1 / 71

Operating Juniper Networks Routers in the Enterprise

Operating Juniper Networks Routers in the Enterprise. Chapter 6: Routing Protocols and Policy. Chapter Objectives. After successfully completing this chapter, you will be able to: Describe routing tables and route preferences Describe the role of JUNOS software routing policy

epower
Download Presentation

Operating Juniper Networks Routers in the Enterprise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Operating Juniper Networks Routers in the Enterprise Chapter 6: Routing Protocols and Policy

  2. Chapter Objectives • After successfully completing this chapter, you will be able to: • Describe routing tables and route preferences • Describe the role of JUNOS software routing policy • Describe J-Web support for routing protocols and policy • Configure and monitor static routes • Explain the role of IGPs • Configure and monitor RIP • Configure and monitor OSPF

  3. Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF

  4. The Routing Table • Compiles information learned from routing protocols and other routing information sources • Selects an active route to each destination • Populates forwarding table • Juniper Networks routers maintain multiple routing tables • inet.0 for IPv4 unicast routing • Others are outside the scope of this course Routing Protocol Databases OSPF Routing Table Forwarding Table Other Routing Information Sources Direct Static

  5. Route Preference • Ranks routes received from different sources • Primary criterion for selecting the active route • Ranges from 0 to 4,294,967,295, with lower value preferred Route Preference Values

  6. Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF

  7. Routing Policy Overview • Controls routing information transferred into and out of the routing table • Can ignore or change incoming routing information • Can suppress or change outgoing routing information • Policies are made up of match/action pairs • Match conditions can be protocol specific • Apply policy when: • You do not want to import all learned routes into the routing table • You do not want to advertise all learned routes to neighboring routers • You want one protocol to receive routes from another protocol • You want to modify information associated with a route

  8. Neighbors Neighbors Import Export RoutingTable Routes Routes Protocol Protocol PFE Forwarding Table Import and Export Policies • Perform policy filtering with respect to the JUNOS software routing table • JUNOS software applies import policy prior to inclusion in the routing table • JUNOS software applies export policy only to active routes in the routing table

  9. Routing Policy Flow • Policies can be chained together • Evaluation proceeds left to right until a terminating action of accept or reject is reached • Individual policies can contain a collection of terms • Flow-control actions such as next-policy supported Route Policy 1 Policy 2 Policy n Term A Term A Term A Acceptor Reject Acceptor Reject Acceptor Reject Term B Term B DefaultPolicy Acceptor Reject Acceptor Reject Reject Term C Term C Acceptor Reject Acceptor Reject Accept

  10. IGP Default Policies • Protocols are associated with a default policy • OSPF: • Import: Accept all LSAs flooded by that protocol • Export: Reject everything • LSA flooding announces OSPF-learned and local routes • RIP: • Import: Accept all learned RIP routes, export nothing • Export: Reject everything • RIP requires export policy to announce RIP (or other) routes

  11. Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF

  12. J-Web and Routing Protocols (1 of 2) • J-Web routing protocol wizards found at Configuration > Quick Configuration > Routing and Protocols • Quickly establish basic connectivity for: • Static, RIP, OSPF, and BGP routing

  13. J-Web and Routing Protocols (2 of 2) • Use J-Web configuration editor (or the CLI) to: • Tweak OSPF default route origination, summarization, authentication, etc. • Create and apply routing policy

  14. Monitoring Routing with J-Web • Use J-Web to monitor routing at the Monitor > Routingpage Displays the routing table Displays protocol-specific information

  15. Sample J-Web Route Table Display Table name and summary Route table contents Filter display using these fields

  16. Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF

  17. Static Routing Access Router Service Provider se-0/0/2 192.168.0/30 .1 .2 Static Routing • Static routing is often used when single-homed to a service provider • Static default route directs external traffic to the service provider user@host> show route protocol static inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 00:00:15 > via se-0/0/2.0 Route source/global preference Next-hop interface/IP address A default route

  18. London 10.222.2.0/30 se-1/0/0 Tokyo se-1/0/1 Wintermute HARLIE fe-0/0/1 .1 .2 lo0: 192.168.36.1 fe-0/0/1 lo0: 192.168.24.1 (DCE) (DTE) .2 .1 10.222.1.0/30 10.222.3.0/30 Static Routing Case Study • Use static routing to provide connectivity among all WAN, LAN, and loopback addresses

  19. Default Route Configuration • Access the J-Web static routing wizard at the Configuration > Quick Configuration > Routing and Protocolspage • Create a default route on London Create a default route by identifying the next-hop IP address

  20. Static Route Configuration • Static route definitions at Tokyo • Provides reachability to London’s loopback address and 10.222.3.0/30 network

  21. London 10.222.2.0/30 se-1/0/0 Tokyo se-1/0/1 Wintermute HARLIE fe-0/0/1 .1 .2 lo0: 192.168.36.1 fe-0/0/1 lo0: 192.168.24.1 (DCE) (DTE) .2 .1 10.222.1.0/30 10.222.3.0/30 Confirming Static Routing • Use J-Web or the CLI to display the routing table and to confirm reachability lab@Tokyo> show route protocol static inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.222.3.0/30 *[Static/5] 00:01:54 > to 10.222.2.2 via se-1/0/0.0 192.168.36.1/32 *[Static/5] 00:03:09 > to 10.222.2.2 via se-1/0/0.0 lab@Tokyo> ping source 10.222.1.2 10.222.3.1 count 2 PING 10.222.3.1 (10.222.3.1): 56 data bytes 64 bytes from 10.222.3.1: icmp_seq=0 ttl=255 time=85.853 ms 64 bytes from 10.222.3.1: icmp_seq=1 ttl=255 time=10.049 ms --- 10.222.3.1 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 10.049/47.951/85.853/37.902 ms Both static routes are active atTokyo Test traffic sourced from the LAN interface to confirm end-to-end routing

  22. Lab 4—Parts 1–3: Static Routing • Configure and monitor static routing. • Note: This lab and future labs require each team to use the Sydney router, which is logically segmented into several virtual routers. Each student router connects to a virtual router in the form of xx-VR, where xx is a two letter abbreviation for the directly connected student router. Please keep in mind that the command syntax is slightly different when working with a virtual router. Following are some examples: ping routing-instance LO-VR show route table LO-VR traceroute routing-instance LO-VR

  23. Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF

  24. Interior Gateway Protocol Overview lo0: 192.168.255.1/32 lo0: 192.168.255.2/32 Flooded LSAs build link-state database • IGPs provide internal reachability • Promote connectivity but lack administrative controls needed to enforce routing policy • Normally, link-state routing (OSPF) is deployed • Optimal convergence and bandwidth usage based on reliable flooding of link-state updates • Builds a replicated network topology database at all stations within an OSPF area or IS-IS level and uses SPF to find optimal paths • RIP and static routing are also common Adjacencies Router B Router A Router A can reach 192.168.255.1, cost 0 Router C lo0: 192.168.255.3/32

  25. Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF

  26. What Is RIP? • RIP is an IGP that is used within an AS • Two versions: • RIPv1 (RFC 1058) • RIPv2 (RFC 2453) • Primary characteristics: • Distance-vector routing protocol; prone to loops and slow convergence • Split horizon and poison reverse for loop prevention • Hop count is used as the metric for path selection, based on Bellman-Ford distance-vector routing algorithm • Routing updates sent every 30 seconds

  27. London 10.222.2.0/30 se-1/0/0 Tokyo se-1/0/1 Wintermute HARLIE fe-0/0/1 .1 .2 lo0: 192.168.36.1 fe-0/0/1 lo0: 192.168.24.1 (DCE) (DTE) .2 .1 10.222.1.0/30 10.222.3.0/30 RIP Message Types RIP V2 Update: 10.222.1.0/30, cost 1 192.168.24.1/32, cost 1 • Two message types: • Request message • Asks neighbors to send routes • Response message • Carries route updates • Advertises up to 25 routes per update • Router decides how to handle routes in update • Add, modify, or delete

  28. Update: 192.168.1.192/26, Cost 1 RIPv2 Features • Backward compatible with RIPv1 • Update includes prefix length to support VLSM • Authentication on a per-message basis • Simple password or MD5 authentication • Updates sent to multicast address 224.0.0.9 • You can configure broadcast-based updates 192.168.1.128/26 192.168.1.0/30 The 192.168.1.0 prefix is subnetted with a variable-length netmask 192.168.1.192/26 RIP V2 updates include the netmask in updates to support VLSM 192.168.1.4/30

  29. RIP Limitations • Limitations: • Maximum network diameter = 15 hops • Regular updates include entire routing table approximately every 30 seconds • Poison reverse increases size of routing updates • Count to infinity slows route-loop prevention • Metrics reflect hop count only • Broadcasts between neighbors (RIPv1 only) • Classful routing means no prefix length carried in route updates (RIPv1 only) • No authentication mechanism exists (RIPv1 only) • Has poor convergence

  30. London 10.222.2.0/30 se-1/0/0 Tokyo se-1/0/1 Wintermute HARLIE fe-0/0/1 .1 .2 lo0: 192.168.36.1 fe-0/0/1 lo0: 192.168.24.1 (DCE) (DTE) .2 .1 10.222.1.0/30 10.222.3.0/30 RIP Case Study • Use RIPv2 to provide connectivity among all WAN, LAN, and loopback addresses

  31. Configuring RIP: J-Web • Use the J-Web Configuration > Quick Configuration > Routing and Protocols > RIP Routing wizard • Automatically creates export policy to advertise RIP-enabled interface and learned RIP routes RIP is enabled RIP is enabled on LAN, WAN, and loopback interfaces

  32. The Resulting RIP Configuration lab@London# show protocols rip group jweb-rip { export [ jweb-policy-rip jweb-policy-direct ]; neighbor fe-0/0/1.0; neighbor lo0.0; neighbor se-1/0/1.0; } [edit] lab@London# show policy-options policy-statement jweb-policy-rip { from protocol rip; then accept; } policy-statement jweb-policy-direct { from { protocol direct; interface [ fe-0/0/1.0 lo0.0 se-1/0/1.0 ]; } then accept; } Two export policies are in effect Export policies override default behavior by advertising RIP interfaces and learned RIP routes

  33. Monitoring RIP: J-Web • Use the J-Web Monitor > Routing > RIP Information page to monitor general RIP operation Two routes learned via RIP RIP interface parameters

  34. Monitoring RIP Using the CLI (1 of 3) • Show the state of your RIPinterfaces using the show rip neighbor command lab@London> show rip neighbor Source Destination Send Receive In Neighbor State Address Address Mode Mode Met -------- ----- ------- ----------- ---- ------- --- se-1/0/1.0 Up 10.222.2.2 224.0.0.9 mcast both 1 lo0.0 Up 192.168.36.1 224.0.0.9 mcast both 1 fe-0/0/1.0 Up 10.222.3.1 224.0.0.9 mcast both 1 • Show routes learned via RIP using the show route protocol rip command lab@London> show route protocol rip inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.222.1.0/30 *[RIP/100] 00:21:16, metric 2, tag 0 > to 10.222.2.1 via se-1/0/1.0 192.168.24.1/32 *[RIP/100] 00:21:16, metric 2, tag 0 > to 10.222.2.1 via se-1/0/1.0 224.0.0.9/32 *[RIP/100] 00:21:22, metric 1 MultiRecv

  35. Monitoring RIP Using the CLI (2 of 3) • Display RIP routes advertised out an interface using the show route advertising-protocol rip neighbor command • neighbor is the IP address of local RIP interface lab@London> show route advertising-protocol rip 10.222.2.2 inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.222.3.0/30 *[Direct/0] 01:19:23 > via fe-0/0/1.0 192.168.36.1/32 *[Direct/0] 01:19:23 > via lo0.0 Advertisement of the LAN and loopback addresses owned by London are confirmed on London’s se-1/0/1 interface

  36. Monitoring RIP Using the CLI (3 of 3) • Display RIP routes received on a particular interface using the show route receive-protocol rip neighborcommand • neighbor is the IP address of remote RIP neighbor lab@London> show route receive-protocol rip 10.222.2.1 inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.222.1.0/30 *[RIP/100] 00:27:04, metric 2, tag 0 > to 10.222.2.1 via se-1/0/1.0 192.168.24.1/32 *[RIP/100] 00:27:04, metric 2, tag 0 > to 10.222.2.1 via se-1/0/1.0 RIP advertisements for the LAN and loopback addresses owned by Tokyo are confirmed on London’s se-1/0/1 interface

  37. Lab 4—Parts 4–5: RIP • Configure and monitor RIP version 2.

  38. Agenda:Routing Protocols and Policy • Routing Table and Route Preferences • Routing Policy • J-Web Support for Routing Protocols and Policy • Configuring and Monitoring Static Routing • Interior Gateway Protocols • Configuring and Monitoring RIP • Configuring and Monitoring OSPF

  39. OSPF Protocol Overview • OSPF is a link-state routing protocol • OSPF reliably floods LSAs to distribute link-state information once an adjacency is formed • Each router uses these LSAs to create a complete database for the network • OSPF uses the SPF algorithm within the database to calculate the best route to every node in the network • JUNOS software support for OSPF includes: • RFC 1587, The OSPF NSSA Option • RFC 2328, OSPF Version 2 • RFC 2740, OSPF for IPv6 • draft-katz-yeung-ospf-traffic-01.txt, Traffic Engineering Extensions to OSPF • draft-ietf-katz-ward-bfd-00.txt, Bidirectional Forwarding Detection

  40. OSPF Router Terminology • Internal router has all OSPF links in the same area • Within Area 0, also called a backbonerouter • Backbone router • Any router with a link to Area 0 • ABRs • Routers that belong to more than one area are called area border routers • Connect OSPF areas to the backbone Area 0 • ASBRs • Routers that inject routing information from outside the OSPF domain are called AS boundary routers

  41. DR BDR The Designated Router • OSPF elects a DR to represent a broadcast segment • Significantly reduces OSPF traffic on segment • A backup DR is also elected to recover for DR failures • DROther stations form adjacencies to the DR and BDR only Adjacencies DROther DROther DROther

  42. OSPF Neighbors Versus Adjacencies Adjacent user@host> show ospf neighbor extensive Address Intf State ID Pri Dead 172.16.30.254 fe-0/0/0.0 Full 10.250.240.8 128 30 area 0.0.0.5, opt 0x42, DR 172.16.30.254, BDR 172.16.30.253 Up 00:10:50, adjacent 00:10:50 172.16.30.253 fe-0/0/0.0 Full 10.250.240.35 128 30 area 0.0.0.5, opt 0x42, DR 172.16.30.254, BDR 172.16.30.253 Up 00:10:50, adjacent 00:10:52 172.16.30.252 fe-0/0/0.0 2Way 10.250.240.32 64 38 area 0.0.0.5, opt 0x42, DR 172.16.30.254, BDR 172.16.30.253 Up 00:08:10 DR DROther DROther 2-way 2-way state to DROther routers is normal

  43. OSPF Areas (1 of 2) • Areas: • Single AS can be divided into smaller groups called areas • Areas reduce the link-state database because LSA flooding is now constrained to the area • Routers maintain a separate link-state database on a per-area basis • Each link-state database within an area must still be identical on all routers

  44. OSPF Areas (2 of 2) • Special OSPF area called the backbone area • Backbone area (0.0.0.0) distributes routing information between areas • All other OSPF areas must connect to the backbone area • All user traffic from one area to another must traverse the backbone

  45. OSPF Area Relationships Intra-Area Routes Area 1 Interarea Routes(Summary Routes) Area 3 Area 2 Backbone (0.0.0.0) RIP BGP External Routes

  46. OSPF Area Types • Stub areas • Do not carry external routes • Cannot contain ASBRs • Totally stubby areas • Stub areas that only receive the default route from the backbone • Not-so-stubby areas • Allow external routes to be advertised from the area but not received from another area

  47. OSPF Area Types Intra-Area Routes Stub Area Interarea Routes(Summary Routes) Default Route Not-So-StubbyArea Totally Stubby Area Backbone (0.0.0.0) RIP BGP External Routes

  48. OSPF LSA Types Summary LinksTypes 3 and 4 Router LinksType 1 ABR Originated by ABRs only.Describe networks in the AS but outside of area (interarea).Also describe the location of the ASBR. Describe the state and cost of the router’s links (interfaces) to the area (intra-area). External LinksType 5 NSSA External LinksType 7 Network LinksType 2 ASBR NSSA DR ASBR Originated for multi-access segments with more than one attached router. Describe all routers attached to the specific segment. Originated by a designated router (discussed later). Originated by an ASBR.Describe destinations external to the AS or a default route to the outside AS. Used by NSSAa to import external routes into a stub area.

  49. London 10.222.2.0/30 se-1/0/0 Tokyo se-1/0/1 Wintermute HARLIE fe-0/0/1 .1 .2 lo0: 192.168.36.1 fe-0/0/1 lo0: 192.168.24.1 (DCE) (DTE) .2 .1 10.222.1.0/30 10.222.3.0/30 OSPF Case Study (Single-Area) • Use a single OSPF area to provide connectivity among all WAN, LAN, and loopback addresses OSPF Area 0

  50. Configuring OSPF: J-Web • Use the J-Web OSPF wizard at the Configuration > Quick Configuration > Routing and Protocols page • Configuration goal: A single-area OSPF network using the sample topology Defaults tolo0address OSPF process enabled Area number and type OSPF enabled on LAN, WAN, and loopback interfaces

More Related