p. 1

jncia-junos study guide part 2 worldwide education services 1194 north mathilda avenue sunnyvale ca 94089 usa 408-745-2000 www.juniper.net

[close]

p. 2

this document is produced by juniper networks inc this document or any part thereof may not be reproduced or transmitted in any form under penalty of law without the prior written permission of juniper networks education services juniper networks junos steel-belted radius netscreen and screenos are registered trademarks of juniper networks inc in the united states and other countries the juniper networks logo the junos logo and junose are trademarks of juniper networks inc all other trademarks service marks registered trademarks or registered service marks are the property of their respective owners jncia-junos study guide part 2 copyright © 2010 juniper networks inc all rights reserved printed in usa the information in this document is current as of the date listed above the information in this document has been carefully verified and is believed to be accurate for software release 10.1r1.8 juniper networks assumes no responsibilities for any inaccuracies that may appear in this document in no event will juniper networks be liable for direct indirect special exemplary incidental or consequential damages resulting from any defect or omission in this document even if advised of the possibility of such damages juniper networks reserves the right to change modify transfer or otherwise revise this publication without notice year 2000 notice juniper networks hardware and software products do not suffer from year 2000 problems and hence are year 2000 compliant the junos operating system has no known time-related limitations through the year 2038 however the ntp application is known to have some difficulty in the year 2036 software license the terms and conditions for using juniper networks software are described in the software license provided with the software or to the extent applicable in an agreement executed between you and juniper networks or juniper networks agent by using juniper networks software you indicate that you understand and agree to be bound by its license terms and conditions generally speaking the software license restricts the manner in which you are permitted to use the juniper networks software may contain prohibitions against certain uses and may state conditions under which the license is automatically terminated you should consult the software license for further details.

[close]

p. 3

contents chapter 1 chapter 2 chapter 3 routing fundamentals 1-1 routing policy and firewall filters 2-1 class of service 3-1 contents · iii

[close]

p. 4

overview welcome to the jncia-junos study guide part 2 the purpose of this guide is to help you prepare for your jn0-101 exam and achieve your jncia-junos credential the contents of this document are based on the junos routing essentials course this study guide provides students with foundational routing knowledge and configuration examples and includes an overview of general routing concepts routing policy and firewall filters and class of service cos agenda chapter 1 chapter 2 chapter 3 routing fundamentals routing policy and firewall filters class of service overview · iv

[close]

p. 5

document conventions cli and gui text frequently throughout this study guide we refer to text that appears in a command-line interface cli or a graphical user interface gui to make the language of these documents easier to read we distinguish gui and cli text from chapter text according to the following table style franklin gothic courier new description normal text console text · · screen captures noncommand-related syntax menu names text field entry commit complete exiting configuration mode select file open and then click configuration.conf in the filename text box usage example most of what you read in the student guide gui text elements · · input text versus output text you will also frequently see cases where you must enter input text yourself often this will be shown in the context of where you must enter it we use bold style to distinguish text that is input versus text that is simply displayed style normal cli normal gui description no distinguishing variant usage example physical interface:fxp0 enabled view configuration history by clicking configuration history text that you must enter lab@san_jose show route select file save and enter config.ini in the filename field cli input gui input v · document conventions

[close]

p. 6

defined and undefined syntax variables finally this study guide distinguishes between regular text and syntax variables and it also distinguishes between syntax variables where the value is already assigned defined variables and syntax variables where you must assign the value undefined variables note that these styles can be combined with the input style as well style cli variable gui variable cli undefined gui undefined text where the variable s value is the user s discretion and text where the variable s value might differ from the value the user must input type set policy policy-name ping 10.0.x.y select file save and enter filename in the filename field description text where variable value is already assigned usage example policy my-peers click on my-peers in the dialog document conventions · vi

[close]

p. 7

additional information education services offerings you can obtain information on the latest education services offerings course dates and class locations from the world wide web by pointing your web browser to http www.juniper.net/training/education about this publication the jncia-junos study guide part 2 was developed and tested using software release 10.1r1.8 previous and later versions of software might behave differently so you should always consult the documentation and release notes for the version of code you are running before reporting errors this document is written and maintained by the juniper networks education services development team please send questions and suggestions for improvement to training@juniper.net technical publications you can print technical manuals and release notes directly from the internet in a variety of formats · · go to http www.juniper.net/techpubs locate the specific software or hardware release and title you need and choose the format in which you want to view or print the document documentation sets and cds are available through your local juniper networks sales office or account representative juniper networks support for technical support contact juniper networks at http www.juniper.net/customers support or at 1-888-314-jtac within the united states or 408-745-2121 from outside the united states vii · additional information

[close]

p. 8

jncia-junos study guide part 2 chapter 1 routing fundamentals this chapter discusses · · · · basic routing operations and concepts routing and forwarding tables configuration and monitoring of static routing and configuration and monitoring of basic ospf a basic definition of routing routing in its most basic form is the process of moving data between layer 3 networks the sample topology on the graphic consists of several layer 3 networks all connected to routers although routers are the most common devices for performing routing operations note that many switches and security devices also perform routing operations note also that the internet is actually a collection of many networks rather than a single network we look at the required components of routing and how devices running the junos operating system make routing decisions on subsequent sections of this material routing components you must consider several components and other aspects to effectively implement routing between remote networks however you can classify the various components and considerations into two primary requirements having an end-to-end communications path and ensuring all layer 3 devices within the communications path have the required routing information routing fundamentals · chapter 1-1 © 2010 juniper networks inc all rights reserved.

[close]

p. 9

jncia-junos study guide part 2 in the example shown on the graphic you can see that a physical path exists between the highlighted networks and the internet as long as the physical path is configured and functioning correctly the first requirement is satisfied for the second requirement all layer 3 devices participating in the communications path must have the necessary routing information the devices within the user and data center networks must have the proper gateway configured the router that connects to those networks as well as to the internet the gateway device must determine the proper next hop for each destination prefix for transit traffic it receives devices running the junos os use the forwarding table which is a subset of information found in the route table to make this determination we discuss the route and forwarding tables in the next section test your knowledge the graphic presents a simple routing scenario and asks what routing information is required for user a to communicate with a device in the data center network for any device to communicate with another device outside its directly connected subnet a properly configured gateway is required in the scenario illustrated on the graphic the device associated with user a must have its gateway set to the router s ip address 10.1.1.1 likewise the devices within the data center network need a properly configured gateway 10.2.2.1 the router which functions as the gateway device for the user and data center networks requires sufficient routing information to determine the proper next hop for the traffic sent between the connected networks in this example the router learns the required information by way of the interface configuration the router adds the networks in which the interfaces are participating to the route and forwarding tables the router consults its forwarding table to determine the actual next hop for received traffic chapter 1-2 · routing fundamentals © 2010 juniper networks inc all rights reserved.

[close]

p. 10

jncia-junos study guide part 2 routing information sources the junos os routing table consolidates prefixes from multiple routing information sources including various routing protocols static routes and directly connected routes active route selection when a device running the junos os receives multiple routes for a given prefix it selects a single route as the active route with additional configuration the junos os supports multiple equal-cost routes forwarding table the router uses the active route for each destination prefix to populate the forwarding table the forwarding table determines the outgoing interface and layer 2 rewrite information for each packet forwarded by a device running the junos os multiple routing tables devices running the junos os can accommodate multiple routing tables the primary routing table inet.0 stores ipv4 unicast routes additional predefined routing tables exist such as inet6.0 which the junos os creates when the configuration requires it an administrator can create custom routing tables to be used in addition to these routing tables the following is a summary of the common predefined routing tables you might see on a device running the junos os · · · · · · · inet.0 used for ipv4 unicast routes inet.1 used for the multicast forwarding cache inet.2 used for multicast border gateway protocol mbgp routes to provide reverse path forwarding rpf checks inet.3 used for mpls path information inet.4 used for multicast source discovery protocol msdp route entries inet6.0 used for ipv6 unicast routes and mpls.0 used for mpls next hops routing fundamentals · chapter 1-3 © 2010 juniper networks inc all rights reserved.

[close]

p. 11

jncia-junos study guide part 2 preferred routing information sources the junos os uses route preference to differentiate routes received from different routing protocols or routing information sources route preference is equivalent to administrative distance on equipment from other vendors selecting the active route the junos os uses route preference to rank routes received through the various route information sources and as the primary criterion for selecting the active route the table at the bottom of the graphic shows the default preference values for a selected set of routing information sources the complete list of default route preference assignments is shown in the following table default route preferences direct local system routes 4 static and static lsps rsvp-signaled lsps ldp-signaled lsps ospf internal is-is level 1 internal is-is level 2 internal redirects kernel 0 0 4 5 7 9 10 15 18 30 40 snmp router discovery rip ripng dvmrp aggregate ospf as external is-is level 1 external is-is level 2 external bgp internal and external msdp 50 55 100 100 110 130 150 160 165 170 175 routing preference values can range from 0 to 4,294,967,295 lower preference values are preferred over higher preference values the following command output demonstrates that a static route with a preference of five is preferred over an ospf internal route with a preference of ten user@host show route 192.168.36.1 exact inet.0 5 destinations 6 routes 5 active 0 holddown 0 hidden active route last active both 192.168.36.1/32 static/5 00:00:31 to 10.1.1.2 via ge-0/0/10.0 © 2010 juniper networks inc all rights reserved chapter 1-4 · routing fundamentals

[close]

p. 12

jncia-junos study guide part 2 [ospf/10 00:02:21 metric 1 to 10.1.1.2 via ge-0/0/10.0 you can modify the default preference value for most routing information sources to make them more or less desirable the exception is with direct and local routes which are always preferred regardless of the modified route preference value associated with other routing information sources if equal-cost paths exist for the same destination the routing protocol daemon rpd randomly selects one of the available paths this approach provides load distribution among the paths while maintaining packet ordering per destination the following output illustrates this point user@host show route 10.1.0.0/16 inet.0 10 destinations 10 routes 10 active 0 holddown 0 hidden active route last active both 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 10.1.4.0/24 static/5 00:00:25 to 172.20.66.2 via to 172.20.77.2 via static/5 00:00:25 to 172.20.66.2 via to 172.20.77.2 via static/5 00:00:25 to 172.20.66.2 via to 172.20.77.2 via static/5 00:00:25 to 172.20.66.2 via to 172.20.77.2 via ge-0/0/2.0 ge-0/0/3.0 ge-0/0/2.0 ge-0/0/3.0 ge-0/0/2.0 ge-0/0/3.0 ge-0/0/2.0 ge-0/0/3.0 if desired you can enable per-flow load balancing over multiple equal-cost paths through routing policy load balancing is outside the scope of this material viewing the route table the graphic shows the use of the show route command which displays all route entries in the routing table as identified on the graphic all active routes are marked with an asterisk next to the selected entry each route entry displays the source from which the device learned the route along with the route preference for that source the show route command displays a summary of active holddown and hidden routes active routes are the routes the system uses to forward traffic holddown routes are routes that are in a pending state before the system routing fundamentals · chapter 1-5 © 2010 juniper networks inc all rights reserved.

[close]

p. 13

jncia-junos study guide part 2 declares them as inactive hidden routes are routes that the system cannot use for reasons such as an invalid next hop and route policy you can filter the generated output by destination prefix protocol type and other distinguishing attributes the following sample capture illustrates the use of the protocol filtering option user@host show route protocol ospf inet.0 6 destinations 7 routes 6 active 0 holddown 0 hidden active route last active both 10.1.1.0/24 224.0.0.5/32 [ospf/10 04:57:41 metric 2 to 172.18.25.2 via ge-0/0/13.0 ospf/10 05:00:58 metric 1 multirecv the forwarding table the forwarding table stores a subset of information from the routing table within the forwarding table you can find the details used by a device running the junos os to forward packets such as the learned destination prefixes and the outgoing interfaces associated with each destination prefix you use the show route forwarding-table cli command to view the forwarding table contents user@host show route forwarding-table routing table inet internet destination type rtref next hop default user 0 0:17:cb:4e:ae:81 default perm 0 0.0.0.0/32 perm 0 172.19.0.0/16 user 0 200.1.4.100 172.19.52.0/24 user 0 200.1.2.100 172.19.52.16/28 user 0 200.1.3.100 type index nhref netif ucst 520 3 ge-0/0/0.0 rjct 36 1 dscd 34 1 ucst 535 3 ge-0/0/3.0 ucst 529 3 ge-0/0/1.0 ucst 534 3 ge-0/0/2.0 note that the junos kernel adds some forwarding entries and considers them permanent in nature one such example is the default forwarding entry which matches all packets when no other matching entry exists when a packet matches this default forwarding entry the router discards the packet and it sends an internet control message protocol icmp destination unreachable message back to the sender if you configured a user-defined default route the router uses it instead of the permanent default forwarding entry the following list displays some common route types associated with forwarding entries · · dest remote addresses directly reachable through an interface intf installed as a result of configuring an interface chapter 1-6 · routing fundamentals © 2010 juniper networks inc all rights reserved.

[close]

p. 14

jncia-junos study guide part 2 · · · · · · · · · · · · perm routes installed by the kernel when the routing table initializes and user routes installed by the routing protocol process or as a result of the configuration bcst broadcast dscd discard silently without sending an icmp unreachable message hold next hop is waiting to be resolved into a unicast or multicast type locl the local address on an interface mcst wire multicast next hop limited to the lan mdsc multicast discard recv receive rjct discard and send an icmp unreachable message ucst unicast and ulst a list of unicast next hops used when you configure load balancing the following list displays some common next-hop types associated with forwarding entries determining the next hop when a packet enters a device running the junos os it compares that packet against the entries within the forwarding table to determine the proper next hop if the packet is destined to the local device the junos os processes the packet locally if the packet is destined to a remote device and a valid entry exists the device running the junos os forwards the packet out the next-hop interface associated with the forwarding table entry if multiple destination prefixes match the packet s destination the junos os uses the most specific entry also called longest match when forwarding the packet to its destination in situations where no matching entry exists the device running the junos os responds to the source device with a destination unreachable notification routing fundamentals · chapter 1-7 © 2010 juniper networks inc all rights reserved.

[close]

p. 15

jncia-junos study guide part 2 test your knowledge the graphic displays a sample forwarding table and tests your understanding of how next-hop interfaces are determined keep in mind that although multiple entries might match a destination the device uses the most specific longest match entry when determining a packet s next-hop interface the most specific forwarding entry matching packets destined to 172.19.52.101 is the 172.19.52.0/24 destination prefix the next hop associated with this destination prefix is ge-0/0/1.0 the most specific forwarding entry matching packets destined to 172.19.52.21 is the 172.19.52.16/28 destination prefix the next hop associated with this destination prefix is ge-0/0/2.0 the only forwarding entry matching packets destined to 172.25.100.27 is the user-defined default forwarding entry the next hop associated with the user-defined default forwarding entry is ge-0/0/0.0 overview of routing instances the junos os logically groups routing tables interfaces and routing protocol parameters to form unique routing instances the device logically keeps the routing information in one routing instance apart from all other routing instances the use of routing instances introduces great flexibility because a single device can effectively imitate multiple devices chapter 1-8 · routing fundamentals © 2010 juniper networks inc all rights reserved.

[close]