Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Junos Enterprise Routing
About the Authors
About the Technical Reviewers, Second Edition
About the Lead Technical Reviewers, First Edition
Preface
What Is Enterprise Routing?
Juniper Networks Technical Certification Program (JNTCP)
How to Use This Book
What’s in This Book?
Topology of This Book
Conventions Used in This Book
Using Code Examples
Safari® Books Online
How to Contact Us
Acknowledgments
From the First Edition
From Doug Marschke
From Harry Reynolds
For the Second Edition
From Doug Marschke and Harry Reynolds
From Peter Southwick
1. Junos in the Enterprise Network
Introduction to Junos Enterprise Routing
Junos Overview
Junos Releases
CLI Review
General CLI features
Routing Features
Routing modifiers
Switching Features
Security Features
Routing Platforms
Speeds and Feeds
MX Series 3D Universal Edge Routers
Switching Platforms
SRX Series Services Gateways
Conclusion
Exam Topics
Chapter Review Questions
Chapter Review Answers
2. Enterprise Design
Design Guidelines
Technological Goals of Network Design
Legacy Network Design
The New Network
Dual Star Internet Access
Existing Internet Access Design
Design Goals and Constraints
Solution: Dual Internet Access Design
Data Center and Disaster Recovery (DR) Architecture
Multitier Data Center Design
Goals and Constraints
Solution: Data Center Design
Campus Architecture
Legacy Campus Backbone
Goals and Constraints
Solution: Campus Network
Conclusion: Design Best Practices
3. Juniper Switching and Routing Platforms
Enterprise Network Roles
Screening Router
Security Gateway
Internet Border Router
Single link
Dual links, single router
Dual links, dual routers
Internet border router device options
Core Routers
Core router device options
Access Router
Access router options
Multiservices Gateway
Device Limitations
M-series
J-series
MX edge routers
EX switches
SRX Services Gateway
L2 and L3 Deployments
Link Aggregation Groups
VPLS Implementation
Miscellaneous Protocols
Spanning tree protocol
Fibre channel
Bidirectional forwarding detection
All-in-One Versus Components
Chapter Review Questions
Chapter Review Answers
4. Interfaces
Permanent Interfaces
Transient Interfaces
Interface Naming
Media type
Chassis slot number
PIC slot number
Port number
Logical unit and channel numbers
Interface Properties
Physical Properties
Logical Properties
Interface Configuration Examples
Gigabit Ethernet Interface
Gigabit Ethernet with VLAN Tagging
T1 Interface with Cisco HDLC Encapsulation
Serial Interface with PPP
Serial Interface with Frame Relay
ADSL Using PPPoE over ATM
MLPPP
Aggregated Ethernet
GRE
VRRP
Interface Troubleshooting
Address Configuration Issues
Encapsulation Mismatches
Path MTU Issues
Looped Interfaces
Conclusion
Exam Topics
Chapter Review Questions
Chapter Review Answers
5. Protocol Independent Properties and Routing Policy
Protocol Independent Properties
Static, Aggregate, and Generated Routes
Next hop types
Forwarding next hop qualifiers
Static versus aggregate routes
Aggregates need contributing routes
Aggregate versus generated routes
Route attributes and flags
Global Route Preference
Floating static routes
Martian Routes
Routing Tables and RIB Groups
Default route tables
User-defined RIBs and RIB groups
Router ID and Antonymous System Number
Router ID
Autonomous system number
Summary of Protocol-Independent Properties
Routing Policy
What Is a Routing Policy, and When Do I Need One?
Where and How Is Policy Applied?
Applying policy to link state routing protocols
Applying policy to BGP and RIP
Policy Components
Logical OR and AND functions within terms
Policy Match Criteria and Actions
Policy match criteria
Policy actions
Route Filters
Binary trees
Route filters and match types
Longest match wins, but may not…
Default Policies
OSPF (and IS-IS) default policy
RIP default policy
BGP default policy
Advanced Policy Concepts
Testing policy results
Community and AS path regex matching
Policy subroutines (nesting)
Boolean grouping
Summary of Routing Policy
Conclusion
Exam Topics
Chapter Review Questions
Chapter Review Answers
6. Interior Gateway Protocols and Migration Strategies
IGP Overview
Routing Information Protocol
Stability and performance tweaks
RIP and RIPv2
Open Shortest Path First
Neighbors and adjacencies
The designated router
OSPF router types
Areas and LSAs
OSPF area types
Primary LSA types
OSPF stability and performance tweaks
Enhanced Interior Gateway Routing Protocol
EIGRP metrics
EIGRP: A grand past and a dubious future
IGP Summary
RIP Deployment Scenario
Existing RIP Configuration
Baseline Operation
Summary of RIP Requirements
Enter Juniper Networks
Configure static routes
Configure RIP
Ale’s RIP configuration
Confirm RIP Operation: Ale and Lager
Confirm RIP: Juniper Networks to Cisco Systems Integration
Confirm route exchange
Confirm forwarding path
RIP troubleshooting scenario
The Problem
RIP Deployment Summary
IGP Migration
IGP Migration: Common Techniques and Concerns
IGP Migration Models
The Overlay Model
The Redistribution Model
The Integration Model
IGP Migration Summary
Overlay Migration Scenario: RIP to OSPF
RIP-to-OSPF Migration: Cutover to OSPF
Before You Go, Can You Set Up Area 1 Real Quick?
A final task: Aggregate network summaries into the backbone
RIP Migration with the Overlay Model Summary
EIGRP-to-OSPF Migration
Mutual Route Redistribution
The Junos OSPF configuration
The IOS configuration
What about route preferences?
Confirm EIGRP/OSPF Mutual Route Redistribution
Troubleshoot a preference issue
EIGRP-to-OSPF Migration Summary
Conclusion
Exam Topics
Chapter Review Questions
Chapter Review Answers
7. Border Gateway Protocol and Enterprise Routing Policy
What Is BGP?
Inter-AS Routing
BGP Route Attributes
BGP Path Selection
Internal and External BGP
Scaling IBGP with Route Reflection
Route reflection and redundancy
Scaling IBGP: Confederations
BGP and the Enterprise
When Should an Enterprise Run BGP?
A word about AS numbers
ASN Portability
Dual-homed: Single versus multiple providers
Asymmetric Link Speed Support
Which Routers Should Run IBGP?
No Transit Services
The Impact of Accepting Specifics Versus a Default from Your Provider
Summary of Enterprise BGP Requirements
BGP Deployment: Asymmetric Load Balancing
Validate Baseline Operation
Configure Generated Route
Configure Initial BGP Peering
Configure Initial BGP Policy
Use BGP for Asymmetric Load Balancing
Initial BGP Peering Summary
Enterprise Routing Policy
Inbound and Outbound Routing Policies
Common Policy Design Criteria
A word on outbound/inbound versus export/import policy
Know your ISP’s policy
Enterprise Policy Summary
Multihome Beer-Co
Implement Beer-Co’s Outbound Policy
EBGP Peering to AS 420
Export Beer-Co Aggregate to Borgnet
Monitor system load
IBGP Peering Within AS 1282
Troubleshoot an IBGP peering problem
Configure route reflection
Troubleshoot BGP next hop reachability
Confirm Outbound Policy Operation
Dual-Homing and Outbound Policy Summary
Inbound Policy
AS Path Prepend to Influence Nonadjacent AS Path Selection
Use Communities to Influence Peer AS
BGP Inbound Policy Summary
Conclusion
Exam Topics
Chapter Review Questions
Chapter Review Answers
8. Access Security
Security Concepts
Summary of Security Concepts
Securing Access to the Router
User Authentication
Remote Access
Summary of Access Security
Firewall Filters
Filter Processing
Filter Match Conditions
Can your mother read this?
Filter Actions
Applying a Filter
Case Study: Transit Filters
Case Study: Loopback Filters
Policers
Burst-size limit mystery
Policer actions
Configuring and applying policers
Policer example
Summary of Firewall Filters and Policers
Spoof Prevention (uRPF)
Summary of Spoof Prevention
Monitoring the Router
Syslog
Case study: Syslog
SNMP
NTP
Is NTP Really Working?
Summary of Router Monitoring
Conclusion
Exam Topics
Chapter Review Questions
Chapter Review Answers
9. Junos Layer 2 Services
Junos Services
Layer 2 Services
Multilink PPP
Multiclass MLPPP
CRTP
Multilink Frame Relay
GRE
Ethernet Aggregation
Switching Services
Additional Service Options
Layer 2 Tunneling Protocol (L2TP)
Real-Time Performance Monitoring (RPM)
Data Link Switching (DLSw)
Flow Monitoring
Tunnel Services
Conclusion
Exam Topics
Chapter Review Questions
Chapter Review Answers
10. Class of Service
What Is IP CoS, and Why Do I Need It?
Why IP Networks Need CoS
Circuit-switching inefficiencies
CoS Terms and Concepts
Network QoS parameters
Classification
Loss priority
Packet marking/rewriting
Forwarding classes, queues, and schedulers
Schedulers
Congestion management
Weighted RED
Policing and shaping
Isolation is needed to preserve CoS
Policing versus shaping
Summary of CoS processing steps
IP CoS Summary
IP Differentiated Services
IP ToS
Enter IP Integrated Services
IP Differentiated Services
DiffServ Terminology
DiffServ PHBs
Recommended/default DHCPs
DiffServ Summary
CoS Capabilities
Input Processing
BA classification capabilities
Multifield classification
Policing
CoS policy
Output Processing
Egress policing
Rewrite marking
Scheduling and queuing
Scheduling discipline
Scheduler configuration
Delay Buffer Size
Scheduler Maps
A word on per-unit scheduling
Congestion control
Configure WRED drop profiles
Differences Between Junos CoS
Per-unit scheduling
Weight- versus priority-based scheduling
The weight-based scheduler
The priority-based scheduler
Virtual channels
Adaptive shaping
Junos Software CoS Defaults
Four forwarding classes, but only two queues
BA and rewrite marker templates
CoS Summary
DiffServ CoS Deployment and Verification
Why Not Test CoS with Control-Plane-Generated Traffic?
Cannot control classification of locally generated traffic
Enter resource performance monitoring
Configure DiffServ-Based CoS
Multifield classification and policing (task 1)
BA classification and rewriting (task 2)
CoS shaping (task 3)
Scheduler definition and application (task 4)
Weight-based scheduler definition
Priority-based scheduler definition
An Alternative Priority-Based Scheduler Approach
Define RED Profiles
Scheduler application
Activate multifield classification
The complete configuration
Verify DiffServ-Based CoS
Confirm general CoS configuration
Confirm classification and queuing
Multifield classification
BA classification
Confirm that all this CoS stuff actually does something
No CoS benchmark
The CoS benchmark
DiffServ Deployment Summary
Adaptive Shapers and Virtual Channels
Configure Adaptive Shaping
Virtual Channels
Configure virtual channels
Adaptive Shaping and Virtual Channel Summary
Conclusion
Exam Topics
Chapter Review Questions
Chapter Review Answers
11. IP Multicast in the Enterprise
What Is Multicast?
Multicast Applications
Locating content
Multicast Terminology and Concepts
Routing turned upside down
Multicast terms
Additional multicast building blocks
Multicast addressing
Mapping IP Multicast to Link Layer Multicast
Multicast addressing and administrative scoping
Interface lists
Reverse path forwarding
Distribution trees
Shortest-path tree (SPT)
Shared trees and RPs
Switching from a shared tree to an SPT
Multicast Terminology Summary
Multicast Protocols
Group Management Protocols
IGMPv3
PIM
PIM versions
PIM components
RP discovery
PIM modes
Dense mode
Sparse mode
Source-specific multicast
PIM messages
The designated router
PIM assert
Multicast Protocol Summary
PIM Sparse Mode: Static RP
Validate the Baseline IGP Forwarding Path
Configure PIM Sparse Mode with Static RP
Configure PIM on the RP
Configure PIM on remaining routers
Verify RPF
Configure the simulated receiver
A Word on Multicast Client Options
Static IGMP membership
Create a listening multicast process
Generate multicast traffic
PIM Sparse Mode with Static RP Summary
Configure PIM Sparse Mode with Bootstrap RP
Troubleshoot a Bootstrap Problem
Extra points for creativity?
PIM Sparse Mode with Bootstrap RP Summary
PIM-Based Anycast-RP
Configure Anycast-RP
Configure static RP on non-RP routers
Configure the Anycast-RPs
Verify the Anycast-RPs
What about MSDP?
PIM Sparse Mode with Anycast-RP Summary
Conclusion
Exam Topics
Chapter Review Questions
Chapter Review Answers
12. Junos Security Services
Junos Software and Security
Do I Need a Router or a Security Device?
Best-of-breed routing and security services
Security-Based Enterprise Scenario
Packet- Versus Flow-Based Processing
Architecture Changes
Adding flow-based forwarding
Flows and sessions
Junos security packet walk
Junos Security Summary
Understanding Junos Operational Modes
Switching between secure and router contexts
Default configurations
Operational modes summary
Security Features
Branch Office and Data Center SRXs
Common feature set
Security policies
Policy creation
Rule 1: All employees are allowed to access the Internet for all purposes
Rule 2: All Internet users are allowed to access the Beer-Co web server
Rule 3: All Internet DNS servers are allowed to access the Beer-Co DNS server
Rule 4: All Internet email servers are allowed to access the Beer-Co email server
Rule 5: All employees are allowed to access the servers on the DMZ
Rule 6: The DNS and email servers are allowed to access the Internet for their respective services
Rule 7: All employees are allowed to transit the firewall to another employee
Testing policies
Security traffic logs
Security policy summary
Network Address Translation
Static NAT
Source NAT
Destination NAT
NAT summary
Virtual Private Networks
Virtual private networks summary
Attack Detection and Prevention
Configuring screens
Attack detection and prevention summary
Clustering
Clustering components
Clustering configuration
Verifying clustering
Clustering summary
Conclusion
Exam Topics
Chapter Review Questions
Chapter Review Answers
A. Junos Layer 3 Services
Layer 3 Services
Stateful Firewall
Application Layer Gateways
Network Address Translation
Intrusion Detection Services
IPSec VPN
Layer 3 Services Summary
Layer 3 Services Configuration
Logging and Tracing
Layer 3 Services Configuration Summary
IPSec VPNs
Example IPSec Tunnel Configuration
Interface-style service set
Next hop–style service set
IPSec over GRE
Summary of IPSec VPNs
NAT
Source NAT with No PAT
Source NAT with PAT
Destination NAT
NAT and the stateful firewall
Twice NAT
Summary of NAT
IDS
Combining Services
Stateful Firewall, NAT, and IPSec over GRE Together
The Life of a Packet
Considerations Regarding Order of Operations
Conclusion
Exam Topics
Appendix Review Questions
Appendix Review Answers
B. Upgrading Junos
Migrating to a Newer Version of Junos
Free Up Space
Confirm that you have enough compact flash space
Install the Junos Upgrade
Using a USB drive to load a new image
Upgrading from a USB drive when the compact flash is not large enough
Loading an SRX from a USB drive
Upgrade Summary
Index
About the Authors
Colophon
← Prev
Back
Next →
← Prev
Back
Next →