Junos Enterprise Routing, 2nd Edition

Junos Enterprise Routing, 2nd Edition

by Peter Southwick, Doug Marschke, Harry Reynolds
Released June 2011
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781449398637

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

Considered the go-to study guide for Juniper Networks enterprise routing certification exams, this book offers you unparalleled coverage of all the services available to Junos administrators—including the most recent set of flow-based security services and design guidelines that incorporate services and features of the MX, SRX, and EX network devices.

Its emphasis on practical solutions also makes this book an ideal on-the-job reference for design, maintenance, and troubleshooting issues in the enterprise. Simply put, this updated edition is the most comprehensive and authoritative resource for Juniper enterprise and edge routing environments you will find. Topics include:

  • Design guidelines for the entire Juniper enterprise router lineup (M-series, MX Mid-Range series, and SRX)
  • Junos interfaces, with advanced troubleshooting techniques
  • The IGP and BGP routing protocols and the implementation of routing policies
  • Security concepts, and the tools to deploy them
  • Layer 2 services, IP Class of Service, and IP Multicast with working case studies of each
  • Coverage of flow-based Junos security services

Publisher resources

View/Submit Errata

Table of contents

  1. Junos Enterprise Routing
  2. About the Authors
    1. About the Technical Reviewers, Second Edition
    2. About the Lead Technical Reviewers, First Edition
  3. Preface
    1. What Is Enterprise Routing?
    2. Juniper Networks Technical Certification Program (JNTCP)
    3. How to Use This Book
    4. What’s in This Book?
      1. Topology of This Book
    5. Conventions Used in This Book
    6. Using Code Examples
    7. Safari® Books Online
    8. How to Contact Us
    9. Acknowledgments
      1. From the First Edition
        1. From Doug Marschke
        2. From Harry Reynolds
      2. For the Second Edition
        1. From Doug Marschke and Harry Reynolds
        2. From Peter Southwick
  4. 1. Junos in the Enterprise Network
    1. Introduction to Junos Enterprise Routing
      1. Junos Overview
      2. Junos Releases
      3. CLI Review
        1. General CLI features
      4. Routing Features
        1. Routing modifiers
      5. Switching Features
      6. Security Features
    2. Routing Platforms
      1. Speeds and Feeds
      2. MX Series 3D Universal Edge Routers
    3. Switching Platforms
    4. SRX Series Services Gateways
    5. Conclusion
    6. Exam Topics
    7. Chapter Review Questions
    8. Chapter Review Answers
  5. 2. Enterprise Design
    1. Design Guidelines
      1. Technological Goals of Network Design
      2. Legacy Network Design
      3. The New Network
    2. Dual Star Internet Access
      1. Existing Internet Access Design
      2. Design Goals and Constraints
      3. Solution: Dual Internet Access Design
    3. Data Center and Disaster Recovery (DR) Architecture
      1. Multitier Data Center Design
      2. Goals and Constraints
      3. Solution: Data Center Design
    4. Campus Architecture
      1. Legacy Campus Backbone
      2. Goals and Constraints
      3. Solution: Campus Network
    5. Conclusion: Design Best Practices
  6. 3. Juniper Switching and Routing Platforms
    1. Enterprise Network Roles
      1. Screening Router
      2. Security Gateway
      3. Internet Border Router
        1. Single link
        2. Dual links, single router
        3. Dual links, dual routers
        4. Internet border router device options
      4. Core Routers
        1. Core router device options
      5. Access Router
        1. Access router options
      6. Multiservices Gateway
      7. Device Limitations
        1. M-series
        2. J-series
        3. MX edge routers
        4. EX switches
        5. SRX Services Gateway
    2. L2 and L3 Deployments
      1. Link Aggregation Groups
      2. VPLS Implementation
      3. Miscellaneous Protocols
        1. Spanning tree protocol
        2. Fibre channel
        3. Bidirectional forwarding detection
    3. All-in-One Versus Components
    4. Chapter Review Questions
    5. Chapter Review Answers
  7. 4. Interfaces
    1. Permanent Interfaces
    2. Transient Interfaces
      1. Interface Naming
        1. Media type
        2. Chassis slot number
        3. PIC slot number
        4. Port number
        5. Logical unit and channel numbers
    3. Interface Properties
      1. Physical Properties
      2. Logical Properties
    4. Interface Configuration Examples
      1. Gigabit Ethernet Interface
      2. Gigabit Ethernet with VLAN Tagging
      3. T1 Interface with Cisco HDLC Encapsulation
      4. Serial Interface with PPP
      5. Serial Interface with Frame Relay
      6. ADSL Using PPPoE over ATM
      7. MLPPP
      8. Aggregated Ethernet
      9. GRE
      10. VRRP
    5. Interface Troubleshooting
      1. Address Configuration Issues
      2. Encapsulation Mismatches
      3. Path MTU Issues
      4. Looped Interfaces
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  8. 5. Protocol Independent Properties and Routing Policy
    1. Protocol Independent Properties
      1. Static, Aggregate, and Generated Routes
        1. Next hop types
          1. Forwarding next hop qualifiers
        2. Static versus aggregate routes
          1. Aggregates need contributing routes
        3. Aggregate versus generated routes
        4. Route attributes and flags
      2. Global Route Preference
        1. Floating static routes
      3. Martian Routes
      4. Routing Tables and RIB Groups
        1. Default route tables
        2. User-defined RIBs and RIB groups
      5. Router ID and Antonymous System Number
        1. Router ID
        2. Autonomous system number
      6. Summary of Protocol-Independent Properties
    2. Routing Policy
      1. What Is a Routing Policy, and When Do I Need One?
      2. Where and How Is Policy Applied?
        1. Applying policy to link state routing protocols
        2. Applying policy to BGP and RIP
      3. Policy Components
        1. Logical OR and AND functions within terms
      4. Policy Match Criteria and Actions
        1. Policy match criteria
        2. Policy actions
      5. Route Filters
        1. Binary trees
        2. Route filters and match types
          1. Longest match wins, but may not…
      6. Default Policies
        1. OSPF (and IS-IS) default policy
        2. RIP default policy
        3. BGP default policy
      7. Advanced Policy Concepts
        1. Testing policy results
        2. Community and AS path regex matching
        3. Policy subroutines (nesting)
        4. Boolean grouping
      8. Summary of Routing Policy
    3. Conclusion
    4. Exam Topics
    5. Chapter Review Questions
    6. Chapter Review Answers
  9. 6. Interior Gateway Protocols and Migration Strategies
    1. IGP Overview
      1. Routing Information Protocol
        1. Stability and performance tweaks
        2. RIP and RIPv2
      2. Open Shortest Path First
        1. Neighbors and adjacencies
          1. The designated router
        2. OSPF router types
        3. Areas and LSAs
          1. OSPF area types
          2. Primary LSA types
        4. OSPF stability and performance tweaks
      3. Enhanced Interior Gateway Routing Protocol
        1. EIGRP metrics
        2. EIGRP: A grand past and a dubious future
      4. IGP Summary
    2. RIP Deployment Scenario
      1. Existing RIP Configuration
      2. Baseline Operation
      3. Summary of RIP Requirements
      4. Enter Juniper Networks
        1. Configure static routes
        2. Configure RIP
          1. Ale’s RIP configuration
      5. Confirm RIP Operation: Ale and Lager
      6. Confirm RIP: Juniper Networks to Cisco Systems Integration
        1. Confirm route exchange
        2. Confirm forwarding path
          1. RIP troubleshooting scenario
      7. The Problem
      8. RIP Deployment Summary
    3. IGP Migration
      1. IGP Migration: Common Techniques and Concerns
      2. IGP Migration Models
      3. The Overlay Model
      4. The Redistribution Model
      5. The Integration Model
      6. IGP Migration Summary
    4. Overlay Migration Scenario: RIP to OSPF
      1. RIP-to-OSPF Migration: Cutover to OSPF
      2. Before You Go, Can You Set Up Area 1 Real Quick?
        1. A final task: Aggregate network summaries into the backbone
      3. RIP Migration with the Overlay Model Summary
    5. EIGRP-to-OSPF Migration
      1. Mutual Route Redistribution
        1. The Junos OSPF configuration
        2. The IOS configuration
          1. What about route preferences?
      2. Confirm EIGRP/OSPF Mutual Route Redistribution
        1. Troubleshoot a preference issue
      3. EIGRP-to-OSPF Migration Summary
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  10. 7. Border Gateway Protocol and Enterprise Routing Policy
    1. What Is BGP?
      1. Inter-AS Routing
      2. BGP Route Attributes
      3. BGP Path Selection
    2. Internal and External BGP
      1. Scaling IBGP with Route Reflection
        1. Route reflection and redundancy
        2. Scaling IBGP: Confederations
    3. BGP and the Enterprise
      1. When Should an Enterprise Run BGP?
        1. A word about AS numbers
      2. ASN Portability
        1. Dual-homed: Single versus multiple providers
    4. Asymmetric Link Speed Support
      1. Which Routers Should Run IBGP?
      2. No Transit Services
      3. The Impact of Accepting Specifics Versus a Default from Your Provider
      4. Summary of Enterprise BGP Requirements
    5. BGP Deployment: Asymmetric Load Balancing
      1. Validate Baseline Operation
      2. Configure Generated Route
      3. Configure Initial BGP Peering
      4. Configure Initial BGP Policy
      5. Use BGP for Asymmetric Load Balancing
      6. Initial BGP Peering Summary
    6. Enterprise Routing Policy
      1. Inbound and Outbound Routing Policies
      2. Common Policy Design Criteria
        1. A word on outbound/inbound versus export/import policy
        2. Know your ISP’s policy
      3. Enterprise Policy Summary
    7. Multihome Beer-Co
      1. Implement Beer-Co’s Outbound Policy
      2. EBGP Peering to AS 420
      3. Export Beer-Co Aggregate to Borgnet
        1. Monitor system load
      4. IBGP Peering Within AS 1282
        1. Troubleshoot an IBGP peering problem
        2. Configure route reflection
        3. Troubleshoot BGP next hop reachability
      5. Confirm Outbound Policy Operation
      6. Dual-Homing and Outbound Policy Summary
    8. Inbound Policy
      1. AS Path Prepend to Influence Nonadjacent AS Path Selection
      2. Use Communities to Influence Peer AS
      3. BGP Inbound Policy Summary
    9. Conclusion
    10. Exam Topics
    11. Chapter Review Questions
    12. Chapter Review Answers
  11. 8. Access Security
    1. Security Concepts
      1. Summary of Security Concepts
    2. Securing Access to the Router
      1. User Authentication
      2. Remote Access
      3. Summary of Access Security
    3. Firewall Filters
      1. Filter Processing
      2. Filter Match Conditions
        1. Can your mother read this?
      3. Filter Actions
      4. Applying a Filter
      5. Case Study: Transit Filters
      6. Case Study: Loopback Filters
      7. Policers
        1. Burst-size limit mystery
        2. Policer actions
        3. Configuring and applying policers
        4. Policer example
      8. Summary of Firewall Filters and Policers
    4. Spoof Prevention (uRPF)
      1. Summary of Spoof Prevention
    5. Monitoring the Router
      1. Syslog
        1. Case study: Syslog
      2. SNMP
      3. NTP
      4. Is NTP Really Working?
      5. Summary of Router Monitoring
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  12. 9. Junos Layer 2 Services
    1. Junos Services
    2. Layer 2 Services
      1. Multilink PPP
        1. Multiclass MLPPP
      2. CRTP
      3. Multilink Frame Relay
      4. GRE
      5. Ethernet Aggregation
      6. Switching Services
    3. Additional Service Options
      1. Layer 2 Tunneling Protocol (L2TP)
      2. Real-Time Performance Monitoring (RPM)
      3. Data Link Switching (DLSw)
      4. Flow Monitoring
      5. Tunnel Services
    4. Conclusion
    5. Exam Topics
    6. Chapter Review Questions
    7. Chapter Review Answers
  13. 10. Class of Service
    1. What Is IP CoS, and Why Do I Need It?
      1. Why IP Networks Need CoS
        1. Circuit-switching inefficiencies
      2. CoS Terms and Concepts
        1. Network QoS parameters
        2. Classification
          1. Loss priority
        3. Packet marking/rewriting
        4. Forwarding classes, queues, and schedulers
          1. Schedulers
        5. Congestion management
          1. Weighted RED
        6. Policing and shaping
          1. Isolation is needed to preserve CoS
          2. Policing versus shaping
        7. Summary of CoS processing steps
      3. IP CoS Summary
    2. IP Differentiated Services
      1. IP ToS
      2. Enter IP Integrated Services
      3. IP Differentiated Services
      4. DiffServ Terminology
        1. DiffServ PHBs
          1. Recommended/default DHCPs
      5. DiffServ Summary
    3. CoS Capabilities
      1. Input Processing
        1. BA classification capabilities
        2. Multifield classification
        3. Policing
        4. CoS policy
      2. Output Processing
        1. Egress policing
        2. Rewrite marking
        3. Scheduling and queuing
          1. Scheduling discipline
          2. Scheduler configuration
      3. Delay Buffer Size
      4. Scheduler Maps
        1. A word on per-unit scheduling
        2. Congestion control
        3. Configure WRED drop profiles
      5. Differences Between Junos CoS
        1. Per-unit scheduling
        2. Weight- versus priority-based scheduling
          1. The weight-based scheduler
          2. The priority-based scheduler
        3. Virtual channels
          1. Adaptive shaping
      6. Junos Software CoS Defaults
        1. Four forwarding classes, but only two queues
        2. BA and rewrite marker templates
      7. CoS Summary
    4. DiffServ CoS Deployment and Verification
      1. Why Not Test CoS with Control-Plane-Generated Traffic?
        1. Cannot control classification of locally generated traffic
        2. Enter resource performance monitoring
      2. Configure DiffServ-Based CoS
        1. Multifield classification and policing (task 1)
        2. BA classification and rewriting (task 2)
        3. CoS shaping (task 3)
        4. Scheduler definition and application (task 4)
          1. Weight-based scheduler definition
          2. Priority-based scheduler definition
      3. An Alternative Priority-Based Scheduler Approach
      4. Define RED Profiles
        1. Scheduler application
        2. Activate multifield classification
        3. The complete configuration
      5. Verify DiffServ-Based CoS
        1. Confirm general CoS configuration
        2. Confirm classification and queuing
          1. Multifield classification
          2. BA classification
        3. Confirm that all this CoS stuff actually does something
        4. No CoS benchmark
        5. The CoS benchmark
      6. DiffServ Deployment Summary
    5. Adaptive Shapers and Virtual Channels
      1. Configure Adaptive Shaping
      2. Virtual Channels
        1. Configure virtual channels
      3. Adaptive Shaping and Virtual Channel Summary
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  14. 11. IP Multicast in the Enterprise
    1. What Is Multicast?
      1. Multicast Applications
        1. Locating content
      2. Multicast Terminology and Concepts
        1. Routing turned upside down
        2. Multicast terms
        3. Additional multicast building blocks
          1. Multicast addressing
      3. Mapping IP Multicast to Link Layer Multicast
        1. Multicast addressing and administrative scoping
        2. Interface lists
        3. Reverse path forwarding
        4. Distribution trees
          1. Shortest-path tree (SPT)
          2. Shared trees and RPs
          3. Switching from a shared tree to an SPT
      4. Multicast Terminology Summary
    2. Multicast Protocols
      1. Group Management Protocols
        1. IGMPv3
      2. PIM
        1. PIM versions
        2. PIM components
          1. RP discovery
        3. PIM modes
          1. Dense mode
          2. Sparse mode
          3. Source-specific multicast
        4. PIM messages
        5. The designated router
          1. PIM assert
      3. Multicast Protocol Summary
    3. PIM Sparse Mode: Static RP
      1. Validate the Baseline IGP Forwarding Path
      2. Configure PIM Sparse Mode with Static RP
        1. Configure PIM on the RP
        2. Configure PIM on remaining routers
        3. Verify RPF
        4. Configure the simulated receiver
      3. A Word on Multicast Client Options
        1. Static IGMP membership
        2. Create a listening multicast process
        3. Generate multicast traffic
      4. PIM Sparse Mode with Static RP Summary
    4. Configure PIM Sparse Mode with Bootstrap RP
      1. Troubleshoot a Bootstrap Problem
        1. Extra points for creativity?
      2. PIM Sparse Mode with Bootstrap RP Summary
    5. PIM-Based Anycast-RP
      1. Configure Anycast-RP
        1. Configure static RP on non-RP routers
        2. Configure the Anycast-RPs
        3. Verify the Anycast-RPs
        4. What about MSDP?
      2. PIM Sparse Mode with Anycast-RP Summary
    6. Conclusion
    7. Exam Topics
    8. Chapter Review Questions
    9. Chapter Review Answers
  15. 12. Junos Security Services
    1. Junos Software and Security
      1. Do I Need a Router or a Security Device?
        1. Best-of-breed routing and security services
      2. Security-Based Enterprise Scenario
      3. Packet- Versus Flow-Based Processing
      4. Architecture Changes
        1. Adding flow-based forwarding
          1. Flows and sessions
        2. Junos security packet walk
      5. Junos Security Summary
      6. Understanding Junos Operational Modes
        1. Switching between secure and router contexts
        2. Default configurations
        3. Operational modes summary
      7. Security Features
        1. Branch Office and Data Center SRXs
        2. Common feature set
        3. Security policies
        4. Policy creation
          1. Rule 1: All employees are allowed to access the Internet for all purposes
          2. Rule 2: All Internet users are allowed to access the Beer-Co web server
          3. Rule 3: All Internet DNS servers are allowed to access the Beer-Co DNS server
          4. Rule 4: All Internet email servers are allowed to access the Beer-Co email server
          5. Rule 5: All employees are allowed to access the servers on the DMZ
          6. Rule 6: The DNS and email servers are allowed to access the Internet for their respective services
          7. Rule 7: All employees are allowed to transit the firewall to another employee
        5. Testing policies
        6. Security traffic logs
        7. Security policy summary
      8. Network Address Translation
        1. Static NAT
        2. Source NAT
        3. Destination NAT
        4. NAT summary
      9. Virtual Private Networks
        1. Virtual private networks summary
      10. Attack Detection and Prevention
        1. Configuring screens
        2. Attack detection and prevention summary
      11. Clustering
        1. Clustering components
        2. Clustering configuration
        3. Verifying clustering
        4. Clustering summary
    2. Conclusion
    3. Exam Topics
    4. Chapter Review Questions
    5. Chapter Review Answers
  16. A. Junos Layer 3 Services
    1. Layer 3 Services
      1. Stateful Firewall
        1. Application Layer Gateways
      2. Network Address Translation
      3. Intrusion Detection Services
      4. IPSec VPN
      5. Layer 3 Services Summary
    2. Layer 3 Services Configuration
      1. Logging and Tracing
      2. Layer 3 Services Configuration Summary
    3. IPSec VPNs
      1. Example IPSec Tunnel Configuration
        1. Interface-style service set
        2. Next hop–style service set
      2. IPSec over GRE
      3. Summary of IPSec VPNs
    4. NAT
      1. Source NAT with No PAT
      2. Source NAT with PAT
      3. Destination NAT
        1. NAT and the stateful firewall
      4. Twice NAT
      5. Summary of NAT
    5. IDS
    6. Combining Services
      1. Stateful Firewall, NAT, and IPSec over GRE Together
    7. The Life of a Packet
      1. Considerations Regarding Order of Operations
    8. Conclusion
    9. Exam Topics
    10. Appendix Review Questions
    11. Appendix Review Answers
  17. B. Upgrading Junos
    1. Migrating to a Newer Version of Junos
      1. Free Up Space
        1. Confirm that you have enough compact flash space
      2. Install the Junos Upgrade
        1. Using a USB drive to load a new image
        2. Upgrading from a USB drive when the compact flash is not large enough
        3. Loading an SRX from a USB drive
      3. Upgrade Summary
  18. Index
  19. About the Authors
  20. Colophon
  21. Copyright

Product information

  • Title: Junos Enterprise Routing, 2nd Edition
  • Author(s): Peter Southwick, Doug Marschke, Harry Reynolds
  • Release date: June 2011
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781449398637