JNCIS-SP
Junos Intermediate Routing On-Demand – DONE
Junos Service Provider Switching – DONE
Junos MPLS Fundamentals – DONE<\/p>\n\n\n\n
https:\/\/jlabs.juniper.net\/vlabs<\/a><\/p>\n\n\n\n ========================================= CBT Junos Tunnels<\/p>\n\n\n\n gr-0\/0\/0 GRE set chasis fpc 1 pic 2 tunnel-services [bandwidth X]–> enable tunnels in x-1\/2\/x<\/p>\n\n\n\n GRE header: 24bytes = 20byes IP header + 4bytes (reserv, version, protocol type) => increase MTU !!! 0x800 = ipv4 \/ 8x86dd iv6<\/p>\n\n\n\n frames over GRE: set chassis network-services enhanced-ip vrrp: MAC 0000.5E00.01xx (MC.18) group-id (8bit) identical, priority (8bit 1-254, def=100) or hights IP, (inside interface config) GR: graceful restart GRES: Graceful Routing Engine Switchover, BUT Control Planel needs to reconverge !!! NSR: Non-stop active routing. NSR helps GRES to get CP syncronize between REs. Incompatible with GR !!! ISSU: in-service sw upgrade virtual-chassis<\/p>\n\n\n\n multicast FF00::\/8 dhcp: dhcpv6 (stateful)<\/p>\n\n\n\n ospf3: needs a router-id that is ipv4!!! 802.3ad set interfaces ge-0\/0\/0 ether-options 802.3ad ae0 level0 – ES-IS ISIS inter-area AD=18 – metric default 10s<\/p>\n\n\n\n IIH = Hello using MAC address. Router ID, area, Neighbor discovery Border router, establish L2 adj (differnt area) -> 2x LSDB!!! LSPDU: sent by border router, with Attached bit. The router L1 that receives it install a default route to the originator of LSPDU<\/p>\n\n\n\n NET address: network entity title. In lo0 !!! Set adjacencies (no need IPs!) authentication-type simple or md5 AD: 5 static routes prefernce=5 ipv4: edit routing-options staic route \u2026 preference=130 edit routing-optons aggregate -><\/p>\n\n\n\n *If contributing routes don\u2019t have a next hop (i.e., are not usable), the aggregate route may still appear, but it will be hidden (inactive) \u2014 and not advertised unless you use a discard next-hop or similar workaround.<\/p>\n\n\n\n similar to agg routes. NH = nh of primary (lowest preference) contributing route (aggregate nh=reject)<\/p>\n\n\n\n diff from agg: ie: advertise default into osfp if you are learning a specific prefix from your ISP.<\/p>\n\n\n\n set policy-option policy-statement match-contributing-prefix term match-bgp from protocol bgp route-filter NET1\/16 exact then accept set routing-options generate route 0.0.0.0\/0 policy match-contributing-prefix 0.0.0.0\/8 orlonger ipv6: loopback, rfc 2373, link-local<\/p>\n\n\n\n set routing-options martians x\/8 orlonger<\/p>\n\n\n\n show route martians table inet.0<\/p>\n\n\n\n show route instance -> default: master -> inet.0 inet6.0<\/p>\n\n\n\n edit routing-instances show route table INSTANCE.inet.0 edit routing-options edit routing-options edit protocols ospf create a logical-tunnel interface between instances and route between them: lt-0\/0\/0 edit interfaces lt-0\/0\/0 per-packet issue -> out-of-order (Junos doesnt do per-packet !!!!)<\/p>\n\n\n\n per-flow LB: show route forwarding-plane<\/p>\n\n\n\n default flow ipv4: incoming interface, src add, dst add, protocol modify: set forwarding-option hash-key family inet layer-3 layer-4<\/p>\n\n\n\n forwarding based on source IP<\/p>\n\n\n\n 1) using RIB-groups -create routing instance show route table INSTANCE.inet.0<\/p>\n\n\n\n 2) using instance-import instead of RIB-group<\/p>\n\n\n\n set policy-options policy-statement ISP-IMPORT from instance master then accept<\/p>\n\n\n\n set routing-options ISP instance-type forwarding!! routing-options static route 0.0.0\/0 next-hop IP LSDB, flooding LSA, all routers must have identical LSDB, SPF algo<\/p>\n\n\n\n packets type: Adj states ethernet: avoid adj all routers. DR only router creates adj to all routers in segment. BDR creates adj to all routers too. scalability lsa1: router links (intra-area) ospfv3 works with ipv4\/6\/ !! cost=ref-bw\/bw !!<\/p>\n\n\n\n set protocols osfp reference-bandwidth X (100Mbps default) (lo.0 has always cost 0)<\/p>\n\n\n\n set routing-options router-id LO-IP set policy-options policy-statement 2OSPF term MATCH from protocol direct route-filter NET\/X exact then accept show ospf neighbor extensive show ospf interface [extensive] troubleshooting: set protocols ospf traceoptions file TRACE-ospf flag error detail flag even detail \u2026. edit protocols ospf path vector routing protocol. state: opensent: tcp completed. wait for open from peer 4096 max bgp message size, min 19 bytes<\/p>\n\n\n\n messages: attributes NH: ip of peer advertising prfix, must be in RIB-local. ibgp doesnt change it, ebgp changes it. path-selection: nh calculation: checki inet.0 (ipv4) and inet.3 (mpls). If preference equal, inet.3 preferred.<\/p>\n\n\n\n ibgp: split-horizon -> full-mesh. NH not changed for routes coming from ebgp (change it with “next-hop self”)<\/p>\n\n\n\n edit policy-options edit routing-options edit protocols bgp edit routing-options aggregate edit policy-options routers from peers -> RIB-in -> import-policy -> RIB-local -> export-policy -> RIB_out -> routes to peers<\/p>\n\n\n\n only for active routes<\/p>\n\n\n\n RIB-in: shw route receved-protocol bgp IP (before routing filtering!!!) both statelss by default: keepalive config possible or use BFD define static routes to use tunnel GRE: ipv4\/6, mpls. 24B overhead. TTL decremented. RFC1702 support multiple logical units per interface. as stateless, you need a valid route to the remote endpoints<\/p>\n\n\n\n set interface gr-0\/0\/0 unit 0 tunnel source IP1 destination IP2 IP-IP: 20B overhead. TTL decremented. rfc2003. Only for IP pmtud: set system internet-options gre-path-mtu-discovery uptime <> availability GR show bgp neighbor IP BFD ospf, isis, bgp, rsvp, pim, static routes. 3 hellos missed -> down https:\/\/www.cisco.com\/en\/US\/technologies\/tk648\/tk365\/tk480\/technologies_white_paper0900aecd80244005.html<\/a><\/p>\n\n\n\n How are the timers actually negotiated? Each system, upon receiving a BFD control packet will take the “Required Min RX Interval” and compare it to its own “Desired Min TX Interval” and take the greater (slower) of the two values and use it as the transmission rate for its BFD packets. Thus, the slower of the two systems determines the transmission rate.<\/p>\n\n\n\n GRE switchover: doesnt conserve control plane\u2026 if NSR is configured, then it is kept. set groups RE1 system hostname R1-RE1 backup-router IP commit synchronize<\/p>\n\n\n\n set chassis redudancy gracedful-switchover set routing-options nonstop-routing show task replication<\/p>\n\n\n\n Unified ISSU: unifie in-service software upgrade. ugrade junos withou disruption CP rfc 2338, by default master doesnt respond to ICMP to VIP (can be changed), support auth, preempt enabled by default set interface ge-0\/0\/3 unit 0 family inet address IP vrrp-group X virtual-address VIP priority 200<\/p>\n\n\n\n show vrrp summary<\/p>\n\n\n\n QoS, no NAT, end2end ipsec, autoconfig extension headers 8x 16b hex blocs<\/p>\n\n\n\n unicast ::\/0 = default route scope: NDP = Neighbor Discovery Protocol -> ICMP + link-local + multicast.<\/p>\n\n\n\n Router Discovery: SLAAC: Stateless Address AutoConfiguration dhcpv6: rfc3315 – it doenst require the MAC to build the ipv6 tunneling ipv6 over ipv4: CLNP packets originally ospf similiraties: ISIS PDU: LS PDU: flood periodically in area. build LSDB<\/p>\n\n\n\n Seq Num PDU: complete: all LS in LSDB, flood periodically. multicast Adj: config: set interfaces ge-0\/0\/0 unit 0 family iso show isis interfaces issues: physical (l1) or ethernet (l2) issue. Mismatch ares (for level1) and levels, minimum MTU 1492, lack of iso-net, missing lo0<\/p>\n\n\n\n 802.1q tag 32b -> vlan id: 12b. It doesnt scale -> C-VLAN normalization (mainly PEB) = rewrite C-TAG set bridge-domains CUST1 vlan-id none \/\/ interface PE-> CE \/\/ interface to PE->P S-VLAN translation. In P router, link between SP1 P and SP2 P<\/p>\n\n\n\n set interface ge-0\/0\/2 flexible-vlan-tagging vpls: mpls, igp, 802.1q (replacement of q-in-q)<\/p>\n\n\n\n ========================================= physical (show interface terse) vs logical (.x), interface family (inet, inet6, iso, mpls, etc) bridgin: 802.1d-2004, segments of a single collision domain, isolates L1, FIB,<\/p>\n\n\n\n learning domain: is a DB, attaches to bridge domain 1:1,<\/p>\n\n\n\n learning: check all frames, learn MAC, src port and timing. show bridge mac-table<\/p>\n\n\n\n timeout = 300s, max learned MAC 393215<\/p>\n\n\n\n mac-table-size default 5120<\/p>\n\n\n\n l2 firewall filters: vlan: broadcast domain vlan-id-list [100 500-505] Really Mean? – This interface accepts or outputs only VLAN IDs 100 and 500 to 505 \u2014 after translation!! set bridge-domains NAME vlan-id [ X y z a-b ] MVRP: multiple vlan registration protocol, l2 messaging protocol to automae creation and mgmt vlans. only on trunk ports. IRB: integrated routing and bridging: l3 gw for a vlan. set brige domains NAMEX vlan-id x show bridge mac-table<\/p>\n\n\n\n chatgpt: routing instances -> virtual router (default) or virtual switch (default-switch)<\/p>\n\n\n\n set routing-instances NAME instance-type virtual-router|virtual-switch show bridge domain interconnecting methods: external: using physical interfaces, supported for VS and VR<\/p>\n\n\n\n Logical-Systems: LSYS – max 15, offer routing and mgmt separation show bridge domain logical-system LSYS-1<\/p>\n\n\n\n interconnect: via logical-tunnel or physical loop<\/p>\n\n\n\n 802.1q issue: mac learning form customers PBN = Provider Bridged Network Learning: set interfaces ge-0\/0\/0 flexible-vlan-tagging unit 0 vlan-id 200 \/\/ s-tag set bridge-domain NAME vlan-id 200 \/\/ s-tag<\/p>\n\n\n\n customer edge port set bridge-domains NAME1 interface ge-1\/0\/0 vlan-id none => C-vlan pops before MAC table look-up<\/p>\n\n\n\n for customer is just a LAN segment broadcast storm, duplicated packets blocking: doesnt sent BPDU, but listen in p2p links: transition to forwarding without waiting for timers to expire new port-roles: states: discarding (disabled, blocking, listening \/\/ role: alternate, backup, disable), learning, forwarding (role: root, designated, edge)<\/p>\n\n\n\n bpdu: as keepalive (2s)<\/p>\n\n\n\n mx full-duplex -> port is p2p.<\/p>\n\n\n\n format: flags,<\/p>\n\n\n\n bridge id: priority (4b) + extended id (12b) + bridge address (48b)<\/p>\n\n\n\n tcn: only when non-edge (intereconnect switches) port transition to fw state. Transition to discarding doesnt trigger tcn extension rstp MST region: MST switches with same region name, revision level and vlan-2-instance mapping CST = common ST, interconnects MST regions, one root bridge for CST, each MSTP region appears as a virtual bridge RSTP is used to interconnect MSTP regions or RSTP-only bridges<\/p>\n\n\n\n VSTP: similat to RSTP, 4094 instances, proprietary<\/p>\n\n\n\n show spanning-tree interface set protocols rstp hello-time X max-age x forward-delay x bridge-priority x set protocols mstp configuration-name REGION1 revision-level x show spanning-tree mstp configuration<\/p>\n\n\n\n set protocols vstp interface ge-1\/0\/1 show spanning-tree interface<\/p>\n\n\n\n set protocols rstp interface ge-1\/0\/1 edge if not rstp: show l2-learning interface<\/p>\n\n\n\n clear error bpdu interface<\/p>\n\n\n\n set protocols rstp interface ge-1\/0\/1 bpdu-timeout-action block<\/p>\n\n\n\n set protocols rstp interface ge-1\/0\/1 no-root-port<\/p>\n\n\n\n set protocols rstp force-version stp<\/p>\n\n\n\n Operation Administration Maintenance – OAM<\/p>\n\n\n\n availability, frame delay, frame delay variation (jitter), frame lost – 802.3-2008.clause – First mile OAM. Link Fault Management LFM<\/p>\n\n\n\n detect defects: use of continuitity check messages (CCM), unidirect and without ack, by intervals<\/p>\n\n\n\n indicators: loopback messages: Link Trace Messages LTMs: like traceroute. identify nodes along the path. perform bidir continuity check<\/p>\n\n\n\n LFM: Link Fault Management is limitied to a single Ethernet link (no AIS available) CFM: Connectivity Fault Management<\/p>\n\n\n\n ** LFM config show oam ethenet link-fault-management<\/p>\n\n\n\n –<\/p>\n\n\n\n test looped circuit<\/p>\n\n\n\n edit interface ge-1\/3\/5 unit 0 family inet ping 10.0.0.1 –> It seem TTL exceed that is good!!! loop works<\/p>\n\n\n\n ** CFM config: customer bridge show oam ethernet connecitivty-fault-management interface ge-1\/1\/5.115 vlan 115 [extensive]<\/p>\n\n\n\n ping ethernet maintenance-domain customer maintenance-association evc1 mep 106 monitor ethernet delay-measurement maintenance-domain customer maintenance-association evc1 mep 106 two-way<\/p>\n\n\n\n ERP = Ethernet Ring Protection – ITU-T G.8032. Replaces STP, less 50ms recovery for ring. config: must have eas and west-interfacce<\/p>\n\n\n\n set protocols protection-group ethernet-ring PNAME show protection-group ethernet-ring aps [detail]<\/p>\n\n\n\n LAG<\/p>\n\n\n\n 802.3ad LACP: actor, partner (remote). Active or passive (default). you must one active end. Junos doesnt do automatic aggregation.<\/p>\n\n\n\n set chassis aggregated-devices ethernet device-count x<\/p>\n\n\n\n set interface ae0 unit 0 family bridge MC-LAG uses ICCP (Inter-Chassis Control Protocol, used TCP similar to BGP) to exchange info between nodes set switching-options service-id X (idem in both devices) set interface ae0 aggregated-ether-option lacp active show iccp inter chassis redundancy. VCCP, based on ISIS, MPC cards, recommend 10G interfaces for VCP ports. show system processses<\/p>\n\n\n\n show system core-dumps edit protocols rstp show chassis routing-engine<\/p>\n\n\n\n edit snmp jflowv10 – mpc card<\/p>\n\n\n\n edit services edit forwarding-options sampling edit chassis show services accounting status inline-jflow<\/p>\n\n\n\n edit forwarding-options port-mirroring edit firewall family inet ARP entry for the monitoring device<\/p>\n\n\n\n show forwarding-options port-mirroring<\/p>\n\n\n\n ========================================= p2mp -> avoid to run multicast<\/p>\n\n\n\n mpls header: 32b LSP is unidirectional PHP: penultime hop poping<\/p>\n\n\n\n inet.3 -> all ingress LSP for the router. inet.3 is used to resolve bgp NH. BGP checks inet.0 and inet.3s, the protocol with lower AD wins (RSVP\/LDP is lower that ISIS OSPF etc). inet.3 is used for no-labeled traffic<\/p>\n\n\n\n ** You use install active when you want regular traffic (not BGP-labeled) to use the LSP directly \u2014 for example, in LSP ping tests, or when configuring static routes using LSPs.<\/p>\n\n\n\n set protocols mpls label-switched-path R1-to-R2 to 192.0.2.2 set routing-options static route 10.10.10.0\/24 next-hop 192.0.2.2<\/p>\n\n\n\n show route table mpls.0 label 16 detail (mpls.0 = LFIB) – mpls.0 is used for labeled traffic. So mainly in P routers<\/p>\n\n\n\n static LSP: rare in prod networks<\/p>\n\n\n\n RSVP: LDP: SR: BGP-LU: BGP can advertise labels using special address-family. Run MPLs VPN between AS<\/p>\n\n\n\n set interfaces ge-0\/0\/0 unit 0 family mpls (for data plane)<\/p>\n\n\n\n set protocols mpls interface ge-0\/0\/0.0 (for control plane) -> show mls interface (says noting about remote routers! only local)<\/p>\n\n\n\n 1.000.000 – 1.400.000 statuc labels<\/p>\n\n\n\n !! unidirectioal !! For transit (P) For PHP (P) show mpls static-lsp ingress|transit<\/p>\n\n\n\n show route table mpls.0 (routing based on incoming labels) you may see (S=0) that’t the stack-bottom bit !!!<\/p>\n\n\n\n show route Lo.IP-egrees-PE => will show the static lsp in inet.3 !!<\/p>\n\n\n\n show route NET_advertised_by_egrees_PE [detail]<\/p>\n\n\n\n set protocols mpls icmp-tunneling => show mpls hops in traceroute<\/p>\n\n\n\n set cli logical-system X create RSVP LSP at ingress router. Every other hop takes care by itself.<\/p>\n\n\n\n feature rich. backup standby LSP from headend (ingress), create local-repair LSP to protect from link\/node failure.<\/p>\n\n\n\n ospf\/isis used for advertise TE. default by isis. set interfaces ge-0\/0\/0 unit 0 family mpls (for data plane)<\/p>\n\n\n\n set protocols mpls interface ge-0\/0\/0.0 (for control plane) -> show mpls interface (says noting about remote routers! only local)<\/p>\n\n\n\n set protocols rsvp interface ge-0\/0\/0.0 (for control plane) -> show rsvp interfaces (idem) \/ show rsvp neighbor<\/p>\n\n\n\n enable firewall if CoP enabled! set protocols ospf areo 0.0.0.0 interface X.0 interface-type p2p set protocols mpls (!!!) label-switched-path NAME to lo.IP.egreess_PE no-cspf (turns-off constrained shortest path first -> dont use TED!!)<\/p>\n\n\n\n show mpls lsp [name NAME] [ingress, transit, egress] [extensive] show rsvp session<\/p>\n\n\n\n show route table inet.3 mpls self-ping: check if lsp is ready to forward traffic because lsp are unidirect! hello message messages contain many objects.<\/p>\n\n\n\n bw visibility, tag links. Every router has almost identical TED. ISIS gives hostname!! OSPF gives router Id number -> difficult!<\/p>\n\n\n\n show ted database [extensive ] ISIS TLVs. set protocols mpls label-switched-path NAME to lo.IP.egreess_PE<\/p>\n\n\n\n show mpls lsp [name NAME] detail -> shows ERO. Transit router never calculate an alternate path. ERO can be strict or loose stric: hops must be directly connected. set protocols mpls path NAME_PATH lo0.PEx loose set protocols mpls label-switched-path NAME_LSP to lo.PEz primary NAME_PATH<\/p>\n\n\n\n —<\/p>\n\n\n\n set protocols ospf traffic-engineering -> LSA type10 – opaque LSA, not sent outside area — It uses CSPF manual bw reservation are hard -> auto-bw, but complicated. not showed in this curse.<\/p>\n\n\n\n set protocols mpls label-switch-path NAME1 to lo0.PE1 bandwidth Xm oversubscribe vs undersubscribe monitor labeled-swith-path NAME -> show traffic stats<\/p>\n\n\n\n solve issue from bw reservation. first lsp gets best path. Or some LSP may not come up<\/p>\n\n\n\n Two values: setup priority (default 7): value used to install lsp in a path. It is compared with the hold value of other lsp set protocols mpls label-switch-path NAME1 priority SETUP HOLD –> This can trigger LSP flaps !!!!s<\/p>\n\n\n\n show mpls lsp name NAME detail set groups RSVP_PRIO protocols mpls labeled-switched-path <*> priority 5 4 default: lsp rerouting is not graceful!!! because it turns down and signals a new path CSPF = Constrained Shortest Path First. Used TED. like SPF<\/p>\n\n\n\n set protocols mpls label-switched-path NAME to IP [random, most-fill, lest-fill]<\/p>\n\n\n\n Admin Groups = affinity group, link coloring. Group link to be avoided or be used. This is unidirectional !!!<\/p>\n\n\n\n set protocols mpls admin-groups ADGROUP [0-31] -> only number is advertised !!! so you have to map the names to number in each device when writing config!!! set protocols mpls lable-switched-path LSP to PE-IP adming-group [include-any | inclide-all | exclude ] [GROUP1 GROUP2]<\/p>\n\n\n\n messages: (path->egress(direct path) \/ resv->ingress(return path))<\/p>\n\n\n\n PathTear: towards egress (direct path: downstream). Tear down LSP PathErr: towards ingrees (upstream). Commumicate errors info overload reduction: Primary is used. several secondary paths can be defined. secondary is calculated if primary goes down. set protocols mpls path PATH1 PE1-LO loose<\/p>\n\n\n\n set protocols mpls label-switched-path LSPx to PEx-Lo primary PATH1 secondary PATH2 secondary PATH3<\/p>\n\n\n\n retry-limit: default 0 (unlimiited) – number of times will try to find a new primary set protocols mpls label-switched-path LSP1 secondary PATHx select manual –> secondary path comes up immediately and used for forwarding. —<\/p>\n\n\n\n defining secondary constraints is manual and tedious set protocols mpls label-switched-path LSP1 to PEx-Lo primary BLANK_PRIMARY secondary BLANK_SECONDARY standby! show mpls lsp ingress LSP1 detail<\/p>\n\n\n\n trade-off: standby secondary -> double up number RSVP tunnels show route IP\/x detail | match “inet.0|IP|via|Push” show route forwarding-table matching IP\/x extensive<\/p>\n\n\n\n enable LB in FIB: protect agains link and node failure, reduce downtime -> always-on backup LSP at the “point of local repair”. Used short time until headend calculate new LSP rfc 4090 -facility backcup: 1 backup pth (“bypass”) for many LSP. = link-protection or node-link-protectio (better). Scales better in big networks bypass to next-hop -> protects link-failure set protocols rsvp interface ge-0\/0\/0.0 link-protection [on all links you want link-protection\/node-protection] show route IP\/x [detail] -> you can see Bypass!! it has hight weight, the bottom label is the one for identifying the next-next-hop, big networks -> facility backup if they support 3 labels at least, if not, use FRR ring topology + 121 -> ech router merges incomeing detour into its outgoing detour lsp stays in same path until tear-down or kicked-out by LSP with lower priority value global: set protocols mpls optimize-timer X (0s=never until 65535s) manual: clear mpls lsp name LSP optimize -> It will not clear it!!!<\/p>\n\n\n\n conditions for LSP optimization<\/p>\n\n\n\n set protocols mpls optimize-aggressive -> optimized purely in IGP metric! optmize detour and bupass: set protocols rsvp interface ge-0\/0\/0 link-protecton optimize-timer (0..65535)<\/p>\n\n\n\n when link\/node down, temporarily, there are two copies same LSP: same name, same tunnel ID but different LSP ids -> show rsvp session<\/p>\n\n\n\n MBB: make before break: traffic is hitlessly moved to an alternative path outside scope: auto-bw and p2mp lsp (l2vpn course – vpls)<\/p>\n\n\n\n preventing double-counting of bw: this happens with two copies of the same LSP share a link. By default, routers see two copies of same LSP as tehy are different LSPs -> problem<\/p>\n\n\n\n sol: reservation style:<\/p>\n\n\n\n set protocols mpls label-switched-path LSP1 adaptive \/\/ it enabled MBB map traffic to rsvp lsp: set routing-options forwarding-table export MAP<\/p>\n\n\n\n show route IP\/x automatic full-mesh lsp to loobacks, follows igp best path -> inet.3 RSVP: ingress router send a Path message = “downstream on deman” –> Ordered control: junos only advertised a FEC when it has received a label downstream LDP LSP are like a tree -> multipoint-to-point LSP (the top is the originating PE.lo=FEC) Every PE has a LSP to the egress = top<\/p>\n\n\n\n hello msg: dst IP: 224.0.0.2. it containes the lo.0 so then they can start TCP sesion. TCP started by highest Lo IP header: version:1 , LSR ID = loopbackc, Label Space ID = 0 (any label can be used)<\/p>\n\n\n\n set protocols ldp interface ge-0\/0\/0.0 (not needed in the loopback) (CP) set firewall family inet filter LO term LDP from protocol tcp udp port ldp then accept<\/p>\n\n\n\n show ldp interface [detail | extensive] ldp-igp sync: If not ldp in best path, mpls packets are dropped set protocols isis interface ge-0\/0\/0.0 ldp-synchronization (only in p2p interface!!!!)<\/p>\n\n\n\n by default ldp metric = 1 -> if used with BGP multipath => LDP can LB with un-equal cost paths. “session-protection” creates an always-up multihop LDP neighborship from loopback to loopback. The router were adjacent, but the link went down. egress policies: advertise other FECs apart from PE lo0.<\/p>\n\n\n\n set policy-options policy-statement LDP_EGRESS term export from route-fileter CPE-LO\/32 route-filter PE-LO\/32 (default term is rejecT!!!)\u2026 then accept import\/export: act on FECs that already exist export: Prevent accepted FEC to be readvertised -ldp tunneling 2010 – SR or SPRING. shortest-path, TE and local-repair. Source-based routing. SR advertises labels using is-is\/ospf, so all routers know the labels that every other router has assinged, router can build a stack of labels to specify an exact path: huge reduction in state -> no extra adjecencis (rsvp\/ldp), TE lsp dont need to be signaled<\/p>\n\n\n\n segment = link, router, prefix, etc. each segment has SID (segment ID). All advertised by isis\/ospf<\/p>\n\n\n\n Adj SID: label allocated to each link running isis\/ospf. One label for ipv4 and other for ipv6 set interface ge-0\/0\/0 unit 0 family mpls (DP) show isis adjacency R4 detail show route table mpls.0 label X<\/p>\n\n\n\n Controller for generating stack of labels: Juniper Paragon Pathfinder.<\/p>\n\n\n\n Replace LDP: no need label stacks, no need external controller. SR can use the same transport label at every hop. set protocols isis source-packet-routing node-segment ipv4-index 405 (same in all routers) show route table mpls.0 label XXX<\/p>\n\n\n\n when you configure node SIDs on each router, you will find that inet.3 is automatically populated with a full mesh of shortest-paths LSP to each other router, like LDP => show route table inet.3<\/p>\n\n\n\n calculating label = next-hop router starting label + router destination SID<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" JNCIS-SPJunos Intermediate Routing On-Demand – DONEJunos Service Provider Switching – DONEJunos MPLS Fundamentals – DONE https:\/\/jlabs.juniper.net\/vlabs =========================================Junos Intermediate Routing On-Demand========================================= CBT Junos Tunnels gr-0\/0\/0 GREip-0\/0\/0 IPoverIP set chasis fpc 1 pic 2 tunnel-services [bandwidth X]–> enable tunnels in x-1\/2\/x GRE header: 24bytes = 20byes IP header + 4bytes (reserv, version, protocol type) => increase MTU … Continue reading “JNCIS-SP”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-2009","post","type-post","status-publish","format-standard","hentry","category-networks"],"_links":{"self":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts\/2009","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/comments?post=2009"}],"version-history":[{"count":1,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts\/2009\/revisions"}],"predecessor-version":[{"id":2010,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts\/2009\/revisions\/2010"}],"wp:attachment":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/media?parent=2009"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/categories?post=2009"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/tags?post=2009"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Junos Intermediate Routing On-Demand
=========================================<\/p>\n\n\n\n
\n\n\n\n
ip-0\/0\/0 IPoverIP<\/p>\n\n\n\n
set intefaces gr-0\/0\/0 unit 0 family bridge interface-mode trunk vlan-id-list 100 core-facing<\/p>\n\n\n\n set routing-instances virtsw instance-type virtual-switch\n interface ge-0\/0\/2.0\n gr-0\/0\/0.0\n bridge-domain C100 vlan-id 100<\/code><\/pre>\n\n\n\nCBT Chassis HA<\/h2>\n\n\n\n
v3: ipv6 and <1s<\/p>\n\n\n\n
set vrrp-group 1 virtual-address VIP [priority x]<\/p>\n\n\n\n
set routing-options graceful-restart (show ospf overview)<\/p>\n\n\n\n
set chassis redundancy graceful-switchover
request chassis routing-engine master switch check<\/p>\n\n\n\n
set routing-options nonstop-routing
set systen commit syschronize
show task replication<\/p>\n\n\n\n
Needs GRES+NSR
request system software in-service-upgrade \/var\/tmp\/file.tgz reboot<\/p>\n\n\n\nCBT IPv6<\/h2>\n\n\n\n
link-local FE80::\/10 (no routable), NDP (like ARP) neighbor discovery prot (Neigh Solicitation, Neigh Adver)
unique-local FC00 or FEC8 (no internet routable – like private IP)
global unicst: 2000::\/3<\/p>\n\n\n\n
slaac (staless): EUI-64: use MAC 48b + FFFE (mac 24b (flip 7th) FFFE mac 24b) -> 64 bits + 64 bits from Route Solication
set interface ge-0\/0\/2 unit 0 family inet6 address 2012:db8::\/64 eui-64<\/p>\n\n\n\n
set routing-options router-id ipv4<\/p>\n\n\n\nCBT LACP<\/h2>\n\n\n\n
max 8 links per lacp
set chassis aggregated-devices ethernet device-count X<\/p>\n\n\n\n
1
set interfacce ae0 aggregated-ether-options lacp active|passive periodic fast|slow (30s) (def is fast=1sec)
unit 0 family etherent-switching port-mode trunk (EX)
interface-mode (QFX(
bridge interface-mode trunk vlan-id-list 300 (MX)<\/p>\n\n\n\nCBT ISIS<\/h2>\n\n\n\n
level1 – IS-IS intra-area
level2 – IS-IS inter-area<\/p>\n\n\n\n intra-area AD=15 idem<\/code><\/pre>\n\n\n\n
CSNP = Like DB descriptor in OSPF. After neighbor discovery
PSNP = request prefix and route info<\/p>\n\n\n\n
establish L1 adj (same area)<\/p>\n\n\n\n
49.(16b – area ID).(48b MAC).00<\/p>\n\n\n\n
1) set NET in lo0.0 under family iso
2) set protocols isis interface X.0
3) set interface x.0 family iso (NET not needed!(
4) disable the level you dont need!! (by default all links are l1\/l2)<\/p>\n\n\n\n
authenticaion-key key<\/p>\n\n\n\nProtocol Independent Routing (Static routes)<\/h1>\n\n\n\n
0 directed connect<\/code><\/pre>\n\n\n\n
7 rsvp-lsp
8 sr-te
9 lsdp-lsp
10 ospf internal
15 isis l1
18 isis l2
105 pim
130 agg
150 ospf ext
160 isis ext
170 bgp<\/p>\n\n\n\n
nh = ip directled connected, reject, discard
no recursive loop-up performed by default (like cisco) -> need to use “resolve”
qualified-next-hop IP preference X
no-readvertise (ie for mgmt not advertised into IGP) block exporting via policies
as-path, community, metric, preference<\/p>\n\n\n\n
ipv6: edit routing-options rib inet6.0 static route \u2026<\/p>\n\n\n\nAggregate routes<\/h2>\n\n\n\n
at least one contributing route active
default nh = reject
as-path, community, metric, policy, preference
show route AGG\/22 exact detail<\/p>\n\n\n\nGenerated Routes<\/h2>\n\n\n\n
-you can assign a next hop.
-And you don’t need the contributing route to be resolvable \u2014 it just needs to exist in the routing table (even if unusable).
-It allows more flexibility when the contributing route is unusable or when you want to inject a route into the table regardless of reachability.<\/p>\n\n\n\n
term else-reject then reject
set policy-option policy-statement export-default term match-default from protocol aggregate route-filter 0.0.0.0\/0 exact then accept<\/p>\n\n\n\n
set protocol ospf export export-default<\/p>\n\n\n\nMartia Routes<\/h2>\n\n\n\n
127.0.0.0\/8 orlonger
192.0.0.0\/24 orlonger
240.0.0.0\/4 orlonger<\/p>\n\n\n\nRouting Instance (LAB)<\/h1>\n\n\n\n
set instance-type x=forwarding, l2vpn, no-forwarding (make big network smaller), virtual-router (system virtualization), vpls, vrf (for l3vpn)
set interface ge-0xxxx
set routing-options static route \u2026. next-hop xxx
set protocols ospf area 0.0.0.0 interface ge-xxxxx<\/p>\n\n\n\n
show interface terse routing-instance INSTANCE<\/p>\n\n\n\nrib groups: share routes between routing tables<\/h2>\n\n\n\n
rib-groups NAME
export-rib T0 (only one! – where routes should be taken from) normally omitted because it is always the primary rib
import-rib T1 T2 (severals tables – where routes should be placed) ????????\/
import-policy POLICY<\/p>\n\n\n\n
rib-group test
import-rib [ inet.0 test.inet.0] ===> routes from inet.0 TO test.inet.0 ???? ^^^^ differente from aboves<\/p>\n\n\n\n
set rib-group test
area 0.0.0.0 interface ge-0\/0\/0.0 lo0.0<\/p>\n\n\n\n
*requires service card<\/p>\n\n\n\n
unit 0
encapsulation ethernet
peer-unit 1
family inet
uni t
encapsulation ethernet
peer-unit 0
family inet<\/p>\n\n\n\nLOAD BALANCING<\/h1>\n\n\n\n
set policy-options policy-statement LB-ALL then load-balance per-packet
set routing-options forwarding-place export LB-ALL<\/p>\n\n\n\n
ipv6: l3,l4,traffic class<\/p>\n\n\n\nFilter-Based-Forwarding (FBF) (lab)<\/h1>\n\n\n\n
-create match filter and apply to incomming interfaces
set firewall family inet filter F-NAME term TERM from CONDITION then routing-instance INSTANCE<\/p>\n\n\n\n\n
set interface ge-0\/0\/0 unit 0 family inet filter input F-NAME<\/li>\n<\/ul>\n\n\n\n
set routing-instance INSTANCE instance-type forwarding!! routing-option static route 0.0.0\/0 next-hop IP
next-table inet.0
-create rib group
set routing-options interface-routes rib-group inet GROUP
rib-groups NAME import-rib [ inet.0 INSTANCE.inet.0 ]<\/p>\n\n\n\n
instancce-import ISP-IMPORT<\/p>\n\n\n\nFundamenals OSPF<\/h1>\n\n\n\n
1 hello: 10s default, MC to 224.0.0.5, incluse: netmask, hello interval<\/em>, dead, options<\/em>, priority, DR, BDR, neighbor
2 db description: during adj formation, hightest RID is primary for sync and set\/maintein seq nu. This relationship is forgotten after transfer. LSDB = ospf header, seq nu, lsa header
3 ls-request: request precise version of db: ospf header, ls-type, ls-id, adv-router (RID of the originator router)
4 ls-update:to 224.0.0.5\/6: ospf header, num of adc, ls-adv
5 ls-ack: unicast to originator.<\/p>\n\n\n\n
down
init: hello packet sent
2way: hell received, bidir achieved
exStart: decide primary router for db sync
exchange: lsdb exchange started
load: transmision finish but still reading from peer
full: lsdb is sync<\/p>\n\n\n\n
interface-type p2p: no DR\/BDR is elected (saves time), no lsa type-2 generated
DR: higher priority (default 128), higher RID, no preemption,
NoDR routers create 2way adj with other NoDR routers.<\/p>\n\n\n\n
reduce lsdb: multiple areas, route summarization between areas.
areas:
area0: all connect to area0
ABR: connect areaX to area0
ASBR: outside ospf to areaX
stub area: LSA3 yes (inter-area), no LSA4\/5 (ext) and no ASBR. Inject default route (need configuration)
totally stubby-area: only default, no LSA3-5.
not-so-stubby-area: it gets external routes and can advertise them to are0 but it can’t receive LSA5 from other areas.<\/p>\n\n\n\n
lsa2: network links (by DR only), describe routers attached to the segment
lsa3: summary, by ABR, inter-are links
lsa4: by ABR, path to ASBR.
lsa5: external, prefix redistributed by ASBR, by-default lsa5-type2 (ext cost not included) (type1 cost to ASBR includded)
lsa7: nssa, by ASBR in NSSA, then the ABR creates a LS5.<\/p>\n\n\n\nDeploy OSPF<\/h1>\n\n\n\n
auth, summarization (ABR), external prefix-limit, graceful-restart, BFD<\/p>\n\n\n\n
set protocols ospf|ospf3 area AREAID interface x.x<\/p>\n\n\n\n
set protocols ospf export 2OSPF<\/p>\n\n\n\n
clear ospf neighbor<\/p>\n\n\n\n
show ospf route [abr, asbr, inter, intra, extern, detail,instance]
show ospf database [brief (default), detail, extensive,]
show ospf statistics
show ospf log<\/p>\n\n\n\n
no neighbor: check link status
exstart: check MTU
2way: normal for DR-other neighbor<\/p>\n\n\n\n
show log TRACE-ospf<\/p>\n\n\n\n
save \/var\/tmp\/working-ospf.confg ==> save config to a file from config mode.<\/p>\n\n\n\nFundamenals BGP<\/h1>\n\n\n\n
NLRI: Network Layer Reachability Information
classless, bgpv4, rfc 4271
nonportable (ISP provide IP range), portable (customer has its own prefix).
ebgp -> ttl=1 !!!
ibgp: full-mesh, using lo0 !!!
tcp 179, manually defined neighbors
loop avoidance: as path,<\/p>\n\n\n\n
idle: init stte
connect: waiting for tcp to complete
active: trying to establish tcp connection<\/p>\n\n\n\n
openconfirm: wait for keep alive from peer.
established: received keepalive from peer. all done<\/p>\n\n\n\n
open: after tcp completed, initiates bgp sesson
update: transport routing info
keepalive:
notificaton: signal when something is wrong.
refresh: soft clearing bgp session to re-advertise route<\/p>\n\n\n\n
wellknown-mandatory: as-path, origin, NH. supported by al bgp implementations. included in each bgp update
wk-discretionary: local-pref, atomic-agg. supported by all bgp implementation. not included in each bgp update
optional-transitive: community, agg. not supported by all bgp implementation. but they need to pass it along unchanged
optional-nontransitive: MED, cluster-list, originator ID. not supported by all bgp implemnetation. If attribure is not identified, it is ignored and not passed along.<\/p>\n\n\n\n
LP: determine outbound. higher best. used withing individual AS, not redistributed to ebgp (default 100)
as-path: check loop
origin: where was received: 0 – IGP, 1 – EGP, ? – incomplete (redistribute)
MED: multihomed to same external ISP (same ASN!!!). determine inbound from that ISP to you. lower best (default 0)
communities: edit policy-optionss<\/p>\n\n\n\n
NH + no loop, highest LP, shortest AS-path, lowest origin, lowest med, ebgp before ibgp, if all ibgp then best exit from AS, if all ebgp, choose current active or one from peer with lowest RID, RR: shortest cluster lenght, routes from peer with lowest RID<\/p>\n\n\n\nDeploy BGP<\/h1>\n\n\n\n
set policy-statemen NH-self term 1 then next-hop self<\/p>\n\n\n\n
set router-id LO.0
set autonomous-system ASN<\/p>\n\n\n\n
set group int-ASN
type internal
local-addess LO.0
neihbor R1.lo0
export NH-self
set group ext-ASN
type external
peer-as ASN
neighbor R2.interface.IP<\/p>\n\n\n\n
\n\n\n\n
route IP\/22<\/p>\n\n\n\n
set policy-statement adv-agg term 1 from protocol aggregate route-filter IP\/22 extac then accept<\/p>\n\n\n\n
RIB-out: show route advertised-protocol bgp IP (after route filtering!!!)<\/p>\n\n\n\nIP Tunneling<\/h1>\n\n\n\n
set protocols oam gre-tunnel interface gr-x\/x\/x.1 keepalive-time 10 hold-time 30<\/p>\n\n\n\n
set routing-options static route LAN2 next-hop gr-x\/x\/x.0<\/p>\n\n\n\n
gr-x\/x\/x<\/p>\n\n\n\n
family inet<\/p>\n\n\n\n
ip-x\/x\/x<\/p>\n\n\n\n
watch out MTU !!!<\/p>\n\n\n\nGR and BFD<\/h1>\n\n\n\n
GR=Graceful Restart: (NSR is mutuel excluent from GR)
BFD: hello bassed
VRRP: vip lan side
ISSU: dual RE, upgrade withouth interruption<\/p>\n\n\n\n
rquest grace period to neighbord. fowarding continue during restart. neighbord hide the failure to the rest of the network
supported: ospf, isis,bgp, rsvp, ldp.
requirements: all routers (restarting and helpers) need to support GR and NonStopForwarding !!!!
GR !!helper!! mode is enabled by default, but not for restarter???
set routing-options graceful-restart disable (globla or can do via protocol)<\/p>\n\n\n\n
set protocols ospf traceoptions flap graceul-restart<\/p>\n\n\n\n
set protocols bgp group G1 bfd-liveness-detection minimun-interval 300
show bfd session
show bgp neighbor IP<\/p>\n\n\n\nGRES, NSR, Unified ISSU<\/h1>\n\n\n\n
without GRES: PFE is restarted, the new RE restart RPD
with GRES: PFE is not restarted, new RP restars RPD.<\/p>\n\n\n\n
interfaces fxp0 \u2026
RE0 system hostname R1-RE0 backup-router IP
interfaces fxp0<\/p>\n\n\n\n
show system switchover (only in backup RE)<\/p>\n\n\n\nNSR: uses GRES. RPD runs in backup RE. Mutually exclusive with GR<\/h2>\n\n\n\n
chassis redunddancy graceufl-switchover<\/p>\n\n\n\n
GRES + NSR<\/p>\n\n\n\nVRRP<\/h1>\n\n\n\n
vrrp master: responds to ARP
224.0.0.18, ttl=255, 1s interval
virtual mac: 00.00.5E.00.01.VRID
hight priority -> best (dfault 100)<\/p>\n\n\n\nINTRO IPv6<\/h1>\n\n\n\n
header 40B. version, traffic class, flow label, payoad length, next header, hop limit, src add, dst add<\/p>\n\n\n\n
hop-by-hop options
routing
fragment
destination options
auth
enc security payload<\/p>\n\n\n\n
multicast
anycast<\/p>\n\n\n\n
::1 -> loopback<\/p>\n\n\n\n
broadcast: none!!!!!!!!!
multicast: MAC: 33-33:.. \/\/ FF00::\/8
link-local: always assigned, no routable: FE80::\/10 or \/64
unique local: like priv ip, routable internally. FC00::\/7 or FD00::\/8
global unicast: pub ip, routable internet 2000::\/3<\/p>\n\n\n\n\n
— Neighbor Solicitation: src.ip=link-local dst.ip=solicited_node_ip (ff02::1:)
— Neigbor Advertisiement:<\/li>\n<\/ul>\n\n\n\n
router solicitation: RS, request sent by host, dst.ip: FF02::2 (all routers) use link-local as src.ip
router advertisement: RA, reply sent by router, src.ip link-local, dst.ip = FF02::1 (all hosts in link-local). It contains global unicast range<\/p>\n\n\n\n
1) obtain prefix through RA
2) host creates its own interface id.
2.1: use EUI-64: use MAC (48b) and filling -> 1st half MAC + FFFE + 2nd half MAC + flip the 7th bit of the MAC.<\/p>\n\n\n\n
anycast: rfc2526
set routing-options rib inet.6 static route 0::\/0 next-hop IP
ospf3<\/p>\n\n\n\n
set interfaces gr-0\/0\/0 unit 0 tunnel source IPv4.r1.loopback destination IPv4.r2.loopback
family inet6 address IPV6<\/p>\n\n\n\nINTRO ISIS<\/h1>\n\n\n\n
PDU – protocol data units. IP reachability include in updates
LSDB. Single AS (IGP)
End-System = host
Intermidiate-System = router
L1: route within the area or towards L2
L2: route between areas and toward other AS<\/p>\n\n\n\n
L1L2 router = ABR
L2 = area 0<\/p>\n\n\n\n
hello: discover neighbor (IIH) like ospf hello, regular intervals 3sec for DR. broadcast networks => uses MC.14\/15.
circuit type (l1,l2,l1l2, source ID (system ID), holding time, pdu lenght, priority (0-127), LAN ID<\/p>\n\n\n\n
partial: request missing LS PDU
CSNP: maintain LSDB in sync. sent by DIS only
TLV: encodig Type length Value<\/p>\n\n\n\n
L1: area ID must be same
L2: area ID can be different
DIS election (like DR in OSPF for multicass networks = ethernet). Use priority (0=never DIS, higher = winner) There is a DIS for L1 and L2.
there is no backup DIS, there is preemption.
metric: max=1023
delay
expense
error
wide metrics: 2^24<\/p>\n\n\n\n
by default all links are l1l2
edit protocols
set isis interface ge-0\/0\/0.0 level 1 disable<\/p>\n\n\n\n
family inet address IP
lo unit 0 family iso address 49.001.0192.0168.0291.00
inet address IP<\/p>\n\n\n\n
show isis database
show isis adjacency
show isis spf log
show isis statistics
show isis route
set protocols isis traceoptions file isis-trace flag error detail flag hello detail
monitor start log-file-name
show log log-file-name<\/p>\n\n\n\n
\n\n\n\nCBT Service Provider Bridging Concepts<\/h2>\n\n\n\n
802.1ad SP (q-in-q) to overcome 802.1q: C-TAG, S-TAG –> 2x 802.1q header!
-> it must still learn MACs !
-> between SP, you need vlan translation
PEB (PE) customer port is “access port” !!! \/\/ IVL – independent VLAN Learning
set interface ge-0\/0\/2 unit 0 family bridge vlan-id S-TAG interface-mode access<\/p>\n\n\n\n if needed to filter C-TAG, in PE to P port:\n set interface ge-0\/0\/2 unit 0 family bridge inteface-mode trunnk \n inner-vlan-id-list x-y [limit the C-TAG vlans from customer]\n vlan-id S-TAG\n\nS-VLAN Bridge (P device) and PE-P ports\n set interface ge-0\/0\/2 unit 0 family bridge vlan-id S-TAG interface-mode trunk\n encapsulation flexible-ethernet-services (aka 802.1ad!)\n flexible-vlan-tagging\n\nMX: create vlans -> family bridge!!! (created under edit bridge-domains)\n set bridge-domains CUSt1 vlan-id or vlan-id-list 200-204\n show bridge mac-table\nCE are trunk ports <\/code><\/pre>\n\n\n\n
vlan-id none -> pop C-TAG!<\/p>\n\n\n\n
interface ge-0\/0\/0.200
.201
interface ge-0\/0\/2.300<\/p>\n\n\n\n
set interface ge-0\/0\/0 flexible-vlan-taggin
encapsulation flexible-ethernet-services
unit 200 encapsulation vlan-bridge vlan-id 200
unit 201 201<\/p>\n\n\n\n
set interface ge-0\/0\/2 flexible-vlan-tagging
encapsulation flexible-ethernet-services
unit 300 (S-TAG!) encapsulation vlan-bridge
vlan-tags outer 300 inner 200<\/p>\n\n\n\n
encapsulation flexible-ethernet-services
unit 0 family bridge interface-mode trunk vlan-id-list 300
vlan-rewrite translate INCOMING_S_TAG OUR_S_TAG<\/p>\n\n\n\n
Junos SP Switching On-Demand
=========================================<\/p>\n\n\n\nEthernet Switching and L2<\/h1>\n\n\n\n
ethernet ieee 802.3, single broadcast and collision domain, MAC 48bits, uses CSMA\/CD
hub: collisions can occur, no csma\/cd<\/p>\n\n\n\n
forwarding\/flooding(BUM)\/filtering\/aging<\/p>\n\n\n\n
set firewall family bridge filter NAME term 1 from x then y
set interface ge-0\/0\/0 unit 0 family bridge filter input\/output FILTER<\/p>\n\n\n\n\n
VLANS and IRBs<\/h1>\n\n\n\n
trunk: native-vlan-id
802.1q frame: 4 bytes: tag protocol: 16 bits – 0x8100,
priority: 3 bits, 802.1p
canonical format indicator: CFI = 0 (1 bit)
unique vlan id: 12 bits<\/p>\n\n\n\n
It\u2019s the post-rewrite VLAN ID list. This is the range of VLANs that can be present after any translation occurs.
It\u2019s bi-directional (symmetric translation).<\/p>\n\n\n\n
set interfaces ge-1\/0\/0 unit 0 family brige interface-mode access vlan-id X
set interfaces ge-2\/0\/0 native-vlan-id x vlan-tagging unit 0 famyly bridge interface-mode trunk
vlan-id-list [ x y ] or [ x-y z a-b ]
show bridge domain [ NAME detail]<\/p>\n\n\n\n
MRP messages
set protocols mvrp no-dynamic-vlans interface ge-0\/0\/0.0
show mvrp statistics<\/p>\n\n\n\n
set interfaces irb unit X description vlan-x family inet address IPx<\/p>\n\n\n\n
routing-interface irb.x<\/p>\n\n\n\n
Each bridge-domain is a VLAN.
You define bridge-domains explicitly in Junos, and then map interfaces (and VLANs) to them.
Because each bridge-domain has its own MAC table, flood domain, and associated interfaces \u2014 it behaves like a mini switch inside the virtual-switch.
You can associating Multiple VLANs to One Bridge-Domain: why? Service Provider bridging where customer traffic uses many VLANs, but you want to transport all of them over a single bridge-domain \u2014 maybe because you’re mapping all of them into one L2VPN or EVPN instance<\/p>\n\n\n\nVirtual Switches (lab) ***<\/h1>\n\n\n\n
interface ge-0\/0\/0.0
bridge-domains NAMEv100 vlan-id 100
NAMEv200 vlan-id 200 routing-instance irb.1<\/p>\n\n\n\n
show route instance<\/p>\n\n\n\n
internal: loginal tunnel = only supported for VR -> enable in PFE:
set chassis fpc 1 pic 0 tunnel-service bandwidht 1g => that creates le-1\/0\/x interface!
set interfaces le-1\/0\/10 unit 0 peer-unit 1
vlan-id 100
\u2026.
le-1\/0\/10 unit 1 peer-unit 0
vlan-id 200
\u2026.<\/p>\n\n\n\n
set logical-systems LSYS-1 interfaces ge-1\/0\/5 unit 0 family bridge interface-mode access vlan-id 100<\/p>\n\n\n\nProvider Bridging LAB ***<\/h1>\n\n\n\n
vlan id 12bit= 4094<\/p>\n\n\n\n802.1ad stacking vlans: c-vlan (inner tag) = one customer vlan \/ s-vlan (outer tag) = service vlan represent customer<\/h2>\n\n\n\n
s-vlan tag: tag prot id (16b 0x88A8), priority (3b), drop eligibility (1 bit, default=0), unique vlan-id (12b)
c-vlan tag: 0x8100 canonical fomat indicator<\/p>\n\n\n\n
push, pop, swap, pop-pop, push-push, swap-swap, pop-swap, swap-push, rewrite vlan and tag-protocol-id<\/p>\n\n\n\n
-IVL: independent vlan learning: learning domain for eachc VLAN (included BUM)#
-SVL: single learning domain shared by all vlans in a bridge domain<\/p>\n\n\n\n
family bridge interface-mode trunk
inner-vlan-id-list 111-114 \/\/ c-tag<\/p>\n\n\n\n
set interfaces ge-1\/0\/0 vlan-tagging encapsulation flexible-ethernet-service unit 111 encapsulation vlan-bridge
vlan-id 111
input-vlan-map push vlan-id 200 \/\/ s-vlan
output-vlan-map pop
provider network port
set interfaces ge-1\/0\/4 stacked-vlan-tagging encapsulation flexible-ethernet-service unit 0 encapsulation vlan-bridge
vlan-tags outer 200 inner 111<\/p>\n\n\n\n
ge-1\/0\/4<\/p>\n\n\n\nVPLS<\/h2>\n\n\n\n
PE learns MACs, MAC mapped to outbound LSP o interfaces<\/p>\n\n\n\nSTP<\/h1>\n\n\n\n
slow convergence, excessive flooding, single tree
rstp: rapid
mstp: rapid and per instance
root bridge: loweest bridge id (priority + mac)
root port: port in a bride closest to the root bridge
default cost = 20k for 1G port
designated port: forwarding port on a LAN segment
BPDU: info about STP, 2sec
config: sent by root bridge
tcn: topology change notificatin: sent by any bridge towards root.<\/p>\n\n\n\n
convergence: 2xforwading-delay (15s) + max-age (20)<\/p>\n\n\n\nRSTP 802.1w \/ 802.1d-2004<\/h2>\n\n\n\n
edge port: if unique port in LAN, then always forwarding<\/p>\n\n\n\n
alternate: alternate path to root bridge (backup for root port). Block traffi while receiving superior BPDU
backup: backup of designated port. block traffic while receivng superior BPDU<\/p>\n\n\n\n
initiator of tcn, sends out of all designated ports and root port.<\/p>\n\n\n\n received of tcn: doesnt flush MAC learned from edge-ports, doesnt flush MAC learned on the port receiving the TCN<\/code><\/pre>\n\n\n\nMSTP 802.1s – 802.1q-2003<\/h2>\n\n\n\n
stp per vlan. MSTI. Maps 1or+ vlans to one MSTI -> load-balancing<\/p>\n\n\n\n
max 64 MSTI per region, one regional root bridge per instancce<\/p>\n\n\n\n
IST = internal ST, STP inside the region<\/p>\n\n\n\nConfiguring STP (MSTP Lab)<\/h1>\n\n\n\n
bridge
statistics interface<\/p>\n\n\n\n
interface ge-1\/0\/1 priority 128 mode point-to-point|shared cost x
edge (to host)
extended-system-id 0 (default)<\/p>\n\n\n\n
interface ge-1\/0\/0
\u2026
msti 1 bridge-priority 4k vlan 100-199
msti 2 bridge-priority 8k vlan 200-299<\/p>\n\n\n\n
\u2026
vlan 100 bridge-priority 60k
interface ge-1\/0\/1
\u2026
vlan 200 bridge-priority 8k
interface ge-1\/0\/1<\/p>\n\n\n\nbpdu protection<\/h2>\n\n\n\n
bpdu-block-on-edge<\/p>\n\n\n\n
set protocols layer2-control bpdu-block interface [ ge-1\/0\/0 ge-1\/0\/1 ]<\/p>\n\n\n\n\n
\n
Ethernet OAM<\/h1>\n\n\n\n
node detect failure -> send AIS (Alarm Indicator Signal) and FDI (Forward Defect Indicator) downstream
node received AIS\/FDI -> notifies upstream devices when failure occurs in reverse direction (BDI – Backward Defect Indicator)<\/p>\n\n\n\n
nonintrusice loopback: like ping
intrusive loopback: signal a remote node to go into special test mode (where normal traffic can’t flow)<\/p>\n\n\n\n
client needs to support LFM. L2, no IP needed. exchange OAM PDUs, dst MAC = 0180c2-000002 (never flooded). Discovery
Active client start the discovery
OAM PDU
codes:
0x00 information -> discovery, heartbeat (1s), Critical events
0x01 event notification -> signal link events and stats
0x02-03 variable request\/response (polling MIBs) – not supported in Junos
0x04 loopback control: signal remote peer to set\/unset looped interface
flags
bit 0: link fault
bit 1: dying gasp (external failure: ie power)
bit 2: critical event
bit 3-4: used during discovery<\/p>\n\n\n\n\n
5-7: customer
3-4: SP
0-2: operator (subset SP network) quicker fault detection maintenacne point: Port of type:
MEP: Maintenance End Point: edge port to edge port (protecting E-Line) or EVC (Ethernet Virtual Connect) or
edge port to multiple edge ports (protecting E-LAN) or multipoint-to-multipoint EVC
MIP: Maintenance Intermidiate Point: internal to a domain. Optional. Respond to CFM messages from higher level than their own
Transparent: doesn’t respond to CFM messages task
initiate CFM message: MEP
respond to loopback and link trace messages: MEP, MIP
track CCM: MEP, MIP MEP: forms neighbor exchanging CCMs with other MEPs in same maintenance domain, maintenance association, level and direction<\/li>\n\n\n\n
7 7 | 3F (link trace) LBR: LoopBack Reply<\/li>\n<\/ul>\n\n\n\nConfiguring OAM (LAB)<\/h1>\n\n\n\n
set protocols oam ethernet link-fault-management action-profile NAME event link-adjacency-loss (when PDU are missing)
action link-down
interfacce ge-1\/3\/6 apply-action-profile NAME
pdu-interval 100 (ms)
link-discovery active
pdu-threshold 10
negotiation-options allow-mode-loopbackcs
remote-loopback -> set a loop on the reote peer<\/p>\n\n\n\n
set address 10.0.0.0\/31 arp 10.0.0.1 mac<\/p>\n\n\n\n
set protocols oam ethernet connectivity-fault-management action-profile NAME event adjacency-loss
action interface-down
maintenance-domain customer leve 5
maintenance-association evc1 continuity-check internval 100ms
mep 101 inteface ge-0\/0.115 vlan 115
direction down
auto-discovery
remote-mep 106
action-profile NAME
provider bridge
set protocols oam ethernet connectivity-fault-management
maintenance-domain provider leve 4
maintenance-association evc1 continuity-check internval 100ms
mep 102 inteface ge-0\/0.115 vlan 115
direction up
auto-discovery
mip-half-function default<\/p>\n\n\n\n
traceroute ethernet maintenance-domain customer maintenance-association evc1 mep 106<\/p>\n\n\n\nERP and LAG<\/h1>\n\n\n\n
RPL = Ring protection Link. RPL-owner places RPF in blocking state during normal operation. When failure, RPL-owner puts RPL in forwarding
RPL-owner sents R-APS (Ring-Automatic Protection Switching) eachc 5sec
Normal node generates R-APS whne local link failure occurs. Listen and forward R-APS
APS requires a vlan to deliver R-APS. all vlans affeccted by APS. Uses CFM frame format Opcode = 40. Flags=0. dst MAC = 0119A7-000001
Frame fields: Request\/State 4bits 1011 (signal fail 0000 (no request), Reserved, RPL Blocked 1b, Do not flush 1b, Status Reserved 6b, NodeID (MAC(, Reserved<\/p>\n\n\n\n
guar-interval x
node-id MAC
eas-interface ring-protecton-link-end
control-chnnel CHA-NAME vlan X interface
west-interface control-channel CHA-NAMe vlan X interface
ring-protectoin-link-owner<\/p>\n\n\n\n
\n\n\n\n
duplex, speed, max 8 link. RE generated traffic always sent on lowest member link. IP traffic hashing uses l2-4<\/p>\n\n\n\n
aggregated-ether-options lacp active (1sec) \/ passive (30s)
ge-0\/0\/0 gigether-options 802.3ad ae0
ge-0\/0\/7 gigether-options 802.3ad ae0<\/p>\n\n\n\nMC-LAG and Virtual-Chassis<\/h1>\n\n\n\n
active\/standby or active\/active (all links active, MCP cards onluy, must have a ICL link betweend devices)<\/p>\n\n\n\n
set protocols iccp local-ip-addre IP
peer IP2 redundancy-group-id-list x
liveness-detection minimym-interval 300
multiplier 3<\/p>\n\n\n\n
periodic fast
system-id 00000000000
admin-key 1
mc-ae
mc-ae-id x
redundancy-group 1
chassis-id 0 (the other peer is 1)
status-contorl active (the other peer is standby)
mode activ-active
unit 0 family bridge interface-mode trunk
vlan-id-list XXX
multi-chassis-protection IP2 interface ge-0\/0\/x \/\/ the peer is: IP1 interface ge-0\/0\/x (only for active\/active)<\/p>\n\n\n\n
show interfaces mc-ae<\/p>\n\n\n\nMX virtual-chassis:<\/h2>\n\n\n\n
primary router<\/p>\n\n\n\nTroubleshooting<\/h1>\n\n\n\n
file list \/var\/tmp\/core<\/em><\/p>\n\n\n\n
traceoptions<\/p>\n\n\n\n
set health-monitor<\/p>\n\n\n\n
flow-monitoring
version-ipfix
template NAME
ipv4-template<\/p>\n\n\n\n
instance NAME input rate 10
run-lenght 5
max-packet-per-second 30000<\/p>\n\n\n\n
tfeb
slot 0
sampling-instance X
inline-servies
flow-table-size
ipv4-flw-table-size 10
ipv6-flow-table-size 5 (requires reboot because by default is onlu ipv4)<\/p>\n\n\n\nport-mirroring<\/h2>\n\n\n\n
input rate 1
family inet output inerface ge-0\/\/0.0 next-hop IP<\/p>\n\n\n\n
filter port-mirror
term 1
then port-mirror<\/p>\n\n\n\n
Junos MPLS Fundamentalss On-Demand
=========================================<\/p>\n\n\n\nMPLS Intro<\/h1>\n\n\n\n
MPLS Mechanics<\/h1>\n\n\n\n
label: 20 bits – no 0-15: reserved special use
label 3 = implicit null = pop label before sending. this label is sent by egreess PE to neighbor
label 0 (ipv4) \/ 2 (ipv6 = explicit null = the neihgbor uses label 0\/2
label 1 = router alert -> pop label and process packet locally, push label 1 again, it is never on the bottom of the stack
tc (traffic class or EXP): 3b
s: 1b – bottom of stack 1=it is the bottom \/ 0= is not the bottom and there are labels underneath
ttl: 8b – by default copied from ip ttl<\/p>\n\n\n\n
head-end: ingress router
tail-end: egress router<\/p>\n\n\n\n
set protocols mpls label-switched-path R1-to-R2 install 192.0.2.2\/32 active<\/p>\n\n\n\n
manual creation. but very powerfull<\/p>\n\n\n\n
simple. automatically creates a full mesh LSPs. Follows the best path according your IGP -> trade-off !!! for TE mainly<\/p>\n\n\n\n
MPLS SR advertise labels directly in OSPF\/ISIS -> no extra protocol needed! It has best-path and TE capabilities.<\/p>\n\n\n\nMPLS STATIC LSP and forwarding plane<\/h1>\n\n\n\n
For ingress:
set protocols mpls static-label-switched-path NAME ingress next-hop PHY-IP to Lo.IP-egrees-PE push<\/p>\n\n\n\n
set protocols mpls static-lable-switch-path NAME transit next-hop PHY-IP2 swap<\/p>\n\n\n\n
set protocols mpls static-label-switch-path NAME transit pop next-hop PHY_PE_IP<\/p>\n\n\n\n\n
set routing-options static route NET\/2x static-lsp-next-hop LSP_NAME<\/li>\n<\/ul>\n\n\n\n
clear cli logial-system -> back to main system<\/p>\n\n\n\nRSVP INTRO<\/h1>\n\n\n\n
TE is stored in TED.
RSVP can use TED: ERO = Explicit Route Object, created by ingress PE, and each router in path obeys ERO.
or LSDB: isis\/ospf, follows best path hop by hop, no ERO<\/p>\n\n\n\n
set firewall family inet filter NAME term RSVP from protocol rsvp then accept
MPLS_PING from protocol udp port 8503 then accept.<\/p>\n\n\n\nRSVP: config basic LSP<\/h1>\n\n\n\n
\u2026
interface lo0.0
reference-bandwidth 100g<\/p>\n\n\n\n\n
RRO=Record route object -> each hop adds to this object to indicate the full end-to-end path. avoid loops too!<\/p>\n\n\n\n
show route NET\/x (advertised by egrees PE)<\/p>\n\n\n\n
udp ping sent down the lsp: src: r1 dst: r1
udp ping returned as regular IP traffic (not via LSP!!!)
-needed for backup\/local repair paths! if mpls self-ping doesnt work, traffic will never be moved over to these backups<\/p>\n\n\n\n
path message: head-end to tail-end
resv message: tail-end to head-end. confrirm the lsp was successful<\/p>\n\n\n\nRSVP TED<\/h1>\n\n\n\n
remote: 0.0.0.0 -> pseudonode = LAN<\/p>\n\n\n\n
show isis database extensive<\/p>\n\n\n\n
extensive -> shows CSPF<\/p>\n\n\n\n
loose: can be many hops away<\/p>\n\n\n\n
set protocols mpls path NAME_PATH lo0.PEy strict<\/p>\n\n\n\n
show ospf database opaque-area [extensive lsa-id IP advertising-router Lo0.PE]<\/p>\n\n\n\n
you can use TE features in a non-TE network but are limited
-ERO: but hops in between stil decide the best next hop
-bw reservation: if no bw, lsp can’t find another path.<\/p>\n\n\n\nRSVP LSP bw reservation<\/h1>\n\n\n\n
lsp priority: when there is no enough bw, the lsp with higher priority can force low priority lsp to find alternative path.
bw reservation is not a policer! it is just a reservation at control plane<\/p>\n\n\n\n
show mpls lsp name NAME1 detail
show rsvp interface
show ted database extensive lo0.PE1<\/p>\n\n\n\n
set protocols rsvp interface ge-0\/0\/0.0 subscription 500 -> oversubscribe link by 5x!
1.0 bandwidth 2g -> change the total bw. For example if physical is 1g, now you say it is 2g.<\/p>\n\n\n\n\n
RSVP LSP Priorities<\/h1>\n\n\n\n
\n
priority: 0 = best \/ 7 = worst. Priority only matters: 1) best path cannot offer enough bw. low-priority may not come up if no bw availabel anywhere.
2) box has many lsp: high priority signaled first. Equal priority, signalled alphabetical order<\/li>\n<\/ul>\n\n\n\n
hold priority (default 0): value used to keep a lsp. this is compared with the setup priority of a contenden lsp.
=> if setup is better (lower value) than hold -> existing lsp is kicked off<\/p>\n\n\n\n\n
show ted database Lo0.PE.NAME extensive<\/p>\n\n\n\n
set apply-groups RSVP_PRIO
show configuration protocols mpls | display intheritance no-commens<\/p>\n\n\n\n
-> sol: soft-preemption
set groups RSVP_PRIO protocols mpls labeled-switched-path <*> soft-preemption
–> find a new path first, move traffic, and if good for 30s, delete old path<\/p>\n\n\n\nCSPF and Adming Groups<\/h1>\n\n\n\n
\n
100G with 60G reserved = 40% avail bw ratio
10G with 1G reserved = 90% avail bw ratio
least-fill -> highest avail bw ratio
most-fill -> lowest avail bw ratio -> good to avoid bin packing prob<\/li>\n<\/ul>\n\n\n\n
it is a 32-bit value, so an interface can “activate” several groups.
set protocols mpls interface ge-0\/0\/0.0 admin-group ADGROUP<\/p>\n\n\n\n\n
ie: to put a pure P transit router in maintenance, just add all links into “MAintenance” group and have all LSP to exclude Maintenance, and add self-optimize<\/li>\n<\/ul>\n\n\n\nLSP Failures, errors and session Maintenance<\/h1>\n\n\n\n
ResvTear: towards ingress (return path: upstream)<\/p>\n\n\n\n
ResvErr: towards egress (downstream)<\/p>\n\n\n\n\n
sol: backup local repair lsp: pre-signaled lsp around link or node failures. each hop can generate a local repair path
secondary path: pre-signaled and with differnt constrains from primary<\/li>\n<\/ul>\n\n\n\n
initial: soft-state (it was like UDP)
rfc 2961: rsvp refresh overhead reduction extensions
hello are optional: default 9sec in junos (hello-interval)<\/p>\n\n\n\nPrimary and secondary path<\/h1>\n\n\n\n
Scondary is used until primary is recovered, after 60s.<\/p>\n\n\n\n\n
retry-timer: default 30s – time between attempts
revert-timer: default 60s – (0 = never revert) once primary is up, wait x sec before move traffic to primary
or dont define primary, and just define secondary paths for the lsp<\/p>\n\n\n\n
-> this is very manual!!1 ie: used for re-route traffic when node in maintenance -> all LSP going through that node need the “select manual”<\/p>\n\n\n\n
-> sol: secondary standby paths: pre-calculated, pre-signaled and always-up. It adds a temp metric of 8M to each link used by primary path.<\/p>\n\n\n\n
set protocols mpls path BLANK_PRIMARY (without constraints!)
set protocols mpls path BLANK_SECONDARY (without constraints!)<\/p>\n\n\n\n
if standby is configured with bw constraints -> you may artificially run out of RSVP bw.<\/p>\n\n\n\n
-> you see path for primary and secondary in RIB, but only lowest weigh route is installed in FIB!!
if you want both installed (but only the primary actually used) you need to configure LB (as per JNCIA and below)<\/p>\n\n\n\n
set policy-options policy-statement LB then load-balace per-packet
set routing-options forwardinig-table export LB<\/p>\n\n\n\nLocal-Repair P1: 121 backup or FRR (Fast Reroute)<\/h1>\n\n\n\n
Local repair sens PathErr to head-end to program new lsp. It does only node protection<\/p>\n\n\n\n
-121 backup: 1 backup path (“detour”) for each LSP. At each hop along the path! (scale issues) pointing to the tailend!!! = Fast-Reroute
– node protection, find fastest path to tailend
– as it creates many LSP, some nodes can “merge” detour (1+ ingress) and only generate 1 egress detour<\/p>\n\n\n\n set protocols mpls label-switched-path LSP1 to PE-IP fast-reroute [hop-limit 6=default | bandwidth 0=default | include-any GROUP]\n + CONFIGURE LB in FIB\n\n show mpls lsp ingress extensive\n show rsvp session detail\n show mpls lsp transit -> detour lsp uses the same name as the main lsp!!! so you can't figure out if it is a detour!\n detour number x means the number of detour have been merged to x detour\n -> show rsvp session detail | match \"Detour branch from\" -> This can help you to figure out if it is a detour\n and if several detour branch have the same \"label out\" => it is merged!<\/code><\/pre>\n\n\n\nLocal-Repair P2: Facility Backup or Node-Link-Protection<\/h1>\n\n\n\n
it is a separate, standalone LSP with its own name. The bypass LSP pushes a second label !! There is PHP to pop the second label. It doesnt signal to the tailend.<\/p>\n\n\n\n
bypass to next-next-hop -> proteccts link and node failure. trade-off: LSP is longer, may impact delay-sensitive traffic<\/p>\n\n\n\n
set protocols mlps label-swtiched-path LSP1 to PEx-lo [link-protection | node-link-protection ]<\/p>\n\n\n\n
and top label for the bypass lsp that is the next node.
show route table inet.3
show mpls lsp
show mpls lsp bypass ingress
show rsvp sesion ingress -> all lsps included bypass<\/p>\n\n\n\n
but one bypass LSP can overwhelm a link! -> setup several bypass or put bandwidht reservation for each bypass<\/p>\n\n\n\n
+ node-protection -> traffic has to make a U-turn twice !!! (need drawing)<\/p>\n\n\n\nRSVP LSP Optimization<\/h1>\n\n\n\n
optimization -> runs CSPF periodically<\/p>\n\n\n\n
indiv: set protocols mpls label-switched-path LSP1 to PE-Lo optmize-timer X<\/p>\n\n\n\n\n
if least-fill used, new path should be at least 10% less than current path<\/li>\n<\/ul>\n\n\n\n
clear mpls lsp name LSP optmize-aggressive<\/p>\n\n\n\n
set protocols rsvp fast-reroute optimize-timer (0..65535)<\/p>\n\n\n\nRSVP Make-before-break and adaptive<\/h1>\n\n\n\n
show mpls lsp name LSP extensive<\/p>\n\n\n\n\n
show rsvp session extensive name LSPx -> look for “Resv style”<\/p>\n\n\n\n
set policy-options policy-statement MAP term T1 from route-filer IP\/x exact then install-nexthop lsp LSP1 accept
next-hop ingress-PE-Lo
match bgp community list
term T2 from route-filter IP2\/y exact then install-nexthop lsp LSP2 accept
term T3 then accept<\/p>\n\n\n\n
IP2\/y<\/p>\n\n\n\nLDP – INTRO<\/h1>\n\n\n\n
No TE.
FEC = forwarding equivalence class = set of traffic is forwarded through an LSP
PE Lo0 is a FEC<\/p>\n\n\n\n
LDP: egrees router advertises a FEC for itself unprompted = “downstream unsolicited” <–<\/p>\n\n\n\n
Liberal label retention: junos keep all labels they receive (speeds up recovery for link\/node failures)<\/p>\n\n\n\nLDP – CONFIG<\/h1>\n\n\n\n
tcp: 646<\/p>\n\n\n\n
set protocols mpls interfacce ge-0\/0\/0.0 (CP)
set interfaces ge-0\/0\/0.0 unit 0 family mpls (DP)<\/p>\n\n\n\n
show ldp neighbor [extensive] (physical interfaces)
show ldp session [Lo.IP detail] (loopback interfaces) -> two negihbor routers, have as many neighbor as interfaces, but only one session
show ldp databse [session lo.IP]
show route table inet.3
show ldp traffic-statistics
clear ldp session\/neighbor [all | lo.IP]<\/p>\n\n\n\nLDP – ENHANCEMENTS<\/h1>\n\n\n\n
with “ldp-synchronization”, router advertises a high metric (isis\/ospf) until LDP is up. Once it is up for 10s, the metric changes to real value<\/p>\n\n\n\n
-> change that
set protocols ldp track-igp-metric<\/p>\n\n\n\n
set protocols ldp interface lo0.0
set protocols ldp session-protection<\/p>\n\n\n\nLDP – EGRESS, IMPORT, EXPORT<\/h1>\n\n\n\n
set protocols ldp egress-policy LDP_EGRESS<\/p>\n\n\n\n\n
if you want LB:
set protocols ldp deaggreate (in all routers!!!)<\/li>\n<\/ul>\n\n\n\n
import: tag received FEC as filtered in LDP db. Prevent FEC to be imported into inet.3 and to be readvertised
set policy-options policy-statement LDP_IMPORT term block from route-fileter PEx-LO\/32 then reject
term rest then accept
(** default policy for LDP is to accept all in import but make it clear)
set protocols ldp import LDP_IMPORT
show ldp database session PE-Lo
show route table inet.3 PE-Lo<\/p>\n\n\n\n
set policy-options policy-statement LDP_EXPORT term block from route-fileter PEx-LO\/32 then reject
term rest then accept (**default ldp export policy for LDP is to reject all!!!)
set protocols ldp export LDP_EXPORT<\/p>\n\n\n\n
-ldp local repair
-ldp auth<\/p>\n\n\n\nSEGMENT ROUTING<\/h1>\n\n\n\n
SRv6: uses ipv6 headers instead of mpls labels<\/p>\n\n\n\n
Node SID: router. populate inet.3<\/p>\n\n\n\n
set protocols mpls interface ge-0\/0\/0.0 (CP)
set chassis network-services enhanced-ip => reboot !!!
set protocols isis source-packet-routing<\/p>\n\n\n\n
show isis databse R3 detail
Flags: F (family) no set = ipv4 \/ set = ipv6
V value
L local signigicant
P persistent SID across reboots
B backup = local-repair
S belongs to set of interfaces for unequal-cost load balancing<\/p>\n\n\n\n
each router allocates a block of labels (advice: configure the same block in each router)
eachc router has a uniquer id = node SID -> mpls label = node SID + starting label
*ldp generates a label for itself and for each received FEC.
*SR advertise an entire block of labels = SRGB = SR Global Block. By default SRGB=4096<\/p>\n\n\n\n
ipv6-index 605<\/p>\n\n\n\n
set protocols isis source-packet-routing srgb start-label 800000
index-range 4000 (by default is 4096) -> 50% for ipv4 and 50% for ipv6.<\/p>\n\n\n\n