MPLS (JUNIPER NETWORK)

Juniper Router
 PLANES
• Juniper Networks platform
a)control planes
b)forwarding planes within the router.

The Routing Engine and the Packet Forwarding

Engine, respectively, represent these planes.
• The Routing Engine operates all routing
protocols and makes all routing table
decisions, building a master routing
table(INET.0) with the best path to each
destination selected .The router then places
these best paths into the forwarding table on
the Routing Engine and copies that same data
into the forwarding table on the Packet
Forwarding Engine. The forwarding table on
the Packet Forwarding Engine allows the
router to actually forward user data packets.
• The Packet Forwarding Engine is the central
location for data packet forwarding through
the router. In contrast to the Routing Engine
with its single motherboard and processor, the
Packet Forwarding Engine contains a passive
midplane as well as multiple boards and
processors. The main portions of the Packet
Forwarding Engine are the Physical Interface
Card, the Flexible PIC Concentrator, and a
switching control board.
 Free BSD Unix operating system
• The kernel is the heart of the JUNOS software.
The kernel is responsible for operating
multiple daemons that perform the actual
functions of the router
• Software Components
The JUNOS software is actually made up of
multiple pieces working together to control
the router’s functions.
• jkernel
• jbase
• jroute
• jpfe
• jdocs
• jcrypto
• jbundle
 VPN
• VPN is generally Virtual Private Network which
could be configured by using GRE tunnels. In
that if you want a full mesh than administrator
need to setup n*n-1 tunnels. But in case of
MPLS VPN, by default CPE works in full mesh
form because of route target.
 Labels
• In case of layer 3 VPN, two labels are normally
carried by packet. But the differentiation
between the labels is ipv4 and vpnv4. Ipv4 label
is used for IGP and vpnv4 label is used for
customer route.

• LDP is only responsible for the top most label i.e

IGP label and MP-iBGP is responsible for vpnv4
label
 MPLS
• MPLS is multi protocol label switching
mechanism which uses the label to forward
the traffic to the next hop address
• MPLS uses TDP or LDP
• P router doesn’t have Customer network
routes where in PE router is having customer
network routes. Another reason is P router
doesn’t require MP-iBGP but for PE it is must.
• To make your PE router as P, you need to
remove the BGP configurations and after that
it will not participate with customer network.
• Second last router performs the Penultimate
Hop Popping function to remove the top most
label.
 WHY RR
• When a prefix is received from an EBGP
neighbor, the router must advertise that prefix to
all other EBGP and IBGP neighbors.

• When a prefix is received from an IBGP

neighbor, it can be advertised ONLY to EBGP
neighbors, NOT to any other IBGP neighbors.
This second rule requires a fully meshed IBGP
neighbor relationship; otherwise, prefixes are not
advertised to all routers in a single AS.
 BGP IN ISP network
• BGP full mesh can scale in networks where the
number of IBGP running routers is small;
however, in networks characteristic of a big
ISP in which the number of routers running
IBGP might reach several hundred, having an
n(n–1) Backbone (where n is the total number
of routers in the AS) neighbor relationship and
exchanging routes between all simply will not
work.
• This limitation of full-mesh IBGP was the
catalyst for the development of two
mechanisms that address this problem:
• Route Reflection
• AS Confederations,
 BGP attributes
• Path attribute is again having six different BGP
attributes:-
• Origin
• AS_Path
• MED
• Local Preference
• Extended Communities
• MP Reach NLRI (Network Layer Reach ability
Information)
• In the depicted image, Carried Extended Communities
are the route target values which we define in vrf.
 BGP attributes contd..
• Next field is next hop network address which is
carrying the information of next hop address i.e.
router id of advertising router and CISCO is using
route distinguisher RD 0:0 for IGP routes. So it
means by default global routing is also a part of a
vrf which could be called global vrf.
• Last field is Network Layer Reachability
Information which is actually carrying VPNv4
label 19 also known as bottom label, route
distinguisher and ipv4 prefix of vrf.
 MPLS TP
• MPLS requires a control plane protocol and but in
case of MPLS-TP no control plane protocol is
required.
2. MPLS is uni directional where as MPLS-TP is bi-
directional.
3. MPLS is having inband OAM where as in MPLS-
TP out of band OAM is available.
4. MPLS-TP MUST support the logical separation
of the control and management planes from the
data plane
 Router commands
• The show route receive-protocol bgp is based on the ip
adddress of the neighbor, so it will not matter what routing
instance the BGP peer is configured in to see these
routes. But these are the routes before our import policy is
applied so they are the raw routes we get from that
neighbor.
•
show route receive-protocol bgp 1.1.1.1 When looking at
the live routing table then we will need to specifiy the
routing instance table name to see which of these routes
appear in that routing table.

• show route table NAME.inet.0

 Router command contd..
• show route advertise-protocol bgp" command
show results AFTER export policies have been
applied
 MPLS TERMINOLOGY
• For MPLS to run on the routers in the network,
we must enable MPLS and the Resource
Reservation Protocol (RSVP), configure an interior
gateway protocol (IGP) and Border Gateway
Protocol (BGP) to run over the relevant
interfaces, and configure each interface
with the following:
• Basic IP information• MPLS support
• In addition, we must configure a label-switched
path (LSP) from the ingress router to the egress
router.
• We can configure our MPLS network with
either Intermediate System-to-Intermediate
System (IS-IS) or Open Shortest Path First
(OSPF) as the IGP.

• An IGP is required for the Constrained

Shortest Path First (CSPF) LSP, which is the
default with the Junos OS
The IGP is almost needed in all SP networks:
• advertising the loopback IP addresses is a pre-requisite for
signalling plane:
• iBGP uses it
• LDP uses it
• RSVP TE uses it
• L2TPv3 uses it
• When MPLS is used we need a working IPv4 cloud to
exchange label information with LDP or RSVP TE. otherwise an
iBGP session state would depend on the state of other iBGP
sessions and this is not desirable from a troubleshooting point
and for more robustness. OSPF or IS-IS are very good in doing
the job of advertising loopbacks and backbone links and they
do it efficiently with fast convergence.
• iBGP sessions can be seen like user traffic flows that use
routing table entries built by IGP and eventually MPLS paths.
 Routing Tables
• Juniper mpls.0 table (LFIB)>show route table
mpls.0
• Juniper RIB i2 VRF in router >show route
table i2.inet.0
• Juniper FIB> show route forwarding-table vpn
i2
• Labels received from next-hop routers are also
stored in the FEC mapping table (inet.3)
 MPLS in Junos

• Junos has a completely different approach to MPLS.

Let’s start with IP routing tables:
• Some routing protocols still have their own data
structures (OSPF or IS-IS topology database), others
don't (BGP and RIP).
• There are no per-protocol IP routing tables (or BGP
RIB); entries from different routing protocols are stored
directly in the main IP routing table (inet.0);
• Active routes from the IP routing table are copied into
the IP forwarding table (because inet.0 serves both as
IP routing table and BGP RIB, you might have inactive
routes in the inet.0 table);
• LDP and other label distribution protocols (for
example, MPLS-TE) create local labels and FEC-to-label
mappings:
• Labels received LDP neighbors are stored in the LDP
database;
• Labels received from next-hop routers are also stored
in the FEC mapping table (inet.3);
• Local LDP labels are created for all entries in the inet.3
table (thus implementing ordered label distribution
control) and stored in the LDP database;
• Local labels are also created for loopback interfaces
(default behavior) or IP prefixes matched by the egress-
policy routing policy;
• Local-to-next-hop label mappings are stored in Label
Routing Table (mpls.0) and copied into Label
Forwarding Table (LFIB).
• Finally, Junos uses the FEC mapping table to
insert outbound labels into the IP routing
table (not just FIB). The FEC mapping table is
(by default) used only for BGP destinations.
Traffic toward BGP next hop (for example,
SNMP traffic sent to a PE-router’s loopback
interface) is thus not labeled, traffic for BGP
destinations using the same next hop is.
MPLS traffic flow
• If you enable MPLS (yet again using default
settings) in a Junos-based network, the
routers generate labels only for the loopback
interfaces, and label only the traffic sent
toward BGP destinations reachable through
loopback-based BGP next hops
 Firewall
• A firewall is a network security device that
monitors incoming and outgoing network
traffic and decides whether to allow or block
specific traffic based on a defined set of
security rules.
• Types of firewalls
• Proxy firewall
An early type of firewall device, a proxy firewall serves
as the gateway from one network to another for a
specific application. Proxy servers can provide
additional functionality such as content caching and
security by preventing direct connections from
outside the network. However, this also may impact
throughput capabilities and the applications they can
support.
 Stateful Firewall
• Stateful inspection firewall
• Now thought of as a “traditional” firewall, a
stateful inspection firewall allows or blocks
traffic based on state, port, and protocol. It
monitors all activity from the opening of a
connection until it is closed. Filtering decisions
are made based on both administrator-defined
rules as well as context, which refers to using
information from previous connections and
packets belonging to the same connection.
 UTM
• Unified threat management (UTM) firewall
• A UTM device typically combines, in a loosely coupled way,
the functions of a stateful inspection firewall with intrusion
prevention and antivirus. It may also include additional
services and often cloud management. UTMs focus on
simplicity and ease of use.

• Next-generation firewall (NGFW)

• Firewalls have evolved beyond simple packet filtering and
stateful inspection. Most companies are deploying next-
generation firewalls to block modern threats such as
advanced malware and application-layer attack
• Port Address Translation (PAT), is an extension
to network address translation (NAT) that
permits multiple devices on a local area
network (LAN) to be mapped to a single public
IP address. The goal of PAT is to conserve IP
addresses.
 VPLS
• VPLS (Virtual Private LAN Services) is one of
the service offering in MPLS which helps to
provide the extension of broadcast domain
from one to multiple sites over the wan
 SIP
• sip is a signalling protocol which set up ip
communication
• H.323 is recommended by (ITU-T), which
defines a set of standards for the transmission
of packet multimedia data over networks.
• Traffic engineering allows you to control the path
that data packets follow, bypassing the standard
routing model, which uses routing tables.
• The core of the traffic engineering design is based
on building label-switched paths (LSPs) among
routers. An LSP is connection-oriented, like a
virtual circuit in Frame Relay or ATM. LSPs are not
reliable: Packets entering an LSP do not have
delivery guarantees, although preferential
treatment is possible. LSPs also are similar to
unidirectional tunnels in that packets entering a
path are encapsulated in an envelope and
switched across the entire path without being
touched by intermediate nodes.
 NGN
• NGN converges the traditional voice data &
video on to a Single packet (IP) infrastructure
& enables Triple Play services on the same
network to the customer.
• Point of Interconnectivity (POI) using Media
Gateways with majority of existing Telecom
Operators.
• NLD backbone has been rolled out in locations
covering all major circles of India.