Juniper Summer School

Routing

August 2009

*** OFFTOPIC: ***

JNCIE-ER
* JN0-342
* 60 questions
* 70%minimum to pass

*** Juniper Networks Enterprise Routers ***

Junos :)
* lauched in 1998
* "The power of One"
- one OS
- one Release
- one Architecture

* Architecture (SW&HW)
- Control Plane
* a PC with BSD on which Junos runs
* CLI
* Routing Engine
- routing protocols -> routing table -> forwarding table
- one ore more real-time OS threads
- main objective: generate FT and send it to the PFE
- Forwarding Plane
* Packet Forwarding Engine
- basiclly Hight Performance Swich
 - based on ASICs
- haz a copy of the forwarding table
- the Control Plane had daemons
- "devide & conquer": modularity

* J-Series
- same model as M and T series
- runs real-time BSD kernel
- emulates everything:
- RE
- PFE
- Services

* Routing platforms:
- M,T,MX series
- J series
* Security platforms
- SRX Series
- J Series
* Switching platforms:
- EX3200, EX4200
- EX8200

* Small & Medium Enterpriese: J-Series

* Core: M-Series and T-Series
* Large Enterprise: M-Series

* M-Series
- Hardware-based forwarding
- IA-32 microprocesor

* Terminology
- RE: Routing Engine
- CB: Control Board
- PFE: Packet Forwarding Engine
- FPC: Flexible PIC Concentrator
- cFPC: compact FPC
 - PIC: Physical Interface Card
- PIM: Physical Interface Module
- FEB: Fordarding Engine Board

* M7i
- 7 = Gbps half duplex throughput
- out of band Ethernet interface: just for management
* M10i
- 2*REs
- 2*CFEBs

* Interface naming
MM-F/P/T
MM=Media type (e1,fe,ge,se,t1,t3)
F = FPC slot
P = PIC
T = port number

* Network Management
User interface
- CLI
- J-Web
Solutions
something Scope
-SNMP

*** JUNOS User Interface ***

* Getting in
- JWeb
- CLI
* from console
* from telnet/ssh
- Dedicated Ethernet port
* M series fxp0
 * EX Series me0
* User Authentification
- local database
* name & password
* individual accounts and home dir

* Authentication order
(c) authentication-order radius tacplus password

* receving REJECT != not receiving anything at all

* Authorisation
- loging class
* operator
* read-only
* super-user
* unauthorised
* CUSTOM

* Configurations
- Active configuration
(c) configure
- Candidate configuration
(c) commit
- rollback 0 = Active
- 1-49 backup active configs
(c) rollback X
backup X become candidate config
- (c) configure private - each user gets a candidate

* Junos CLI
- Operational mode
* monitor and troubleshoot (ping&palls)
* user@router>
- Configuration mode
* user@router#
- if you login as root, you get in the unix shell
* (c) cli
 - EMACS style
* ctrl+b
* ctrl+a
* ctrl+f
- spacebar completes
- ? shows posibilites
- help ~= man in UNIX
- help refernce = examples of configs
- | pipe
- match ~= grep in UNIX
- edit ~= cd in the command hierarchie
- up ~= cd ..
- top ~= cd /
- up N = N levels up
- comparing
(c) show [something] | compare rollback [N]
(c) file FILE compare FILE2
- rename, replace, copy
(c) rename interfaces ge-0/0/10 to ge-0/0/11
(c) replace pattern ge-0/0/10 with ge-0/0/11
(c) copy
- commiting
(c) commit
(c) commit check = check without commit
(c) commit confirmed = temp commit to active
(c) commit at
(c) commit comment
- save
(c) save FILENAME
- run ~= IOS's do
(c) run ping ...

* J-Web GUI
- quick configuration wizards
- configuration mainanance
- system monitoring
- manipulate files
 - install packets
- install licences

*** Installation and Initial Configuration ***

* gracefull shutdown
(c) request system halt
(w) Manage -> Reboot

* Autoinstalation
- adress acquisition (DHCP, RARP, SLARP)
- files and config (TFTP, FTP)
(c) show system autoinstalation

* Factory default
- doesn't load with a root password
(c) load factory-default
(c) set system autoinstalation interfaces/configuration-server
- DHCP server mode on built-in Einterfaces only

* stop/restart autoinstall
(ch) request system autoinstalation stop
(ch) restart autoinstalation
- hidden commands: sensitive

* Rescue configuration (J-Series)

- press the reset button for the system to load it
- if you press for more then 15-20 sec: loads factory defaults
(w) Configation -> Rescue
(c) request system configuration rescue [save | delete]
(c) rollback rescue

* Initial config Checklist

- Root pass
- Hostname
 - System time
- Domain name & DNS servers
- remote access protocols
- Management and loopback interface properties
- A default route
* Also configure
- User accounts and persmisions
- SNMP network maangement
- Interface properties

* J-Web factoty defaults

- dhcp from fe-0/0/0 or ge-0/0/0
(w) Configuration -> Quick Configuration -> Setup Wizard
(w) Configuration -> Quick Configuration -> SNMP
- view configuration
(w) Configration -> View and Edit -> View

* Initial Configuration using the CLI

- log in as root with no password
(c) cli - fomr UNIX shell to Operational Mode

(c) edit system

(c) set host-name myHostName
(c) set domain-name example.com
(c) set root-authenticasion plain-test-password
(c) set ntp server SERVER
(c) run set date 200505050504.43
(c) set name-server IP_DNS
(c) set interfaces lo0 unit 0 family inet address 10.0.0.1/32
(c) set services telnet
(c) set services ssh

(c) edit snmp cummunity COMNAME

(C) edii snmp trap

* Interface config
MM-F/P/T
 F = pim slot number
P = virtual PIM number (set to 0 for Jseries)
T = port number
- logical units = cisco's subinterfaces
- PPP and HDLC don't suport units...only has unit 0
- multiple IP addressesd on logical units
- Phsysical properties
* clocking
* crambling
* FCS
* MTU
* data link protocols, keepalives
* diagnostic charateristics
- Logical properties
* protocol family: inet, inet6, iso, mpls
* Family MTU
* Addesses (ipv6,ipv4, net)
* Interfaces on J-Web
(w) Configuration -> Quick Configuration -> Interfaces
* Interfaces on CLI
- disable
- detele disable
- deactivate: comment line in config
* Interface Groups
(c) show groups

*** Operational Monitoring and Mainenance ***

* Monitoring system operation

- memory utilisation

(w) Monitor -> System

(c) show system SOMETHING

* Front Panel Indicators

 - Status - blinks during kernel boot, green after boot, blinks red on error
- Alarm - read when major alarm; yellow on minor alarm
(c) show system uptime
(c) show system users
(c) show sysyem sofyware
(c) show system storage
(c) show system alarms
- CPU, hardware, cards
(w) Monitor -> Chassis
(c) show chassis
(c) show chassis alarms
(c) show chassis enviroment
(c) show chassis routing-engine

* Monitoring Interfaces
(w) Monitor -> Interfaces
(c) monitor interface
* restart Card
(c) request chassis fpc restart

* Monitor trafic
(c) monitor traffic

* Trace ~= debug

* System logging Facilities

- any
- authorisation
- change-log
- conflict-log
- daemon
- dfc (dynamic flow capture)
- firewall
- ftp
- interaction-commands
- kernel
* Syslog Severity Levels
- none
- debug
- info
- notice
- warning
- error
- critical
- alert
- emergency

* file keyword
- filename, facility, archive

* Trace
(c) show log FILENAME
(c) montor start FILENAME ~=tail -f
(c) monitor stop / Esc+q to suspent montor start
(c) clear log FILENAME

* License Management
- no licence=feature will work, but with messages and no support

(c) show system license keys

(w) Manage -> Licenses
(c) show system licence usages

* Maintaning JunOS Software

- primary bood device
* /dev/ad0 compact flash drive
- secomdary boot device
* usb or hdd
- domestic version: encription
- export version: 56bit enc
- SHA-1 on packages for integrety
- name convention:
* junos-jseries-8.2R2.4-domestic.tgz
 *junos-Xseries-m.nZnumber-region.tgz
- upload to /var/tmp
(c) request system software add
(w) Manage -> Software -> Install Package
(c) request system software rollback
(c) request system reboot
(c) requst system snapshot
(w) Manage -> Snapshot

* File System
/ root
/config first 3 rollbacks
/var/db/config rollback 4-49
/var/tmp

* System cleanup
(w) Manage -> Files
(c) file delete
(c) request system software delete-backup

* Password recovery
- spacebar on boot
- boot -s to boot in sigle-user mode
(c) recovery

*** Routing Protocols and Policy ***

* The Routing Table

- inet.0 unicat routes
- inet.1 mulicast fwd cache
- inet.2 MBGP
- inet.3 MPLS path information
- inet6.0 unicast routes
 - mpls.0 MPLS next hops (some sort of label switching table)
- __juniper_private1__.inet.0
- __juniper_private1__.inet6.0

- protocols:
* Direct (~=connected)
* Local
* Static
* RIP
* OSPF

- route preference (~= administrative distance)

* 32bit value
* Direct = 0
* Local = 0
* Static = 5
* OSPF Internal = 10
* RIP = 100
* Aggregate = 130
* OSPF AS external = 150
* BGP(EBGP and IBGP) = 170

(c) show route

(c) show bgp summary
(c) show bgp neighbor
(c) show ospf ALL

(c) show route extended

* Routing policy
- what does in or out to/from the RT
- Import policy Neighbor -> RT
- Export policy RT->Neighbor
-

* Routing Policy Flow

- Policy 1,2,3, Default Policy
 * term A,B,C

* route filter
(c) router-filter [dest-prefix] [match-type] [actions]
* exact
* orlonger
* longer
* upto
* prefix-lenght-range /x-/y
- longest match matches first if more route-filters
*THIS IS IMPORTANT!

(w) Configuration -> Quick Configuration -> Routing and Protocols

(w) Monitor -> Routing

* RIP
* default policy is reject
- doesn't send anything, doesn't accept anything

*** Misc Features ***

* VRRP:
- Master and Backup Routers
- Virtual router has the VIP address
- higher priority is better
- muticast on 224.0.0.18
- keepalive every 1sec
- preemption is optional

* DHCP
- Server, Client. Relay, Binding

*** OSPF ***

* 5 packet types
- hello
- Database Description
- LSR
- LSU
- LSAck

* Adjanceny Formation
- down
- 2Way
- ExStart
- Exchange
- Loading
- Full

* LSA Types
- Type 1 - Router LSA
* one per router in an area
* the router describes himselv to the area
- Type 2 - Network LSA
* when a DR is elected
- Type 3 and 4 - Summary Links
* generated by the ABR
- Type 5 - External LSA
* generated by the ASBR
- Type 7 - NSSA External Links
* generated by the ASBR

*** Services ***

* Layer 2 services
- MLPPP
- MLFR
- CRTP
* Layer 3 services
- NAT/PAT
 - Statefull firewall
- IPSec VPN
- Intrusion Detection

* Servies provided by
- AS PIC
(c) chassis fpc
- AS Module (M7i)
- JSeries software proceses
- Link Services PIC
- Tunnel PIC
* MLPPP
- Multi Link PPP
- crates virtual links
- loadlancing
(c) interfaces ls-0/0/0