Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Juniper Networks Warrior
Dedication
Preface
What Is the New Network Platform Architecture?
How to Use This Book
What’s in This Book?
A Note About This Book
Conventions Used in This Book
Using Code Examples
Safari® Books Online
How to Contact Us
Acknowledgments
1. An Enterprise VPN
Company Profile
Network
Traffic Flow
Need for Change
Class of Service
Design Trade-Offs
Routing and survivability
Remote locations
Main location
Class of service
Implementation
Prototype Phase
Class of Service
Cut-Over
Main Site
Remote Site JAX
Remote Sites PHL and IAD
Backup Site BNA
Conclusions
2. Maintaining IDP Systems
IDP8200 Background
Command-Line Interface
Web Management Interface
NSM Management
Support Tasks
Daily Tasks
IDP Policies
Rulebase Optimization
Other Tasks
Updating the detector engine
Updating IDP appliance OS
Updating attacks
Conclusion
3. Data Center Security Design
Discussion
Design Trade-Offs
Decision
Configuration
Take One Configuration: Clustering
Take 2 Configuration: Active/Active without Reths
Take 3 Configuration: Active/Active with One-Legged Reths
Testing
Summary
4. Layer 3 to Layer 2 Conversion
Problem
Q-in-Q Framing
VPLS Overhead
Solutions
RFC 4623
Customer MTU restrictions
Move the MTU
Configurations
Management
lo0.0
Access
Protocols
MPLS
BGP
OSPF
Core Router Configurations
Distribution Switch Configurations
Distribution Router Configurations
Rate Control
CPE Switch Configuration
Conclusion
5. Internet Access Redress
Objective
Design
Trade-offs
Routing
IBR integration
IDP
Filter-based forwarding
Clustering
Configuration
Clustering
Security
Routing instances
Interfaces, zones, and policies
NAT
Security logging
Routing
BGP
OSPF
Default route
Out-of-band management network
Implementation
Lessons Learned
Feature interactions
Network interactions
Administrative issues
Conclusion
6. Service Provider Engagement
Company Profile
Physical Network Topology
Services
Design Approach
MX connectivity
EX connectivity
Deployment
Management network
Design Trade-Offs
OSPF
VPLS
BGP
MPLS
Trade-off choices
Configurations
Boilerplate Configuration
MX Interfaces
EX Boilerplate and Interfaces
OSPF
MBGP
MPLS
RSVP
Layer 3 VPN
VPLS
OBM
Conclusion
7. A PCI-Compliant Data Center
Introduction
Client Goals
Design Trade-Offs
Firewalls
Routing
Addressing
Survivability
Recommended Design
Switching Layer
Routing Layer
Firewall Layer
Virtualization
Configurations
EX4200 Configuration
MX240 Configuration
Firewall Configuration
Deployment
Initial Connectivity
The Maintenance Window
PCI Compliance
Summary
8. Facilitating Dark Fiber Replacement Using a QFX3500
Existing Design
Introduction to Fibre Channel
Proposed Design
Concerns and Resolutions
Naming
Network quality
Network Upgrade
Advantages and Benefits of the Solution
QFX3500 Fibre Channel Gateway Configurations
Management Configurations
Fibre Channel Gateway Interface Configuration
DCB Configuration
EX4500 Transit Switch Configurations
Interfaces and VLANs
Transit Switch DCB Configuration
Verification
Conclusions
9. MX Network Deployment
Plans and Topology
Phase 1
MX Configuration
Management Configuration
Routing Engine Protection
Policy Configurations
Prefer to receive an aggregate of the locally assigned addresses
No subnets longer than /24
No RFC 1918 prefixes
Authentication on all BGP links
The ISPs will ignore the use of MEDs
The ISPs will respond to local preference
The ISPs will forward a default route if required
The ISPs will accept prepending only for the local AS
The ISP will not act as a transit network for any other traffic except for its customers
Protocol Configurations
OSPF
BGP
Phase 2
Final Phases
Conclusion
10. A Survivable Internet Solution for a Fully Distributed Network
Original Network Architecture
WAN Connectivity
Addressing
Internal Connectivity
Firewalls
Problem Definition
Proposed Solution 1
Solution 1 Advantages
Solution 1 Details
Solution 1 Issues
Proposed Solution 2: OSPF over Tunnels
Early Death of Solution 2
Configuration for Solution 2
Final Solution: Static Routes over Tunnels
Solution Advantages
Solution Issues
RPF checks
Default gateway failure detection
Email Server Address Resolution
Firewall Configurations
Conclusion
11. Internet Access Rebuild
Requirements
Existing Network
Routing Protocols
Solution Options
Three-Layer Design
Two-Layer Design
One-Tier Design
Configurations
Deployment Scenario
Management Staging and Testing
Top-of-Rack Switch Testing
ISP Link Testing
Production Configuration
Cut-Over
Conclusion
Index
About the Author
Colophon
Copyright
← Prev
Back
Next →
← Prev
Back
Next →