Scribd Logo
Upload

Welcome to Scribd!

  • 10 views

    JUNOS Basic Routing Hands-On: © 2017 NISSHO ELECTRONICS CORP. All Right Reserved

    Uploaded by

    Dina Ratna Atika

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    JUNOS Basic Routing Hands-On: © 2017 NISSHO ELECTRONICS CORP. All Right Reserved

    Uploaded by

    Dina Ratna Atika
    10 views11 pages

    Original Title

    Junos_Basic_Training0001

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    10 views11 pages

    JUNOS Basic Routing Hands-On: © 2017 NISSHO ELECTRONICS CORP. All Right Reserved

    Uploaded by

    Dina Ratna Atika

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 11

    JUNOS Basic Routing Hands-on

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    1
    Table of contents

     Step1 – Mgmt/System configuration


     Step2 – Interface configuration
     Step3 – Intra-AS Routing(OSPF)
     Step4 – Inter-AS Routing(eBGP/iBGP)
     Step5 – BGP policy (Local-preference)
     Step6 – Packet Filtering(Firewall Filter)

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    Topology
     How you access AS65078
     Console : Telnet to “10.9.144.252” (OSPF area 0)
    Ge-0/0/0 Ge-0/0/0
    - Port number = written below
    EX4200-7 EX4200-8

     Mgmt IP : written below Ge-0/0/1 Ge-0/0/1

    Ge-0/0/22 Ge-0/0/23 Ge-0/0/22 Ge-0/0/23

    Hostname Console Access Mgmt IP Loopback


    eBGP eBGP
    EX4200-1 10.9.144.252:7009 10.9.144.111 1.1.1.1
    Ge-0/0/22 Ge-0/0/23 Ge-0/0/22 Ge-0/0/23
    EX4200-2 10.9.144.252:7010 10.9.144.112 2.2.2.2

    EX4200-3 10.9.144.252:7011 10.9.144.113 3.3.3.3 EX4200-1 EX4200-5

    EX4200-4 10.9.144.252:7012 10.9.144.114 4.4.4.4


    Ge-0/0/0 Ge-0/0/1 Ge-0/0/0 Ge-0/0/1

    EX4200-5 10.9.144.252:7013 10.9.144.115 5.5.5.5


    AS65012 AS65056
    EX4200-6 10.9.144.252:7014 10.9.144.116 6.6.6.6 (OSPF area 0) (OSPF area 0)
    Ge-0/0/0 Ge-0/0/1 Ge-0/0/0 Ge-0/0/1
    EX4200-7 10.9.144.252:7015 10.9.144.117 7.7.7.7
    EX4200-2 EX4200-6
    EX4200-8 10.9.144.252:7016 10.9.144.118 8.8.8.8

    Ge-0/0/22 Ge-0/0/23 Ge-0/0/22 Ge-0/0/23

    eBGP eBGP

    Ge-0/0/22 Ge-0/0/23 Ge-0/0/22 Ge-0/0/23

    Ge-0/0/0 Ge-0/0/0

    EX4200-3 EX4200-4

    Ge-0/0/1 Ge-0/0/1

    AS65034
    (OSPF area 0)

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    3
    IP Address
    Ge-0/0/22 Ge-0/0/22 Ge-0/0/0 Ge-0/0/0 Ge-0/0/22 Ge-0/0/22

    .1 1.1.17.x .7 .7 1.1.78.x .8 .8 1.1.58.x .5


    EX4200-1 EX4200-7 EX4200-8 EX4200-5
    .1 2.2.17.x .7 .7 2.2.78.x .8 .8 2.2.58.x .5

    .1 .1 Ge-0/0/23 Ge-0/0/23 Ge-0/0/1 Ge-0/0/1 Ge-0/0/23 Ge-0/0/23 .5 .5

    Ge-0/0/0 Ge-0/0/1
    AS65078 Ge-0/0/0 Ge-0/0/1
    (OSPF area 0)

    1.1.12.x 2.2.12.x AS65012 Network Mask = [/24] AS65056 1.1.56.x 2.2.56.x


    (OSPF area 0) (OSPF area 0)

    Ge-0/0/0 Ge-0/0/1 AS65034 Ge-0/0/0 Ge-0/0/1


    (OSPF area 0)

    .2 .2 Ge-0/0/22 Ge-0/0/22 Ge-0/0/0 Ge-0/0/0 Ge-0/0/22 Ge-0/0/22 .6 .6

    .2 1.1.23.x .3 .3 1.1.34.x .4 .4 1.1.46.x .6


    EX4200-2 EX4200-3 EX4200-4 EX4200-6

    .2 2.2.23.x .3 .3 2.2.34.x .4 .4 2.2.46.x .6

    Ge-0/0/23 Ge-0/0/23 Ge-0/0/1 Ge-0/0/1 Ge-0/0/23 Ge-0/0/23

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    4
    Step1 – Mgmt/System configuration
     Access machines through Console Port, then configure by following instructions

     Factory-Default (in this operation, delete all configuration)


    -「delete」→「yes」

     Root Password : root123


    - 「set system root-authentication plain-text-password」enter -> insert Password

     Login User/Password : lab/lab123


    - 「set system login user {username} class super-user authentication plain-text-password」enter -> insert Password

     Hostname
    -「set system host-name EX4200-X」you can find [X] through previous topology

     Remote Login Service


    - 「set system services {service-name}」activate Telnet/SSH/FTP

     TIME
    - 「set system time-zone {select your time zone}」

     Syslog
    -「set system syslog file interactive-commands interactive-commands any」
    -「set system syslog file messages any info」
    -「set system syslog file messages match "!(license)"」
    -「set system syslog time-format millisecond」

     Management IP/Route
    - 「set interfaces me0 unit 0 family inet address 10.9.144.11X/24」you can find [X] through topology
    - 「set routing-options static route 0.0.0.0/0 next-hop 10.9.144.253」

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    Step2 – Interface configuration
     Access machines through SSH, then configure by following instructions
    【Example for EX4200-1】Please take a look at the topology for your IP settings
     Loopback IP
    -「 set interfaces lo0 unit 0 family inet address 1.1.1.1/32」

     Interfaces facing to same AS


    -「set interfaces ge-0/0/0 unit 0 family inet address 1.1.12.1/24」
    -「set interfaces ge-0/0/1 unit 0 family inet address 2.2.12.1/24」

     Interfaces facing to other AS


    -「set interfaces ge-0/0/22 unit 0 family inet address 1.1.17.1/24」
    -「set interfaces ge-0/0/23 unit 0 family inet address 2.2.17.1/24」

     Interfaces descriptions
    -「set interfaces lo0 description {as you wish}」
    -「set interfaces ge-0/0/xx description {as you wish}」

    Once you configured above, talk to your neighbor and verify state of the interfaces and reachability
    <Operation Mode>
    -「ping x.x.x.x」
    -「show arp」
    -「show interfaces ge-0/0/xx」「show interfaces lo0」

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    Step3 – Intra-AS Routing(OSPF)
     Configure OSPF

     Routing Protocol Router-id


    -「set routing-options router-id {Loopback IP Address}」

     OSPF Reference metricの設定


    -「set protocols ospf reference-bandwidth 1g」(100Gbps Interface Metric = 1, 10G Metric=10, 1G Metric=100)

     OSPF area 0.0.0.0 interface


    -「set protocols ospf area 0.0.0.0 interface lo0.0 passive」
    -「set protocols ospf area 0.0.0.0 interface ge-0/0/0.0」
    -「set protocols ospf area 0.0.0.0 interface ge-0/0/1.0」

     Enable load-balance
    -「set policy-options policy-statement LB then load-balance per-packet」load-balance policy (Per-flow based)
    -「set routing-options forwarding-table export LB」apply load-balance policy to Forwarding Table rule

    Once you configured above, talk to your neighbor and verify state of OSPF
    <Operation Mode>
    -「show ospf overview」
    -「show ospf interface」
    -「show ospf neighbor」
    -「show route protocol ospf {extensive}」Routing-table information (= Best-Path) obtained through OSPF

    interface cost = ref-bandwidth/bandwidth


    reference-bandwidth—Reference bandwidth, in bits per second.
    Range: 9600 through 1,000,000,000,000 bits
    Default: 100 Mbps (100,000,000 bits)

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    Step4 – Inter-AS Routing(eBGP)
     Configure eBGP

     Local AS Number
    -「set routing-options autonomous-system {Local AS number}」

     BGP Group
    -「set protocols bgp group eBGP type external」declare External ※internal=IBGP, external=EBGP
    -「set protocols bgp group eBGP authentication-key juniper」key needs to be same with neighbor
    -「set protocols bgp group eBGP peer-as {AS Number}」
    -「set protocols bgp group eBGP neighbor {IP Address of opposite machines}」please set each ip addresses for two interfaces

    Once you configured above, talk to your neighbor and verify state of BGP
    <Operation Mode>
    -「show bgp summary」BGP Neighbor’s list, number of routes learned from each peer
    -「show bgp neighbor {Peer IP Address}」

     Route Policy
    -「set policy-options policy-statement BGP-Export term 1 from route-filter 0.0.0.0/0 prefix-length-range /32-/32 accept」
    only Loopback IP Address (Network-mask 32bit) match
    -「set policy-options policy-statement BGP-Export term 1 then accept」
     Apply Route Policy to BGP
    -「set protocols bgp group eBGP export BGP-Export」
     Enable multipath
    -「set protocols bgp group eBGP multipath」

    Once you configured above, talk to your neighbor and verify state of BGP learned routes
    <Operation Mode>
    -「show route advertising-protocol bgp {Peer IP}」advertised from your router
    -「show route receive-protocol bgp {Peer IP}」received from your peering router
    -「show route protocol bgp」check BGP learned routes

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    8
    Step4 – Inter-AS Routing(iBGP)
     Configure iBGP

     iBGP
    -「set protocols bgp group iBGP type internal」 declare Internal ※internal=IBGP, external=EBGP
    -「set protocols bgp group iBGP local-address {Loopback IP Address}」
    -「set protocols bgp group iBGP neighbor {Loopback IP Address of opposite machine within same AS}」

    Once you configured above, talk to your neighbor and verify state of BGP
    <Operation Mode>
    -「show bgp summary」
    -「show bgp neighbor {Peer IP Address}」
    -「show route receive-protocol bgp {Peer IP}」

     Configure “next-hop self” when you advertise eBGP learned routes to iBGP peers
    -「set policy-options policy-statement NH term 1 from protocol bgp」
    -「set policy-options policy-statement NH term 1 then next-hop self」
    -「set protocols bgp group iBGP export NH」apply export policy to group “iBGP”

    Once you configured above, talk to your neighbor and verify state of BGP learned routes
    <Operation Mode>
    -「show bgp summary」
    -「show bgp neighbor {Peer IP Address}」
    -「show route receive-protocol bgp {Peer IP}」

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    9
    Step5 – BGP policy (Local-preference)
     Use Local-preference option to control routes destined to external AS

    check routing table and forwarding table


    <Operation Mode>
    - 「show route x.x.x.x/32」
    - 「show route forwarding-table destination x.x.x.x/32」

     Create Local-preference Route Policy and apply


    - 「set policy-options policy-statement LP150 term 1 from protocol bgp」
    - 「set policy-options policy-statement LP150 term 1 from route-filter x.x.x.x/32 exact」select destination that you want to control
    - 「set policy-options policy-statement LP150 term 1 then local-preference 150」change local preference value (default 100)
    - 「set protocols bgp group eBGP neighbor {Peer IP} import LP150」apply to import policy of the peer which you want to select as next-hop

    check routing table and forwarding table


    <Operation Mode> Hostname x.x.x.x

    - 「show route x.x.x.x/32」check only one route is selected EX4200-1 5.5.5.5


    - 「show route x.x.x.x/32 inactive-path」check inactive route because of Local-preference change
    EX4200-2 6.6.6.6
    - 「show route forwarding-table destination x.x.x.x/32」
    EX4200-3 7.7.7.7

    EX4200-4 8.8.8.8

    EX4200-5 1.1.1.1

    EX4200-6 2.2.2.2

    EX4200-7 3.3.3.3

    EX4200-8 4.4.4.4

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    10
    Step6 – Packet Filtering(Firewall Filter)
     Use Firewall Filter, block traffic from specific IP/Port

    Try Telnet/SSH access to neighbor machine


    <Operation Mode>
    - 「telnet {neighbor Loopback IP} source {own loopback IP}」
    - 「show system user」check who login to own machine

     Create Firewall Filter


    - 「set firewall family inet filter TEST-Filter interface-specific」required for using same filter rule to different interfaces
    - 「set firewall family inet filter TEST-Filter term 1 from source-address x.x.x.x/32」
    - 「set firewall family inet filter TEST-Filter term 1 from destination-port ssh」
    - 「set firewall family inet filter TEST-Filter term 1 from destination-port telnet」
    - 「set firewall family inet filter TEST-Filter term 1 then reject」
    - 「set firewall family inet filter TEST-Filter term 1 then count FW-Count」collect bytes and packets matched to filter
    - 「set firewall family inet filter TEST-Filter term 1 then syslog」record filtered packets as syslog messages
    - 「set firewall family inet filter TEST-Filter term 2 then accept」prevent “implicit deny all”

     Apply filter to interfaces


    - 「set interfaces ge-0/0/0 unit 0 family inet filter input TEST-Filter」
    - 「set interfaces ge-0/0/1 unit 0 family inet filter input TEST-Filter」

    Once you configured above, talk to your neighbor and try telnet/ssh access to neighbor machine
    <Operation Mode>
    - 「telnet {neighbor Loopback IP} source {own loopback IP}」
    - 「show firewall」filter counters
    - 「show log messages | match FW_SYSLOG」check syslog messages including filtered packets

    © 2017 NISSHO ELECTRONICS CORP. All right reserved.


    11

    You might also like