Juniper Summer School

Routing

August 2009

*** OFFTOPIC: ***

JNCIE-ER

* JN0-342

* 60 questions

* 70%minimum to pass

*** Juniper Networks Enterprise Routers ***

Junos :)

* lauched in 1998

* "The power of One"

- one OS

- one Release

- one Architecture

* Architecture (SW&HW)

- Control Plane

* a PC with BSD on which Junos runs

* CLI

* Routing Engine

- routing protocols -> routing table -> forwarding table

- one ore more real-time OS threads

- main objective: generate FT and send it to the PFE

- Forwarding Plane

* Packet Forwarding Engine

- basiclly Hight Performance Swich

- based on ASICs

- haz a copy of the forwarding table

- the Control Plane had daemons

- "devide & conquer": modularity

* J-Series

- same model as M and T series

- runs real-time BSD kernel

- emulates everything:

- RE

- PFE

- Services

* Routing platforms:

- M,T,MX series

- J series

* Security platforms

- SRX Series

- J Series

* Switching platforms:

- EX3200, EX4200

- EX8200

* Small & Medium Enterpriese: J-Series

* Core: M-Series and T-Series

* Large Enterprise: M-Series

* M-Series

- Hardware-based forwarding

- IA-32 microprocesor

* Terminology

- RE: Routing Engine

- CB: Control Board

- PFE: Packet Forwarding Engine

- FPC: Flexible PIC Concentrator

- cFPC: compact FPC

- PIC: Physical Interface Card

- PIM: Physical Interface Module

- FEB: Fordarding Engine Board

* M7i

- 7 = Gbps half duplex throughput

- out of band Ethernet interface: just for management

* M10i

- 2*REs

- 2*CFEBs

* Interface naming

MM-F/P/T

MM=Media type (e1,fe,ge,se,t1,t3)

F = FPC slot

P = PIC

T = port number

* Network Management

User interface

- CLI

- J-Web

Solutions

something Scope

-SNMP

*** JUNOS User Interface ***

* Getting in

- JWeb

- CLI

* from console

* from telnet/ssh

- Dedicated Ethernet port

* M series fxp0

* EX Series me0

* User Authentification

- local database

* name & password

* individual accounts and home dir

* Authentication order

(c) authentication-order radius tacplus password

* receving REJECT != not receiving anything at all

* Authorisation

- loging class

* operator

* read-only

* super-user

* unauthorised

* CUSTOM

* Configurations

- Active configuration

(c) configure

- Candidate configuration

(c) commit

- rollback 0 = Active

- 1-49 backup active configs

(c) rollback X

backup X become candidate config

- (c) configure private - each user gets a candidate

* Junos CLI

- Operational mode

* monitor and troubleshoot (ping&palls)

* user@router>

- Configuration mode

* user@router#

- if you login as root, you get in the unix shell

* (c) cli

- EMACS style

* ctrl+b

* ctrl+a

* ctrl+f

- spacebar completes

- ? shows posibilites

- help ~= man in UNIX

- help refernce = examples of configs

- | pipe

- match ~= grep in UNIX

- edit ~= cd in the command hierarchie

- up ~= cd ..

- top ~= cd /

- up N = N levels up

- comparing

(c) show [something] | compare rollback [N]

(c) file FILE compare FILE2

- rename, replace, copy

(c) rename interfaces ge-0/0/10 to ge-0/0/11

(c) replace pattern ge-0/0/10 with ge-0/0/11

(c) copy

- commiting

(c) commit

(c) commit check = check without commit

(c) commit confirmed = temp commit to active

(c) commit at

(c) commit comment

- save

(c) save FILENAME

- run ~= IOS's do

(c) run ping ...

* J-Web GUI

- quick configuration wizards

- configuration mainanance

- system monitoring

- manipulate files

- install packets

- install licences

*** Installation and Initial Configuration ***

* gracefull shutdown

(c) request system halt

(w) Manage -> Reboot

* Autoinstalation

- adress acquisition (DHCP, RARP, SLARP)

- files and config (TFTP, FTP)

(c) show system autoinstalation

* Factory default

- doesn't load with a root password

(c) load factory-default

(c) set system autoinstalation interfaces/configuration-server

- DHCP server mode on built-in Einterfaces only

* stop/restart autoinstall

(ch) request system autoinstalation stop

(ch) restart autoinstalation

- hidden commands: sensitive

* Rescue configuration (J-Series)

- press the reset button for the system to load it

- if you press for more then 15-20 sec: loads factory defaults

(w) Configation -> Rescue

(c) request system configuration rescue [save | delete]

(c) rollback rescue

* Initial config Checklist

- Root pass

- Hostname

- System time

- Domain name & DNS servers

- remote access protocols

- Management and loopback interface properties

- A default route

* Also configure

- User accounts and persmisions

- SNMP network maangement

- Interface properties

* J-Web factoty defaults

- dhcp from fe-0/0/0 or ge-0/0/0

(w) Configuration -> Quick Configuration -> Setup Wizard

(w) Configuration -> Quick Configuration -> SNMP

- view configuration

(w) Configration -> View and Edit -> View

* Initial Configuration using the CLI

- log in as root with no password

(c) cli - fomr UNIX shell to Operational Mode

(c) edit system

(c) set host-name myHostName

(c) set domain-name example.com

(c) set root-authenticasion plain-test-password

(c) set ntp server SERVER

(c) run set date 200505050504.43

(c) set name-server IP_DNS

(c) set interfaces lo0 unit 0 family inet address 10.0.0.1/32

(c) set services telnet

(c) set services ssh

(c) edit snmp cummunity COMNAME

(C) edii snmp trap

* Interface config

MM-F/P/T

F = pim slot number

P = virtual PIM number (set to 0 for Jseries)

T = port number

- logical units = cisco's subinterfaces

- PPP and HDLC don't suport units...only has unit 0

- multiple IP addressesd on logical units

- Phsysical properties

* clocking

* crambling

* FCS

* MTU

* data link protocols, keepalives

* diagnostic charateristics

- Logical properties

* protocol family: inet, inet6, iso, mpls

* Family MTU

* Addesses (ipv6,ipv4, net)

* Interfaces on J-Web

(w) Configuration -> Quick Configuration -> Interfaces

* Interfaces on CLI

- disable

- detele disable

- deactivate: comment line in config

* Interface Groups

(c) show groups

*** Operational Monitoring and Mainenance ***

* Monitoring system operation

- memory utilisation

(w) Monitor -> System

(c) show system SOMETHING

* Front Panel Indicators

- Status - blinks during kernel boot, green after boot, blinks red on error

- Alarm - read when major alarm; yellow on minor alarm

(c) show system uptime

(c) show system users

(c) show sysyem sofyware

(c) show system storage

(c) show system alarms

- CPU, hardware, cards

(w) Monitor -> Chassis

(c) show chassis

(c) show chassis alarms

(c) show chassis enviroment

(c) show chassis routing-engine

* Monitoring Interfaces

(w) Monitor -> Interfaces

(c) monitor interface

* restart Card

(c) request chassis fpc restart

* Monitor trafic

(c) monitor traffic

* Trace ~= debug

* System logging Facilities

- any

- authorisation

- change-log

- conflict-log

- daemon

- dfc (dynamic flow capture)

- firewall

- ftp

- interaction-commands

- kernel

* Syslog Severity Levels

- none

- debug

- info

- notice

- warning

- error

- critical

- alert

- emergency

* file keyword

- filename, facility, archive

* Trace

(c) show log FILENAME

(c) montor start FILENAME ~=tail -f

(c) monitor stop / Esc+q to suspent montor start

(c) clear log FILENAME

* License Management

- no licence=feature will work, but with messages and no support

(c) show system license keys

(w) Manage -> Licenses

(c) show system licence usages

* Maintaning JunOS Software

- primary bood device

* /dev/ad0 compact flash drive

- secomdary boot device

* usb or hdd

- domestic version: encription

- export version: 56bit enc

- SHA-1 on packages for integrety

- name convention:

* junos-jseries-8.2R2.4-domestic.tgz

*junos-Xseries-m.nZnumber-region.tgz

- upload to /var/tmp

(c) request system software add

(w) Manage -> Software -> Install Package

(c) request system software rollback

(c) request system reboot

(c) requst system snapshot

(w) Manage -> Snapshot

* File System

/ root

/config first 3 rollbacks

/var/db/config rollback 4-49

/var/tmp

* System cleanup

(w) Manage -> Files

(c) file delete

(c) request system software delete-backup

* Password recovery

- spacebar on boot

- boot -s to boot in sigle-user mode

(c) recovery

*** Routing Protocols and Policy ***

* The Routing Table

- inet.0 unicat routes

- inet.1 mulicast fwd cache

- inet.2 MBGP

- inet.3 MPLS path information

- inet6.0 unicast routes

- mpls.0 MPLS next hops (some sort of label switching table)

- __juniper_private1__.inet.0

- __juniper_private1__.inet6.0

- protocols:

* Direct (~=connected)

* Local

* Static

* RIP

* OSPF

- route preference (~= administrative distance)

* 32bit value

* Direct = 0

* Local = 0

* Static = 5

* OSPF Internal = 10

* RIP = 100

* Aggregate = 130

* OSPF AS external = 150

* BGP(EBGP and IBGP) = 170

(c) show route

(c) show bgp summary

(c) show bgp neighbor

(c) show ospf ALL

(c) show route extended

* Routing policy

- what does in or out to/from the RT

- Import policy Neighbor -> RT

- Export policy RT->Neighbor

-

* Routing Policy Flow

- Policy 1,2,3, Default Policy

* term A,B,C

* route filter

(c) router-filter [dest-prefix] [match-type] [actions]

* exact

* orlonger

* longer

* upto

* prefix-lenght-range /x-/y

- longest match matches first if more route-filters

*THIS IS IMPORTANT!

(w) Configuration -> Quick Configuration -> Routing and Protocols

(w) Monitor -> Routing

* RIP

* default policy is reject

- doesn't send anything, doesn't accept anything

*** Misc Features ***

* VRRP:

- Master and Backup Routers

- Virtual router has the VIP address

- higher priority is better

- muticast on 224.0.0.18

- keepalive every 1sec

- preemption is optional

* DHCP

- Server, Client. Relay, Binding

*** OSPF ***

* 5 packet types

- hello

- Database Description

- LSR

- LSU

- LSAck

* Adjanceny Formation

- down

- 2Way

- ExStart

- Exchange

- Loading

- Full

* LSA Types

- Type 1 - Router LSA

* one per router in an area

* the router describes himselv to the area

- Type 2 - Network LSA

* when a DR is elected

- Type 3 and 4 - Summary Links

* generated by the ABR

- Type 5 - External LSA

* generated by the ASBR

- Type 7 - NSSA External Links

* generated by the ASBR

*** Services ***

* Layer 2 services

- MLPPP

- MLFR

- CRTP

* Layer 3 services

- NAT/PAT

- Statefull firewall

- IPSec VPN

- Intrusion Detection

* Servies provided by

- AS PIC

(c) chassis fpc

- AS Module (M7i)

- JSeries software proceses

- Link Services PIC

- Tunnel PIC

* MLPPP

- Multi Link PPP

- crates virtual links

- loadlancing

(c) interfaces ls-0/0/0