ASIC
Queuing
Queuing and
and Memory
Memory Interface
Interface ASIC
ASIC

Interface

II ASIC

ASIC

RDRAM
Switch

Queuing
& Memory
Interface
ASIC

Packets
out

Layer2/Layer3
Packet
Processing
ASIC

SONET
or
GigE
PIC

Notification

Interface
ASIC

Egress PFE
Copyright
2003,

Inc.

RDRAM

Switch

Key
Data

Fabric

Internet

Switch

Processor

Interface

II ASIC
Juniper
Networks, ASIC

T-series Packet Flow (8 of 10)


Switch

Internet

Processor
Queuing
Queuing and
and Memory
Memory Interface
Interface ASIC
ASIC

forwards
forwards notification
notification to
to the
the Switch
Switch
Interface
Interface ASIC
ASIC

Interface
ASIC
read
Switch
Switch
Interface
ASIC issues
issues
read
Layer2/Layer3
SONET
Switch
Packet requests
Packet
or
to
the
Queuing
and
requests
to
the
Queuing
and
Interface
Queuing
s
Processing
GigE
&
Memory
ASIC passes
ASIC ASIC
in Memory
PIC Interface
Memory
Interface
ASIC and
and
passes
Interface
cells
cells to
to L2/L3
L2/L3 Processing
Processing ASIC
ASIC ASIC

Interface

II ASIC

ASIC

RDRAM
Switch

Queuing
& Memory
Interface
ASIC

Packets
out

Layer2/Layer3
Packet
Processing
ASIC

SONET
or
GigE
PIC

Notification

Interface
ASIC

Egress PFE
Copyright
2003,

Inc.

RDRAM

Switch

Key
Data

Fabric

Internet

Switch

Processor

Interface

II ASIC
Juniper
Networks,

ASIC

T-series Packet Flow (9 of 10)


Switch

Internet
Processor

Layer
Layer 2/Layer
2/Layer 33 Packet
Packet Processing
Processing II ASIC

ASIC
ASIC reassembles
reassembles the
the data
data cells
cells into
into
packets
packets
Layer2/Layer3
SONET
Switch

Adds
2
encapsulation

Packet
Adds Layer
Layer
2
encapsulation
Packet
or
Interface
Queuing
s
Processing
GigE

Sends
the
packets
to
the
outgoing
in
&
Memory
Sends PIC
the packets
outgoingInterface
ASIC to the ASIC
ASIC
PIC
PIC interface
interface

Interface
ASIC

RDRAM
Switch

Queuing
& Memory
Interface
ASIC

Packets
out

Layer2/Layer3
Layer2/Layer3
Packet
Packet
Processing
Processing
ASIC
ASIC

SONET
or
GigE
PIC

Notification

Interface
ASIC

Egress PFE
Copyright
2003,

Inc.

RDRAM

Switch

Key
Data

Fabric

Internet

Switch

Processor

Interface

II ASIC
Juniper
Networks,

ASIC

T-series Packet Flow (10 of 10)


Internet

Switch

Processor

Interface

II ASIC

ASIC

Egress
Egress PIC
PIC ASIC
ASIC adds
adds physical
physical

layer
framing
and
layerSONET
framingLayer2/Layer3
and CRC
CRC Switch
Packet
Packet
or bit stream out toInterface

Sends
out to the
the
s Sends
Processing
GigEbit stream
ASIC
ASIC
in network
PIC
network

Queuing
& Memory
Interface
ASIC

RDRAM
Switch

Queuing
& Memory
Interface
ASIC

Packets
out

Layer2/Layer3
Packet
Processing
ASIC

SONET
or
GigE
PIC

Notification

Interface
ASIC

Egress PFE
Copyright
2003,

Inc.

RDRAM

Switch

Key
Data

Fabric

Internet

Switch

Processor

Interface

II ASIC
Juniper
Networks,

ASIC

Exception Packets
Exception packets
Local delivery
IP options

Source route, router alert, etc.

ICMP message generation

Generally processed by Packet Forwarding Engine

control CPU
Remaining traffic (local and control) sent to Routing Engine

via internal link

Rate limiting

Hardware-based WRR ensures control traffic is not starved

Copyright 2003, Juniper Networks,


Inc.

JUNOS Software Overview


Where we are going
Features
Processes
Protocol support

Copyright 2003, Juniper Networks,


Inc.

JUNOS Software Features


A single image runs on all M-series and T-series

platforms with all features


Free BSD-based environment

Fully independent software processes


Routing, interface control, management, chassis
management, SNMP, CLI, APS, VRRP, sampling, CoS, etc.
Protected memory environment

Serious error in one module does not impact other modules or packet
forwarding

Automatic core dumps for serious faults

Purpose built for performance and stability in the

Internet core
Copyright 2003, Juniper Networks,
Inc.

JUNOS Software Processes


JUNOS Internet Software

SNMP

Routing
Engine
Routing
Tables

User
Routing
Protocol
Process

Interface
Process

Forwarding
Table

Forwarding
Table

Command-Line
Interface (CLI)

Chassis
Process

Kernel

Interface
Process

Distributed
ASICs

Chassis
Process

Embedded Microkernel
Packet
Forwarding
Engine

Microkernel

Copyright 2003, Juniper Networks,


Inc.

The Kernel
The kernel
Provides the underlying infrastructure for all the JUNOS
software processes

Provides the link between the routing tables and the RE's forwarding
table

Responsible for all communication with the PFE, including keeping the
PFEs copy of the forwarding table synchronized

Routing
Protocol
Process

Forwarding
Table

Interface
Process

CommandLine
Interface (CLI)

Chassis
Process

Kernel

Copyright 2003, Juniper Networks,


Inc.

Routing Protocol Process


Core functions
Controls routing protocols running on router
Starts all configured protocols
Handles all routing messages
Maintains routing tables
Implements routing policy

Routing
Tables

Routing
Protocol
Process
(rpd)

JUNOS Kernel

Copyright 2003, Juniper Networks,


Inc.

Industrial-Strength Protocols
Unicast routing protocols
Intermediate System-to-Intermediate System (IS-IS)
Open Shortest Path First (OSPF and OSPF3)
Routing Information Protocol (RIP and RIPng)
Border Gateway Protocol (BGP)
Multicast routing protocols
Distance Vector Multicast Routing Protocol (DVMRP)
Protocol Independent Multicast (PIM)
Multicast Source Discovery Protocol (MSDP)
Internet Group Management Protocol (IGMP and MLD)
Session Announcement Protocol and Session Description
Protocol (SAP/SDP)
MPLS application protocols
Multiprotocol Label Switching (MPLS)

Provider-provisioned VPN support (Layer 2 and 3)

Resource Reservation Protocol (RSVP)


Copyright 2003, Juniper Networks,
Label Distribution Protocol (LDP)

Inc.

Review Questions
1. Which Juniper Networks M-series or T-series

2.

3.
4.
5.
6.

routers are aimed at the Internet core? What


about the edge?
What are the primary responsibilities of the
Routing Engine and the Packet Forwarding
Engine?
What is the purpose of and relationship between
FPCs and PICs?
What is the purpose of the Craft Interface?
Describe packet flow through Juniper Networks
M-series and T-series platforms
Which software process maintains the routing
tables and implements routing policy?
Copyright 2003, Juniper Networks,
Inc.

Juniper Networks
Networking Essentials

Module 5: Installation and


Initial Configuration

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After completing this module, you should be able to

describe
Important installation issues
Initial configuration process
Software installation from scratch
Software component upgrades
How to back up existing router software

Copyright 2003, Juniper Networks,


Inc.

Chassis Installation

M40/M160 Craft interface displays


Typical M160 weighs 300 pounds (135 kg)

Typical M40 weighs 220 pounds (100 kg)


Typical M20 weighs 120 pounds (53 kg)
Lifting requires three or more people

Remove heaviest components first


Power supplies

FPCs
Fan Trays

Lift into rack


Do not lift M40 by Routing Engine handles

Replace components

Copyright 2003, Juniper Networks,


Inc.

Power Up and Power Down

Powerup
Perform more checks

Connect all cables

Turn on one power supply

Turn on second power supply

Powerdown
Shutdown Junos Routing software

CLI request system halt command


Turn off Power Supplies

Copyright 2003, Juniper Networks,


Inc.

Visible Activity at Startup

M40/M160 Craft interface displays


Starting Routing Engine

Starting PFE
Starting cards

FPC LED
Blink green while testing

Become solid green when tests pass

Alarm LEDs light as needed

Copyright 2003, Juniper Networks,


Inc.

Initial Configuration

Using serial console


Root password

Machine name
IP address (prefix) and prefix length assigned to
management interface (fxp0)
Default router
DNS server

Copyright 2003, Juniper Networks,


Inc.

Troubleshooting
Craft interface

Red LEDs indicate failure


M40/M160 LCD displays all major and minor alarms
Syslog messages

Contain more detailed information


CLI show log messages command
CLI

Interactive failure analysis using show commands


monitor log files using monitor command

Copyright 2003, Juniper Networks,


Inc.

Boot Devices and Media


Removable media
Used for install and upgrade, normally left empty
M40120-MB high-capacity floppy drive
M20/M160110-MB PCMCIA flash card

Flash drive
Solid-state nonrotating media
Primary source for booting software

Hard drive
Traditional rotating media
Secondary source for booting software

Copyright 2003, Juniper Networks,


Inc.

Software Installation
Arrives preinstalled from factory onto
Flash drive
Hard drive (alternate copy)
Removable LS-120 floppy or PCMCIA flash card (use as a last resort)

Can boot from alternate copy


If flash drive fails, router can still boot from hard drive or removable

media
Upgradable
Upgrade packages available through the Internet or on removable

media

Copyright 2003, Juniper Networks,


Inc.

Boot Sequence
Hardware controlled
Software notifies hardware when boot completes

Removable
media

Success?

Done

Solid-state
flash disk

Success?

Done

Rotating
disk

Success?

Done

Copyright 2003, Juniper Networks,


Inc.

Halt

Initial Configuration
Root password
Root password not set at factory
Must use console to configure root password
Router and domain name
Management interface IP address and prefix length
Default router IP address
DNS server IP address

Copyright 2003, Juniper Networks,


Inc.

Initial Configuration
Enter configuration mode
root@> configure
[edit]
root@#

Set root password


Plain text known
root@# set system root-authentication
plain-text-password

Pre-encrypted password
root@# set system root-authentication
encrypted-password encrypted-password

SSH (secure shell) key


root@# set system root-authentication
ssh-rsa key

Copyright 2003, Juniper Networks,


Inc.

Initial Configuration
Set router name
[edit]
root@# set system host-name lab2

Set router domain name


[edit]
root@# set system domain-name juniper.net

Commit changes so far


[edit]
root@# commit
commit complete
[edit]
root@lab2#

Copyright 2003, Juniper Networks,


Inc.

Initial Configuration
Set management Ethernet IP address and prefix
[edit]
root@lab2# set interfaces fxp0 unit 0 family inet address ipaddress/prefix-length

Set default route


[edit]
root@lab2# set system backup-router gateway-address
root@lab2# set routing-options static route default nexthop gatewayaddress retain no-readvertise

Set name server address


[edit]
root@lab2# set system name-server ns-address

Copyright 2003, Juniper Networks,


Inc.

Full Installation
Reinstall JUNOS software if storage media fails or is

corrupted
Future major software revisions may require full
installation
Three steps
Prepare to reinstall JUNOS software
Reinstall JUNOS software
Configure JUNOS software

Copyright 2003, Juniper Networks,


Inc.

Full Installation: Preparation


Record basic information

Router name
Management interface IP address and prefix length
Default router IP address
Domain name and DNS server IP address

Copy existing configuration file to a safe place on the network

Located in /config/juniper.conf
Full installation erases both flash and rotating drives

Locate your Juniper installation media

LS-120 floppy or PCMCIA card contains entire JUNOS distribution

Copyright 2003, Juniper Networks,


Inc.

Full Installation: Reinstallation


Insert installation media into Routing Engine

M40LS-120 floppy
All othersPCMCIA flash card

Reboot router

Use the CLI from the serial console


root@lab2> request system halt

Power-cycle router

Follow prompts

Enter configuration information saved during installation preparation

System reboots automatically after installation completes

Copyright 2003, Juniper Networks,


Inc.

Software Configuration
Log in as root
no-name (ttyd0)
login: root
Last login: date on ttyd0
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
---JUNOS 4.1R1 built 2000-07-24 09:29:44 UTC
#

Start CLI
# cli
root@no-name>

Copyright 2003, Juniper Networks,


Inc.

Software Configuration
Enter configuration mode
root@no-name> configure
[edit]
root@no-name#

Set root password


Plain-text
root@no-name# set system root-authentication
plain-text-password text-password

Pre-encrypted password
root@no-name# set system root-authentication
encrypted-password encrypted-password

SSH key
root@no-name# set system root-authentication
ssh-rsa key

Copyright 2003, Juniper Networks,


Inc.

Software Update Packages


JUNOS software updates are contained in four

packages
jkernelOperating system
jrouteRouting Engine software
jpfePacket Forwarding Engine software
jdocsOn-line documentation
jbundleAll four upgrade packages combined
jinstall-Upgrade to/from 5.0

Packages can be upgraded individually


CLI

show system software command displays

installed packages

Copyright 2003, Juniper Networks,


Inc.

Jinstall vs. Jbundle


When to use jinstall
Upgrade 4.x to 5.y
Downgrade 5.y to 4.x
When to use jbundle
4.x to 4.y transition
5.x to 5.y transition

Copyright 2003, Juniper Networks,


Inc.

Package Naming Convention


Software packages have standard names
package-m.nZnumber.tgz
m.n is the major version number
Z is a single uppercase letter
AAlpha
BBeta
RRelease
IInternal

number is the release number, which might include the build

number for that release

For example
jbundle-4.1R1.2.tgz

Copyright 2003, Juniper Networks,


Inc.

Back Up Existing Software


System software and configuration can be backed up

to rotating disk
Best used
Before major upgrade to ensure system recovery if necessary
When system is judged to be stable

CLI request system snapshot command

Copyright 2003, Juniper Networks,


Inc.

Upgrade Software Jbundle


Download current package from software download page at

www.juniper.net
Add new package
root@lab2> request system software add new-package-name
Checking available free disk space...11200k available,
6076k suggested.

Reboot router
root@lab2> request system reboot

Copyright 2003, Juniper Networks,


Inc.

Upgrade Software jinstall


Prep the machine:
cli> file copy jinstall-url /var/tmp/jinstall-pkg
Copy customer configs and other files/executables
Do not worry about JUNOS configs, uncommitted config, log

files, SSH keys

Copyright 2003, Juniper Networks,


Inc.

How to use jinstall


Add jinstall
cli> request system software add /var/tmp/ jinstall-pkg
Installing package '/var/tmp/jinstall-package name'...
WARNING: This package will load JUNOS software release-number.
WARNING: It will save JUNOS configuration files, log files, and SSH keys
WARNING: (if configured), but erase all other files and information
WARNING: stored on this machine. This is the pre-installation stage
WARNING: and all the software is loaded when you reboot the system.
WARNING: If you do not wish to proceed, you will be able to abort the
WARNING: installation.
Saving the config files ...
Installing the bootstrap installer ...

Copyright 2003, Juniper Networks,


Inc.

How to use jinstall


Type yes to reboot:
WARNING: A reboot is required to load this software correctly. If you
WARNING: wish to abort the installation, enter 'no' below.
Reboot the system (yes/no) [no] ? yes
Shutting down in 10 seconds ...
Saving package file in /var/sw/pkg/jinstall-packagename ...
Saving state for rollback ...
*** FINAL System shutdown message from user@host ***
System going down IMMEDIATELY
Shutdown NOW!

Go for a coffee. Router will be up in 5-7 min.

Copyright 2003, Juniper Networks,


Inc.

Cautions
5.0 will reformat the disk. Customer configs and other

files/executables will be lost.


Connect to the router via the management ethernet
If the juniper.conf has statements not supported in the

new release, then mgd may fail during commit

Copyright 2003, Juniper Networks,


Inc.

Jinstall internal mechanics


Preinstall phase does various checks. Stores preinstall

information in /var/tmp/preinstall
Reboot to come up on the installer:
Perform more checks
Reformat the disk
Lay a base OS (files that are needed but not in jbundle)
Lay the jbundle

Second reboot to come up on the new JUNOS

Copyright 2003, Juniper Networks,


Inc.

End of Life Procedures


Hardware EOL

Notifcation 180 day in Advance


During notification period can continue to purchase
Repaired or Replaced upto 3 years after EOL date

Software EOL

Software Support covers most recent release and two


previous (e.g. 4.3, 4.2, 4.1)

New Releases schedule for FRS every 3 months

Major Release 6 month notice of EOL

Copyright 2003, Juniper Networks,


Inc.

Review Questions
1. What JUNOS boot Sequence?
2. What are the JUNOS software update Packages?
3. Describe the Package naming convention.
4. Explain the difference between Jbundle and Jinstall.

Copyright 2003, Juniper Networks,


Inc.

Juniper Networks
Networking Essentials

Module 6: JUNOS Configuration Basics

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After successfully completing this module, you should

be able to:
Explain how to gain access to a Juniper router
Describe the difference between the CLI command mode and

configuration mode
Describe how to navigate and modify the Candidate
configuration
Describe how to change the Active configuration
Explain the method used to describe a customer interface
Describe how to configure the physical and logical properties
of an interface on a Juniper router

Copyright 2003, Juniper Networks,


Inc.

Access to Router
Console
Management port, using Telnet, ssh, RADIUS

OFFLINE ONLINE MASTER

NC
C
NO

FAIL

OK

FAIL

OK

FAIL

OK

FAIL

OK

FPC0

RE0
ACO/LT

AUX/MODEM

MGMT

FPC1

CONSOLE

NC
C
NO

FPC2
RE1
OFFLINE ONLINE MASTER

Copyright 2003, Juniper Networks,


Inc.

FPC3

User Authentication
Name and password
Individual accounts
Per-user command "class" permissions
lab2 (ttyd0)

login: nigel
Password:

Copyright 2003, Juniper Networks,


Inc.

Features
Line editing
Command history
Command completion
Context-sensitive help

Copyright 2003, Juniper Networks,


Inc.

CLI Modes
nigel@lab2>
Operational mode
Monitor and troubleshoot the software, the network
connectivity, and the router
nigel@lab2#
Configuration mode
Configure the router, including interfaces, general routing

information, routing protocols, user access, and system


hardware properties

Copyright 2003, Juniper Networks,


Inc.

CLI Commands
Command hierarchy

clear

bgp

brief

configure

chassis

exact

monitor

interfaces

protocol

set

isis

table

show

ospf

terse

route
version

Copyright 2003, Juniper Networks,


Inc.

Logging In
lab2 (ttyd0)

login: nigel
Password:
Last login: Fri Feb 18 19:23:16 on ttyd0
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California.
---JUNOS 4.1R1 built 2000-07-24 09:29:44 UTC

nigel@lab2>

Copyright 2003, Juniper Networks,


Inc.

Help
Type ? anywhere on command line

lab@omaha> ?
Possible completions:
clear

Clear information in the system

configure

Manipulate software configuration information

file

Perform file operations

help

Provide help information

lab@omaha> show ?
Possible completions:
aps

Show APS information

arp

Show system ARP table entries

as-path

Show table of known AS paths

Copyright 2003, Juniper Networks,


Inc.

Editing Command Lines


lab@omaha> show interfaces
Ctrl-b
lab@omaha> show interfaces
Ctrl-a
lab@omaha> show interfaces
Ctrl-f
lab@omaha> show interfaces
Ctrl-e
lab@omaha> show interfaces

Copyright 2003, Juniper Networks,


Inc.

Command Completion
<space> completes a command
root@lab2> sh<space>ow i<space>
'i' is ambiguous.
Possible completions:
igmp

Show information about IGMP

interfaces

Show interface information

isis

Show information about IS-IS

root@lab2> show i

Copyright 2003, Juniper Networks,


Inc.

Software Configuration Overview


Create a hierarchy of configuration statements
Enter commands in CLI configuration mode
root@lab2# set chassis alarm sonet lol red
ASCII text file and display
chassis {
alarm {
sonet {
lol red;
}
}
}

Copyright 2003, Juniper Networks,


Inc.

Activating a Configuration
commit

Candidate
Configuration

Active
Configuration

0
rollback n

Rollback files stored in


/config/juniper.conf.n (n=1-3)
/var/db/config/juniper.conf.n (n=4-9)

Copyright 2003, Juniper Networks,


Inc.

...

Statement Hierarchy

top

Less Specific
chassis

firewall

alarm

atm

interfaces

clock

e3

ethernet

protocols

system

more

fpc

sonet

t3

More Specific

Copyright 2003, Juniper Networks,


Inc.

Entering Configuration Mode


Type

configure or edit at the CLI

operational mode prompt

root@lab2> configure
Entering configuration mode
[edit]
root@lab2#

Copyright 2003, Juniper Networks,


Inc.

Moving Between Levels


Moving between levels of the statement hierarchy
[edit]
user@host# edit chassis alarm ethernet
[edit chassis alarm ethernet]
top

chassis

firewall

alarm

atm

interfaces

clock

e3

ethernet

protocols

system

fpc

sonet

t3

Copyright 2003, Juniper Networks,


Inc.

more

Moving Between Levels


user@host# up
[edit chassis alarm]
user@host# top
[edit]
top
top
chassis

firewall

alarm

interfaces

clock

protocols

system

fpc

up
atm

e3

ethernet

sonet

t3

Copyright 2003, Juniper Networks,


Inc.

more

Displaying Current Configuration


[edit]
user@host# show chassis alarm
sonet {
lol red;
pll yellow;
}
[edit]
user@host# edit chassis alarm
[edit chassis alarm]
user@host# show
sonet {
lol red;
pll yellow;
}
[edit chassis alarm]

Copyright 2003, Juniper Networks,


Inc.

Exiting Configuration Mode


exit from top level
exit configuration-mode from any level

Operational
mode

exit configuration-mode

exit

top
edit/configure

[edit]

edit chassis

[edit chassis]

edit alarm

exit/up

[edit chassis
alarm]

Copyright 2003, Juniper Networks,


Inc.

Standard Interfaces
Interface contained on

PIC
PIC plugs into FPC

Physical
Interface
Card

FPC has room for four

PICs

PIC

FPC plugs into chassis

PIC
FPC

Copyright 2003, Juniper Networks,


Inc.

PIC

Standard Interfaces
System uses consistent names for all customer

interfaces
Based on
Interface port type
FPC slot number
PIC slot number within FPC
Port number within PIC

Copyright 2003, Juniper Networks,


Inc.

Interface Port Type


at ATM over SONET/SDH ports
e1 E1 ports
e3 E3 ports
fe Fast Ethernet ports
so SONET/SDH ports
t1 T1 ports
t3 DS-3 ports
ge Gigabit Ethernet ports
ae- Bundled Ethernet ports

Copyright 2003, Juniper Networks,


Inc.

FPC Slot Numbers

M40

M2
0

0 1 2 3

4 5 6 7

0
1
2

M16
0

M1
0

0 1 2 3 4 5 6 7

0
1

Copyright 2003, Juniper Networks,


Inc.

PIC Slot Numbers


0

M40 and M160


Top to bottom

1
2
3

All others
Right to left
3

Copyright 2003, Juniper Networks,


Inc.

Port Numbers

M40 and M160

Top to bottom
Right to left

All others

Right to left
Bottom to top

Copyright 2003, Juniper Networks,


Inc.

Interface Names
Physical interfaces have

standard names
Type
FPC slot
PIC slot
Port number

so-5/2/3

Copyright 2003, Juniper Networks,


Inc.

Typical FPC and PIC Placement


Typical FPC and PIC Numbering
(T640)

Transient interfaces identified

according to FPC/PIC/port
convention
FPC and PIC numbering
varies by platform

M40/M160 platforms support

eight FPCs, numbered from left


to right

FPCs 07
(Left to right)

PICs numbered from top to


bottom (03)

M20 platform supports four

FPCs numbered from top to


bottom

PICs 03
(Top to bottom)

PICs numbered from right to left


(03)

FPC slot and PIC port

numbers are labeled!

Copyright 2003, Juniper Networks,


Inc.

Interface Names
Logical interfaces are used to set up Frame

Relay DLCIs or ATM virtual circuits

so-5/2/3.43

Interface number is separate in meaning from

the actual DLCI or ATM VC and can be any


arbitrary value
Suggested convention is to keep them the
same whenever possible

Copyright 2003, Juniper Networks,


Inc.

Permanent Interfaces
Router has two permanent interfaces
Out-of-band management interface is called

fxp0

Internal Routing Engine to PFE connection is called

Copyright 2003, Juniper Networks,


Inc.

fxp1

Configure Interfaces

Copyright 2003, Juniper Networks,


Inc.

Configure Interfaces
Two steps
Configure physical properties
Configure logical properties

Copyright 2003, Juniper Networks,


Inc.

Configure Interfaces
Physical properties
Clocking
Scrambling
Frame check sequence (FCS)
Maximum transmission unit (MTU)
Keepalives
Other link characteristics

Logical properties
Protocol family (Internet, ISO, MPLS)
Addresses (IP address, ISO NET address)
Virtual circuits (VCI/VPI, DLCI)
Other characteristics

Copyright 2003, Juniper Networks,


Inc.

Configure Interfaces
Standard configuration statement hierarchy
interfaces {
interface-name {
physical-properties;
[]
unit unit-number {
logical-properties;
[]
}
}
}

Copyright 2003, Juniper Networks,


Inc.

Configure Physical Properties


Configure physical properties of the interface using the

set command:
set interface so-1/0/3 no-keepalives

Or park yourself in the interfaces section of the

hierarchy and set many options


lab@omaha> configure
[edit]
lab@omaha# edit interfaces so-1/0/3
[edit interfaces so-1/0/3]
lab@omaha# set no-keepalives
lab@omaha# set sonet-options fcs 32
lab@omaha# commit

Copyright 2003, Juniper Networks,


Inc.

Default Settings
Default settings for an interface are usually enough to

get you talking


Most interfaces do not need complex setup

Copyright 2003, Juniper Networks,


Inc.

Logical Interface Settings


Each physical interface has one or more logical interfaces
Logical interface separates configuration information for each

ATM virtual circuit, Frame Relay DLCI, or VLAN


Some physical interface encapsulations allow only one possible
logical interface
PPP
HDLC

Copyright 2003, Juniper Networks,


Inc.

Logical Interface Settings


Logical settings
Protocol family (Internet, ISO, MPLS)
Protocol MTU
IP address
Other protocol options

Virtual circuit identifiers (VPI.VCI, DLCI)


Other according to-circuit characteristics

Copyright 2003, Juniper Networks,


Inc.

Unit Numbers
Each logical interface has a unit number
Number can be arbitrary
Typically, the unit number is the same as the VC or DLCI number
Some physical interfaces have only one possible logical interface,

and one unit number only, which must be configured as unit zero

Copyright 2003, Juniper Networks,


Inc.

Configure Logical Interfaces


Use the set command to configure a logical interface,

using the unit number


For example

set interface so-1/0/3 unit 40 dlci 40

Or park yourself at the unit level


lab@omaha> configure
[edit]
lab@omaha# edit interfaces so-1/0/3 unit 40
[edit interfaces so-1/0/3 unit 40]
lab@omaha# set dlci 40
lab@omaha# set family inet address 10.0.20.1/24
lab@omaha# commit

Copyright 2003, Juniper Networks,


Inc.

Configure Protocol Families


Each major protocol is called a family
Internet protocol has TCP, UDP, and ICMP as family

members
Most common protocol families are
Internet (inet)
International Standards Organization (iso)
Traffic engineering (mpls)
Multiple families can live on one logical interface

Copyright 2003, Juniper Networks,


Inc.

Configure Protocol Families


Internet protocol family (inet)
Allows you to set
IP address: address A.B.C.D/prefix_length
Remote address on point-to-point links: destination A.B.C.D
Broadcast address: broadcast A.B.C.D
MTU size: mtu bytes
ICMP redirect control: no-redirects

Copyright 2003, Juniper Networks,


Inc.

Configure Protocol Families


Minimal sample configuration
lab@omaha> configure
[edit]
lab@omaha# edit interfaces so-1/0/3
[edit interfaces so-1/0/3]
lab@omaha# set unit 0 family inet address 10.0.20.1/24
lab@omaha# commit

Displayed as
interfaces {
so-1/0/3 {
unit 0 {
family inet {
address 10.0.20.1/24;
}
}
}
}

Copyright 2003, Juniper Networks,


Inc.

Review Questions
1.
2.
3.
4.
5.
6.

What are the two types of CLI modes?


What are the interface types and names?
What are the two permanent interfaces?
What are the two basic interface characteristics?
What are some examples of physical interface settings?
What are some examples of logical interface settings?

Copyright 2003, Juniper Networks,


Inc.

Lab 2: CLI Configuration

Lab objective:
Introduction to Juniper CLI

Copyright 2003, Juniper Networks,


Inc.

Juniper Networks
Networking Essentials

Module 7: Routing Protocol Basics

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After successfully completing this module, you should

be able to:
Explain the difference between static routing and dynamic

routing, and explain when to use each type of routing


Describe the characteristics and operation of distance vector
and link-state routing protocols
Explain how network convergence occurs and provide real-life
examples
Explain how routes are selected on a routed network and
routing metrics
Explain the role of interior gateway protocols and exterior
gateway protocols, including Border Gateway Protocol (BGP)
Explain how JUNOS software implements routing tables and
routing policy

Copyright 2003, Juniper Networks,


Inc.

Types of Routes
Static
All packets forwarded to predetermined destinations defined

by an administrator

Dynamic
Packets are forwarded to dynamically calculated routes

determined by a routing protocol

Copyright 2003, Juniper Networks,


Inc.

Static Routing
Benefits
Good for small networks
Can help create a secure network
Efficiently uses router resources

Drawbacks
Does not handle network failures well
Does not scale well

Copyright 2003, Juniper Networks,


Inc.

Static Routing Example


Destination

Next Hop

10

Direct

172.16

Router B

192.168.5

Router C

192.168.6

Router C

Network
10

Router A
Destination

Next Hop

10

Router A

172.16

Direct

192.168.5

Router C

192.168.6

Router C

Destination

Next Hop

10

Router A

172.16

Router B

192.168.5

Direct

192.168.6

Router D

Router C

Router B

Network
192.168.5
Network
172.16

Router D

Destination

Next Hop

192.168.6

Direct

Default Router C

Copyright 2003, Juniper Networks,


Network 192.168.6
Inc.

Static Routing with Link Failure


Destination

Next Hop

10

Direct

172.16

Router B

192.168.5

Router C

192.168.6

Router C

Network
10

Router A
Destination

Next Hop

10

Router A

172.16

Direct

192.168.5

Router C

192.168.6

Router C

Destination

Next Hop

10

Unreachable

172.16

Router B

192.168.5

Direct

192.168.6

Router D

Router C

Router B

Network
192.168.5
Network
172.16

Router D

Destination

Next Hop

192.168.6

Direct

Default Router C
Network 192.168.6
Copyright 2003, Juniper Networks,
Inc.

Floating Static Routes


Static routes CAN

handle link failures!


A floating static route is
a backup static route
that is less preferred
than more direct routes
(static or dynamic)
Floating static route is
used only when the
preferred route is
unavailable
Use with caution!

Router A

Router B

Destination

Next Hop

Destination

Next Hop

Network X

Router C

Network X

Router C

Network X

Router B

Network X

Router A

Router C

Network X

Copyright 2003, Juniper Networks,


Inc.

Dynamic Routing
Communicate
what?

Distance-Vector

Link-State

Between
whom?

Routing tables

Neighbors

Interface status

All routers

Copyright 2003, Juniper Networks,


Inc.

Routing Protocol Convergence


Convergence: when all routers in a given routing domain achieve

a consistent view of that routing domain


Routing protocols must achieve convergence in order to route
packets consistently from one location to another

Copyright 2003, Juniper Networks,


Inc.

Interior and Exterior Gateway Protocols


Interior Gateway Protocols (IGPs)
Routing protocols that run within an autonomous system (AS)
to exchange network reachability information
Exterior Gateway Protocols (EGPs)
Routing protocols that exchange routing information between

autonomous systems

AS 1
IGP

AS 2
EGP

IGP

IGPs
RIP
OSPF
IS-IS

Border
Gateway
Protocol

Copyright 2003, Juniper Networks,


Inc.

Distance Vector Protocols


Distance vector neighbors exchange vectors
Metric is typically hop count
Vectors reflect both distance and direction
Vectors are stored in the routing table
Entire table or a portion of table is sent
The longest network path is limited
Each router sends a routing table update periodically

Copyright 2003, Juniper Networks,


Inc.

When to Use Distance Vector Routing


Use in very small networks that have few, if any,

redundant paths and no stringent network performance


requirements
Epitome of the distance-vector routing protocol is
Routing Information Protocol (RIP)
Distance vector drawbacks:
Long convergence time
Simplistic metrics

Copyright 2003, Juniper Networks,


Inc.

Distance Vector Stability Issues


Counting to infinity
Routing loops

Network A

Network A = 1 hop
Network A = 2 hops
3

R3

4
5
6

R1

R2

Copyright 2003, Juniper Networks,


Inc.

Link-State Routing Protocols


Link-state routing protocols build and maintain a

database of link state information


Hello messages are used to discover neighbors
Costs are associated with links
Updates are sent to communicate link state changes
Information is flooded to all neighbors who create a
link state database

Copyright 2003, Juniper Networks,


Inc.

The Link-State Database (LSDB)


The LSDB is like a puzzle that, when complete, is an

accurate picture of the network


LSDB entries are like puzzle pieces that can describe:

Routers and their attached links


Links and their attached routers
Routing information from outside the network
Link metrics, often represented as Cost

Each router maintains its own copy of the LSDB


Each router stores a copy of every LSDB entry in the

network
Different protocols use different names for LSDB
entries
More on that later

Copyright 2003, Juniper Networks,


Inc.

When to Use Link-State Routing


Use link-state routing with:
Any size, well-designed network
Any network that requires network scalability
Larger, more complicated networks
Faster convergence required
Drawbacks
Can flood the network's transmission facilities, thereby

significantly decreasing the network's capability to


transport data
Memory and processor intensive

Copyright 2003, Juniper Networks,


Inc.

Martian Addresses
Host or network addresses about which all routing

information is ignored
Commonly sent by improperly configured systems on
the network and have destination addresses that are
obviously invalid
In IPv4, these are the default martian addresses:
0.0.0.0/8
127.0.0.0/8
128.0.0.0/16
191.255.0.0/16
192.0.0.0/24
223.255.255.0/24
240.0.0.0/4

Copyright 2003, Juniper Networks,


Inc.

Route Flapping
What is route flapping?
Instability in the reachability of a prefix
Occurs during a topology change
In an unstable network, routers might be unable to decide on
a route to a destination
Dealing with route flapping
Different protocols have different solutions

Copyright 2003, Juniper Networks,


Inc.

JUNOS Routing Policy


Controls routing information transferred between

routing table and each routing protocol


Incoming routing information can be ignored or changed
Outgoing routing information can be suppressed or changed

Some match conditions are protocol-specific

Copyright 2003, Juniper Networks,


Inc.

When to Apply Policy


You do not want to import all learned routes into the

routing table
You do not want to advertise all learned routes to
neighboring routers
You want one protocol to receive routes from another
protocol
You want to modify information associated with a route

Copyright 2003, Juniper Networks,


Inc.

Import and Export


Policy filtering is done with respect to the JUNOS

routing table
Export policy is applied to active paths in the routing
table
Neighbors

Neighbors

Import
Routes

Routing
table

Export

Protocol

Routes
Protocol

PFE
Forwarding
table

Copyright 2003, Juniper Networks,


Inc.

Routing Policy
Allows you to filter and control routing information

entering and leaving the router


Separate policy for each routing protocol

Neighbors

Neighbors
Import policy #1

Routes
Import policy #2

Routing
table

Export policy #1
Routes
Export policy #2

Protocol

Protocol
PFE
Forwarding
table

Copyright 2003, Juniper Networks,


Inc.

Routing Policy
Policies can be chained together to increase their

effectiveness

Accept
Route

Policy

Policy
Reject

Accept
...
Reject

Accept
Last
policy

Accept

Default
policy
Reject

Copyright 2003, Juniper Networks,


Inc.

Reject

Routing Policy
Policies contain collections of terms
Terms contain a condition and an action to apply to

each route
Accept
Route

Term

Term
Reject

Accept
...
Reject

Accept
Last
term

Next
policy
Reject

Copyright 2003, Juniper Networks,


Inc.

Default Routing Policy Actions


Different default policies for each protocol being

imported or exported describe default protocol


behavior
Reaching the end of a policy, or chain of policies,
invokes default policy for that protocol

Copyright 2003, Juniper Networks,


Inc.

How Routing Policies Are Evaluated

Accept

Accept

Continue
evaluating

Route

Policy

Policy
Reject

Continue
evaluating
until

Reject

Accept
Last
Configured
policy

Accept

Default
policy
action
Reject

Copyright 2003, Juniper Networks,


Inc.

Reject

Routing Policy Example


Route

Policy 1

Policy 2

Term

Additional
Policies

Term
Accept
or reject

Term

Accept
or reject

Term

Accept
or reject

Default
action

Term
Accept
or reject

Term

Accept
or reject

Term
Accept
or reject

Accept
or reject

Copyright 2003, Juniper Networks,


Inc.

Routing Policy Example


Route

Policy term

Source
Conditions

Destination
Conditions
Match

Does not
match all
conditions

Default
action

Actions

Copyright 2003, Juniper Networks,


Inc.

JUNOS Routing Databases


Routing Engine
Routing
Protocol Process
JUNOS kernel

Routing table

Master forwarding table

Packet Forwarding Engine

Forwarding table

Network interfaces

Copyright 2003, Juniper Networks,


Inc.

Review Questions
1. When would you implement static routing? Dynamic
2.
3.
4.
5.

routing?
What are the primary differences between distancevector protocols and link-state protocols?
How does a distance-vector protocol handle router
updates?
What happens when the network converges?
(Describe the process.)
Describe the JUNOS routing policy and its
implementation.

Copyright 2003, Juniper Networks,


Inc.

Lab 3: Static Routing

Copyright 2003, Juniper Networks,


Inc.

Juniper Networks
Networking Essentials

Module 8: Interior Gateway Protocols

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After successfully completing this module, you should be able to:
Describe RIP architectural features, standards, limitations, and

packet format
Explain JUNOS support for RIP
Configure a Juniper Networks router with a minimum RIP
configuration
Describe OSPF standards, terminology, routing algorithms, packet
format, external metrics, designated routers, and traffic engineering
extensions
Explain JUNOS software support for OSPF
Configure a Juniper Networks router with a minimum OSPF
configuration
Describe IS-IS standards, terminology, network addressing, packet
format, and traffic engineering extensions
Explain JUNOS software support for IS-IS
Configure a Juniper Networks router with a minimum ISIS
configuration

Copyright 2003, Juniper Networks,


Inc.

IGPs vs EGPs
IGP Internal Gateway Protocol
Used to optimize the route a packet takes between points
within an Autonomous System(AS network infrastructure
under a unique set of administrative and technical policies)
EGP External Gateway Protocol
Used to provide for the exchange of routing information
between Autonomous Systems
Typically designed for doing policy routing, providing control
over routes leaving and entering an AS

Copyright 2003, Juniper Networks,


Inc.

What Is OSPF?
An interior gateway protocol (IGP) based on the

shortest path first (SPF) algorithm, also known as the


Dijkstra algorithm
Created to fill the need for a high-functionality,
standards-based IGP for the TCP/IP protocol family
Main RFCs:
1587 OSPF NSSA Option
2328 OSPF Version 2 (current implementation)

Copyright 2003, Juniper Networks,


Inc.

What Is a Link-State Protocol ?


Link = router interface
State = description of interface and its relationship to

neighboring routers
OSPF routers send link-state advertisements (LSAs) to
all other routers within the same hierarchical area
Routers store information in a link-state, or topological,
database
Each OSPF router uses the SPF algorithm to calculate
the shortest path to each node

Copyright 2003, Juniper Networks,


Inc.

What Is SPF?
Places each router at the root of a tree and calculates

the shortest path to each destination based on the


cumulative cost to reach that destination
Each router has its own view of the topology, even
though all the routers build a shortest-path tree using
the same link-state database

Copyright 2003, Juniper Networks,


Inc.

OSPF Routing Hierarchy


Largest entity is the autonomous system (AS)
An AS can be divided into areas, groups of contiguous

networks, and hosts


Routers within a single area have identical link-state

databases
Area Border Routers (ABRs): routers with interfaces in
multiple areas
AS Boundary Routers (ASBRs): routers that act as gateways
to other protocols or another AS

Copyright 2003, Juniper Networks,


Inc.

OSPF Backbone
OSPF backbone (Area 0) distributes routing

information between areas


Contains all area border routers and backbone routers
All traffic between areas goes through the backbone

Backbone is itself an OSPF area


If backbone is configured as not contiguous, must

configure virtual links


Between any backbone routers that share a link to a

nonbackbone area, or the transit area


Function as direct links

Copyright 2003, Juniper Networks,


Inc.

OSPF Area Relationships


Intra-area routes
Area 1

Inter-area routes
(Summary routes)
Area 3

Area 2
Backbone
(0.0.0.0)

RIP
External routes

BGP

Copyright 2003, Juniper Networks,


Inc.

OSPF Stub Areas


Stub areas
Do not carry external routes
Virtual links cannot be configured across
Cannot contain ASBR
Totally stubby areas
Stub area that only receives the default route from the
backbone
Not-so-stubby areas
Allows limited importing of external routes
Transit areas
Used to pass traffic from one adjacent area to the backbone,
or to another area if the backbone is more than two hops away
from an area

Copyright 2003, Juniper Networks,


Inc.

OSPF Area Types


Intra-area routes
Stub
area

Inter-area routes
(summary routes)

Default route

Not-so-stubby
area
Backbone
(0.0.0.0)

Totally stubby
area

RIP
External routes

BGP

Copyright 2003, Juniper Networks,


Inc.

OSPF Neighbors
Routers that share a common segment within a single

area are neighbors


Neighbors become adjacent to exchange LSAs
The goal: to achieve identical link-state databases

Copyright 2003, Juniper Networks,


Inc.

Neighbors Exchange Link-State Info


Neighbors exchange link-state update packets

containing LSAs at initialization and when routing


information changes
Link-states exchanged by flooding: Each router that
receives a link-state update stores a copy in its linkstate database and then propagates the update to other
routers
Once the database is complete, the router calculates an
SPF Tree to all destinations using the Dijkstra
algorithm
OSPF activity determined by the amount of change
the less change, the less activity
Copyright 2003, Juniper Networks,
Inc.

OSPF Packet Types


Hello: Establishes and maintains neighbor relationships
Database Description: Describes the contents of the link-state

database by sending LSA headers. Exchanged when an adjacency


is initialized.
Link-State Request: Requests specific LSAs from neighbor
routers. Exchanged after a router discovers that parts of its
database are missing or out of date.
Link-State Update: Responds to a link-state request packet. Also
used for the regular dispersal of LSAs to reflect topology changes.
Several LSAs can be included within a single link-state update
packet.
Link-State Acknowledgment: Acknowledges receipt of link-state
update packets. Implements guaranteed flooding.

Copyright 2003, Juniper Networks,


Inc.

OSPF Routing
Link-state advertisements
Summary Links
Types 3 and 4

Router Links
Type 1

ABR

Describe the state and cost of the routers


links (interfaces) to the area (Intra-area).

Network Links
Type 2

DR

Originated by ABRs only.


Describe networks in the AS but outside of area
(Inter-area).
Also describe the location of the ASBR.

External Links
Type 5

ASBR

NSSA External Links


Type 7

NSSA
ASBR

Originated for multi-access segments with


more than one attached router. Describe
all routers attached to the specific
segment. Originated by a Designated
Router (discussed later on).

Originated by an ASBR.
Describe destinations external
to the autonomous system or a
default route to the outside AS.

Used by not-so-stubby areas to


import external routes into a stub
area.

Copyright 2003, Juniper Networks,


Inc.

Link-State Advertisements
Field length,
in bytes

Version
Type
number

# of LSAs

Packet
length

Router ID

LSA
Header

Area ID

LSA Data

Variable

Checksum

Authentication
type

Authentication

Data

LSA
Header

LSA Data

Copyright 2003, Juniper Networks,


Inc.

Designated Router
One designated router (DR) and one backup designated

router (BDR) per multi-access segment


Minimizes amount of information exchange on the
segment

Designated
Router

Backup
Designated
Router

Copyright 2003, Juniper Networks,


Inc.

External Routes
ASBRs discover external routes
Static routes
Exterior gateway protocol, such as BGP, for example
External Type 1
Cost = external cost + internal cost
Preferred over Type 2
External Type 2
Cost = external cost

Copyright 2003, Juniper Networks,


Inc.

When to Use OSPF


Faster convergence than distance vector
Supports much larger networks
Less susceptible to bad routing information

Copyright 2003, Juniper Networks,


Inc.

OSPF Design Tips


Number of routers per area
Depends on many factors
Number of neighbors
Fewer neighbors = better performance
Link State Database grows proportionately to the number of
links in an area
Number of areas per ABR
Fewer areas = better performance

Full mesh vs. partial mesh


Partial works better

Copyright 2003, Juniper Networks,


Inc.

JUNOS OSPF Support


OSPF Version 2, including:
Virtual links
Stub areas
Authentication

Copyright 2003, Juniper Networks,


Inc.

Configuring OSPF
Minimal configuration example
protocols {
ospf {
area 0.0.0.0 {
interface interface-name;
interface interface-name;
}
}

Copyright 2003, Juniper Networks,


Inc.

Useful Commands
show ospf neighbor displays state of neighbors/adjacencies
Address
Intf
State
ID
Pri Dead
172.16.30.254
fe-0/0/0.0
Full
10.250.240.8
128
30
area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253
Up 00:10:50, adjacent 00:10:50
172.16.30.253
fe-0/0/0.0
Full
10.250.240.35
area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253
Up 00:10:50, adjacent 00:10:52

128

30

172.16.30.252
fe-0/0/0.0
2Way
10.250.240.32
area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253
Up 00:08:10

64

38

show ospf interface displays state of interfaces


Interface
fe-0/0/0.0
fe-0/0/1.0

State
DR
DR

Area
0.0.0.0
0.0.0.0

DR ID
192.168.12.1
192.168.12.1

BDR ID
192.168.8.1
0.0.0.0

Copyright 2003, Juniper Networks,


Inc.

Nbrs
1
0

Useful Commands (contd)


show ospf database displays all learned OSPF LSAs
OSPF link state database, area 0.0.0.0
Type
ID
Adv Rtr
Router *10.250.240.8
10.250.240.8
Router
10.250.240.17
10.250.240.17
Router
10.250.240.32
10.250.240.32
Router
10.250.240.35
10.250.240.35
Network 192.168.254.230 10.250.240.8
Summary 10.1.2.0
10.250.240.17
Summary 10.1.3.34
10.250.240.8
OSPF link state database, area 1.0.0.0
Type
ID
Adv Rtr
Router
10.250.240.9
10.250.240.9
[additional information]

Seq
0x800001fc
0x80000217
0x80000232
0x80000291
0x800001cc
0x80000216
0x8000013a

Age
2388
1835
1876
1100
117
1535
2217

Cksum Len
0x3684 36
0x444c 36
0x0158 36
0x4aa5 36
0xab67 40
0x1729 28
0x842f 28

Seq
0x80000267

Age
116

Cksum Len
0x1bb3 36

Copyright 2003, Juniper Networks,


Inc.

Lab 5: OSPF Configuration Lab


Lab objective:
Configure a Juniper Networks router with a minimal
OSPF configuration

Copyright 2003, Juniper Networks,


Inc.

Review Questions
1. What type of routing protocol is RIP?
2. What algorithm is used by RIP to determine the best
3.
4.
5.
6.
7.
8.
9.

path to forward data?


What type of metric does RIP use?
What is the maximum network diameter, in terms of
hop count, for RIP?
What is a Link-State protocol?
Describe the types of areas that can be used by
OSPF?
Describe the purpose of the DR in OSPF?
What are ISIS packets called?
Describe some similarities between OSPF and ISIS?
Copyright 2003, Juniper Networks,
Inc.

Juniper Networks
Networking Essentials

Module 9: BGP Protocol

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After successfully completing this module, you should

be able to:
Describe the definition, use, operation, implementation, and

interoperability considerations for BGP


Describe BGP standards, autonomous systems, AS path and
attributes, external and internal operational features, routes,
and messages
Explain JUNOS software support for BGP

Copyright 2003, Juniper Networks,


Inc.

What Is BGP?
BGP is an inter-domain routing protocol that

communicates prefix reachability


BGP is a path vector protocol
Similar to distance vector

BGP views the Internet as a collection of autonomous

systems
Stability is very important to the Internet and BGP
BGP supports CIDR
BGP routers exchange routing information between
peers
Defined in RFC 1771
Copyright 2003, Juniper Networks,
Inc.

BGP Fundamentals
Routes consist of destination prefixes with an AS path

and BGP-specific attributes


Each BGP update contains one path advertisement and
attributes
Many destinations can share the same path

BGP compares the AS path and attributes to choose

the best path


Unfeasible routes can be advertised
Unreachable routes are withdrawn

Copyright 2003, Juniper Networks,


Inc.

BGP Connections
BGP updates are incremental
No regular refreshes
Except at session establishment, when volume of routing
can be high
BGP runs over TCP connections
TCP port 179
TCP Services
Fragmentation, Acknowledgments, Checksums, Sequencing, and
Flow Control

No automatic neighbor discovery

Copyright 2003, Juniper Networks,


Inc.

BGP Peering
BGP sessions are established between peers
BGP Speakers
Two types of peering sessions
E-BGP (external) peers with different AS's
I-BGP (internal) peers within the same AS
Still requires interior gateway protocols (IGPs)
IGP connects BGP speakers within the AS
IGP advertises internal routes

Copyright 2003, Juniper Networks,


Inc.

E-BGP and I-BGP


ISP-X AS 2

E-BGP
E-BGP

I-BGP
I-BGP

OSPF
OSPF

Customer AS 1

E-BGP
E-BGP

I-BGP
I-BGP

No AS number;
uses default route
to the Internet
Customer 2

ISP-Y AS 3

Copyright 2003, Juniper Networks,


Inc.

I-BGP Loopback Interfaces


I-BGP peering is often done using loopback interfaces
Loopback interfaces are more stable
Not tied to a single physical path

The AS needs an IGP so that I-BGP speakers can reach each

others loopback address

Lo0: 192.168.255.2/32

Lo0: 192.168.255.1/32

Router A
Router C

Full-Mesh
Full-Mesh
I-BGP
I-BGP

Router B

Lo0: 192.168.255.3/32

AS 1

Copyright 2003, Juniper Networks,


Inc.

E-BGP Multihop and Load Balancing


E-BGP Multihop

Need TTL >1

Loopback interface 0: 172.25.1.1

E-BGP

Loopback interface 0: 10.22.11.1

192.168.1.3
192.168.1.2

AS 1

Router A

Router B

E-BGP Load Balancing

Dont limit E-BGP session to 1 physical link

Loopback interface 0: 172.16.10.1

10.1.1.1

AS 1
172.16.0.0

10.2.2.1

Router A

AS 3

Loopback interface 0: 172.18.1.1

E-BGP

10.1.1.2
10.2.2.2

Router B

Copyright 2003, Juniper Networks,


Inc.

AS 2
172.18.0.0

BGP Route Advertisement


Advertise only the active BGP routes to peers
BGP next-hop must be reachable
Never forward I-BGP routes to I-BGP peers
Prevents loops
Withdraw routes if active BGP routes become

unreachable

Copyright 2003, Juniper Networks,


Inc.

Default BGP Advertisement Rules


ISP 1 AS 2

I-BGP
I-BGP

E-BGP
E-BGP
I-BGP
I-BGP

Customer AS 1

(1) I-BGP advertises


routes learned from
E-BGP, and

(2) E-BGP advertises any


route learned from I-BGP
or E-BGP, but
(3) I-BGP does not
advertise any routes
learned via I-BGP

Copyright 2003, Juniper Networks,


Inc.

The Need for a Full I-BGP Mesh


How do the default rules
of I-BGP/E-BGP impact
AS2?

AS1

R11

R22
N22

Advertise
N22

Advertise
N22
N23

X N23

E-BGP
R12

Advertise
N22
N23

AS2

Advertise
N22
N23

R21

I-BGP
N22

Advertise
N23

N23
R23

R13

Copyright 2003, Juniper Networks,


Inc.

BGP Message Types


Four BGP message types:
Open
Update
Keepalive
Notification
Messages use a common header

Copyright 2003, Juniper Networks,


Inc.

When to Use BGP


Enterprise network that is multihomed to two or

more ISPs
To support full or partial routes

To participate as an Internet Backbone Provider

Internet
ISP 1

ISP 2

Corporate
Network

Copyright 2003, Juniper Networks,


Inc.

JUNOS Software Support for BGP


RFC 1771, A Border Gateway Protocol 4 (BGP-4)
RFC 1772, Application of the Border Gateway Protocol in the

Internet
RFC 1965, Autonomous System Confederations for BGP
RFC 1966, BGP Route Reflection: An Alternative to Full-Mesh
I-BGP
RFC 1997, BGP Communities Attribute
RFC 2270, Using a Dedicated AS for Sites Homed to a Single
Provider
RFC 2283, Multiprotocol Extensions for BGP-4
RFC 2385, Protection of BGP Sessions through the TCP MD5
Signature Option
RFC 2439, BGP Route Flap Damping
RFC 2842, Capabilities Advertisement with BGP-4

Copyright 2003, Juniper Networks,


Inc.

JUNOS BGP Routing Table


BGP stores routes in the JUNOS software routing table

(inet.0)
Routing table stores
Routing information learned from update messages
Local routing information selected by applying local policies

to routes received in update messages


Information selected to advertise to BGP peers

Copyright 2003, Juniper Networks,


Inc.

Basic BGP Configuration


routing-options {
autonomous-system 64;
}
protocols {
bgp {
group external-peer1 {
type external;
peer-as 1234;
neighbor 10.0.0.1;
}
group internal-peers {
type internal;
local-address 192.168.1.1;
neighbor 10.0.5.1;
neighbor 10.0.6.1;
}
}
}

Copyright 2003, Juniper Networks,


Inc.

Basic Routing Policy


JUNOS software policy is used to insert prefixes into

BGP updates
Import and Export policies can be defined
Import policies control which routes are placed in the local

routing table
Export policies control which routes are advertised from local
routing table to neighbors

Copyright 2003, Juniper Networks,


Inc.

Basic Policy Configuration


First, define the policy:
policy-statement redistribute-static-routes {
from protocol static;
then accept;
}

Then apply the policy under BGP:


protocols {
bgp {
export redistribute-static-routes;
}
}

Copyright 2003, Juniper Networks,


Inc.

Show BGP Neighbor


user@host> show bgp neighbor
Peer: 10.1.1.2+179 AS 29
Local: 10.1.1.1+1048 AS 29
Type: Internal State: Established
Flags: <>
Last State: OpenConfirm
Last Event: RecvKeepAlive
Last Error: None
Options: <Preference HoldTime>
Holdtime: 90
Preference: 170
Number of flaps: 1
Error: "Cease" Sent: 1 Recv: 0
Peer ID: 10.1.1.2
Local ID: 0.0.0.0
Active Holdtime: 90
NLRI advertised by peer: unicast
NLRI for this session: unicast
Group Bit: 0 Send state: in sync
Table inet.0
Active Prefixes: 0
Received Prefixes: 0
Suppressed due to damping: 0
Table inet.2
Active Prefixes: 0
Received Prefixes: 0
Suppressed due to damping: 0
Last traffic (seconds):
Received 25
Sent 21 Checked 21
Input messages:
Total 4143
Updates 0
Octets 78717
Output messages:
Total 4156
Updates 10
Octets 79303
Output Queue[0]: 0
Output Queue[1]: 0

Copyright 2003, Juniper Networks,


Inc.

Show BGP Summary


show bgp summary
View basic information about all BGP neighbors
Groups: 12
Peer
172.17.0.2
192.168.1.1
192.168.1.97
192.168.1.100

Peers: 26
AS
45
33
23
432

InPkt
1225
911
10458
10458

Unestablished peers: 2
OutPkt
55263
0
2201
163

OutQ Flaps Last Up/Dn


50511
0
18:22:14
0
0
18:22:27
41043
0
18:22:03
17643
0
17:01:18

State|#Act/Recv/Da
47769/50591/0
Active
0/0/0
Active

Copyright 2003, Juniper Networks,


Inc.

Show BGP Routes


show route receive-protocol bgp <addr>
Look at routes received by a peer before policy is applied
user@host> show route receive-protocol bgp 11.1.1.1
inet.0: 6 destinations, 6 routes (5 active, 0 holddown, 1 hidden)
Prefix
Nexthop
MED
Lclpref AS path
10.0.0.0/8
192.168.1.1
100
I
172.16.0.0/12
172.19.1.1
100
I

show route advertising-protocol bgp <addr>


Look at routes being advertised to a specific peer
user@host> show route advertising-protocol bgp 10.1.1.2
inet.0: 10 destinations, 10 routes (8 active, 0 holddown, 2 hidden)
Prefix
Nexthop
MED
Lclpref AS path
10.0.0.0/8
Self
100
I
172.16.0.0/12
Self
100
I

Copyright 2003, Juniper Networks,


Inc.

Lab 7: BGP Configuration Lab

Lab objective:
Configure a Juniper Networks router with a minimal
BGP configuration

Copyright 2003, Juniper Networks,


Inc.

Review Questions
1. On what type of network would you implement BGP?
2. How does BGP advertise routes?
3. How would a typical ISP design a network to support

BGP? Draw a sample network.

Copyright 2003, Juniper Networks,


Inc.

Advanced VPNs

Module 10: MPLS Review and


Background Information

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

MPLS Benefits
Fully integrates IP routing and Layer 2 switching
Leverages existing IP infrastructures
Optimizes IP networks by facilitating traffic engineering
Enables multi-service networking
Integrates private and public networks seamlessly

Copyright 2003, Juniper Networks,


Inc.

Traffic Engineering
Source

Destination

Layer 3 Routing

Traffic Engineering

Ability to control traffic flows in the network


Optimizes available resources
Moves traffic from IGP path to less congested path

Copyright 2003, Juniper Networks,


Inc.

Traffic Engineering Uses


With traffic engineering, you can:
Route paths around bottlenecks
Provide concise traffic control
Provide efficient bandwidth use
Enhance an ISPs traffic-oriented performance
Enhance statistically bound performance characteristics of
the network
Provide more options, lower costs, and better service

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

High-Level Overview of Traffic Engineering


Information distribution component
Path selection component
Path signaling component
Packet forwarding component

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Information Distribution
IGP extensions propagate information
IS-IS uses type/length/value (TLV) tuples
OSPF uses opaque LSA type 10
Information is propagated within area/level only
Information propagated
Bandwidth available
Preemption priority
Link affinity (link colors)
Router ID

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Path Selection
Egress
LSR
Ingress
LSR

LSP

Two main approaches or a hybrid approach


Offline path calculation (in-house or third-party tools)
Online path calculation (constraint-based routing)
Hybrid approach provides the accuracy of offline approach

with failure recovery capability

Copyright 2003, Juniper Networks,


Inc.

Path Signaling
Dynamic path creation requires a signaling protocol to:
Coordinate label distribution
Route the LSP explicitly
Reserve bandwidth (optional)
Provide class-of-service capability (DiffServ style)
Reassign resources (like bandwidth)
Preempt existing LSPs
Prevent loops

Copyright 2003, Juniper Networks,


Inc.

Path Signaling Protocols


The IETF MPLS architecture does not assume

a single protocol for assigning and distributing labels


LDP
Executes hop by hop
Selects same physical path as IGP
Supports reduced LSP complexity

RSVP
Extends easily for explicit routes and label distribution
Deployed by providers in production networks
A well-known signaling protocol

CR-LDP
Extends LDP to support explicit routes
Functionally identical to RSVP
Not supported by Juniper Networks

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Packet Forwarding
Ingress router examines IP header
Packet is then:
Classified for interface output queue
Assigned a label
Encapsulated in an MPLS header
Forwarded toward the next hop in the LSP

Copyright 2003, Juniper Networks,


Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

MPLS Terminology
Forward equivalence class (FEC)
Stream/flow of IP packets
FEC/label binding mechanism
Label
Fixed length
Local significance
Label distribution, retention, and control
Downstream on demand/unsolicited downstream
Liberal/conservative
Independent/ordered

LSR label processing


Push/swap/pop/multi-push/swap-push

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

MPLS Terminology: MPLS Shim Header


Label (20 bits)

L2 Header

MPLS Header

CoS S

IP Packet

32
bits

MPLS shim header fields:


Label (L)
Experimental (CoS)
Stacking bit (S)
Time to live (TTL)
Reserved and pre-defined label values

Copyright 2003, Juniper Networks,


Inc.

TTL

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

MPLS Terminology: Label Swapping


Connection Table
IP 25

Port 1

Port 3

In
Out
Label
(port, label) (port, label) Operation

Port 2

Port 4

IP 19

(1, 22)

(2, 17)

Swap

(1, 24)

(3, 17)

(1, 25)

(4, 19)

Swap
Swap

(2, 23)

(3, 12)

Swap

Copyright 2003, Juniper Networks,


Inc.

MPLS Terminology: Router Types


Egress
LSR
Ingress
LSR
San
Francisco

Transit
LSR

New York
Transit
LSR

Penultimate
Router
LSP

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Packet Forwarding
Source
Ingress
LSR

Egress
LSR

Paris

Rome

Ingress LSR determines FEC and assigns a label


Forwards Paris traffic on the green LSP
Forwards Rome traffic on the blue LSP
Traffic is label-swapped at each transit LSR
Egress LSR
Removes MPLS header (dependent upon penultimate hop
pop)
Copyright 2003, Juniper Networks,
Forwards packet based on destination address

Inc.

Packet Forwarding Example


134.5.6.1

134.5.1.5
Lo0:192.168.2.1

Egress Routing Table

200.3.2.7

3
Ingress Routing Table

200.3.2.7 99

Destination

Next Hop

BGP Next Hop

134.5/16

(3,99)

192.168.2.1

200.3.2/24

(3, 99)

192.168.2.1

200.3.2.7

Next Hop

134.5/16

134.5.6.1

200.3.2/24

200.3.2.1

200.3.2.7

200.3.2.7 56

MPLS Table

Destination

MPLS Table

In

Out

In

Out

(1, 99)

(2, 56)

(3, 56)

(5, 3)

200.3.2.1

Copyright 2003, Juniper Networks,


Inc.

200.3.2.7

Test for Understanding


Label Stacking

IP

25

Penultimate Hop Pops Label

IP

42
24

IP

18
24

IP

24

IP

56

Penultimate LSR

Tunneling LSP

What label value does the egress LSR for the tunneling
LSP signal to the penultimate LSR so that label 18 is
popped off the top of the stack?

Copyright 2003, Juniper Networks,


Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

Resource Reservation Protocol


Internet standard for resource reservation
Originally intended for IP QoS
Not a routing protocol
Transports and maintains traffic and policy parameters that
are opaque to RSVP
Simplex reservations for unicast traffic
Receiver-oriented resource allocation
Maintains soft state for graceful changes of:
Multicast membership
Routing

Multiple reservation styles


Supports IPv4 and IPv6

Copyright 2003, Juniper Networks,


Inc.

RSVP Session
Ingress
Router

Egress
Router

PATH
RESV
Host

R1

R4

R8

R9

Host

Can have simultaneous, multiple, independent

sessions
Session is data flow defined by three parameters (destination

address, protocol ID, destination port)


RSVP sessions are between hosts, not just routers
Use traceoptions to show session creation information:
May
May
May

8 13:26:42 RSVP new Session 192.168.80.1(port 17) Proto 0


8 13:26:42 RSVP new path state, session 192.168.80.1(port 17) Proto 0
8 13:26:42 RSVP new resv state, session 192.168.80.1(port 17) Proto 0

Copyright 2003, Juniper Networks,


Inc.

RSVP Messaging Protocol


Establish Path
State Block

Ingress
Router

Egress
Router

Path
Resv

Host

R1

R4

R8
Establish Resv
State Block

R9

RSVP message types


Path: establishes state
Resv: reserves resources
PathTear: removes path state
ResvTear: removes reservation state
PathErr: error message sent upstream to sender
ResvErr: establishes blockade state
ResvConf: message confirming reservation request
Path and resv state block data structures store soft

Copyright 2003, Juniper Networks,


state information
Inc.

Host

Copyright 2003, Juniper Networks,


Inc.

Traffic Engineering Extensions


Path message extensions
Mandatory:
Session object: identifies that the RSVP session will be an LSP tunnel
Label request object: requests LSRs to provide a label binding

Optional:
Explicit route object (ERO): specifies predetermined path, independent of
IGP path
Record route object (RRO): lists the LSRs that the LSP tunnel traverses
Session attribute object: aids in session identification, and also controls
path setup priority, holding priority, and local-rerouting features

Resv message extensions


Mandatory:
Label object: performs the upstream-on-demand label distribution
process
Session object: uniquely identifies the LSP being established
Style object: specifies the reservation style (fixed-filter or
shared-explicit)

Optional:
Record route object: returns the LSPs path to the sender of the path
message
Copyright 2003, Juniper Networks,

Inc.

Path Message
Ingress
LSR

Explicit Route = {R1, R2, R3, R4}


PATH
ERO= {R2, R3, R4}

R1

PATH
ERO= {R3, R4}

PATH
ERO= {R4}

Egress
LSR

R2

R3

R4

Establish Path
State Block

Establish Path
State Block

Establish Path
State Block

RSVP path message


Explicit route is passed to R1
R1 transmits a path message addressed to R4
Label request object requests label binding
ERO = {strict R2, strict R3, strict R4} (optional field)
Record route object lists nodes visited (optional field)
Session object identifies LSP name
Session attributes controls priority, preemption, fast reroute (optional
field)
Sender Tspec requests bandwidth reservation

Each router
acts on
because
of router alert
Copyright
RSVP
2003,packet
Juniper
Networks,

option

Inc.

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Resv Message
Ingress
LSR
i2
R1

Egress
LSR

Penultimate
LSR

RESV

i3

Label = 17

MPLS Table

i6
R2

RESV
Label = 20

i2

i5

RESV

R3

MPLS Table

i4

Label = 3

R4

MPLS Table

In

Out

In

Out

In

Out

IP Route

(2, 17)

(3, 17)

(6, 20)

(2, 20)

(5, Pop)

Resv message
R4 transmits a resv message to R3

Label = 3 (indicates that penultimate LSR should pop header)


Session object uniquely identifies the LSP
Style object identifies fixed filter or shared explicit
Record route object lists nodes visited (optional field)

R3 and R2
Stores outbound label, allocates an inbound label
Transmits resv message with inbound label to upstream LSR

Copyright 2003, Juniper Networks,


R1 binds label to FEC
Inc.

Copyright 2003, Juniper Networks,


Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

Named Path via Explicit Route Object


Permits explicit path assignment
Used to specify the route RSVP path messages take for
setting up LSP
Can specify loose or strict routes
Loose routes rely on routing table to find destination
Strict routes specify the directly connected next hop
A route can have both loose and strict components
Uses ERO processing algorithm

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Named Path ERO: Strict Route


Next hop must be directly connected to previous hop

ERO

B strict
C strict
E strict
D strict
F strict

A
Ingress
LSR

Strict

Copyright 2003, Juniper Networks,


Inc.

Egress
LSR

Named Path ERO: Loose Route


Consult the routing table at each hop to determine the
best path

ERO

D loose

A
Ingress
LSR

Loose

Copyright 2003, Juniper Networks,


Inc.

Egress
LSR

Named Path ERO: Strict/Loose Path


Strict and loose routes can be mixed

ERO

Strict

C strict
D loose
F strict

A
Ingress
LSR

Loose

Copyright 2003, Juniper Networks,


Inc.

Egress
LSR

Named Path Code


mpls {
traffic-engineering bgp-igp;
label-switched-path Blue1 {
to 192.168.24.1;
primary one;
}
label-switched-path Blue2 {
to 192.168.12.1;
primary one;
}
path one {
192.168.20.1 loose;

Use loopback address


instead of interface address,
so loose section of path
can reroute if necessary

}
isis {
traffic-engineering shortcuts;
interface all {
level 1 disable;
}
}

Copyright 2003, Juniper Networks,


Inc.

Named Path Verification


lab@HongKong> show mpls lsp

Ingress LSP: 2 label-switched paths


To

From

State Rt ActivePath

LSPname

192.168.12.1

192.168.16.1

Up

2 one

Blue2

192.168.24.1

192.168.16.1

Up

5 one

Blue1

Total 2 displayed, Up 2, Down 0

Egress RSVP: 0 sessions


Total 0 displayed, Up 0, Down 0

Transit RSVP: 0 sessions


Total 0 displayed, Up 0, Down 0

Copyright 2003, Juniper Networks,


Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

Constraint-Based Routing Overview (1 of 2)


Modified shortest path first algorithm
Integrates TED data

IGP topology information


Available bandwidth
Link color
Path determined according to administrative constraints of
LSP

Maximum hop count

Bandwidth

Strict or loose routing

Administrative groups

Priority

Prunes non-qualifying paths then performs an SPF

algorithm on remaining routes

Copyright 2003, Juniper Networks,


Inc.

Constraint-Based Routing Overview (2 of 2)


Operations Performed by the Ingress LSR
Extended IGP

Routing Table

Traffic Engineering
Database (TED)

Constrained
Shortest Path First

1) Stores information from IGP flooding


2) Stores traffic engineering information

Explicit Route

3) Examines user-defined constraints


4) Calculates the physical path for the LSP
5) Represents path as an explicit route
6) Passes ERO to RSVP for signaling

RSVP Signaling

Copyright 2003, Juniper Networks,


Inc.

User
Constraints

IGP Extensions
Extended IGP

Routing Table

Traffic Engineering
Database (TED)

Constrained Shortest
Path First (CSPF)

Distributes topology and traffic

engineering information using


IGP extensions

Explicit Route

Maximum reservable bandwidth


Remaining reservable bandwidth
Link administrative groups
RSVP Signaling

(color)

Mechanisms
Opaque
LSAs for
OSPF
Copyright
2003, Juniper Networks,
NewInc.
TLVs for IS-IS

User
Constraints

Traffic Engineering Database


Traffic engineering database
Used exclusively for calculating explicit paths for the
placement of LSPs across the physical topology
Maintains traffic engineering information learned from the
extended IGP
Contents
Up-to-date network topology information
Current reservable bandwidth of links
Link administrative groups (colors)
Link priority information

Copyright 2003, Juniper Networks,


Inc.

User Constraints
Extended IGP

Routing Table

Traffic Engineering
Database (TED)

Constrained Shortest
Path First (CSPF)

User-defined constraints applied

to path selection

Explicit Route
Bandwidth requirements
Hop count limitations (for fast reroute)
Administrative groups (colors)

Priority (setup and hold)


Explicit route (strict or loose)*

* Also specified for signaled LSPs (no-cspf)

RSVP Signaling

Copyright 2003, Juniper Networks,


Inc.

User
Constraints

Constrained Shortest Path First


Extended IGP

Routing Table

Traffic Engineering
Database (TED)

Constrained Shortest
Path First (CSPF)

For LSP = (highest priority) to (lowest priority)

Prune links with insufficient bandwidth

Prune links that do not contain an included


color

Prune links that contain an excluded color

Calculate shortest path from ingress to egress


consistent with ERO

Select among equal-cost paths (least hop,


then fill)

Pass explicit route to RSVP

End for

Explicit Route

RSVP Signaling

Copyright 2003, Juniper Networks,


Inc.

User
Constraints

RSVP Signaling
CSPF
ERO

Egress
LSR

PATH

RSVP

RESV

Ingress
LSR

RSVP signaling
Explicit route calculated by CSPF is handed to RSVP

RSVP is unaware of how the ERO was calculated

RSVP establishes LSP

Path: Establishes state and requests label assignment

Copyright
2003, Juniper Networks,
Resv: Distributes labels and reserves resources
Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

Administrative Groups (1 of 7)
Administrative groups
Thirty-two named groups, 0 through 31carried as
32-bit value in IGP updates
Groups assigned to interfaces

Silver

Gold

San
Francisco
Bronze

Copyright 2003, Juniper Networks,


Inc.

Administrative Groups (2 of 7)

1 1 0 0 0 0 0 0

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1

1 1

Administrative groups
Colors advertised on a per-link basis via IGP: 0xC000000E
Colors on router: internal management, bronze, silver, gold

Copyright 2003, Juniper Networks,


Inc.

Administrative Groups (3 of 7)
[edit protocols]
mpls {
admin-groups {
good 1;
silver 2;
bronze 3;
management 30;
internal 31;
}
interface so-0/0/0 {
admin-group [ good management ]
}
interface so-0/1/0 {
admin-group silver;
}
interface so-0/2/0 {
admin-group good;
}
interface so-0/3/0 {
admin-group good;
}
}

Copyright 2003, Juniper Networks,


Inc.

Administrative Groups (4 of 7)
CSPF can include and exclude groups in automatic

path calculation
Logical groupings are supported

mpls {
label-switched-path to-miami {
to 1.1.1.1;
primary use-fargo {
admin-group {
Logical
include gold;
exclude [ bronze silver ]
}
}
}
Logical OR
path use-fargo {
10.0.1.2 loose;
}
}

AND

Copyright 2003, Juniper Networks,


Inc.

Administrative Groups (5 of 7)
A-D-H has the lowest IGP metric4

1
A

1
5
3

Copyright 2003, Juniper Networks,


Inc.

Administrative Groups (6 of 7)
Choose the path from A to H using:
admin group {
include [copper bronze];
exclude admin;
}

d
ol
G

o
r
B

Silver

E
er

Co 2
pp
er

Copp
e

2 ze
n

C
op

Br 3
on
ze

Gold

e
nz
ro
B

Admi
n

Copper

Admin
Bronze
in
Adm

I
Cop
per

1
H

Copyright 2003, Juniper Networks,


Inc.

Administrative Groups (7 of 7)
A-D-E-G-I-H is the shortest path excluding the admin
class and including copper or bronze

d
ol
G

o
r
B

Silver

E
er

Co 2
pp
er

Copp
e

2 ze
n

C
op

Br 3
on
ze

Gold

e
nz
ro
B

Admi
n

Copper

Admin
Bronze
in
Adm

I
Cop
per

1
H

Copyright 2003, Juniper Networks,


Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

Fast-Reroute Overview
Short-term solution to reduce packet lossif node or

link fails, upstream node:


Immediately detours
Signals failure to ingress LSR

Ingress LSR knows traffic engineering constraints


Ingress router computes alternate route based on configured
secondary paths; tries to reestablish primary path
Initiates long-term reroute solution
By default, reroute paths inherit administrative groups only
no other parameters

Copyright 2003, Juniper Networks,


Inc.

Fast-Reroute Operation
Fast reroute in operation:
Configured on ingress router only
Detours around node or link failure

~100s of ms reroute time

Detour paths immediately available


Uses TED to calculate detour

Copyright 2003, Juniper Networks,


Inc.

Fast-Reroute Example
Enable fast reroute on ingress LSR
SF creates detour around LA
LA creates detour around Austin
Austin creates detour around Miami
Fargo
New York

San
Francisco
Los Angeles

Miami

Austin Networks,
Copyright 2003, Juniper
Inc.

Fast-Reroute Example: Short Term


LA to Austin link fails
LA immediately detours around Austin
LA signals to SF that failure occurred
Fargo
New York

San
Francisco
Miami

Los Angeles
Austin

Copyright 2003, Juniper Networks,


Inc.

Fast-Reroute Example: Long Term


SF fails over to secondary path
Fargo
New York

San
Francisco
Miami

Los Angeles
Austin

Copyright 2003, Juniper Networks,


Inc.

Fast Reroute
protocols mpls
label-switched-path Tom {
to 192.168.24.1;

protocols mpls
path top {

primary top;

192.168.0.1 loose;

secondary bottom {

192.168.2.1 loose;

bandwidth 75m;

priority 5 5;

path bottom {
192.168.8.1 loose;

standby;

192.168.12.1 loose;

}
fast-reroute;

Copyright 2003, Juniper Networks,


Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

Circuit Cross-Connect Overview


Connects two Layer 2 circuits
Supports:
PPP, Cisco HDLC, Frame Relay, ATM, and VLAN 802.1Q

Based on Layer 2 circuit ID


Carries any protocol
Connects only like interfaces (for example, Frame Relay to Frame
Relay, or ATM to ATM)

Three types of cross-connects:


Layer 2 switching
MPLS tunneling
Stitching MPLS LSPs

Copyright 2003, Juniper Networks,


Inc.

CCC MPLS Interface Tunneling (1 of 2)


ATM Access Network

ATM VC 514

IP Backbone

M40

MPLS LSP

ATM Access Network

M20

ATM VC 590

Transports packets from one interface through an

MPLS LSP to a remote interface


Supports tunneling between two like interfaces, such as

ATM, Frame Relay, PPP, and Cisco HDLC connections


Bridges Layer 2 packets from end to end

ATM operation

Copyright 2003, Juniper Networks,


Inc.

CCC MPLS Interface Tunneling (2 of 2)


ATM Access Network

ATM VC 514

IP Backbone

M40

ATM Access Network

MPLS LSP1

M20

ATM VC 590

MPLS LSP2
at-7/1/1.514

[edit protocols]
user@M40# show
connections {
remote-interface-switch m40-to-m20
interface at-7/1/1.514;
transmit-lsp lsp1;
receive-lsp lsp2;
}

at-3/0/1.590

[edit protocols]
user@M20# show
connections {
remote-interface-switch m20to-m40
interface at-3/0/1.590;
transmit-lsp lsp2;
receive-lsp lsp1;
}

Copyright 2003, Juniper Networks,


Inc.

Special Caveats for CCC


VLAN CCC caveats
VLAN tagging at physical interface

VLAN 0-511 on unit with ccc-encap support 802.1Q VLAN

VLAN 512-4094 only VLAN IDs that support CCC

GE PICs must be Rev B

Frame Relay: encapsulates frame-relay-ccc at physical

interface

DLCI 1-511 on unit is normal Frame Relay

DLCI 512-1022 on unit is CCC Frame Relay

Layer 2 switching cross-connect: PPP and HDLC must be

unit 0
ATM: cannot configure family on unit if atm-ccc-vc-mux

encapsulation is set

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

Purpose of LDP (1 of 2)
Creates forwarding equivalence class
A group of IP packets which are forwarded in the same
manner (RFC 3031)
Manages LSP to egress router
New concept
LDP associates the FEC with each LSP it creates

Solves problems
Enables VPNs
Allows traffic class mapping

Copyright 2003, Juniper Networks,


Inc.

Purpose of LDP (2 of 2)
LDP creates an LSP tree for each FEC from every
possible ingress router to egress router
LDP LSP

Egress

RSVP LSP

G
I

E
D
C

H
F

Copyright 2003, Juniper Networks,


Inc.

Only one LDP LSP,


while four RSVP
LSPs

Label Distribution Protocol (1 of 2)


Downstream
LDP Peer

Upstream
LDP Peer
Discovery (Hello messages)
TCP Session Establishment

Session

Initialization Messages
Label Request Messages
Label Mapping Messages

Advertisement

Distributes label binding information


Runs on LSRs in conjunction with IP routing protocols
Labels are periodically refreshed
LDP messages types

Discovery: locates potential LDP peers


Session: manages peer-to-peer TCP sessions
Advertisement:
changes,
deletes label mappings
Copyrightcreates,
2003,
JuniperorNetworks,
Notification: provides advisory information

Inc.

Copyright 2003, Juniper Networks,


Inc.

Label Distribution Protocol (2 of 2)


Net: 11.0.0.0
Net: 10.0.0.0
Label: 17

Upstream
LDP Peer

i3

i1

LSR
i4

MPLS Table
In

Out

(3, 35)

(1, 17)

Advertise
Incoming
Label

N
Ne et:
t: 10
La 11. .0.0
be 0.0 .0
l:
.
53 0
Net: 11.0.0.0
Downstream
Net: 10.0.0.0
LDP Peer
Label: 52

i1
i2

i5

MPLS Table
In

Out

(4, 17)

(5, 52)

Receive
Outgoing
Label

i3
i4

MPLS Table
In

Out

(2, 52)

(3, 29)

Net: 10.0.0.0
Label: 29
Net
:1
Lab 1.0.0.0
el:
29

LDP label mapping


Downstream peer assigns labels
Benefits
Traffic engineering information is not piggybacked on routing
protocols

Limitations
LSPs follow the conventional IGP path
Copyright
2003, Juniper
Does
not support explicit routing

Inc.

Networks,

LDP Tunneling through RSVP-TE LSP (1 of 2)


Router B

Router A
RSVP
LDP

LDP

protocols {
mpls {
label-switched-path lsp-path-name {
from source;
to destination;
ldp-tunneling;
}
}

Copyright 2003, Juniper Networks,


Inc.

LDP Tunneling through RSVP-TE LSP (2 of 2)

P
D
L

LD
P

LDP

LDP
R
SV
P

RS
VP

RS
VP

P
V
RS

Copyright 2003, Juniper Networks,


Inc.

Agenda: MPLS Review


Basic Review of MPLS
High-Level Overview of Traffic Engineering
MPLS Terminology
Resource Reservation Protocol
Named Path via Explicit Route Objects
Constraint-Based Routing Overview
Administrative Groups
Fast Reroute
Circuit Cross-Connect Overview
Label Distribution Protocol
Basic MPLS Configuration Summary

Copyright 2003, Juniper Networks,


Inc.

Basic MPLS Configuration Summary


MPLS configuration summary
Configure MPLS and RSVP protocols
Configure family MPLS on interfaces
Configure an LSP
Configure basic IP stuff (for example, addresses and

protocols)

Copyright 2003, Juniper Networks,


Inc.

Basic RSVP-Signaled LSP


[EDIT]#
Lab@host#set protocols mpls interface all
Lab@host#set protocols rsvp interface all
Lab@host#set interface IN-#/#/# unit 0 family mpls
Lab@host#set protocols mpls label-switched-path TOM to IP address no-cspf

Copyright 2003, Juniper Networks,


Inc.

Displaying MPLS LSPs


lab@SanFrancisco> show mpls lsp

Ingress LSP: 1 label-switched paths


To
192.168.8.1

From
192.168.2.1

State
Up

Rt ActivePath

LSPname

sf-to-ny

se-gold

Total 1 displayed, Up 1, Down 0

Egress RSVP: 2 sessions, 1 detours


To

From

State

Rt Style Labelin Labelout LSPname

192.168.2.1

192.168.8.1

Up

1 FF

NYC-to-SF

192.168.2.1

192.168.8.1

Up

1 FF

NYC2-to-SF

Total 2 displayed, Up 2, Down 0

Transit RSVP: 0 sessions


Total 0 displayed, Up 0, Down 0

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Displaying Additional MPLS Information


lab@SanFrancisco> show mpls lsp extensive
Ingress LSP: 1 label-switched paths
192.168.8.1
From: 192.168.2.1, State: Up, ActiveRoute: 1, LSPname: sf-to-ny
ActivePath: use-gold (primary)
LoadBalance: Random
*Primary

use-gold

State: Up

Include: gold
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 30)
10.0.5.2 S

10.0.7.2 S

10.0.9.2 S

102 Jan

5 12:12:28 Selected as active path

101 Jan

5 12:11:58 Record Route: 10.0.5.2 S 10.0.7.2 S 10.0.9.2 S

100 Jan

5 12:11:58 Up

99 Jan

5 12:11:58 Clear Call

98 Jan

5 12:11:58 CSPF: computation result accepted

97 Jan

5 12:11:43 Record Route: 10.0.3.1 S 10.0.1.2 S 10.0.14.1


Copyright
2003, Juniper Networks,
Inc.

Copyright 2003, Juniper Networks,


Inc.

Displaying the MPLS Switching Table


lab@Montreal>show route table mpls.0
mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0

*[MPLS/0] 02:47:47, metric 1


Receive

*[MPLS/0] 02:47:47, metric 1


Receive

100003

*[RSVP/7] 00:00:53, metric 1


> to 10.0.24.2 via fe-0/0/2.0, label-switched-path HK-AM1

100003(S=0)

*[RSVP/7] 00:00:53, metric 1


> to 10.0.24.2 via fe-0/0/2.0, label-switched-path HK-AM1

100004

*[RSVP/7] 00:00:53, metric 1


> to 10.0.24.2 via fe-0/0/2.0, label-switched-path HK-AM1

100004(S=0)

*[RSVP/7] 00:00:53, metric 1


> to 10.0.24.2 via fe-0/0/2.0, label-switched-path HK-AM1

Copyright 2003, Juniper Networks,


Inc.

Displaying RSVP Session Information


lab@SanFrancisco> show rsvp session

Ingress RSVP: 2 sessions


To

From

State Rt Style Labelin

Labelout LSPname

192.168.8.1

192.168.2.1

Up

1 FF

100010

sf-to-ny

192.168.8.1

192.168.2.1

Up

1 FF

100058

sf-to-ny

Total 2 displayed, Up 2, Down 0

Egress RSVP: 2 sessions, 1 detours


To

From

State Rt Style Labelin

Labelout LSPname

192.168.2.1

192.168.8.1

Up

1 FF

NYC-to-SF

192.168.2.1

192.168.8.1

Up

1 FF

NYC2-to-SF

Total 2 displayed, Up 2, Down 0

Transit RSVP: 0 sessions


Total 0 displayed, Up 0, Down 0

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Displaying Neighbor Information

lab@SanFrancisco> show rsvp neighbor


RSVP neighbor: 3 learned
Address

Idle

Up/Dn

LastChange

10.0.3.1

1/0

10.0.4.2

1/0

10.0.5.2

1/0

HelloInt

HelloTx/Rx

5:35:37
2w1d 22:54:25
5:35:42

3
3

MsgRcvd MsgType
29326/6556
448522/448391

29316/6557

Copyright 2003, Juniper Networks,


Inc.

850 Path,Resv
61407 Path,Resv
30587 Path,Resv

Displaying RSVP-Enabled Interfaces

lab@SanFrancisco> show rsvp interface


RSVP interface: 3 active
Active Subscr- Static
iption

Available

Reserved

Highwater

BW

BW

BW

mark

Interface

State resv

fxp0.0

Up

100%

100Mbps

100Mbps

0bps

0bps

fe-0/0/2.0

Up

100%

100Mbps

100Mbps

0bps

0bps

ge-0/1/0.0

Up

100%

1000Mbps

1000Mbps

0bps

0bps

Copyright 2003, Juniper Networks,


Inc.

Next Hop Resolution


NJ

I-BGP

.1

SF

192.168.16.1 .1

.1

Denver

10.0.1/30

.2

192.168.1.1

DC

.1

10.0.
24/3
.1 0

192.168.4.1

.2

1021

1056

Dallas
10.0.20/30

.2

192.168.8.1

AS64512

10
.0.
29
/30

/30
.16
0
.
10

.2

Boston

134.112/16

134.112/16

LSP SF-to-NY
lo0 192.168.24.1

AS2

E-BGP

.1

.2

1/30
10.0.2

NY

192.168.24.1

Configure nexthop self

lab@SF> show route 192.168.24.1


inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
192.168.24.1/32

*[IS-IS/18] 00:26:50, metric 30, tag 2


> to 10.0.16.2 via fe-0/0/0.0

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)


192.168.24.1/32
to_ny

*[RSVP/7] 00:00:53, metric 0


> to 10.0.16.2 via fe-0/0/0.0, label-switched-path

Copyright 2003, Juniper Networks,


Inc.

Using traceroute to Prove LSP Works


lab@SF> traceroute 134.112.1.1
traceroute to 134.112.1.1 (134.112.1.1), 30 hops max, 40 byte
packets
1

10.0.16.2 (10.0.16.2)

0.766 ms

0.662 ms

0.612 ms

MPLS Label=1056 CoS=0 TTL=1 S=1


2

10.0.1.2 (10.0.1.2)

0.709 ms

0.654 ms

0.738 ms

MPLS Label=1021 CoS=0 TTL=1 S=1


3

10.0.24.2 (10.0.24.2)

0.648 ms

0.632 ms

0.610 ms

.
.
.

Copyright 2003, Juniper Networks,


Inc.

Module Review
1. What are the main benefits of MPLS?
2. How does traffic engineering differ from plain MPLS?
3. Can you describe basic RSVP operation?
4. What is the advantage of using fast reroute?
5. Can you describe the basic operation of LDP?
6. What commands can you use to monitor the

operational status of LSPs on Juniper Networks


M-series and T-series routers?

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Advanced VPNs

Module 11: Layer 3 VPNs

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After successfully completing this module, you will be

able to:
Define the roles of P, PE, and CE routers
Describe the format of VPN-IPv4 addresses
Explain the role of the route distinguisher
Describe the flow of RFC 2547bis control information
Explain the operation of the RFC 2547bis forwarding plane

Copyright 2003, Juniper Networks,


Inc.

Agenda: Layer 3 MPLS VPNs


RFC 2547bis Terminology
VPN-IPv4 Address Structure
Operational Characteristics
Policy-Based Routing Information Exchange
Traffic Forwarding

Copyright 2003, Juniper Networks,


Inc.

Agenda: Layer 3 MPLS VPNs


RFC 2547bis Terminology
VPN-IPv4 Address Structure
Operational Characteristics
Policy-Based Routing Information Exchange
Traffic Forwarding

Copyright 2003, Juniper Networks,


Inc.

Customer Edge Routers


Customer Edge
PE
VPN A

CE

VPN A

PE
VPN B

CE

CE

CE
PE

VPN B

Customer edge (CE) routers


Located at customer premises
Provide access to the service provider network
Can use any access technology or routing protocol for the
CE/PE connection

Copyright 2003, Juniper Networks,


Inc.

Provider Edge Routers


Provider Edge
PE
VPN A

CE

VPN A

PE
VPN B

CE

CE

CE
PE

VPN B

Provider edge (PE) routers


Maintain VPN-specific forwarding tables
Exchange VPN routing information with other PE routers
using BGP
Use MPLS LSPs to forward VPN traffic

Copyright 2003, Juniper Networks,


Inc.

Provider Routers
Provider Routers
PE
VPN A

CE

VPN A

PE
VPN B

CE

CE

CE
PE

VPN B

Provider (P) routers


Forward VPN data transparently over established LSPs
Do not maintain VPN-specific routing information

Copyright 2003, Juniper Networks,


Inc.

VPN Sites
VPN Site
PE
VPN A

CE

VPN A
PE

VPN B

CE

CE

CE
PE

VPN B

A site is a collection of machines that can

communicate without traversing the service provider


backbone
Each VPN site is mapped to a PE router interface
Routing information is stored in different tables for each site

Copyright 2003, Juniper Networks,


Inc.

VPN Routing and Forwarding Tables


A VRF is created
for each site
connected to the PE

VPN A
Site 1

VPN A
Site 2
CEA2

VPN B
Site 2

CEA1
P

VPN B
Site 1

PE 2

CEB2

Static
Routing

VPN A
Site 3

PE 1

CEA3

CEB1

PE 3
BGP
Routing

CEB3

CEC1

VPN C
Site 1

OSPF
Routing

CEC2

VPN B
Site 3

Copyright 2003, Juniper Networks,


Inc.

VPN C
Site 2

VRFs
Each VRF is populated with:
Routes received from directly connected CE sites associated
with the VRF
Routes received from other PE routers with acceptable
MP-BGP attributes
Packets from a given site are only matched against the

sites corresponding VRF


Provides isolation between VPNs

Copyright 2003, Juniper Networks,


Inc.

Agenda: Layer 3 MPLS VPNs


RFC 2547bis Terminology
VPN-IPv4 Address Structure
Operational Characteristics
Policy-Based Routing Information Exchange
Traffic Forwarding

Copyright 2003, Juniper Networks,


Inc.

Overlapping Address Spaces


10.1/16
CEA1

VPN A
Site 1

VPN A
Site 2

10.1/16
PE 1

CEA2

?
PE 2

10.1/16

VPN B
Site 1
CEB1

CEB2

VPN B
Site 2

10.1/16

VPNs A and B use the same address space


PE 1 uses a separate routing table (VRF) for each VPN site
PE 2 would normally choose between the two 10.1/16 routes

Copyright 2003, Juniper Networks,


Inc.

MPLS/BGP VPNs solve this problem with the route distinguisher

VPN-IPv4 NLRI Format


Route Distinguisher
Mask

MPLS Label
(3 bytes)

(1 byte)

Type

Administrator

Assigned
Number

(2 bytes)

(variable
length)

(variable
length)

Subscriber IPv4 Prefix


(04 bytes)

VPN-IPv4 address family


New BGP-4 sub-address family identifier (SAFI 128)

Consists of MPLS label + route distinguisher + subscriber IPv4 prefix

Route distinguisher disambiguates IPv4 addresses

Allows service provider to administer its own numbering space

VPN-IPv4 addresses are distributed by MP-BGP


Uses multiprotocol extensions for BGP4 (RFC 2283)
A /32 IPv4 prefix produces a mask of /120 (15 octets)
JUNOS software CLI displays (and the examples in this class)
only show IPv4 prefix length (that is, /32)

Copyright 2003, Juniper Networks,


Inc.

Route Distinguisher Formats


8-Byte Route Distinguisher

(Type)

(Adm)

4-Byte IP
Address

(AN)
Assigned Number Field: number assigned by the
identified authority for a particular purpose
Administration Field: identifies the assigned number authority

2-Byte Type Field: determines the lengths of the other two fields

Two values are defined for type field: 0 and 1


Type 0: adm field = 2 bytes, AN field = 4 bytes

Adm field should contain an autonomous system number (ASN) from


IANA

AN field is a number assigned by service provider

Type 1: adm field = 4 bytes, AN field = 2 bytes

Administration field should contain an IP address assigned by IANA

Assigned number field is a number assigned by service provider

Copyright
2003, Juniper
Networks,
Examples:
10458:22:10.1.0.0/16
or 1.1.1.1:33:10.1.0.0/16
Inc.

The VPN-IPv4 Address Family


Route distinguisher disambiguates IPv4 addresses
VPN-IPv4 routes
Ingress PE router prepends route distinguisher to IPv4
prefix of routes received from each CE device
VPN-IPv4 routes are exchanged between PE routers using
MP-BGP
Egress PE router converts VPN-IPv4 routes into IPv4
routes before inserting into sites routing table (VRF)
VPN-IPv4 is used only in the control plane
Data plane uses MPLS-encapsulated IPv4 packets

Copyright 2003, Juniper Networks,


Inc.

Using Route Distinguishers to


Disambiguate Addresses
10.1/16
CEA1

VPN A
Site 1

VPN A
Site 2

10458:22:10.1/16
PE 1

CEA2

PE 2

10458:23:10.1/16

VPN B
Site 1
CEB1

CEB2

VPN B
Site 2

10.1/16

The overlapping routes from A and B cannot be compared as they have unique
route distinguishers

Copyright 2003, Juniper Networks,


Inc.

Agenda: Layer 3 MPLS VPNs


RFC 2547bis Terminology
VPN-IPv4 Address Structure
Operational Characteristics
Policy-Based Routing Information Exchange
Traffic Forwarding

Copyright 2003, Juniper Networks,


Inc.

2547bis: Operational Overview


VPN A
Site 1

VPN A
Site 2

CEA2

VPN B
Site 2

CEA1
P

PE 2

PE 1
VPN B
Site 1
P
CEB1

CEB2
PE 3

VPN A
Site 3

CEA3

Control flow (signaling plane)


Routing information exchange between CE and PE routers

Independent at both ends

Routing information exchange between PE routers


LSP establishment between PE routers (RSVP or LDP signaling)

Data flow (forwarding plane)


Copyright 2003, Juniper Networks,
Forwarding user traffic

Inc.

RFC 2547bis Policies


VPNs defined by administrative policies
Used for connectivity and QoS guarantees
Defined by customers
Implemented by service providers
Full-mesh or hub-and-spoke connectivity
Logical VPN topology results from the application of export
and import route target policies

Copyright 2003, Juniper Networks,


Inc.

PE-PE Route Distribution


Distribution of routes is controlled by BGP extended

community attributes and VRF policy


Route target

Identifies a set of VRFs to which a PE router distributes routes

Site of origin/route origin

Identifies the specific site from which a PE router learns a route

Structured similarly to the route distinguisher


8 bytes in length

2-byte type field, 6-byte value field

Type 0

2-byte global administrator subfield (ASN)

4-byte local administrator subfield

Type 1

4-byte global administrator subfield (IANA-assigned IP Address)

2-byte local administrator subfield

Copyright 2003, Juniper Networks,


Inc.

Route Target Extended Community


Each VPN-IPv4 route advertised through MP-BGP

is associated with a route target community


Export policy or explicit configuration define the targets

associated with routes a PE router sends

Upon receipt of a VPN-IPv4 route, a PE router

decides whether to add that route to a VRF


Import policies or explicit configuration define which

routes to add to a given VRF

Route isolation between VRFs is accomplished

through careful policy administration


Service provider provisioning tools can determine the

appropriate export and import targets automatically

Copyright 2003, Juniper Networks,


Inc.

Exchange of Routing Information (1 of 7)


VPN B
Site 1

PE-1
CE-3

VPN A
Site 1

MP-IBGP Session

CE-1

CE-2

PE-2

VRF

VRF

VRF

VRF

VPN B
Site 2

CE-4

OSPF

VPN A
Site 2
10.1/16
1

CE device advertises route to PE router


Using traditional routing techniques (for example, OSPF,
RIP, BGP, and static routes)

Copyright 2003, Juniper Networks,


Inc.

Exchange of Routing Information (2 of 7)


VPN B
Site 1

CE-2

PE-2

PE-1
CE-3

VPN A
Site 1

MP-IBGP Session

CE-1

VRF

VRF

VRF

VRF

VPN B
Site 2

CE-4

OSPF

10458:23:10.1/16
2

IPv4 address is added to the appropriate VRF

Copyright 2003, Juniper Networks,


Inc.

VPN A
Site 2
10.1/16

Exchange of Routing Information (3 of 7)


VPN B
Site 1

CE-2

PE-2

PE-1
CE-3

VPN A
Site 1

MP-IBGP Session

CE-1

VRF

VRF

VRF

VRF

VPN B
Site 2

CE-4

OSPF

10458:23:10.1/16
3 VPN RED Export

VRF is configured to advertise the routes in the

VRF as L3VPN routes using MP-BGP

VRF configuration adds VPN RED route target

community

Copyright 2003, Juniper Networks,


Inc.

VPN A
Site 2
10.1/16

Exchange of Routing Information (4 of 7)


VPN B
Site 1

MP-IBGP Session

CE-1

CE-2

PE-2

PE-1
VRF

VRF

VRF

VRF

CE-3

VPN A
Site 1

VPN B
Site 2

CE-4

OSPF

10458:23:10.1/16
VPN RED Export
Label Z
Next Hop PE-2

VPN A
Site 2
10.1/16

VPN-IPv4 NLRI is advertised to other PE routers


Inner label (a.k.a VRF label, BGP label)
Extended communities

Route target

Site of origin

BGP next hop (RID of advertising PE router)

Copyright 2003, Juniper Networks,


Inc.

Exchange of Routing Information (5 of 7)


VPN B
Site 1

CE-2

PE-2

PE-1
CE-3

VPN A
Site 1

MP-IBGP Session

CE-1

VRF

VRF

VRF

VRF

CE-4

OSPF

VPN RED Import


5

MBGP

VPN B
Site 2

10458:23:10.1/16
VPN RED Export
Label Z
Next Hop PE-2

VPN A
Site 2
10.1/16

Each PE router is configured with import route targets


Import route target is used to incorporate VPN-IPv4 routes
into VRFs selectively

If import route target matches route target attribute in BGP route, the
route is installed into the bgp.l3vpn table and copied into appropriate
VRF(s)
Based on configured route target or import policies, 10458:23:10.1/16
is copied into the red VRF but not the blue VRF

Copyright 2003, Juniper Networks,


Inc.

Exchange of Routing Information (6 of 7)


VPN B
Site 1

VRF

VRF

VRF

VRF

10458:23:10.1/16
BGP Label (Inner) Label (Z)
MPLS (Outer) Label (y)

MBGP

VPN B
Site 2

CE-4

OSPF

VPN RED Import


6

CE-2

PE-2

PE-1
CE-3

VPN A
Site 1

MP-IBGP Session

CE-1

10458:23:10.1/16
VPN RED Export
Label Z
Next Hop PE-2

VPN A
Site 2
10.1/16

Each VPN-IPv4 route in a VRF is associated with:


Inner (VRF) label to reach the advertised NLRI (carried in
MP-BGP update)
Outer label to reach the PE router
All routes associated with the same VRF interface can

Copyright
2003, Juniper Networks,
share a common
label
Inc.

Exchange of Routing Information (7 of 7)


VPN B
Site 1

MP-IBGP Session

CE-1

PE-1
CE-3

VPN A
Site 1

CE-2

PE-2

VRF

VRF

VRF

VRF

VPN B
Site 2

CE-4

VPN A
Site 2

10.1/16 Next Hop PE1


7

Each IPv4 route installed in a VRF can be advertised

to the CEs associated with that VRF


For example, RIP, OSPF, and BGP
Routing policy can be used on the PE-CE link to control

the exchange of routing information further

Copyright 2003, Juniper Networks,


Inc.

Agenda: Layer 3 MPLS VPNs


RFC 2547bis Terminology
VPN-IPv4 Address Structure
Operational Characteristics
Policy-Based Routing Information Exchange
Traffic Forwarding

Copyright 2003, Juniper Networks,


Inc.

Data Flow (1 of 7)
VPN B
Site 1

CE-1
PE-1

CE-3

VPN A
Site 1

LSP

CE-2
PE-2

VRF

VRF

VRF

VRF

VPN B
Site 2

CE-4

VPN A
Site 2
10.1/16

The PE-to-PE LSP must be in place before

forwarding data across the MPLS backbone


LSPs are signaled through LDP or RSVP

Copyright 2003, Juniper Networks,


Inc.

Data Flow (2 of 7)

VPN B
Site 1

CE-2

CE-1
PE-1

VRF

VRF

VRF

VRF

CE-3

VPN A
Site 1

PE-2

IP
10.1.2.3

VPN B
Site 2

CE-4

VPN A
Site 2
10.1/16

The CE device performs a traditional IPv4 lookup and


sends packets to the PE router

Copyright 2003, Juniper Networks,


Inc.

Data Flow (3 of 7)
PE-1
1) Look up route in
Red VRF
2) Push BGP label (z)
3) Push outer label (x)

VPN B
Site 1

CE-2

CE-1
PE-1

VRF

VRF

VRF

VRF

CE-3

VPN A
Site 1

PE-2

CE-4

IP
10.1.2.3

The PE router consults the appropriate VRF for

the inbound interface


Two labels are derived from the VRF route
lookup and are pushed onto the packet
Copyright 2003, Juniper Networks,
Inc.

VPN B
Site 2

VPN A
Site 2
10.1/16

Data Flow (4 of 7)
PE-1
1) Look up route in
Red VRF
2) Push BGP label (z)
3) Push outer label (x)

VPN B
Site 1

CE-2

CE-1
PE-2

PE-1

VRF

VRF

VRF

VRF

CE-3

VPN A
Site 1

outer label (x)


BGP label (z)

IP
10.1.2.3

IP
10.1.2.3

VPN B
Site 2

CE-4

VPN A
Site 2
10.1/16

Packets are forwarded using two-level label stack


Outer (MPLS) label

Identifies the LSP to egress PE router


Resolves BGP next hop through inet.3
Distributed by RSVP or LDP

Inner (MP-BGP) label

Identifies outgoing interface from egress PE to CE


Copyright
2003, updates
Juniper
Networks,
Communicated
in MP-BGP
(control
plane)

Inc.

Data Flow (5 of 7)
VPN B
Site 1

PE-2

PE-1

CE-3

VPN A
Site 1

CE-2

CE-1

VRF

VRF

VRF

VRF
outer label (x)
BGP label (z)
IP
10.1.2.3

VPN B
Site 2

CE-4

VPN A
Site 2
10.1/16

After packets exit the ingress PE router, the outer label

is used to traverse the service provider


P routers are not VPN-aware

Copyright 2003, Juniper Networks,


Inc.

Data Flow (6 of 7)
Penultimate
Pop top label

VPN B
Site 1

CE-2

CE-1
PE-2

PE-1

VRF

VRF

VRF

VRF

CE-3

VPN A
Site 1

VPN B
Site 2

CE-4

VPN A
Site 2

BGP label (z)


IP
10.1.2.3

10.1/16

Penultimate hop popping (before reaching the egress PE


router) removes the outer label

Copyright 2003, Juniper Networks,


Inc.

Data Flow (7 of 7)

VPN B
Site 1

CE-2

CE-1
PE-1

VRF

VRF

VRF

VRF

CE-3

VPN A
Site 1

PE-2

VPN B
Site 2

CE-4

VPN A
Site 2
IP
10.1.2.3

10.1/16

The inner label is removed at the egress PE router


The native IPv4 packet is sent to the outbound

interface associated with the label


Copyright 2003, Juniper Networks,
Inc.

Module Review
1. Can you define the roles of P, PE, and CE routers?
2. What is the format of VPN-IPv4 addresses?
3. What is the role of the route distinguisher?
4. Can you describe the flow of 2547bis control

information?
5. Can you explain the operation of the 2547bis
forwarding plane?

Copyright 2003, Juniper Networks,


Inc.

Copyright 2003, Juniper Networks,


Inc.

Introduction to Juniper Networks Routers

Module 12: Routing Policy

Copyright 2003, Juniper Networks, Inc.

IJNR-6.b.6.1.2

Module Objectives
After successfully completing this module, you will be

able to:
State the purpose of routing policy
Explain the difference between import and export policies
Describe the default policy for OSPF, IS-IS, and BGP
Compare route filter match types
Write multiterm policies
Correctly apply policy to BGP
Use the CLI to monitor policy operation
Describe advanced policy capabilities

Copyright 2003, Juniper Networks,


Inc.

Routing Policy
Where we are going
Overview
When to use policy
Import vs. export policy
Routing policy flow
Generic policy syntax
Match conditions
Match actions
Default policies
Policy examples
Applying policy
Route filters
Advanced policy overview

Copyright 2003, Juniper Networks,


Inc.

Policy Overview
Controls routing information transferred into and out of

the routing table


Can ignore or change incoming routing information
Can suppress or change outgoing routing information

Policies are made up of match/action pairs


Match conditions can be protocol specific

Copyright 2003, Juniper Networks,


Inc.

When to Apply Policy


Apply policy when:
You do not want to import all learned routes into the routing
table
You do not want to advertise all learned routes to
neighboring routers
You want one protocol to receive routes from another
protocol
You want to modify information associated with a route

Copyright 2003, Juniper Networks,


Inc.

Import and Export Policies


Perform policy filtering with respect to the JUNOS

software routing table


JUNOS software applies import policy prior to inclusion

in the routing table


JUNOS software applies export policy only to active
routes in the routing table
Neighbors

Neighbors

Import
Routes

Routing
Table

Export
Routes

Protocol

Protocol
PFE

Copyright
Inc.

Forwarding
Table
2003,
Juniper

Networks,

Routing Policy Flow


Policies can be chained together
Evaluation normally proceeds left to right until a

terminating action is reached

Terminating actions are accept or reject

Individual policies can contain a collection of terms


Flow control actions such as next-policy supported

Route

Policy 1

Policy 2

Term A

Term A
Accept
or Reject

Term B

Policy n
Accept
or Reject

Term A

Accept
or Reject

Default
Policy

Accept
or Reject

Term B
Accept
or Reject

Term C

Term C
Accept
Copyright
or Reject

Inc.

2003,

Accept
Accept
Juniper
Networks,
or Reject

Reject

Generic Policy Syntax


Basic policy syntax:
policy-options {
policy-statement policy-name {
term term-name {
from {
match-conditions;
}
then {
action;
}
}
}
}

Copyright 2003, Juniper Networks,


Inc.

A policy
can have
multiple
terms

Match Conditions
Policies typically contain some form of match criterion
Possibilities include:
Neighbor address
Protocol (source of information)

BGP, direct, DVMRP, IS-IS, local, MPLS, OSPF,


PIM, RIP, static, aggregate

Routing protocol information

OSPF area ID

IS-IS level number

BGP attributes

Regular expression-based matches for AS path and

communities

Copyright 2003, Juniper Networks,


Inc.

Match Actions
The action associated with a given term/policy is

performed for matching routes:


Terminating actions

Accept route

Reject (or suppress) route

Flow control actions

Skip to next policy

Skip to next term

Modify attributes actions

Metric

Preference

Color

Next-hop address

Copyright 2003, Juniper Networks,


Inc.

Default Policies
Every protocol has a default policy
The default policy is applied implicitly at the end of the policy chain;
can be overridden with default-action statement
IS-IS and OSPF
Import: Accept all routes learned from that protocol

Technically, accept all LSPs/LSAs flooded by that protocol

Export: Reject everything

LSP/LSA flooding announces (IS-IS/OSPF) learned and local routes

RIP
Import all learned RIP routes, export nothing

RIP requires export policy to announce RIP (or other) routes

BGP
Import all routes learned from BGP neighbors
Export all active routes learned from BGP neighbors to all BGP
neighbors

EBGP-learned routes are exported to all BGP peers


IBGP-learned routes are exported to all EBGP peers (assumes logical IBGP full
mesh)

Copyright 2003, Juniper Networks,


Inc.

A Policy Example
Write a policy statement at the [edit policy-

options] hierarchy:

[edit policy-options]
user@host# show policy-statement advertise-ospf
term pick-ospf {
from protocol ospf;
then accept;
}

Apply the policy to one or more routing protocol in the

import, export, or both directions:


[edit protocols bgp]
user@host# set export advertise-ospf

Copyright 2003, Juniper Networks,


Inc.

Another Policy Example


Specifying multiple conditions in a from statement
means that all criteria must match before the action is
taken
[edit]
user@host# show policy-options
policy-statement isis-level2 {
term find-level2-routes {
from {
protocol isis;
Logical AND Function
level 2;
}
then accept;
}
}

Copyright 2003, Juniper Networks,


Inc.

Applying Policy
You must apply policies before they can take effect
Link-state protocols (IS-IS and OSPF) have only export

filtering points
BGP and RIP support both import and export policies
[edit protocols]
user@host# show
bgp {
import bgp-import;
export bgp-export;
}
ospf {
export ospf-export;
}
Copyright
2003, Juniper Networks,
Inc.

Apply Routing Policy to BGP


BGP has three filtering points per direction:
Global
Groups of neighbors
Individual neighbors
Only the most specific policies are applied to a

particular peer
Neighbor policy overrides group and global policies
Group policy overrides global policy

Copyright 2003, Juniper Networks,


Inc.

BGP Policy Application Example


[edit protocols]
user@host# show
bgp {
export local-customers;
group meganet-inc {
type external;
import [ martian-filter long-prefix-filter as-47-filter ];
peer-as 47;
neighbor 1.2.2.4;
neighbor 1.2.2.5;
}
group problem-child {
type external;
import [ as-47-filter long-prefix-filter martian-filter ];
export kill-private-addresses;
peer-as 54;
neighbor 1.2.2.6;
neighbor 1.2.2.7;
neighbor 1.2.2.8 {
import [ reject-unwanted as-666-routes ];
}
}
}

Copyright 2003, Juniper Networks,


Inc.

Route Filters
Use route filters to match an individual route (or

groups of routes)
You can specify multiple route filters within a single term
General syntax in the form of:

route-filter prefix/prefix-length match-type actions;

Route filter evaluation has special rules according to

the match type


Match types specify different sets of routes:
exact
orlonger
longer
upto
through
prefix-length-range

Policy test function is useful for route-filter debugging

Copyright 2003, Juniper Networks,


Inc.

Route Filter Match Types (1 of 2)


exact
Match the specified prefix and mask exactly
No other routes will be included

from route-filter 192.168/16 exact;

orlonger
Match the specified prefix and mask exactly
Also match any routes that start with the same prefix and have longer
masks
longer
from route-filter 192.168/16 orlonger;
Do not match the specified prefix and mask exactly
Match only the routes that start with the same prefix and have longer
masks

from route-filter 192.168/16 longer;

Copyright 2003, Juniper Networks,


Inc.

Route Filter Match Types (2 of 2)


upto
Match the specified prefix and mask exactly
Also match any routes that start with the same prefix and have
a mask no longer than the second value specified
from route-filter 192.168/16 upto /24;

through
Match the first specified prefix and mask exactly
Match the second specified prefix and mask exactly
Match all prefixes directly between the two prefixes
from route-filter 192.168/16 through 192.168.16/20;

prefix-length-range
Match only routes that start with the same prefix and have a
mask between the two values specified (inclusive match)
from route-filter 192.168/16 prefix-length-range /20-/24;

Copyright 2003, Juniper Networks,


Inc.

Match Types Summary


Given a starting prefix of 192.168/16, what matches with
each option?
192.168/16

192.168/16

orlonger (down to /32)

exact
192.168/16

longer (down to /32)

192.168/16

/x

Copyright 2003, Juniper


Networks,
/y
prefix-length-range /x-/y
Inc.

upto

192.168/16

192.168/16

through

Route Filter Actions


term term-name {
from {
route-filter dest-prefix match-type actions;
route-filter dest-prefix match-type actions;
}
then actions;
}

LongestMatch
Lookup

Only one route filter in a given term can be considered a

match

Longest-match lookup is performed on the prefix being

evaluated

If an action is specified to a route filter, it takes effect

immediately

The global then portion of the term is ignored

If specific actions are not defined, the then portion of the term is
executed for matching prefixes

Copyright 2003, Juniper Networks,


Inc.

Test Your Knowledge (1 of 2)


Which action is taken when this policy evaluates
10.0.67.43/32?
[edit policy-options policy-statement pop-quiz]
user@host# show
from {
route-filter 10.0.0.0/16 orlonger accept;
route-filter 10.0.67.0/24 orlonger;
route-filter 10.0.0.0/8 orlonger reject;
}
then {
metric 10;
accept;
}

Copyright 2003, Juniper Networks,


Inc.

Test Your Knowledge (2 of 2)


Which action is taken when this policy evaluates
10.0.55.2/32?
[edit policy-options policy-statement pop-quiz]
user@host# show
from {
route-filter 10.0.0.0/16 orlonger accept;
route-filter 10.0.67.0/24 orlonger;
route-filter 10.0.0.0/8 orlonger reject;
}
then {
metric 10;
accept;
}

Copyright 2003, Juniper Networks,


Inc.

Monitoring Policy Operation


Neighbors
Routes

Route
Filters

Import
Policy

Export
Policy
Routing
Table

Neighbors
Routes

Protocol

Protocol

show route receive-protocol bgp neighbor


Show routes before import policy

show route advertising-protocol bgp neighbor


Shows routes after export policy

The show route receive-protocol and show

route advertising-protocol commands:

Display routing updates received before import and after

export policy processing, respectively

Filtered routes are the exception for import policy

Question: How can you monitor the effects of your

Copyright 2003, Juniper Networks,


import policy?
Inc.

Review Questions
1. What is the purpose of routing policy?
2. The terms import and export are based on the
3.
4.
5.
6.
7.

perspective of which entity within the router?


How does the default policy for OSPF differ from that
of BGP?
What types of match conditions are supported in
policy?
What types of match actions can you use in policy?
Explain the difference between applying policy at the
global, group, and peer levels of BGP.
What command would you use to monitor the effects of
your import policy?
Copyright 2003, Juniper Networks,
Inc.

Lab 5: Routing Policy

Lab Objective:
Configure routing policy on your router using
JUNOS software. You will complete this lab by
configuring a policy to the RIP configuration
left in place from the last lab.

Copyright 2003, Juniper Networks,


Inc.