Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Juniper MX Series
Dedication
Dedication
About the Authors
About the Lead Technical Reviewers
About the Technical Reviewers
Proof of Concept Laboratory
Preface
No Apologies
Book Topology
Interface Names
Aggregate Ethernet Assignments
Layer 2
IPv4 Addressing
IPv6 Addressing
What’s in This Book?
Conventions Used in This Book
Using Code Examples
Safari® Books Online
How to Contact Us
1. Juniper MX Architecture
Junos
One Junos
Software Releases
Three Release Cadence
Software Architecture
Daemons
Management Daemon
Routing Protocol Daemon
Device Control Daemon
Chassis Daemon (and Friends)
Routing Sockets
Juniper MX Chassis
MX80
MX80 Interface Numbering
MX80-48T Interface Numbering
Midrange
MX240
Interface Numbering
Full Redundancy
No Redundancy
MX480
Interface Numbering
MX960
Interface Numbering
Full Redundancy
No Redundancy
Trio
Trio Architecture
Buffering Block
Lookup Block
Interfaces Block
Dense Queuing Block
Line Cards and Modules
Dense Port Concentrator
Modular Port Concentrator
MPC1
MPC2
MPC-3D-16X10GE-SFPP
MPC3E
Multiple Lookup Block Architecture
Source MAC Learning
Destination MAC Learning
Policing
Packet Walkthrough
MPC1 and MPC2 with Enhanced Queuing
MPC3E
Modular Interface Card
Network Services
Switch and Control Board
Ethernet Switch
Switch Fabric
MX240 and MX480 Fabric Planes
MX960 Fabric Planes
J-Cell
J-Cell Format
J-Cell Flow
Request and Grant
MX Switch Control Board
MX SCB and MPC Caveats
MX240 and MX480
MX960
Enhanced MX Switch Control Board
MX240 and MX480
MX960
MX2020
Architecture
Switch Fabric Board
Power Supply
Air Flow
Line Card Compatibility
Summary
Chapter Review Questions
Chapter Review Answers
2. Bridging, VLAN Mapping, IRB, and Virtual Switches
Isn’t the MX a Router?
Layer 2 Networking
Ethernet II
IEEE 802.1Q
IEEE 802.1QinQ
Junos Interfaces
Interface Bridge Configuration
Basic Comparison of Service Provider versus Enterprise Style
Service Provider Style
Enterprise Style
Service Provider Interface Bridge Configuration
Tagging
VLAN Tagging
vlan-id-range
Stacked VLAN Tagging
Flexible VLAN Tagging
Encapsulation
Ethernet Bridge
Extended VLAN Bridge
Flexible Ethernet Services
Service Provider Bridge Domain Configuration
Enterprise Interface Bridge Configuration
Interface Mode
Access
Trunk
IEEE 802.1QinQ
IEEE 802.1Q and 802.1QinQ Combined
VLAN Rewrite
Service Provider VLAN Mapping
Stack Data Structure
Stack Operations
Stack Operations Map
input-vlan-map
output-vlan-map
Tag Count
Bridge Domain Requirements
Example: Push and Pop
Example: Swap-Push and Pop-Swap
Bridge Domains
Learning Domain
Single Learning Domain
Multiple Learning Domains
Bridge Domain Modes
Default
None
All
List
Single
Dual
Bridge Domain Options
MAC Table Size
Global
Bridge domain
Interface
No MAC learning
Show Bridge Domain Commands
show bridge domain
show bridge mac-table
show bridge statistics
show l2-learning instance detail
Clear MAC Addresses
Specific MAC Address
Entire Bridge-Domain
MAC Accounting
Integrated Routing and Bridging
IRB Attributes
Virtual Switch
Configuration
Summary
Chapter Review Questions
Chapter Review Answers
3. Stateless Filters, Hierarchical Policing, and Tri-Color Marking
Firewall Filter and Policer Overview
Stateless versus Stateful
Stateless
Stateful
Stateless Filter Components
Stateless Filter Types
Protocol Families
Filter Terms
The Implicit Deny-All Term
Filter Matching
A Word on Bit Field Matching
Filter Actions
Filters versus Routing Policy
Filter Scaling
Filter Optimization Tips
Filtering Differences for MPC versus DPC
Enhanced Filter Mode
Filter Operation
Stateless Filter Processing
Filter Actions
Terminating Actions
Nonterminating Actions
Flow Control Actions
Policing
Rate Limiting: Shaping or Policing?
Shaping
The Leaky Bucket Algorithm
The Token Bucket Algorithm
Policing
Junos Policer Operation
Policer Parameters
A Suggested Burst Size
Policer Actions
Basic Policer Example
Bandwidth Policer
Logical Bandwidth Policer
Cascaded Policers
Single and Two-Rate Three-Color Policers
TCM Traffic Parameters
Single-Rate Traffic Parameters
Two-Rate Traffic Parameters
Color Modes for Three-Color Policers
Configure Single-Rate Three-Color Policers
srTCM Nonconformance
Configure Two-Rate Three-Color Policers
trTCM Nonconformance
Hierarchical Policers
Hierarchical Policer Example
Applying Filters and Policers
Filter Application Points
Loopback Filters and RE Protection
Input Interface Filters
Output Interface Filters
Aggregate or Interface Specific
Filter Chaining
Filter Nesting
Forwarding Table Filters
General Filter Restrictions
Applying Policers
Logical Interface Policers
Filter-Evoked Logical Interface Policers
Physical Interface Policers
Policer Application Restrictions
Bridge Filtering Case Study
Filter Processing in Bridged and Routed Environments
Monitor and Troubleshoot Filters and Policers
Monitor System Log for Errors
Bridge Family Filter and Policing Case Study
Policer Definition
HTTP Filter Definition
Flood Filter
Verify Proper Operation
Summary
Chapter Review Questions
Chapter Review Answers
4. Routing Engine Protection and DDoS Prevention
RE Protection Case Study
IPv4 RE Protection Filter
IPv6 RE Protection Filter
Next-Header Nesting, the Bane of Stateless Filters
The Sample IPv6 Filter
DDoS Protection Case Study
The Issue of Control Plane Depletion
DDoS Operational Overview
Host-Bound Traffic Classification
A Gauntlet of Policers
Configuration and Operational Verification
Disabling and Tracing
Configure Protocol Group Properties
Verify DDoS Operation
Late Breaking DDoS Updates
DDoS Case Study
The Attack Has Begun!
Analyze the Nature of the DDoS Threat
Mitigate DDoS Attacks
BGP Flow-Specification to the Rescue
Configure Local Flow-Spec Routes
Flow-Spec Algorithm Version
Validating Flow Routes
Limit Flow-Spec Resource Usage
Summary
BGP Flow-Specification Case Study
Let the Attack Begin!
Determine Attack Details and Define Flow Route
Summary
Chapter Review Questions
Chapter Review Answers
5. Trio Class of Service
MX CoS Capabilities
Port versus Hierarchical Queuing MPCs
H-CoS and the MX80
CoS Capabilities and Scale
Queue and Scheduler Scaling
How Many Queues per Port?
Configure Four- or Eight-Queue Mode
Low Queue Warnings
Trio versus I-Chip/ADPC CoS Differences
Trio CoS Flow
Intelligent Oversubscription
The Remaining CoS Packet Flow
CoS Processing: Port- and Queue-Based MPCs
Switch Fabric Priority
Classification and Policing
Classification and Rewrite on IRB Interfaces
Egress Processing
Egress Queuing: Port or Dense Capable?
WRED
Trio Hashing and Load Balancing
A Forwarding Table Per-Packet Policy Is Needed
Load Balancing and Symmetry
Key Aspects of the Trio CoS Model
Independent Guaranteed Bandwidth and Weight
Guaranteed versus Excess Bandwidth and Priority Handling
Input Queuing on Trio
Trio Buffering
Trio Drop Profiles
Trio Bandwidth Accounting
Trio Shaping Granularity
Trio MPLS EXP Classification and Rewrite Defaults
Trio CoS Processing Summary
Hierarchical CoS
The H-CoS Reference Model
Level 4: Queues
Explicit Configuration of Queue Priority and Rates
Level 3: IFL
The Guaranteed Rate
Priority Demotion and Promotion
G-Rate Based Priority Handling at Nodes
Per Priority Shaping–Based Demotion at Nodes
Queue-Level Priority Demotion
Level 2: IFL-Sets
Remaining Traffic Profiles
Forcing a Two-Level Scheduling Hierarchy
Level 1: IFD
Remaining
Remaining Example
Interface Modes and Excess Bandwidth Sharing
PIR Characteristics
PIR/CIR Characteristics
Shaper Burst Sizes
Calculating the Default Burst Size
Choosing the Actual Burst Size
Burst Size Example
Shapers and Delay Buffers
Delay Buffer Rate and the H-CoS Hierarchy
Sharing Excess Bandwidth
Scheduler Nodes
Queues
Excess None
Excess Handling Defaults
Excess Rate and PIR Interface Mode
Excess Sharing Example
Priority-Based Shaping
Fabric CoS
Control CoS on Host-Generated Traffic
Default Routing Engine CoS
Dynamic Profile Overview
Dynamic Profile Linking
Dynamic CoS
H-CoS Summary
Trio Scheduling and Queuing
Scheduling Discipline
Scheduler Priority Levels
Scheduler to Hardware Priority Mapping
Priority Propagation
Priority Promotion and Demotion
Scheduler Modes
Port-Level Queuing
Operation Verification: Port Level
Per Unit Scheduler
Hierarchical Scheduler
H-CoS and Aggregated Ethernet Interfaces
Aggregated Ethernet H-CoS Modes
Schedulers, Scheduler Maps, and TCPs
Scheduler Maps
Configure WRED Drop Profiles
Scheduler Feature Support
Traffic Control Profiles
Overhead Accounting on Trio
Trio Scheduling and Priority Summary
MX Trio CoS Defaults
Four Forwarding Classes, but Only Two Queues
Default BA and Rewrite Marker Templates
MX Trio CoS Defaults Summary
Predicting Queue Throughput
Where to Start?
Trio CoS Proof-of-Concept Test Lab
A Word on Ratios
Example 1: PIR Mode
Example 2: CIR/PIR Mode
Example 3: Make a Small, “Wafer-thin” Configuration Change
Predicting Queue Throughput Summary
CoS Lab
Configure Unidirectional CoS
Establish a CoS Baseline
Baseline Configuration
The Scheduler Block
Select a Scheduling Mode
Apply Schedulers and Shaping
Verify Unidirectional CoS
Confirm Queuing and Classification
Use Ping to Test MF Classification
Confirm Scheduling Details
Check for Any Log Errors
Confirm Scheduling Behavior
Match Tester’s Layer 2 Rate to Trio Layer 1 Shaping
Compute Queue Throughput: L3
The Layer 3 IFL Calculation: Maximum
The Layer 3 IFL Calculation: Actual Throughput
Add H-CoS for Subscriber Access
Configure H-CoS
Verify H-CoS
Verify H-CoS in the Data Plane
Trio CoS Summary
Chapter Review Questions
Chapter Review Answers
6. MX Virtual Chassis
What is Virtual Chassis?
MX-VC Terminology
MX-VC Use Case
MX-VC Requirements
MX-VC Architecture
MX-VC Kernel Synchronization
MX-VC Routing Engine Failures
VC-Mm failure
VC-Mb failure
VC-Bm failure
VC-Bb failure
VC-Lm failure
VC-Lb
MX-VC Interface Numbering
MX-VC Packet Walkthrough
Virtual Chassis Topology
Mastership Election
Summary
MX-VC Configuration
Chassis Serial Number
Member ID
R1 VCP Interface
Routing Engine Groups
Virtual Chassis Configuration
GRES and NSR
R2 VCP Interface
Virtual Chassis Verification
Virtual Chassis Topology
Revert to Standalone
Summary
VCP Interface Class of Service
VCP Traffic Encapsulation
VCP Class of Service Walkthrough
Forwarding Classes
Schedulers
Classifiers
Rewrite Rules
Final Configuration
Verification
Summary
Chapter Review Questions
Chapter Review Answers
7. Trio Inline Services
What are Trio Inline Services?
J-Flow
J-Flow Evolution
Inline IPFIX Performance
Inline IPFIX Configuration
Chassis Configuration
Flow Monitoring
Sampling Instance
Firewall Filter
Inline IPFIX Verification
IPFIX Summary
Network Address Translation
Types of NAT
Services Inline Interface
Service Sets
Next-Hop Style Service Sets
Interface Style Service Sets
Traffic Directions
Next-Hop Style Traffic Directions
Interface Style Traffic Directions
Destination NAT Configuration
Network Address Translation Summary
Tunnel Services
Enabling Tunnel Services
Tunnel Services Case Study
Tunnel Services Case Study Final Verification
Tunnel Services Summary
Port Mirroring
Port Mirror Case Study
Configuration
Port Mirror Summary
Summary
Chapter Review Questions
Chapter Review Answers
8. Multi-Chassis Link Aggregation
Multi-Chassis Link Aggregation
MC-LAG State Overview
MC-LAG Active-Standby
MC-LAG Active-Active
MC-LAG State Summary
MC-LAG Family Support
Multi-Chassis Link Aggregation versus MX Virtual-Chassis
MC-LAG Summary
Inter-Chassis Control Protocol
ICCP Hierarchy
ICCP Topology Guidelines
How to Configure ICCP
ICCP Configuration Guidelines
Valid Configurations
Invalid Configurations
ICCP Split Brain
ICCP Summary
MC-LAG Modes
Active-Standby
Active-Active
ICL Configuration
MAC Address Synchronization
MC-LAG Modes Summary
Case Study
Logical Interfaces and Loopback Addressing
Layer 2
Loop Prevention
Input Feature
Output Feature
Loop Prevention Verification
R1 and R2
Bridging and IEEE 802.1Q
IEEE 802.3ad
S1 and S2
Bridging and IEEE 802.1Q
IEEE 802.3ad
Layer 3
Interior Gateway Protocol—IS-IS
Bidirectional Forwarding Detection
Virtual Router Redundancy Protocol
MC-LAG Configuration
ICCP
R1 and R2
R3 and R4
ICCP Verification
Multi-Chassis Aggregated Ethernet Interfaces
R1 and R2
R3 and R4
Connectivity Verification
Intradata Center Verification
Interdata Center Verification
Case Study Summary
Summary
Chapter Review Questions
Chapter Review Answers
9. Junos High Availability on MX Routers
Junos High-Availability Feature Overview
Graceful Routing Engine Switchover
The GRES Process
Synchronization
Routing Engine Switchover
What Can I Expect after a GRES?
Configure GRES
GRES Options
Disk Fail
Process Failure Induced Switchovers
Verify GRES Operation
GRES, Before and After
GRES and Software Upgrade/Downgrades
GRES Summary
Graceful Restart
GR Shortcomings
Graceful Restart Operation: OSPF
Restarting Router
Grace LSA
Helper Router
Aborting GR
A Graceful Restart, at Last
A Fly in the Ointment—And an Improved GR for OSPF
OSPF Restart Signaling RFCs 4811, 4812, and 4813
Graceful Restart and other Routing Protocols
Junos GR Support by Release
Configure and Verify OSPF GR
Enable Graceful-Restart Globally
OSPF GR Options
Verify OSPF GR
An Ungraceful Restart
A Graceful Restart
Graceful Restart Summary
Nonstop Routing and Bridging
Replication, the Magic That Keeps Protocols Running
Nonstop Bridging
NSB Only Replicates Layer 2 State
NSB and Other Layer 2 Functions
Current NSR/NSB Support
BFD and NSR/GRES Support
BFD Scaling with NSR
BFD and GR—They Don’t Play Well Together
NSR and BGP
NSR and PIM
PIM Supported Features
PIM Unsupported Features
PIM Incompatible Features
NSR and RSVP-TE LSPs
NSR and VRRP
This NSR Thing Sounds Cool; So What Can Go Wrong?
NSR, the good . . .
. . . And the bad
Practicing Safe NSRs
The Preferred Way to Induce Switchovers
Other Switchover Methods
Tips for a Hitless (and Happy) Switchover
Configure NSR and NSB
NSR and Graceful Restart: Not like Peanut Butter and Chocolate
General NSR Debugging Tips
Verify NSR and NSB
Confirm Pre-NSR Protocol State
Confirm Pre-NSR Replication State
BGP Replication
IS-IS Replication
Confirm BFD Replication
Layer 2 NSB Verification
Perform a NSR
Troubleshoot a NSR/NSB Problem
NSR Summary
In-Service Software Upgrades
ISSU Operation
ISSU Dark Windows
BFD and the Dark Window
ISSU Layer 3 Protocol Support
ISSU Layer 2 Support
MX MIC/MPC ISSU Support
ISSU: A Double-Edged Knife
ISSU Restrictions
ISSU Troubleshooting Tips
ISSU Summary
ISSU Lab
Verify ISSU Readiness
Perform an ISSU
Confirm ISSU
Summary
Chapter Review Questions
Chapter Review Answers
Index
About the Authors
Colophon
Copyright
← Prev
Back
Next →
← Prev
Back
Next →