Cover | Table of Contents | Colophon

Table of Contents

Chapter 1: Introduction to JUNOS Enterprise Routing

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

When the founding engineers of Juniper decided to create routers, they took the view of forwarding packets as quickly as possible (line rate) with services enabled, which spawned the marketing decree "Service without Compromise."

All Juniper Networks routers share the same common design philosophy, which is to have a clean separation of the control and forwarding planes. In the M-series, this separation is created in hardware, whereas the J-series maintains this divide in software. The forwarding plane is referred to as the Packet Forwarding Engine (PFE), and the control plane is called the Routing Engine (RE).

The RE's primary functions are to manage the PFE, control the router's software (JUNOS), manage the command-line interface (CLI), provide troubleshooting tools, and maintain the route tables and the master forwarding table. This forwarding table is passed down to the PFE and is used to forward any transit packet to the next hop destination. In this way, the RE never has to be directly involved in packet forwarding (i.e., process switching), which allows more resources for the actual control functions (see ). One example is the ability to issue "debug" commands without degrading the performance of the router!

Figure : Juniper architecture design philosophy

The route table in JUNOS software is defined as all routes learned from all protocols (Open Shortest Path First [OSPF], Border Gateway Protocol [BGP0, static, interfaces, etc.]). The forwarding table provides the "best" routes that will be used to forward packets based on protocol preference and metrics.

The PFE's sole purpose in life is to forward packets as fast as it can. In an M-series router, the PFE consists of several application-specific integrated circuits (ASICs) contained on various cards that are placed into the chassis. In the J-series, the PFE is a virtualized real-time thread with the ASIC functionality modeled with various APIs and sockets. Since the J-series' PFE is implemented in software, we will examine it in the software section, but let's take a brief look at the M-series now to better understand the PFE.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

JUNOS Overview

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

JUNOS software is cool. It just is. The designers of JUNOS software put tremendous thought into making a stable, robust, and scalable operating system that would be a positive for the router. They were able to learn from previous vendors' mistakes, and created an OS that other companies will forever use as their model.

The core philosophy of JUNOS software was to create a modular and stable operating system. The modularization was created by the use of software daemons, and the stability was achieved by choosing a well-known, open source, and stable kernel of FreeBSD. This kernel is usually hidden to the user, but many features of FreeBSD have been ported to the command line of JUNOS. The kernel also maintains the forwarding table synchronization between the RE and the PFE.

Riding on top of the kernel are all the fully independent software processes for routing, CLI, interfaces, and so forth. shows a small subset of these processes; you can show a complete list in the router by issuing a show system processes command. These processes are fully independent, so a failure of one process will not affect the other. For example, shows the Simple Network Management Protocol (SNMP) process pulling information from the interface, chassis, and routing processes. If this SNMP process fails or contains a software bug, it affects only this process and not the others. This is a major shift from other routing vendors that operated monolithic code where one change in the interface code could affect just about anything without reason.

Figure : JUNOS software architecture

Every Juniper Networks router is created from the same code base, so all run JUNOS software. Since the J-series did not contain any ASICs for the PFE and certain interface drivers such as high-speed OC-192 links were deemed unnecessary, a new image had to be created for these devices. This is still JUNOS, however, with almost the same feature set as the ASIC-driven image.

This means that there is a single image per version for all M/T-series routers regardless of model number, and a single image per version for all J-series routers. The days of creating and maintaining large spreadsheets or lists per router are now gone.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

CLI Review

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The tool that will most often be used to configure and troubleshoot the router is the CLI. The JUNOS software CLI is one of the most user-friendly and feature-rich in the industry. Most users spend years attempting to master other router vendors' CLIs, whereas JUNOS software can be mastered in just a few hours. Other configuration methods do exist, such as a web GUI called Jweb (see ), which is often used on the J-series routers. Note that the operation of Jweb is beyond the scope of this book, so all configuration examples will be shown via CLI commands instead.

Figure : Jweb

The CLI has two modes: operational and configuration. Operational mode is where you can troubleshoot and monitor the software, router, and network. Configuration mode is where the actual statements for interfaces, routing protocols, and others are placed.

Every command that can be run in operational mode can also be used in configuration mode with the additional keyword run. For example, if the command show route is issued in operational mode, it can be issued as run show route in configuration mode.

When a user first enters the router via Telnet, Secure Shell (SSH), or direct console access, the user will see a login prompt. After entering the correct username and password, the user will be placed directly into operational mode. Operational mode will be designated by the > (chevron) character at the router prompt of username@hostname. As shown here, user doug logs into a router called Hops:

Hops (ttyd0)

login:doug
Password:

--- JUNOS 8.0R1.9 built 2006-08-11 16:25:40 UTC
doug@Hops>

An exception to being automatically placed into operational mode occurs when you log in as user root. In this case, the user will actually be placed into the shell (designated by the percent sign) and will have to start the CLI process manually:

Hops (ttyd0)

login:root
Password:

--- JUNOS 8.0R2.8 built 2006-09-29 09:22:36 UTC
root@Hops% cli
root@Hops>

Most of the commands that you will run in operational mode are show commands, which allow you to gather information about the routing protocols, interfaces, router's software, and router's hardware.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Advanced CLI and Other Cool Stuff

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Lots of other fantastic configuration options are available, but explaining them all would require a separate book. The JUNOS documentation contains many time-saving tips, and the JUNOS Cookbook by Aviva Garrett (O'Reilly) is a great resource too. To whet your appetite, here are three JUNOS software CLI tips.

Most changes that you need to make on a router can be done at only certain times, often referred as maintenance windows. Since these windows are often at the most inconvenient times for those who have to use them, changes represented by commit can actually be scheduled:

[edit]
doug@Hops#commit at 07:05
configuration check succeeds
commit at will be executed at 2007-06-10 07:05:00 UTC
Exiting configuration mode

When the commit has been scheduled, other users cannot change any piece of the new locked configuration:

joe@Hops>configure
Entering configuration mode
Users currently editing the configuration:
  doug terminal d0 (pid 11035) on since 2007-06-05 05:04:51 UTC
      commit-at

[edit]
joe@Hops# set system host-name foo
error: configuration database locked by:
  doug terminal d0 (pid 11035) on since 2007-06-05 05:04:51 UTC
      commit at

[edit]
joe@Hops# commit
error: Another commit is pending

If the system needs to be unlocked before the specified time, a clear command can stop the timed action:

joe@Hops#run clear system commit
Pending commit cleared

You can take advantage of another fantastic shortcut when large common pieces of configuration need to be removed from the router. The router can search through the entire configuration looking for a string and delete every line that contains that string:

[edit]
jane@R1#wildcard delete interfaces fe-
  matched: fe-0/0/1
  matched: fe-2/0/0
  matched: fe-2/0/1
Delete 3 objects? [yes,no] (no) yes

Lastly, you can make common configuration changes in one large swoop with the replace command. Any string can replace any other string, with a string being anything from a character to any POSIX 1003.2 expression. For example, this command could be useful is when IPs referenced in filters, policies, and so on need to be updated to a new value:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Conclusion

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This chapter provided a quick definition of what enterprise routing is and how Juniper routers fit into this environment. Then we examined the router's hardware and software design, stressing the key components that will help make your life easier. Lastly, we reviewed the actual CLI and illustrated the important features. The CLI is one of the most flexible and user-friendly in the industry, allowing expert status to be achieved in record time. As your familiarity with the CLI increases, you will discover even more features. Now that we've established the groundwork, the rest of the book will dive into the specific configuration details.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Exam Topics

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

We examined the following Enterprise Exam Topics in this chapter:

• List the enterprise router product line.
• Describe transit and host processing.
• Identify the difference between packet flow on the M7i/M10i and on the J-series routers.
• Identify key differences between the M7i/M10i and J-series routers.
• Describe configuration management.
• Identify the features of the JUNOS CLI (CLI modes, prompts, auto-complete, EMACs shortcuts, help, and pipe).
• Identify the commands used in configuration mode (edit, set, delete, and commit).
• Identify options for manipulating "saved" configuration files. Include rollback options, load options, and rollback file locations.
• Describe the configuration hierarchy.
• Describe active, candidate, and rollback configurations.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter Review Questions

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

1. Which of the following two Juniper Networks routers are classified as enterprise routers? (Choose two.)
   1. T640
   2. M7i
   3. J4350
   4. M320
2. Which hardware component controls debugging on the router?
   1. Packet Forwarding Engine
   2. Route Processor
   3. System Control Board
   4. Routing Engine
3. True or False: Since the J-series has only a single processor, there is no Packet Forwarding Engine.
4. Which JUNOS software daemon controls the CLI?
   1. clid
   2. rpd
   3. mgd
   4. inetd
5. Which command would be issued to reboot the router?
   1. request system reboot
   2. reload
   3. reboot
   4. restart router
6. Which pipe command can you use to find every occurrence of the word error in the syslog file messages?
   1. match
   2. find
   3. search
   4. hold
7. What is the default password to enter configuration mode on the router?
   1. juniper
   2. enable
   3. There is no password
   4. root
8. Which CLI command should be issued to navigate to the [edit protocols ospf] directory?
   1. cd protocols ospf
   2. edit protocols ospf
   3. cd /edit/protocols/ospf
   4. dir protocols ospf
9. Which CLI command must be issued to activate configuration changes in the router?
   1. apply
   2. copy
   3. save
   4. commit
10. What is the top level of the configuration tree called?
    1. C:/
    2. /var
    3. edit
    4. root
11. Which CLI command should be issued to return to the previously activated configuration?
    1. rollback 1
    2. rollback 0
    3. rollback active
    4. rollback previous
12. Which command should be issued in the router to find out information about Layer 3 VPNs?

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter Review Answers

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

1. Answer: B, C. The T640 and M320 are valid Juniper Networks router models but are usually deployed in service provider networks.
2. Answer: D. The Routing Engine is the component in the router that controls all management functions, including commands that would be used to debug the router.
3. Answer: False. The J-series routers do contain a virtualized PFE with API and sockets replacing the ASICs that are found in the M-series routers.
4. Answer: C. The CLI is actually a process that runs off the kernel, called mgd. Of the other services listed, clid is invalid, rpd controls the routing process, and inetd manages network services.
5. Answer: A. Request commands are used to issue system-wide functions such as rebooting the router. The rest of the options are invalid CLI commands.
6. Answer: A. The pipe command match will find every occurrence of a string in the output of the command. The find command will locate the first occurrence of the string, search is an invalid option, and hold will hold text without exiting the -More-- prompt.
7. Answer: C. There is no password to enter configuration mode. Users are allowed into configuration mode based on access privileges.
8. Answer: B. To change the directory in configuration mode, use the edit command.
9. Answer: D. To activate the changes in the router, issue a commit command. Of the remaining options, copy and save are valid CLI commands but are used for configuration management.
10. Answer: C. When at the top level of the configuration tree, the CLI banner will display the [edit] prompt.
11. Answer: A. The first archive is stored in rollback 1. rollback 0 is used to copy the active configuration to the candidate configuration, and the other options are not valid rollback commands.
12. Answer: B. The help topic command displays general information about any topic referenced in the Juniper documentation. The actual output of the command is as follows:

    lab@P1R1>help topic layer3-vpns overview
    Layer 3 VPN Overview
    
       In JUNOS software, Layer 3 VPNs are based on RFC 2547bis. RFC
       2547bis defines a mechanism by which service providers can use
       their IP backbones to provide VPN services to their customers. A
       VPN is a set of sites that share common routing information and
       Layer 3 whose connectivity is controlled by a collection of
       policies. The sites that make up a Layer 3 VPN are connected over
       a provider's existing public Internet backbone.
    
       RFC 2547bis VPNs are also known as BGP/MPLS VPNs because BGP is
       used to distribute VPN routing information across the provider's
       backbone, and MPLS is used to forward VPN traffic across the VPN
       backbone to remote sites.
    
       Customer networks, because they are private, can use either public
       addresses or private addresses, as defined in RFC 1918, Address
       Allocation for Private Internets. When customer networks that use
       private addresses connect to the public Internet infrastructure,
       overlap with the same private addresses used by other network
       users the private addresses might MPLS/BGP VPNs solve this problem
       by adding a VPN identifier prefix to each address from a
       particular VPN site, thereby creating an address that is unique
       to the VPN and within the public Internet. In addition, each VPN has
       both within its own VPN-specific routing table that contains the
       routing information for that VPN only.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter 2: Interfaces

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This chapter describes the interface configurations for a Juniper Networks router. It starts with a description of the types of interfaces, the naming conventions, and the interface properties. It then identifies how to configure a large variety of interface media, such as T1 interfaces, Fast Ethernet, and Serial interfaces. Lastly, we will examine common interface problems, concentrating on the tools available to detect these issues.

Before you begin to design a network's routing topology, you should ensure that all the proper physical connections are in place and are operational. With such a large variance in interface types, this can often be a challenging task, so it is important to understand how an interface is organized within the JUNOS software.

Juniper Networks routers contain two major categories of interfaces: permanent and transient. Users cannot remove permanent interfaces, whereas they can move, change, and remove transient interfaces. Other technical differences exist that are evident when you examine the applications for each interface type.

The interface topics covered in this chapter include:

• Permanent interfaces
• Transient interfaces
• Interface properties
• Interface configuration examples
• Interface troubleshooting

A permanent interface is any interface that is always present on the router (it cannot be altered). These interfaces can be management interfaces such as Ethernet, software pseudointerfaces such as tunnel interfaces, or fixed-port LAN/WAN interfaces.

On an M/T-series router, two management interfaces exist:

fxp0

This is an Out of Band (OOB) management Ethernet interface. It is connected to the router's Routing Engine (RE) and can be used for Out of Band management access to the router. It can also be used to send management messages such as syslog or Simple Network Management Protocol (SNMP) traps. This interface is a nontransit interface, which means that traffic cannot enter this interface and exit via a LAN/WAN interface, nor can it enter a LAN/WAN interface and exit through the management interface.

When running routing protocols, be very careful when using the

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Permanent Interfaces

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

A permanent interface is any interface that is always present on the router (it cannot be altered). These interfaces can be management interfaces such as Ethernet, software pseudointerfaces such as tunnel interfaces, or fixed-port LAN/WAN interfaces.

On an M/T-series router, two management interfaces exist:

fxp0

This is an Out of Band (OOB) management Ethernet interface. It is connected to the router's Routing Engine (RE) and can be used for Out of Band management access to the router. It can also be used to send management messages such as syslog or Simple Network Management Protocol (SNMP) traps. This interface is a nontransit interface, which means that traffic cannot enter this interface and exit via a LAN/WAN interface, nor can it enter a LAN/WAN interface and exit through the management interface.

When running routing protocols, be very careful when using the fxp0 interface. If you don't configure the routing protocol correctly, you could have a route in your route table that points to the fxp0 interface and blackhole traffic, since this is a nontransit interface. To protect yourself from these types of situations, you should not run any routing protocols over this interface.

fxp1

This is an internal Fast Ethernet or Gigabit Ethernet (depending on the model of router) interface between the RE and the Packet Forwarding Engine (PFE). This interface is never configured but can be helpful when troubleshooting router issues. It is only in application-specific integrated circuit (ASIC) platforms (M/T-series) and not in the virtualized PFE J-series platforms.

Many software pseudointerfaces also exist that the router will create at startup. We will examine many of these interfaces in depth in . Here is a short list of these interfaces:

lo0

This is a loopback interface that ties to the router itself and not to any one physical interface. This is often assigned an address to provide a stable address for management traffic and routing protocols, which allows your router to adapt to network and physical interface failures. Also, when configured with firewall filters, this interface serves to protect the RE from attacks destined to the router.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Transient Interfaces

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Transient interfaces are any interfaces that the user can remove, move, or replace. These include ports on M-series routers, Physical Interface Cards (PICs), and J-series PIMs. Examples of transient interfaces are Fast Ethernet, Asynchronous Transfer Mode (ATM), SONET, and T1/E1, as well as service PICs such as tunnels, multilinks, link services, Adaptive Services PICs (ASPs), and passive monitoring.

All JUNOS interfaces follow the same naming convention—the interface name followed by three numbers that indicate the location of the actual interface. The general convention is illustrated by the interface sequence MM-F/P/T, where:

• MM = media type
• F = chassis slot number
• P = PIC slot number
• T = port number

Media type

The first part of the interface name is the interface media name (MM) indicating the type of interface. Common interface media names include:

ae

Aggregated Ethernet, a logical linkage of multiple Ethernet interfaces defined in the IEEE 802.3ad standard.

at

ATM, which sends fixed 53-byte cells over the transport media. This interface could also be used for ATM over digital subscriber line (DSL) connections.

br

Physical Integrated Services Digital Network (ISDN) interface.

e1

Standard digital communication standard over copper at a rate of 2.048 Mbps, used mostly in Europe.

e3

Standard digital communication standard over copper at a rate of 34.368 Mbps, used mostly in Europe.

t1

Basic physical layer standard used by the digital signal level 1 at a rate of 1.544 Mbps, used extensively in North America.

t3

Basic physical layer standard used by the digital signal level 3 at a rate of 44.736 Mbps, used extensively in North America.

fe

100 Mbps standard initially created by Xerox in the 1970s for connecting multiple computers together; referred to as a LAN today.

ge

Higher-speed Ethernet standard at 1 Gbps or 10 Gbps.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Interface Properties

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Each interface has two types of properties assigned to it: physical properties and logical properties. Physical properties are tied to the entire physical port, whereas logical properties affect only that logical portion of the interface represented by unit numbers or channel numbers.

A physical property on an interface is any property that should be assigned to the entire physical port. Depending on the interface media, a large range of properties can be configured, but they can be divided into a few major categories:

Clocking

This aligns the bits as they are transmitted out of the interface. The clocking can be learned either from an external source or from the router itself.

Encapsulation

This is the Layer 2 encapsulation that is going to be used on the interface. Examples include Frame Relay, Point-to-Point Protocol (PPP), and Cisco High-Level Data Link Control (HDLC).

MTU

This is the maximum transmission unit, which is the maximum size of the frame transmitted from the interface.

Keepalives

These are mechanisms used to verify the operation of the interface. Most encapsulations have keepalives enabled by default, but you can disable them to aid in troubleshooting.

Layer 1/2 options

These are various bit and byte settings for the interface media. For a T1 interface, this includes byte encodings, framing, frame check sequences (FCSs), and line buildouts. In comparison, a Fast Ethernet interface might have options such as flow control, loopbacks, and source address filters.

A physical property should always be configured before any logical identifier, such as a unit number. For example, the following is a serial interface with no logical properties configured but with physical properties of encapsulation cisco-HDLC and no-keepalives, and with clocking set to internal:

se-0/0/2 {
    no-keepalives;
    encapsulation cisco-hdlc;
    serial-options {
        clocking-mode internal;
    }
    unit 0;
}

All router interfaces that will send and receive transit traffic require a logical unit to be configured. This logical unit creates a division of the physical interface into multiple parts. For instance, an Ethernet interface can be subdivided into multiple virtual LANs (VLANs), each requiring its own logical unit.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Interface Configuration Examples

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

A walkthrough of configuration examples, starting with basic examples and then getting into a few more complex configurations, will help to put this into perspective. The order of the walkthrough uses the following configuration example:

Fast Ethernet interfaces
Fast Ethernet with VLAN tagging
T1 interface with Cisco HDLC
Serial interface with PPP
Serial interface with Frame Relay
DSL
ISDN
MLPPP

Initially, we will use a step-by-step approach to establish the configuration fundamentals. Then the walkthrough will move toward configuration results that build on the fundamentals and become advanced. Once you grasp the fundamentals, you should be able to follow the advanced configurations. At the end of this section, we will discuss the use of the Virtual Router Redundancy Protocol (VRRP).

First, let's build an interface on router Lager that connects directly to router Porter over the fe-2/0/1 interface.

Check the status of the fe-2/0/1 interface by issuing a show interfaces fe-2/0/1 terse command. JUNOS software interfaces are automatically "enabled" when the physical connection is wired.

root@Lager>show interfaces terse fe-2/0/1
Interface               Admin Link Proto    Local            Remote
fe-2/0/1                up    up

If an interface needs to be administratively disabled, issue the set interfaces <interface name> disable command.

The interface appears to be physically up, so next, configure the interface to allow IP traffic to flow as well as add an IP address. Begin by entering configuration mode, dropping down to the hierarchy of the interface, and configuring the correct family and local IP address:

root@Lager>configure
Entering configuration mode
[edit]
root@Lager# edit interfaces fe-2/0/1

[edit interfaces fe-2/0/1]
root@Lager#set unit 0 family inet address 10.10.20.122/24

Since this is a non-VLAN-tagged Ethernet interface, unit 0 must be used when configuring the logical properties of family inet.

Also, note that JUNOS software requires a mask for every IP address in the classless interdomain routing (CIDR) "slash" notation. An absence of the mask can lead to the less desirable result of configuring a /32 subnet on your interface. (Look for other JUNOS software address issues in "," later in this chapter.)

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Interface Troubleshooting

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Interfaces can have a variety of issues depending on the actual interface type, and listing all the possibilities would require a separate book! Instead, in this section, we will discuss a few common issues that illustrate the types of troubleshooting commands available on the router.

Since Juniper Networks routers allow multiple IP addresses to be configured on a single logical unit, configuration errors can occur if care is not taken. Lager has an IP address of 10.10.20.122 configured on its fast Ethernet interface with a subnet mask of /24. This was noticed to be a configuration error as the mask should have been configured for /27.

[edit interfaces fe-2/0/1]
root@Lager#show
vlan-tagging;
unit 100 {
    vlan-id 100;
    family inet {
        address 10.10.20.122/24;
    }
}

Here, the address of 10.10.20.122 is added with the correct subnet of /27:

[edit interfaces fe-2/0/1]
root@Lager#set unit 100 family inet address 10.10.20.122/27

When you view the resultant interface configuration the router appears to contain the duplicate IP addresses with varying subnet masks. This illustrates the fact that IP addresses are not overridden per logical unit, but simply are added to the logical unit.

[edit interfaces fe-2/0/1]
root@Lager#show
vlan-tagging;
unit 100 {
    vlan-id 100;
    family inet {
        address 10.10.20.122/24;
        address 10.10.20.122/27;
    }
}

To correct this, the old address with the /24 mask is removed by use of the delete command:

[edit interfaces fe-2/0/1]
root@Lager#delete unit 100 family inet address 10.10.20.122/24

Another solution with the same result is to use the rename command to change the subnet mask from /24 to /27:

[edit interfaces fe-2/0/1 unit 100]

root@Lager#rename address 10.10.20.122/24 to address 10.10.20.122/27

Since Juniper Networks routers allow placement of multiple addresses on a single logical interface, care must also be taken to allow for the router to choose the correct source IP address for outgoing packets on that interface. By default, the source IP address is chosen by using the primary and preferred addresses assigned to the interface. Each unit can have only one primary address, but each interface can have multiple preferred addresses. Simply put, a primary address is the address chosen to source local packets out of the interface destined for a remote network. As shown in the following output, 10.20.20.122 is the only address on the interface, and as such, it contains both a primary and a preferred flag:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Conclusion

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

An interface is the fundamental building block of any router with a large variety of possible interface types. Although JUNOS software allows for many different interface types, the general configuration process is consistent across each type. This also helps when it is time to troubleshoot the problem interface. The specifics of the media signals will vary, but the operational commands used are the same. Once a router has all its interfaces, operational routes to remote networks can be configured via routing protocols. We will examine these protocols in subsequent chapters.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Exam Topics

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

We examined the following Enterprise Exam Topics in this chapter:

• Identify valid options for interface names, logical units, and protocol families within the JUNOS software.
• Describe how to monitor interfaces in real time.
• Describe the information contained within the show interfaces extensive command.
• Describe the uses of network utilities such as ping and traceroute.
• Configure MLPPP.
• Configure IPv4 addressing.
• Implement Frame Relay.
• Create VLAN-tagged interfaces.
• Provide redundancy and high availability with VRRP.
• Link bundling and aggregated interfaces.
• Establish point-to-point or point-to-multipoint links with a variety of Layer 2 encapsulations.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter Review Questions

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

1. On a J-series router interface, what are the possible values for the PIC slot number?
   1. 1
   2. 0
   3. Variable, depending on the physical location of the interface
   4. A range of 0–4
2. Which two interfaces are considered permanent interfaces on a Juniper Networks router? (Choose two.)
   1. lo0
   2. fe-0/1/0
   3. fxp3
   4. fxp0
   5. loopback0
3. On a point-to-point interface, which logical unit(s) can be assigned to an interface?
   1. None
   2. 4095
   3. 100
   4. 0
4. Which interface name indicates that it is a serial interface in a J-series router that is located in PIM slot 1 and port number 1?
   1. se-1/1
   2. se-1/0/1
   3. serial1/1
   4. se-0/1/1
5. Which JUNOS software command allows for real-time display of interface statistics?
   1. monitor interface
   2. show interface statistics
   3. monitor traffic
   4. monitor statistics
6. True or False: an interface must be administratively enabled before it is operationally in the up status.
7. What is the default Layer 2 encapsulation for a serial interface?
   1. SDLC
   2. HDLC
   3. X.121
   4. PPP
8. What is the maximum number of interfaces that can be added to an MLPPP bundle?
   1. 8
   2. 6
   3. 16
   4. 4
9. What is the default clocking mode on a serial interface?
   1. DCE
   2. Internal
   3. Loop
   4. DTE
10. Which CLI command would administratively disable the fe-0/0/0 interface?
    1. no shutdown
    2. set interface fe-0/0/0 disable
    3. deactivate interface fe-0/0/0
    4. disable interface fe-0/0/0
11. True or False: all Juniper Networks routers contain an fxp0 OoB management interface.
12. Which type of interface would be used to create a GRE tunnel?
    1. gre
    2. tunnel.0
    3. gr
    4. ip.0

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter Review Answers

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

1. Answer: B. J-series routers do not contain PICs, so this value in the interface name is always set to zero and is sometimes referred to as the virtual PIC value.
2. Answer: A, D. fe-0/1/0 is a transient interface, whereas fxp3 and loopback0 are invalid media types.
3. Answer: D. A point-to-point interface has only one valid logical unit number, which is unit 0.
4. Answer B. Every transient interface always takes the form of MM-F/P/T, with F indicating the PIM slot and T representing the port number.
5. Answer: A. The monitor statistics command in an invalid command, whereas monitor traffic displays local TCP/IP traffic and show interfaces does not display information dynamically.
6. Answer: False. Juniper interfaces are always administratively enabled when installed.
7. Answer: D. The default encapsulation is PPP on all point-to-point interfaces.
8. Answer: A. As of JUNOS software version 8.3, eight interfaces are allowed in a single bundle.
9. Answer: C. A serial interface always attempts to obtain its transmit timing from the line itself, using what is called loop timing. Other valid options that can be configured include internal and dce. DTE is not a configurable option.
10. Answer: B. The only other valid JUNOS software command listed in the answer choices is the deactivate command. This command comments out the configuration that the running system will ignore.
11. Answer: False. Only M/T series routers contain an fxp0 OoB management interface. J-series routers must be managed via console, auxiliary ports, or regular PFE interfaces.
12. Answer: C The software pseudointerface that is used to create GRE tunnels is the gr interface. The gre interface is used internally by the router and should not be configured. The ip.0 and tunnel.0 interfaces are not valid interface types.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter 3: Protocol Independent Properties and Routing Policy

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This chapter is divided into two main sections. The first section details routing capabilities and features that are not specific to any particular routing protocol, hence the phrase protocol independent. Although termed independent, these features often interact with one or more routing protocols, and in some cases may be required for proper protocol operation! The second half of the chapter investigates JUNOS software routing policy. Routing policy provides a toolbox that facilitates the control of route distribution, including route filtering and route attribute manipulation.

In many cases, you combine the functions of Protocol Independent Properties (PIPs) and routing policy to achieve some goal. For example, a static route is defined using PIP, but this same static route can then be redistributed, perhaps with a modified attribute such as a route tag or Border Gateway Protocol (BGP) community, as a result of routing policy.

This chapter exposes the reader to PIP and routing policy in a manner that is analogous to a mechanic being introduced to each tool comprising a complete toolbox. To continue the analogy, the ways in which tools can be used, either alone or in combinations, are virtually limitless. For example, your hammer can be used as part of the repair of a hole in a boat's hull, or it can be used to make the hole, perhaps in an effort to scuttle the craft. Although the boat may have some opinion, it's safe to say that the tool—the hammer, in this case—is just happy to be used, with no real concern as to the nature of the task.

The routing and service examples covered in subsequent chapters of this book all make use of the PIP and policy tools to solve some requirement specific to the example being discussed in that chapter. Since practical PIP and policy-related applications are provided throughout the remainder of this book, the goal of this chapter is to expose the reader to the general capabilities and configuration of PIP and policy so that subsequent case study examples are fully understood.

The PIP topics include:

• Static, aggregated, and generated routes

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Protocol Independent Properties

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

PIPs are used for a variety of functions, such as static and aggregate routes, protocol preferences, route tables, router ID, and so forth. The range of PIPs is configured at the [edit routing-options] hierarchy.

Although the use of static routing is sometimes considered bad form, especially during a routing-protocol-based practical examination, there are many practical applications for static routes, along with their aggregate/generated counterparts.

Static routing suffers from a general lack of dynamism (though Bidirectional Forwarding Detection [BFD] can mitigate this issue), which often leads to loss of connectivity during network outages due to the inability to reroute. Static routes can quickly become maintenance and administration burdens for networks that have frequent adds, moves, or changes. With that said, static routing is often used at the network edge to support attachment to stub networks, which, given their single point of entry/egress, are well suited to the simplicity of a static route.

Static routes are often used to promote stability through advertisement into a routing protocol, such as BGP, where a single route that is always up is used to represent the connectivity of numerous, more specific routes, which individually may come and go (flap) due to instability in the attached network's infrastructure. By suppressing the specifics in favor of a single static route, the world is shielded from the day-to-day flapping while overall connectivity is preserved.

Static, aggregate, and generated routes are similar in that all are defined statically, and all can have mask lengths that represent super-nets (aggregated network prefixes), or subnets (extending the network ID into the host field of a classful address to gain more networks, each with fewer hosts). As such, there is often confusion about the differences, and why all three types of static routing are needed. summarizes how these route types differ.

Table : Static, aggregate, and generated route comparison

Route type

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Routing Policy

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This section details JUNOS software routing policy operation and configuration. The actual application of policy to solve some specific networking requirement is generally left to the protocol-specific coverage found in subsequent chapters. You configure policy-related options and statements at the [edit policy-options] hierarchy. Routing policy and firewall filters have a similar syntax in JUNOS software. The former deals with routes in the control plane, whereas the latter deals with packets in the data plane.

Simply put, routing policy is used to:

• Control what routes are installed into the route table for possible selection as an active route
• Control what routes are exported from the route table, and into which protocols
• Alter attributes of routes, either at reception or at the time of advertisement to other peers

Given that routing policy is used to control the reception and transmission of routing information and to alter route attributes, it's safe to say that you need routing policy when the default policy does not meet your requirements.

The specifics of the various default policies are covered later, but to provide an example, consider that, by default, directly connected routes are not advertised into any routing protocol; in the case of RIP, not even when RIP is configured to run on those directly connected interfaces. If your goal is to get direct routes advertised into RIP, the default policy obviously does not meet your needs, and a custom policy must be written, and applied, to achieve your goal of redistributing direct routes into RIP.

You can apply policy in one of two places: either at import or at export. Generally speaking, use a command of the form set protocols <protocol-name> import to apply an import policy, or use set protocols <protocol-name> export to apply an export policy. illustrates this concept.

Figure : Policy application and monitoring points

shows routes being received through some protocol, and how import policy serves to filter and adjust route attributes before they are copied into the route table. In contrast, export policy comes into play when routes are being selected from the route table for inclusion in transmitted route updates. Once again, the export policy serves to filter and adjust route attributes to meet the specific needs of the networking environment.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Conclusion

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

JUNOS software PIPs and routing policy may not be very sexy by themselves, but together they form the foundation of virtually all sophisticated network configurations.

The PIP toolbox provides many useful tools that allow you to create static and aggregate routes, create and group route tables, and alter protocol preferences. Routing policy provides a powerful and consistent set of rules and syntax that supplies fine-grained control over the exchange of routes, along with modification of route attributes. Once you understand the basic concepts of import and export policy, you quickly come to appreciate the elegance of being able to perform similar tasks on different protocols, using the same policy framework, rather than a collection of mechanisms such as route maps, distribute lists, network statements, and so on, which may or may not work in a given protocol context.

When combined, PIP and policy yield a powerful mechanism that enables you to bend a network's operation to suit your will. The skills and concepts covered in this chapter are demonstrated throughout the remainder of this book, in various real-world and practical scenarios.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Exam Topics

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

We examined the following Enterprise Exam Topics in this chapter:

• PIPs:
  • Identify static, aggregate, and generated routes.
  • Describe the configuration of static routes.
  • Describe the purpose of the default JUNOS software route tables.
  • Describe global route preference and the concept of a floating static route.
• Routing policy:
  • Identify the two types of policy application.
  • Identify policy components (terms, match conditions, actions, and policy chains).
  • Identify points where routing policy may be applied.
  • Describe the processing of routing policies.
  • Evaluate the result of a given routing policy.