Scribd Logo
Upload

Welcome to Scribd!

  • Sby Juniper PDF

    Uploaded by

    john fallon
    24 views59 pages
    Sby Juniper PDF

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Sby Juniper PDF

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    24 views59 pages

    Sby Juniper PDF

    Uploaded by

    john fallon
    Sby Juniper PDF

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 59

    IPV6 on JUNOS Platform

    Mochammad Irzan, irzan@juniper.net


    Presented at IPV6 Workshop, Surabaya 28 April 2010

    1 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Agenda

    Introduction
    Juniper Network Products
    JUNOS
    Command Line Interface
    IPv6 Configuration
    Addressing
    Routing Protocol (OSPF, ISIS, BGP)
    IPv6 Tunneling via IPv4 using GRE tunnel
    IPv6 via MPLS
    NAT between IPV6 and IPV4 
    2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
    Introduction

    JUNIPER Networks
    www.juniper.net

    3 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    LEarning material

    http://www.juniper.net/en/us/training/
    http://www.juniper.net/us/en/training/certification/books.html
    http://www.juniper.net/us/en/training/technical_education/
    http://www.juniper.net/techpubs

    4 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Juniper Networks product portfolio

    Security Switches Routers

    E Series

    T Series J Series
    SRX Series

    SRC SBR
    Series Series
    EX Series
    SA Series & UAC M Series MX Series

    5 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    PRoduct

    Routing
    T-Series, JCS1200, M-Series, MX-Series, E-Series, J-Series, BX-Series, CTP-Series

    Switching
    EX-Series

    Security
    IDP Series, ISG Series, Netscreen Series, SA Series, SRX Series, SSG Series, Unified Access
    Control

    Identity and Policy Management


    C-Series/SRC, SBR-Series (AAA Server), Odyssey, Access Client

    Application Acceleration
    WX-series, WXC-Series, ISM200

    Network Management
    NSM, STRM, Junoscope, J-Web, CTPView, WX Central Management system, Junos SPACE
    6 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
    Network operating system

    JUNOS
    JUNOSe
    ScreenOS
    WXOS
    CTOS

    7 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Junos the power of one

    One OS

    T Series EX8200 Line

    MX Series NSM

    NSM
    One Release SRX5800 Express
    EX8200 Line

    SRX5600

    9.2 9.3 9.4 M Series


    SRX3000 Line EX4200 Line
    3Q08 4Q08 1Q09 J Series EX3200 Line

    SECURIT ROUTERS SWITCHE


    One Architecture Y S
    API

    Module
    X

    8 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    JUNOS Platform

    Platform High Medium Low


    Routing T-Series (T1600, T320, M320, M120, M10i, M7i, J6350,
    T640), MX960 M40e, MX480, J4350, J2320,
    MX240 J2350, MX80
    Switching EX8216, EX8208 EX4200 EX3200, EX2200
    Security SRX5800, SRX3600, SRX240, SRX210,
    SRX5600 SRX3400, SRX650 SRX100

    WAN Accelerator ISM200 (integrated


    with J-Series)

    9 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Hardware architecture

    e
    ns

    lia le nc
    o Modular
    ti

    Re Sc ma
    Service a applications;

    y
    lic

    lit
    rfo
    a
    p

    bi
    Plane Ap
    dedicated engines

    Pe

    e
    lia ale nc
    Re Sc ma
    Control Carrier-class

    y
    r

    lit
    rfo
    operating system

    bi
    Plane

    Pe

    e
    lia ale nc
    High-performance
    Forwardin Re Sc ma custom
    y
    r

    lit
    rfo

    g Plane bi silicon
    Pe

    10 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    hardware architecture (...)

    Routing Engine

    RE : Routing Engine
    PFE : Packet Forwarding Engine
    SC : Service Card
    IOC : Input/Output Card

    PFE

    IOC IOC SC

    11 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    JUNOS configuration

    CLI (Command Line Interface)


    Console (Serial port)
    Remote Access (Telnet/SSH)
    WEB Interface
    JWeb
    NETCONF
    JUNOScript

    12 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    JUNOS CLI

    13 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    JUNOS CLI (...)

    JUNOS CLI
    Operational Mode
    Configuration Mode

    14 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    JUNOS CLI (...)

    15 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Changing junos configuration

    Configuration mode
    displaying configuration
    use set command
    JUNOS configuration
    Candidate configuration
    running configuration
    Commit and Rollback

    16 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    JUNOS configuration

    17 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    JUNOS Configuration

    18 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    JUNOS Configuration

    19 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    JUNOS configuration

    By default up to 50 configuration is stored on the system


    use rollback command to reverse the configuration to previous
    version

    20 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    IPV6 deployment

    Dual stack
    IPv6 Tunneling
    GRE Tunneling
    IP-IP Tunneling
    MPLS
    NAT (Network Address Translation) 
    IPv6  IPv4

    21 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    configuring JUNOS for ip/ipv6 routing

    Interface configuration
    physical configuration
    logical configuration
    ● IPv4/IPv6 address configuration
    Routing configuration
    routing protocol configuration
    ● Static Route
    ● Dynamic route
    – ISIS
    – OSPF/OSPFv3
    – BGP

    22 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Routing table on junos

    inet.0
    Default IP version 4 (IPv4) unicast routing table

    inet6.0

    Default IP version 6 (IPv6) unicast routing table

    instance-name.inet.0

    Unicast routing table for a particular routing instance

    instance-name.inet.6

    Unicast routing table for a particular routing instance

    inet.1

    Multicast forwarding cache

    23 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Routing table on junos

    inet.2
    Unicast routes used for multicast reverse path forwarding (RPF) lookup

    inet.3

    MPLS routing table for path information

    mpls.0

    MPLS routing table for label-switched path (LSP) next hops

    24 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    network topology

    Loopback : 2001:aaaa:0:FFFF::2/128
    192.168.255.2
    LAN : 2001:aaaa:0:102::1/64
    192.168.2.1/24

    PC1
    2001:aaaa:0:1::/6
    4
    192.168.100.0/30

    R1 R2
    Web
    192.168.2.5
    2001:aaaa:0:102::5

    Loopback : 2001:aaaa:0:FFFF::1/128
    192.168.255.1
    LAN : 2001:aaaa:0:101::1/64
    192.168.1.1/24

    25 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Interface configuration

    26 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Router advertisement

    27 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    STatic routing

    28 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    OSPF configuration

    IPv6 requires OSPFv3


    OSPFv3
    support multi area OSPF
    support authentication

    29 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    OSPF Configuration

    30 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    OSPF Configuration

    31 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Verifying OSPF configuration

    show ospf3 overview


    show ospf3 neigbour
    show ospf3 database
    show ospf3 route
    show ospf3 interface
    show route table inet6.0
    show route table inet6.0 protocol ospf3

    32 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    ISIS configuration

    Requires ISO protocol enabled on the interface


    Requires ISO NET address
    one address per Intermediate System (IS)
    Support IPv4 and IPv6
    Support multi area

    33 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    ISO NET address

    up to 20 bytes
    consist of
    Area number
    ● 1 byte : AFI (Authority and Format identifier)
    ● 0 – 12 bytes : domain (area) ID
    System identifier
    ● 6 bytes
    n-selecter
    1 bytes
    49.0001.0001.dead.beef.00

    34 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Interface configuration

    35 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    ISIS protocol configuration

    36 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Network topology

    AS1000
    Loopback : 2001:aaaa:0:FFFF::2/128
    192.168.101.2
    2001:aaaa:0:1::/6 R2
    4
    192.168.11.0/30

    R1 2001:aabb:0:1::/6
    4
    Loopback : 2001:aaaa:0:FFFF::1/128 192.168.12.0/30
    192.168.101.1
    LAN : 2001:aaaa:0:101::1/64 AS2000
    192.168.102.1/30
    PREFIX :
    2001:aaaa::/32
    2001:aaaa:1000:/48 EX
    192.168.101.0/24 T
    192.168.102.0/24 Loopback : 2001:BBBB:0:FFFF::1/128
    192.168.201.1
    LAN : 2001:BBBB:0:101::1/64
    192.168.202.1/30
    PREFIX :
    2001:BBBB::/32
    2001:BBBB:1000:/48
    192.168.201.0/24
    192.168.202.0/24

    37 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    BGP Configuration

    BGP PEER
    External BGP
    Internal BGP
    Routing Policy
    Advertising prefixes
    Receiving prefixes
    modifying BGP attribute

    38 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    BGP Configuration (...)

    39 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    BGP configuration (…)

    40 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    BGP configuration (...)

    41 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Connecting IPV6 via IPV4 using Tunnel

    IPv6 network is connected using GRE tunnel/IPIP tunnel via IPv4


    network
    Routing protocol is enabled on the Tunnel Interface
    Tunnel is established via IPv4 network
    Tunnel Interface requires Tunnel PIC on Juniper platform

    42 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Network topology

    Tunnel :
    Loopback : 2001:aaaa:0:FFFF::2/128 2001:aabb:0:1::/64

    R2
    2001:aaaa:0:1::/6 C1
    4
    192.168.1.0/24
    R1
    R3
    Loopback : 2001:aaaa:0:FFFF::1/128
    LAN : 2001:aaaa:0:101::1/64
    Loopback : 2001:BBBB:0:FFFF::3/128

    2001:bbbb:0:1::/
    64

    R4

    Loopback : 2001:BBBB:0:FFFF::4/128
    LAN : 2001:BBBB:0:101::1/64

    43 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Tunnel configuration

    44 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    isis configuration that include tunnel interface

    45 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Connectiong IPv6 islands via MPLS

    MPLS network allow L3 or L2 networks connected via MPLS


    using L3VPN or L2VPN/VPLS
    IPv6 networks can be connected via MPLS using :
    6PE (RFC4798, Connecting IPv6 Islands over IPv4 MPLS
    Using IPv6 Provider Edge Routers)
    6VPE (RFC4659, BGP-MPLS IP Virtual Private Network
    (VPN) Extension for IPv6 VPN )
    PE routers must support dual stack (IPv4 and IPv6)

    46 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    Network topology

    PE
    1
    IPV6 MPLS

    CE1
    B
    PE
    2

    CE2
    B

    IPV6

    47 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    IPv6 PE

    R
    P1 R
    PE
    1
    IPV6 MPLS

    CE1
    B
    PE
    2

    CE-PE Routing CE2


    Protocol B

    BGP with IPv6


    with label IPV6

    MPLS
    forwarding

    IPv6
    forwarding

    48 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    IPV6 PE (…)

    49 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    IPV6 PE (…)

    50 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    IPv6 via L3VPN

    R
    P1 R
    PE
    1
    IPV6 MPLS

    CE1
    B
    PE
    2

    CE-PE Routing CE2


    Protocol B

    BGP with IPv6 VPN


    with label IPV6

    MPLS
    forwarding

    IPv6
    forwarding

    51 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    IPv6 via L3VPN (…)

    52 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    IPv6 via L3VPN (…)

    53 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    NAT between IPV4 and IPV6

    Breaks globally unique address model


    Breaks address stability
    Breaks always-on model
    Breaks peer-to-peer model
    Breaks some applications
    Breaks some security protocols
    Breaks some QoS functions
    Introduces a false sense of security
    Introduces hidden costs (applications and operations)
    NAT inhibits development of new applications
    54 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
    NAT between IPV6 and IPV4

    NAT gateway

    IPv6 Network IPv4 Network

    IPv6 to IPv4 address translation, Basic NAT


    IPv6 to IPv4 address translation + Protocol Translation, NAT-PT
    May include application layer translation, such DNS

    55 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    NAT between IPV6 and IPV4 (…)

    DNS Server
    NAT gateway
    2001:1:1:1::/64

    IPv6 Network IPv4 Network

    Host A www.xyz.com

    Translation Table :
    2001:1:1:1::/64  202.100.1.0/24 (for host connected to IPv6)
    Other IPv4 network  2001:1:10:10::/64

    56 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    NAT between IPV6 and IPV4 (…)

    DNS Server
    NAT gateway
    2001:1:1:1::/64
    AAAA Query A Query

    www.xyz.com
    Host A 202.105.105.10

    IPv6 Network IPv4 Network

    57 Copyright © 2009 Juniper Networks, Inc. www.juniper.net


    NAT between IPV6 and IPV4 (…)

    1. Host A send DNS query for www.xyz.com,


    DNS AAAA Query
    2. NAT gateway translate AAAA query to A
    query
    3. DNS Server reply with 202.105.105.10
    4. NAT gateway translate DNS reply, host
    information 202.105.105.10 to
    2001:1:10:10::105
    5. Host A send packet to ip address
    2001:1:10:10::105
    6.
    58
    NAT gateway translate DA 2001:1:10:10::105
    Copyright © 2009 Juniper Networks, Inc. www.juniper.net

    to DA 202.105.105.10, and SA 2001:1:1::15


    59 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

    You might also like