Date post: | 02-Nov-2014 |
Category: |
Technology |
Upload: | nam-nguyen |
View: | 280 times |
Download: | 4 times |
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Juniper NetworksNetworking Essentials
Module 1: TCP/IP Internetworking
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you will be able to:
– Identify the components of an internetwork and explain the role of each component
– Explain how packets are routed on a TCP/IP network– Describe the role of an IP address on an internetwork
Copyright © 2003, Juniper Networks, Inc.
Internetwork Example
Network 2
192.168.2.0
Network 1
192.168.1.0
Copyright © 2003, Juniper Networks, Inc.
Local-Area Networks
A computer network that spans a small area Confined to a single building or corporate campus Can connect to other LANs through telephone lines and
wireless connections LAN characteristics differentiated by:
– Topology– Protocols– Media
Copyright © 2003, Juniper Networks, Inc.
Wide-Area Networks
A computer network that spans a large geographical area
WANs interconnect LANs Computers connected to WAN through public
telephone system, leased lines, or wireless connection The Internet consists of many WANs and WAN links
Copyright © 2003, Juniper Networks, Inc.
Intermediate Internetworking Devices
Bridges– Connect multiple LAN segments to form a larger LAN
Usually the same media type
– Bridges forward broadcasts by default
Routers– Connect multiple LANs but maintain LAN boundaries– Connect LANs across WAN links
LAN and WAN links may be different media types
– Implement logical network structure (e.g., IP networks)– Routers block broadcasts by default
Switches– High-speed multi-port bridges with many ports– Many implement Virtual LANs (VLANs)
Copyright © 2003, Juniper Networks, Inc.
Routing on a TCP/IP Network
Network 2
192.168.2.0
Network 1
192.168.1.0
Copyright © 2003, Juniper Networks, Inc.
Role of IP and the IP Address
Application
TCP/UDP
IP Address X
Application
Network-Dependent Network-Dependent
TCP/UDP
Internet (IP)IP Protocol IP Protocol
End-to-End Delivery
IP Address Y
Copyright © 2003, Juniper Networks, Inc.
Format of the IP Address
IP address is a 32-bit numeric address Written as four numbers separated by periods:
– ‘Dotted Quad’ notation for human convenience– Examples
10.0.15.1
172.20.10.24
192.168.94.122
The IP address is used to identify a particular network and host on that network
– Must be globally unique (with some exceptions)
Copyright © 2003, Juniper Networks, Inc.
Relationship of the IP Address to the Hardware Address
Application
Presentation
Session
Transport
Network
MAC
Physical
OSI Reference Model
7
6
5
4
3
2
1
LLC
802.3CSMA/CD
802.4Token Bus
802.5Token Ring
802.2 Logical Link Control
IP Address
Copyright © 2003, Juniper Networks, Inc.
Mapping Address Layers: ARP
Address Resolution Protocol (ARP) maps an IP address to a physical MAC address
– Host broadcasts an ARP request to obtain a physical address
IP: 192.168.2.1
MAC: 0000.2222.1111
IP: 192.168.2.23
MAC: 0000.2222.2323
IP: 192.168.2.2
MAC: 0000.2222.2222
IP: 192.168.2.11
MAC: 0000.2222.0011
IP: 192.168.2.43
MAC: 0000.2222.4343
(1) Requester sends BROADCAST ARP_REQUEST (MAC dest = ffff.ffff.ffff, target
IP = 192.168.2.23)
(2) ALL hosts read ARP_REQUEST, but do not
respond if they’re not the
target
(3) Target host responds to requester via UNICAST (192.168.2.23 maps to MAC 0000.2222.2323, MAC dest =
0000.2222.1111)
(4) Requester stores the mapping in local ARP cache and can now communicate
directly with target
Copyright © 2003, Juniper Networks, Inc.
Logical Network Types
Broadcast
– Multiple sources and destinations "on the wire"
– One packet can be read by many receivers
– Typical for LANs– Example: Ethernet
Point-to-Point
– Two ends/"stations"– Typical for WANs– Example: T1
Router A Router B
Copyright © 2003, Juniper Networks, Inc.
Review Questions
1. How does a router differ from a bridge?
2. What is ARP?
3. What are two types of Logical Networks?
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Juniper NetworksNetworking Essentials
Module 2: IP Addressing
.
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you will be able to:
– Create IP addresses in binary notation and decimal format, and identify the corresponding address classes
– Define subnetting and subnet masks, and create effective subnets for a given network
– Define classless interdomain routing (CIDR), and aggregate a given range of network addresses to the highest degree possible
Copyright © 2003, Juniper Networks, Inc.
Importance of IP Addressing
Unique addresses make information delivery systems work
– Telephone numbers– Postal addresses
IP addressing scheme integral to process of routing IP data through an internetwork
Two major Internet scaling issues:– IPv4 address space depletion– Routing traffic given increasing number of networks that
make up the Internet
Copyright © 2003, Juniper Networks, Inc.
Classful IP Addressing
Original Classful IP addressing defines a 32-bit IP address
Two-part Internet address structure
Network Part Host Part
32-Bit IP Address
Copyright © 2003, Juniper Networks, Inc.
Binary Overview
7 6 5 4 3 2 1 0 Bit position
27 26 25 24 23 22 21 20 2^(bit position)
128
64
32
16
8 4 2 1 Decimal value
1 0 0 1 1 0 1 0 128+16+8+2=154
0 0 0 1 0 1 1 1 16+4+2+1=23
1 1 1 0 1 0 0 0 128+64+32+8=232
0 1 0 0 0 0 0 1 64+1=65
1 1 1 1 1 1 1 1 128+64+32+16+8+4+2+1=255
1 0 1 0 1 1 0 0 128+32+8+4=172
Copyright © 2003, Juniper Networks, Inc.
Primary Address Classes
Host
8
Host
16
Host
24
Host
HostHostNetwork
Network
NetworkNetwork
0
Network01 1
Network01
128 64 32 16 8 4 2 1
24
16
8
Class A
Class B
Class C
No. of bits
Copyright © 2003, Juniper Networks, Inc.
Dotted Decimal Notation
10101100 00010000 00100011 00001000
31 0Bit#
172 16 35 8
172.16.35.8
. . .
Copyright © 2003, Juniper Networks, Inc.
High-Order Bits
Class addresses specified by the high-order bits:
Class High-Order Bits
Class A 0
Class B 10
Class C 110
IP Address 192.168.21.40 is a Class C address:
11000000.10101000.00010101.00101000
Copyright © 2003, Juniper Networks, Inc.
First Octet Rule
Class determined by location of first 0 in binary address:
Class First Octet Range
Class A 00000001 – 01111110 (Binary)
1 – 126* (Decimal)
Class B 10000000 – 10111111
128 – 191
Class C 11000000 – 11011111
192 – 223 *0 and 127 reserved
Copyright © 2003, Juniper Networks, Inc.
First Octet Rule Examples
Address Class
172. 18.192.3410101100.00010010.11000000.00100010
B
10.155.128.200001010.10011011.10000000.00000010
A
192.12.3.4211000000.00001100.00000011.00101010
C
Copyright © 2003, Juniper Networks, Inc.
Default Masks
Identify the location of the network part (1s) and host part (0s) of an address
Class A 11111111.00000000.00000000.00000000
255 . 0 . 0 . 0
Class B 11111111.11111111.00000000.00000000
255 . 255 . 0 . 0
Class C 11111111.11111111.11111111.00000000
255 . 255 . 255 . 0
Copyright © 2003, Juniper Networks, Inc.
Reserved Addresses
Network Address: all host bits are binary 0– 10.0.0.0– 172.23.0.0– 192.168.14.0
Broadcast Address: all host bits are binary 1– 10.255.255.255– 172.23.255.255– 192.168.14.255
Copyright © 2003, Juniper Networks, Inc.
IPv4 Address Management Issues
Central authority: IANA Inefficient allocation of limited address space IPv4 32-bit address space Address allocations based on organizations requests
rather than actual need Early depletion of Class B addresses
Copyright © 2003, Juniper Networks, Inc.
IP Subnetting
All Classful IP addresses can be divided into smaller networks called subnets
HostHostNetworkNetwork01
Class B Address: Before Subnetting
HostSubnetNetworkNetwork01
Class B Address: After Subnetting
Copyright © 2003, Juniper Networks, Inc.
Problems Solved with Subnetting
Provides network administrators with extra flexibility Provides more efficient use of network address
utilization Contains broadcast traffic; broadcast will not cross a
router Subnets under local administrator control External users and organizations see only single
network
Copyright © 2003, Juniper Networks, Inc.
Subnet Mask
HostSubnetNetworkNetwork
Example subnet mask for Class B address
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0BinaryRepresentation
Dotted DecimalRepresentation
255 255 255 0...
Copyright © 2003, Juniper Networks, Inc.
Subnet Example 1
Assigned Network Number: 172.25.0.0/16 Create 256 subnets
– 172.25.0.0/24– 172.25.1.0/24– 172.25.2.0/24– 172.25.3.0/24– .– .– .– 172.25.255.0/24
Copyright © 2003, Juniper Networks, Inc.
Subnet Example 2
Assigned Network Number: 192.168.1.0/24 Create 4 subnets
– 192.168.1.0/26– 192.168.1.64/26– 192.168.1.128/26– 192.168.1.192/26
Copyright © 2003, Juniper Networks, Inc.
Subnet Example 3
Assigned Network Number: 10.0.0.0/11 Create 8 subnets
– 10.0.0.0/11– 10.32.0.0/11– 10.64.0.0/11– 10.96.0.0/11– 10.128.0.0/11– 10.160.0.0/11– 10.192.0.0/11– 10.224.0.0/11
Copyright © 2003, Juniper Networks, Inc.
Growth of the Internet
The Internet is today’s largest public data network Connects millions of users worldwide Ongoing technical advancements in networking
hardware contribute to growth Increasing number of networks over the past decade
Copyright © 2003, Juniper Networks, Inc.
Growth of Internet Routing Tables
Caused by Internet expansion Backbone routers must maintain complete Internet
routing information Additional factors include:
– Increased CPU processing speed for routing table topology updates
– Dynamic nature of today’s WWW– Increased volume of diverse information
IP Next Generation (IPv6)– Long-term solution, but deployment is limited
IPv4 modified to allow continued growth
Copyright © 2003, Juniper Networks, Inc.
Classless Inter-Domain Routing
CIDR ignores the concept of Network Address Classes Reduces the amount of route advertisements
No CIDR
192.168.65 /24
CIDR
192.168.64 /22
192.168.64.0
.65.0
.66.0
.67.0
192.168.66 /24192.168.67 /24
192.168.64 /24
Copyright © 2003, Juniper Networks, Inc.
Implications of CIDR on the Router
CIDR officially documented in 1993 CIDR supports following important features that benefit
global Internet routing system:– Ignores traditional concept of Class A, B, and C network
addresses– Supports route aggregation where single routing table entry
can represent address space of thousands of traditional classful routes
Copyright © 2003, Juniper Networks, Inc.
CIDR Address Allocation Example
Allocate variable-length blocks from 192.168.16/20
Block#1
192.168.16.0/21
192.168.30.0/23
192.168.28.0/23
192.168.24.0/22
Block#2
Block#3
Block#4
Copyright © 2003, Juniper Networks, Inc.
CIDR Routing in a Classless Environment
ISP 1
Internet
Organization 2172.25.24.0/22
ISP 2
192.168.0.0/16
172.16.0.0/16
Organization 1172.25.16.0/21
Organization 4172.25.30.0/23
Organization 3172.25.28.0/23
Copyright © 2003, Juniper Networks, Inc.
JUNOS Support for CIDR
JUNOS supports CIDR Defined in RFC 1519, Classless Inter-Domain Routing
(CIDR): An Address Assignment and Aggregation Strategy
Copyright © 2003, Juniper Networks, Inc.
Private IP Addresses (RFC 1918)
Sustained growth in TCP/IP technology Increasing number of enterprises use TCP/IP for intra-
enterprise communications only Concerns:
– Limited global address space– Routing overhead increasing beyond capabilities of ISPs
RFC1918 allows enterprises and ISPs to use specific address space so long as it is not advertised back out to the Internet
– 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 ISPs continue to obtain blocks of public address space
from address registry and assign customers addresses from within block based on customer requirement
Copyright © 2003, Juniper Networks, Inc.
Review Questions
1. To select IP addresses for an ISP, where would you begin?
2. How are subnets implemented on an IP network?
3. When would you implement CIDR on an IP network?
4. What is the purpose of Private Addressing and how is it useful?
Copyright © 2003, Juniper Networks, Inc.
Lab 1: IP Subnetting
Note: Various Junos CLI commands will be used during this lab that have not yet been discussed. All CLI commands will be fully explained in the sunsequent sections.
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Juniper NetworksNetworking Essentials
Module 3: Router Basics
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you should be able to:
– Describe the function of a router and explain how a router works to route packets on a network
– Explain the concepts of routing metrics and route selection on an Internet network
Copyright © 2003, Juniper Networks, Inc.
What Is Routing?
Act of moving information across logical path from a source to a destination
Routers – Determine the best routing paths – Transport information groups, or packets, through an
internetwork
Routers vs. bridges and switches– Bridges and switches operate at Layer 2, the Data Link layer– Routers operate at Layer 3 (the Network layer)
Copyright © 2003, Juniper Networks, Inc.
Basic Router Functions
Route determination/topology awareness– Routes are learned and recorded in the route table– Selection criteria are applied to determine the preferred route
or routes to each destination– The preferred routes are recorded in the forwarding table
Packet forwarding– Incoming packets are switched to outgoing interfaces based
on the forwarding table entries
Copyright © 2003, Juniper Networks, Inc.
How Routers Operate
Network Access LayerIdentifies bits on the mediumat router interfaces
Internetwork LayerFrames are switched from one interface to another, based on packet information
Host-to-Host Transport Layer
Transmit bits of the frame
Encapsulate frames(such as Ethernet)
Select interface towhich to sendencapsulated frames
Application LayerConsists of applications andprocesses that use the network
4
3
2
1
Copyright © 2003, Juniper Networks, Inc.
Packet Processing
1. Receive packet, check L2 info.
2. Read L3 header to determine destination address.
3. Perform longest-match lookup for L3 destination in forwarding table and select the appropriate outbound physical interface.
4. Encapsulate the packet with the appropriate L2 header/trailer and transmit.
5. GO TO STEP 1: Receiving router does it all over again.…
Packet
(1) Inbound:
• Receive bits
• Detect frame
• Removeencapsulation
(2) IP lookup (3) Select outbound interface
(4) Outbound:
• Re-encapsulate
• Transmit bits
Copyright © 2003, Juniper Networks, Inc.
IP Packet Format
Router readsdestinationaddress to determinehow to route the packet
VERSION IHL TOTAL LENGTH
IDENTIFICATION FLAGS FRAGMENT OFFSET
TIME-TO-LIVE PROTOCOL HEADER CHECKSUM
SOURCE ADDRESS
DESTINATION ADDRESS
OPTIONS (+ PADDING)
32 BITS
DATA (VARIABLE)
TYPE-OF-SERVICE
Copyright © 2003, Juniper Networks, Inc.
IP Addresses Determine Route Destination
What is the longest-match prefix for this packet?
Network Host Host HostClass A
24
Network Network Host HostClass B
16
Network Network Network HostClass C
8
14
21
No. Bits 7
0
1 0
1 1 0
1248163264128
Copyright © 2003, Juniper Networks, Inc.
Selecting Routes for Forwarding
Routing updatesStatic routesLocal addresses
RoutingTable
RoutingTable
Policy
ForwardingTable
ForwardingTable
YesBestRoutes
Copyright © 2003, Juniper Networks, Inc.
Routing Tables
Packet’s destination address is for:– One of the router’s interfaces or a broadcast address
Packet is for an internal router process
– Any other known address Packet must be routed
– Unknown address Look for default route. If none exists, packet is dropped
Packet In Packet Out
Copyright © 2003, Juniper Networks, Inc.
Contents of a Routing Table
Minimum contents of routing table:– Destination prefix– Next-hop IP address
The next router downstream, closer to the destination
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.21.0/24 *[Direct/0] 17:48:31 > via GigE0.0
10.0.21.2/32 *[Local/0] 17:48:31 Local
10.0.29.0/24 *[Direct/0] 17:48:31 > via GigE1.0
10.0.29.1/32 *[Local/0] 17:48:31 Local
192.168.16.0/24 *[RIP/100] 00:03:45 > to 10.0.21.1 via fxp0.0
192.168.17.0/24 *[RIP/100] 00:03:45 > to 10.0.21.1 via fxp0.0
192.168.28.0/24 *[Static/5] 16:48:05 Discard
192.168.29.0/24 *[Static/5] 16:48:05 Discard
Copyright © 2003, Juniper Networks, Inc.
Populating a Routing Table
Static and default routes– Specific prefixes not learned via a protocol– Default used when a partial match cannot be made
Dynamic routing protocols– Routers communicate reachability information
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.21.0/24 *[Direct/0] 01:00:31 > via GigE0.0
10.0.21.2/32 *[Local/0] 01:00:31 Local
10.0.29.0/24 *[Direct/0] 01:00:31 > via GigE1.0
10.0.29.1/32 *[Local/0] 01:00:31 Local
192.168.16.0/24 *[RIP/100] 00:03:45 > to 10.0.21.1 via GigE0.0
Copyright © 2003, Juniper Networks, Inc.
Route Selection
Route selection is based on:– Longest, or most specific, match– Preferences, for different protocols– Routing metrics, for same protocol
Given multiple routes to a destination, the router must select the best route
Load balancing may be considered
Copyright © 2003, Juniper Networks, Inc.
Route Selection: Longest Match
Most specific address is matched:– Host route– Subnet– Summary route, or group of subnets– Major network number– Supernet, or group of major networks– Default address
Copyright © 2003, Juniper Networks, Inc.
Route Selection: Preference
Routing protocol processes calculate the active route from all routes in the routing table
Preference routes are placed in the forwarding table The active route is the route with the lowest preference
value– Preference is a value in the range of 0 through 255– Preference is used to rank routes received from different
protocols, interfaces, or remote systems
Identifies the believability of a source in determining best route
Copyright © 2003, Juniper Networks, Inc.
Route Selection: Routing Metrics
Routing metrics are generally a measurement of cost or overhead
Metrics are protocol-specific– Used to determine the best route for a single protocol– Don’t compare metrics from different routing protocols—
apples vs. oranges
Copyright © 2003, Juniper Networks, Inc.
Forwarding Table
[email protected]> show route forwarding-table
Internet:
Destination Type RtRef Nexthop Type Index NhRef Netif
10.100.71.0/24 user 0 10.100.67.254 ucst 18 74212 GigE0.0
10.100.71.224/27 user 2 10.100.67.254 ucst 18 74212 GigE0.0
10.250.1.36/30 intf 0 ff.3.0.21 ucst 27 1 so-2/0/0.0
10.250.1.37/32 intf 0 10.250.1.37 locl 26 1
10.250.1.103/32 dest 0 10.250.1.103 bcst 37 1 ge-7/2/0.0
---(more)---
[email protected]> show route forwarding-table
Internet:
Destination Type RtRef Nexthop Type Index NhRef Netif
10.100.71.0/24 user 0 10.100.67.254 ucst 18 74212 GigE0.0
10.100.71.224/27 user 2 10.100.67.254 ucst 18 74212 GigE0.0
10.250.1.36/30 intf 0 ff.3.0.21 ucst 27 1 so-2/0/0.0
10.250.1.37/32 intf 0 10.250.1.37 locl 26 1
10.250.1.103/32 dest 0 10.250.1.103 bcst 37 1 ge-7/2/0.0
---(more)---
Copyright © 2003, Juniper Networks, Inc.
Metrics
Possible routing metrics include:– Hop count– Composite index/metric
Bandwidth: Amount of data that can be transmitted in a fixed amount of time
Delay: Transit latency of path
Common practice is to link bandwidth as a measure of cost, like a toll for the router
Path metrics are calculated by adding the interface metrics along the path
Copyright © 2003, Juniper Networks, Inc.
Review Questions
1. What functions does a router perform?
2. What functions does a routing algorithm perform?
3. What is the relationship between a routing table and a forwarding table?
4. What factors affect how a router makes a route selection?
5. What is a metric and how does a router use metrics to make routing decisions?
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Introduction to Juniper Networks Routers
Module 4: M-series and T-series Product Overview
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you will be able to:
– Match Juniper Networks, Inc. products with typical applications in a service provider network
– Describe the architecture of Juniper Networks M-series and T-series platforms
– Describe the function of the RE, FPCs, PICs, System, and Control boards
– Operate the Craft Interface– Describe packet flow through M-series and T-series platforms – List three characteristics of JUNOS software
Copyright © 2003, Juniper Networks, Inc.
Juniper Networks Role in the Internet
Where we are going…– Networking hardware evolution– Juniper Networks: the company– Juniper Networks M-series and T-series platforms overview
M5/M10 and the M7i/M10i routers
M20 router
M40 router
M40e router
M160 router
T640 Internet routing node
T320 router
M320 Router
Copyright © 2003, Juniper Networks, Inc.
Networking Hardware Evolution The first routers were general-purpose computers
– Single CPU, RAM, monolithic operating system – Low-speed serial interfaces
Networking advancements:– More PCs attached to networks – Increased application bandwidth consumption– Increased transmission speeds – Single-CPU router architecture could not keep up!
Juniper Networks broke tradition with: – Specialized operating system
Protected memory, multi-tasking
– Hardware-based packet forwarding Juniper Networks M-series and T-series routers implement key functions on
ASICs
Separation of two equally complex problems—Internet control and high-performance packet forwarding
Copyright © 2003, Juniper Networks, Inc.
Juniper Networks: The Company
Business:– Converts bandwidth into scalable, differentiable IP services
using a new class of integrated silicon- and software-based routing systems
Juniper Networks sells solutions, not just routers
Mission:– To be the primary supplier of scalable, reliable,
high-performance IP systems for the new IP infrastructure
Market:– Supplies systems to numerous worldwide markets that
provide high-speed IP services in both the core and edge environments
Copyright © 2003, Juniper Networks, Inc.
Juniper Networks Product Positioning
PSTN/PSTN/MobileMobile M-series/T-series
Platforms
Small/Medium Enterprise
SOHO/ROBO Large Enterprise
Education
Service ProviderNetworkConsumer
Edge: B-RAS(E-series Routers)
Business Edge(E-series/M-series
Routers)
ResidentialResidential
Core
Copyright © 2003, Juniper Networks, Inc.
Series of high-performance broadband remote access servers (B-RAS)
– The result of Unisphere acquisition in mid-2002
E-series edge router operation and configuration is covered in various E-series router-specific class offerings
– See http://www.juniper.net/training for details
The E-series Family of Edge Routers
ERX-700
ERX-1440
ERX-310
Copyright © 2003, Juniper Networks, Inc.
M-series and T-series Product Line (1 of 2) Family of router platforms that deliver:
– Industry-leading core and dedicated-access platforms Solutions that scale in multiple dimensions with market-leading port
density
– Flexible and manageable traffic control– High reliability features
March 2000Dec. 1999
M40Router M20
Router
M160 Router
Sep. 2000
M5/M10Routers
Forwarding Performanceper Rack Inch
Sep. 1998
. . .
Copyright © 2003, Juniper Networks, Inc.
M-series and T-series Product Line (2 of 2)
Common software image/feature set across all platforms!
A Continuing Historyof Rapid Innovation
A Continuing Historyof Rapid Innovation
Feb. 2002
M40eRouter
Sept. 2003
T640 InternetRouting Node
T320 Router
August 2002
. . .
Dec. 2001
M7i
M10i
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
M-series and T-series Hardware Overview
Where we are going…– General M-series and T-series platform architecture– Hardware overview
Routing Engine
Packet Forwarding Engine (M-series and T-series)
– The Craft Interface– Field Replaceable Units (FRUs)– Summary of platform characteristics
Copyright © 2003, Juniper Networks, Inc.
All M-series and T-series platforms share the same basic design philosophy
– Clean separation of control and forwarding Routing Engine maintains routing table (RT) and primary
copy of forwarding table (FT) Packet Forwarding Engine receives FT from Routing
Engine
Separation of Control and Forwarding
Packet Forwarding Engine
Routing Engine
fxp1
Packets In Packets Out
FT RT
FT
JUNOSSoftwareCLI
Copyright © 2003, Juniper Networks, Inc.
Routing Engine Overview
JUNOS software resides in flash memory– Backup copy available on hard drive
Provides forwarding table to the Packet Forwarding Engine
– Not directly involved with packet forwarding– Runs various routing protocols
Implements CLI Manages Packet Forwarding Engine
Copyright © 2003, Juniper Networks, Inc.
Current Routing Engine Characteristics
PCMCIAflash card/LS-120*
External media
6.4+ GBHard disk storage
80 MBSolid state
flash storage
768 MBMemory
Pentium III/333 MHzProcessor/clock
RE-333
Fe
atu
re
* The M40 router continues to use the original LS-120 drive for external storage regardless of RE model.
Supported PlatformsOriginally shipped
on: M5/10/20/40/40e, and M160
RE-400
20 GB
256 MB
(Optional)
256, 512, 768 MB
Celeron/400 MHz
PCMCIAflash card
(Optional)
M7i/M10i Only
RE Model
RE-600
30+ GB
128 MB/256 MB
512, 2 GB
Pentium III/600 MHz
PCMCIAflash card/LS-120*
All M-seriesand T-series except
M7i/M10i
Copyright © 2003, Juniper Networks, Inc.
Packet Forwarding Engine Overview
Custom ASICs implement forwarding path– No process switching– Value-added services and features implemented in hardware
Multicast
CoS/queuing
Firewall filtering
Accounting
Divide-and-conquer architecture– Each ASIC provides a piece of the forwarding puzzle
Copyright © 2003, Juniper Networks, Inc.
PFE Components: M-series Physical Interface Cards (PICs) Flexible PIC Concentrators (FPCs) The system midplane For M5/M10, M7i/M10i, M20, and M40
– System Control M5/M10 and M7i /M10i routers—Forwarding Engine Board/Compact
Forwarding Engine Board, combined FPC and System Control Board
M20 router—System Switching Board (SSB)
M40 router—System Control Board (SCB)
For M40e and M160– Switching and Forwarding Module (SFM)– Miscellaneous Control Subsystem (MCS)– Packet Forwarding Engine Clock Generator
Copyright © 2003, Juniper Networks, Inc.
PFE Components: T-series Physical Interface Cards (PICs) T-series FPCs contain one or two PFE complexes
– PFEs interface to other PFEs through the T-series switch fabric
Nonblocking crossbar switch matrix with high-speed lines to each FPC
Switch fabric redundancy
Switching between PFEs performed by Switch Interface Boards (SIBs)
– Three SIBs comprise a T320 switch fabric—two active, one spare
– Five SIBS comprise the T640 switch fabric—four active, one spare
The system midplane
Copyright © 2003, Juniper Networks, Inc.
Physical Interface Cards
PICs currently support from 0 to 48 physical ports
– Some PICs support channelized and advanced CoS options
– IP Service PICs (Tunnel, Multilink, Monitoring, etc.)
Services PIC normally have no physical ports
Custom ASIC for each media type
Status indicators Hot-swappable on all
platforms except M20 and M40 routers
Physical Interface
Card (PIC)
PIC
PIC
PIC
FPC
Sw
itch
Fab
ric
Mem
ory
ASIC
Copyright © 2003, Juniper Networks, Inc.
The Flexible PIC Concentrator General FPC features
– Supports from 1 to 4 PICs– Hot-swappable on most platforms– PowerPC supervisory processor
Not used for packet forwarding
– From 64 MB to 1.2 GB of memory Pooled to create shared memory
switch fabric on M-series platforms
High aggregate throughput rates*– M5/M10, M7i/M10i, M20, M40, and
M40e routers: 6.4 Gbps per FPC– M160 router: 25.6 Gbps per FPC2– T640 Internet Routing Node: 80+
Gbps with FPC3– T320 router: 40+ Gbps with FPC3
ASIC
FPC
PIC
PIC
PIC
PIC
Sw
itch
Fab
ric
Mem
ory
* The numbers quoted are two times the unidirectional (Simplex) capacity of each FPC.
Copyright © 2003, Juniper Networks, Inc.
M-series System Boards
General System Board functions:– Forwarding table updates and route lookups– Management of ASICs and PFE hardware components– Environmental monitoring– Stratum 3 SONET clock generation– Handling exception/control packets
Names vary by platform– M5 and M10—FEB– M20 and M40—SSB and SCB– M7i and M10i—CFEB
Enhanced System Boards feature the second generation Internet Processor II ASIC
Copyright © 2003, Juniper Networks, Inc.
Control Boards: M-series and T-series
General Control Board functions:– Component power up/down– Handling hardware faults– Controlling redundancy– Environmental monitoring– Distribution/generation of SONET clocking
M160/M40e control– Control provided by Miscellaneous Control Subsystem
(MCS); paired with a Routing Engine to form a Host Module Host Module redundancy supported
T640/T320 control– Control provided by Control Board (CB); the CB is paired with
a Routing Engine to form a Host Subsystem Host Subsystem redundancy supported
Copyright © 2003, Juniper Networks, Inc.
Internet Processor II ASIC
The Internet Processor II– Provides industry-leading performance for longest-match
packet lookup– Numerous packet processing features:
Filtering, sampling, logging, counting, and improved load balancing
– Second generation Internet Processor II available on enhanced system boards
Copyright © 2003, Juniper Networks, Inc.
System Midplane Examples
M10 System midplane:– FEB contains built-in FPCs,
eight PIC slots
M40e, M160, T640, and T320 System midplane
– Connector Interface Panel (CIP), eight FPC slots
M20 System midplane– System Switching Board
slots, Craft Interface slot, four FPC slots
1
0
0 1 2 3 4 5 6 7
Co
nn
ec
tor In
terfa
ce
Pa
ne
l
3
2
1
0
Craft Interface
Primary SSB
Secondary SSB
Copyright © 2003, Juniper Networks, Inc.
The Craft Interface
Craft Interface overview– LCD display (M40, M40e, M160, T640, and T320 routers only)– FPC online/offline buttons (M20, M40, M40e, M160, T640,
and T320 platforms)– PIC online/offline buttons (M5/M10 and M7i/M10i routers)– Status LEDs
A Typical Craft Interface Panel (T320)
Copyright © 2003, Juniper Networks, Inc.
Craft Interface Status LEDs Status LEDs
– OK Blinking = starting
Solid = running
– FAIL Solid = taken offline because of failure
Online/offline buttons– Press and hold for three seconds to take FPC (or PIC) offline
Copyright © 2003, Juniper Networks, Inc.
Alarm Indications
Red alarm– Major failure that affects service/safety
Yellow alarm– Minor failure that needs attention but does not affect
service
Copyright © 2003, Juniper Networks, Inc.
LCD Display LCD display is available on M40, M160, T640, and T320 platforms only
– Displays general system status when no alarms are present– Displays alarm information when alarms are present
Identifies the total number and types of alarms that are active
– Currently, the navigation buttons are only used to obtain the status of certain PICs
Copyright © 2003, Juniper Networks, Inc.
Dry Relay Contacts Activated with first alarm
– Yellow and red alarms Can be disabled with ACO/LT button on Craft
Interface– New alarms reactivate relay– Alarm contacts supported on M20, M40, M40e,
M160, and T-series platforms Relay contacts located on the Craft Interface or
Connector Interface panel
Copyright © 2003, Juniper Networks, Inc.
Typical Router Components (T640)
Front Back
Copyright © 2003, Juniper Networks, Inc.
M160Router
M40eRouter
M5Router
M10Router
M40Router
M20Router
M7iRouter
M10iRouter
2 per rack
DC Only
8/32
25.6 Gbps
204 Gbps (160
Mpps)
2 per rack
AC/DC
8/32
6.4 Gbps
51.2 Gbps (40 Mpps)
15 per rack
AC/DC
1/4
6.4 Gbps
6.4 Gbps (40 Mpps)
15 per rack
AC/DC
2/8
6.4 Gbps
12.8 Gbps (40 Mpps)
2 per rack
AC/DC
8/32
6.4 Gbps
51.2 Gbps (40 Mpps)
5 per rack
AC/DC
4/16
6.4 Gbps
25.6 Gbps (40 Mpps)
21 per rack
AC/DC
1/6 (2 built-in PICs)
6.4 Gbps
9.4 Gbps (8 Mpps)
8 per rack
AC/DC
2/8
6.4 Gbps
12.8 Gbps (16 Mpps)
Product Comparison: M-series
Units per Rack
Power
Slots/PICs
Slot Throughput (Aggregate)
Chassis Throughput (Aggregate)
Feature
Platform
RE/Control Redundancy
Weight (Max)
No No Yes No Yes Yes
61 Lbs/27.7 Kg
36.5 Lbs/16.6Kg
65 Lbs/29.5 Kg
150 Lbs/68 Kg
280 Lbs/127 Kg
370.5 Lbs/168 Kg
370.5 Lbs/168 Kg
65 Lbs/29.5 Kg
No Yes
* Numbers quoted are two times the unidirectional (simplex) capacity for each FPC or chassis.
Copyright © 2003, Juniper Networks, Inc.
3 per
rack
Product Comparison: T-series
2 per
rack
DC only
8/32
FPC3 = 80+
Gbps
FPC 2 and 3
640+ Gbps (640 Mpps)
T640 Internet Routing Node
Units Per Rack
Power
Slots/PICS
Slot Throughput (Aggregate)
Chassis Throughput (Aggregate)
Feature T320Router
320+ Gbps (320 Mpps)
8/16
FPC3 = 40+
Gbps
FPC 1, 2, and 3
DC only
Platform
Weight (typical)
RE/Control Redundancy
Yes Yes
565Lbs/256.28Kg369.9
Lbs/167.78Kg
* Numbers quoted are two times the unidirectional (simplex) capacity for each FPC or chassis.
Copyright © 2003, Juniper Networks, Inc.
PICs
Where we are going…– Listing of common PICs– 4-port and 48-port Fast Ethernet, 2-port STM1/OC3c ATM, and
OC-192c
Copyright © 2003, Juniper Networks, Inc.
Common PICs Basic
– ATM– Channelized OC-12, STM1, DS3– DS-3, 4 port– T1, E1, T3, E3– Fast Ethernet– Gigabit Ethernet, 10 Gigabit Ethernet– SONET/SDH
IP Services – Tunnel Services, Encryption Services, Link Services,
Multilink Services, Monitoring services, and Adaptive Services PIC (ASP)
Services (Q Performance Processor)– Channelized Services (E1, DS3, STM1, and OC12)– ATM Services (ATM-2)– Ethernet Services
Copyright © 2003, Juniper Networks, Inc.
PIC Examples
4-port Fast Ethernet (M5/M10) 48-port Fast Ethernet (M40e)
2-port STM1/OC3 ATM (M20/M40) Quad-wide STM-64/OC192c (M160)
Copyright © 2003, Juniper Networks, Inc.
M-series ASICs and Packet Flow
Where we are going…– The M-series Packet Forwarding Engine
PIC Controller ASIC
I/O Manager ASIC
Distributed Buffer Management ASIC
Internet Processor II
– M-series packet flow
Copyright © 2003, Juniper Networks, Inc.
M-series ASICs
Internet Processor II
ForwardingTable
Buffer Manager 1
Buffer Manager 2
I/OManager
I/OManager
I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
FPC
PICs
M-series System Board (For example, SSB, SFM)
MEM
MEM
MEM
PIC I/OManager
PIC I/OManager
Copyright © 2003, Juniper Networks, Inc.
Internet Processor II
ForwardingTable
Buffer Manager 1
Buffer Manager 2
I/OManager
I/OManager
I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
FPC
PICs
Packet Forwarding Engine System
Controller(SSB, SFM, etc.)
MEM
MEM
MEM
PIC I/OManager
PIC I/OManager
M-series Packet Flow (1 of 5)
PIC I/O ASIC– Connects to FPC I/O ASIC– Manages physical-layer
framing and bit-stream signaling
– Detects link-layer errors (CRC)
– Generates data link-layer alarms
PIC I/O ASIC– Connects to FPC I/O ASIC– Manages physical-layer
framing and bit-stream signaling
– Detects link-layer errors (CRC)
– Generates data link-layer alarms
Data
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
MEM
M-series Packet Flow (2 of 5)
Internet Processor II
ForwardingTable
Buffer Manager 1
Buffer Manager 2
I/OManager
I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
FPC
PICs
Packet Forwarding Engine System Controller
(For example, SSB and SFM)
MEM
MEM
PIC I/OManager
PIC I/OManager
I/O Manager ASIC– Decodes Layer 2
encapsulation– Identifies protocol and
checks Layer 3 header validity
– Classifies traffic for CoS– Chops incoming packets
into 64-bytechunks (J-cells)
– Sends J-cells to Buffer Manager 1 ASIC
– Confirms packet integrity
I/O Manager ASIC– Decodes Layer 2
encapsulation– Identifies protocol and
checks Layer 3 header validity
– Classifies traffic for CoS– Chops incoming packets
into 64-bytechunks (J-cells)
– Sends J-cells to Buffer Manager 1 ASIC
– Confirms packet integrity
I/OManager
Copyright © 2003, Juniper Networks, Inc.
MEM
Internet Processor II
ForwardingTable
Buffer Manager 1
I/OManager
I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
FPC
PICs
Packet Forwarding Engine System Controller
(For example, SSB and SFM)
MEM
MEM
PIC I/OManager
PIC I/OManager
I/OManager
M-series Packet Flow (3 of 5)
Distributed Buffer Manager ASICs– Manage packet memory shared across FPC slots – Extract address information from packets– Direct FPCs where to forward packets
Distributed Buffer Manager ASICs– Manage packet memory shared across FPC slots – Extract address information from packets– Direct FPCs where to forward packets
Data
Notification
KeyBuffer
Manager 2
Copyright © 2003, Juniper Networks, Inc.
FPC
Packet Forwarding Engine System Controller
(For example, SSB and SFM)
MEM
Internet Processor II
ForwardingTable
Buffer Manager 1
Buffer Manager 2
I/OManager
I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PICs
MEM
MEM
PIC I/OManager
PIC I/OManager
I/OManager
M-series Packet Flow (4 of 5)
Internet Processor II ASIC– Extracts next-hop
information from system forwarding table
– Passes modified notification (next-hop information added) to Buffer Manager 2 ASIC
– Applies packet filtering and policy rules
– Collects exception packets for queuing to Routing Engine
Internet Processor II ASIC– Extracts next-hop
information from system forwarding table
– Passes modified notification (next-hop information added) to Buffer Manager 2 ASIC
– Applies packet filtering and policy rules
– Collects exception packets for queuing to Routing Engine
Data
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
MEM
Internet Processor II
ForwardingTable
Buffer Manager 1
Buffer Manager 2
I/OManager
I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
PIC I/OManager
FPC
PICs
Packet Forwarding Engine System
Controller(SSB, SFM, etc.)
MEM
MEM
PIC I/OManager
PIC I/OManager
I/OManager
M-series Packet Flow (5 of 5)
I/O Manager ASIC– Receives 64-byte
chunks from Buffer Manager 2 ASIC
– Adjusts any required protocol time-to-live values
– Encapsulates chunks inside appropriate data link layer header
– Sends to PIC I/O Manager ASIC for transmission
I/O Manager ASIC– Receives 64-byte
chunks from Buffer Manager 2 ASIC
– Adjusts any required protocol time-to-live values
– Encapsulates chunks inside appropriate data link layer header
– Sends to PIC I/O Manager ASIC for transmission
Data
Notification
Key
PIC I/OManager
Copyright © 2003, Juniper Networks, Inc.
ASIC Functionality and Packet Flow
Where we are going…– The T-series Packet Forwarding Engine
PIC Controller ASIC
Layer 2/Layer 3 Packet Processing ASIC
Switch Interface ASIC
Queuing and Memory Interface ASIC
Internet Processor II
– T-series switch fabric overview– T-series packet flow
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Forwarding Engine
Each T-series PFE consists of:– One or more media-specific PIC ASIC
Handles physical layer signaling, alarms, and CRC processing
– Layer 2/Layer 3 Packet Processing ASIC Provides Link layer encapsulation and decapsulation
Manages division and reassembly of packets into J-cells
– Queuing and Memory Interface ASICs Manage data cell memory buffering
Manage notification queuing
– Internet Processor II ASIC Performs route lookups in forwarding table
– Switch Interface ASICs Extract route lookup keys
Manage cell flow across the switch fabric
Copyright © 2003, Juniper Networks, Inc.
The T-series Switch Fabric Nonblocking topology with any-to-any connectivity No single point of failure, all SIBs fully redundant
– Graceful degradation for multiple failures T640 switch fabric consists of 5 Switch Interface Boards (SIBs) (5th is a
spare)
T320 switch fabric consists of 3 Switch Interface Boards (SIBs) (3rd is a spare)
Packet order and CoS maintained across fabric
SIB 0
SIB 1
SIB 2
F16
F16
F16
Nf
FPC 0FPC 1
40Gbps(FD)
The T320 Switch Fabric
HSLs
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Flow (1 of 10)
Layer2/Layer3 Packet
Processing ASIC
SONETor
GigEPIC
SONETor
GigEPIC
Switch
Interface
ASIC
Layer2/Layer3 Packet
Processing ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Switch
Fabric
Queuing& Memory Interface
ASIC
Queuing& Memory Interface
ASIC
Packetsin
Packets
out
Packets arrive at an incoming PIC interface
PIC controller ASIC manages link layer framing of bit stream
Detects link layer CRC errors Generates link layer alarms Passes packets to FPC
Packets arrive at an incoming PIC interface
PIC controller ASIC manages link layer framing of bit stream
Detects link layer CRC errors Generates link layer alarms Passes packets to FPC
RDRAM
RDRAM
Ingress PFEData
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Flow (2 of 10)
Layer2/Layer3 Packet
Processing ASIC
SONETor
GigEPIC
SONETor
GigEPIC
Switch
Interface
ASIC
Layer2/Layer3 Packet
Processing ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Switch
Fabric
Queuing& Memory Interface
ASIC
Queuing& Memory Interface
ASIC
Packetsin
Packets
out
Layer 2/Layer 3 Packet Processing ASIC parses and validates Layer 2 and Layer 3 headers
Classifies traffic for CoS processing Divides the packets into 64-byte
cells Sends cells to Switch Interface ASIC
Layer 2/Layer 3 Packet Processing ASIC parses and validates Layer 2 and Layer 3 headers
Classifies traffic for CoS processing Divides the packets into 64-byte
cells Sends cells to Switch Interface ASIC
RDRAM
RDRAM
Ingress PFEData
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Flow (3 of 10)
Layer2/Layer3 Packet
Processing ASIC
SONETor
GigEPIC
SONETor
GigEPIC
Switch
Interface
ASIC
Layer2/Layer3 Packet
Processing ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Switch
Fabric
Queuing& Memory Interface
ASIC
Queuing& Memory Interface
ASIC
Packets
out
Switch Interface ASIC extracts the route lookup key
Key is placed in a notification cell and passed to the Internet Processor
Data cells are sent to the Queuing and Memory Interface ASICs
Switch Interface ASIC extracts the route lookup key
Key is placed in a notification cell and passed to the Internet Processor
Data cells are sent to the Queuing and Memory Interface ASICs
RDRAM
RDRAM
Packetsin
Ingress PFEData
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Flow (4 of 10)
Layer2/Layer3 Packet
Processing ASIC
SONETor
GigEPIC
SONETor
GigEPIC
Switch
Interface
ASIC
Layer2/Layer3 Packet
Processing ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Switch
Fabric
Queuing& Memory Interface
ASIC
Queuing& Memory Interface
ASIC
Packets
out
Queuing and Memory Interface ASICs pass the data cells to memory for buffering
Internet Processor II ASIC performs the route lookup and forwards the notification to the Switch Interface ASIC
Queuing and Memory Interface ASICs pass the data cells to memory for buffering
Internet Processor II ASIC performs the route lookup and forwards the notification to the Switch Interface ASIC
RDRAM
RDRAM
Packetsin
Ingress PFEData
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Flow (5 of 10)
Layer2/Layer3 Packet
Processing ASIC
SONETor
GigEPIC
SONETor
GigEPIC
Switch
Interface
ASIC
Layer2/Layer3 Packet
Processing ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Switch
Fabric
Queuing& Memory Interface
ASIC
Queuing& Memory Interface
ASIC
Packets
out
Switch Interface ASIC sends bandwidth requests through the switch fabric to the destination PFE
Issues read requests to the Queuing and Memory Interface ASIC to begin reading data cells out of memory
Switch Interface ASIC sends bandwidth requests through the switch fabric to the destination PFE
Issues read requests to the Queuing and Memory Interface ASIC to begin reading data cells out of memory
RDRAM
RDRAM
Packetsin
Ingress PFEData
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Flow (6 of 10)
Layer2/Layer3 Packet
Processing ASIC
SONETor
GigEPIC
SONETor
GigEPIC
Switch
Interface
ASIC
Layer2/Layer3 Packet
Processing ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Fabric
Queuing& Memory Interface
ASIC
Queuing& Memory Interface
ASIC
Packetsin
Packetsout
Destination Switch Interface ASIC sends grants through the switch fabric
Originating Switch Interface ASIC sends a cell through the switch fabric to the destination PFE
Destination Switch Interface ASIC sends grants through the switch fabric
Originating Switch Interface ASIC sends a cell through the switch fabric to the destination PFE
RDRAM
RDRAM
Egress PFE
Switch
Interface
ASICData
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Flow (7 of 10)
Layer2/Layer3 Packet
Processing ASIC
SONETor
GigEPIC
SONETor
GigEPIC
Switch
Interface
ASIC
Layer2/Layer3 Packet
Processing ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Switch
Fabric
Queuing& Memory Interface
ASIC
Queuing& Memory Interface
ASIC
Packetsin
Switch Interface ASIC extracts the route lookup key, places it in a notification, and forwards to the Internet Processor II
Internet Processor II performs route lookup and forwards notification to Queuing and Memory Interface ASIC
Switch Interface ASIC extracts the route lookup key, places it in a notification, and forwards to the Internet Processor II
Internet Processor II performs route lookup and forwards notification to Queuing and Memory Interface ASIC
RDRAM
RDRAM
Packetsout
Egress PFE
Switch
Interface
ASIC
Internet
Processor
II ASICData
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Flow (8 of 10)
Layer2/Layer3 Packet
Processing ASIC
SONETor
GigEPIC
SONETor
GigEPIC
Switch
Interface
ASIC
Layer2/Layer3 Packet
Processing ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Switch
Fabric
Queuing& Memory Interface
ASIC
Packetsin
Queuing and Memory Interface ASIC forwards notification to the Switch Interface ASIC
Switch Interface ASIC issues read requests to the Queuing and Memory Interface ASIC and passes cells to L2/L3 Processing ASIC
Queuing and Memory Interface ASIC forwards notification to the Switch Interface ASIC
Switch Interface ASIC issues read requests to the Queuing and Memory Interface ASIC and passes cells to L2/L3 Processing ASIC
RDRAM
RDRAM
Packetsout
Egress PFE
Switch
Interface
ASIC
Queuing& Memory Interface
ASIC
Data
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Flow (9 of 10)
Layer2/Layer3 Packet
Processing ASIC
SONETor
GigEPIC
SONETor
GigEPIC
Switch
Interface
ASIC
Layer2/Layer3 Packet
Processing ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Switch
Fabric
Queuing& Memory Interface
ASIC
Queuing& Memory Interface
ASIC
Packetsin
Layer 2/Layer 3 Packet Processing ASIC reassembles the data cells into packets
Adds Layer 2 encapsulation Sends the packets to the outgoing
PIC interface
Layer 2/Layer 3 Packet Processing ASIC reassembles the data cells into packets
Adds Layer 2 encapsulation Sends the packets to the outgoing
PIC interface
RDRAM
RDRAM
Packetsout
Egress PFE
Layer2/Layer3 Packet
Processing ASIC
Data
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
T-series Packet Flow (10 of 10)
Layer2/Layer3 Packet
Processing ASIC
SONETor
GigEPIC
Switch
Interface
ASIC
Layer2/Layer3 Packet
Processing ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Internet
Processor
II ASIC
Switch
Interface
ASIC
Switch
Fabric
Queuing& Memory Interface
ASIC
Queuing& Memory Interface
ASIC
Packetsin
Egress PIC ASIC adds physical layer framing and CRC
Sends bit stream out to the network
Egress PIC ASIC adds physical layer framing and CRC
Sends bit stream out to the network
RDRAM
RDRAM
Packetsout
Egress PFE
SONETor
GigEPIC
Data
Notification
Key
Copyright © 2003, Juniper Networks, Inc.
Exception Packets
Exception packets– Local delivery– IP options
Source route, router alert, etc.
– ICMP message generation
Generally processed by Packet Forwarding Engine control CPU
– Remaining traffic (local and control) sent to Routing Engine via internal link
Rate limiting
Hardware-based WRR ensures control traffic is not starved
Copyright © 2003, Juniper Networks, Inc.
JUNOS Software Overview
Where we are going…– Features– Processes– Protocol support
Copyright © 2003, Juniper Networks, Inc.
JUNOS Software Features
A single image runs on all M-series and T-series platforms with all features
– Free BSD-based environment
Fully independent software processes– Routing, interface control, management, chassis
management, SNMP, CLI, APS, VRRP, sampling, CoS, etc.– Protected memory environment
Serious error in one module does not impact other modules or packet forwarding
Automatic core dumps for serious faults
Purpose built for performance and stability in the Internet core
Copyright © 2003, Juniper Networks, Inc.
JUNOS Software Processes
User
RoutingTables
RoutingProtocol Process
InterfaceProcess
Command-LineInterface (CLI)
ChassisProcess
SNMP
ForwardingTable
Kernel
ForwardingTable
InterfaceProcess
ChassisProcess
Microkernel
DistributedASICs
JUNOS Internet Software
RoutingEngine
Embedded Microkernel
PacketForwardingEngine
Copyright © 2003, Juniper Networks, Inc.
The Kernel
The kernel– Provides the underlying infrastructure for all the JUNOS
software processes Provides the link between the routing tables and the RE's forwarding
table
Responsible for all communication with the PFE, including keeping the PFE’s copy of the forwarding table synchronized
RoutingProtocol Process
InterfaceProcess
Command-Line
Interface (CLI)ChassisProcess
ForwardingTable
Kernel
Copyright © 2003, Juniper Networks, Inc.
Routing Protocol Process
Core functions– Controls routing protocols running on router– Starts all configured protocols– Handles all routing messages– Maintains routing tables– Implements routing policy
RoutingTables
RoutingProtocol Process
(rpd)
JUNOS Kernel
Copyright © 2003, Juniper Networks, Inc.
Industrial-Strength Protocols Unicast routing protocols
– Intermediate System-to-Intermediate System (IS-IS)– Open Shortest Path First (OSPF and OSPF3)– Routing Information Protocol (RIP and RIPng)– Border Gateway Protocol (BGP)
Multicast routing protocols– Distance Vector Multicast Routing Protocol (DVMRP) – Protocol Independent Multicast (PIM)– Multicast Source Discovery Protocol (MSDP)– Internet Group Management Protocol (IGMP and MLD) – Session Announcement Protocol and Session Description
Protocol (SAP/SDP) MPLS application protocols
– Multiprotocol Label Switching (MPLS) Provider-provisioned VPN support (Layer 2 and 3)
– Resource Reservation Protocol (RSVP)– Label Distribution Protocol (LDP)
Copyright © 2003, Juniper Networks, Inc.
Review Questions
1. Which Juniper Networks M-series or T-series routers are aimed at the Internet core? What about the edge?
2. What are the primary responsibilities of the Routing Engine and the Packet Forwarding Engine?
3. What is the purpose of and relationship between FPCs and PICs?
4. What is the purpose of the Craft Interface?5. Describe packet flow through Juniper Networks
M-series and T-series platforms 6. Which software process maintains the routing
tables and implements routing policy?
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Juniper NetworksNetworking Essentials
Module 5: Installation andInitial Configuration
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After completing this module, you should be able to describe
– Important installation issues– Initial configuration process– Software installation from scratch– Software component upgrades– How to back up existing router software
Copyright © 2003, Juniper Networks, Inc.
Chassis Installation
M40/M160 Craft interface displays
– Typical M160 weighs 300 pounds (135 kg)– Typical M40 weighs 220 pounds (100 kg)– Typical M20 weighs 120 pounds (53 kg)– Lifting requires three or more people
Remove heaviest components first
– Power supplies– FPCs– Fan Trays
Lift into rack
– Do not lift M40 by Routing Engine handles Replace components
Copyright © 2003, Juniper Networks, Inc.
Power Up and Power Down
Powerup
– Perform more checks
– Connect all cables
– Turn on one power supply
– Turn on second power supply
Powerdown
– Shutdown Junos Routing software– CLI request system halt command– Turn off Power Supplies
Copyright © 2003, Juniper Networks, Inc.
Visible Activity at Startup
M40/M160 Craft interface displays
– Starting Routing Engine– Starting PFE– Starting cards
FPC LED
– Blink green while testing– Become solid green when tests pass
Alarm LEDs light as needed
Copyright © 2003, Juniper Networks, Inc.
Initial Configuration
Using serial console
– Root password– Machine name– IP address (prefix) and prefix length assigned to
management interface (fxp0)– Default router– DNS server
Copyright © 2003, Juniper Networks, Inc.
Troubleshooting
Craft interface
– Red LEDs indicate failure– M40/M160 LCD displays all major and minor alarms
Syslog messages
– Contain more detailed information– CLI show log messages command
CLI
– Interactive failure analysis using show commands– monitor log files using monitor command
Copyright © 2003, Juniper Networks, Inc.
Boot Devices and Media
Removable media– Used for install and upgrade, normally left empty– M40—120-MB high-capacity floppy drive– M20/M160—110-MB PCMCIA flash card
Flash drive– Solid-state nonrotating media– Primary source for booting software
Hard drive– Traditional rotating media– Secondary source for booting software
Copyright © 2003, Juniper Networks, Inc.
Software Installation
Arrives preinstalled from factory onto– Flash drive– Hard drive (alternate copy)– Removable LS-120 floppy or PCMCIA flash card (use as a last resort)
Can boot from alternate copy– If flash drive fails, router can still boot from hard drive or removable
media Upgradable
– Upgrade packages available through the Internet or on removable media
Copyright © 2003, Juniper Networks, Inc.
Boot Sequence
Hardware controlled– Software notifies hardware when boot completes
Success? Success? Success?
Removablemedia
Halt
Done
Solid-stateflash disk
Rotatingdisk
Done Done
Copyright © 2003, Juniper Networks, Inc.
Initial Configuration
Root password– Root password not set at factory– Must use console to configure root password
Router and domain name Management interface IP address and prefix length Default router IP address DNS server IP address
Copyright © 2003, Juniper Networks, Inc.
Initial Configuration
Enter configuration moderoot@> configure
[edit]
root@#
Set root password– Plain text known
root@# set system root-authenticationplain-text-password
– Pre-encrypted passwordroot@# set system root-authentication
encrypted-password encrypted-password
– SSH (secure shell) keyroot@# set system root-authentication
ssh-rsa key
Copyright © 2003, Juniper Networks, Inc.
Initial Configuration
Set router name[edit]
root@# set system host-name lab2
Set router domain name [edit]
root@# set system domain-name juniper.net
Commit changes so far[edit]
root@# commit
commit complete
[edit]
root@lab2#
Copyright © 2003, Juniper Networks, Inc.
Initial Configuration
Set management Ethernet IP address and prefix[edit]
root@lab2# set interfaces fxp0 unit 0 family inet address ip-address/prefix-length
Set default route[edit]
root@lab2# set system backup-router gateway-address
root@lab2# set routing-options static route default nexthop gateway-address retain no-readvertise
Set name server address[edit]
root@lab2# set system name-server ns-address
Copyright © 2003, Juniper Networks, Inc.
Full Installation
Reinstall JUNOS software if storage media fails or is corrupted
Future major software revisions may require full installation
Three steps– Prepare to reinstall JUNOS software– Reinstall JUNOS software– Configure JUNOS software
Copyright © 2003, Juniper Networks, Inc.
Full Installation: Preparation
Record basic information– Router name– Management interface IP address and prefix length– Default router IP address– Domain name and DNS server IP address
Copy existing configuration file to a safe place on the network– Located in /config/juniper.conf– Full installation erases both flash and rotating drives
Locate your Juniper installation media– LS-120 floppy or PCMCIA card contains entire JUNOS distribution
Copyright © 2003, Juniper Networks, Inc.
Full Installation: Reinstallation
Insert installation media into Routing Engine– M40—LS-120 floppy– All others—PCMCIA flash card
Reboot router– Use the CLI from the serial console
root@lab2> request system halt
– Power-cycle router Follow prompts
– Enter configuration information saved during installation preparation System reboots automatically after installation completes
Copyright © 2003, Juniper Networks, Inc.
Software Configuration
Log in as root
no-name (ttyd0)
login: root
Last login: date on ttyd0
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
---JUNOS 4.1R1 built 2000-07-24 09:29:44 UTC
#
Start CLI# cli
root@no-name>
Copyright © 2003, Juniper Networks, Inc.
Software Configuration
Enter configuration moderoot@no-name> configure
[edit]
root@no-name#
Set root password– Plain-text
root@no-name# set system root-authenticationplain-text-password text-password
– Pre-encrypted passwordroot@no-name# set system root-authentication
encrypted-password encrypted-password
– SSH keyroot@no-name# set system root-authentication
ssh-rsa key
Copyright © 2003, Juniper Networks, Inc.
Software Update Packages
JUNOS software updates are contained in four packages
– jkernel–Operating system– jroute–Routing Engine software– jpfe–Packet Forwarding Engine software– jdocs–On-line documentation– jbundle–All four upgrade packages combined– jinstall-Upgrade to/from 5.0
Packages can be upgraded individually CLI show system software command displays
installed packages
Copyright © 2003, Juniper Networks, Inc.
Jinstall vs. Jbundle
When to use jinstall– Upgrade 4.x to 5.y– Downgrade 5.y to 4.x
When to use jbundle– 4.x to 4.y transition– 5.x to 5.y transition
Copyright © 2003, Juniper Networks, Inc.
Package Naming Convention
Software packages have standard namespackage-m.nZnumber.tgz
– m.n is the major version number– Z is a single uppercase letter
A–Alpha
B–Beta
R–Release
I–Internal
– number is the release number, which might include the build number for that release
For examplejbundle-4.1R1.2.tgz
Copyright © 2003, Juniper Networks, Inc.
Back Up Existing Software
System software and configuration can be backed up to rotating disk
Best used– Before major upgrade to ensure system recovery if necessary– When system is judged to be stable
CLI request system snapshot command
Copyright © 2003, Juniper Networks, Inc.
Upgrade Software Jbundle
Download current package from software download page at www.juniper.net
Add new packageroot@lab2> request system software add new-package-name
Checking available free disk space...11200k available,6076k suggested.
Reboot routerroot@lab2> request system reboot
Copyright © 2003, Juniper Networks, Inc.
Upgrade Software jinstall
Prep the machine:
– cli> file copy jinstall-url /var/tmp/jinstall-pkg
– Copy customer configs and other files/executables
– Do not worry about JUNOS configs, uncommitted config, log files, SSH keys
Copyright © 2003, Juniper Networks, Inc.
How to use jinstall
Add jinstall
– cli> request system software add /var/tmp/ jinstall-pkg
Installing package '/var/tmp/jinstall-package name'...
WARNING: This package will load JUNOS software release-number.WARNING: It will save JUNOS configuration files, log files, and SSH keysWARNING: (if configured), but erase all other files and informationWARNING: stored on this machine. This is the pre-installation stageWARNING: and all the software is loaded when you reboot the system.WARNING: If you do not wish to proceed, you will be able to abort theWARNING: installation.
Saving the config files ...Installing the bootstrap installer ...
Copyright © 2003, Juniper Networks, Inc.
How to use jinstall
Type yes to reboot:
WARNING: A reboot is required to load this software correctly. If youWARNING: wish to abort the installation, enter 'no' below.
Reboot the system (yes/no) [no] ? yes
Shutting down in 10 seconds ...Saving package file in /var/sw/pkg/jinstall-packagename ...Saving state for rollback ...*** FINAL System shutdown message from user@host ***System going down IMMEDIATELYShutdown NOW!
Go for a coffee. Router will be up in 5-7 min.
Copyright © 2003, Juniper Networks, Inc.
Cautions
5.0 will reformat the disk. Customer configs and other files/executables will be lost.
Connect to the router via the management ethernet
If the juniper.conf has statements not supported in the new release, then mgd may fail during commit
Copyright © 2003, Juniper Networks, Inc.
Jinstall internal mechanics
Preinstall phase does various checks. Stores preinstall information in /var/tmp/preinstall
Reboot to come up on the installer:
– Perform more checks
– Reformat the disk
– Lay a base OS (files that are needed but not in jbundle)
– Lay the jbundle
Second reboot to come up on the new JUNOS
Copyright © 2003, Juniper Networks, Inc.
End of Life Procedures
Hardware EOL– Notifcation 180 day in Advance– During notification period can continue to purchase– Repaired or Replaced upto 3 years after EOL date
Software EOL– Software Support covers most recent release and two
previous (e.g. 4.3, 4.2, 4.1)
– New Releases schedule for FRS every 3 months
– Major Release – 6 month notice of EOL
Copyright © 2003, Juniper Networks, Inc.
Review Questions
1. What JUNOS boot Sequence?
2. What are the JUNOS software update Packages?
3. Describe the Package naming convention.
4. Explain the difference between Jbundle and Jinstall.
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Juniper NetworksNetworking Essentials
Module 6: JUNOS Configuration Basics
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you should be able to:
– Explain how to gain access to a Juniper router– Describe the difference between the CLI command mode and
configuration mode– Describe how to navigate and modify the Candidate
configuration– Describe how to change the Active configuration– Explain the method used to describe a customer interface– Describe how to configure the physical and logical properties
of an interface on a Juniper router
Copyright © 2003, Juniper Networks, Inc.
Access to Router
Console Management port, using Telnet, ssh, RADIUS
NCC
NO
NCC
NO
ACO/LT AUX/MODEM MGMT CONSOLE
OFFLINE ONLINE MASTER
OFFLINE ONLINE MASTER
RE0
RE1
FPC0
FPC1
FPC2
FPC3
FAIL OK
FAIL OK
FAIL OK
FAIL OK
Copyright © 2003, Juniper Networks, Inc.
User Authentication
Name and password Individual accounts Per-user command "class" permissions
lab2 (ttyd0)
login: nigel
Password:
Copyright © 2003, Juniper Networks, Inc.
Features
Line editing Command history Command completion Context-sensitive help
Copyright © 2003, Juniper Networks, Inc.
CLI Modes
Operational mode– Monitor and troubleshoot the software, the network
connectivity, and the router
Configuration mode– Configure the router, including interfaces, general routing
information, routing protocols, user access, and system hardware properties
nigel@lab2>
nigel@lab2#
Copyright © 2003, Juniper Networks, Inc.
CLI Commands
Command hierarchy
brief
exact
protocol
table
terse
bgp
chassis
interfaces
isis
ospf
route
version
clear
configure
monitor
set
show
Copyright © 2003, Juniper Networks, Inc.
Logging In
lab2 (ttyd0)
login: nigel
Password:
Last login: Fri Feb 18 19:23:16 on ttyd0
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California.
---JUNOS 4.1R1 built 2000-07-24 09:29:44 UTC
nigel@lab2>
Copyright © 2003, Juniper Networks, Inc.
Help
Type ‘?’ anywhere on command line
lab@omaha> ?Possible completions:
clear Clear information in the system
configure Manipulate software configuration information
file Perform file operations
help Provide help information
…
lab@omaha> show ?Possible completions:
aps Show APS information
arp Show system ARP table entries
as-path Show table of known AS paths
…
Copyright © 2003, Juniper Networks, Inc.
Editing Command Lines
lab@omaha> show interfaces
Ctrl-b
lab@omaha> show interfaces
Ctrl-a
lab@omaha> show interfaces
Ctrl-f
lab@omaha> show interfaces
Ctrl-e
lab@omaha> show interfaces
Copyright © 2003, Juniper Networks, Inc.
Command Completion
<space> completes a command
root@lab2> sh<space>ow i<space>
'i' is ambiguous.
Possible completions:
igmp Show information about IGMP
interfaces Show interface information
isis Show information about IS-IS
root@lab2> show i
Copyright © 2003, Juniper Networks, Inc.
Software Configuration Overview
Create a hierarchy of configuration statements– Enter commands in CLI configuration mode
root@lab2# set chassis alarm sonet lol red
– ASCII text file and displaychassis {
alarm {
sonet {
lol red;
}
}
}
Copyright © 2003, Juniper Networks, Inc.
Activating a Configuration
commit
rollback n
CandidateConfiguration
ActiveConfiguration
1 2 ...
0
Rollback files stored in/config/juniper.conf.n (n=1-3)/var/db/config/juniper.conf.n (n=4-9)
Rollback files stored in/config/juniper.conf.n (n=1-3)/var/db/config/juniper.conf.n (n=4-9)
Copyright © 2003, Juniper Networks, Inc.
Statement Hierarchy
atm e3 sonet t3
clock fpc
firewall interfaces protocols system more…
ethernet
alarm
chassis
Less Specific
More Specific
top
Copyright © 2003, Juniper Networks, Inc.
Entering Configuration Mode
Type configure or edit at the CLI operational mode prompt
root@lab2> configure
Entering configuration mode
[edit]
root@lab2#
Copyright © 2003, Juniper Networks, Inc.
Moving between levels of the statement hierarchy[edit]
user@host# edit chassis alarm ethernet
[edit chassis alarm ethernet]
Moving Between Levels
atm e3 sonet t3
clock fpc
firewall interfaces protocols system more…
ethernet
alarm
chassis
top
Copyright © 2003, Juniper Networks, Inc.
Moving Between Levels
user@host# up[edit chassis alarm]
user@host# top
[edit]
atm e3 sonet t3
clock fpc
firewall interfaces protocols system more…
ethernet
alarm
chassis
top
top
up
Copyright © 2003, Juniper Networks, Inc.
Displaying Current Configuration
[edit]user@host# show chassis alarmsonet { lol red; pll yellow; }[edit]user@host# edit chassis alarm[edit chassis alarm]user@host# showsonet { lol red; pll yellow; }[edit chassis alarm]
Copyright © 2003, Juniper Networks, Inc.
Exiting Configuration Mode
exit from top level
exit configuration-mode from any level
Operational mode
[edit]
[edit chassis]
[edit chassis alarm]
top
exit/up
exit configuration-modeexit
edit/configure
edit chassis
edit alarm
Copyright © 2003, Juniper Networks, Inc.
Standard Interfaces
Interface contained on PIC
PIC plugs into FPC– FPC has room for four
PICs
FPC plugs into chassis
Physical Physical Interface Interface
CardCard
PICPIC
PICPIC
PICPIC
FPC
Copyright © 2003, Juniper Networks, Inc.
Standard Interfaces
System uses consistent names for all customer interfaces
Based on– Interface port type– FPC slot number– PIC slot number within FPC– Port number within PIC
Copyright © 2003, Juniper Networks, Inc.
Interface Port Type
at— ATM over SONET/SDH ports e1— E1 ports e3— E3 ports fe— Fast Ethernet ports so— SONET/SDH ports t1— T1 ports t3— DS-3 ports ge— Gigabit Ethernet ports ae- Bundled Ethernet ports
Copyright © 2003, Juniper Networks, Inc.
FPC Slot Numbers
M40
3
2
1
0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7M160
M20
1
0M10
Copyright © 2003, Juniper Networks, Inc.
PIC Slot Numbers
0
1
3
2
M40 and M160– Top to bottom
All others– Right to left
013 2
Copyright © 2003, Juniper Networks, Inc.
Port Numbers
0
1
2
3
M40 and M160 Top to bottom Right to left
All others Right to left Bottom to top 01
23
Copyright © 2003, Juniper Networks, Inc.
Interface Names
Physical interfaces have standard names
– Type– FPC slot– PIC slot– Port number
so-5/2/3
Copyright © 2003, Juniper Networks, Inc.
Typical FPC and PIC Placement
Transient interfaces identified according to FPC/PIC/port convention
FPC and PIC numbering varies by platform
– M40/M160 platforms support eight FPCs, numbered from left to right
PICs numbered from top to bottom (0–3)
– M20 platform supports four FPCs numbered from top to bottom
PICs numbered from right to left (0–3)
FPC slot and PIC port numbers are labeled!
Typical FPC and PIC Numbering (T640)
FPCs 0–7
(Left to right)
PICs 0–3
(Top to bottom)
Copyright © 2003, Juniper Networks, Inc.
Interface Names
Logical interfaces are used to set up Frame Relay DLCIs or ATM virtual circuits
Interface number is separate in meaning from the actual DLCI or ATM VC and can be any arbitrary value
Suggested convention is to keep them the same whenever possible
so-5/2/3.43
Copyright © 2003, Juniper Networks, Inc.
Permanent Interfaces
Router has two permanent interfaces– Out-of-band management interface is called fxp0– Internal Routing Engine to PFE connection is called fxp1
Copyright © 2003, Juniper Networks, Inc.
Configure Interfaces
Copyright © 2003, Juniper Networks, Inc.
Configure Interfaces
Two steps– Configure physical properties– Configure logical properties
Copyright © 2003, Juniper Networks, Inc.
Configure Interfaces
– Physical properties Clocking
Scrambling
Frame check sequence (FCS)
Maximum transmission unit (MTU)
Keepalives
Other link characteristics
– Logical properties Protocol family (Internet, ISO, MPLS)
Addresses (IP address, ISO NET address)
Virtual circuits (VCI/VPI, DLCI)
Other characteristics
Copyright © 2003, Juniper Networks, Inc.
Configure Interfaces
Standard configuration statement hierarchyinterfaces {
interface-name {
physical-properties;
[…]
unit unit-number {
logical-properties;
[…]
}
}
}
Copyright © 2003, Juniper Networks, Inc.
Configure Physical Properties
Configure physical properties of the interface using the set command:set interface so-1/0/3 no-keepalives
Or park yourself in the interfaces section of the hierarchy and set many optionslab@omaha> configure
[edit]
lab@omaha# edit interfaces so-1/0/3
[edit interfaces so-1/0/3]
lab@omaha# set no-keepalives
lab@omaha# set sonet-options fcs 32
lab@omaha# commit
Copyright © 2003, Juniper Networks, Inc.
Default Settings
Default settings for an interface are usually enough to get you talking
Most interfaces do not need complex setup
Copyright © 2003, Juniper Networks, Inc.
Logical Interface Settings
Each physical interface has one or more logical interfaces Logical interface separates configuration information for each
ATM virtual circuit, Frame Relay DLCI, or VLAN Some physical interface encapsulations allow only one possible
logical interface– PPP– HDLC
Copyright © 2003, Juniper Networks, Inc.
Logical Interface Settings
Logical settings– Protocol family (Internet, ISO, MPLS)
Protocol MTU
IP address
Other protocol options
– Virtual circuit identifiers (VPI.VCI, DLCI)– Other according to-circuit characteristics
Copyright © 2003, Juniper Networks, Inc.
Unit Numbers
Each logical interface has a unit number Number can be arbitrary
– Typically, the unit number is the same as the VC or DLCI number Some physical interfaces have only one possible logical interface,
and one unit number only, which must be configured as unit zero
Copyright © 2003, Juniper Networks, Inc.
Configure Logical Interfaces
Use the set command to configure a logical interface, using the unit number
For exampleset interface so-1/0/3 unit 40 dlci 40
Or park yourself at the unit levellab@omaha> configure[edit]lab@omaha# edit interfaces so-1/0/3 unit 40[edit interfaces so-1/0/3 unit 40]lab@omaha# set dlci 40lab@omaha# set family inet address 10.0.20.1/24lab@omaha# commit
Copyright © 2003, Juniper Networks, Inc.
Configure Protocol Families
Each major protocol is called a family Internet protocol has TCP, UDP, and ICMP as family
members Most common protocol families are
– Internet (inet)– International Standards Organization (iso)– Traffic engineering (mpls)– Multiple families can live on one logical interface
Copyright © 2003, Juniper Networks, Inc.
Configure Protocol Families
Internet protocol family (inet) Allows you to set
– IP address: address A.B.C.D/prefix_length – Remote address on point-to-point links: destination A.B.C.D– Broadcast address: broadcast A.B.C.D– MTU size: mtu bytes– ICMP redirect control: no-redirects
Copyright © 2003, Juniper Networks, Inc.
Configure Protocol Families
Minimal sample configurationlab@omaha> configure
[edit]
lab@omaha# edit interfaces so-1/0/3
[edit interfaces so-1/0/3]
lab@omaha# set unit 0 family inet address 10.0.20.1/24
lab@omaha# commit
Displayed asinterfaces {
so-1/0/3 {
unit 0 {
family inet {
address 10.0.20.1/24;
}
}
}
}
Copyright © 2003, Juniper Networks, Inc.
Review Questions
1. What are the two types of CLI modes?
2. What are the interface types and names?
3. What are the two permanent interfaces?
4. What are the two basic interface characteristics?
5. What are some examples of physical interface settings?
6. What are some examples of logical interface settings?
Copyright © 2003, Juniper Networks, Inc.
Lab 2: CLI Configuration
Lab objective:
Introduction to Juniper CLI
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Juniper NetworksNetworking Essentials
Module 7: Routing Protocol Basics
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you should be able to:
– Explain the difference between static routing and dynamic routing, and explain when to use each type of routing
– Describe the characteristics and operation of distance vector and link-state routing protocols
– Explain how network convergence occurs and provide real-life examples
– Explain how routes are selected on a routed network and routing metrics
– Explain the role of interior gateway protocols and exterior gateway protocols, including Border Gateway Protocol (BGP)
– Explain how JUNOS software implements routing tables and routing policy
Copyright © 2003, Juniper Networks, Inc.
Types of Routes
Static– All packets forwarded to predetermined destinations defined
by an administrator
Dynamic– Packets are forwarded to dynamically calculated routes
determined by a routing protocol
Copyright © 2003, Juniper Networks, Inc.
Static Routing
Benefits– Good for small networks– Can help create a secure network– Efficiently uses router resources
Drawbacks– Does not handle network failures well– Does not scale well
Copyright © 2003, Juniper Networks, Inc.
Static Routing Example
Network192.168.5
Network172.16
Network10
Network 192.168.6
Destination Next Hop
10Direct
172.16Router B
192.168.5Router C
192.168.6Router C
Destination Next Hop
10Router A
172.16Router B
192.168.5Direct
192.168.6Router D
Destination Next Hop
10Router A
172.16Direct
192.168.5Router C
192.168.6Router C
Destination Next Hop
192.168.6Direct
Default Router C
Router A
Router B Router C
Router D
Copyright © 2003, Juniper Networks, Inc.
Static Routing with Link Failure
Network192.168.5
Network172.16
Network10
Network 192.168.6
Destination Next Hop
10Direct
172.16Router B
192.168.5Router C
192.168.6Router C
Destination Next Hop
10Unreachable
172.16 Router B
192.168.5 Direct
192.168.6 Router D
Destination Next Hop
10Router A
172.16Direct
192.168.5Router C
192.168.6Router C
Destination Next Hop
192.168.6Direct
Default Router C
Router A
Router B Router C
Router D
Copyright © 2003, Juniper Networks, Inc.
Floating Static Routes
Static routes CAN handle link failures!
A floating static route is a backup static route that is less preferred than more direct routes (static or dynamic)
Floating static route is used only when the preferred route is unavailable
Use with caution!
Router A Router B
DestinationNext Hop
Network XRouter C
Network XRouter B
Router C
Network X
DestinationNext Hop
Network XRouter C
Network XRouter A
Copyright © 2003, Juniper Networks, Inc.
Dynamic Routing
Routing tables Neighbors
Interface status All routers
Distance-Vector
Link-State
Communicatewhat?
Betweenwhom?
Copyright © 2003, Juniper Networks, Inc.
Routing Protocol Convergence
Convergence: when all routers in a given routing domain achieve a consistent view of that routing domain
Routing protocols must achieve convergence in order to route packets consistently from one location to another
Copyright © 2003, Juniper Networks, Inc.
Interior and Exterior Gateway Protocols
AS 1 AS 2
IGP IGPEGP
• Border Gateway Protocol
IGPs
• RIP
• OSPF
• IS-IS
Interior Gateway Protocols (IGPs)– Routing protocols that run within an autonomous system (AS)
to exchange network reachability information
Exterior Gateway Protocols (EGPs)– Routing protocols that exchange routing information between
autonomous systems
Copyright © 2003, Juniper Networks, Inc.
Distance Vector Protocols
Distance vector neighbors exchange vectors – Metric is typically hop count– Vectors reflect both distance and direction– Vectors are stored in the routing table– Entire table or a portion of table is sent
The longest network path is limited Each router sends a routing table update periodically
Copyright © 2003, Juniper Networks, Inc.
When to Use Distance Vector Routing
Use in very small networks that have few, if any, redundant paths and no stringent network performance requirements
Epitome of the distance-vector routing protocol is Routing Information Protocol (RIP)
Distance vector drawbacks:– Long convergence time– Simplistic metrics
Copyright © 2003, Juniper Networks, Inc.
Distance Vector Stability Issues
Counting to infinity Routing loops
Network A
R1 R2
R3
Network A = 1 hop
Network A = 2 hops
3
4
5
6
…
Copyright © 2003, Juniper Networks, Inc.
Link-State Routing Protocols
Link-state routing protocols build and maintain a database of link state information
Hello messages are used to discover neighbors Costs are associated with links Updates are sent to communicate link state changes Information is flooded to all neighbors who create a
link state database
Copyright © 2003, Juniper Networks, Inc.
The Link-State Database (LSDB)
The LSDB is like a puzzle that, when complete, is an accurate picture of the network
LSDB entries are like puzzle pieces that can describe:– Routers and their attached links– Links and their attached routers– Routing information from outside the network– Link metrics, often represented as Cost
Each router maintains its own copy of the LSDB Each router stores a copy of every LSDB entry in the
network Different protocols use different names for LSDB
entries– More on that later…
Copyright © 2003, Juniper Networks, Inc.
When to Use Link-State Routing
Use link-state routing with:– Any size, well-designed network– Any network that requires network scalability – Larger, more complicated networks– Faster convergence required
Drawbacks– Can flood the network's transmission facilities, thereby
significantly decreasing the network's capability to transport data
– Memory and processor intensive
Copyright © 2003, Juniper Networks, Inc.
Martian Addresses
Host or network addresses about which all routing information is ignored
Commonly sent by improperly configured systems on the network and have destination addresses that are obviously invalid
In IPv4, these are the default martian addresses: – 0.0.0.0/8 – 127.0.0.0/8 – 128.0.0.0/16 – 191.255.0.0/16 – 192.0.0.0/24 – 223.255.255.0/24 – 240.0.0.0/4
Copyright © 2003, Juniper Networks, Inc.
Route Flapping
What is route flapping?– Instability in the reachability of a prefix– Occurs during a topology change – In an unstable network, routers might be unable to decide on a
route to a destination
Dealing with route flapping– Different protocols have different solutions
Copyright © 2003, Juniper Networks, Inc.
JUNOS Routing Policy
Controls routing information transferred between routing table and each routing protocol
– Incoming routing information can be ignored or changed– Outgoing routing information can be suppressed or changed
Some match conditions are protocol-specific
Copyright © 2003, Juniper Networks, Inc.
When to Apply Policy
You do not want to import all learned routes into the routing table
You do not want to advertise all learned routes to neighboring routers
You want one protocol to receive routes from another protocol
You want to modify information associated with a route
Copyright © 2003, Juniper Networks, Inc.
Import and Export
Policy filtering is done with respect to the JUNOS routing table
Export policy is applied to active paths in the routing table
NeighborsNeighbors
ProtocolProtocol
Routingtable
Routingtable
Forwardingtable
Forwardingtable
ProtocolProtocol
ImportRoutes Routes
PFE
Export
NeighborsNeighbors
Copyright © 2003, Juniper Networks, Inc.
Routing Policy
Allows you to filter and control routing information entering and leaving the router
Separate policy for each routing protocol
NeighborsNeighbors
ProtocolProtocol
Routingtable
Routingtable
Forwardingtable
Forwardingtable
ProtocolProtocol
Routes Routes
PFE
NeighborsNeighbors
Import policy #1
Import policy #2
Export policy #1
Export policy #2
Copyright © 2003, Juniper Networks, Inc.
Routing Policy
Policies can be chained together to increase their effectiveness
Route PolicyPolicy
Accept
Reject
PolicyPolicy
Accept
Reject
...Last
policyLast
policyDefaultpolicy
Defaultpolicy
Accept
Reject
Accept
Reject
Copyright © 2003, Juniper Networks, Inc.
Routing Policy
Policies contain collections of terms Terms contain a condition and an action to apply to
each route
Route TermTerm
Accept
Reject
TermTerm
Accept
Reject
...LasttermLastterm
NextpolicyNext
policy
Accept
Reject
Copyright © 2003, Juniper Networks, Inc.
Default Routing Policy Actions
Different default policies for each protocol being imported or exported describe default protocol behavior
Reaching the end of a policy, or chain of policies, invokes default policy for that protocol
Copyright © 2003, Juniper Networks, Inc.
How Routing Policies Are Evaluated
RouteRoute PolicyPolicy
Accept
Reject
PolicyPolicy
Accept
Reject
LastConfigured
policy
LastConfigured
policy
Defaultpolicyaction
Defaultpolicyaction
Accept
Reject
Accept
Reject
Continueevaluating
Continueevaluating
until…
Copyright © 2003, Juniper Networks, Inc.
Routing Policy Example
RouteRoute
TermTermAccept
or reject
TermTerm
TermTerm
Acceptor reject
Acceptor reject
Policy 1
TermTermAccept
or reject
TermTerm
TermTerm
Acceptor reject
Acceptor reject
Policy 2
TermTermAccept
or reject
Defaultaction
Defaultaction
Additional Policies
Copyright © 2003, Juniper Networks, Inc.
Routing Policy Example
RouteRoute
SourceConditions
SourceConditions
ActionsActions
Does not match all
conditions
Policy term
Defaultaction
Defaultaction
Match
DestinationConditionsDestinationConditions
Copyright © 2003, Juniper Networks, Inc.
JUNOS Routing Databases
Routing table
Master forwarding table
Forwarding table
Network interfaces
Packet Forwarding Engine
Routing Engine
Routing Protocol Process
JUNOS kernel
Copyright © 2003, Juniper Networks, Inc.
Review Questions
1. When would you implement static routing? Dynamic routing?
2. What are the primary differences between distance-vector protocols and link-state protocols?
3. How does a distance-vector protocol handle router updates?
4. What happens when the network converges? (Describe the process.)
5. Describe the JUNOS routing policy and its implementation.
Copyright © 2003, Juniper Networks, Inc.
Lab 3: Static Routing
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Juniper NetworksNetworking Essentials
Module 8: Interior Gateway Protocols
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you should be able to:– Describe RIP architectural features, standards, limitations, and
packet format– Explain JUNOS support for RIP– Configure a Juniper Networks router with a minimum RIP
configuration– Describe OSPF standards, terminology, routing algorithms, packet
format, external metrics, designated routers, and traffic engineering extensions
– Explain JUNOS software support for OSPF– Configure a Juniper Networks router with a minimum OSPF
configuration– Describe IS-IS standards, terminology, network addressing, packet
format, and traffic engineering extensions– Explain JUNOS software support for IS-IS– Configure a Juniper Networks router with a minimum ISIS
configuration
Copyright © 2003, Juniper Networks, Inc.
IGP’s vs EGP’s
IGP – Internal Gateway Protocol– Used to optimize the route a packet takes between points
within an Autonomous System(AS – network infrastructure under a unique set of administrative and technical policies)
EGP – External Gateway Protocol– Used to provide for the exchange of routing information
between Autonomous Systems– Typically designed for doing policy routing, providing control
over routes leaving and entering an AS
Copyright © 2003, Juniper Networks, Inc.
What Is OSPF?
An interior gateway protocol (IGP) based on the shortest path first (SPF) algorithm, also known as the Dijkstra algorithm
Created to fill the need for a high-functionality, standards-based IGP for the TCP/IP protocol family
Main RFCs:– 1587 – OSPF NSSA Option– 2328 – OSPF Version 2 (current implementation)
Copyright © 2003, Juniper Networks, Inc.
What Is a Link-State Protocol ?
Link = router interface State = description of interface and its relationship to
neighboring routers OSPF routers send link-state advertisements (LSAs) to
all other routers within the same hierarchical area Routers store information in a link-state, or topological,
database Each OSPF router uses the SPF algorithm to calculate
the shortest path to each node
Copyright © 2003, Juniper Networks, Inc.
What Is SPF?
Places each router at the root of a tree and calculates the shortest path to each destination based on the cumulative cost to reach that destination
Each router has its own view of the topology, even though all the routers build a shortest-path tree using the same link-state database
Copyright © 2003, Juniper Networks, Inc.
OSPF Routing Hierarchy
Largest entity is the autonomous system (AS) An AS can be divided into areas, groups of contiguous
networks, and hosts– Routers within a single area have identical link-state
databases– Area Border Routers (ABRs): routers with interfaces in
multiple areas– AS Boundary Routers (ASBRs): routers that act as gateways
to other protocols or another AS
Copyright © 2003, Juniper Networks, Inc.
OSPF Backbone
OSPF backbone (Area 0) distributes routing information between areas
– Contains all area border routers and backbone routers– All traffic between areas goes through the backbone
Backbone is itself an OSPF area If backbone is configured as not contiguous, must
configure virtual links– Between any backbone routers that share a link to a
nonbackbone area, or the transit area– Function as direct links
Copyright © 2003, Juniper Networks, Inc.
OSPF Area Relationships
Backbone
Area 1
Area 3Area 2
(0.0.0.0)
RIP
BGPExternal routes
Inter-area routes(Summary routes)
Intra-area routes
Copyright © 2003, Juniper Networks, Inc.
OSPF Stub Areas
Stub areas– Do not carry external routes– Virtual links cannot be configured across– Cannot contain ASBR
Totally stubby areas– Stub area that only receives the default route from the
backbone
Not-so-stubby areas– Allows limited importing of external routes
Transit areas– Used to pass traffic from one adjacent area to the backbone,
or to another area if the backbone is more than two hops away from an area
Copyright © 2003, Juniper Networks, Inc.
OSPF Area Types
Backbone
Stub area
(0.0.0.0)
RIP
BGPExternal routes
Inter-area routes(summary routes) Default route
Totally stubby area
Not-so-stubbyarea
Intra-area routes
Copyright © 2003, Juniper Networks, Inc.
OSPF Neighbors
Routers that share a common segment within a single area are neighbors
Neighbors become adjacent to exchange LSAs The goal: to achieve identical link-state databases
Copyright © 2003, Juniper Networks, Inc.
Neighbors Exchange Link-State Info
Neighbors exchange link-state update packets containing LSAs at initialization and when routing information changes
Link-states exchanged by flooding: Each router that receives a link-state update stores a copy in its link-state database and then propagates the update to other routers
Once the database is complete, the router calculates an SPF Tree to all destinations using the Dijkstra algorithm
OSPF activity determined by the amount of change – the less change, the less activity
Copyright © 2003, Juniper Networks, Inc.
OSPF Packet Types
Hello: Establishes and maintains neighbor relationships Database Description: Describes the contents of the link-state
database by sending LSA headers. Exchanged when an adjacency is initialized.
Link-State Request: Requests specific LSAs from neighbor routers. Exchanged after a router discovers that parts of its database are missing or out of date.
Link-State Update: Responds to a link-state request packet. Also used for the regular dispersal of LSAs to reflect topology changes. Several LSAs can be included within a single link-state update packet.
Link-State Acknowledgment: Acknowledges receipt of link-state update packets. Implements guaranteed flooding.
Copyright © 2003, Juniper Networks, Inc.
OSPF Routing
Link-state advertisements
NSSA
NSSA External LinksType 7
Used by not-so-stubby areas to import external routes into a stub area.
ASBR
External LinksType 5
Originated by an ASBR.Describe destinations externalto the autonomous system or adefault route to the outside AS.
DR
Network LinksType 2
Originated for multi-access segments with more than one attached router. Describe all routers attached to the specific segment. Originated by a Designated Router (discussed later on).
Router LinksType 1
Describe the state and cost of the router’s links (interfaces) to the area (Intra-area).
Summary LinksTypes 3 and 4
Originated by ABRs only.Describe networks in the AS but outside of area (Inter-area).Also describe the location of the ASBR.
ABR
ASBR
Copyright © 2003, Juniper Networks, Inc.
Link-State Advertisements
# of LSAsLSA
HeaderLSA Data
LSA Header
LSA Data …
Field length,in bytes 1 1 2 4 4 2 2 8 Variable
DataAuthenticationAuthent-ication
type
Check-sum
Area IDRouter IDPacketlength
TypeVersionnumber
Copyright © 2003, Juniper Networks, Inc.
Designated Router
One designated router (DR) and one backup designated router (BDR) per multi-access segment
Minimizes amount of information exchange on the segment
Designated Router
BackupDesignated Router
Copyright © 2003, Juniper Networks, Inc.
External Routes
ASBRs discover external routes – Static routes– Exterior gateway protocol, such as BGP, for example
External Type 1– Cost = external cost + internal cost– Preferred over Type 2
External Type 2– Cost = external cost
Copyright © 2003, Juniper Networks, Inc.
When to Use OSPF
Faster convergence than distance vector Supports much larger networks Less susceptible to bad routing information
Copyright © 2003, Juniper Networks, Inc.
OSPF Design Tips
Number of routers per area– Depends on many factors
Number of neighbors– Fewer neighbors = better performance– Link State Database grows proportionately to the number of
links in an area
Number of areas per ABR– Fewer areas = better performance
Full mesh vs. partial mesh – Partial works better
Copyright © 2003, Juniper Networks, Inc.
JUNOS OSPF Support
OSPF Version 2, including: – Virtual links– Stub areas– Authentication
Copyright © 2003, Juniper Networks, Inc.
Configuring OSPF
Minimal configuration example protocols {
ospf {
area 0.0.0.0 {
interface interface-name;
interface interface-name;
}
}
Copyright © 2003, Juniper Networks, Inc.
Useful Commands
show ospf neighbor – displays state of neighbors/adjacencies Address Intf State ID Pri Dead
172.16.30.254 fe-0/0/0.0 Full 10.250.240.8 128 30
area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253
Up 00:10:50, adjacent 00:10:50
172.16.30.253 fe-0/0/0.0 Full 10.250.240.35 128 30
area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253
Up 00:10:50, adjacent 00:10:52
172.16.30.252 fe-0/0/0.0 2Way 10.250.240.32 64 38
area 0.0.0.5, opt 0x2, DR 172.16.30.254, BDR 172.16.30.253
Up 00:08:10
show ospf interface – displays state of interfaces
Interface State Area DR ID BDR ID Nbrs
fe-0/0/0.0 DR 0.0.0.0 192.168.12.1 192.168.8.1 1
fe-0/0/1.0 DR 0.0.0.0 192.168.12.1 0.0.0.0 0
Copyright © 2003, Juniper Networks, Inc.
Useful Commands (cont’d)
show ospf database – displays all learned OSPF LSAs OSPF link state database, area 0.0.0.0
Type ID Adv Rtr Seq Age Cksum Len
Router *10.250.240.8 10.250.240.8 0x800001fc 2388 0x3684 36
Router 10.250.240.17 10.250.240.17 0x80000217 1835 0x444c 36
Router 10.250.240.32 10.250.240.32 0x80000232 1876 0x0158 36
Router 10.250.240.35 10.250.240.35 0x80000291 1100 0x4aa5 36
Network 192.168.254.230 10.250.240.8 0x800001cc 117 0xab67 40
Summary 10.1.2.0 10.250.240.17 0x80000216 1535 0x1729 28
Summary 10.1.3.34 10.250.240.8 0x8000013a 2217 0x842f 28
OSPF link state database, area 1.0.0.0
Type ID Adv Rtr Seq Age Cksum Len
Router 10.250.240.9 10.250.240.9 0x80000267 116 0x1bb3 36
[additional information]
Copyright © 2003, Juniper Networks, Inc.
Lab 5: OSPF Configuration Lab
Lab objective:
Configure a Juniper Networks router with a minimal OSPF configuration
Copyright © 2003, Juniper Networks, Inc.
Review Questions
1. What type of routing protocol is RIP?
2. What algorithm is used by RIP to determine the best path to forward data?
3. What type of metric does RIP use?
4. What is the maximum network diameter, in terms of hop count, for RIP?
5. What is a Link-State protocol?
6. Describe the types of areas that can be used by OSPF?
7. Describe the purpose of the DR in OSPF?
8. What are ISIS packets called?
9. Describe some similarities between OSPF and ISIS?
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Juniper NetworksNetworking Essentials
Module 9: BGP Protocol
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you should be able to:
– Describe the definition, use, operation, implementation, and interoperability considerations for BGP
– Describe BGP standards, autonomous systems, AS path and attributes, external and internal operational features, routes, and messages
– Explain JUNOS software support for BGP
Copyright © 2003, Juniper Networks, Inc.
What Is BGP?
BGP is an inter-domain routing protocol that communicates prefix reachability
BGP is a path vector protocol– Similar to distance vector
BGP views the Internet as a collection of autonomous systems
Stability is very important to the Internet and BGP BGP supports CIDR BGP routers exchange routing information between
peers Defined in RFC 1771
Copyright © 2003, Juniper Networks, Inc.
BGP Fundamentals
Routes consist of destination prefixes with an AS path and BGP-specific attributes
Each BGP update contains one path advertisement and attributes
– Many destinations can share the same path
BGP compares the AS path and attributes to choose the best path
Unfeasible routes can be advertised– Unreachable routes are withdrawn
Copyright © 2003, Juniper Networks, Inc.
BGP Connections
BGP updates are incremental– No regular refreshes– Except at session establishment, when volume of routing
can be high
BGP runs over TCP connections– TCP port 179– TCP Services
Fragmentation, Acknowledgments, Checksums, Sequencing, and Flow Control
– No automatic neighbor discovery
Copyright © 2003, Juniper Networks, Inc.
BGP Peering
BGP sessions are established between peers– BGP Speakers
Two types of peering sessions– E-BGP (external) peers with different AS's– I-BGP (internal) peers within the same AS
Still requires interior gateway protocols (IGPs)– IGP connects BGP speakers within the AS– IGP advertises internal routes
Copyright © 2003, Juniper Networks, Inc.
E-BGP and I-BGP
OSPFOSPF
I-BGPI-BGPE-BGPE-BGP
E-BGPE-BGPCustomer AS 1
ISP-X AS 2
I-BGPI-BGP
ISP-Y AS 3Customer 2
No AS number;uses default route
to the Internet
Copyright © 2003, Juniper Networks, Inc.
I-BGP Loopback Interfaces
I-BGP peering is often done using loopback interfaces– Loopback interfaces are more stable– Not tied to a single physical path
The AS needs an IGP so that I-BGP speakers can reach each others’ loopback address
Router ARouter B
AS 1
Lo0: 192.168.255.2/32
Full-MeshI-BGP
Full-MeshI-BGP
Router C
Lo0: 192.168.255.1/32
Lo0: 192.168.255.3/32
Copyright © 2003, Juniper Networks, Inc.
E-BGP Multihop and Load Balancing
Router A Router B AS 3
Loopback interface 0: 10.22.11.1Loopback interface 0: 172.25.1.1E-BGP
AS 1
E-BGP Multihop
192.168.1.2
192.168.1.3
Router A Router BAS 2
172.18.0.0
Loopback interface 0: 172.18.1.1Loopback interface 0: 172.16.10.1
E-BGP
AS 1172.16.0.0
E-BGP Load Balancing
10.1.1.110.1.1.2
10.2.2.110.2.2.2
Need TTL >1
Don’t limit E-BGP session to 1 physical link
Copyright © 2003, Juniper Networks, Inc.
BGP Route Advertisement
Advertise only the active BGP routes to peers– BGP next-hop must be reachable
Never forward I-BGP routes to I-BGP peers– Prevents loops
Withdraw routes if active BGP routes become unreachable
Copyright © 2003, Juniper Networks, Inc.
Default BGP Advertisement Rules
(1) I-BGP advertises routes learned from E-BGP, and…
(2) E-BGP advertises any route learned from I-BGP or E-BGP, but…
I-BGPI-BGP
I-BGPI-BGPE-BGPE-BGP
Customer AS 1
ISP 1 AS 2
(3) I-BGP does not advertise any routes learned via I-BGP
Copyright © 2003, Juniper Networks, Inc.
The Need for a Full I-BGP Mesh
AS1AS2
R11
R12
R13
R22
R23
R21N22
Advertise N22
X
X N23
AdvertiseN22N23
I-BGP
E-BGP
How do the default rules of I-BGP/E-BGP impact
AS2?N22
Advertise N23 N23
AdvertiseN22N23
AdvertiseN22N23
Copyright © 2003, Juniper Networks, Inc.
BGP Message Types
Four BGP message types:– Open– Update– Keepalive– Notification
Messages use a common header
Copyright © 2003, Juniper Networks, Inc.
When to Use BGP
Enterprise network that is multihomed to two or more ISPs
– To support full or partial routes
To participate as an Internet Backbone Provider
Internet
ISP 1 ISP 2
CorporateNetwork
Copyright © 2003, Juniper Networks, Inc.
JUNOS Software Support for BGP
RFC 1771, A Border Gateway Protocol 4 (BGP-4) RFC 1772, Application of the Border Gateway Protocol in the
Internet RFC 1965, Autonomous System Confederations for BGP RFC 1966, BGP Route Reflection: An Alternative to Full-Mesh
I-BGP RFC 1997, BGP Communities Attribute RFC 2270, Using a Dedicated AS for Sites Homed to a Single
Provider RFC 2283, Multiprotocol Extensions for BGP-4 RFC 2385, Protection of BGP Sessions through the TCP MD5
Signature Option RFC 2439, BGP Route Flap Damping RFC 2842, Capabilities Advertisement with BGP-4
Copyright © 2003, Juniper Networks, Inc.
JUNOS BGP Routing Table
BGP stores routes in the JUNOS software routing table (inet.0)
Routing table stores
– Routing information learned from update messages– Local routing information selected by applying local policies
to routes received in update messages– Information selected to advertise to BGP peers
Copyright © 2003, Juniper Networks, Inc.
Basic BGP Configuration
routing-options { autonomous-system 64;}protocols { bgp { group external-peer1 { type external; peer-as 1234; neighbor 10.0.0.1; } group internal-peers { type internal; local-address 192.168.1.1; neighbor 10.0.5.1; neighbor 10.0.6.1; } }}
Copyright © 2003, Juniper Networks, Inc.
Basic Routing Policy
JUNOS software policy is used to insert prefixes into BGP updates
Import and Export policies can be defined– Import policies control which routes are placed in the local
routing table– Export policies control which routes are advertised from local
routing table to neighbors
Copyright © 2003, Juniper Networks, Inc.
Basic Policy Configuration
First, define the policy:
policy-statement redistribute-static-routes {from protocol static;then accept;
}
Then apply the policy under BGP:
protocols {bgp {
export redistribute-static-routes;}
}
Copyright © 2003, Juniper Networks, Inc.
Show BGP Neighbor
user@host> show bgp neighborPeer: 10.1.1.2+179 AS 29 Local: 10.1.1.1+1048 AS 29 Type: Internal State: Established Flags: <> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Options: <Preference HoldTime> Holdtime: 90 Preference: 170 Number of flaps: 1 Error: "Cease" Sent: 1 Recv: 0 Peer ID: 10.1.1.2 Local ID: 0.0.0.0 Active Holdtime: 90 NLRI advertised by peer: unicast NLRI for this session: unicast Group Bit: 0 Send state: in sync Table inet.0 Active Prefixes: 0 Received Prefixes: 0 Suppressed due to damping: 0 Table inet.2 Active Prefixes: 0 Received Prefixes: 0 Suppressed due to damping: 0 Last traffic (seconds): Received 25 Sent 21 Checked 21 Input messages: Total 4143 Updates 0 Octets 78717 Output messages: Total 4156 Updates 10 Octets 79303 Output Queue[0]: 0 Output Queue[1]: 0
Copyright © 2003, Juniper Networks, Inc.
Show BGP Summary
show bgp summary – View basic information about all BGP neighbors
Groups: 12 Peers: 26 Unestablished peers: 2
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dn State|#Act/Recv/Da…
172.17.0.2 45 1225 55263 50511 0 18:22:14 47769/50591/0
192.168.1.1 33 911 0 0 0 18:22:27 Active
192.168.1.97 23 10458 2201 41043 0 18:22:03 0/0/0
192.168.1.100 432 10458 163 17643 0 17:01:18 Active
Copyright © 2003, Juniper Networks, Inc.
Show BGP Routes
show route receive-protocol bgp <addr>– Look at routes received by a peer before policy is applied
user@host> show route receive-protocol bgp 11.1.1.1inet.0: 6 destinations, 6 routes (5 active, 0 holddown, 1 hidden)Prefix Nexthop MED Lclpref AS path10.0.0.0/8 192.168.1.1 100 I172.16.0.0/12 172.19.1.1 100 I
show route advertising-protocol bgp <addr>– Look at routes being advertised to a specific peer
user@host> show route advertising-protocol bgp 10.1.1.2inet.0: 10 destinations, 10 routes (8 active, 0 holddown, 2 hidden)Prefix Nexthop MED Lclpref AS path10.0.0.0/8 Self 100 I172.16.0.0/12 Self 100 I
Copyright © 2003, Juniper Networks, Inc.
Lab 7: BGP Configuration Lab
Lab objective:
Configure a Juniper Networks router with a minimal BGP configuration
Copyright © 2003, Juniper Networks, Inc.
Review Questions
1. On what type of network would you implement BGP?
2. How does BGP advertise routes?
3. How would a typical ISP design a network to support BGP? Draw a sample network.
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Advanced VPNs
Module 10: MPLS Review and Background Information
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
MPLS Benefits
Fully integrates IP routing and Layer 2 switching Leverages existing IP infrastructures Optimizes IP networks by facilitating traffic engineering
– Enables multi-service networking– Integrates private and public networks seamlessly
Copyright © 2003, Juniper Networks, Inc.
Traffic Engineering
Ability to control traffic flows in the network– Optimizes available resources– Moves traffic from IGP path to less congested path
Source Destination
Layer 3 Routing Traffic Engineering
Copyright © 2003, Juniper Networks, Inc.
Traffic Engineering Uses
With traffic engineering, you can:– Route paths around bottlenecks– Provide concise traffic control– Provide efficient bandwidth use– Enhance an ISP’s traffic-oriented performance– Enhance statistically bound performance characteristics of
the network– Provide more options, lower costs, and better service
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
High-Level Overview of Traffic Engineering
Information distribution component Path selection component Path signaling component Packet forwarding component
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Information Distribution
IGP extensions propagate information– IS-IS uses type/length/value (TLV) tuples– OSPF uses opaque LSA type 10– Information is propagated within area/level only
Information propagated– Bandwidth available– Preemption priority– Link affinity (link colors)– Router ID
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Path Selection
Two main approaches or a hybrid approach– Offline path calculation (in-house or third-party tools)
– Online path calculation (constraint-based routing)
– Hybrid approach provides the accuracy of offline approach with failure recovery capability
LSP
IngressLSR
EgressLSR
Copyright © 2003, Juniper Networks, Inc.
Path Signaling
Dynamic path creation requires a signaling protocol to:
– Coordinate label distribution
– Route the LSP explicitly
– Reserve bandwidth (optional)
– Provide class-of-service capability (DiffServ style)
– Reassign resources (like bandwidth)
– Preempt existing LSPs
– Prevent loops
Copyright © 2003, Juniper Networks, Inc.
Path Signaling Protocols
The IETF MPLS architecture does not assumea single protocol for assigning and distributing labels
– LDP Executes hop by hop
Selects same physical path as IGP
Supports reduced LSP complexity
– RSVP Extends easily for explicit routes and label distribution
Deployed by providers in production networks
A well-known signaling protocol
– CR-LDP Extends LDP to support explicit routes
Functionally identical to RSVP
Not supported by Juniper Networks
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Packet Forwarding
Ingress router examines IP header Packet is then:
– Classified for interface output queue– Assigned a label– Encapsulated in an MPLS header– Forwarded toward the next hop in the LSP
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
MPLS Terminology
Forward equivalence class (FEC)– Stream/flow of IP packets – FEC/label binding mechanism
Label– Fixed length– Local significance– Label distribution, retention, and control
Downstream on demand/unsolicited downstream
Liberal/conservative
Independent/ordered
LSR label processing– Push/swap/pop/multi-push/swap-push
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
MPLS Terminology: MPLS Shim Header
MPLS shim header fields:– Label (L)– Experimental (CoS)– Stacking bit (S)– Time to live (TTL)
Reserved and pre-defined label values
32 bits
TTLLabel (20 bits) CoS S
IP PacketIP PacketL2 HeaderL2 Header MPLS Header
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
MPLS Terminology: Label Swapping
Port 1
Port 3
Port 2
Port 4
Connection Table
In(port, label)
Out(port, label)
(1, 22)
(1, 24)
(1, 25)
(2, 23)
(2, 17)
(3, 17)
(4, 19)
(3, 12)
LabelOperation
Swap
Swap
Swap
Swap
25IP
19IP
Copyright © 2003, Juniper Networks, Inc.
MPLS Terminology: Router Types
SanFrancisco
New York
LSP
IngressLSR Transit
LSRTransit
LSR
EgressLSR
PenultimateRouter
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Packet Forwarding
Ingress LSR determines FEC and assigns a label– Forwards Paris traffic on the green LSP– Forwards Rome traffic on the blue LSP
Traffic is label-swapped at each transit LSR Egress LSR
– Removes MPLS header (dependent upon penultimate hop pop)
– Forwards packet based on destination address
EgressLSRIngress
LSRParis
Rome
Source
Copyright © 2003, Juniper Networks, Inc.
200.3.2.7
Packet Forwarding Example
134.5.1.5
200.3.2.7
1
200.3.2.1
134.5.6.1
Ingress Routing TableDestination Next Hop
134.5/16
200.3.2/24
(3,99)
(3, 99)
MPLS TableIn Out
(1, 99) (2, 56)
MPLS TableIn Out
(3, 56) (5, 3)
Destination
Egress Routing TableNext Hop
134.5/16
200.3.2/24
134.5.6.1
200.3.2.1
200.3.2.7
99200.3.2.7
200.3.2.756200.3.2.7
3
2 3 5
BGP Next Hop
192.168.2.1
192.168.2.1
Lo0:192.168.2.1
Copyright © 2003, Juniper Networks, Inc.
Test for Understanding
What label value does the egress LSR for the tunneling LSP signal to the penultimate LSR so that label 18 is popped off the top of the stack?
424224IP
181824IP
25IP24IP
56IP
Penultimate LSR
Penultimate Hop Pops LabelLabel Stacking
Tunneling LSP
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
Resource Reservation Protocol
Internet standard for resource reservation– Originally intended for IP QoS
Not a routing protocol– Transports and maintains traffic and policy parameters that
are opaque to RSVP
Simplex reservations for unicast traffic– Receiver-oriented resource allocation– Maintains soft state for graceful changes of:
Multicast membership
Routing
– Multiple reservation styles– Supports IPv4 and IPv6
Copyright © 2003, Juniper Networks, Inc.
RSVP Session
Can have simultaneous, multiple, independent sessions
– Session is data flow defined by three parameters (destination address, protocol ID, destination port)
– RSVP sessions are between hosts, not just routers– Use traceoptions to show session creation information:
R1 R4 R8 R9
RESV
PATH
IngressRouter
EgressRouter
Host
Host
May 8 13:26:42 RSVP new Session 192.168.80.1(port 17) Proto 0
May 8 13:26:42 RSVP new path state, session 192.168.80.1(port 17) Proto 0
May 8 13:26:42 RSVP new resv state, session 192.168.80.1(port 17) Proto 0
Copyright © 2003, Juniper Networks, Inc.
RSVP Messaging Protocol
RSVP message types– Path: establishes state– Resv: reserves resources– PathTear: removes path state– ResvTear: removes reservation state– PathErr: error message sent upstream to sender– ResvErr: establishes blockade state– ResvConf: message confirming reservation request
Path and resv state block data structures store soft state information
R1 R4 R8 R9
Resv
Path
IngressRouter
EgressRouter
Host Host
Establish Path State Block
Establish Resv State Block
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Traffic Engineering Extensions Path message extensions
– Mandatory: Session object: identifies that the RSVP session will be an LSP tunnel Label request object: requests LSRs to provide a label binding
– Optional: Explicit route object (ERO): specifies predetermined path, independent of
IGP path Record route object (RRO): lists the LSRs that the LSP tunnel traverses Session attribute object: aids in session identification, and also controls
path setup priority, holding priority, and local-rerouting features
Resv message extensions– Mandatory:
Label object: performs the upstream-on-demand label distribution process
Session object: uniquely identifies the LSP being established Style object: specifies the reservation style (fixed-filter or
shared-explicit)
– Optional: Record route object: returns the LSPs path to the sender of the path
message
Copyright © 2003, Juniper Networks, Inc.
Path Message
RSVP path message– Explicit route is passed to R1– R1 transmits a path message addressed to R4
Label request object requests label binding ERO = {strict R2, strict R3, strict R4} (optional field) Record route object lists nodes visited (optional field) Session object identifies LSP name Session attributes controls priority, preemption, fast reroute (optional
field) Sender Tspec requests bandwidth reservation
– Each router acts on RSVP packet because of router alert option
Establish Path State Block
Establish Path State Block
Establish PathState Block
IngressLSR
EgressLSR
Explicit Route = {R1, R2, R3, R4}
PATHERO= {R2, R3, R4}
PATHERO= {R3, R4}
PATHERO= {R4}
R1 R2 R3 R4
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Resv Message
IngressLSR
EgressLSR
R1 R2 R3 R4RESV
Label = 20
RESV
Label = 3
RESV
Label = 17
MPLS TableIn Out
(6, 20)(3, 17)
MPLS TableIn Out
(2, 17)IP Route
MPLS TableIn Out
(5, Pop)(2, 20)
i3 i6 i2 i5 i4i2
PenultimateLSR
Resv message– R4 transmits a resv message to R3
Label = 3 (indicates that penultimate LSR should pop header) Session object uniquely identifies the LSP Style object identifies fixed filter or shared explicit Record route object lists nodes visited (optional field)
– R3 and R2 Stores outbound label, allocates an inbound label Transmits resv message with inbound label to upstream LSR
– R1 binds label to FEC
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
Named Path via Explicit Route Object
Permits explicit path assignment– Used to specify the route RSVP path messages take for
setting up LSP
Can specify loose or strict routes– Loose routes rely on routing table to find destination– Strict routes specify the directly connected next hop– A route can have both loose and strict components
Uses ERO processing algorithm
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Named Path ERO: Strict Route
Next hop must be directly connected to previous hop
A
FE
D
C
B
IngressLSR
Egress LSR
B strictC strictE strictD strictF strict
ERO
Strict
Copyright © 2003, Juniper Networks, Inc.
Named Path ERO: Loose Route
Consult the routing table at each hop to determine the best path
A
FE
D
C
B
Egress LSR
IngressLSR
D loose
ERO
Loose
Copyright © 2003, Juniper Networks, Inc.
Named Path ERO: Strict/Loose Path
Strict and loose routes can be mixed
A
FE
D
C
B
Egress LSR
IngressLSR
C strictD looseF strict
ERO
Strict
Loose
Copyright © 2003, Juniper Networks, Inc.
Named Path Code mpls {
traffic-engineering bgp-igp;
label-switched-path Blue1 {
to 192.168.24.1;
primary one;
}
label-switched-path Blue2 {
to 192.168.12.1;
primary one;
}
path one {
192.168.20.1 loose;
}
isis {
traffic-engineering shortcuts;
interface all {
level 1 disable;
}
}
Use loopback addressinstead of interface address,so loose section of pathcan reroute if necessary
Copyright © 2003, Juniper Networks, Inc.
lab@HongKong> show mpls lsp
Ingress LSP: 2 label-switched paths
To From State Rt ActivePath P LSPname
192.168.12.1 192.168.16.1 Up 2 one * Blue2
192.168.24.1 192.168.16.1 Up 5 one * Blue1
Total 2 displayed, Up 2, Down 0
Egress RSVP: 0 sessions
Total 0 displayed, Up 0, Down 0
Transit RSVP: 0 sessions
Total 0 displayed, Up 0, Down 0
Named Path Verification
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
Constraint-Based Routing Overview (1 of 2)
Modified shortest path first algorithm Integrates TED data
– IGP topology information– Available bandwidth– Link color– Path determined according to administrative constraints of
LSP Maximum hop count Bandwidth Strict or loose routing Administrative groups Priority
Prunes non-qualifying paths then performs an SPF algorithm on remaining routes
Copyright © 2003, Juniper Networks, Inc.
Constraint-Based Routing Overview (2 of 2)
Routing Table
Extended IGP
Traffic EngineeringDatabase (TED)
UserConstraints
ConstrainedShortest Path First
Operations Performed by the Ingress LSR
1) Stores information from IGP flooding
3) Examines user-defined constraints
4) Calculates the physical path for the LSP
5) Represents path as an explicit route
6) Passes ERO to RSVP for signaling
2) Stores traffic engineering informationExplicit Route
RSVP Signaling
Copyright © 2003, Juniper Networks, Inc.
IGP Extensions
Routing Table
Extended IGP
Traffic EngineeringDatabase (TED)
UserConstraints
Constrained ShortestPath First (CSPF)
Explicit Route
RSVP Signaling
Distributes topology and traffic engineering information using IGP extensions
– Maximum reservable bandwidth– Remaining reservable bandwidth– Link administrative groups
(color) Mechanisms
– Opaque LSAs for OSPF– New TLVs for IS-IS
Copyright © 2003, Juniper Networks, Inc.
Traffic Engineering Database
Traffic engineering database– Used exclusively for calculating explicit paths for the
placement of LSPs across the physical topology– Maintains traffic engineering information learned from the
extended IGP
Contents– Up-to-date network topology information– Current reservable bandwidth of links– Link administrative groups (colors)– Link priority information
Copyright © 2003, Juniper Networks, Inc.
User Constraints
User-defined constraints appliedto path selection
– Bandwidth requirements– Hop count limitations (for fast
reroute)– Administrative groups (colors)– Priority (setup and hold)– Explicit route (strict or loose)*
* Also specified for signaled LSPs (no-cspf)
Routing Table
Extended IGP
Traffic EngineeringDatabase (TED)
UserConstraints
Constrained ShortestPath First (CSPF)
Explicit Route
RSVP Signaling
Copyright © 2003, Juniper Networks, Inc.
Constrained Shortest Path First
Routing Table
Extended IGP
Traffic EngineeringDatabase (TED)
UserConstraints
Constrained ShortestPath First (CSPF)
Explicit Route
RSVP Signaling
For LSP = (highest priority) to (lowest priority)
– Prune links with insufficient bandwidth
– Prune links that do not contain an included color
– Prune links that contain an excluded color
– Calculate shortest path from ingress to egress consistent with ERO
– Select among equal-cost paths (least hop, then fill)
– Pass explicit route to RSVP
End for
Copyright © 2003, Juniper Networks, Inc.
RSVP Signaling
RSVP signaling– Explicit route calculated by CSPF is handed to RSVP
RSVP is unaware of how the ERO was calculated
– RSVP establishes LSP Path: Establishes state and requests label assignment
Resv: Distributes labels and reserves resources
EgressLSR
CSPF
PATHPATH
RESVRESVIngress
LSR
RSVP
ERO
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
Administrative Groups (1 of 7)
Administrative groups– Thirty-two named groups, 0 through 31—carried as
32-bit value in IGP updates– Groups assigned to interfaces
SanFrancisco
Gold
Bronze
Silver
Copyright © 2003, Juniper Networks, Inc.
Administrative Groups (2 of 7)
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 00 0 0 0 0 0 01 1 0
Administrative groups
– Colors advertised on a per-link basis via IGP: 0xC000000E
– Colors on router: internal management, bronze, silver, gold
Copyright © 2003, Juniper Networks, Inc.
[edit protocols]mpls {
admin-groups {good 1;silver 2;bronze 3;management 30;internal 31;
}interface so-0/0/0 {
admin-group [ good management ]}interface so-0/1/0 {
admin-group silver;}interface so-0/2/0 {
admin-group good;}interface so-0/3/0 {
admin-group good;}
}
Administrative Groups (3 of 7)
Copyright © 2003, Juniper Networks, Inc.
CSPF can include and exclude groups in automatic path calculation
Logical groupings are supported
mpls {label-switched-path to-miami {
to 1.1.1.1;primary use-fargo {
admin-group {include gold;exclude [ bronze silver ]
}}
}path use-fargo {
10.0.1.2 loose;}
}
Administrative Groups (4 of 7)
Logical AND
Logical OR
Copyright © 2003, Juniper Networks, Inc.
Administrative Groups (5 of 7)
A-D-H has the lowest IGP metric—4
C
D
E
F
G
H
B
A
I1
2
3
4
1
3
51
56
2
3
2
3
Copyright © 2003, Juniper Networks, Inc.
Administrative Groups (6 of 7)
Choose the path from A to H using:admin group {
include [copper bronze];
exclude admin;
}
C
D
E
F
G
H
B
A
I
Copper
Copper Copper
BronzeBro
nze
AdminBronze
Bronze
Gold
Copper
Admin
Silver
Gold
Ad
min
Copp
er
1
2
3
4
1
31
36
2
3
2
1
6
5
Copyright © 2003, Juniper Networks, Inc.
Administrative Groups (7 of 7)
C
D
E
F
G
H
B
A
I
Copper
Copper Copper
BronzeBro
nze
AdminBronze
Bronze
Gold
Copper
Admin
Silver
Gold
Ad
min
Copp
er
1
2
3
4
1
31
36
2
3
2
1
6
5
A-D-E-G-I-H is the shortest path excluding the admin class and including copper or bronze
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
Fast-Reroute Overview
Short-term solution to reduce packet loss—if node or link fails, upstream node:
– Immediately detours– Signals failure to ingress LSR
Ingress LSR knows traffic engineering constraints– Ingress router computes alternate route based on configured
secondary paths; tries to reestablish primary path– Initiates long-term reroute solution– By default, reroute paths inherit administrative groups only—
no other parameters
Copyright © 2003, Juniper Networks, Inc.
Fast-Reroute Operation
Fast reroute in operation:– Configured on ingress router only– Detours around node or link failure
~100s of ms reroute time
– Detour paths immediately available– Uses TED to calculate detour
Copyright © 2003, Juniper Networks, Inc.
Fast-Reroute Example
Enable fast reroute on ingress LSR – SF creates detour around LA– LA creates detour around Austin– Austin creates detour around Miami
SanFrancisco
Miami
Austin
Los Angeles
New York
Fargo
Copyright © 2003, Juniper Networks, Inc.
Fast-Reroute Example: Short Term
LA to Austin link fails – LA immediately detours around Austin– LA signals to SF that failure occurred
SanFrancisco
Miami
Austin
Los Angeles
New York
Fargo
Copyright © 2003, Juniper Networks, Inc.
Fast-Reroute Example: Long Term
SF fails over to secondary path
SanFrancisco
Miami
Austin
Los Angeles
New York
Fargo
Copyright © 2003, Juniper Networks, Inc.
protocols mpls
label-switched-path Tom {
to 192.168.24.1;
primary top;
secondary bottom {
bandwidth 75m;
priority 5 5;
standby;
}
fast-reroute;
}
Fast Reroute
…protocols mpls
path top {
192.168.0.1 loose;
192.168.2.1 loose;
}
path bottom {
192.168.8.1 loose;
192.168.12.1 loose;
}
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
Circuit Cross-Connect Overview
Connects two Layer 2 circuits– Supports:
PPP, Cisco HDLC, Frame Relay, ATM, and VLAN 802.1Q
– Based on Layer 2 circuit ID Carries any protocol
Connects only like interfaces (for example, Frame Relay to Frame Relay, or ATM to ATM)
Three types of cross-connects:– Layer 2 switching– MPLS tunneling– Stitching MPLS LSPs
Copyright © 2003, Juniper Networks, Inc.
CCC MPLS Interface Tunneling (1 of 2)
Transports packets from one interface through an MPLS LSP to a remote interface
– Supports tunneling between two like interfaces, such as ATM, Frame Relay, PPP, and Cisco HDLC connections
– Bridges Layer 2 packets from end to end
ATM operation
A BATM VC 514 ATM VC 590
M20MPLS LSP
ATM Access Network ATM Access NetworkIP Backbone
M40
Copyright © 2003, Juniper Networks, Inc.
CCC MPLS Interface Tunneling (2 of 2)
[edit protocols]
user@M40# show
connections {
remote-interface-switch m40-to-m20
interface at-7/1/1.514;
transmit-lsp lsp1;
receive-lsp lsp2;
}
[edit protocols] user@M20# show connections { remote-interface-switch m20-
to-m40 interface at-3/0/1.590; transmit-lsp lsp2; receive-lsp lsp1; }
A BATM VC 514 ATM VC 590
M20MPLS LSP1
ATM Access Network ATM Access NetworkIP Backbone
M40MPLS LSP2
at-7/1/1.514 at-3/0/1.590
Copyright © 2003, Juniper Networks, Inc.
Special Caveats for CCC
VLAN CCC caveats– VLAN tagging at physical interface
VLAN 0-511 on unit with ccc-encap support 802.1Q VLAN VLAN 512-4094 only VLAN IDs that support CCC GE PICs must be Rev B
– Frame Relay: encapsulates frame-relay-ccc at physical interface
DLCI 1-511 on unit is normal Frame Relay DLCI 512-1022 on unit is CCC Frame Relay
– Layer 2 switching cross-connect: PPP and HDLC must be unit 0
– ATM: cannot configure family on unit if atm-ccc-vc-mux encapsulation is set
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
Purpose of LDP (1 of 2)
Creates forwarding equivalence class– A group of IP packets which are forwarded in the same
manner (RFC 3031) Manages LSP to egress router
– New concept LDP associates the FEC with each LSP it creates
– Solves problems Enables VPNs
Allows traffic class mapping
Copyright © 2003, Juniper Networks, Inc.
Purpose of LDP (2 of 2)
LDP creates an LSP tree for each FEC from every possible ingress router to egress router
C
D
E
F
G
H
B
A
I
Egress
LDP LSP
RSVP LSP
Only one LDP LSP,
while four RSVP
LSPs
Copyright © 2003, Juniper Networks, Inc.
Label Distribution Protocol (1 of 2)
Distributes label binding information– Runs on LSRs in conjunction with IP routing protocols – Labels are periodically refreshed
LDP messages types– Discovery: locates potential LDP peers– Session: manages peer-to-peer TCP sessions– Advertisement: creates, changes, or deletes label mappings– Notification: provides advisory information
UpstreamLDP Peer
DownstreamLDP Peer
TCP Session Establishment
Initialization Messages
Label Request Messages
Discovery (Hello messages)
Label Mapping Messages
Session
Advertisement
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Label Distribution Protocol (2 of 2)
LDP label mapping– Downstream peer assigns labels – Benefits
Traffic engineering information is not piggybacked on routing protocols
– Limitations LSPs follow the conventional IGP path Does not support explicit routing
Net: 10.0.0.0
Net: 11.0.0.0
Label: 53
UpstreamLDP Peer
DownstreamLDP PeerrLSR
i3i2i5i4i1i3
Net: 11.0.0.0Net: 10.0.0.0
Label: 52
(3, 29)
Net: 10.0.0.0 Label: 29
MPLS TableIn Out
(2, 52)
MPLS TableIn Out
(1, 17)
MPLS TableIn Out
(5, 52)
ReceiveOutgoing
Label(4, 17)
Net: 11.0.0.0Net: 10.0.0.0
Label: 17
AdvertiseIncoming
Label(3, 35)
Net: 11.0.0.0 Label: 29
i4
i1
Copyright © 2003, Juniper Networks, Inc.
LDP Tunneling through RSVP-TE LSP (1 of 2)
protocols {
mpls {
label-switched-path lsp-path-name {
from source;
to destination;
ldp-tunneling;
}
}
}
Router A Router B
RSVP
LDP LDP
Copyright © 2003, Juniper Networks, Inc.
LDP Tunneling through RSVP-TE LSP (2 of 2)
LDP
LDPLDP
LDP
RSVP
RSVP RSVP
RSVP
Copyright © 2003, Juniper Networks, Inc.
Agenda: MPLS Review
Basic Review of MPLS High-Level Overview of Traffic Engineering MPLS Terminology Resource Reservation Protocol Named Path via Explicit Route Objects Constraint-Based Routing Overview Administrative Groups Fast Reroute Circuit Cross-Connect Overview Label Distribution Protocol Basic MPLS Configuration Summary
Copyright © 2003, Juniper Networks, Inc.
Basic MPLS Configuration Summary
MPLS configuration summary
– Configure MPLS and RSVP protocols
– Configure family MPLS on interfaces
– Configure an LSP
– Configure basic IP stuff (for example, addresses and protocols)
Copyright © 2003, Juniper Networks, Inc.
Basic RSVP-Signaled LSP
[EDIT]#
Lab@host#set protocols mpls interface all
Lab@host#set protocols rsvp interface all
Lab@host#set interface IN-#/#/# unit 0 family mpls
Lab@host#set protocols mpls label-switched-path TOM to IP address no-cspf
Copyright © 2003, Juniper Networks, Inc.
Displaying MPLS LSPs
lab@SanFrancisco> show mpls lsp
Ingress LSP: 1 label-switched paths
To From State Rt ActivePath P LSPname
192.168.8.1 192.168.2.1 Up 1 se-gold * sf-to-ny
Total 1 displayed, Up 1, Down 0
Egress RSVP: 2 sessions, 1 detours
To From State Rt Style Labelin Labelout LSPname
192.168.2.1 192.168.8.1 Up 0 1 FF 3 - NYC-to-SF
192.168.2.1 192.168.8.1 Up 0 1 FF 3 - NYC2-to-SF
Total 2 displayed, Up 2, Down 0
Transit RSVP: 0 sessions
Total 0 displayed, Up 0, Down 0
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Displaying Additional MPLS Information
lab@SanFrancisco> show mpls lsp extensive
Ingress LSP: 1 label-switched paths
192.168.8.1
From: 192.168.2.1, State: Up, ActiveRoute: 1, LSPname: sf-to-ny
ActivePath: use-gold (primary)
LoadBalance: Random
*Primary use-gold State: Up
Include: gold
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 30)
10.0.5.2 S 10.0.7.2 S 10.0.9.2 S
102 Jan 5 12:12:28 Selected as active path
101 Jan 5 12:11:58 Record Route: 10.0.5.2 S 10.0.7.2 S 10.0.9.2 S
100 Jan 5 12:11:58 Up
99 Jan 5 12:11:58 Clear Call
98 Jan 5 12:11:58 CSPF: computation result accepted
97 Jan 5 12:11:43 Record Route: 10.0.3.1 S 10.0.1.2 S 10.0.14.1 S
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Displaying the MPLS Switching Table
lab@Montreal>show route table mpls.0
mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0 *[MPLS/0] 02:47:47, metric 1
Receive
1 *[MPLS/0] 02:47:47, metric 1
Receive
100003 *[RSVP/7] 00:00:53, metric 1
> to 10.0.24.2 via fe-0/0/2.0, label-switched-path HK-AM1
100003(S=0) *[RSVP/7] 00:00:53, metric 1
> to 10.0.24.2 via fe-0/0/2.0, label-switched-path HK-AM1
100004 *[RSVP/7] 00:00:53, metric 1
> to 10.0.24.2 via fe-0/0/2.0, label-switched-path HK-AM1
100004(S=0) *[RSVP/7] 00:00:53, metric 1
> to 10.0.24.2 via fe-0/0/2.0, label-switched-path HK-AM1
Copyright © 2003, Juniper Networks, Inc.
Displaying RSVP Session Informationlab@SanFrancisco> show rsvp session
Ingress RSVP: 2 sessions
To From State Rt Style Labelin Labelout LSPname
192.168.8.1 192.168.2.1 Up 1 1 FF - 100010 sf-to-ny
192.168.8.1 192.168.2.1 Up 0 1 FF - 100058 sf-to-ny
Total 2 displayed, Up 2, Down 0
Egress RSVP: 2 sessions, 1 detours
To From State Rt Style Labelin Labelout LSPname
192.168.2.1 192.168.8.1 Up 0 1 FF 3 - NYC-to-SF
192.168.2.1 192.168.8.1 Up 0 1 FF 3 - NYC2-to-SF
Total 2 displayed, Up 2, Down 0
Transit RSVP: 0 sessions
Total 0 displayed, Up 0, Down 0
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc.
Displaying Neighbor Information
lab@SanFrancisco> show rsvp neighbor
RSVP neighbor: 3 learned
Address Idle Up/Dn LastChange HelloInt HelloTx/Rx MsgRcvd MsgType
10.0.3.1 0 1/0 5:35:37 3 29326/6556 850 Path,Resv
10.0.4.2 0 1/0 2w1d 22:54:25 3 448522/448391 61407 Path,Resv
10.0.5.2 5 1/0 5:35:42 3 29316/6557 30587 Path,Resv
Copyright © 2003, Juniper Networks, Inc.
Displaying RSVP-Enabled Interfaces
lab@SanFrancisco> show rsvp interface
RSVP interface: 3 active
Active Subscr- Static Available Reserved Highwater
Interface State resv iption BW BW BW mark
fxp0.0 Up 0 100% 100Mbps 100Mbps 0bps 0bps
fe-0/0/2.0 Up 0 100% 100Mbps 100Mbps 0bps 0bps
ge-0/1/0.0 Up 0 100% 1000Mbps 1000Mbps 0bps 0bps
Copyright © 2003, Juniper Networks, Inc.
Next Hop Resolution
Denver DC
NY
192.168.16.1
192.168.1.1 192.168.4.1
192.168.24.1SF
10.0.24/30.1
.2
10.0.1/30 .2.1
10.0.16/30.2
.1
134.112/16E-BGP
134.112/16I-BGP
Boston
AS2NJ
10.0
.29/
30
.1
210561021
Dallas 192.168.8.1 .1.210.0.20/30
10.0.21/30
.1
.2
AS64512Configure nexthop self
LSP SF-to-NY lo0 192.168.24.1
lab@SF> show route 192.168.24.1 inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) 192.168.24.1/32 *[IS-IS/18] 00:26:50, metric 30, tag 2 > to 10.0.16.2 via fe-0/0/0.0 inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) 192.168.24.1/32 *[RSVP/7] 00:00:53, metric 0 > to 10.0.16.2 via fe-0/0/0.0, label-switched-path to_ny
Copyright © 2003, Juniper Networks, Inc.
Using traceroute to Prove LSP Works
lab@SF> traceroute 134.112.1.1
traceroute to 134.112.1.1 (134.112.1.1), 30 hops max, 40 byte packets
1 10.0.16.2 (10.0.16.2) 0.766 ms 0.662 ms 0.612 ms
MPLS Label=1056 CoS=0 TTL=1 S=1
2 10.0.1.2 (10.0.1.2) 0.709 ms 0.654 ms 0.738 ms
MPLS Label=1021 CoS=0 TTL=1 S=1
3 10.0.24.2 (10.0.24.2) 0.648 ms 0.632 ms 0.610 ms
.
.
.
Copyright © 2003, Juniper Networks, Inc.
Module Review
1. What are the main benefits of MPLS?
2. How does traffic engineering differ from plain MPLS?
3. Can you describe basic RSVP operation?
4. What is the advantage of using fast reroute?
5. Can you describe the basic operation of LDP?
6. What commands can you use to monitor the operational status of LSPs on Juniper Networks M-series and T-series routers?
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Advanced VPNs
Module 11: Layer 3 VPNs
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you will be able to:
– Define the roles of P, PE, and CE routers– Describe the format of VPN-IPv4 addresses– Explain the role of the route distinguisher– Describe the flow of RFC 2547bis control information– Explain the operation of the RFC 2547bis forwarding plane
Copyright © 2003, Juniper Networks, Inc.
Agenda: Layer 3 MPLS VPNs
RFC 2547bis Terminology
VPN-IPv4 Address Structure
Operational Characteristics– Policy-Based Routing Information Exchange
– Traffic Forwarding
Copyright © 2003, Juniper Networks, Inc.
Agenda: Layer 3 MPLS VPNs
RFC 2547bis Terminology VPN-IPv4 Address Structure Operational Characteristics
– Policy-Based Routing Information Exchange– Traffic Forwarding
Copyright © 2003, Juniper Networks, Inc.
Customer Edge Routers
Customer edge (CE) routers – Located at customer premises – Provide access to the service provider network– Can use any access technology or routing protocol for the
CE/PE connection
CEPP
PE
PE
CE
Customer Edge
CE
CE
PE
VPN AVPN A
VPN B VPN B
Copyright © 2003, Juniper Networks, Inc.
Provider Edge Routers
Provider edge (PE) routers– Maintain VPN-specific forwarding tables– Exchange VPN routing information with other PE routers
using BGP– Use MPLS LSPs to forward VPN traffic
CEPP
PE
PE
CE
Provider Edge
CE
CE
PE
VPN AVPN A
VPN B VPN B
Copyright © 2003, Juniper Networks, Inc.
Provider Routers
Provider (P) routers – Forward VPN data transparently over established LSPs– Do not maintain VPN-specific routing information
CEPP
PE
PE
CE
Provider Routers
CE
CE
PE
VPN AVPN A
VPN B VPN B
Copyright © 2003, Juniper Networks, Inc.
VPN Sites
A site is a collection of machines that can communicate without traversing the service provider backbone
Each VPN site is mapped to a PE router interface – Routing information is stored in different tables for each
site
VPN Site
CEPP
PE
PE
CE
CE
CE
PE
VPN AVPN A
VPN B VPN B
Copyright © 2003, Juniper Networks, Inc.
VPN Routing and Forwarding Tables
P
P
P PE 2
VPN ASite 3
VPN ASite 1
VPN BSite 2
VPN BSite 1
PE 1
PE 3
VPN ASite 2
CE–A1
CE–B1CE–A3
CE–A2
CE–B2
P
VPN BSite 3
CE–B3CE–C1
VPN CSite 1
VPN CSite 2
CE–C2
A VRF is createdfor each site
connected to the PE
OSPF OSPF RoutingRouting
Static Static RoutingRouting
BGP BGP RoutingRouting
Copyright © 2003, Juniper Networks, Inc.
VRFs
Each VRF is populated with:– Routes received from directly connected CE sites associated
with the VRF– Routes received from other PE routers with acceptable
MP-BGP attributes
Packets from a given site are only matched against the site’s corresponding VRF
– Provides isolation between VPNs
Copyright © 2003, Juniper Networks, Inc.
Agenda: Layer 3 MPLS VPNs
RFC 2547bis Terminology
VPN-IPv4 Address Structure
Operational Characteristics
– Policy-Based Routing Information Exchange
– Traffic Forwarding
Copyright © 2003, Juniper Networks, Inc.
Overlapping Address Spaces
VPNs A and B use the same address space– PE 1 uses a separate routing table (VRF) for each VPN site– PE 2 would normally choose between the two 10.1/16 routes
– MPLS/BGP VPNs solve this problem with the route distinguisher
VPN ASite 2
VPN ASite 1
VPN BSite 1
PE 1
CE–A1
CE–B1
CE–A2
VPN BSite 2
CE–B2
10.1/16
10.1/16
PE 2
10.1/16
10.1/16
?
Copyright © 2003, Juniper Networks, Inc.
Route Distinguisher
VPN-IPv4 NLRI Format
VPN-IPv4 address family – New BGP-4 sub-address family identifier (SAFI 128)
Consists of MPLS label + route distinguisher + subscriber IPv4 prefix
– Route distinguisher disambiguates IPv4 addresses Allows service provider to administer its own numbering space
VPN-IPv4 addresses are distributed by MP-BGP– Uses multiprotocol extensions for BGP4 (RFC 2283)
A /32 IPv4 prefix produces a mask of /120 (15 octets)– JUNOS software CLI displays (and the examples in this class)
only show IPv4 prefix length (that is, /32)
Type AdministratorAssignedNumber Subscriber IPv4 Prefix
(2 bytes)(variablelength)
(variablelength)
(0–4 bytes)
MPLS Label
(3 bytes)
Mask
(1 byte)
Copyright © 2003, Juniper Networks, Inc.
Route Distinguisher Formats
Two values are defined for type field: 0 and 1– Type 0: adm field = 2 bytes, AN field = 4 bytes
Adm field should contain an autonomous system number (ASN) from IANA
AN field is a number assigned by service provider
– Type 1: adm field = 4 bytes, AN field = 2 bytes Administration field should contain an IP address assigned by IANA Assigned number field is a number assigned by service provider
– Examples: 10458:22:10.1.0.0/16 or 1.1.1.1:33:10.1.0.0/16
2-Byte Type Field: determines the lengths of the other two fields
Administration Field: identifies the assigned number authority
Assigned Number Field: number assigned by the identified authority for a particular purpose
(Type) (Adm) (AN)
8-Byte Route Distinguisher 4-Byte IP Address
Copyright © 2003, Juniper Networks, Inc.
The VPN-IPv4 Address Family
Route distinguisher disambiguates IPv4 addresses VPN-IPv4 routes
– Ingress PE router prepends route distinguisher to IPv4 prefix of routes received from each CE device
– VPN-IPv4 routes are exchanged between PE routers using MP-BGP
– Egress PE router converts VPN-IPv4 routes into IPv4 routes before inserting into site’s routing table (VRF)
VPN-IPv4 is used only in the control plane– Data plane uses MPLS-encapsulated IPv4 packets
Copyright © 2003, Juniper Networks, Inc.
Using Route Distinguishers to Disambiguate Addresses
The overlapping routes from A and B cannot be compared as they have unique route distinguishers
VPN ASite 2
VPN ASite 1
VPN BSite 1
PE 1
CE–A1
CE–B1
CE–A2
VPN BSite 2
CE–B2
10.1/16
10.1/16
PE 2
10458:22:10.1/16
10458:23:10.1/16
Copyright © 2003, Juniper Networks, Inc.
Agenda: Layer 3 MPLS VPNs
RFC 2547bis Terminology
VPN-IPv4 Address Structure
Operational Characteristics
– Policy-Based Routing Information Exchange
– Traffic Forwarding
Copyright © 2003, Juniper Networks, Inc.
2547bis: Operational Overview
Control flow (signaling plane)– Routing information exchange between CE and PE routers
Independent at both ends
– Routing information exchange between PE routers– LSP establishment between PE routers (RSVP or LDP signaling)
Data flow (forwarding plane)– Forwarding user traffic
P
P
P
PE 2
VPN ASite 3
VPN ASite 1 VPN B
Site 2
VPN BSite 1
PE 1
PE 3
VPN ASite 2
CE–A1
CE–B1 CE–A3
CE–A2
CE–B2
P
Copyright © 2003, Juniper Networks, Inc.
RFC 2547bis Policies
VPNs defined by administrative policies– Used for connectivity and QoS guarantees– Defined by customers– Implemented by service providers
Full-mesh or hub-and-spoke connectivity– Logical VPN topology results from the application of export
and import route target policies
Copyright © 2003, Juniper Networks, Inc.
PE-PE Route Distribution
Distribution of routes is controlled by BGP extended community attributes and VRF policy
– Route target Identifies a set of VRFs to which a PE router distributes routes
– Site of origin/route origin Identifies the specific site from which a PE router learns a route
Structured similarly to the route distinguisher– 8 bytes in length
2-byte type field, 6-byte value field
– Type 0 2-byte global administrator subfield (ASN) 4-byte local administrator subfield
– Type 1 4-byte global administrator subfield (IANA-assigned IP Address) 2-byte local administrator subfield
Copyright © 2003, Juniper Networks, Inc.
Route Target Extended Community
Each VPN-IPv4 route advertised through MP-BGP is associated with a route target community
– Export policy or explicit configuration define the targets associated with routes a PE router sends
Upon receipt of a VPN-IPv4 route, a PE router decides whether to add that route to a VRF
– Import policies or explicit configuration define which routes to add to a given VRF
Route isolation between VRFs is accomplished through careful policy administration
– Service provider provisioning tools can determine the appropriate export and import targets automatically
Copyright © 2003, Juniper Networks, Inc.
Exchange of Routing Information (1 of 7)
CE device advertises route to PE router– Using traditional routing techniques (for example, OSPF,
RIP, BGP, and static routes)
PE-2
CE-4
PE-1MP-IBGP Session CE-2
CE-3
CE-1
10.1/16
OSPF
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
1
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
IPv4 address is added to the appropriate VRF
PE-2
CE-4
PE-1
MP-IBGP Session CE-2
CE-3
CE-1
10.1/16
OSPF
10458:23:10.1/16
Exchange of Routing Information (2 of 7)
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
2
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
VRF is configured to advertise the routes in the VRF as L3VPN routes using MP-BGP
– VRF configuration adds “VPN RED” route target community
PE-2
CE-4
PE-1
MP-IBGP Session CE-2
CE-3
CE-1
10.1/16
OSPF
Exchange of Routing Information (3 of 7)
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
10458:23:10.1/16
“VPN RED” Export3
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
VPN-IPv4 NLRI is advertised to other PE routers– Inner label (a.k.a VRF label, BGP label)– Extended communities
Route target
Site of origin
– BGP next hop (RID of advertising PE router)
PE-2
CE-4
PE-1
MP-IBGP Session CE-2
CE-3
CE-1
OSPF
10458:23:10.1/16“VPN RED” ExportLabel Z Next Hop PE-2
10.1/16
Exchange of Routing Information (4 of 7)
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
4
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Each PE router is configured with import route targets– Import route target is used to incorporate VPN-IPv4 routes
into VRFs selectively If import route target matches route target attribute in BGP route, the
route is installed into the bgp.l3vpn table and copied into appropriate VRF(s)
Based on configured route target or import policies, 10458:23:10.1/16 is copied into the red VRF but not the blue VRF
“VPN RED” Import MBGP
PE-2
CE-4
PE-1
MP-IBGP Session CE-2
CE-3
CE-1
OSPF
10458:23:10.1/16“VPN RED” ExportLabel Z Next Hop PE-2
10.1/16
Exchange of Routing Information (5 of 7)
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
5
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Each VPN-IPv4 route in a VRF is associated with:– Inner (VRF) label to reach the advertised NLRI (carried in
MP-BGP update)– Outer label to reach the PE router
All routes associated with the same VRF interface can share a common label
10458:23:10.1/16
BGP Label (Inner) Label (Z)MPLS (Outer) Label (y)
“VPN RED” Import MBGP
PE-2
CE-4
PE-1
MP-IBGP Session CE-2
CE-3
CE-1
OSPF
10458:23:10.1/16“VPN RED” ExportLabel Z Next Hop PE-2
10.1/16
Exchange of Routing Information (6 of 7)
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
6
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Each IPv4 route installed in a VRF can be advertised to the CEs associated with that VRF
– For example, RIP, OSPF, and BGP– Routing policy can be used on the PE-CE link to control
the exchange of routing information further
10.1/16 Next Hop PE1
PE-2
CE-4
PE-1
MP-IBGP Session CE-2
CE-3
CE-1
Exchange of Routing Information (7 of 7)
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
7
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Agenda: Layer 3 MPLS VPNs
RFC 2547bis Terminology
VPN-IPv4 Address Structure
Operational Characteristics
– Policy-Based Routing Information Exchange
Traffic Forwarding
Copyright © 2003, Juniper Networks, Inc.
Data Flow (1 of 7)
The PE-to-PE LSP must be in place before forwarding data across the MPLS backbone
– LSPs are signaled through LDP or RSVP
PE-2
CE-4
PE-1
CE-2
CE-3
CE-1
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
LSP
10.1/16
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Data Flow (2 of 7)
The CE device performs a traditional IPv4 lookup and sends packets to the PE router
IP10.1.2.3
PE-2
CE-4
PE-1
CE-2
CE-3
CE-1
10.1/16
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Data Flow (3 of 7)
The PE router consults the appropriate VRF for the inbound interface
Two labels are derived from the VRF route lookup and are pushed onto the packet
IP10.1.2.3
PE-2
CE-4
PE-1
CE-2
CE-3
CE-1
PE-1 1) Look up route in Red VRF2) Push BGP label (z)3) Push outer label (x)
10.1/16
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Data Flow (4 of 7)
Packets are forwarded using two-level label stack– Outer (MPLS) label
Identifies the LSP to egress PE router Resolves BGP next hop through inet.3 Distributed by RSVP or LDP
– Inner (MP-BGP) label Identifies outgoing interface from egress PE to CE Communicated in MP-BGP updates (control plane)
IP10.1.2.3
PE-2
CE-4
PE-1
CE-2
CE-3
CE-1
PE-1 1) Look up route in Red VRF2) Push BGP label (z)3) Push outer label (x)
IP10.1.2.3
BGP label (z)
outer label (x)
10.1/16
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Data Flow (5 of 7)
After packets exit the ingress PE router, the outer label is used to traverse the service provider
– P routers are not VPN-aware
PE-2
CE-4
PE-1
CE-2
CE-3
CE-1
IP10.1.2.3
BGP label (z)
outer label (x)
10.1/16
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Data Flow (6 of 7)
Penultimate hop popping (before reaching the egress PE router) removes the outer label
PE-2
CE-4
PE-1
CE-2
CE-3
CE-1
IP10.1.2.3
BGP label (z)
PenultimatePop top label
10.1/16
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Data Flow (7 of 7)
The inner label is removed at the egress PE router The native IPv4 packet is sent to the outbound
interface associated with the label
PE-2
CE-4
PE-1
CE-2
CE-3
CE-1
IP10.1.2.3
10.1/16
VPN ASite 1
VPN BSite 1
VPN BSite 2
VPN ASite 2
VRF
VRF
VRF
VRF
Copyright © 2003, Juniper Networks, Inc.
Module Review
1. Can you define the roles of P, PE, and CE routers?
2. What is the format of VPN-IPv4 addresses?
3. What is the role of the route distinguisher?
4. Can you describe the flow of 2547bis control information?
5. Can you explain the operation of the 2547bis forwarding plane?
Copyright © 2003, Juniper Networks, Inc.
Copyright © 2003, Juniper Networks, Inc. IJNR-6.b.6.1.2
Introduction to Juniper Networks Routers
Module 12: Routing Policy
Copyright © 2003, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you will be able to:
– State the purpose of routing policy– Explain the difference between import and export policies– Describe the default policy for OSPF, IS-IS, and BGP– Compare route filter match types– Write multiterm policies– Correctly apply policy to BGP– Use the CLI to monitor policy operation– Describe advanced policy capabilities
Copyright © 2003, Juniper Networks, Inc.
Routing Policy
Where we are going…– Overview– When to use policy– Import vs. export policy– Routing policy flow– Generic policy syntax– Match conditions– Match actions– Default policies– Policy examples– Applying policy– Route filters– Advanced policy overview
Copyright © 2003, Juniper Networks, Inc.
Policy Overview
Controls routing information transferred into and out of the routing table
– Can ignore or change incoming routing information – Can suppress or change outgoing routing information
Policies are made up of match/action pairs – Match conditions can be protocol specific
Copyright © 2003, Juniper Networks, Inc.
When to Apply Policy
Apply policy when:– You do not want to import all learned routes into the routing
table– You do not want to advertise all learned routes to
neighboring routers– You want one protocol to receive routes from another
protocol– You want to modify information associated with a route
Copyright © 2003, Juniper Networks, Inc.
Import and Export Policies
Perform policy filtering with respect to the JUNOS software routing table
– JUNOS software applies import policy prior to inclusion in the routing table
– JUNOS software applies export policy only to active routes in the routing table
Neighbors
Protocol
RoutingTable
ForwardingTable
Neighbors
Protocol
ImportRoutes Routes
PFE
Export
Copyright © 2003, Juniper Networks, Inc.
Routing Policy Flow Policies can be chained together Evaluation normally proceeds left to right until a
terminating action is reached– Terminating actions are accept or reject
Individual policies can contain a collection of terms– Flow control actions such as next-policy supported
RouteRoute
Term ATerm AAccept
or Reject
Term BTerm B
Term CTerm C
Acceptor Reject
Acceptor Reject
Policy 1
Term ATerm AAccept
or Reject
Term BTerm B
Term CTerm C
Acceptor Reject
Acceptor Reject
Policy 2
Term ATerm AAccept
or Reject
DefaultPolicy
DefaultPolicy
Policy n
Accept
Reject
Copyright © 2003, Juniper Networks, Inc.
Generic Policy Syntax
Basic policy syntax:
policy-options {policy-statement policy-name {
term term-name {from {
match-conditions;}then {
action;}
}}
}
A policycan have multiple
terms
Copyright © 2003, Juniper Networks, Inc.
Match Conditions
Policies typically contain some form of match criterion Possibilities include:
– Neighbor address– Protocol (source of information)
BGP, direct, DVMRP, IS-IS, local, MPLS, OSPF, PIM, RIP, static, aggregate
– Routing protocol information OSPF area ID
IS-IS level number
BGP attributes
– Regular expression-based matches for AS path and communities
Copyright © 2003, Juniper Networks, Inc.
Match Actions
The action associated with a given term/policy is performed for matching routes:
– Terminating actions Accept route
Reject (or suppress) route
– Flow control actions Skip to next policy
Skip to next term
– Modify attributes actions Metric
Preference
Color
Next-hop address
Copyright © 2003, Juniper Networks, Inc.
Default Policies Every protocol has a default policy
– The default policy is applied implicitly at the end of the policy chain; can be overridden with default-action statement
IS-IS and OSPF– Import: Accept all routes learned from that protocol
Technically, accept all LSPs/LSAs flooded by that protocol
– Export: Reject everything LSP/LSA flooding announces (IS-IS/OSPF) learned and local routes
RIP– Import all learned RIP routes, export nothing
RIP requires export policy to announce RIP (or other) routes
BGP– Import all routes learned from BGP neighbors– Export all active routes learned from BGP neighbors to all BGP
neighbors EBGP-learned routes are exported to all BGP peers IBGP-learned routes are exported to all EBGP peers (assumes logical IBGP full
mesh)
Copyright © 2003, Juniper Networks, Inc.
[edit policy-options]user@host# show policy-statement advertise-ospf term pick-ospf { from protocol ospf; then accept;}
[edit protocols bgp]user@host# set export advertise-ospf
Write a policy statement at the [edit policy-options] hierarchy:
Apply the policy to one or more routing protocol in the import, export, or both directions:
A Policy Example
Copyright © 2003, Juniper Networks, Inc.
[edit]user@host# show policy-options policy-statement isis-level2 { term find-level2-routes { from { protocol isis; level 2; } then accept; }}
Another Policy Example
Specifying multiple conditions in a from statement means that all criteria must match before the action is taken
Logical AND Function
Copyright © 2003, Juniper Networks, Inc.
Applying Policy
You must apply policies before they can take effect Link-state protocols (IS-IS and OSPF) have only export
filtering points BGP and RIP support both import and export policies
[edit protocols]
user@host# show
bgp {
import bgp-import;
export bgp-export;
}
ospf {
export ospf-export;
}
Copyright © 2003, Juniper Networks, Inc.
Apply Routing Policy to BGP
BGP has three filtering points per direction:– Global– Groups of neighbors– Individual neighbors
Only the most specific policies are applied to a particular peer
– Neighbor policy overrides group and global policies– Group policy overrides global policy
Copyright © 2003, Juniper Networks, Inc.
BGP Policy Application Example
[edit protocols]user@host# show bgp { export local-customers; group meganet-inc { type external; import [ martian-filter long-prefix-filter as-47-filter ]; peer-as 47; neighbor 1.2.2.4; neighbor 1.2.2.5; } group problem-child { type external; import [ as-47-filter long-prefix-filter martian-filter ]; export kill-private-addresses; peer-as 54; neighbor 1.2.2.6; neighbor 1.2.2.7; neighbor 1.2.2.8 { import [ reject-unwanted as-666-routes ]; } }}
Copyright © 2003, Juniper Networks, Inc.
Route Filters
Use route filters to match an individual route (or groups of routes)
– You can specify multiple route filters within a single term– General syntax in the form of:
route-filter prefix/prefix-length match-type actions;
Route filter evaluation has special rules according to the match type
– Match types specify different sets of routes: exact
orlonger
longer
upto
through
prefix-length-range
– Policy test function is useful for route-filter debugging
Copyright © 2003, Juniper Networks, Inc.
Route Filter Match Types (1 of 2)
exact– Match the specified prefix and mask exactly– No other routes will be included
orlonger– Match the specified prefix and mask exactly– Also match any routes that start with the same prefix and have
longer masks
longer– Do not match the specified prefix and mask exactly– Match only the routes that start with the same prefix and have
longer masks
from route-filter 192.168/16 exact;
from route-filter 192.168/16 orlonger;
from route-filter 192.168/16 longer;
Copyright © 2003, Juniper Networks, Inc.
Route Filter Match Types (2 of 2)
upto– Match the specified prefix and mask exactly– Also match any routes that start with the same prefix and
have a mask no longer than the second value specified
through– Match the first specified prefix and mask exactly– Match the second specified prefix and mask exactly– Match all prefixes directly between the two prefixes
prefix-length-range– Match only routes that start with the same prefix and have
a mask between the two values specified (inclusive match)
from route-filter 192.168/16 upto /24;
from route-filter 192.168/16 through 192.168.16/20;
from route-filter 192.168/16 prefix-length-range /20-/24;
Copyright © 2003, Juniper Networks, Inc.
Match Types SummaryGiven a starting prefix of 192.168/16, what matches with each option?
exact
……
……
192.168/16192.168/16
orlonger (down to /32)
……
……
192.168/16192.168/16
……
……
192.168/16192.168/16
……
……
192.168/16192.168/16
……
……
192.168/16192.168/16
longer (down to /32)
/x/x
/y/ythrough
……
……
192.168/16192.168/16
prefix-length-range /x-/y upto
Copyright © 2003, Juniper Networks, Inc.
Route Filter Actions
term term-name {from {
route-filter dest-prefix match-type actions;route-filter dest-prefix match-type actions;
}then actions;
}
Only one route filter in a given term can be considered a match
– Longest-match lookup is performed on the prefix being evaluated
If an action is specified to a route filter, it takes effect immediately
– The global then portion of the term is ignored If specific actions are not defined, the then portion of the term is
executed for matching prefixes
Longest- Match Lookup
Copyright © 2003, Juniper Networks, Inc.
Test Your Knowledge (1 of 2)
Which action is taken when this policy evaluates 10.0.67.43/32?
[edit policy-options policy-statement pop-quiz]
user@host# show
from {
route-filter 10.0.0.0/16 orlonger accept;
route-filter 10.0.67.0/24 orlonger;
route-filter 10.0.0.0/8 orlonger reject;
}
then {
metric 10;
accept;
}
Copyright © 2003, Juniper Networks, Inc.
Test Your Knowledge (2 of 2)
Which action is taken when this policy evaluates 10.0.55.2/32?
[edit policy-options policy-statement pop-quiz]
user@host# show
from {
route-filter 10.0.0.0/16 orlonger accept;
route-filter 10.0.67.0/24 orlonger;
route-filter 10.0.0.0/8 orlonger reject;
}
then {
metric 10;
accept;
}
Copyright © 2003, Juniper Networks, Inc.
Monitoring Policy Operation
The show route receive-protocol and show route advertising-protocol commands:
– Display routing updates received before import and after export policy processing, respectively
Filtered routes are the exception for import policy
Question: How can you monitor the effects of your import policy?
Neighbors
Protocol
RoutingTable
Neighbors
Protocol
ImportPolicy
Routes Routes
ExportPolicy
show route receive-protocol bgp neighbor
show route advertising-protocol bgp neighbor
Show routes before import policy
Shows routes after export policy
RouteFilters
Copyright © 2003, Juniper Networks, Inc.
Review Questions
1. What is the purpose of routing policy?
2. The terms import and export are based on the perspective of which entity within the router?
3. How does the default policy for OSPF differ from that of BGP?
4. What types of match conditions are supported in policy?
5. What types of match actions can you use in policy?
6. Explain the difference between applying policy at the global, group, and peer levels of BGP.
7. What command would you use to monitor the effects of your import policy?
Copyright © 2003, Juniper Networks, Inc.
Lab 5: Routing Policy
Lab Objective:Configure routing policy on your router using JUNOS software. You will complete this lab by configuring a policy to the RIP configuration
left in place from the last lab.