of 262
7/23/2019 630 Ce Routing
1/262
Concepts & ExamplesScreenOS Reference Guide
Routing
Release
6.3.0, Rev.02
Published: 2012-12-10
Revision02
Copyright 2012, Juniper Networks, Inc.
7/23/2019 630 Ce Routing
2/262
Juniper Networks, Inc.1194North Mathilda AvenueSunnyvale, California 94089USA408-745-2000www.juniper.net
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc.in the United
States and other countries. JunosE is a trademark of Juniper Networks, Inc.All othertrademarks, service marks, registered trademarks, or
registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
Products made or sold byJuniper Networks or components thereof might be covered by oneor more of thefollowingpatents that are
owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440,6,192,051, 6,333,650, 6,359,479, 6,406,312,
6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Copyright 2009, Juniper Networks, Inc.
All rights reserved.
Revision History
December 2012Revision 02
Content subject to change. The informationin this document is currentas of thedatelisted in the revisionhistory.
SOFTWARE LICENSE
The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase
order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks.
By using this software, you indicate that you understand and agree to be bound by those termsand conditions.
Generally speaking,the software license restricts the manner in which you are permitted to use the software and may contain prohibitions
against certain uses.The software license may state conditions under which the license is automatically terminated. You should consult
the license for further details.
For complete product documentation, please see the Juniper Networks Website atwww.juniper.net/techpubs.
END USER LICENSE AGREEMENT
The Juniper Networks product that is thesubject of this technical documentationconsists of (or is intended for usewith)Juniper Networks
software. Useof such software is subject to theterms and conditions of theEnd User License Agreement (EULA) posted at
http://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to theterms and conditions
of that EULA.
Copyright 2012, Juniper Networks, Inc.ii
http://www.juniper.net/techpubshttp://www.juniper.net/support/eula.htmlhttp://www.juniper.net/support/eula.htmlhttp://www.juniper.net/techpubs7/23/2019 630 Ce Routing
3/262
Abbreviated Table of Contents
About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Part 1 Routing
Chapter 1 Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Chapter 3 Open Shortest Path First. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Chapter 4 Routing Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83Chapter 5 Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Chapter 6 Policy-Based Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Chapter 7 Multicast Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Chapter 8 Internet Group Management Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Chapter 9 Protocol Independent Multicast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193
Chapter 10 ICMP Router Discovery Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Part 2 Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
iiiCopyright 2012, Juniper Networks, Inc.
7/23/2019 630 Ce Routing
4/262
Copyright 2012, Juniper Networks, Inc.iv
Routing
7/23/2019 630 Ce Routing
5/262
Table of Contents
About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Document Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Document Feedback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv
Requesting Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxiv
Part 1 Routing
Chapter 1 Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
How Static Routing Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
When to Configure Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Configuring Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Setting Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Setting a Static Route for a Tunnel Interface. . . . . . . . . . . . . . . . . . . . . . 10
Adding Descriptions to Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Enabling Gateway Tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Forwarding Traffic to the Null Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Preventing Route Lookup in Other Routing Tables. . . . . . . . . . . . . . . . . . . . . . 12
Preventing Tunnel Traffic from Being Sent on Non-Tunnel Interfaces. . . . . . 13
Preventing Loops Created by Summarized Routes. . . . . . . . . . . . . . . . . . . . . 13
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Permanently Active Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Changing Routing Preference with Equal Cost Multipath. . . . . . . . . . . . . . . . . . . . 14
Chapter 2 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Virtual Router Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Destination-Based Routing Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Route-cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Source-Based Routing Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Source Interface-Based Routing Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
vCopyright 2012, Juniper Networks, Inc.
7/23/2019 630 Ce Routing
6/262
Creating and Modifying Virtual Routers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Modifying Virtual Routers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Assigning a Virtual Router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Forwarding Traffic Between Virtual Routers. . . . . . . . . . . . . . . . . . . . . . . . . . 25
Configuring Two Virtual Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Creating and Deleting Virtual Routers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Creating a Custom Virtual Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Deleting a Custom Virtual Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Dedicating a Virtual Router to Management. . . . . . . . . . . . . . . . . . . . . . . . . . 28
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29Virtual Routers and Virtual Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Creating a Virtual Router in a Vsys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Sharing Routes Between Virtual Routers . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Limiting the Number of Routing Table Entries. . . . . . . . . . . . . . . . . . . . . . . . . 31
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Routing Features and Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Route Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Setting a Route Preference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Route Metrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Changing the Default Route Lookup Sequence. . . . . . . . . . . . . . . . . . . . 34
Route Lookup in Multiple Virtual Routers. . . . . . . . . . . . . . . . . . . . . . . . . 36Configuring Equal Cost Multipath Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Route Redistribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Configuring a Route Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Route Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Configuring an Access List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Redistributing Routes into OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Exporting and Importing Routes Between Virtual Routers. . . . . . . . . . . . . . . 44
Configuring an Export Rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Configuring Automatic Export. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Chapter 3 Open Shortest Path First. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Router Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Hello Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Network Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Broadcast Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Point-to-Point Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Copyright 2012, Juniper Networks, Inc.vi
Routing
7/23/2019 630 Ce Routing
7/262
Point-to-Multipoint Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Link-State Advertisements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Basic OSPF Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Creating and Removing an OSPF Routing Instance. . . . . . . . . . . . . . . . . . . . . 51
Creating an OSPF Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Removing an OSPF Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Creating and Deleting an OSPF Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Creating an OSPF Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Deleting an OSPF Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Assigning Interfaces to an OSPF Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Assigning Interfaces to Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Configuring an Area Range. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Enabling OSPF on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Enabling OSPF on Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Disabling OSPF on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Verifying the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Redistributing Routes into Routing Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . .57WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Summarizing Redistributed Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Summarizing Redistributed Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Global OSPF Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Advertising the Default Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Virtual Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Creating a Virtual Link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Creating an Automatic Virtual Link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Setting OSPF Interface Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Authenticating Neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Configuring a Clear-Text Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Configuring an MD5 Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Configuring an OSPF Neighbor List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Rejecting Default Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Protecting Against Flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Configuring the Hello Threshold. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Configuring the LSA Threshold. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Enabling Reduced Flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
viiCopyright 2012, Juniper Networks, Inc.
Table of Contents
7/23/2019 630 Ce Routing
8/262
Creating an OSPF Demand Circuit on a Tunnel Interface. . . . . . . . . . . . . . . . . . . 69
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Point-to-Multipoint Tunnel Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Setting the OSPF Link-Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Disabling the Route-Deny Restriction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Creating a Point-to-Multipoint Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
WebUI (Central Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
CLI (Central Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
WebUI (Remote Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
CLI (Remote Office Device) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
OSPFv3 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Multiple OSPFv3 Instances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
OSPFv3 Route Preference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
OSPFv3 Router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
OSPFv3 Area Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
OSPFv3 Interface Paramters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Route Redistribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuring OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
To enable OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
To create an OSPFv3 area with area-id 10. . . . . . . . . . . . . . . . . . . . . . . . 79
To Assign Interfaces to OSPFv3 Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . 79
To Configure Area Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
To redistribute routes from BGP to OSPFv3 . . . . . . . . . . . . . . . . . . . . . . .80To configure OSPFv3 interface parameters. . . . . . . . . . . . . . . . . . . . . . .80
Monitoring OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Chapter 4 Routing Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Basic RIP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Creating and Deleting a RIP Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Creating a RIP Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Deleting a RIP Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Enabling and Disabling RIP on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Enabling RIP on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Disabling RIP on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Redistributing Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Copyright 2012, Juniper Networks, Inc.viii
Routing
7/23/2019 630 Ce Routing
9/262
Viewing RIP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Viewing the RIP Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Viewing RIP Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Viewing RIP Neighbor Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Viewing RIP Details for a Specific Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Global RIP Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Advertising the Default Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93Configuring RIP Interface Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Authenticating Neighbors by Setting a Password. . . . . . . . . . . . . . . . . . . . . . 95
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96
Configuring Trusted Neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96
Rejecting Default Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Protecting Against Flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring an Update Threshold. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Enabling RIP on Tunnel Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Optional RIP Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Setting the RIP Version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Enabling and Disabling a Prefix Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Enabling a Prefix Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Disabling a Prefix Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Setting Alternate Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Demand Circuits on Tunnel Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Configuring a Static Neighbor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
ixCopyright 2012, Juniper Networks, Inc.
Table of Contents
7/23/2019 630 Ce Routing
10/262
Configuring a Point-to-Multipoint Tunnel Interface. . . . . . . . . . . . . . . . . . . . . . . 104
WebUI (Central Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
CLI (Central Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
WebUI (Remote Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
CLI (Remote Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Chapter 5 Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Multiprotocol BGP for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Types of BGP Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Path Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
External and Internal BGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Basic BGP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Creating and Enabling a BGP Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Creating a BGP Routing Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Removing a BGP Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Enabling and Disabling BGP on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . 116Enabling BGP on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116
Disabling BGP on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Configuring BGP Peers and Peer Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Configuring a BGP Peer (IPv4). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Configuring a BGP Peer (IPv6). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Configuring an IBGP Peer Group (IPv4). . . . . . . . . . . . . . . . . . . . . . . . . 120
Configuring an IBGP Peer Group (IPv6). . . . . . . . . . . . . . . . . . . . . . . . . . 121
Verifying the BGP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Viewing BGP Advertised and Received Routes for Neighbors. . . . . . . . . . . . 123
Enabling BGP Address Families for Neighbors. . . . . . . . . . . . . . . . . . . . . . . .124
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
AdvertisingIPv6 Routes Between IPv4BGP Peersand IPv4Routes Between
IPv6 BGP Peers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Security Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Authenticating BGP Neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Rejecting Default Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Optional BGP Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Redistributing Routes into BGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Maximum Routes for Redistribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Configuring an AS-Path Access List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Copyright 2012, Juniper Networks, Inc.x
Routing
7/23/2019 630 Ce Routing
11/262
Adding Routes to BGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Conditional Route Advertisement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Setting the Route Weight. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Setting Route Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Route-Refresh Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Requesting an Inbound Routing Table Update. . . . . . . . . . . . . . . . . . . . 134
Requesting an Outbound Routing Table Update. . . . . . . . . . . . . . . . . . 134
Configuring Route Reflection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Configuring a Confederation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
BGP Communities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Route Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Aggregating Routes with Different AS Paths. . . . . . . . . . . . . . . . . . . . . 140
Suppressing More-Specific Routes in Updates. . . . . . . . . . . . . . . . . . . . 141Selecting Routes for Path Attribute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Changing Attributes of an Aggregated Route. . . . . . . . . . . . . . . . . . . . . 143
Chapter 6 Policy-Based Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Policy Based Routing Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Extended Access-Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Match Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Action Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Route Lookup with PBR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Configuring PBR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Configuring an Extended Access List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Configuring a Match Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Configuring an Action Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
Configuring a PBR Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
Binding a PBR Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Binding a PBR Policy to an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Binding a PBR Policy to a Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Binding a PBR Policy to a Virtual Router. . . . . . . . . . . . . . . . . . . . . . . . .152
Viewing PBR Output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Viewing an Extended Access List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
CLI 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
xiCopyright 2012, Juniper Networks, Inc.
Table of Contents
7/23/2019 630 Ce Routing
12/262
CLI 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Viewing a Match Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Viewing an Action Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
CLI 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
CLI 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Viewing a PBR Policy Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Viewing a Complete PBR Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Advanced PBR Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156PBR Elements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Extended Access Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Match Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Action Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
PBR Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Interface Binding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Advanced PBR with High Availability and Scalability. . . . . . . . . . . . . . . . . . . . . . 159
Resilient PBR Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Scalable PBR Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Chapter 7 Multicast Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Multicast Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Reverse Path Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Multicast Routing on Security Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Multicast Routing Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Configuring a Static Multicast Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Access Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Configuring Generic Routing Encapsulation on Tunnel Interfaces. . . . . . . .164
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Multicast Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Copyright 2012, Juniper Networks, Inc.xii
Routing
7/23/2019 630 Ce Routing
13/262
Chapter 8 Internet Group Management Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Multicast Routers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
IGMP on Security Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Enabling and Disabling IGMP on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Enabling IGMP on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Disabling IGMP on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Configuring an Access List for Accepted Groups. . . . . . . . . . . . . . . . . . . . . . 172
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Configuring IGMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Verifying an IGMP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
IGMP Operational Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
IGMP Proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Membership Reports Upstream to the Source. . . . . . . . . . . . . . . . . . . . . . . .177
Configuring IGMP Proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Configuring IGMP Proxy on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Multicast Policies for IGMP and IGMP Proxy Configurations. . . . . . . . . . . . . 180
Creating a Multicast Group Policy for IGMP. . . . . . . . . . . . . . . . . . . . . . 180
Creating an IGMP Proxy Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Setting Up an IGMP Sender Proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
WebUI (NS2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188CLI (NS2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190
Chapter 9 Protocol Independent Multicast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Multicast Distribution Trees. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Designated Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Mapping Rendezvous Points to Groups. . . . . . . . . . . . . . . . . . . . . . . . . 196
Forwarding Traffic on the Distribution Tree. . . . . . . . . . . . . . . . . . . . . . . 197
PIM-SSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Configuring PIM-SM on Security Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Enabling and Deleting a PIM-SM Instance for a VR. . . . . . . . . . . . . . . . . . . 200
Enabling PIM-SM Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Deleting a PIM-SM Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Enabling and Disabling PIM-SM on Interfaces. . . . . . . . . . . . . . . . . . . . . . .200
Enabling PIM-SM on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Disabling PIM-SM on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Multicast Group Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Static-RP-BSR Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Join-Prune Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
xiiiCopyright 2012, Juniper Networks, Inc.
Table of Contents
7/23/2019 630 Ce Routing
14/262
Defining a Multicast Group Policy for PIM-SM. . . . . . . . . . . . . . . . . . . . 202
Setting a Basic PIM-SM Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Verifying the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Configuring Rendezvous Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Configuring a Static Rendezvous Point. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Configuring a Candidate Rendezvous Point. . . . . . . . . . . . . . . . . . . . . . . . . . 210
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210
Security Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Restricting Multicast Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
Restricting Multicast Sources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Restricting Rendezvous Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
PIM-SM Interface Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213
Defining a Neighbor Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Defining a Bootstrap Border. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214
CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Configuring a Proxy Rendezvous Point. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
WebUI (NS1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
WebUI (NS2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
CLI (NS1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
CLI (NS2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
PIM-SM and IGMPv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Chapter 10 ICMP Router Discovery Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Configuring ICMP Router Discovery Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Enabling ICMP Router Discovery Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . 226
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226
Configuring ICMP Router Discovery Protocol from the WebUI. . . . . . . . . . . 227
Configuring ICMP Router Discovery Protocol from the CLI. . . . . . . . . . . . . . 227
Advertising an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Broadcasting the Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Setting a Maximum Advertisement Interval. . . . . . . . . . . . . . . . . . . . . . 228
Setting a Minimum Advertisement Interval. . . . . . . . . . . . . . . . . . . . . .228
Setting an Advertisement Lifetime Value. . . . . . . . . . . . . . . . . . . . . . . .228
Copyright 2012, Juniper Networks, Inc.xiv
Routing
7/23/2019 630 Ce Routing
15/262
Setting a Response Delay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Setting an Initial Advertisement Interval. . . . . . . . . . . . . . . . . . . . . . . . 229
Setting a Number of Initial Advertisement Packets. . . . . . . . . . . . . . . . 229
Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Disabling IRDP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Viewing IRDP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
CLI 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
CLI2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Part 2 Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
xvCopyright 2012, Juniper Networks, Inc.
Table of Contents
7/23/2019 630 Ce Routing
16/262
Copyright 2012, Juniper Networks, Inc.xvi
Routing
7/23/2019 630 Ce Routing
17/262
List of Figures
About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Figure 1: Images in Illustrations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv
Part 1 Routing
Chapter 1 Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 2: Static Routing Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Figure 3: Static Route Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Figure 4: Static Route for a Tunnel Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Chapter 2 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Figure 5: Route-cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Figure 6: Source-Based Routing Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Figure 7: Source Interface-Based Routing Example. . . . . . . . . . . . . . . . . . . . . . . . 23
Figure 8: Virtual Routers Within a Vsys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Figure 9: Default Route Lookup Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Figure 10: Route Lookup in Multiple VRs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Chapter 3 Open Shortest Path First. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Figure 11: OSPF Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Figure 12: Creating a Virtual Link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Figure 13: Point-to-MultiPoint Network Example. . . . . . . . . . . . . . . . . . . . . . . . . . 72
Chapter 4 Routing Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Figure 14: Tunnel Interface with RIP Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Figure 15: Point-to-MultiPoint with Tunnel Interface Network Example. . . . . . . 106
Chapter 5 Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Figure 16: IPv4 BGP Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Figure 17: Conditional BGP Route Advertisement Example. . . . . . . . . . . . . . . . . .132
Figure 18: BGP Route Reflection Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Figure 19: BGP Confederations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Figure 20: BGP Confederation Configuration Example. . . . . . . . . . . . . . . . . . . . . 138
Chapter 6 Policy-Based Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Figure 21: Routing HTTP and HTTPS Traffic with Policy Based Routing. . . . . . . 148
Figure 22: Selective Routing by Traffic Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Chapter 7 Multicast Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Figure 23: Reverse Path Forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Figure 24: GRE on Tunnel Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Chapter 8 Internet Group Management Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
xviiCopyright 2012, Juniper Networks, Inc.
7/23/2019 630 Ce Routing
18/262
Figure 25: IGMP Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Figure 26: IGMP Proxy Host Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Figure 27: IGMP Proxy Configuration Between Two Devices. . . . . . . . . . . . . . . . .181
Figure 28: IGMP Sender Proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Figure 29: IGMP Sender Proxy Network Example. . . . . . . . . . . . . . . . . . . . . . . . . 188
Chapter 9 Protocol Independent Multicast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193
Figure 30: IGMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Figure 31: PIM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Figure 32: Source Sending Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Figure 33: Host Joining a Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Figure 34: Basic PIM-SM Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Figure 35: Proxy Rendezvous Point Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Figure 36: Proxy RP Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Copyright 2012, Juniper Networks, Inc.xviii
Routing
7/23/2019 630 Ce Routing
19/262
List of Tables
Part 1 Routing
Chapter 1 Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Table 1: Routing Table Summary for Routers X, Y, and Z. . . . . . . . . . . . . . . . . . . . . 4
Chapter 2 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Table 2: Default Route Preference Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Table 3: Route Map Match Conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Table 4: Route Map Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Chapter 3 Open Shortest Path First. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Table 5: LSA Types and Content Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Table 6: OSPF Areas Parameters and Default Values. . . . . . . . . . . . . . . . . . . . . .53
Table 7: Global OSPF Parameters and Default Values. . . . . . . . . . . . . . . . . . . . . . 59
Table 8: Optional Parameters for Virtual Links. . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Table 9: Optional OSPF Interface Parameters and Default Values. . . . . . . . . . . . 63
Table 10: OSPFv3 Route Preference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Table 11: OSPFv3 Interface Paramters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Table 12: OSPFv3 get commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Chapter 4 Routing Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Table 13: Global RIP Parameters and Default Values. . . . . . . . . . . . . . . . . . . . . . .91Table 14: RIP Interface Parameters and Default Values. . . . . . . . . . . . . . . . . . . . . 93
Table 15: Troubleshooting the Demand Circuit Retransmit Timer . . . . . . . . . . . . 104
Chapter 5 Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Table 16: BGP Peer and Peer Group Parameters and Default Values. . . . . . . . . .118
Table 17: Optional BGP Parameters and Default Values. . . . . . . . . . . . . . . . . . . . 128
Chapter 6 Policy-Based Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Table 18: Interface Configuration for Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Chapter 8 Internet Group Management Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Table 19: IGMP Host Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Table 20: IGMP Querier Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Table 21: IGMP Querier Interface Parameters and Default Values . . . . . . . . . . . . . 175
Chapter 9 Protocol Independent Multicast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193
Table 22: PIM-SIM Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Chapter 10 ICMP Router Discovery Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Table 23: IRDP WebUI Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
xixCopyright 2012, Juniper Networks, Inc.
7/23/2019 630 Ce Routing
20/262
Copyright 2012, Juniper Networks, Inc.xx
Routing
7/23/2019 630 Ce Routing
21/262
About This Guide
Routing contains the following chapters:
Static Routing on page 3 explains route tables and how to configure static routes
for destination-basedrouting, SourceInterface-BasedRouting (SIBR),or source-based
routing.
Routing on page 15 explains how to configure virtual routers on security devices and
how to redistribute routing table entries between protocols or between virtual routers.
Open Shortest Path First on page 47 describes how to configure the OSPF dynamic
routing protocol on security devices.
Routing Information Protocol on page 83 explains how to configure Routing
Information Protocol l (RIP).
Border Gateway Protocol on page 111 explains how to configure Border Gateway
Protocol (BGP).
Policy-BasedRoutingon page145 describespolicybased routing (PBR).PBR provides
a flexible routingmechanism fordata forwarding overnetworks that rely on Application
Layer support such as for antivirus (AV), deep inspection (DI), or Web filtering.
Multicast Routing on page 161 explains multicast routing basics, including how to
configure static multicast routes.
Internet Group Management Protocolon page 169explains howto configure Internet
Group Management Protocol (IGMP).
Protocol Independent Multicast on page 193 explains how to configure Protocol
Independent Multicast-Sparse Mode (PIM-SM) and Protocol Independent
Multicast-Source Specific Multicast (PIM-SSM).
ICMPRouterDiscoveryProtocol on page225 explains howto setup an InternetControl
Message Protocol (ICMP) exchange between a host and a router.
Document Conventions on page xxi
Document Feedback on page xxiv
Requesting Technical Support on page xxiv
Document Conventions
This document uses the conventions described in the following sections:
xxiCopyright 2012, Juniper Networks, Inc.
7/23/2019 630 Ce Routing
22/262
Web User Interface Conventions on page xxii
Command Line Interface Conventions on page xxii
Naming Conventions and Character Types on page xxiii
Illustration Conventions on page xxiii
Web User Interface
Conventions
TheWeb userinterface(WebUI) containsa navigational path and configuration settings.
To enter configuration settings, begin by clicking a menu item in the navigation tree on
the left side of the screen. As you proceed, your navigation path appears at the top of
the screen, with each page separated by angle brackets.
The following example shows the WebUI path and parameters for defining an address:
Policy > Policy Elements > Addresses > List > New: Enter the following, then click OK:
Address Name: addr_1
IP Address/Domain Name:
IP/Netmask: (select), 10.2.2.5/32
Zone: Untrust
To open Online Help for configuration settings, click the question mark (?) in the upper
right of the screen.
The navigation tree also provides a Help > Config Guide configuration page to help you
configure security policies and Internet Protocol Security (IPSec). Select an option from
the list, and follow the instructions on the page. Click the ? character in the upper right
for Online Help on the Config Guide.
Command Line
Interface Conventions
The following conventions are used to present the syntax of command line interface
(CLI) commands in text and examples.
In text, commands are in boldface type and variables are in italic type.
In examples:
Variables are in italic type.
Anything inside square brackets [ ] is optional.
Anything inside braces { } is required.
If there is more than one choice, each choice is separated by a pipe ( | ). For example,
the following command means set the management options for the ethernet1, the
ethernet2, orthe ethernet3 interface:
set interface { ethernet1 | ethernet2 | ethernet3 } manage
NOTE: When entering a keyword, you only have to type enough letters to
identify the word uniquely. Typing set adm u whee j12fmt54 will enter the
command set admin user wheezer j12fmt54. However, all the commands
documented in this guide are presented in their entirety.
Copyright 2012, Juniper Networks, Inc.xxii
Routing
7/23/2019 630 Ce Routing
23/262
Naming Conventions
and Character Types
ScreenOS employs the following conventions regarding the names of objectssuch as
addresses, admin users, auth servers, IKE gateways, virtual systems, VPN tunnels, and
zonesdefined in ScreenOS configurations:
If a name string includes oneor more spaces, theentire stringmust be enclosed withindouble quotes; for example:
set address trust local LAN 10.1.1.0/24
Any leading spaces or trailing text within a set of double quotes are trimmed; for
example, localLAN becomes local LAN.
Multiple consecutive spaces are treated as a single space.
Name strings are case-sensitive, although many CLI keywords are case-insensitive.
For example, local LAN is different from local lan.
ScreenOS supports the following character types:
Single-byte charactersets (SBCS) and multiple-bytecharactersets(MBCS). Examplesof SBCS are ASCII, European, and Hebrew. Examples of MBCSalso referred to as
double-byte character sets (DBCS)are Chinese, Korean, and Japanese.
ASCII characters from 32 (0x20 in hexadecimals) to 255 (0xff), except double quotes
( ), which have special significanceas an indicator of the beginning or end of a name
string that includes spaces.
NOTE: A console connection only supports SBCS. The WebUI supports
both SBCS and MBCS, depending on the character sets that your browser
supports.
Illustration
Conventions
Figure 1 on page xxiv shows the basic set of images used in illustrations throughout this
guide.
xxiiiCopyright 2012, Juniper Networks, Inc.
About This Guide
7/23/2019 630 Ce Routing
24/262
Figure 1: Images in Illustrations
Document Feedback
If you find any errors or omissions in this document, contact Juniper Networks at
Requesting Technical Support
Technical product supportis availablethrough the JuniperNetworks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
or are covered under warranty, and need postsales technical support, you can access
our tools and resources online or open a case with JTAC.
JTAC policiesFor a complete understanding of our JTAC procedures and policies,
review theJTAC User Guide located at
http://www.juniper.net/customers/support/downloads/710059.pdf.
Product warrantiesFor product warranty information, visit
http://www.juniper.net/support/warranty/.
JTAC hours of operationThe JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Copyright 2012, Juniper Networks, Inc.xxiv
Routing
http://www.juniper.net/customers/support/downloads/710059.pdfhttp://www.juniper.net/support/warranty/http://www.juniper.net/support/warranty/http://www.juniper.net/customers/support/downloads/710059.pdf7/23/2019 630 Ce Routing
25/262
Self-Help Online Tools
and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) thatprovides you withthe
following features:
Find CSC offerings http://www.juniper.net/customers/support/
Search for known bugsFind product
documentationhttp://www.juniper.net/techpubs/
Find solutions and answer questions usingour KnowledgeBase http://kb.juniper.net/
Download the latest versions of software and review your release notes
http://www.juniper.net/customers/csc/software/
Search technical bulletins for relevant hardware and software
notificationshttp://www.juniper.net/alerts/
Join and participate in the Juniper Networks Community Forum
http://www.juniper.net/company/communities/
Open a case online in the CSC Case Manager
http://www.juniper.net/customers/cm/
To verify service entitlement by product serial number, use our Serial Number
Entitlement (SNE) Tool
https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Case with
JTAC
You can open a case with JTAC on the Web or by telephone.
Use the Case Manager tool in the CSC at http://www.juniper.net/customers/cm/.
Call 1-888-314-JTAC (1-888-314-5822toll free in USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, visit us at
http://www.juniper.net/customers/support/requesting-support/.
xxvCopyright 2012, Juniper Networks, Inc.
About This Guide
http://www.juniper.net/customers/support/http://www.juniper.net/techpubs/http://kb.juniper.net/http://www.juniper.net/customers/csc/software/http://www.juniper.net/alerts/http://www.juniper.net/company/communities/http://www.juniper.net/customers/cm/https://tools.juniper.net/SerialNumberEntitlementSearch/http://www.juniper.net/customers/cm/http://www.juniper.net/customers/support/requesting-support/http://www.juniper.net/customers/support/requesting-support/http://www.juniper.net/customers/cm/https://tools.juniper.net/SerialNumberEntitlementSearch/http://www.juniper.net/customers/cm/http://www.juniper.net/company/communities/http://www.juniper.net/alerts/http://www.juniper.net/customers/csc/software/http://kb.juniper.net/http://www.juniper.net/techpubs/http://www.juniper.net/customers/support/7/23/2019 630 Ce Routing
26/262
Copyright 2012, Juniper Networks, Inc.xxvi
Routing
7/23/2019 630 Ce Routing
27/262
PART 1
Routing
Static Routing on page 3
Routing on page 15
Open Shortest Path First on page 47
Routing Information Protocol on page 83
Border Gateway Protocol on page 111
Policy-Based Routing on page 145
Multicast Routing on page 161
Internet Group Management Protocol on page 169
Protocol Independent Multicast on page 193
ICMP Router Discovery Protocol on page 225
1Copyright 2012, Juniper Networks, Inc.
7/23/2019 630 Ce Routing
28/262
Copyright 2012, Juniper Networks, Inc.2
Routing
7/23/2019 630 Ce Routing
29/262
CHAPTER 1
Static Routing
This chapter discusses static routing and explains when and how to set up static routes.
It contains the following sections:
Overview on page 3
Forwarding Traffic to the Null Interface on page 12
Permanently Active Routes on page 14
Changing Routing Preference with Equal Cost Multipath on page 14
Overview
A static route is a manually configured mapping of an IP network address to a next-hop
destination (another router) that you define on a Layer 3 forwarding device, such as a
router.
For a network that has few connections to other networks, or for networks where
inter-network connections are relatively unchanging, it is usually more efficient to define
static routes rather than dynamicroutes. ScreenOSretains static routes untilyouexplicitly
remove them. However, you can override static routes with dynamic route information
if necessary.
You can view static routes in the ScreenOS routing table. To force load-balancing, you
can configure Equal Cost Multi-Path (ECMP). To only use active gateways, you can set
gateway tracking.
You should set at least a null route as a default route (network address 0.0.0.0/0). A
default route is a catch-all entry for packets that are destined for networks other than
those defined in the routing table.
How Static Routing Works
When a host sends packets to another host that resides on a different network, each
packet header contains the address of the destination host. When a router receives a
packet, it compares the destination address to all addresses contained in its routing
table. The router selects the most specific route in the routing table to the destination
address and, from the selected route entry, determines the next-hop to forward the
packet.
3Copyright 2012, Juniper Networks, Inc.
7/23/2019 630 Ce Routing
30/262
NOTE: The most specific route is determined by first performing a bit-wise
logical AND of the destination address and network mask for each entry in
theroutingtable. Forexample, a bit-wise logical ANDof theIP address10.1.1.1
with the subnet mask 255.255.255.0is 10.1.1.0. The route thathas the highest
number of bits set to 1 in the subnet mask is the most specific route (also
called the longest matching route).
Figure 2 onpage 4 represents a network that uses static routing and a sample IP packet.
In this example, host 1 in network A wants toreach host 2 in network C. The packet to be
sent contains the following data in the header:
Source IP address
Destination IP address
Payload (message)
Figure 2: Static Routing Example
Router X
Host 1 Host 2
Network A Network CNetwork B
Router Y
SRCIP
Host 1 Host 2 Payload
DSTIP
Router Z
Table 1 on page 4 summarizes the routing table of each router.
Table 1: Routing Table Summary for Routers X, Y, and Z
Router ZRouter YRouter X
GatewayNetworkGatewayNetworkGatewayNetwork
Router XNet ARouter XNet AConnectedNet A
ConnectedNet BConnectedNet BConnectedNet B
ConnectedNet CConnectedNet CRouter YNet C
In Table1 onpage 4, router X has a staticroute configured for network C with thegateway
(next-hop) as router Y. When router X receives the packet destined for host 2 in network
C, it compares the destination address in the packet with its routing table and finds that
the last route entry in the table is the most specific route to the destination address. The
last route entry specifies to send traffic destined for network C to router Y for delivery.
Router Y receives the packet, and,becauseit knows thatnetwork C is directly connected,
it sends the packet through the interface connected to that network.
Copyright 2012, Juniper Networks, Inc.4
Routing
7/23/2019 630 Ce Routing
31/262
If router Y fails, or if the link between router Y and network C is unavailable, the packet
cannot reach host 2. While there is another route for network C through router Z, that
route has not been statically configured on router X, so router X does not detect the
alternate route.
When to Configure Static Routes
You need todefineatleasta few staticroutesevenwhen using dynamicroutingprotocols.
You need to define static routes for conditions such as the following:
You need to define a static route to adda default route (0.0.0.0/0) to therouting table
for a virtual router (VR). For example, if you are using two VRs on the same security
device, the trust-vr routing table could contain a default route that specifies the
untrust-vr as thenext hop.This allows trafficfordestinationsthat arenot in thetrust-vr
routing table to be routed to the untrust-vr. You can also define a default route in the
untrust-vr to route to a specific IP address traffic for destinations not found in the
untrust-vr routing table.
If a network is not directly connected to the security device but is accessible through
a router from an interface within a VR, you need to define a static route for thenetwork
with the IP address of the router. For example, the Untrust zone interface can be on a
subnetwithtwo routers that each connect todifferent Internet service providers(ISPs).
You must define which router to use for forwarding traffic to specific ISPs.
If you are using two VRs on the same security device, and inbound traffic arrives on an
untrust-vr interface that is destined for a network connected to a trust-vr interface,
you need to define a static entry in the untrust-vr routing table for the destination
network with the trust-vr as the next hop. You can avoid setting a static route in this
case by exporting the routes in the trust-vr to the untrust-vr.
When the device is in transparent mode, you must define static routes that direct
management traffic originating from the device itself (as opposed to user traffic
traversing the firewall) to remote destinations. For example, you need to define static
routes directing syslog, SNMP, and WebTrends messages to a remote administrators
address. You mustalsodefine routes that directauthentication requeststo theRADIUS,
SecurID, and LDAP servers, and URL checks to the Websense server.
NOTE: When the security device is in transparent mode, you must define
a static route formanagement trafficfrom thedevice even if the destination
is on the same subnet as the device.
For outbound Virtual Private Network (VPN) traffic where there is more than one
outgoing interfaceto thedestination,you need toseta routefordirecting the outbound
traffic through the desired interface to the external router.
If an interface for a security zone in the trust-vr is NAT, and if you configured a Mapped
IP (MIP) or Virtual IP (VIP) on that interface to receive incoming traffic from a source
5Copyright 2012, Juniper Networks, Inc.
Chapter 1: Static Routing
7/23/2019 630 Ce Routing
32/262
in the untrust-vr routing domain, then you must create a route to the MIP or VIP in the
untrust-vr that points to the trust-vr as the gateway.
By default, the security device uses destination IP addresses to find the best route on
which to forward packets. You can also enable source-based or SIBR tables on a VR.Both source-based and SIBR tables contain static routes that you configure on theVR.
Configuring Static Routes
To configure a static route, you need to define the following:
Virtual router (VR) to which the route belongs.
IP address and netmask of the destination network.
Next hop for the route, which can be either another VR on the security device or a
gateway (router) IP address. If you specify another VR, make sure that an entry for the
destination network exists in the routing table of that VR.
The interface through which the routed traffic is forwarded. The interface can be any
ScreenOS-supported interface,such as a physical interface (for example, ethernet1/2)
or a tunnel interface. You can also specify the Null interface for certain applications.
See Forwarding Traffic to the Null Interface on page 12.
Optionally, you can define the following elements:
Route metric is used to select the active route when there are multiple routes to the
same destination network, all with the same preference value. The default metric for
static routes is 1.
Route tag is a value that can be used asa filter when redistributingroutes. Forexample,
you can chooseto importinto a VR only those routes that contain specified tag values.
Preference value for the route. By default, all static routes have the same preference
value, which is set in the VR.
Whether the route is permanent (kept active even if the forwarding interface is down
or the IP address is removed from the interface).
This section contains the following examples:
Setting Static Routes on page 6
Setting a Static Route for a Tunnel Interface on page 10
Setting Static Routes
In Figure3 onpage 8, a security device operating with its Trust zone interface in Network
Address Translation (NAT) mode protects a multilevel network. There is both local and
remote management (via Network and Security Manager). The security device sends
SNMP traps and syslog reports to the local administrator (located on a network in the
Trust zone) and it sends Network and Security Manager (NSM) reports to the remote
administrator (located on a network in the Untrust zone). The device uses a SecurID
server in the Demilitarized Zone (DMZ) to authenticate users and a Websense server in
the Trust zone to perform Web filtering.
Copyright 2012, Juniper Networks, Inc.6
Routing
7/23/2019 630 Ce Routing
33/262
NOTE: The following zones must be bound before this example can