You are previewing Juniper MX Series.
O'Reilly logo
Juniper MX Series

Book Description

Discover why routers in the Juniper MX Series, with their advanced feature sets and record breaking scale, are so popular among enterprises and network service providers. This authoritative book shows you step-by-step how to implement high-density, high-speed Layer 2 and Layer 3 Ethernet services, using Router Engine DDoS Protection, Multi-chassis LAG, Inline NAT, IPFIX/J-Flow, and many other Juniper MX features.

Table of Contents

  1. Juniper MX Series
  2. Dedication
  3. Dedication
  4. SPECIAL OFFER: Upgrade this ebook with O’Reilly
  5. About the Authors
    1. About the Lead Technical Reviewers
    2. About the Technical Reviewers
      1. Proof of Concept Laboratory
  6. Preface
    1. No Apologies
    2. Book Topology
      1. Interface Names
      2. Aggregate Ethernet Assignments
      3. Layer 2
      4. IPv4 Addressing
      5. IPv6 Addressing
    3. What’s in This Book?
    4. Conventions Used in This Book
    5. Using Code Examples
    6. Safari® Books Online
    7. How to Contact Us
  7. 1. Juniper MX Architecture
    1. Junos
      1. One Junos
      2. Software Releases
      3. Three Release Cadence
      4. Software Architecture
      5. Daemons
        1. Management Daemon
        2. Routing Protocol Daemon
        3. Device Control Daemon
        4. Chassis Daemon (and Friends)
      6. Routing Sockets
    2. Juniper MX Chassis
      1. MX80
        1. MX80 Interface Numbering
        2. MX80-48T Interface Numbering
      2. Midrange
      3. MX240
        1. Interface Numbering
          1. Full Redundancy
          2. No Redundancy
      4. MX480
        1. Interface Numbering
      5. MX960
        1. Interface Numbering
          1. Full Redundancy
          2. No Redundancy
    3. Trio
      1. Trio Architecture
      2. Buffering Block
      3. Lookup Block
      4. Interfaces Block
      5. Dense Queuing Block
    4. Line Cards and Modules
      1. Dense Port Concentrator
      2. Modular Port Concentrator
        1. MPC1
        2. MPC2
        3. MPC-3D-16X10GE-SFPP
        4. MPC3E
          1. Multiple Lookup Block Architecture
          2. Source MAC Learning
          3. Destination MAC Learning
          4. Policing
      3. Packet Walkthrough
        1. MPC1 and MPC2 with Enhanced Queuing
        2. MPC3E
      4. Modular Interface Card
      5. Network Services
    5. Switch and Control Board
      1. Ethernet Switch
      2. Switch Fabric
        1. MX240 and MX480 Fabric Planes
        2. MX960 Fabric Planes
      3. J-Cell
        1. J-Cell Format
        2. J-Cell Flow
        3. Request and Grant
      4. MX Switch Control Board
        1. MX SCB and MPC Caveats
        2. MX240 and MX480
        3. MX960
      5. Enhanced MX Switch Control Board
        1. MX240 and MX480
        2. MX960
    6. MX2020
      1. Architecture
        1. Switch Fabric Board
        2. Power Supply
        3. Air Flow
        4. Line Card Compatibility
    7. Summary
    8. Chapter Review Questions
    9. Chapter Review Answers
  8. 2. Bridging, VLAN Mapping, IRB, and Virtual Switches
    1. Isn’t the MX a Router?
    2. Layer 2 Networking
      1. Ethernet II
      2. IEEE 802.1Q
      3. IEEE 802.1QinQ
    3. Junos Interfaces
    4. Interface Bridge Configuration
      1. Basic Comparison of Service Provider versus Enterprise Style
        1. Service Provider Style
        2. Enterprise Style
    5. Service Provider Interface Bridge Configuration
      1. Tagging
        1. VLAN Tagging
          1. vlan-id-range
        2. Stacked VLAN Tagging
        3. Flexible VLAN Tagging
      2. Encapsulation
        1. Ethernet Bridge
        2. Extended VLAN Bridge
        3. Flexible Ethernet Services
      3. Service Provider Bridge Domain Configuration
    6. Enterprise Interface Bridge Configuration
      1. Interface Mode
        1. Access
        2. Trunk
        3. IEEE 802.1QinQ
        4. IEEE 802.1Q and 802.1QinQ Combined
      2. VLAN Rewrite
    7. Service Provider VLAN Mapping
      1. Stack Data Structure
      2. Stack Operations
      3. Stack Operations Map
        1. input-vlan-map
        2. output-vlan-map
      4. Tag Count
      5. Bridge Domain Requirements
      6. Example: Push and Pop
      7. Example: Swap-Push and Pop-Swap
    8. Bridge Domains
      1. Learning Domain
        1. Single Learning Domain
        2. Multiple Learning Domains
      2. Bridge Domain Modes
        1. Default
        2. None
        3. All
        4. List
        5. Single
        6. Dual
      3. Bridge Domain Options
        1. MAC Table Size
          1. Global
          2. Bridge domain
          3. Interface
        2. No MAC learning
      4. Show Bridge Domain Commands
        1. show bridge domain
        2. show bridge mac-table
        3. show bridge statistics
        4. show l2-learning instance detail
      5. Clear MAC Addresses
        1. Specific MAC Address
        2. Entire Bridge-Domain
      6. MAC Accounting
    9. Integrated Routing and Bridging
      1. IRB Attributes
    10. Virtual Switch
      1. Configuration
    11. Summary
    12. Chapter Review Questions
    13. Chapter Review Answers
  9. 3. Stateless Filters, Hierarchical Policing, and Tri-Color Marking
    1. Firewall Filter and Policer Overview
      1. Stateless versus Stateful
        1. Stateless
        2. Stateful
      2. Stateless Filter Components
        1. Stateless Filter Types
        2. Protocol Families
        3. Filter Terms
          1. The Implicit Deny-All Term
        4. Filter Matching
          1. A Word on Bit Field Matching
        5. Filter Actions
      3. Filters versus Routing Policy
      4. Filter Scaling
        1. Filter Optimization Tips
      5. Filtering Differences for MPC versus DPC
      6. Enhanced Filter Mode
    2. Filter Operation
      1. Stateless Filter Processing
        1. Filter Actions
          1. Terminating Actions
          2. Nonterminating Actions
          3. Flow Control Actions
    3. Policing
      1. Rate Limiting: Shaping or Policing?
        1. Shaping
          1. The Leaky Bucket Algorithm
          2. The Token Bucket Algorithm
        2. Policing
      2. Junos Policer Operation
        1. Policer Parameters
          1. A Suggested Burst Size
        2. Policer Actions
      3. Basic Policer Example
        1. Bandwidth Policer
        2. Logical Bandwidth Policer
      4. Cascaded Policers
      5. Single and Two-Rate Three-Color Policers
        1. TCM Traffic Parameters
          1. Single-Rate Traffic Parameters
          2. Two-Rate Traffic Parameters
        2. Color Modes for Three-Color Policers
        3. Configure Single-Rate Three-Color Policers
          1. srTCM Nonconformance
        4. Configure Two-Rate Three-Color Policers
          1. trTCM Nonconformance
      6. Hierarchical Policers
        1. Hierarchical Policer Example
    4. Applying Filters and Policers
      1. Filter Application Points
        1. Loopback Filters and RE Protection
        2. Input Interface Filters
        3. Output Interface Filters
        4. Aggregate or Interface Specific
        5. Filter Chaining
        6. Filter Nesting
        7. Forwarding Table Filters
        8. General Filter Restrictions
      2. Applying Policers
        1. Logical Interface Policers
          1. Filter-Evoked Logical Interface Policers
        2. Physical Interface Policers
      3. Policer Application Restrictions
    5. Bridge Filtering Case Study
      1. Filter Processing in Bridged and Routed Environments
      2. Monitor and Troubleshoot Filters and Policers
        1. Monitor System Log for Errors
      3. Bridge Family Filter and Policing Case Study
        1. Policer Definition
        2. HTTP Filter Definition
        3. Flood Filter
        4. Verify Proper Operation
      4. Summary
    6. Chapter Review Questions
    7. Chapter Review Answers
  10. 4. Routing Engine Protection and DDoS Prevention
    1. RE Protection Case Study
      1. IPv4 RE Protection Filter
      2. IPv6 RE Protection Filter
        1. Next-Header Nesting, the Bane of Stateless Filters
        2. The Sample IPv6 Filter
    2. DDoS Protection Case Study
      1. The Issue of Control Plane Depletion
      2. DDoS Operational Overview
        1. Host-Bound Traffic Classification
        2. A Gauntlet of Policers
      3. Configuration and Operational Verification
        1. Disabling and Tracing
        2. Configure Protocol Group Properties
        3. Verify DDoS Operation
      4. Late Breaking DDoS Updates
    3. DDoS Case Study
      1. The Attack Has Begun!
        1. Analyze the Nature of the DDoS Threat
    4. Mitigate DDoS Attacks
      1. BGP Flow-Specification to the Rescue
        1. Configure Local Flow-Spec Routes
          1. Flow-Spec Algorithm Version
        2. Validating Flow Routes
          1. Limit Flow-Spec Resource Usage
      2. Summary
    5. BGP Flow-Specification Case Study
      1. Let the Attack Begin!
        1. Determine Attack Details and Define Flow Route
      2. Summary
    6. Chapter Review Questions
    7. Chapter Review Answers
  11. 5. Trio Class of Service
    1. MX CoS Capabilities
      1. Port versus Hierarchical Queuing MPCs
        1. H-CoS and the MX80
      2. CoS Capabilities and Scale
        1. Queue and Scheduler Scaling
          1. How Many Queues per Port?
          2. Configure Four- or Eight-Queue Mode
          3. Low Queue Warnings
        2. Trio versus I-Chip/ADPC CoS Differences
    2. Trio CoS Flow
      1. Intelligent Oversubscription
      2. The Remaining CoS Packet Flow
      3. CoS Processing: Port- and Queue-Based MPCs
        1. Switch Fabric Priority
        2. Classification and Policing
          1. Classification and Rewrite on IRB Interfaces
        3. Egress Processing
          1. Egress Queuing: Port or Dense Capable?
          2. WRED
      4. Trio Hashing and Load Balancing
        1. A Forwarding Table Per-Packet Policy Is Needed
        2. Load Balancing and Symmetry
      5. Key Aspects of the Trio CoS Model
        1. Independent Guaranteed Bandwidth and Weight
        2. Guaranteed versus Excess Bandwidth and Priority Handling
        3. Input Queuing on Trio
        4. Trio Buffering
        5. Trio Drop Profiles
        6. Trio Bandwidth Accounting
        7. Trio Shaping Granularity
        8. Trio MPLS EXP Classification and Rewrite Defaults
      6. Trio CoS Processing Summary
    3. Hierarchical CoS
      1. The H-CoS Reference Model
      2. Level 4: Queues
        1. Explicit Configuration of Queue Priority and Rates
      3. Level 3: IFL
        1. The Guaranteed Rate
        2. Priority Demotion and Promotion
          1. G-Rate Based Priority Handling at Nodes
          2. Per Priority Shaping–Based Demotion at Nodes
          3. Queue-Level Priority Demotion
      4. Level 2: IFL-Sets
        1. Remaining Traffic Profiles
        2. Forcing a Two-Level Scheduling Hierarchy
      5. Level 1: IFD
      6. Remaining
        1. Remaining Example
      7. Interface Modes and Excess Bandwidth Sharing
          1. PIR Characteristics
          2. PIR/CIR Characteristics
        1. Shaper Burst Sizes
          1. Calculating the Default Burst Size
          2. Choosing the Actual Burst Size
          3. Burst Size Example
        2. Shapers and Delay Buffers
          1. Delay Buffer Rate and the H-CoS Hierarchy
        3. Sharing Excess Bandwidth
          1. Scheduler Nodes
          2. Queues
          3. Excess None
          4. Excess Handling Defaults
          5. Excess Rate and PIR Interface Mode
          6. Excess Sharing Example
      8. Priority-Based Shaping
      9. Fabric CoS
      10. Control CoS on Host-Generated Traffic
        1. Default Routing Engine CoS
        2. Dynamic Profile Overview
          1. Dynamic Profile Linking
        3. Dynamic CoS
      11. H-CoS Summary
    4. Trio Scheduling and Queuing
      1. Scheduling Discipline
      2. Scheduler Priority Levels
        1. Scheduler to Hardware Priority Mapping
        2. Priority Propagation
          1. Priority Promotion and Demotion
      3. Scheduler Modes
        1. Port-Level Queuing
          1. Operation Verification: Port Level
        2. Per Unit Scheduler
          1. Hierarchical Scheduler
      4. H-CoS and Aggregated Ethernet Interfaces
        1. Aggregated Ethernet H-CoS Modes
      5. Schedulers, Scheduler Maps, and TCPs
        1. Scheduler Maps
          1. Configure WRED Drop Profiles
        2. Scheduler Feature Support
        3. Traffic Control Profiles
          1. Overhead Accounting on Trio
      6. Trio Scheduling and Priority Summary
    5. MX Trio CoS Defaults
      1. Four Forwarding Classes, but Only Two Queues
      2. Default BA and Rewrite Marker Templates
      3. MX Trio CoS Defaults Summary
    6. Predicting Queue Throughput
      1. Where to Start?
      2. Trio CoS Proof-of-Concept Test Lab
        1. A Word on Ratios
        2. Example 1: PIR Mode
        3. Example 2: CIR/PIR Mode
        4. Example 3: Make a Small, “Wafer-thin” Configuration Change
      3. Predicting Queue Throughput Summary
    7. CoS Lab
      1. Configure Unidirectional CoS
        1. Establish a CoS Baseline
          1. Baseline Configuration
          2. The Scheduler Block
        2. Select a Scheduling Mode
          1. Apply Schedulers and Shaping
      2. Verify Unidirectional CoS
        1. Confirm Queuing and Classification
          1. Use Ping to Test MF Classification
        2. Confirm Scheduling Details
        3. Check for Any Log Errors
      3. Confirm Scheduling Behavior
        1. Match Tester’s Layer 2 Rate to Trio Layer 1 Shaping
        2. Compute Queue Throughput: L3
          1. The Layer 3 IFL Calculation: Maximum
          2. The Layer 3 IFL Calculation: Actual Throughput
    8. Add H-CoS for Subscriber Access
      1. Configure H-CoS
      2. Verify H-CoS
        1. Verify H-CoS in the Data Plane
      3. Trio CoS Summary
    9. Chapter Review Questions
    10. Chapter Review Answers
  12. 6. MX Virtual Chassis
    1. What is Virtual Chassis?
      1. MX-VC Terminology
      2. MX-VC Use Case
      3. MX-VC Requirements
      4. MX-VC Architecture
        1. MX-VC Kernel Synchronization
        2. MX-VC Routing Engine Failures
          1. VC-Mm failure
          2. VC-Mb failure
          3. VC-Bm failure
          4. VC-Bb failure
          5. VC-Lm failure
          6. VC-Lb
      5. MX-VC Interface Numbering
      6. MX-VC Packet Walkthrough
      7. Virtual Chassis Topology
      8. Mastership Election
      9. Summary
    2. MX-VC Configuration
      1. Chassis Serial Number
      2. Member ID
      3. R1 VCP Interface
      4. Routing Engine Groups
      5. Virtual Chassis Configuration
        1. GRES and NSR
      6. R2 VCP Interface
      7. Virtual Chassis Verification
        1. Virtual Chassis Topology
      8. Revert to Standalone
      9. Summary
    3. VCP Interface Class of Service
      1. VCP Traffic Encapsulation
      2. VCP Class of Service Walkthrough
      3. Forwarding Classes
      4. Schedulers
      5. Classifiers
      6. Rewrite Rules
      7. Final Configuration
      8. Verification
    4. Summary
    5. Chapter Review Questions
    6. Chapter Review Answers
  13. 7. Trio Inline Services
    1. What are Trio Inline Services?
    2. J-Flow
      1. J-Flow Evolution
      2. Inline IPFIX Performance
      3. Inline IPFIX Configuration
        1. Chassis Configuration
        2. Flow Monitoring
        3. Sampling Instance
        4. Firewall Filter
      4. Inline IPFIX Verification
      5. IPFIX Summary
    3. Network Address Translation
      1. Types of NAT
      2. Services Inline Interface
      3. Service Sets
        1. Next-Hop Style Service Sets
        2. Interface Style Service Sets
        3. Traffic Directions
          1. Next-Hop Style Traffic Directions
          2. Interface Style Traffic Directions
      4. Destination NAT Configuration
      5. Network Address Translation Summary
    4. Tunnel Services
      1. Enabling Tunnel Services
      2. Tunnel Services Case Study
        1. Tunnel Services Case Study Final Verification
      3. Tunnel Services Summary
    5. Port Mirroring
      1. Port Mirror Case Study
        1. Configuration
      2. Port Mirror Summary
    6. Summary
    7. Chapter Review Questions
    8. Chapter Review Answers
  14. 8. Multi-Chassis Link Aggregation
    1. Multi-Chassis Link Aggregation
      1. MC-LAG State Overview
        1. MC-LAG Active-Standby
        2. MC-LAG Active-Active
        3. MC-LAG State Summary
      2. MC-LAG Family Support
      3. Multi-Chassis Link Aggregation versus MX Virtual-Chassis
      4. MC-LAG Summary
    2. Inter-Chassis Control Protocol
      1. ICCP Hierarchy
      2. ICCP Topology Guidelines
      3. How to Configure ICCP
      4. ICCP Configuration Guidelines
        1. Valid Configurations
        2. Invalid Configurations
      5. ICCP Split Brain
      6. ICCP Summary
    3. MC-LAG Modes
      1. Active-Standby
      2. Active-Active
        1. ICL Configuration
        2. MAC Address Synchronization
      3. MC-LAG Modes Summary
    4. Case Study
      1. Logical Interfaces and Loopback Addressing
      2. Layer 2
        1. Loop Prevention
          1. Input Feature
          2. Output Feature
          3. Loop Prevention Verification
        2. R1 and R2
          1. Bridging and IEEE 802.1Q
          2. IEEE 802.3ad
        3. S1 and S2
          1. Bridging and IEEE 802.1Q
          2. IEEE 802.3ad
      3. Layer 3
        1. Interior Gateway Protocol—IS-IS
        2. Bidirectional Forwarding Detection
        3. Virtual Router Redundancy Protocol
      4. MC-LAG Configuration
        1. ICCP
          1. R1 and R2
          2. R3 and R4
          3. ICCP Verification
        2. Multi-Chassis Aggregated Ethernet Interfaces
          1. R1 and R2
          2. R3 and R4
      5. Connectivity Verification
        1. Intradata Center Verification
        2. Interdata Center Verification
      6. Case Study Summary
    5. Summary
    6. Chapter Review Questions
    7. Chapter Review Answers
  15. 9. Junos High Availability on MX Routers
    1. Junos High-Availability Feature Overview
    2. Graceful Routing Engine Switchover
      1. The GRES Process
        1. Synchronization
        2. Routing Engine Switchover
        3. What Can I Expect after a GRES?
      2. Configure GRES
        1. GRES Options
          1. Disk Fail
          2. Process Failure Induced Switchovers
        2. Verify GRES Operation
          1. GRES, Before and After
        3. GRES and Software Upgrade/Downgrades
      3. GRES Summary
    3. Graceful Restart
      1. GR Shortcomings
      2. Graceful Restart Operation: OSPF
        1. Restarting Router
          1. Grace LSA
        2. Helper Router
        3. Aborting GR
        4. A Graceful Restart, at Last
        5. A Fly in the Ointment—And an Improved GR for OSPF
          1. OSPF Restart Signaling RFCs 4811, 4812, and 4813
      3. Graceful Restart and other Routing Protocols
        1. Junos GR Support by Release
      4. Configure and Verify OSPF GR
        1. Enable Graceful-Restart Globally
        2. OSPF GR Options
        3. Verify OSPF GR
          1. An Ungraceful Restart
          2. A Graceful Restart
      5. Graceful Restart Summary
    4. Nonstop Routing and Bridging
      1. Replication, the Magic That Keeps Protocols Running
      2. Nonstop Bridging
        1. NSB Only Replicates Layer 2 State
        2. NSB and Other Layer 2 Functions
      3. Current NSR/NSB Support
        1. BFD and NSR/GRES Support
          1. BFD Scaling with NSR
          2. BFD and GR—They Don’t Play Well Together
        2. NSR and BGP
        3. NSR and PIM
          1. PIM Supported Features
          2. PIM Unsupported Features
          3. PIM Incompatible Features
        4. NSR and RSVP-TE LSPs
        5. NSR and VRRP
      4. This NSR Thing Sounds Cool; So What Can Go Wrong?
        1. NSR, the good . . .
          1. . . . And the bad
        2. Practicing Safe NSRs
          1. The Preferred Way to Induce Switchovers
          2. Other Switchover Methods
        3. Tips for a Hitless (and Happy) Switchover
      5. Configure NSR and NSB
        1. NSR and Graceful Restart: Not like Peanut Butter and Chocolate
        2. General NSR Debugging Tips
      6. Verify NSR and NSB
        1. Confirm Pre-NSR Protocol State
        2. Confirm Pre-NSR Replication State
          1. BGP Replication
          2. IS-IS Replication
          3. Confirm BFD Replication
          4. Layer 2 NSB Verification
        3. Perform a NSR
          1. Troubleshoot a NSR/NSB Problem
      7. NSR Summary
    5. In-Service Software Upgrades
      1. ISSU Operation
        1. ISSU Dark Windows
          1. BFD and the Dark Window
      2. ISSU Layer 3 Protocol Support
      3. ISSU Layer 2 Support
      4. MX MIC/MPC ISSU Support
      5. ISSU: A Double-Edged Knife
        1. ISSU Restrictions
        2. ISSU Troubleshooting Tips
      6. ISSU Summary
    6. ISSU Lab
      1. Verify ISSU Readiness
      2. Perform an ISSU
        1. Confirm ISSU
      3. Summary
    7. Chapter Review Questions
    8. Chapter Review Answers
  16. Index
  17. About the Authors
  18. Colophon
  19. SPECIAL OFFER: Upgrade this ebook with O’Reilly
  20. Copyright