Cover image for JUNOS Enterprise Routing

Book description

Written by the instructors and creators of the JNTCP-ER Certification Exams, JUNOS Enterprise Routing is the only comprehensive book for Juniper enterprise and edge routing environments. It offers complete coverage of all the services available to the JUNOS administrator, including JUNOS Enhanced Services (ES). This book is the official study guide for all three Juniper Enterprise Routing certification exams, and is highly recommended reading to pass the exams. With its field-guide emphasis on practical solutions, you can easily take the book beyond the classroom and into working networks as a design, maintenance, and troubleshooting reference par excellence. JUNOS Enterprise Routing covers all three certification exams in this track:

  • Juniper Networks Certified Internet Associate (JNCIA-ER)

  • Juniper Networks Certified Internet Specialist (JNCIS-ER)

  • Juniper Networks Certified Internet Expert (JNCIE-ER)

With more services such as voice, conference, and multicast on the IP router platform, the market for enterprise routers is growing exponentially, and the need for certified engineers to keep up with network developments in protocols and security is paramount. For everyone who works with Juniper enterprise and edge routing environments, this is a must-have book.

Table of Contents

  1. JUNOS Enterprise Routing
  2. Foreword
    1. Why Enterprise Routing?
    2. Why Is Routing So Important?
    3. How This Book Will Help You
  3. Credits
    1. About the Lead Technical Reviewers
  4. Preface
    1. What Is Enterprise Routing?
    2. Juniper Networks Technical Certification Program (JNTCP)
    3. How to Use This Book
    4. What’s in This Book?
      1. Topology of This Book
    5. Conventions Used in This Book
    6. Using Code Examples
    7. Comments and Questions
    8. Safari® Books Online
    9. Acknowledgments
      1. From Doug Marschke
      2. From Harry Reynolds
  5. 1. Introduction to JUNOS Enterprise Routing
    1. JUNOS Overview
    2. CLI Review
      1. General CLI Features
        1. Command completion
        2. EMACs
        3. Pipe commands
      2. Configuration Mode
      3. Loading and Saving Configurations
      4. S.O.S., I Need Help!
    3. Advanced CLI and Other Cool Stuff
    4. Conclusion
    5. Exam Topics
    6. Chapter Review Questions
    7. Chapter Review Answers
  6. 2. Interfaces
    1. Permanent Interfaces
    2. Transient Interfaces
      1. Interface Naming
        1. Media type
        2. Chassis slot number
        3. PIC slot number
        4. Port number
        5. Logical unit and channel numbers
    3. Interface Properties
      1. Physical Properties
      2. Logical Properties
    4. Interface Configuration Examples
      1. Fast Ethernet Interface
      2. Fast Ethernet with VLAN Tagging
      3. T1 Interface with Cisco HDLC Encapsulation
      4. Serial Interface with PPP
      5. Serial Interface with Frame Relay
      6. ADSL Using PPPoE over ATM
      7. ISDN
      8. MLPPP
      9. GRE
      10. VRRP
    5. Interface Troubleshooting
      1. Address Configuration Issues
      2. Encapsulation Mismatches
      3. Path MTU Issues
      4. Looped Interfaces
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  7. 3. Protocol Independent Properties and Routing Policy
    1. Protocol Independent Properties
      1. Static, Aggregate, and Generated Routes
        1. Next hop types
          1. Forwarding next hop qualifiers
        2. Static versus aggregate routes
          1. Aggregates need contributing routes
        3. Aggregate versus generated routes
        4. Route attributes and flags
      2. Global Route Preference
        1. Floating static routes
      3. Martian Routes
      4. Routing Tables and RIB Groups
        1. Default route tables
        2. User-defined RIBs and RIB groups
      5. Router ID and Antonymous System Number
        1. Router ID
        2. Autonomous system number
      6. Summary of Protocol-Independent Properties
    2. Routing Policy
      1. What Is a Routing Policy, and When Do I Need One?
      2. Where and How Is Policy Applied?
        1. Applying policy to link state routing protocols
        2. Applying policy to BGP and RIP
      3. Policy Components
        1. Logical OR and AND functions within terms
      4. Policy Match Criteria and Actions
        1. Policy match criteria
        2. Policy actions
      5. Route Filters
        1. Binary trees
        2. Route filters and match types
          1. Longest match wins, but may not....
      6. Default Policies
        1. OSPF (and IS-IS) default policy
        2. RIP default policy
        3. BGP default policy
      7. Advanced Policy Concepts
        1. Testing policy results
        2. Community and AS path regex matching
        3. Policy subroutines (nesting)
        4. Boolean grouping
      8. Summary of Routing Policy
    3. Conclusion
    4. Exam Topics
    5. Chapter Review Questions
    6. Chapter Review Answers
  8. 4. Interior Gateway Protocols and Migration Strategies
    1. IGP Overview
      1. Routing Information Protocol
        1. Stability and performance tweaks
        2. RIP and RIPv2
      2. Open Shortest Path First
        1. Neighbors and adjacencies
          1. The designated router
        2. OSPF router types
        3. Areas and LSAs
          1. OSPF area types
          2. Primary LSA types
        4. OSPF stability and performance tweaks
      3. Enhanced Interior Gateway Routing Protocol
        1. EIGRP metrics
        2. EIGRP: A grand past and a dubious future
      4. IGP Summary
    2. RIP Deployment Scenario
      1. Existing RIP Configuration
        1. Baseline operation
      2. Summary of RIP Requirements
      3. Enter Juniper Networks
        1. Configure static routes
        2. Configure RIP
          1. Ale’s RIP configuration
      4. Confirm RIP Operation: Ale and Lager
      5. Confirm RIP: Juniper Networks to Cisco Systems Integration
        1. Confirm route exchange
        2. Confirm forwarding path
          1. RIP troubleshooting scenario
      6. The Problem
      7. RIP Deployment Summary
    3. IGP Migration
      1. IGP Migration: Common Techniques and Concerns
      2. IGP Migration Models
      3. The Overlay Model
      4. The Redistribution Model
      5. The Integration Model
      6. IGP Migration Summary
    4. Overlay Migration Scenario: RIP to OSPF
      1. RIP-to-OSPF Migration: Cutover to OSPF
      2. Before You Go, Can You Set Up Area 1 Real Quick?
        1. A final task: Aggregate network summaries into the backbone
      3. RIP Migration with the Overlay Model Summary
    5. EIGRP-to-OSPF Migration
      1. Mutual Route Redistribution
        1. The JUNOS software OSPF configuration
        2. The IOS configuration
          1. What about route preferences?
      2. Confirm EIGRP/OSPF Mutual Route Redistribution
        1. Troubleshoot a preference issue
      3. EIGRP-to-OSPF Migration Summary
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  9. 5. Border Gateway Protocol and Enterprise Routing Policy
    1. What Is BGP?
      1. Inter-AS Routing
      2. BGP Route Attributes
      3. BGP Path Selection
    2. Internal and External BGP
      1. Scaling IBGP with Route Reflection
        1. Route reflection and redundancy
        2. Scaling IBGP: Confederations
    3. BGP and the Enterprise
      1. When Should an Enterprise Run BGP?
        1. A word about AS numbers
      2. ASN Portability
        1. Dual-homed: Single versus multiple providers
    4. Asymmetric Link Speed Support
      1. Which Routers Should Run IBGP?
      2. No Transit Services
      3. The Impact of Accepting Specifics Versus a Default from Your Provider
      4. Summary of Enterprise BGP Requirements
    5. BGP Deployment: Asymmetric Load Balancing
      1. Validate Baseline Operation
      2. Configure Generated Route
      3. Configure Initial BGP Peering
      4. Configure Initial BGP Policy
      5. Use BGP for Asymmetric Load Balancing
      6. Initial BGP Peering Summary
    6. Enterprise Routing Policy
      1. Inbound and Outbound Routing Policies
      2. Common Policy Design Criteria
        1. A word on outbound/inbound versus export/import policy
        2. Know your ISP’s policy
      3. Enterprise Policy Summary
    7. Multihome Beer-Co
      1. Implement Beer-Co’s Outbound Policy
      2. EBGP Peering to AS 420
      3. Export Beer-Co Aggregate to Borgnet
        1. Monitor system load
      4. IBGP Peering Within AS 1282
        1. Troubleshoot an IBGP peering problem
        2. Configure route reflection
        3. Troubleshoot BGP next hop reachability
      5. Confirm Outbound Policy Operation
      6. Dual-Homing and Outbound Policy Summary
    8. Inbound Policy
      1. AS Path Prepend to Influence Nonadjacent AS Path Selection
      2. Use Communities to Influence Peer AS
      3. BGP Inbound Policy Summary
    9. Conclusion
    10. Exam Topics
    11. Chapter Review Questions
    12. Chapter Review Answers
  10. 6. Access Security
    1. Security Concepts
      1. Summary of Security Concepts
    2. Securing Access to the Router
      1. User Authentication
      2. Remote Access
      3. Summary of Access Security
    3. Firewall Filters
      1. Filter Processing
      2. Filter Match Conditions
        1. Can your mother read this?
      3. Filter Actions
      4. Applying a Filter
      5. Case Study: Transit Filters
      6. Case Study: Loopback Filters
      7. Policers
        1. Burst-size limit mystery
        2. Policer actions
        3. Configuring and applying policers
        4. Policer example
      8. Summary of Firewall Filters and Policers
    4. Spoof Prevention (uRPF)
      1. Summary of Spoof Prevention
    5. Monitoring the Router
      1. Syslog
        1. Case study: Syslog
      2. SNMP
      3. NTP
      4. Is NTP REALLY Working?
      5. Summary of Router Monitoring
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  11. 7. Introduction to JUNOS Services
    1. JUNOS Services
    2. Layer 2 Services
      1. Multilink PPP
        1. Multiclass MLPPP
      2. CRTP
      3. Multilink Frame Relay
      4. GRE
      5. Layer 2 Services Summary
    3. Layer 3 Services
      1. Stateful Firewall
        1. Application Layer Gateways
      2. Network Address Translation
      3. Intrusion Detection Services
      4. IPSec VPN
      5. Layer 3 Services Summary
    4. Layer 3 Services Configuration
      1. Simple Interface-Style Service Set
      2. Service Filters and Post-Service Filters
      3. Simple Next Hop-Style Service Set
      4. Logging and Tracing
      5. Layer 3 Services Configuration Summary
    5. Additional Service Options
      1. Layer 2 Tunneling Protocol (L2TP)
      2. Real-Time Performance Monitoring (RPM)
      3. Data Link Switching (DLSw)
      4. Flow Monitoring
      5. Tunnel Services
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  12. 8. Advanced JUNOS Services
    1. Route Tables and Next Hop Service Sets
      1. Summary of Route Tables and Next Hop-Style Service Sets
    2. IPSec VPNs
      1. Minimum IPSec Tunnel Configuration
        1. Interface-style service set
        2. Next hop-style service set
      2. Unique Proposals
      3. Backup Tunnels
        1. Routing and verification for IPSec tunnels
        2. Physical interface goes down!
      4. Dynamic IPSec Tunnels
      5. IPSec over GRE
      6. Summary of IPSec VPNs
    3. NAT
      1. Source NAT with No PAT
      2. Source NAT with PAT
      3. Destination NAT
        1. NAT and the stateful firewall
      4. Twice NAT
      5. Summary of NAT
      6. IDS
    4. Combining Services
      1. Stateful Firewall, NAT, and IPSec over GRE Together
    5. The Life of a Packet
      1. Considerations Regarding Order of Operations
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  13. 9. Class of Service
    1. What Is IP CoS, and Why Do I Need It?
      1. Why IP Networks Need CoS
        1. Circuit-switching inefficiencies
      2. CoS Terms and Concepts
        1. Network QoS parameters
        2. Classification
          1. Loss priority
        3. Packet marking/rewriting
        4. Forwarding classes, queues, and schedulers
          1. Schedulers
        5. Congestion management
          1. Weighted RED
        6. Policing and shaping
          1. Isolation is needed to preserve CoS
          2. Policing versus shaping
        7. Summary of CoS processing steps
      3. IP CoS Summary
    2. IP Differentiated Services
      1. IP ToS
      2. Enter IP Integrated Services
      3. IP Differentiated Services
      4. DiffServ Terminology
        1. DiffServ PHBs
          1. Recommended/default DHCPs
      5. DiffServ Summary
    3. M7i and J-Series CoS Capabilities
      1. Input Processing
        1. BA classification capabilities
        2. Multifield classification
        3. Policing
        4. CoS policy
      2. Output Processing
        1. Egress policing
        2. Rewrite marking
        3. Scheduling and queuing
          1. Scheduling discipline
          2. Scheduler configuration
      3. Delay Buffer Size
      4. Scheduler Maps
        1. A word on per-unit scheduling
        2. Congestion control
        3. Configure WRED drop profiles
      5. Differences Between J-Series and M7i CoS
        1. Per-unit scheduling
        2. Weight- versus priority-based scheduling
          1. The M-series weight-based scheduler
          2. The J-series priority scheduler
        3. Scheduler-based shaping to limit excess bandwidth usage
        4. Scheduler priority levels
        5. Hierarchical shaping and shared scheduling
        6. J-series virtual channels
        7. RED behavioral differences
        8. Number of queues/forwarding classes
        9. PLP and adaptive shaping
          1. Adaptive shaping
        10. Number of rewrite markers
      6. JUNOS Software CoS Defaults
        1. Four forwarding classes, but only two queues
        2. BA and rewrite marker templates
      7. M-Series and J-Series CoS Summary
    4. DiffServ CoS Deployment and Verification
      1. Why Not Test CoS with Control-Plane-Generated Traffic?
        1. Cannot control classification of locally generated traffic
        2. Enter resource performance monitoring
      2. Configure DiffServ-Based CoS
        1. Multifield classification and policing (task 1)
        2. BA classification and rewriting (task 2)
        3. CoS shaping (task 3)
        4. Scheduler definition and application (task 4)
          1. M-series scheduler definition
          2. J-series scheduler definition
      3. An Alternative J-Series Scheduler Approach
      4. Define RED Profiles
        1. Scheduler application
        2. Activate multifield classification
        3. The complete configuration
      5. Verify DiffServ-Based CoS
        1. Confirm general CoS configuration
        2. Confirm classification and queuing
          1. Multifield classification
          2. BA classification
        3. Confirm that all this CoS stuff actually does something
        4. No CoS benchmark
        5. The CoS benchmark
      6. DiffServ Deployment Summary
    5. J-Series Adaptive Shapers and Virtual Channels
      1. Configure Adaptive Shaping
      2. Virtual Channels
        1. Configure virtual channels
      3. J-Series Adaptive Shaping and Virtual Channel Summary
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  14. 10. IP Multicast in the Enterprise
    1. What Is Multicast?
      1. Multicast Applications
        1. Locating content
      2. Multicast Terminology and Concepts
        1. Routing turned upside down
        2. Multicast terms
        3. Additional multicast building blocks
          1. Multicast addressing
      3. Mapping IP Multicast to Link Layer Multicast
        1. Multicast addressing and administrative scoping
        2. Interface lists
        3. Reverse path forwarding
        4. Distribution trees
          1. SPT
          2. Shared trees and RPs
          3. Switching from a shared tree to an SPT
      4. Multicast Terminology Summary
    2. Multicast Protocols
      1. Group Management Protocols
        1. IGMPv3
      2. PIM
        1. PIM versions
        2. PIM components
          1. RP discovery
        3. PIM modes
          1. Dense mode
          2. Sparse mode
          3. Source-specific multicast
        4. PIM messages
        5. The designated router
          1. PIM assert
      3. Multicast Protocol Summary
    3. PIM Sparse Mode: Static RP
      1. Validate the Baseline IGP Forwarding Path
      2. Configure PIM Sparse Mode with Static RP
        1. Configure PIM on the RP
        2. Configure PIM on remaining routers
        3. Verify RPF
        4. Configure the simulated receiver
      3. A Word on Multicast Client Options
          1. Static IGMP membership
        1. Create a listening multicast process
        2. Generate multicast traffic
      4. PIM Sparse Mode with Static RP Summary
    4. Configure PIM Sparse Mode with Bootstrap RP
      1. Troubleshoot a Bootstrap Problem
        1. Extra points for creativity?
      2. PIM Sparse Mode with Bootstrap RP Summary
    5. PIM-Based Anycast-RP
      1. Configure Anycast-RP
        1. Configure static RP on non-RP routers
        2. Configure the Anycast-RPs
        3. Verify the Anycast-RPs
        4. What about MSDP?
      2. PIM Sparse Mode with Anycast-RP Summary
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  15. 11. JUNOS Software with Enhanced Services
    1. JUNOS Software with Enhanced Services Overview
      1. Supported Platforms
      2. Packet Versus Flow-Based Processing
        1. Security zones
      3. Do I Need a Router or a Security Device?
        1. Best-of-breed routing and security services
      4. Architecture Changes
        1. Adding flow-based forwarding
          1. Flows and sessions
        2. JUNOS software with enhanced services packet walk
      5. JUNOS Software with Enhanced Services Summary
    2. Migrating from JUNOS to JUNOS Software with Enhanced Services
      1. Understanding JUNOS Software with Enhanced Services Operational Modes
        1. Switching between secure and router contexts
      2. Migration Steps
        1. Migration example
        2. Step 1: Copy the current configuration file
        3. Step 2: Migrate the existing configuration to a JUNOS software with enhanced services configuration
        4. Step 3: Copy the migrated configuration for use when JUNOS software with enhanced services loads
        5. Step 4: Copy and install JUNOS software with enhanced services
          1. Free up space
          2. Confirm that you have enough compact flash space
          3. Install JUNOS software with enhanced services
        6. So, what changed?
          1. A note on IPv6 and MPLS
      3. JUNOS Software with Enhanced Services Migration Summary
    3. Service Migration Case Study: JUNOS to JUNOS Software with Enhanced Services
      1. The Original JUNOS Software ASP-Based Service Set
        1. Original ASP-based service set: Operational analysis
      2. The Migrated JUNOS Software with Enhanced Services Configuration
        1. Confirm JUNOS software with enhanced services operation
        2. Troubleshoot a flow problem
        3. Some other interesting commands
      3. JUNOS Software with Enhanced Services Summary
    4. Conclusion
    5. Exam Topics
    6. Chapter Review Questions
    7. Chapter Review Answers
  16. Glossary
  17. Index
  18. About the Authors
  19. Colophon
  20. Copyright