Juniper Summer School Routing Notes August 2009

Juniper Summer School Routing August 2009

*** OFFTOPIC: *** JNCIE-ER * JN0-342 * 60 questions * 70%minimum to pass

*** Juniper Networks Enterprise Routers ***

Junos :) * lauched in 1998 * "The power of One" - one OS - one Release - one Architecture * Architecture (SW&HW) - Control Plane * a PC with BSD on which Junos runs * CLI * Routing Engine - routing protocols -> routing table -> forwarding table - one ore more real-time OS threads - main objective: generate FT and send it to the PFE - Forwarding Plane * Packet Forwarding Engine - basiclly Hight Performance Swich

- based on ASICs - haz a copy of the forwarding table - the Control Plane had daemons - "devide & conquer": modularity * J-Series - same model as M and T series - runs real-time BSD kernel - emulates everything: - RE - PFE - Services * Routing platforms: - M,T,MX series - J series * Security platforms - SRX Series - J Series * Switching platforms: - EX3200, EX4200 - EX8200 * Small & Medium Enterpriese: J-Series * Core: M-Series and T-Series * Large Enterprise: M-Series * M-Series - Hardware-based forwarding - IA-32 microprocesor * Terminology - RE: Routing Engine - CB: Control Board - PFE: Packet Forwarding Engine - FPC: Flexible PIC Concentrator - cFPC: compact FPC

- PIC: Physical Interface Card - PIM: Physical Interface Module - FEB: Fordarding Engine Board * M7i - 7 = Gbps half duplex throughput - out of band Ethernet interface: just for management * M10i - 2*REs - 2*CFEBs

* Interface naming MM-F/P/T MM=Media type (e1,fe,ge,se,t1,t3) F = FPC slot P = PIC T = port number * Network Management User interface - CLI - J-Web Solutions something Scope -SNMP *** JUNOS User Interface *** * Getting in - JWeb - CLI * from console * from telnet/ssh - Dedicated Ethernet port * M series fxp0

* EX Series me0 * User Authentification - local database * name & password * individual accounts and home dir * Authentication order (c) authentication-order radius tacplus password * receving REJECT != not receiving anything at all * Authorisation - loging class * operator * read-only * super-user * unauthorised * CUSTOM * Configurations - Active configuration (c) configure - Candidate configuration (c) commit - rollback 0 = Active - 1-49 backup active configs (c) rollback X backup X become candidate config - (c) configure private

- each user gets a candidate

* Junos CLI - Operational mode * monitor and troubleshoot (ping&palls) * user@router> - Configuration mode * user@router# - if you login as root, you get in the unix shell * (c) cli

- EMACS style * ctrl+b * ctrl+a * ctrl+f - spacebar completes - ? shows posibilites - help ~= man in UNIX - help refernce = examples of configs - | pipe - match ~= grep in UNIX - edit ~= cd in the command hierarchie - up ~= cd .. - top ~= cd / - up N = N levels up - comparing (c) show [something] | compare rollback [N] (c) file FILE compare FILE2 - rename, replace, copy (c) rename interfaces ge-0/0/10 to ge-0/0/11 (c) replace pattern ge-0/0/10 with ge-0/0/11 (c) copy - commiting (c) commit (c) commit check = check without commit (c) commit confirmed = temp commit to active (c) commit at (c) commit comment - save (c) save FILENAME - run ~= IOS's do (c) run ping ... * J-Web GUI - quick configuration wizards - configuration mainanance - system monitoring - manipulate files

- install packets - install licences

*** Installation and Initial Configuration *** * gracefull shutdown (c) request system halt (w) Manage -> Reboot * Autoinstalation - adress acquisition (DHCP, RARP, SLARP) - files and config (TFTP, FTP) (c) show system autoinstalation * Factory default - doesn't load with a root password (c) load factory-default (c) set system autoinstalation interfaces/configuration-server - DHCP server mode on built-in Einterfaces only * stop/restart autoinstall (ch) request system autoinstalation stop (ch) restart autoinstalation - hidden commands: sensitive * Rescue configuration (J-Series) - press the reset button for the system to load it - if you press for more then 15-20 sec: loads factory defaults (w) Configation -> Rescue (c) request system configuration rescue [save | delete] (c) rollback rescue * Initial config Checklist - Root pass - Hostname

- System time - Domain name & DNS servers - remote access protocols - Management and loopback interface properties - A default route * Also configure - User accounts and persmisions - SNMP network maangement - Interface properties * J-Web factoty defaults - dhcp from fe-0/0/0 or ge-0/0/0 (w) Configuration -> Quick Configuration -> Setup Wizard (w) Configuration -> Quick Configuration -> SNMP - view configuration (w) Configration -> View and Edit -> View * Initial Configuration using the CLI - log in as root with no password (c) cli

- fomr UNIX shell to Operational Mode

(c) edit system (c) set host-name myHostName (c) set domain-name example.com (c) set root-authenticasion plain-test-password (c) set ntp server SERVER (c) run set date 200505050504.43 (c) set name-server IP_DNS (c) set interfaces lo0 unit 0 family inet address 10.0.0.1/32 (c) set services telnet (c) set services ssh (c) edit snmp cummunity COMNAME (C) edii snmp trap * Interface config MM-F/P/T

F = pim slot number P = virtual PIM number (set to 0 for Jseries) T = port number - logical units = cisco's subinterfaces - PPP and HDLC don't suport units...only has unit 0 - multiple IP addressesd on logical units - Phsysical properties * clocking * crambling * FCS * MTU * data link protocols, keepalives * diagnostic charateristics - Logical properties * protocol family: inet, inet6, iso, mpls * Family MTU * Addesses (ipv6,ipv4, net) * Interfaces on J-Web (w) Configuration -> Quick Configuration -> Interfaces * Interfaces on CLI - disable - detele disable - deactivate: comment line in config * Interface Groups (c) show groups

*** Operational Monitoring and Mainenance *** * Monitoring system operation - memory utilisation (w) Monitor -> System (c) show system SOMETHING * Front Panel Indicators

- Status - blinks during kernel boot, green after boot, blinks red on error - Alarm - read when major alarm; yellow on minor alarm (c) show system uptime (c) show system users (c) show sysyem sofyware (c) show system storage (c) show system alarms - CPU, hardware, cards (w) Monitor -> Chassis (c) show chassis (c) show chassis alarms (c) show chassis enviroment (c) show chassis routing-engine * Monitoring Interfaces (w) Monitor -> Interfaces (c) monitor interface * restart Card (c) request chassis fpc restart * Monitor trafic (c) monitor traffic * Trace ~= debug * System logging Facilities - any - authorisation - change-log - conflict-log - daemon - dfc

(dynamic flow capture)

- firewall - ftp - interaction-commands - kernel

* Syslog Severity Levels - none - debug - info - notice - warning - error - critical - alert - emergency * file keyword - filename, facility, archive * Trace (c) show log FILENAME (c) montor start FILENAME ~=tail -f (c) monitor stop / Esc+q

to suspent montor start

(c) clear log FILENAME * License Management - no licence=feature will work, but with messages and no support (c) show system license keys (w) Manage -> Licenses (c) show system licence usages * Maintaning JunOS Software - primary bood device * /dev/ad0 compact flash drive - secomdary boot device * usb or hdd - domestic version: encription - export version: 56bit enc - SHA-1 on packages for integrety - name convention: * junos-jseries-8.2R2.4-domestic.tgz

*junos-Xseries-m.nZnumber-region.tgz - upload to /var/tmp (c) request system software add (w) Manage -> Software -> Install Package (c) request system software rollback (c) request system reboot (c) requst system snapshot (w) Manage -> Snapshot * File System / root /config first 3 rollbacks /var/db/config rollback 4-49 /var/tmp * System cleanup (w) Manage -> Files (c) file delete (c) request system software delete-backup * Password recovery - spacebar on boot - boot -s to boot in sigle-user mode (c) recovery

*** Routing Protocols and Policy ***

* The Routing Table - inet.0 unicat routes - inet.1 mulicast fwd cache - inet.2 MBGP - inet.3 MPLS path information - inet6.0 unicast routes

- mpls.0 MPLS next hops (some sort of label switching table) - __juniper_private1__.inet.0 - __juniper_private1__.inet6.0 - protocols: * Direct (~=connected) * Local * Static * RIP * OSPF - route preference (~= administrative distance) * 32bit value * Direct = 0 * Local = 0 * Static = 5 * OSPF Internal = 10 * RIP = 100 * Aggregate = 130 * OSPF AS external = 150 * BGP(EBGP and IBGP) = 170 (c) show route (c) show bgp summary (c) show bgp neighbor (c) show ospf ALL (c) show route extended * Routing policy - what does in or out to/from the RT - Import policy Neighbor -> RT - Export policy RT->Neighbor * Routing Policy Flow - Policy 1,2,3, Default Policy

* term A,B,C * route filter (c) router-filter [dest-prefix] [match-type] [actions] * exact * orlonger * longer * upto * prefix-lenght-range /x-/y - longest match matches first if more route-filters *THIS IS IMPORTANT! (w) Configuration -> Quick Configuration -> Routing and Protocols (w) Monitor -> Routing * RIP * default policy is reject - doesn't send anything, doesn't accept anything

*** Misc Features *** * VRRP: - Master and Backup Routers - Virtual router has the VIP address - higher priority is better - muticast on 224.0.0.18 - keepalive every 1sec - preemption is optional * DHCP - Server, Client. Relay, Binding

*** OSPF ***

* 5 packet types - hello - Database Description - LSR - LSU - LSAck * Adjanceny Formation - down - 2Way - ExStart - Exchange - Loading - Full * LSA Types - Type 1 - Router LSA * one per router in an area * the router describes himselv to the area - Type 2 - Network LSA * when a DR is elected - Type 3 and 4 - Summary Links * generated by the ABR - Type 5 - External LSA * generated by the ASBR - Type 7 - NSSA External Links * generated by the ASBR

*** Services *** * Layer 2 services - MLPPP - MLFR - CRTP * Layer 3 services - NAT/PAT

- Statefull firewall - IPSec VPN - Intrusion Detection

* Servies provided by - AS PIC (c) chassis fpc - AS Module (M7i) - JSeries software proceses - Link Services PIC - Tunnel PIC * MLPPP - Multi Link PPP - crates virtual links - loadlancing (c) interfaces ls-0/0/0