book

Juniper Networks Warrior

by Peter Southwick

November 2012

Intermediate to advanced

432 pages

11h 5m

English

O'Reilly Media, Inc.

Read now

Unlock full access

What Is the New Network Platform Architecture?How to Use This BookWhat’s in This Book?A Note About This BookConventions Used in This BookUsing Code ExamplesSafari® Books OnlineHow to Contact UsAcknowledgments
Company ProfileNetworkTraffic FlowNeed for ChangeClass of ServiceDesign Trade-OffsRouting and survivabilityRemote locationsMain locationClass of serviceImplementationPrototype PhaseClass of ServiceCut-OverMain SiteRemote Site JAXRemote Sites PHL and IADBackup Site BNAConclusions
IDP8200 BackgroundCommand-Line InterfaceWeb Management InterfaceNSM ManagementSupport TasksDaily TasksIDP PoliciesRulebase OptimizationOther TasksUpdating the detector engineUpdating IDP appliance OSUpdating attacksConclusion
DiscussionDesign Trade-OffsDecisionConfigurationTake One Configuration: ClusteringTake 2 Configuration: Active/Active without RethsTake 3 Configuration: Active/Active with One-Legged RethsTestingSummary
ProblemQ-in-Q FramingVPLS OverheadSolutionsRFC 4623Customer MTU restrictionsMove the MTUConfigurationsManagementlo0.0AccessProtocolsMPLSBGPOSPFCore Router ConfigurationsDistribution Switch ConfigurationsDistribution Router ConfigurationsRate ControlCPE Switch ConfigurationConclusion
ObjectiveDesignTrade-offsRoutingIBR integrationIDPFilter-based forwardingClusteringConfigurationClusteringSecurityRouting instancesInterfaces, zones, and policiesNATSecurity loggingRoutingBGPOSPFDefault routeOut-of-band management networkImplementationLessons LearnedFeature interactionsNetwork interactionsAdministrative issuesConclusion
Company ProfilePhysical Network TopologyServicesDesign ApproachMX connectivityEX connectivityDeploymentManagement networkDesign Trade-OffsOSPFVPLSBGPMPLSTrade-off choicesConfigurationsBoilerplate ConfigurationMX InterfacesEX Boilerplate and InterfacesOSPFMBGPMPLSRSVPLayer 3 VPNVPLSOBMConclusion
IntroductionClient GoalsDesign Trade-OffsFirewallsRoutingAddressingSurvivabilityRecommended DesignSwitching LayerRouting LayerFirewall LayerVirtualizationConfigurationsEX4200 ConfigurationMX240 ConfigurationFirewall ConfigurationDeploymentInitial ConnectivityThe Maintenance WindowPCI ComplianceSummary

Existing DesignIntroduction to Fibre ChannelProposed DesignConcerns and ResolutionsNamingNetwork qualityNetwork UpgradeAdvantages and Benefits of the SolutionQFX3500 Fibre Channel Gateway ConfigurationsManagement ConfigurationsFibre Channel Gateway Interface ConfigurationDCB ConfigurationEX4500 Transit Switch ConfigurationsInterfaces and VLANsTransit Switch DCB ConfigurationVerificationConclusions
Plans and TopologyPhase 1MX ConfigurationManagement ConfigurationRouting Engine ProtectionPolicy ConfigurationsPrefer to receive an aggregate of the locally assigned addressesNo subnets longer than /24No RFC 1918 prefixesAuthentication on all BGP linksThe ISPs will ignore the use of MEDsThe ISPs will respond to local preferenceThe ISPs will forward a default route if requiredThe ISPs will accept prepending only for the local ASThe ISP will not act as a transit network for any other traffic except for its customersProtocol ConfigurationsOSPFBGPPhase 2Final PhasesConclusion
Original Network ArchitectureWAN ConnectivityAddressingInternal ConnectivityFirewallsProblem DefinitionProposed Solution 1Solution 1 AdvantagesSolution 1 DetailsSolution 1 IssuesProposed Solution 2: OSPF over TunnelsEarly Death of Solution 2Configuration for Solution 2Final Solution: Static Routes over TunnelsSolution AdvantagesSolution IssuesRPF checksDefault gateway failure detectionEmail Server Address ResolutionFirewall ConfigurationsConclusion
RequirementsExisting NetworkRouting ProtocolsSolution OptionsThree-Layer DesignTwo-Layer DesignOne-Tier DesignConfigurationsDeployment ScenarioManagement Staging and TestingTop-of-Rack Switch TestingISP Link TestingProduction ConfigurationCut-OverConclusion

Content preview from Juniper Networks Warrior

Chapter 1. An Enterprise VPN

This book describes the jobs that I and other networking engineers have performed on client networks over the past few years. We are considered network warriors because of the way that we attack networking challenges and solve issues for our clients. Network warriors come from different backgrounds, including service provider routing, security, and the enterprise. They are experts on many different types of equipment: Cisco, Checkpoint, and Extreme, to name a few. A warrior may be a member of the client’s networking staff, drafted in for a period of time to be part of the solution, but more often than not, the warriors are transient engineers brought into the client’s location.

This book offers a glimpse into the workings of a Juniper Networks warrior. We work in tribes, groups of aligned warriors working with a client toward a set of common goals. Typically technical, commonly political, and almost always economical, these goals are our guides and our measures of success.

Note

To help you get the picture, a quote from the 1970 movie M*A*S*H is just about right for us network warriors: “We are the Pros from Dover and we figure to crack this kid’s chest and get off to the golf course before it gets dark.” Well, not really, but the sentiment is there. We are here to get the job done!

Over the past four years, I have been privileged to team with talented network engineers in a large number of engagements, using a tribal approach to problem solving and design ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

OSPF and IS-IS: Choosing an IGP for Large-Scale Networks

Publisher Resources

ISBN: 9781449361709Errata

Juniper Networks Warrior

by Peter Southwick

Chapter 1. An Enterprise VPN

Note

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

OSPF and IS-IS: Choosing an IGP for Large-Scale Networks

Cisco Networks: Engineers' Handbook of Routing, Switching, and Security with IOS, NX-OS, and ASA

Juniper SRX Series

Configuring Arista Network Switches

Publisher Resources

Chapter 1. An Enterprise VPN

Note

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

OSPF and IS-IS: Choosing an IGP for Large-Scale Networks

Cisco Networks: Engineers' Handbook of Routing, Switching, and Security with IOS, NX-OS, and ASA

Juniper SRX Series

Configuring Arista Network Switches

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.