730 likes | 833 Views
Operating Juniper Networks Routers in the Enterprise. Chapter 6: Routing Protocols and Policy. Chapter Objectives. After successfully completing this chapter, you will be able to: Describe routing tables and route preferences Describe the role of JUNOS software routing policy
E N D
Operating Juniper Networks Routers in the Enterprise Chapter 6: Routing Protocols and Policy
Chapter Objectives • After successfully completing this chapter, you will be able to: • Describe routing tables and route preferences • Describe the role of JUNOS software routing policy • Describe J-Web support for routing protocols and policy • Configure and monitor static routes • Explain the role of IGPs • Configure and monitor RIP • Configure and monitor OSPF
Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF
The Routing Table • Compiles information learned from routing protocols and other routing information sources • Selects an active route to each destination • Populates forwarding table • Juniper Networks routers maintain multiple routing tables • inet.0 for IPv4 unicast routing • Others are outside the scope of this course Routing Protocol Databases OSPF Routing Table Forwarding Table Other Routing Information Sources Direct Static
Route Preference • Ranks routes received from different sources • Primary criterion for selecting the active route • Ranges from 0 to 4,294,967,295, with lower value preferred Route Preference Values
Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF
Routing Policy Overview • Controls routing information transferred into and out of the routing table • Can ignore or change incoming routing information • Can suppress or change outgoing routing information • Policies are made up of match/action pairs • Match conditions can be protocol specific • Apply policy when: • You do not want to import all learned routes into the routing table • You do not want to advertise all learned routes to neighboring routers • You want one protocol to receive routes from another protocol • You want to modify information associated with a route
Neighbors Neighbors Import Export RoutingTable Routes Routes Protocol Protocol PFE Forwarding Table Import and Export Policies • Perform policy filtering with respect to the JUNOS software routing table • JUNOS software applies import policy prior to inclusion in the routing table • JUNOS software applies export policy only to active routes in the routing table
Routing Policy Flow • Policies can be chained together • Evaluation proceeds left to right until a terminating action of accept or reject is reached • Individual policies can contain a collection of terms • Flow-control actions such as next-policy supported Route Policy 1 Policy 2 Policy n Term A Term A Term A Acceptor Reject Acceptor Reject Acceptor Reject Term B Term B DefaultPolicy Acceptor Reject Acceptor Reject Reject Term C Term C Acceptor Reject Acceptor Reject Accept
IGP Default Policies • Protocols are associated with a default policy • OSPF: • Import: Accept all LSAs flooded by that protocol • Export: Reject everything • LSA flooding announces OSPF-learned and local routes • RIP: • Import: Accept all learned RIP routes, export nothing • Export: Reject everything • RIP requires export policy to announce RIP (or other) routes
Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF
J-Web and Routing Protocols (1 of 2) • J-Web routing protocol wizards found at Configuration > Quick Configuration > Routing and Protocols • Quickly establish basic connectivity for: • Static, RIP, OSPF, and BGP routing
J-Web and Routing Protocols (2 of 2) • Use J-Web configuration editor (or the CLI) to: • Tweak OSPF default route origination, summarization, authentication, etc. • Create and apply routing policy
Monitoring Routing with J-Web • Use J-Web to monitor routing at the Monitor > Routingpage Displays the routing table Displays protocol-specific information
Sample J-Web Route Table Display Table name and summary Route table contents Filter display using these fields
Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF
Static Routing Access Router Service Provider se-0/0/2 192.168.0/30 .1 .2 Static Routing • Static routing is often used when single-homed to a service provider • Static default route directs external traffic to the service provider user@host> show route protocol static inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 00:00:15 > via se-0/0/2.0 Route source/global preference Next-hop interface/IP address A default route
London 10.222.2.0/30 se-1/0/0 Tokyo se-1/0/1 Wintermute HARLIE fe-0/0/1 .1 .2 lo0: 192.168.36.1 fe-0/0/1 lo0: 192.168.24.1 (DCE) (DTE) .2 .1 10.222.1.0/30 10.222.3.0/30 Static Routing Case Study • Use static routing to provide connectivity among all WAN, LAN, and loopback addresses
Default Route Configuration • Access the J-Web static routing wizard at the Configuration > Quick Configuration > Routing and Protocolspage • Create a default route on London Create a default route by identifying the next-hop IP address
Static Route Configuration • Static route definitions at Tokyo • Provides reachability to London’s loopback address and 10.222.3.0/30 network
London 10.222.2.0/30 se-1/0/0 Tokyo se-1/0/1 Wintermute HARLIE fe-0/0/1 .1 .2 lo0: 192.168.36.1 fe-0/0/1 lo0: 192.168.24.1 (DCE) (DTE) .2 .1 10.222.1.0/30 10.222.3.0/30 Confirming Static Routing • Use J-Web or the CLI to display the routing table and to confirm reachability lab@Tokyo> show route protocol static inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.222.3.0/30 *[Static/5] 00:01:54 > to 10.222.2.2 via se-1/0/0.0 192.168.36.1/32 *[Static/5] 00:03:09 > to 10.222.2.2 via se-1/0/0.0 lab@Tokyo> ping source 10.222.1.2 10.222.3.1 count 2 PING 10.222.3.1 (10.222.3.1): 56 data bytes 64 bytes from 10.222.3.1: icmp_seq=0 ttl=255 time=85.853 ms 64 bytes from 10.222.3.1: icmp_seq=1 ttl=255 time=10.049 ms --- 10.222.3.1 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 10.049/47.951/85.853/37.902 ms Both static routes are active atTokyo Test traffic sourced from the LAN interface to confirm end-to-end routing
Lab 4—Parts 1–3: Static Routing • Configure and monitor static routing. • Note: This lab and future labs require each team to use the Sydney router, which is logically segmented into several virtual routers. Each student router connects to a virtual router in the form of xx-VR, where xx is a two letter abbreviation for the directly connected student router. Please keep in mind that the command syntax is slightly different when working with a virtual router. Following are some examples: ping routing-instance LO-VR show route table LO-VR traceroute routing-instance LO-VR
Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF
Interior Gateway Protocol Overview lo0: 192.168.255.1/32 lo0: 192.168.255.2/32 Flooded LSAs build link-state database • IGPs provide internal reachability • Promote connectivity but lack administrative controls needed to enforce routing policy • Normally, link-state routing (OSPF) is deployed • Optimal convergence and bandwidth usage based on reliable flooding of link-state updates • Builds a replicated network topology database at all stations within an OSPF area or IS-IS level and uses SPF to find optimal paths • RIP and static routing are also common Adjacencies Router B Router A Router A can reach 192.168.255.1, cost 0 Router C lo0: 192.168.255.3/32
Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF
What Is RIP? • RIP is an IGP that is used within an AS • Two versions: • RIPv1 (RFC 1058) • RIPv2 (RFC 2453) • Primary characteristics: • Distance-vector routing protocol; prone to loops and slow convergence • Split horizon and poison reverse for loop prevention • Hop count is used as the metric for path selection, based on Bellman-Ford distance-vector routing algorithm • Routing updates sent every 30 seconds
London 10.222.2.0/30 se-1/0/0 Tokyo se-1/0/1 Wintermute HARLIE fe-0/0/1 .1 .2 lo0: 192.168.36.1 fe-0/0/1 lo0: 192.168.24.1 (DCE) (DTE) .2 .1 10.222.1.0/30 10.222.3.0/30 RIP Message Types RIP V2 Update: 10.222.1.0/30, cost 1 192.168.24.1/32, cost 1 • Two message types: • Request message • Asks neighbors to send routes • Response message • Carries route updates • Advertises up to 25 routes per update • Router decides how to handle routes in update • Add, modify, or delete
Update: 192.168.1.192/26, Cost 1 RIPv2 Features • Backward compatible with RIPv1 • Update includes prefix length to support VLSM • Authentication on a per-message basis • Simple password or MD5 authentication • Updates sent to multicast address 224.0.0.9 • You can configure broadcast-based updates 192.168.1.128/26 192.168.1.0/30 The 192.168.1.0 prefix is subnetted with a variable-length netmask 192.168.1.192/26 RIP V2 updates include the netmask in updates to support VLSM 192.168.1.4/30
RIP Limitations • Limitations: • Maximum network diameter = 15 hops • Regular updates include entire routing table approximately every 30 seconds • Poison reverse increases size of routing updates • Count to infinity slows route-loop prevention • Metrics reflect hop count only • Broadcasts between neighbors (RIPv1 only) • Classful routing means no prefix length carried in route updates (RIPv1 only) • No authentication mechanism exists (RIPv1 only) • Has poor convergence
London 10.222.2.0/30 se-1/0/0 Tokyo se-1/0/1 Wintermute HARLIE fe-0/0/1 .1 .2 lo0: 192.168.36.1 fe-0/0/1 lo0: 192.168.24.1 (DCE) (DTE) .2 .1 10.222.1.0/30 10.222.3.0/30 RIP Case Study • Use RIPv2 to provide connectivity among all WAN, LAN, and loopback addresses
Configuring RIP: J-Web • Use the J-Web Configuration > Quick Configuration > Routing and Protocols > RIP Routing wizard • Automatically creates export policy to advertise RIP-enabled interface and learned RIP routes RIP is enabled RIP is enabled on LAN, WAN, and loopback interfaces
The Resulting RIP Configuration lab@London# show protocols rip group jweb-rip { export [ jweb-policy-rip jweb-policy-direct ]; neighbor fe-0/0/1.0; neighbor lo0.0; neighbor se-1/0/1.0; } [edit] lab@London# show policy-options policy-statement jweb-policy-rip { from protocol rip; then accept; } policy-statement jweb-policy-direct { from { protocol direct; interface [ fe-0/0/1.0 lo0.0 se-1/0/1.0 ]; } then accept; } Two export policies are in effect Export policies override default behavior by advertising RIP interfaces and learned RIP routes
Monitoring RIP: J-Web • Use the J-Web Monitor > Routing > RIP Information page to monitor general RIP operation Two routes learned via RIP RIP interface parameters
Monitoring RIP Using the CLI (1 of 3) • Show the state of your RIPinterfaces using the show rip neighbor command lab@London> show rip neighbor Source Destination Send Receive In Neighbor State Address Address Mode Mode Met -------- ----- ------- ----------- ---- ------- --- se-1/0/1.0 Up 10.222.2.2 224.0.0.9 mcast both 1 lo0.0 Up 192.168.36.1 224.0.0.9 mcast both 1 fe-0/0/1.0 Up 10.222.3.1 224.0.0.9 mcast both 1 • Show routes learned via RIP using the show route protocol rip command lab@London> show route protocol rip inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.222.1.0/30 *[RIP/100] 00:21:16, metric 2, tag 0 > to 10.222.2.1 via se-1/0/1.0 192.168.24.1/32 *[RIP/100] 00:21:16, metric 2, tag 0 > to 10.222.2.1 via se-1/0/1.0 224.0.0.9/32 *[RIP/100] 00:21:22, metric 1 MultiRecv
Monitoring RIP Using the CLI (2 of 3) • Display RIP routes advertised out an interface using the show route advertising-protocol rip neighbor command • neighbor is the IP address of local RIP interface lab@London> show route advertising-protocol rip 10.222.2.2 inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.222.3.0/30 *[Direct/0] 01:19:23 > via fe-0/0/1.0 192.168.36.1/32 *[Direct/0] 01:19:23 > via lo0.0 Advertisement of the LAN and loopback addresses owned by London are confirmed on London’s se-1/0/1 interface
Monitoring RIP Using the CLI (3 of 3) • Display RIP routes received on a particular interface using the show route receive-protocol rip neighborcommand • neighbor is the IP address of remote RIP neighbor lab@London> show route receive-protocol rip 10.222.2.1 inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.222.1.0/30 *[RIP/100] 00:27:04, metric 2, tag 0 > to 10.222.2.1 via se-1/0/1.0 192.168.24.1/32 *[RIP/100] 00:27:04, metric 2, tag 0 > to 10.222.2.1 via se-1/0/1.0 RIP advertisements for the LAN and loopback addresses owned by Tokyo are confirmed on London’s se-1/0/1 interface
Lab 4—Parts 4–5: RIP • Configure and monitor RIP version 2.
Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF
OSPF Protocol Overview • OSPF is a link-state routing protocol • OSPF reliably floods LSAs to distribute link-state information once an adjacency is formed • Each router uses these LSAs to create a complete database for the network • OSPF uses the SPF algorithm within the database to calculate the best route to every node in the network • JUNOS software support for OSPF includes: • RFC 1587, The OSPF NSSA Option • RFC 2328, OSPF Version 2 • RFC 2740, OSPF for IPv6 • draft-katz-yeung-ospf-traffic-01.txt, Traffic Engineering Extensions to OSPF • draft-ietf-katz-ward-bfd-00.txt, Bidirectional Forwarding Detection
OSPF Router Terminology • Internal router has all OSPF links in the same area • Within Area 0, also called a backbonerouter • Backbone router • Any router with a link to Area 0 • ABRs • Routers that belong to more than one area are called area border routers • Connect OSPF areas to the backbone Area 0 • ASBRs • Routers that inject routing information from outside the OSPF domain are called AS boundary routers
DR BDR The Designated Router • OSPF elects a DR to represent a broadcast segment • Significantly reduces OSPF traffic on segment • A backup DR is also elected to recover for DR failures • DROther stations form adjacencies to the DR and BDR only Adjacencies DROther DROther DROther
OSPF Neighbors Versus Adjacencies Adjacent user@host> show ospf neighbor extensive Address Intf State ID Pri Dead 172.16.30.254 fe-0/0/0.0 Full 10.250.240.8 128 30 area 0.0.0.5, opt 0x42, DR 172.16.30.254, BDR 172.16.30.253 Up 00:10:50, adjacent 00:10:50 172.16.30.253 fe-0/0/0.0 Full 10.250.240.35 128 30 area 0.0.0.5, opt 0x42, DR 172.16.30.254, BDR 172.16.30.253 Up 00:10:50, adjacent 00:10:52 172.16.30.252 fe-0/0/0.0 2Way 10.250.240.32 64 38 area 0.0.0.5, opt 0x42, DR 172.16.30.254, BDR 172.16.30.253 Up 00:08:10 DR DROther DROther 2-way 2-way state to DROther routers is normal
OSPF Areas (1 of 2) • Areas: • Single AS can be divided into smaller groups called areas • Areas reduce the link-state database because LSA flooding is now constrained to the area • Routers maintain a separate link-state database on a per-area basis • Each link-state database within an area must still be identical on all routers
OSPF Areas (2 of 2) • Special OSPF area called the backbone area • Backbone area (0.0.0.0) distributes routing information between areas • All other OSPF areas must connect to the backbone area • All user traffic from one area to another must traverse the backbone
OSPF Area Relationships Intra-Area Routes Area 1 Interarea Routes(Summary Routes) Area 3 Area 2 Backbone (0.0.0.0) RIP BGP External Routes
OSPF Area Types • Stub areas • Do not carry external routes • Cannot contain ASBRs • Totally stubby areas • Stub areas that only receive the default route from the backbone • Not-so-stubby areas • Allow external routes to be advertised from the area but not received from another area
OSPF Area Types Intra-Area Routes Stub Area Interarea Routes(Summary Routes) Default Route Not-So-StubbyArea Totally Stubby Area Backbone (0.0.0.0) RIP BGP External Routes
OSPF LSA Types Summary LinksTypes 3 and 4 Router LinksType 1 ABR Originated by ABRs only.Describe networks in the AS but outside of area (interarea).Also describe the location of the ASBR. Describe the state and cost of the router’s links (interfaces) to the area (intra-area). External LinksType 5 NSSA External LinksType 7 Network LinksType 2 ASBR NSSA DR ASBR Originated for multi-access segments with more than one attached router. Describe all routers attached to the specific segment. Originated by a designated router (discussed later). Originated by an ASBR.Describe destinations external to the AS or a default route to the outside AS. Used by NSSAa to import external routes into a stub area.
London 10.222.2.0/30 se-1/0/0 Tokyo se-1/0/1 Wintermute HARLIE fe-0/0/1 .1 .2 lo0: 192.168.36.1 fe-0/0/1 lo0: 192.168.24.1 (DCE) (DTE) .2 .1 10.222.1.0/30 10.222.3.0/30 OSPF Case Study (Single-Area) • Use a single OSPF area to provide connectivity among all WAN, LAN, and loopback addresses OSPF Area 0
Configuring OSPF: J-Web • Use the J-Web OSPF wizard at the Configuration > Quick Configuration > Routing and Protocols page • Configuration goal: A single-area OSPF network using the sample topology Defaults tolo0address OSPF process enabled Area number and type OSPF enabled on LAN, WAN, and loopback interfaces