Print Book $69.99
Print+PDF
$90.99
Print Book £43.99
March 2008
Pages: 812
Cover | Table of Contents | Colophon
Index
[ Symbols ], [ A ], [ B ], [ C ], [ D ], [ E ], [ F ], [ G ], [ H ], [ I ], [ J ], [ K ], [ L ], [ M ], [ N ], [ O ], [ P ], [ Q ], [ R ], [ S ], [ T ], [ U ], [ V ], [ W ], [ X ], [ Z ],
Symbols[ Top ]
* (asterisk), in regular expression, 300
^ (caret), in regular expression, 300
> (chevron), CLI operational mode prompt, 5
: (colon), in interface name, 38
$ (dollar sign), in regular expression, 300
- (hyphen), in interface name, 32
# (octothorpe), CLI configuration mode prompt, 12
% (percent sign), shell prompt, 6
. (period)
in interface name, 38
in regular expression, 300
? (question mark)
command completion, 21
in regular expression, 300
/ (slash), in interface name, 32
A[ Top ]
AAL (ATM adaptation layer), 695
AAL5 mode (ATM Layer 5), 695
ABR (area border router), 695
OSPF, 124, 125
accept action, firewall filters, 308
accept-data command, 58
access concentrator, 695
access lists, Cisco (see firewall filters)
access point name (see APN)
access security, 293
remote access, 303-307
user authentication, 296-302
(see also security)
accounting services, 695
ACFC (Address and Control Field Compression), 695
action modifiers, firewall filters, 308
active monitoring, 394
Active Queue Management (see AQM)
active route, 695
AD (administrative distance), 78, 118
adaptive services, 695
Adaptive Services Module (see ASM)
Adaptive Services PIC (see ASP)
adaptive shaping, CoS, 515, 553-554
add/drop multiplexer (see ADM)
Address and Control Field Compression (see ACFC)
address match conditions, firewall filters, 310, 696
Address Resolution Protocol (see ARP)
addressing, multicast, 572
mapping to link layer, 573-582
scoping of, 574-576
adjacency, 696
Adjacency-RIB-In, 696
Adjacency-RIB-Out, 696
ADM (add/drop multiplexer), 696
administrative distance (see AD)
ADSL (asymmetrical digital subscriber line), 48-49, 696
ADSL interface, 696
ADSL2 interface, 696
ADSL2+ interface, 696
Advanced Encryption Standard (see AES)
adverse-inactive option, for global route preference, 80
ae media type, 32
AES (Advanced Encryption Standard), 696
AF (Assured Forwarding) class, 472
AF PHB, 489
aggregate routes, 73, 696
compared to generated routes, 72, 75-77
compared to static routes, 72, 74
next hop types for, 73
aggregated interface, 696
AH (authentication header), 696
ALG (Application Layer Gateway), 363-365
ALI (ATM line interface), 696
allow command, 299
alternate priority queuing (see APQ)
American National Standards Institute (see ANSI)
ANSI (American National Standards Institute), 696
Any Source Multicast (see ASM)
Anycast-RP discovery, PIM, 588
configuring, 629-633
verifying, 634-637
with MSDP, 638
APN (access point name), 696
Application Layer Gateway (see ALG)
application-specific integrated circuit (see ASIC)
apply-path command, 317
APQ (alternate priority queuing), 697
APS (Automatic Protection Switching), 697
AQM (Active Queue Management), 474
area (contiguous networks and hosts), 125-127, 697
area (routing subdomain), 697
area border router (see ABR)
area types, OSPF, 126
area-range command, 179
ARP (Address Resolution Protocol), 697
AS (autonomous system), 200, 697
AS external link advertisement, 697
AS number, for BGP, 89, 212, 213
AS path, 697
AS path attribute, BGP, 203, 272, 275-280
AS path regex matching, 107-108
ASBR (autonomous system boundary router), 125, 697
ASBR Summary LSA, 697
ASIC (application-specific integrated circuit), 697
ASM (Adaptive Services Module), 349, 697
ASM (Any Source Multicast), 580, 589, 697
ASN (see AS number)
ASP (Adaptive Services PIC), 349, 362, 369
Assured Forwarding (AF) class, 472
asterisk (*), in regular expression, 300
asymmetric link speeds, with BGP, 214-219
asymmetric load balancing, with BGP
baseline configuration, validating, 221
configurating generated default route for, 223-226
configuring BGP peering for, 227-233
export policy for, 227, 235
import policy for, 227, 234
multipath option for, 237, 238-242
per-packet load-balancing algorithm for, 237, 242-243
requirements for, 219
asymmetrical digital subscriber line (see ADSL)
Asynchronous Transfer Mode (see ATM)
at media type, 32
ATM (Asynchronous Transfer Mode), 697
ATM adaptation layer (see AAL)
ATM Layer 5 (see AAL5 mode)
ATM line interface (see ALI)
ATM-over-ADSL interface, 698
atomic operation, 698
attacks, protection from (see intrusion detection services)
AUC (authentication center), 698
authentication
of users, 296-302
RIP deployment, 144
authentication center (see AUC)
authentication header (see AH)
Authentication TRAPs, SNMP, 339
authentication-order command, 300
automatic policing, 698
Automatic Protection Switching (see APS)
auto-negotiation, 698
autonomous system (see AS)
autonomous system boundary router (see ASBR)
autonomous system external link advertisement, 698
autonomous system number (see AS number)
autonomous system path, 698
auto-RP discovery, PIM, 587, 698
availability of data, 294
avian-based transport technology, 202
B[ Top ]
BA (behavior aggregate) classification, 470, 698
in ingress processing, 479, 491
in rewrite marking, 497, 517, 524-527
with DiffServ, 487, 544-546
backbone area, OSPF, 126, 698
backbone router, OSPF, 124, 698
backplane (see midplane)
backup designated router (see BDR)
backup tunnels, IPSec VPN, 417-425
backward explicit congestion notification (see BECN)
bandwidth, 698
adding to IP networks, 465
as QoS parameter, 469
bandwidth community support, BGP, 237
bandwidth model, 698
bandwidth on demand (on a link), 698
bandwidth on demand (on a Services Router), 699
base station controller (see BSC)
base station subsystem (see BSS)
Base Station System GPRS Protocol (see BSSGP)
base tranceiver station (BTS), 700
Basic Rate Interface (see BRI)
B-channel, 699
BDR (backup designated router), OSPF, 123, 698
BE (Best Effort) forwarding class, 472
bearer channel (see B-channel)
BECN (backward explicit congestion notification), 699
behavior aggregate classification (see BA classification)
Bellman-Ford algorithm, 699
BERT (bit error rate test), 699
Best Effort (BE) forwarding class, 472
BFD (Bidirectional Forwarding Detection), 51, 130, 699
BGP (Border Gateway Protocol), 200-207, 227, 699
AS number for, 89, 212
asymmetric link speeds with, 214-219
asymmetric load balancing with
baseline configuration, validating, 221
configuring BGP peering for, 227-233
configuring generated default route for, 223-226
export policy for, 227, 235
import policy for, 227, 234
multipath option for, 237, 238-242
per-packet load-balancing algorithm for, 237, 242-243
requirements for, 219
bandwidth community support, 237
compared to IGP, 201
External (EBGP), 207-209, 215, 710
for dual-homed network, 212, 213
for enterprise
requirements for, 219
when to use, 212
Internal (IBGP), 207-212, 215, 216, 217-219, 718
multihoming
aggregate route for, 254-256
attributes affecting, 271, 275-286
EBGP peering for, 251-254
IBGP peering for, 256-265
inbound (export) policy for, 271-286
outbound (import) policy for, 249, 266-270
requirements for, 247-249
route reflection for, 261-262, 268
path selection, 205-207
route attributes, 203
routing loops, preventing, 217-219
routing policy for, 92, 93, 104
transit services, not providing, 216
bgp.12vpn.0 route table, 84
bgp.13vpn.0 route table, 84
Bidirectional Forwarding Detection (see BFD)
bidirectional NAT, 366
binary trees, and route filters, 98-100
bit error rate test (see BERT)
bit field match conditions, firewall filters, 310, 311, 699
bit rate, 699
BITS (Building Integrated Timing Source), 699
Blowfish method, 699
books and documentation
IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks (Doraswamy; Harkins), 367
JUNOS Cookbook (Garrett), 24
"JUNOS Enhanced Services Migration Guide", 652
JUNOS software documentation, 78
"Network QoS Needs of Advanced Internet Applications" (survey by Internet QoS working group), 468
(see also RFC entries)
BOOTP (bootstrap protocol), 699
bootstrap router, 699
bootstrap RP discovery, PIM, 587
configuring, 617-619
troubleshooting, 623-629
verifying, 619-623
Border Gateway Protocol (see BGP)
BPDU (bridge protocol data unit), 699
br media type, 33
branches, distribution tree, 571
BRI (Basic Rate Interface), 699
bridge, 700
bridge protocol data unit (see BPDU)
broadcast, 700
Broadcast mode, NTP, 340
BSC (base station controller), 700
BSR (bootstrap router), 587, 619
BSS (base station subsystem), 700
BSSGP (Base Station System GPRS Protocol), 700
BTS (base tranceiver station), 700
buffer size, MDDR scheduler, 499
buffers, 700
Building Integrated Timing Source (see BITS)
bundle (physical links), 52, 700
bundle (software), 700
burst size, setting, 320, 322
bypass LSP, 700
C[ Top ]
CA (certificate authority), 700
CAC (call admission control), 700
CAIDA (Cooperative Association for Internet Data Analysis), 700
call admission control (see CAC)
Call Detail Record (see CDR)
call establishment phase, 484
callback, 700
caller ID, 700
CAMEL (Customized Applications of Mobile Enhanced Logic), 701
candidate configuration, 701
candidate RP advertisements, 701
caret (^), in regular expression, 300
carrier-of-carriers VPN, 701
CB (Control Board), 701
CBC (cipher block chaining), 701
CBF (Class-Based Forwarding), 479, 495
CBR (constant bit rate), 701
CCC (circuit cross-connect), 701
CDMA (Code Division Multiple Access), 701
CDMA2000, 701
CDR (Call Detail Record), 701
CE (customer edge) device, 701
cell loss priority bits (see CLP bits)
cell relay, 701
cell switching (see packet switching)
cell tax, 702
cell-relay mode, 701
central office (see CO)
certificate authority (see CA)
certificate revocation list (see CRL)
cFEB (compact Forwarding Engine Board), 2, 702
cflowd application, 702
CFM (cubic feet per minute), 702
Challenge Handshake Authentication (see CHAP)
channel, 702
channel group, 702
channel number, for interfaces, 38
channel service unit/data service unit (see CSU/DSU)
channelized E1, 702
channelized interface, 702
channelized T1, 702
CHAP (Challenge Handshake Authentication), 702
chassis daemon (see chassisd)
chassis slot number, for interfaces, 33
Chassis TRAPs, SNMP, 339
chassisd (chassis daemon), 702
chevron (>), CLI operational mode prompt, 5
CIDR (classless interdomain routing), 702
CIP (Connector Interface Panel), 702
cipher block chaining (see CBC)
CIR (committed information rate), 702
circuit cross-connect (see CCC)
circuit-switched networks, inefficiencies of, 466
Cisco HDLC encapsulation, 44
Cisco-RP-Announce message, 703
Cisco-RP-Discovery message, 703
Class of Service (CoS), IP (see IP CoS)
Class Selector (CS) code point (see CSCP)
class type, 703
Class-Based Forwarding (see CBF)
classful addressing, 137
classification override, CoS, 496
classification, CoS, 469, 491, 703
confirming, 541-546
in ingress processing, 479
multifield classification, 523-527
classifier, 703
classless interdomain routing (see CIDR)
class-of-service bits (see EXP (experimental) bits)
cleanup utility, CLI, 668
clear bgp neighbor command, 259
clear channel, 703
clear command, 25
clear-dont-fragment command, 361
CLEC (competitive local exchange carrier), 703
CLEI (Common Language Equipment Identifier), 703
CLI (command-line interface), xviii, 4-6, 703
command completion feature, 6, 21, 704
configuration mode, 5, 12-18, 24, 25, 704
EMACs-style keystrokes in, 7
help in, 21-24
hidden commands, 255, 303
operational mode, 5
pipe commands in, 8-12
Client mode, NTP, 340
client peer, 703
CLNP (Connectionless Network Protocol), 703
CLNS (Connectionless Network Service), 703
clock strata, NTP, 340
clocking properties, of interface, 39, 46
CLP (cell loss priority) bits, 471
cluster, 703
CO (central office), 703
Code Division Multiple Access (see CDMA)
code examples, permission to use, xxiii
code-point alias, 704
colon (:), in interface name, 38
command completion, CLI, 6, 21, 704
command-line interface (see CLI)
commit command, 16, 24, 704
commit script, 704
commit script macro, 704
committed information rate (see CIR)
Common Criteria Evaluation Assurance Level 3 (see EAL3)
Common Language Equipment Identifier (see CLEI)
Communities attribute, BGP, 272
community (BGP), 704
community (SNMP), 704
community attribute, BGP, 204, 280-286
community regex matching, 107-108
compact flash
determining free space on, 668
freeing space on, 667, 669
compact Forwarding Engine Board (see cFEB)
compare command, 17
competitive local exchange carrier (CLEC)
complete sequence number PDU (see CSNP)
Compressed Real-Time Transport Protocol (see CRTP)
Concurrent Versions System (see CVS)
confederations, with IBGP, 212, 704
confidentiality of data, 294, 368
configuration mode, CLI, 5, 12-18, 704
adding configurations, 13
changing strings in configurations, 25
committing configurations, 16, 24
comparing configurations, 17
directories in, 13
loading configurations, 19-21
maintenance windows for, 24
multiple users of, 13
operational mode commands run from, 18
removing configurations, 14, 25
rolling back configurations, 16
saving configurations, 18
viewing configurations, 16
(see also interfaces, configuration of)
Configuration TRAPs, SNMP, 339
configure command, 12
congestion management, CoS, 474, 480, 504
Connect state, 704
Connectionless Network Protocol (see CLNP)
Connectionless Network Service (see CLNS)
Connector Interface Panel (see CIP)
consistency of data, 294
constant bit rate (see CBR)
constrained path, 704
Constrained Shortest Path First (see CSPF)
contact information for this book, xxiii
context node, 704
context-sensitive help, 704
contributing routes, 704
Control Board (see CB)
control plane, 542, 704
separation from forwarding plane, 1
(see also RE)
conversation (session), with stateful firewall, 362
Cooperative Association for Internet Data Analysis (CAIDA)
Coordinated Universal Time (see UTC)
core, 704
CoS (Class of Service), IP (see IP CoS)
CoS bits (see EXP (experimental) bits)
cosd process, 705
count action, firewall filters, 312
count command, 8
CPE (customer premises equipment), 705
craft interface, 705
Critical Security Parameter (see CSP)
CRL (certificate revocation list), 705
CRTP (Compressed Real-Time Transport Protocol), 354-356, 705
Crypto Accelerator Module, 705
Crypto Officer, 705
CS PHB, 489
CSCP (Class Selector code point), 486, 705
CSNP (complete sequence number PDU), 705
CSP (Critical Security Parameter), 705
CSPF (Constrained Shortest Path First), 705
CSU/DSU (channel service unit/data service unit), 45, 705
ct1 media type, 33
Ctrl keystrokes (EMACs), 7
cubic feet per minute (see CFM)
customer edge device (see CE device)
customer premises equipment (see CPE)
Customized Applicationso of Mobile Enhanced Logic (see CAMEL)
CVS (Concurrent Versions System), 705
D[ Top ]
daemon, 705
damping, 706
data circuit-terminating equipment (see DCE)
Data Encryption Standard (see DES)
data integrity, 293, 368
Data Link Switching (see DLSw)
data packet, 706
data plane, 542, 706
data plane stimulation, for CoS, 519
data service unit (see DSU)
data terminal equipment (see DTE)
database description packet, 706
data-link connection identifier (see DLCI)
data-MDT, 706
dcd (device control process), 706
DCE (data circuit-terminating equipment), 45, 706
D-channel, 706
DCU (destination class usage), 706
DDR (dial-on-demand routing) backup, 707
DE (discard-eligible) bits, 471, 706
deactivate command, 706
dead interval, 706
dead peer detection (see DPD)
default address, 706
default route, 706
default-information originate command, 169
deficit counter, MDDR scheduler, 500
delay
as QoS parameter, 469
in IP networks, 465
delay buffer size, CoS, 502
delay variation (see jitter)
delete command, 14, 25
delta channel (see D-channel)
demand circuit, 706
demilitarized zone (see DMZ)
denial of service (see DoS)
dense mode, multicast, 571, 586, 588, 706
dense wavelength-division multiplexing (see DWDM)
deny command, 299
DES (Data Encryption Standard), 706
designated router (see DR)
destination class usage (see DCU)
destination NAT, 365, 434, 442-446
preventing routing loops using, 400
stateful firewall and, 444-446
destination prefix length, 707
destination service access point (see DSAP)
device control process (see dcd)
DFC (dynamic flow capture), 707
DHCP (Dynamic Host Configuration Protocol), 303, 707
dial backup, 707
dialer filter, 707
dialer interface, 707
dialer profile, 707
dialer watch, 707
dial-in, 707
dial-on-demand routing (DDR) backup, 707
Differentiated Services (see DiffServ)
Differentiated Services domain, 708
Differentiated-Services-aware traffic engineering, 708
Diffie-Hellman method, 708
DiffServ (Differentiated Services), 486-490, 538-551, 708
DiffServ code point (see DSCP)
DiffServ domain, 488
DiffServ field, 487
DiffServ region, 488
DiffServ-aware, 708
Diffusing Update Algorithm (see DUAL)
digital certificate, 708
digital signal level 0 (see DS0)
digital signal level 1 (see DS1)
digital signal level 3 (see DS3)
Dijkstra algorithm (see SPF)
DIMM (dual inline memory module), 708
direct routes (see interface routes)
disable (router configuration), 708
discard accounting, 394
discard action, firewall filters, 308
discard command, 708
discard next hop, static and aggregate routes, 73
discard-eligible bits (see DE bits)
display command, 8
Distance Vector Multicast Routing Protocol (see DVMRP)
Distance Vector routing protocol (see DV routing protocol)
distance-vector method, 708
Distributed Buffer Manager ASIC, 708
distribution tree, multicast, 571, 579-582
DLCI (data-link connection identifier), 356, 708
DLSw (Data Link Switching), 393, 708
DLSw circuit, 708
DLSw connection, 709
DMZ (demilitarized zone), 404
DNS (Domain Name System), 709
document type definition (see DTD)
dollar sign ($), in regular expression, 300
Domain Name System (see DNS)
Doraswamy, Naganand (IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks), 367
DoS (denial of service), 709
downstream traffic, multicast, 571
DPD (dead peer detection), 709
DR (designated router), 123, 707
DRAM (dynamic random access memory), 709
dribble error, 469
drop probability, 709
drop profile, 709
DS behavior aggregate, 472
DS0 (digital signal level 0), 709
DS1 (digital signal level 1), 709
DS3 (digital signal level 3), 709
DSAP (destination service access point), 709
dsc interface, 32
DSCP (DiffServ code point), 486, 490, 709
DSU (data service unit), 709
DTCP (Dynamic Tasking Control Protocol), 709
DTD (document type definition), 709
DTE (data terminal equipment), 45, 710
DUAL (Diffusing Update Algorithm), 130
dual inline memory module (see DIMM)
dual-homed network, 212, 213
DV (Distance Vector) routing protocol, 119
DVMRP (Distance Vector Multicast Routing Protocol), 571, 588, 710
DWDM (dense wavelength-division multiplexing), 710
dynamic flow capture (see DFC)
Dynamic Host Configuration Protocol (see DHCP)
dynamic label-switched path, 710
dynamic random access memory (see DRAM)
dynamic source NAT, 365
Dynamic Tasking Control Protocol (see DTCP)
dynamic tunnels, IPSec VPN, 425-428
E[ Top ]
e1 media type, 33
E1 protocol, 710
e3 media type, 33
E3 protocol, 710
EAL3 (Common Criteria Evaluation Assurance Level 3), 710
early packet discard (see EPD)
EBGP (External BGP), 207-209, 710
peering, 251-254
where to run, 215
E-carrier, 710
ECC (error checking and correction), 710
ECN (explicit congestion notification), 486
ECSA (Exchange Carriers Standards Association), 710
edge router, 710
edit command, 15
[edit] directory, 13
[edit applications] directory, 685
[edit chassis] directory, 358
[edit firewall] directory, 378
[edit class-of-service] directory, 490, 496
[edit class-of-service classifiers] directory, 491
[edit class-of-service drop-profiles] directory, 505
[edit class-of-service interfaces] directory, 493, 528
[edit class-of-service scheduler-maps] directory, 503
[edit class-of-service schedulers] directory, 500
[edit firewall] directory, 322
[edit firewall family inet] directory, 378
[edit interfaces] directory, 493, 534
[edit policy-options] directory, 90
[edit protocol ospf] directory, 92
[edit protocol pim rp] directory, 597
[edit protocols pim] directory, 595
[edit protocols pim interface] directory, 597
[edit protocols pim local] directory, 598
[edit protocols pim rp] directory, 618
[edit protocols pim rp local] directory, 598
[edit protocols pim rp local family inet] directory, 633
[edit routing-options] directory, 72, 228, 330, 402, 596
[edit security] directory, 653, 670-673, 680
[edit security firewall-authentication] directory, 687
[edit system] directory, 296
[edit system ntp] directory, 341
[edit system password] directory, 296
[edit system services] directory, 304
editor macros (Emacs), 710
EF (Expedited Forwarding) class, 472
EF PHB, 489
EGP (Exterior Gateway Protocol), 710
egress router, 710
EIA (Electronic Industries Association), 710
EIA-530, 710
EIGRP (Enhanced Interior Gateway Routing Protocol), 117, 130-134
closed nature of, as disadvantage, 133
metrics used by, 131-133
migrating to OSPF, 180-187
confirming redistribution, 187
IOS configuration for, 184-187
JUNOS configuration for, 182
route preferences for, 187, 189-194
route redistribution for, 180, 181-187
EIR (equipment identity register), 711
electromagnetic interference (see EMI)
Electronic Industries Association (see EIA)
electrostatic discharge (see ESD)
Emacs (see editor macros)
EMACs-style keystrokes, CLI, 7
embedded OS software, 711
EMI (electromagnetic interference), 711
Encapsulating Security Payload (see ESP)
encapsulation mismatches, troubleshooting, 61-64
encapsulation properties, of interface, 39
encryption (see authentication)
Encryption Services PIC, 348
end system, 711
End System-to-Intermediate System (see ES-IS)
Enhanced Interior Gateway Routing Protocol (see EIGRP)
Enhanced Physical Interface Module (see EPIM)
enhanced services, JUNOS software, 347, 644-652
configuration file for, 670-673, 680-685
devices needed for, 647
flow-based forwarding model used by, 646, 648-651
IPv6 support, 672
migrating from JUNOS ASP-based services to, 673-685
migrating from JUNOS to, 652, 659-673
MPLS support, 672
platforms supported by, 645
router context mode, 653-657
secure context mode, 653, 657-659
security zones, 646
session timeouts, 688
sessions, 649
tracing, 687
troubleshooting flow problem, 687-691
verifying operation of, 685
enterprise network, xvi
enterprise routing, xvi
EPD (early packet discard), 711
EPIM (Enhanced Physical Interface Module), 2
equipment identity register (see EIR), 711
ERO (Explicit Route Object), 711
error checking and correction (see ECC)
ESD (electrostatic discharge), 711
ES-IS (End System-to-Intermediate System), 711
ESP (Encapsulating Security Payload), 711
Established state, 711
Ethernet, xviii, 711
ETSI (European Telecommunications Standardization Institute), 711
European Telecommunications Standardization Institute (see ETSI)
eventd process, 711
exact match type, route filter, 101, 711
examples, permission to use, xxiii
except command, 9
exception packet, 711
Exchange Carriers Standards Association (see ECSA)
Exchange state, 711
exclusive or (see XOR)
EXP (experimental) bits, 712
Expedited Forwarding (EF) class, 472
experimental bits (see EXP bits)
explicit congestion notification (see ECN)
Explicit Route Object (see ERO)
export (inbound) routing policy, 91, 104, 244, 246
asymmetric load balancing, 227, 235
multihoming, with BGP, 271-286
export (routes), 712
ExStart state, 712
Extensible Markup Language (see XML)
Extensible Stylesheet Language for Transformations (see XSLT)
Exterior Gateway Protocol (see EGP)
External BGP (see EBGP)
external metric, 712
F[ Top ]
FA (forwarding agency), 712
fabric schedulers, 712
facility level, syslog messages, 334
failover, 712
far-end alarm and control (see FEAC)
Fast Ethernet, 31, 41, 43, 712
fast port, 712
fast reroute, 712
FBF (filter-based forwarding), 400-403, 712
FCS (frame check sequence), 712
FDDI (Fiber Distributed Data Interface), 712
fe media type, 33
FEAC (far-end alarm and control), 712
FEB (Forwarding Engine Board), 713
FEC (forwarding equivalence class), 713
FECN (forward explicit congestion notification), 713
Federal Information Processing Standards (see FIPS)
Fiber Distributed Data Interface (see FDDI)
field-relaceable unit (see FRU), 715
FIFO (first in, first out), 713
file copy command, 306
File Transfer Protocol (see FTP)
filter-based forwarding (see FBF)
filters, 713
firewall (see firewall filters)
service (see service filters)
find command, 9
Finger protocol, 303
FIPS (Federal Information Processing Standards), 713
firewall, 713
firewall filters, 307-308, 362
actions for, 312
applying, 313
compared to routing policy, 307
loopback filters, 317-319
match conditions for, 309-312
policers, 320-326, 734
processing of, 308
stateful, 744
stateless, 744
terminating actions for, 308
transit filters, 313, 314-316
firewall, stateful (see stateful firewall)
firmware, 713
first in, first out (see FIFO)
flap damping (see damping)
flapping (see route flapping)
flash drive, 713
Flexible PIC Concentrator (see FPC)
Flexible PIC Concentrator/Physical Interface Card (see FPC/PIC)
floating static route, 80, 244, 713
flood and prune, 713
flooding
ICMP floods, 366
LSA flooding, 122, 125-126
SYN flood attacks, 366, 448
flow, 362, 648, 714
flow collection interface, 714
flow control action, 714
flow monitoring, 394, 714
flow-based forwarding model, 646, 648-651
combined with packet model, 648, 650
troubleshooting, 687-691
flowd process, 648
flow-tap application, 714
for IPSec tunnel, 414
forward explicit congestion notification (see FECN)
forwarding agency (see FA)
forwarding classes, CoS, 472, 516, 714
Forwarding Engine Board (see FEB)
forwarding equivalence class (see FEC)
forwarding next hop, static and aggregate routes, 73
forwarding plane, 1
(see also PFE)
forwarding policy, CoS, 479, 495
forwarding table, 1, 83, 714
forwarding-class action, firewall filters, 312
FPC (Flexible PIC Concentrator), 714
FPC/PIC (Flexible PIC Concentrator/Physical Interface Card), 473
fractional E1, 714
fractional interface, 714
fractional T1, 714
fragmentation, 714
fragment-offset command, 315
frame check sequence (see FCS)
Frame Relay, 47, 715
Frame Relay circuits, bonding (see MLFR)
Frame Relay Forum (see FRF)
freeing space on J-series router, 667, 669
frequency-division multiplexed channel, 715
FRF (Frame Relay Forum), 715
FRF.15 standard, 356, 715
FRF.16 standard, 358, 715
from statement, routing policy, 94
FRU (field-replaceable unit), 715
FTP (File Transfer Protocol), 303, 715
Full state, 715
fwdd process, 4, 648
fxp0 interface, 31
fxp1 interface, 31, 715
fxp2 interface, 715
G[ Top ]
G.SHDSL, 716
Garbage Collection Timer, 715
Garrett, Aviva (JUNOS Cookbook), 24
Gateway GPRS support node (see GGSN)
G-CDR (GGSN call detail record), 715
ge media type, 33
General Packet Radio System (see GPRS)
Generalized Multiprotocol Label Switching (see GMPLS)
generated routes, 73, 715
compared to aggregate routes, 72, 75-77
compared to static routes, 72, 74
Generic Routing Encapsulation (see GRE)
GETs, SNMP, 338
GGSN (Gateway GPRS support node), 715
GGSN call detail record (see G-CDR)
GGSN tunneling protocol (see GTP-C; GTP-U)
Gigabit Ethernet, 31, 715
global route preference, 78-81, 156
Global System for Mobile Communications (see GSM)
GMPLS (Generalized Multiprotocol Label Switching), 716
GPRS (General Packet Radio System), 716
GPRS tunneling protocol (see GTP)
graceful restart, 716
Graceful Routing Engine switchover (see GRES)
graceful switchover, 716
gratuitous request, 716
GRE (Generic Routing Encapsulation), 53, 359-361, 428-433, 716
GRES (Graceful Routing Engine switchover), 716
group, 716
group address, 716
group management protocols, multicast (see IGMP)
groups, RIP, 142, 143
GSM (Global System for Mobile Communications), 716
GTP (GPRS tunneling protocol), 716
GTP-C (GGSN tunneling protocol, control), 716
GTP-U (GGSN tunneling protocol, user plane), 716
H[ Top ]
hard policing, 322
Harkins, Dan (IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks), 367
hash function, 368
Hashed Message Authentication Code (see HMAC)
hashing, 716
HDLC (High-Level Data Link Control), 44, 717
health monitor, 717
hello interval, 717
hello mechanism, 717
help command, 21
hidden commands, CLI, 255, 303
High-Level Data Link Control (see HDLC)
High-Speed Circuit Switched Data (see HSCSD)
HLR (Home Location Register), 717
HMAC (Hashed Message Authentication Code), 717
hold command, 10
hold down timer, 717
hold downs, for RIP, 120
hold time, 717
Home Location Register (see HLR)
host membership query, 717
host membership report, 717
host module, 717
host subsystem, 717
hot standby, 717
HSCSD (High-Speed Circuit Switched Data), 717
HTTP (Hypertext Transfer Protocol), 717
HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer), 718
hyphen (-), in interface name, 32
I[ Top ]
I/O Manager ASIC, 720
IANA (Internet Assigned Numbers Authority), 718
IBGP (Internal BGP), 207-212, 718
peering, 256-265
scaling with route reflection, 209-211
scaling, confederations and, 212
where to run, 215, 216, 217-219
ICMP (Internet Control Message Protocol), xviii, 718
ICMP floods, 366
ICMP Router Discovery Protocol (see IRDP)
icmp_timestamp_cos test, 542
IDE (Integrated Drive Electronics), 718
IDEA (International Data Encryption Algorithm), 718
Idle state, 718
IDS (intrusion detection services), 366, 448-450, 718
IEC (International Electrotechnical Commission) (see ISO)
IEEE (Institute of Electrical and Electronics Engineers), 718
IETF (Internet Engineering Task Force), 718
I-frame, 718
IGMP (Internet Group Management Protocol), 582-586, 605, 718
IGP (Interior Gateway Protocol), 118, 195, 718
compared to BGP, 201
migration to new version of, 156-157
concurrent operation with old version, 157
global route preferences and, 156
integration model for, 161-163
network cleanup during, 157
overlay model for, 158
redistribution model for, 159-161
route redistribution and, 157
protocols supported by, 117
(see also OSPF; RIP)
IGRP (Interior Gateway Routing Protocol), 117
(see also EIGRP)
IKE (Internet Key Exchange), 406, 408, 411, 718
ILMI (Integrated Local Management Interface), 718
IMEI (International Mobile Station Equipment Identity), 719
import (outbound) routing policy, 91, 103, 244, 246, 249
asymmetric load balancing, 227, 234
multihoming, with BGP, 249-270
import (routes), 719
import-rib statement, 87
IMSI (International Mobile Subscriber Identity), 719
IMT-2000 (International Mobile Telecommunications 2000), 719
inbound (export) routing policy, 91, 104, 244, 246
inet.0 route table, 83, 719
inet.1 route table, 83, 719
inet.2 route table, 83, 719
inet.3 route table, 84, 719
inet.4 route table, 719
inet6.0 route table, 84, 719
infinity metric, 719
ingress router, 719
Init state, 719
insert command, 719
instance.inetflow.0 route table, 719
instance_name.inet.0 route table, 84
Institute of Electrical and Electronics Engineers (see IEEE)
Integrated Local Management Interface (see ILMI)
Integrated Services (IP) (see IP IS)
Integrated Services Digital Network (see ISDN)
integration model for IGP migration, 161-163
integrity of data, 293
intelligent queuing (see IQ)
inter-AS routing, 719
intercluster reflection, 719
interface cost, 719
interface lists, multicast, 576-577
interface preservation (see link-state replication)
interface routes, 719
interfaces
configuration of
ADSL using PPPoE over ATM, 48-49
Fast Ethernet, 31, 41
Fast Ethernet with VLAN tagging, 43
GRE, 53, 359-361
ISDN, 49-52
MLPPP, 52, 350-354
serial interface with Frame Relay, 47
serial interface with PPP, 45
T1 interface with HDLC encapsulation, 44
VRRP, 54-58
disabling administratively, 41
permanent interface, 30-32, 733
properties of, 38-40
transient interface, 32-38, 747
troubleshooting
address configuration, 59-61
encapsulation mismatches, 61-64
path MTUs, 64-66
with looped interfaces, 66
(see also transient interface)
interface-style service set, 370, 374-377
for IPSec tunnel, 408-412, 414
limitations of, 372
Interior Gateway Protocol (see IGP)
Interior Gateway Routing Protocol (see IGRP)
interleave-fragments command, 352
intermediate system, 719
Intermediate System-to-Intermediate System (see IS-IS)
Internal BGP (see IBGP)
internal router, OSPF, 124
International Data Encryption Algorithm (see IDEA)
International Electrotechnical Commission (IEC) (see ISO)
International Mobile Station Equipment Identity (see IMEI)
International Mobile Subscriber Identity (see IMSI)
International Mobile Telecommunications 2000 (see IMT-2000)
International Organization for Standardization (see ISO)
International Telecommunication Union Telecommunication Standardization (see ITU-T)
Internet Assigned Numbers Authority (see IANA)
Internet Control Message Protocol (see ICMP)
Internet Drive Electronics (see IDE)
Internet Engineering Task Force (see IETF)
Internet Group Management Protocol (see IGMP)
Internet Key Exchange (see IKE)
Internet Processor ASIC, 720
Internet Protocol (see IP)
Internet Security Association and Key Management Protocol (see ISAKMP)
Internet service provider (see ISP)
interprovider VPN, 720
intra-AS routing, 720
intrusion detection services (see IDS)
IntServ (see IP IS)
IOS, compared to JUNOS software OSPF timers, 129
IP (Internet Protocol), 720
IP addresses, xviii
configuration of, troubleshooting, 59-61
translating (see NAT)
IP Control Protocol (see IPCP)
IP CoS (Class of Service), 464, 478-480, 705
benchmark for, 547-551
classification, 469, 491, 703
confirming, 541-546
in ingress processing, 479
multifield classification, 523-527
compared to QoS, 468
configuration, 490, 521-538, 538-541
congestion management, 474, 480, 504
default settings for, 516
delay buffer size, 502
forwarding classes, 472, 516, 714
forwarding policy, 479, 495
history of, 481-486
input (ingress) processing, 479, 491-496
IP DiffServ for, 486-490, 538-551, 708
loss priority, 471
output (egress) processing, 479, 497-501
policing, 475-478, 493-495, 734
egress, 479, 497
ingress, 479
QoS parameters for, 468
queues, 472, 479, 499-501, 736
confirming, 541-546
number of, 514, 516
reasons to use, 465-468
rewrite marking, 471, 479, 497-498, 517
BA classification and, 524-527
markers, number of, 516
not enabled by default, 516
router differences for, 507-516
scalability of, 480
scheduler maps, 503-506, 741
schedulers, 473, 508-513, 741
defaults for, 516
defining, 528-533
queues and, 479, 499-501
shaping, 475-478, 527-528
standards supported for, 464
testing, 519-521
verification of, 538-551
virtual channels, 513, 554-560, 750
IP DiffServ (see DiffServ)
IP fragmentation attacks, 366
ip interface, 32, 395
IP IS (Integrated Services), 484-486
IP multicast (see multicast)
IP rip authentication statement, 136
IP Security (see IPSec)
IP subnetting, xviii
IPCP (IP Control Protocol), 720
IP-IP tunnel, 395
IPSec (IP Security), 720
IPSec over GRE, 428-433, 452-457
IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks (Doraswamy; Harkins), 367
IPSec tunnels (see IPSec VPN)
IPSec VPN, 367, 406
backup tunnels for, 417-425
dynamic tunnels for, 425-428
IPSec over GRE tunnels for, 428-433
proposal for, 406, 414-417
service set for, 407-414
IPv6, enhanced services support for, 672
IQ (intelligent queuing), 720
IRDP (ICMP Router Discovery Protocol), 720
IS (Integrated Services) (see IP IS)
ISAKMP (Internet Security Association and Key Management Protocol), 720
ISDN (Integrated Services Digital Network), 49-52, 720
IS-IS (Intermediate System-to-Intermediate System), 92, 103, 720
ISO (International Organization for Standardization), 720
iso.0 route table, 84
ISP (Internet service provider), 720
ITU-T (International Telecommunication Union Telecommunication Standardization), 720
ITU-T Rec. G.992.1, 721
J[ Top ]
jbase software package, 721
jbundle software package, 721
J-cell data unit, 721
jdocs software package, 721
jitter, 721
as QoS parameter, 469
in IP networks, 465
jkernel software package, 721
JNTCP (Juniper Networks Technical Certification Program), xvii
join messages, PIM, 590, 721
jpfe software package, 721
jroute software package, 721
J-series routers
adaptive shaping, 515, 553-554
chassis slot numbers on, 33
converting SSGm device to, 645
CoS behavior for, 507-516
differences with enhanced services, 645
freeing space on, 667, 669
fwdd process for, 4
GRE features supported, 359, 361
PFE in, 1, 2, 4
PIMs or EPIMs in, 2
PLP levels, 514
port numbers for, 36
queues, number of, 514
rewrite markers, number of, 516
scheduler-based shaping, 512
scheduling for, 510-512, 530-533
separation of control and forwarding planes, 1
services deployment on, 349
virtual channels, 513, 554-560
WRED implementation, 514
jsr-series-routermode-factory.conf file, 657
J-Tree (binary tree), 98
Juniper Networks Technical Certification Program (see JNTCP)
Juniper Networks, enterprise products by, xvi
juniper.conf.gz file, 661
juniper_private route table, 84
JUNOS Cookbook (Garrett), 24
"JUNOS Enhanced Services Migration Guide", 652
JUNOS services (see services)
JUNOS software with enhanced services (see enhanced services, JUNOS software)
JUNOS, overview of, 3
JUNOScript server, 304, 305
Jweb GUI, 4
J-Web interface, 721
K[ Top ]
keepalive message, 721
keepalives, of interface, 39
kernel, 721
kernel forwarding table (see forwarding table)
key chain configuration, 136
kmd process, 721
L[ Top ]
L2TP (Layer 2 Tunneling Protocol), 390, 721
label (MPLS), 721
Label Distribution Protocol (see LDP)
label object, 721
label pop operation, 722
label push operation, 722
label request object, 722
label swap operation, 722
label values, 722
label-switched interface (see LSI)
label-switched path (see LSP)
LAN PHY (Local Area Network Physical Layer Device), 722
Layer 1/2 options, for interface, 39
Layer 2 circuits, 722
Layer 2 services, 350
CRTP, 354-356, 705
GRE, 53, 359-361, 716
interface naming for, 350
MLFR, 356-359, 727
MLPPP, 52, 350-354, 727
Layer 2 Tunneling Protocol (see L2TP)
Layer 2 VPN, 722
Layer 3 services, 362
combining, 450-457
configuring, 369-377
intrusion detection services, 366, 448-450, 718
IPSec VPN, 367, 406
backup tunnels for, 417-425
dynamic tunnels for, 425-428
IPSec over GRE tunnels for, 428-433
proposal for, 406, 414-417
service set for, 407-414
logging for, 387-389
NAT (see NAT)
service and post-service filters, 377-380
service set (see service set)
stateful firewall (see stateful firewall)
tracing for, 387-389
Layer 3 VPN, 722
Layer 4 protocols, xviii
LCC (line-card chassis), 722
LCP (Link Control Protocol), 722
LDAP (Lightweight Directory Access Protocol), 722
LDP (Label Distribution Protocol), 722
leaf node, 723
leaves, distribution tree, 571
LFI (link fragmentation and interleaving), 352, 353, 723
liblicense library, 723
libpcap application, 723
Lightweight Directory Access Protocol (see LDAP)
limited operational environment, 723
line loopback, 723
line-card chassis (see LCC)
link, 723
Link Control Protocol (see LCP)
link fragmentation and interleaving (see LFI)
link layer, mapping IP multicast address to, 573-582
Link Management Protocol (see LMP)
link protection, 723
link services intelligent queuing interfaces (see LSQ)
Link Services PIC, 348
link state protocols (see LS protocols)
Link TRAPs, SNMP, 339
links, combining (see MLPPP)
link-state acknowledgment, 723
link-state advertisement (see LSA)
link-state database (see LSDB)
link-state PDU, 723
link-state replication, 723
link-state request list, 723
link-state request packet, 723
link-state update, 723
link-switching router (see LSR)
LLC (logical link control), 723
LLC frame, 724
LLC protocol data unit (see LPDU)
LMI (local management interface), 724
LMP (Link Management Protocol), 724
lo0 interface, 31
load balancing, 724
load command, 19-21
load factory-default command, 653
load override terminal command, 664
load set command, 21
loading, 724
load-sharing routing policy, 246
Local Area Network Physical Layer Device (see LAN PHY)
local loop, interface, 66
local management interface (see LMI)
local packet, 724
local preference attribute, BGP, 203, 724
local RIB, 724
local significance, 724
log action, firewall filters, 312
logging, Layer 3 services, 387-389
logical interface, 724
logical link control (see LLC)
logical operator, 724
logical properties, of interface, 39
logical router, 724
logical unit, for interfaces, 38, 39
login class, 297
longer match type, route filter, 101, 724
looking glass, 277
loopback filters, 317-319
loopback interface, 724
looped interfaces, 66
loops, preventing (see routing loops, preventing)
loose command, 331
loose hop, 724
loss pattern, as QoS parameter, 469
loss priority, CoS, 471
loss, as QoS parameter, 469
loss-priority map, 725
lower-speed IQ interfaces, 725
LPDU (LLC protocol data unit), 725
LS (link state) protocols, 92, 103
LSA (link-state advertisement), 122, 725
areas and, 125-127
filtering, 92
flooding, 122, 125-126
types of, 127
LSA messages, OSPF, 122
LSDB (link-state database), 122, 125, 723
LSI (label-switched interface), 725
LSP (label-switched path), 725
LSP (link-state PDU) (see link-state PDU)
LSQ (link services intelligent queuing interfaces), 725
LSR (label-switching router), 725
lt interface, 395
M[ Top ]
M7i routers
CoS behavior for, 507-516
queues, number of, 514
services deployment on, 349
WRED implementation, 513
MAC (media access control) layer, 725
MAC address, 573-582, 725
maintenance windows, 24
MAM (maximum allocation bandwidth constraints model), 725
management Ethernet interface, 31, 725
Management Information Base (see MIB)
management interface, 31
mapping agent, 725
martian address, 726
martian routes, 81-82, 726
MAS (mobile network access subsystem), 726
master forwarding table, 1
master router, 726
match command, 11
match criteria, routing policy, 96-98, 726
match types, route filters, 100-103, 726
maximum allocation bandwidth constraints model (see MAM)
maximum received reconstructed unit (see MRRU)
maximum transmission unit (see MTU)
MBGP (Multiprotocol Border Gateway Protocol), 726
MBone (Multicast Backbone), 726
MCML (Multiclass Multilink PPP), 353
MCS (Miscellaneous Control Subsystem), 726
MD5 (Message Digest 5), 726
MDRR (modified deficit round robin) scheduler, 499, 508-512, 726
MDT (multicast distribution tree), 726
mean time between failures (see MTBF)
MED (multiple exit discriminator) attribute, BGP, 204, 272, 726
media access control layer (see MAC layer)
media types, for interfaces, 32
mesh topology, 726
message aggregation, 726
Message Digest 5 (see MD5)
mgd process, 726
mgen/mrec utilities, 604
MIB (Management Information Base), 338, 726
midplane, 726
minimum-links number command, 53
Miscellaneous Control Subsystem (see MCS)
MLD (multicast listener discovery), 727
MLFR (Multilink Frame Relay), 356-359, 727
MLPPP (Multilink Point-to-Point Protocol), 52, 350-354, 727
MMF (multimode fiber), 727
mobile network access subsystem (see MAS)
mobile point-to-point control subsystem (see MPS)
mobile station, 727
Mobile Station Integrated Services Digital Network Number (see MSISDN)
Mobile Switching Center (see MSC)
mobile transport subsystem (see MTS)
mobile visitor register subsystem (see MVS)
modified deficit round robin (MDRR) scheduler (see MDRR scheduler)
modified weighted deficit round robin (MWDRR) scheduler (see MWDRR scheduler)
monitor interface command, 62
monitor interface traffic command, 687
monitor list command, 152
monitor start command, 152, 259
monitor stop command, 152
monitor traffic command, 63
monitor traffic interface command, 690
monitoring of router, 333-343
active monitoring, 394
flow monitoring, 394, 714
performance (see RPM)
remote monitoring (see RMON)
with NTP, 340-343
with SNMP, 337-340
with syslog, 333-337
Monitoring Services PIC, 349
MPLS (Multiprotocol Label Switching), 672, 727
MPLS EXP classifier, 727
mpls.0 route table, 84
MPS (mobile point-to-point control subsystem), 727
MRRU (maximum received reconstructed unit), 727
MSA (Multisource Agreement), 727
MSC (Mobile Switching Center)
MSDP (Multicast Source Discovery Protocol), 638, 727
M-series routers
chassis slot numbers on, 33
GRE features supported, 359
interface naming examples for, 38
PFE in, 1
PIC in, 2
PIC slot numbers on, 34
PLP levels, 514
port numbers for, 36
rewrite markers, number of, 516
scheduler-based shaping, 512
scheduling for, 474, 499, 508-510, 529-530
separation of planes, 1
services deployment on, 349
services, additional hardware for, 348
MSISDN (Mobile Station Integrated Services Digital Network Number), 727
mt interface, 395
MTBF (mean time between failures), 727
MTS (mobile transport subsystem), 727
M/T-series router, 31
MTU (maximum transmission unit), 64-66, 727
MTU properties, of interface, 39
multicast, 566-572
addressing, 572
mapping to link layer, 573-582
scoping of, 574-576
applications of, 567
dense mode, 571, 586, 588, 706
distribution tree, 571, 579-582
downstream traffic, 571
interface lists, 576-577
loops, avoiding, 576
protocols, 570, 582-592
IGMP, 582-586, 605, 718
PIM (see PIM)
receivers, 570
RPF (reverse path forwarding), 577, 603, 739
sources, 569
sparse mode, 571, 580, 581, 586, 589, 743
sparse-dense mode, 571
upstream traffic, 571
users locating content from, 568
Multicast Backbone (MBone)
multicast distribution tree (see MDT), 726
multicast listener discovery (see MLD)
multicast operation, 728
Multicast Source Discovery Protocol (see MSDP)
multicast tunnels, 395
multicast-scope number, 728
multiclass LSP, 728
multiclass MLPPP, 353, 728
Multiclass Multilink PPP (see MCML)
multifield classification, 470, 479, 493, 523-527, 543-544
multifield classifier, 728
multihoming, with BGP, 728
aggregate route for, 254-256
attributes affecting, 271, 275-286
EBGP peering for, 251-254
IBGP peering for, 256-265
inbound (export) policy for, 271-286
outbound (import) policy for, 249, 266-270
requirements for, 247-249
route reflection for, 261-262, 268
Multilink Frame Relay (see MLFR)
Multilink Point-to-Point Protocol (see MLPPP)
multimode fiber (MMF), 727
multipath option, asymmetric load balancing, 237, 238-242
multiple exit discriminator attribute (see MED attribute, BGP)
Multiprotocol Border Gateway Protocol (see MBGP)
Multiprotocol Label Switching (see MPLS)
Multiservices PIC, 349, 362, 369
Multisource Agreement (see MSA)
MVS (mobile visitor register subsystem), 728
MWDRR (modified weighted deficit round robin) scheduler, 499
N[ Top ]
named path, 728
NAPT (Network Address Port Translation), 365, 728
NAT (Network Address Translation), 365-366, 434-436, 728
bidirectional NAT, 366
combining with stateful firewall and IPSec over GRE, 452-457
destination NAT, 365, 434, 442-446
preventing routing loops using, 400
stateful firewall and, 444-446
dynamic source NAT, 365
source NAT
with port translation, 365, 435, 441
without port translation, 434, 436-441
static source NAT, 365
twice NAT, 366, 435, 446
National Institute of Standards and Technology (see NIST)
NC (Network Control) forwarding class, 472
NCP (Network Control Protocol), 728
NDP (Neighbor Discovery Protocol), 728
negotiate-address command, 48
neighbor (peer), 142, 143, 728, 732
Neighbor Discovery Protocol (see NDP)
neighbor statement, 144
nested policy (routing), 108
NET (network entity title), 728
NetBIOS (network basic input/output system), 729
Netconf (Network Configuration protocol), 304
Network Address Port Translation (see NAPT)
Network Address Translation (see NAT)
network basic input/output system (see NetBIOS)
Network Configuration protocol (see Netconf)
Network Control (NC) forwarding class, 472
Network Control Protocol (see NCP)
network entity title (see NET)
Network Information Center (see NIC)
network interface, 729
network layer reachability information (see NLRI)
network link advertisement, 729
network LSA, 729
"Network QoS Needs of Advanced Internet Applications" (survey by Internet QoS working group), 468
network service access point (see NSAP)
network statement, 137
network summary LSA, 729
Network Time Protocol (see NTP)
network, enterprise (see enterprise network)
next hop attribute, BGP, 203
next hop types, static and aggregate routes, 73
next hop-style service set, 370, 373, 381-387
for IPSec tunnel, 412-414
multiple route table lookups and, 399-406
next term action, firewall filters, 313
NIC (Network Information Center), 729
NIST (National Institute of Standards and Technology), 729
NLRI (network layer reachability information), 203, 729
no-advertise flag, static routes, 77
no-auto-summary statement, 137
no-fragmentation command, 354
no-more command, 11
nonclient peer, 729
nonstop routing (see NSR)
nontransit interface, 31
no-preempt command, 58
notification cell, 729
Notification message, 729
not-so-stubby area (see NSSA, OSPF)
NSAP (network service access point), 729
n-selector, 729
NSR (nonstop routing), 729
NSSA (not-so-stubby area), OSPF, 127, 729
NTP (Network Time Protocol), 340-343, 729
Null Register message, 729
numeric match conditions, firewall filters, 310
numeric range match conditions, 730
O[ Top ]
Oakley protocol, 730
OAM (Operation, Administration, and Maintenance), 730
OC (optical carrier), 730
OC12, 730
OC3, 730
octothorpe (#), CLI configuration mode prompt, 12
OIL (outgoing interface list), 569
op (operational) script, 730
Open message, 730
Open Shortest Path First (see OSPF)
Open Systems Interconnection model (see OSI model)
OpenConfirm state, 730
OpenSent state, 730
Operation, Administration, and Maintenance (see OAM)
operational mode, CLI, 5, 18, 730
operational script (see op script)
operator login class, 298
optical carrier (see OC)
optional nontransitive attribute, BGP, 203
optional transitive attribute, BGP, 203
ordered aggregate, 472
origin attribute, BGP, 204, 272, 730
or-longer match type, route filter, 101, 730
OSI (Open Systems Interconnection) model, xvii, 730
OSPF (Open Shortest Path First), 122-130, 730
adjacencies formed by, 123
area types, 126
areas used by, 125-127
designated router for, 123
IOS software timers corresponding to, 129
LSA flooding, 122, 125-126
LSA types, 127
migrating to, from EIGRP, 180-187
confirming redistribution, 187
IOS configuration for, 184-187
JUNOS configuration for, 182
route preferences for, 187, 189-194
route redistribution for, 180, 181-187
migrating to, from RIP, 163-171
adding stub area to, 175-179
configuring Cisco routers, 168-171
configuring Juniper routers, 164-168
cutover to OSPF, 171-174
neighbor discovery by, 122, 123
performance of, 129-130
router types for, 124
routing policy for, 92, 103
stability of, 129-130
OSPF hello packet, 730
outbound (import) routing policy, 91, 103, 244, 246, 249
outgoing interface list (see OIL)
overlay model for IGP migration, 158
overlay model for RIP to OSPF migration, 163
overlay network, 731
oversubscription, 731
P[ Top ]
P2MP LSP (see point-to-multipoint LSP)
package, 731
packet aging, 731
packet capture, 731
packet data protocol (see PDP)
packet filters (see firewall filters)
Packet Forwarding Engine (see PFE)
packet internet groper (see ping command)
packet loss priority (see PLP)
packet rewrite marking, CoS, 471, 479, 497-498, 516, 517
packet switching, 731
packet-based forwarding model
combined with flow model, 648, 650
compared to flow model, 646
packets, 457-459, 731
packet-switched network (see PSN)
PADI (PPPoE Active Discovery Initiation packet), 731
PADO (PPPoE Active Discovery Offer packet), 731
PADR (PPPoE Active Discovery Request packet), 731
PADS (PPPoE Active Discovery Session Confirmation packet), 731
PADT (PPPoE Active Discovery Termination packet), 731
partial sequence number PDU (see PSNP)
passive flow monitoring, 731
password
of server, 300
requirements for, 296
root password, 296
PAT (Port Address Translation), 365, 434, 441
path attribute, 731
PathErr message, 732
PathTear message, 732
PC Card, 732
pcap library, 732
PCI (Peripheral Component Interconnect), 732
PCI Express, 732
PCMCIA (Personal Computer Memory Card International Association), 732
PCMCIA Card (see PC Card)
pd interface, 31, 395
PDH (Plesiochronous Digital Hierarchy), 732
PDP (packet data protocol), 732
PDU (protocol data unit), 732
pe interface, 31, 395
PE router (provider edge router), 733
peak information rate (see PIR)
PEC (policing equivalence classes), 732
peer (neighbor), 142, 143, 728, 732
peering, 732
BGP, 227-233
EBGP, 251-254
IBGP, 256-265
PEM (Power Entry Module), 732
PEM (Privacy Enhanced Mail), 732
penultimate hop popping (see PHP)
penultimate router, 732
percent sign (%), shell prompt, 6
Perfect Forward Secrecy protocol (see PFS protocol)
performance
monitoring (see RPM)
of OSPF, 129-130
of RIP, 119, 120
per-hop behavior (see PHB)
period (.)
in interface name, 38
in regular expression, 300
Peripheral Component Interconnect (see PCI)
permanent interface, 30-32, 733
permanent virtual circuit (PVC), 736
permissions, 299-302
permit statement, 138
per-packet load-balancing algorithm, 237, 242-243
persistent change, 733
Personal Computer Memory Card International Association (see PCMCIA)
per-unit scheduling, CoS, 504, 508
PFC (Protocol Field Compression), 733
PFE (Packet Forwarding Engine), 1, 731
applying filters to, 313
looping packets through, 395
PFS (Perfect Forward Secrecy) protocol, 733
PGM (Pragmatic General Multicast), 733
PGP (Pretty Good Privacy), 733
PHB (per-hop behavior), 486, 487, 488
PHB group, 488
PHP (penultimate hop popping), 733
PHY (circuit), 733
PHY (Layer 1, physical layer), 733
physical interface, 733
Physical Interface Card (see PIC)
Physical Interface Module (see PIM)
physical properties, of interface, 39
PIC (Physical Interface Card), 2, 348, 733
PIC I/O Manager, 734
PIC slot number, for interfaces, 34
PIM (Physical Interface Module), 2, 579, 580, 586-592, 733
Anycast-RP discovery, 588
configuring, 629-633
verifying, 634-637
with MSDP, 638
assert mechanism, 591
dense mode, 586, 588
designated router, 590
messages used by, 590
RP discovery, 587
sparse mode, 581, 586, 589
sparse mode with bootstrap RP
configuring, 617-619
troubleshooting, 623-629
verifying, 619-623
sparse mode with static RP, 592
IGP connectivity, validating, 593
listening multicast process for, 607-610
multicast traffic, generating, 610-617
routers, configuring, 595-603
RPF, verifying, 603
simulated receiver, configuring, 604-607
versions of, 586
PIM register messages, 395
ping command, 42, 64, 361
pinhole, 442
pipe commands, CLI, 8-12
PIPs (Protocol Independent Properties), 72
aggregate routes, 72-78
AS number, 89
generated routes, 72-78
global route preference, 78-81
martian routes, 81-82
RIB, 86, 92, 738
RID, 88, 738
route tables (see route tables)
static routes (see static routes)
PIR (peak information rate), 734
PKI (public key infrastructure), 734
Plesiochronous Digital Hierarchy (see PDH)
PLMN (Public Land Mobile Network), 734
PLP (packet loss priority), 514, 734
PLP bit, 734
PLR (point of local repair), 734
point-to-multipoint connection, 734
point-to-multipoint LSP, 734
point-to-point connection, 734
point-to-point links, xviii
Point-to-Point Protocol (see PPP)
Point-to-Point Protocol over Ethernet (see PPPoE)
poison reverse, 734
policer action, firewall filters, 312
policers, 320-326, 734
actions for, 322
configuring and applying, 322
example of, 323-326
policing equivalence classes (see PEC)
policing, CoS, 475-478, 493-495, 734
egress, 479, 497
ingress, 479
policy chain, 734
policy, routing (see routing policy)
pop (label), 734
Port Address Translation (see PAT)
port command, 317
port mirroring, 394, 734
port number, for interfaces, 36-38
port scanning attacks, 366
post-service filters, 377-380
Power Entry Module (see PEM)
ppmd process, 129
PPP (Point-to-Point Protocol), 45, 734
pppd process, 735
PPPoE (Point-to-Point Protocol over Ethernet), 735
PPPoE Active Discovery Initiation packet (see PADI)
PPPoE Active Discovery Offer packet (see PADO)
PPPoE Active Discovery Request packet (see PADR)
PPPoE Active Discovery Session Confirmation packet (see PADS)
PPPoE Active Discovery Termination packet (see PADT)
PPPoE over ATM, 48-49, 735
Pragmatic General Multicast (see PGM)
precedence hits, 735
preemption, with VRRP, 58
preference (see route preferences)
preferred address, 735
prefix, in BGP (see NLRI)
prefix-length-range match type, route filter, 101
prefix-length-range policy, 735
Pretty Good Privacy (see PGP)
primary address, 735
primary contributing route, 735
primary interface, 735
primary route table, in group, 87
primary/secondary routing policy, 245
priority, MDDR scheduler, 500
priority-based scheduling, CoS, 508, 510-512
Privacy Enhanced Mail (see PEM)
processes, listing for router, 3
promiscuous mode, 735
properties, of interface, 38-40
proposal, IPSec tunnel, 406, 414-417
protocol address, 735
protocol address properties, of interface, 40
protocol data unit (see PDU)
protocol families, 735
protocol family properties, of interface, 40
Protocol Field Compression (see PFC)
protocol independence, 71
Protocol Independent Multicast, 735
Protocol Independent Properties (see PIPs)
protocol preference, 736
provider edge router (see PE router)
provider router, 736
prune messages, PIM, 590, 736
pseudointerface, software, 31
PSN (packet-switched network), 736
PSNP (partial sequence number PDU), 736
public key infrastructure (see PKI)
Public Land Mobile Network (see PLMN)
push (label), 736
PVC (permanent virtual circuit), 736
Q[ Top ]
QoS (quality of service), 465, 468, 736
quad-wide card, 736
qualified next hop, 736
qualified-next-hop keyword, 74
quality of service (see QoS)
quantum, MDDR scheduler, 499
querier router, 736
question mark (?)
command completion, 21
in regular expression, 300
queue fullness, 736
queue length, 736
queues, 472, 479, 499-501, 736
confirming, 541-546
number of, 514, 516
queuing, 736
queuing delay, 354
R[ Top ]
RA (registration authority), 737
radio frequency interface (see RFI)
radio network controller (see RNC)
RADIUS (Remote Authentication Dial-In User Service), 737
random early detection (see RED)
rate limiting (see policing)
RBOC (regional Bell operating company), 737
RC2 code, 737
RC4 code, 737
RC5 code, 737
RD (routing domain), 118
RDBMS (relational database management system), 737
RDM (Russian-dolls bandwidth), 737
RE (Routing Engine), 1, 739
read-only login class, 298
Real-Time Performance Monitoring (see RPM)
Real-Time Transport Protocol (see RTP)
real-time variable bit rate (see RTVBR)
receive (hop), 737
receivers, multicast, 570
record route object (see RRO)
recursive lookup, 737
RED (random early detection), 475, 480, 533-538, 737
redistribute command, 119
redistribute connected statement, 137
redistribute static statement, 137
redistribution model for IGP migration, 159-161
refresh reduction, 737
regex matching, in routing policy, 107-108
regional Bell operating company (see RBOC)
Regional Internet Registry, AS numbers assigned by, 212
register messages, PIM, 590, 737
register-stop messages, PIM, 590, 737
registration authority (see RA)
regular expression operators, 300
reject (hop), 737
reject action, firewall filters, 308
reject next hop, static and aggregate routes, 73
relational database management system (see RDBMS)
reliability of data, 294
remote access, 303-307
Remote Authentication Dial-In User Service (see RADIUS)
Remote login (Rlogin) protocol, 303
remote loop, interface, 66
remote monitoring (see RMON)
Remote operations TRAPs, SNMP, 339
remote procedure call (see RPC)
rename command, 44, 737
rendezvous point (see RP)
replace command, 25
replay protection, 368
request command, 6
Request for Comments (see RFC)
Request message, 737
request system reboot media usb command, 662
request system snapshot command, 660
request system software add command, 668, 669
request system software command, 670
request system software rollback command, 668
resolve (hop), 737
resolve keyword, for forwarding next hop, 74
Resource Reservation Protocol (see RSVP)
resources (see books and documentation; web site resources)
Response message, 738
restart command, 6
result cell, 738
ResvConf message, 738
ResvErr message, 738
ResvTear message, 738
reverse path forwarding, multicast (see RPF, multicast)
reverse-path multicasting (see RPM)
revert timer, 738
rewrite marking, CoS, 471, 479, 497-498, 517
BA classification and, 524-527
markers, number of, 516
not enabled by default, 516
rewrite rules, 738
RFC (Request for Comments), 738
RFC 791 (Internet Protocol (IP)), 482
RFC 1058 (RIP), 119
RFC 1112 (IGMPv1), 582
RFC 1149 (avian-based transport technology), 202
RFC 1388 (RIPv2), 119
RFC 1490 (MLPPP), 47, 350
RFC 1633, "Integrated Services in the Internet Architecture: An Overview", 484
RFC 1654 (BGP), 201
RFC 1771 (BGP), 201
RFC 1918, "Address Allocation for Private Internets", 81
RFC 1990 (MLPPP), 52
RFC 2117 (PIM), 586
RFC 2205 (RSVP), 484
RFC 2236 (IGMPv2), 582
RFC 2309, "Recommendations on Queue Management and Congestion Avoidance in the Internet", 474
RFC 2328 (OSPF), 122
RFC 2362 (PIM), 586, 625
RFC 2453 (RIPv2), 119
RFC 2474 (IP DiffServ), 486
RFC 2474, "Definition of the Differentiated Services Field in the IPv4 and IPv6 Headers", 464
RFC 2475 (IP DiffServ), 486
RFC 2508 (Compressed RTP), 355
RFC 2544, "Benchmarking Methodology for Network Interconnect Devices", 468
RFC 2597, "Assured Forwarding PHB Group", 464
RFC 2598, "An Expedited Forwarding PHB", 464
RFC 2663 (Twice NAT), 366
RFC 2698, "A Two Rate Three Color Marker", 464
RFC 2890 (GRE), 360
RFC 3065, "Autonomous System Confederations for BGP", 212
RFC 3101 (NSSAs), 122
RFC 3164, "The BSD Syslog Protocol", 333
RFC 3168 (IP DiffServ), 486
RFC 3168, "The Addition of Explicit Congestion Notification (ECN) to IP", 486
RFC 3175, "Aggregation of RSVP for IPv4 and IPv6 Reservations", 485
RFC 3260 (IP DiffServ), 486
RFC 3376 (IGMPv3), 582
RFC 3446 (RP-to-RP communication), 588
RFC 3623 (MPLS TE), 122
RFC 3630 (MPLS TE), 122
RFC 3768 (VRRP router, forwarding by), 58
RFC 4271 (BGP), 201
RFC 4456 (route reflection), 209
RFC 4601 (PIM), 586
RFC 4610 (PIM-only Anycast-RP), 588, 629
RFC 4741 (Network Configuration protocol), 304
RFI (radio frequency interface), 738
RIB (routing information base), 738
grouping, 87
routing policy for, 92
user-defined, 86
rib keyword, 86
rib-group keyword, 87
RID (router ID), 88, 738
RIP (Routing Information Protocol), 119-122, 738
deployment of, 134-136
baseline operation for, 139
configuration for, 140-145
confirming operation, 145-152
existing configuration, evaluating, 136-140
static routes for, 140
migrating to OSPF, 163-171
adding stub area to, 175-179
configuring Cisco routers, 168-171
configuring Juniper routers, 164-168
cutover to OSPF, 171-174
performance of, 119, 120
routing policy for, 93, 104
stability of, 120
troubleshooting, 149-155
RIPng (Routing Information Protocol next generation), 738
RIPv2 (Routing Information Protocol, version 2), 121
Rlogin (Remote login) protocol, 303
RMON (remote monitoring), 738
Rmon-alarm TRAPs, SNMP, 339
RNC (radio network controller), 738
rollback command, 16
root password, 296
route attributes, BGP, 203
route distinguisher, 738
route filters, 98-103, 738
route flapping, 739
route identifier, 739
route metric, 118
route preferences, 735
for EIGRP, 187, 189-194
global route preference, 78-81, 156
route redistribution, 118, 739
for EIGRP to OSPF migration, 180, 181-187
IGP migration considerations for, 157
route reflection, with IBGP, 209-211, 261-262, 268, 739
route table group, 87
route table size, router's ability to handle, 227
route tables, 1, 83-86, 739
default, list of, 83
defining, 86
martian routes excluded from, 81
multiple lookups with next hop-style service sets, 399-406
viewing, 83, 84
route, in BGP (see NLRI)
router, xviii
configuring, 12-18
adding configurations, 13
by multiple users, 13
changing strings in configurations, 25
committing configurations, 16, 24
comparing configurations, 17
directories for, 13
loading configurations, 19-21
maintenance windows for, 24
removing configurations, 14, 25
rolling back configurations, 16
saving configurations, 18
viewing configurations, 16
enhanced services operating as, 653
monitoring (see monitoring of router)
securing access to, 295-307
router context mode, enhanced services, 653-657
router ID (see RID)
router LSA, 739
router priority, 739
router-link advertisement, 739
routing domain (see RD)
Routing Engine (see RE)
routing information base (see RIB)
Routing Information Protocol (see RIP)
Routing Information Protocol next generation (see RIPng)
routing instance, 401, 739
routing loops, preventing
multicast loops, 576
with BGP, 217-219
with next hop-style service set, 399-406
routing matrix, 739
routing policy, 71, 90-96, 244-247
applying, 91-94
Boolean grouping in, 109
chaining, 93
compared to firewall filters, 307
components of, 94-96
default policies, 103
design criteria for, 245
export (inbound) policy, 91, 104, 244, 246
asymmetric load balancing, 227, 235
multihoming with BGP, 271-286
import (outbound) policy, 91, 103, 244, 246, 249
asymmetric load balancing, 227, 234
multihoming with BGP, 249-270
ISP policies regarding, 246
match criteria and actions for, 96-98
multiple applications of, 94
regex matching in, 107-108
route filters in, 98-103
subroutines (nesting), 108
testing, 104-106
when to use, 91
routing source, global preference for, 78-81
Routing TRAPs, SNMP, 339
routing, enterprise (see enterprise routing)
RP (rendezvous point), 580, 587, 739
RPC (remote procedure call), 739
rpd process, 739
RPF (reverse path forwarding), multicast, 577, 603, 739
rpf-check command, 328
RPM (Real-Time Performance Monitoring), 390-393, 521, 740
RPM (reverse-path multicasting), 740
RRO (record route object), 740
RSVP (Resource Reservation Protocol), 740
RSVP Path message, 740
RSVP Resv message, 740
RSVP signaled LSP, 740
RSVP-TE (RSVP-traffic engineering), 740
RSVP-traffic engineering (see RSVP-TE)
RTP (Real-Time Transport Protocol), 740
RTVBR (real-time variable bit rate), 740
run keyword, before commands, 18
Russian-dolls bandwidth (see RDM)
S[ Top ]
S/T interface, 745
SA (security association), 368, 406, 740
sample action, firewall filters, 312
sampling, 740
SAP (service access point), 740
SAP (Session Announcement Protocol), 568, 740
SAR (segmentation and reassembly), 740
save command, 12, 18, 661
SCB (System Control Board), 740
SCC (switch-card chassis), 740
SCEP (Simple Certificate Enrollment Protocol), 741
SCG (SONET Clock Generator), 741
scheduler maps, CoS, 503-506, 741
schedulers, CoS, 473, 508-513, 741
defaults for, 516
defining, 528-533
queues and, 479, 499-501
scheduling, 741
SCP (secure copy), 741
SCU (source class usage), 741
SDH (Synchronous Digital Hierarchy), 741
SDP (Session Description Protocol), 568, 741
SDR (Session Directory tool), 568
SDRAM (synchronous dynamic random access memory), 741
SDX software, 741
se media type, 33
secondary route tables, in group, 87
secure context mode, enhanced services, 653, 657-659
secure copy (see SCP)
Secure Hash Algorithm 1 (see SHA-1)
Secure Security gateway (SSGm) device, converting to J-series router, 645
Secure Shell (see SSH)
Secure Shell with Transport Layer Security (see SSH/TLS)
Secure Sockets Layer (see SSL)
security, 293-295
access security, 293
remote access, 303-307
user authentication, 296-302
availability of data, 294
confidentiality of data, 294
IDS (intrusion detection services), 366, 448-450, 718
integrity of data, 293
spoof prevention, 326-332
(see also enhanced services; firewall filters)
security association (see SA)
security devices, need for, 647
Security Parameter Index (see SPI)
security zones, 646
segmentation and reassembly (see SAR)
self-traffic policy, 686
send multicast statement, 143
serial interface
with Frame Relay, 47
with PPP, 45
serialization delay, 354
service access point (see SAP)
service filters, 377-380
Service Profile Identifier (see SPID)
service rules, 371
service set, 369-377
for IPSec tunnel, 407-414
interface-style service set, 370, 374-377, 414
for IPSec tunnel, 408-412
limitations of, 372
next hop-style service set, 370, 373, 381-387
for IPSec tunnel, 412-414
multiple route table lookups and, 399-406
services, 347-350
combining, 450-457
DLSw, 393, 708
flow monitoring, 394, 714
L2TP, 390, 721
Layer 2 services, 350
CRTP, 354-356, 705
GRE, 53, 359-361, 716
interface naming for, 350
MLFR, 356-359, 727
MLPPP, 52, 350-354, 727
Layer 3 services, 362
configuring, 369-377
intrusion detection services, 366, 448-450, 718
IPSec VPN (see IPSec VPN)
logging for, 387-389
NAT (see NAT)
service and post-service filters, 377-380
service set (see service set)
stateful firewall (see stateful firewall)
tracing for, 387-389
list of, 348
migrating to enhanced services, 673-685
packet considerations for, 457-459
RPM, 390-393, 521, 740
scaling of various deployments, 349
tunnel services, 395
(see also enhanced services, JUNOS software)
services interface, 741
Services TRAPs, SNMP, 339
Serving GPRS Support Node (see SGSN)
session (conversation), with stateful firewall, 362
Session Announcement Protocol (see SAP)
session attribute object, 741
Session Description Protocol (see SDP)
Session Directory tool (see SDR)
Session Initiation Protocol (see SIP)
session timeouts, 688
session token, 649
sessions, 649
set command, 13
set date command, 340
set date ntp command, 341, 342
set interfaces command, 41
set protocols command, 91
set system root-authentication command, 296, 654
set system services ssh root-login allow command, 296
set system time-zone command, 342
set task accounting command, 255, 256
severity level, syslog messages, 333
SFM (Switching and Forwarding Module), 741
SFP (small form-factor pluggable transceiver), 741
SGSN (Serving GPRS Support Node), 742
SHA-1 (Secure Hash Algorithm 1), 742
sham link, 742
shaping rate, 742
shaping, CoS, 475-478, 527-528
shaping-rate command, 508
shared distribution tree, multicast, 580-581
shared scheduling and shaping, 742
shared tree, 742
SHDSL (symmetric high-speed digital subscriber line), 742
SHDSL transceiver unit-central office (see STU-C)
SHDSL transceiver unit-remote (see STU-R)
shim header, 742
Shortest Path First (see SPF)
shortest-path tree (see SPT)
show bgp neighbor command, 230
show bgp summary command, 229, 251
show chassis routing-engine command, 229
show class-of-service adaptive-shaper command, 554
show class-of-service classifier command, 517
show class-of-service command, 538
show class-of-service interface command, 539, 554, 559
show class-of-service rewrite-rule command, 517
show class-of-service scheduler-map command, 540
show class-of-service virtual-channel-group command, 560
show cli authorization command, 302
show command, 16
show configuration command, 18, 661
show dialer command, 51
show firewall command, 312, 325
show firewall log command, 312
show groups junos-defaults applications command, 365
show igmp interface command, 600
show igmp membership command, 607
show interface queue command, 539
show interfaces command, 41, 45, 326
show interfaces policers command, 324
show interfaces queue command, 544, 552, 560
show interfaces terse command, 53
show ip ospf database command, 171
show ip ospf interface command, 170
show ip ospf neighbor command, 170
show isdn command, 51
show log messages command, 334
show multicast route command, 603
show multicast rpf command, 603
show multicast scope command, 575
show multicast usage command, 615
show ntp associations command, 341, 342
show ospf interface command, 166
show ospf interface detail command, 167
show ospf neighbor command, 166, 176
show outq statistics command, 552
show pim bootstrap command, 619
show pim interfaces command, 599
show pim join command, 608
show pim neighbors command, 600, 601
show pim rps command, 599, 602, 621
show pim source command, 637
show policer command, 325
show pppoe interfaces, 49
show rip neighbor command, 145
show route advertising-protocol command, 92, 150
show route aspath-regex command, 107
show route command, 84, 424
show route community command, 107
show route detail command, 207
show route hidden detail command, 252
show route martians command, 81
show route receive-protocol command, 232, 235
show route receiving-protocol command, 92, 150
show route resolution unresolved detail command, 263
show route table command, 83, 87
show route-advertising protocol command, 232
show route-advertising protocol rip command, 154
show route-receiving protocol rip command, 154
show security command, 685
show security flow session command, 686
show security policies command, 691
show security zones command, 690
show service ipsec command, 409
show services command, 679
show services crtp command, 356
show services rpm command, 391
show services rpm probe-results command, 548
show services state-firewall command, 376
show snmp mib command, 340
show system processes command, 3
show system storage command, 668
show task memory command, 229
show vrrp summary command, 57
show vrrp track command, 58
SIB (Switch Interface Board), 742
signaled path, 742
Signaling System 7 (see SS7)
Simple Certificate Enrollment Protocol (see SCEP)
Simple Network Management Protocol (see SNMP)
simplex interface, 742
single-mode fiber, 742
SIP (Session Initiation Protocol), 742
slash (/), in interface name, 32
"slow count to infinity" condition, 120
slow network convergence, with DV protocols, 119
small form-factor pluggable transceiver (see SFP)
SNA (System Network Architecture), 742
SNMP (Simple Network Management Protocol), 337-340, 743
soft policing, 322
soft state, 743
software pseudointerface, 31
SONET (Synchronous Optical Network), 743
SONET Clock Generator (see SCG)
Sonet-alarm TRAPs, SNMP, 339
source authentication, 367
source class usage (see SCU)
source NAT
with port translation, 365, 435, 441
without port translation, 434, 436-441
source service access point (see SSAP)
source tree, multicast, 579
source-based tree, 743
sources, multicast, 569
source-specific multicast (see SSM)
sp interface, 31
Space bar, for command completion, 6
sparse mode, multicast, 571, 580, 581, 586, 589, 743
with bootstrap RP
configuring, 617-619
troubleshooting, 623-629
verifying, 619-623
with static RP, 592
IGP connectivity, validating, 593
listening multicast process for, 607-610
multicast traffic, generating, 610-617
routers, configuring, 595-603
simulated receiver, configuring, 604-607
sparse-dense mode, multicast, 571
SPF (Shortest Path First), 743
SPI (Security Parameter Index), 743
SPID (Service Profile Identifier), 743
split horizon, for RIP, 120, 743
spoof prevention, 326-332
SPQ (strict-priority queuing), 743
SPT (shortest-path tree), 579, 581, 743
SQL (Structured Query Language), 743
src point, 743
SS7 (Signaling System 7), 743
SSAP (source service access point), 743
SSB (System and Switch Board), 743
SSGm (Secure Security gateway) device, converting to J-series router, 645
SSH (Secure Shell), 304, 744
SSH/TLS (Secure Shell with Transport Layer Security), 744
SSL (Secure Sockets Layer), 744
SSM (source-specific multicast), 580, 587, 589, 744
SSP (Switch-to-Switch Protocol), 744
SSRAM (synchronous static random access memory), 744
standard AAL5 mode, 744
Start-up TRAPs, SNMP, 339
starvation, 744
stat MUX (statistical multiplexing), 465
stateful firewall, 362-365
combining with NAT and IPSec over GRE, 452-457
enhanced services operating as, 653
with interface-style service set, 374-377
with NAT, 444-446
with next hop-style service set, 381-387
stateful firewall filter, 744
stateful firewall recovery, 744
stateless firewall filter, 744
stateless firewall recovery, 745
static IGMP membership, 605
static LSP (see static path)
static path, 745
static routes, 72-74, 745
attributes for, 77
compared to aggregate routes, 72, 74
compared to generated routes, 72, 74
flags for, 77
floating static route, 80
next hop types for, 73
(see also aggregate routes; generated routes)
static RP discovery, PIM, 587, 745
IGP connectivity, validating, 593
listening multicast process for, 607-610
multicast traffic, generating, 610-617
routers, configuring, 595-603
RPF, verifying, 603
simulated receiver, configuring, 604-607
with sparse mode, 592
static source NAT, 365
statistical multiplexing (stat MUX), 465
STM (synchronous transport module), 745
strict, 745
strict hop, 745
strict-priority queuing (see SPQ)
Structured Query Language (see SQL)
STS (synchronous transport signal), 745
stub area, OSPF, 126, 175-179, 745
STU-C (SHDSL transceiver unit-central office), 745
STU-R (SHDSL transceiver unit-remote), 745
subinterface (see logical unit, for interfaces)
sub-LSP, 745
subnet mask, 745
subnets, 72
subrate value, 745
subroutine, routing policy, 108
summary link advertisement, 745
super-nets, 72
superuser (super-user) login class, 298
SVC (switched virtual connection), 746
Switch Interface Board (see SIB)
switch-card chassis (see SCC)
switched virtual connection (see SVC)
switches, xviii
Switching and Forwarding Module (see SFM)
Switch-to-Switch Protocol (see SSP)
Symmetric active mode, NTP, 340
symmetric high-speed digital subscriber line (see SHDSL)
SYN flood attacks, 366, 448
Synchronous Digital Hierarchy (see SDH)
synchronous dynamic random access memory (see SDRAM)
Synchronous Optical Network (see SONET)
synchronous static random access memory (see SSRAM)
synchronous transport module (see STM)
synchronous transport signal (see STS)
sysid (system identifier), 746
syslog (system log), 333-337, 746
syslog action, firewall filters, 312
syslog logging, 388
System and Switch Board (see SSB)
System Control Board (see SCB)
system identifier (see sysid)
system log (see syslog)
System Network Architecture (see SNA)
T[ Top ]
T1 interface, 44
t1 media type, 33
T1 protocol, 746
t3 media type, 33
T3 protocol, 746
Tab key, for command completion, 6
TACACS+ (Terminal Access Controller Access Control System Plus), 746
tag length value (see TLV)
tail dropping, 475, 746
tap interface, 32
T-carrier, 746
TCM (tricolor marking), 746
TCP (Transmission Control Protocol), xviii, 201, 746
TCP port 179, 746
TCP/UDP (Transmission Control Protocol/User Datagram Protocol), 434
tcpdump utility, 746
TDMA (Time-Division Multiplex Access), 746
TEI (Terminal Endpoint Identifier), 746
Telnet, 304
Terminal Access Controller Access Control System Plus (see TACACS+)
terminal command, 20
Terminal Endpoint Identifier (see TEI)
terminating actions, firewall filters, 308, 747
terms, in routing policy, 94, 747
test command, 6, 105
test policy command, 105
text synonyms, firewall filters, 312
then statement, routing policy, 94
through match type, route filter, 102, 747
Time-Division Multiplex Access (see TDMA)
time-division multiplexed channel, 747
timeout timer, 747
TLV (tag length value), 201
TNP (Trivial Network Protocol), 747
token-bucket algorithm, 747
top command, 15
topology-driving routing policy, 245
ToS (type of service), 482-484, 747
totally stubby area, OSPF, 127, 747
traceoptions logging, 388
traceroute command, 65
tracing, 149, 151
in enhanced services, 687
PIM sparse mode with bootstrap RP, 624
tracing, Layer 3 services, 387-389
traffic engineering, 747
traffic engineering class, 747
traffic engineering class type, 747
traffic policing, 747
traffic sampling, 747
traffic shaping, 747
transient change, 747
transient interface, 32-38, 747
channel number for, 38
chassis slot number for, 33
logical unit for, 38
media type of, 32
naming, 32-38
PIC slot number for, 34
port number for, 36-38
transit area type, OSPF, 127, 748
transit router, 748
transit services, with BGP, 216
transit traffic, applying filters to, 313, 314-316
Transmission Control Protocol (see TCP)
Transmission Control Protocol/User Datagram Protocol (see TCP/UDP)
transport mode, 748
transport plane (see data plane)
TRAPs, SNMP, 338, 748
tricolor marking (see TCM)
triggered updates, for RIP, 121, 748
Trivial Network Protocol (see TNP)
troubleshooting
BGP next hop reachability, 262-265
flow problem, 687-691
IBGP peering, 258-260
interfaces
address configuration, 59-61
encapsulation mismatches, 61-64
path MTUs, 64-66
with looped interfaces, 66
PIM sparse mode with bootstrap RP, 623-629
protocol tracing for, 149, 151
RIP deployment, 149-155
route preferences for EIGRP to OSPF migration, 189-194
routing loops, preventing
multicast loops, 576
with BGP, 217-219
with next hop-style service set, 399-406
show route commands for, 150
trTCM (two-rate TCM), 748
trunk mode, 748
trust zone, 646
Tspec object, 748
tunnel, 748
tunnel endpoint, 748
tunnel mode, 749
tunnel services, 395
tunnel services interface, 749
Tunnel Services PIC, 349, 749
tunneling protocol, 748
twice NAT, 366, 435, 446
two-rate TCM (see trTCM)
TX Matrix platform, 749
type of service (see ToS)
U[ Top ]
U interface, 749
UDP (User Datagram Protocol), xviii, 749
UMTS (universal mobile telecommunications system), 749
UMTS Terrestrial Radio Access Network (see UTRAN)
unauthorized login class, 298
UNI (user-to-network interface), 749
unicast, 749
unicast Reverse Path Forwarding (see uRPF)
uninterruptible power supply (see UPS)
unit, 749
universal mobile telecommunications system (see UMTS)
unnumbered interface, 749
untrust zone, 646
up command, 15
Update message, 749
update timer, 749
UPS (uninterruptible power supply), 749
upstream traffic, multicast, 571
upto match type, route filter, 101, 750
uRPF (unicast Reverse Path Forwarding), 328-332
User Datagram Protocol (see UDP)
user template, 298
users
authentication of, 296-302
configuring, 297
login class of, 297
permissions for, 299-302
user-to-network interface (see UNI)
UTC (Coordinated Universal Time), 750
UTRAN (UMTS Terrestrial Radio Access Network), 750
V[ Top ]
vapor corrosion inhibitor (see VCI)
variable bit rate (see VBR)
Variable Length Subnet Masking/classless interdomain routing (see VLSM/CIDR)
VBR (variable bit rate), 750
VC (virtual circuit), 750
VCI (vapor corrosion inhibitor), 750
VCI (virtual circuit identifier), 750
VideoLAN program, 604
virtual channel group, 750
virtual channels, CoS, 513, 554-560, 750
virtual circuit (see VC)
virtual circuit address properties, of interface, 40
virtual circuit identifier (see VCI)
virtual LAN (see VLAN)
virtual link, 750
virtual loopback tunnel interface (see VT)
virtual path, 750
virtual path identifier (see VPI)
virtual private LAN service (see VPLS)
virtual private network (see VPN)
virtual router (see VR)
Virtual Router Redundancy Protocol (see VRRP)
VLAN (virtual LAN), 750
VLAN tagging, 43
VLAN-tagged frame, 750
VLSM/CIDR (Variable Length Subnet Masking/classless interdomain routing), 121
voice traffic delay, 355
VPI (virtual path identifier), 750
VPLS (virtual private LAN service), 75