Cover image for Juniper Networks Warrior

Book description

In this practical book, Juniper Networks consulting senior network engineer, Peter Southwick, offers unique first-person field studies on designing, configuring, and troubleshooting new systems that are changing the networking world. In these case studies, Southwick and his fellow warriors analyze a client’s particular situation, arrive at an architectural solution, and work through the deployment details.

Table of Contents

  1. Juniper Networks Warrior
  2. Dedication
  3. Preface
    1. What Is the New Network Platform Architecture?
    2. How to Use This Book
    3. What’s in This Book?
    4. A Note About This Book
    5. Conventions Used in This Book
    6. Using Code Examples
    7. Safari® Books Online
    8. How to Contact Us
    9. Acknowledgments
  4. 1. An Enterprise VPN
    1. Company Profile
      1. Network
      2. Traffic Flow
      3. Need for Change
      4. Class of Service
      5. Design Trade-Offs
        1. Routing and survivability
          1. Remote locations
          2. Main location
        2. Class of service
    2. Implementation
      1. Prototype Phase
      2. Class of Service
      3. Cut-Over
      4. Main Site
      5. Remote Site JAX
      6. Remote Sites PHL and IAD
      7. Backup Site BNA
    3. Conclusions
  5. 2. Maintaining IDP Systems
    1. IDP8200 Background
      1. Command-Line Interface
      2. Web Management Interface
      3. NSM Management
    2. Support Tasks
      1. Daily Tasks
      2. IDP Policies
      3. Rulebase Optimization
      4. Other Tasks
        1. Updating the detector engine
        2. Updating IDP appliance OS
        3. Updating attacks
    3. Conclusion
  6. 3. Data Center Security Design
    1. Discussion
      1. Design Trade-Offs
      2. Decision
    2. Configuration
      1. Take One Configuration: Clustering
      2. Take 2 Configuration: Active/Active without Reths
      3. Take 3 Configuration: Active/Active with One-Legged Reths
      4. Testing
    3. Summary
  7. 4. Layer 3 to Layer 2 Conversion
    1. Problem
      1. Q-in-Q Framing
      2. VPLS Overhead
    2. Solutions
      1. RFC 4623
        1. Customer MTU restrictions
        2. Move the MTU
    3. Configurations
      1. Management
        1. lo0.0
        2. Access
      2. Protocols
        1. MPLS
        2. BGP
        3. OSPF
      3. Core Router Configurations
      4. Distribution Switch Configurations
      5. Distribution Router Configurations
      6. Rate Control
      7. CPE Switch Configuration
    4. Conclusion
  8. 5. Internet Access Redress
    1. Objective
    2. Design
      1. Trade-offs
        1. Routing
        2. IBR integration
        3. IDP
        4. Filter-based forwarding
        5. Clustering
    3. Configuration
      1. Clustering
      2. Security
        1. Routing instances
        2. Interfaces, zones, and policies
        3. NAT
        4. Security logging
      3. Routing
        1. BGP
        2. OSPF
        3. Default route
        4. Out-of-band management network
    4. Implementation
      1. Lessons Learned
        1. Feature interactions
        2. Network interactions
        3. Administrative issues
    5. Conclusion
  9. 6. Service Provider Engagement
    1. Company Profile
      1. Physical Network Topology
      2. Services
      3. Design Approach
        1. MX connectivity
        2. EX connectivity
        3. Deployment
        4. Management network
      4. Design Trade-Offs
        1. OSPF
        2. VPLS
        3. BGP
        4. MPLS
        5. Trade-off choices
    2. Configurations
      1. Boilerplate Configuration
      2. MX Interfaces
      3. EX Boilerplate and Interfaces
      4. OSPF
      5. MBGP
      6. MPLS
      7. RSVP
      8. Layer 3 VPN
      9. VPLS
      10. OBM
    3. Conclusion
  10. 7. A PCI-Compliant Data Center
    1. Introduction
      1. Client Goals
      2. Design Trade-Offs
        1. Firewalls
        2. Routing
        3. Addressing
        4. Survivability
    2. Recommended Design
      1. Switching Layer
      2. Routing Layer
      3. Firewall Layer
      4. Virtualization
    3. Configurations
      1. EX4200 Configuration
      2. MX240 Configuration
      3. Firewall Configuration
    4. Deployment
      1. Initial Connectivity
      2. The Maintenance Window
      3. PCI Compliance
    5. Summary
  11. 8. Facilitating Dark Fiber Replacement Using a QFX3500
    1. Existing Design
      1. Introduction to Fibre Channel
    2. Proposed Design
      1. Concerns and Resolutions
        1. Naming
        2. Network quality
      2. Network Upgrade
      3. Advantages and Benefits of the Solution
    3. QFX3500 Fibre Channel Gateway Configurations
      1. Management Configurations
      2. Fibre Channel Gateway Interface Configuration
      3. DCB Configuration
    4. EX4500 Transit Switch Configurations
      1. Interfaces and VLANs
      2. Transit Switch DCB Configuration
    5. Verification
    6. Conclusions
  12. 9. MX Network Deployment
    1. Plans and Topology
    2. Phase 1
    3. MX Configuration
      1. Management Configuration
      2. Routing Engine Protection
      3. Policy Configurations
        1. Prefer to receive an aggregate of the locally assigned addresses
        2. No subnets longer than /24
        3. No RFC 1918 prefixes
        4. Authentication on all BGP links
        5. The ISPs will ignore the use of MEDs
        6. The ISPs will respond to local preference
        7. The ISPs will forward a default route if required
        8. The ISPs will accept prepending only for the local AS
        9. The ISP will not act as a transit network for any other traffic except for its customers
      4. Protocol Configurations
        1. OSPF
        2. BGP
    4. Phase 2
    5. Final Phases
    6. Conclusion
  13. 10. A Survivable Internet Solution for a Fully Distributed Network
    1. Original Network Architecture
      1. WAN Connectivity
      2. Addressing
      3. Internal Connectivity
      4. Firewalls
    2. Problem Definition
    3. Proposed Solution 1
      1. Solution 1 Advantages
      2. Solution 1 Details
      3. Solution 1 Issues
    4. Proposed Solution 2: OSPF over Tunnels
      1. Early Death of Solution 2
      2. Configuration for Solution 2
    5. Final Solution: Static Routes over Tunnels
      1. Solution Advantages
      2. Solution Issues
        1. RPF checks
        2. Default gateway failure detection
      3. Email Server Address Resolution
    6. Firewall Configurations
    7. Conclusion
  14. 11. Internet Access Rebuild
    1. Requirements
    2. Existing Network
      1. Routing Protocols
    3. Solution Options
      1. Three-Layer Design
      2. Two-Layer Design
      3. One-Tier Design
    4. Configurations
      1. Deployment Scenario
      2. Management Staging and Testing
      3. Top-of-Rack Switch Testing
      4. ISP Link Testing
      5. Production Configuration
      6. Cut-Over
    5. Conclusion
  15. Index
  16. About the Author
  17. Colophon
  18. Copyright