Juniper routers use separate control and forwarding planes. The routing engine operates routing protocols and builds the routing table. It copies the best paths to the forwarding table on the packet forwarding engine, which actually forwards packets. MPLS uses labels to forward traffic. It requires an IGP like OSPF or IS-IS to advertise loopbacks and build the forwarding table. Juniper stores labels and routes across multiple tables to implement MPLS forwarding.
Juniper routers use separate control and forwarding planes. The routing engine operates routing protocols and builds the routing table. It copies the best paths to the forwarding table on the packet forwarding engine, which actually forwards packets. MPLS uses labels to forward traffic. It requires an IGP like OSPF or IS-IS to advertise loopbacks and build the forwarding table. Juniper stores labels and routes across multiple tables to implement MPLS forwarding.
Juniper routers use separate control and forwarding planes. The routing engine operates routing protocols and builds the routing table. It copies the best paths to the forwarding table on the packet forwarding engine, which actually forwards packets. MPLS uses labels to forward traffic. It requires an IGP like OSPF or IS-IS to advertise loopbacks and build the forwarding table. Juniper stores labels and routes across multiple tables to implement MPLS forwarding.
Juniper Router PLANES • Juniper Networks platform a)control planes b)forwarding planes within the router.
The Routing Engine and the Packet Forwarding
Engine, respectively, represent these planes. • The Routing Engine operates all routing protocols and makes all routing table decisions, building a master routing table(INET.0) with the best path to each destination selected .The router then places these best paths into the forwarding table on the Routing Engine and copies that same data into the forwarding table on the Packet Forwarding Engine. The forwarding table on the Packet Forwarding Engine allows the router to actually forward user data packets. • The Packet Forwarding Engine is the central location for data packet forwarding through the router. In contrast to the Routing Engine with its single motherboard and processor, the Packet Forwarding Engine contains a passive midplane as well as multiple boards and processors. The main portions of the Packet Forwarding Engine are the Physical Interface Card, the Flexible PIC Concentrator, and a switching control board. Free BSD Unix operating system • The kernel is the heart of the JUNOS software. The kernel is responsible for operating multiple daemons that perform the actual functions of the router • Software Components The JUNOS software is actually made up of multiple pieces working together to control the router’s functions. • jkernel • jbase • jroute • jpfe • jdocs • jcrypto • jbundle VPN • VPN is generally Virtual Private Network which could be configured by using GRE tunnels. In that if you want a full mesh than administrator need to setup n*n-1 tunnels. But in case of MPLS VPN, by default CPE works in full mesh form because of route target. Labels • In case of layer 3 VPN, two labels are normally carried by packet. But the differentiation between the labels is ipv4 and vpnv4. Ipv4 label is used for IGP and vpnv4 label is used for customer route.
• LDP is only responsible for the top most label i.e
IGP label and MP-iBGP is responsible for vpnv4 label MPLS • MPLS is multi protocol label switching mechanism which uses the label to forward the traffic to the next hop address • MPLS uses TDP or LDP • P router doesn’t have Customer network routes where in PE router is having customer network routes. Another reason is P router doesn’t require MP-iBGP but for PE it is must. • To make your PE router as P, you need to remove the BGP configurations and after that it will not participate with customer network. • Second last router performs the Penultimate Hop Popping function to remove the top most label. WHY RR • When a prefix is received from an EBGP neighbor, the router must advertise that prefix to all other EBGP and IBGP neighbors.
• When a prefix is received from an IBGP
neighbor, it can be advertised ONLY to EBGP neighbors, NOT to any other IBGP neighbors. This second rule requires a fully meshed IBGP neighbor relationship; otherwise, prefixes are not advertised to all routers in a single AS. BGP IN ISP network • BGP full mesh can scale in networks where the number of IBGP running routers is small; however, in networks characteristic of a big ISP in which the number of routers running IBGP might reach several hundred, having an n(n–1) Backbone (where n is the total number of routers in the AS) neighbor relationship and exchanging routes between all simply will not work. • This limitation of full-mesh IBGP was the catalyst for the development of two mechanisms that address this problem: • Route Reflection • AS Confederations, BGP attributes • Path attribute is again having six different BGP attributes:- • Origin • AS_Path • MED • Local Preference • Extended Communities • MP Reach NLRI (Network Layer Reach ability Information) • In the depicted image, Carried Extended Communities are the route target values which we define in vrf. BGP attributes contd.. • Next field is next hop network address which is carrying the information of next hop address i.e. router id of advertising router and CISCO is using route distinguisher RD 0:0 for IGP routes. So it means by default global routing is also a part of a vrf which could be called global vrf. • Last field is Network Layer Reachability Information which is actually carrying VPNv4 label 19 also known as bottom label, route distinguisher and ipv4 prefix of vrf. MPLS TP • MPLS requires a control plane protocol and but in case of MPLS-TP no control plane protocol is required. 2. MPLS is uni directional where as MPLS-TP is bi- directional. 3. MPLS is having inband OAM where as in MPLS- TP out of band OAM is available. 4. MPLS-TP MUST support the logical separation of the control and management planes from the data plane Router commands • The show route receive-protocol bgp is based on the ip adddress of the neighbor, so it will not matter what routing instance the BGP peer is configured in to see these routes. But these are the routes before our import policy is applied so they are the raw routes we get from that neighbor. • show route receive-protocol bgp 1.1.1.1 When looking at the live routing table then we will need to specifiy the routing instance table name to see which of these routes appear in that routing table.
• show route table NAME.inet.0
Router command contd.. • show route advertise-protocol bgp" command show results AFTER export policies have been applied MPLS TERMINOLOGY • For MPLS to run on the routers in the network, we must enable MPLS and the Resource Reservation Protocol (RSVP), configure an interior gateway protocol (IGP) and Border Gateway Protocol (BGP) to run over the relevant interfaces, and configure each interface with the following: • Basic IP information• MPLS support • In addition, we must configure a label-switched path (LSP) from the ingress router to the egress router. • We can configure our MPLS network with either Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF) as the IGP.
• An IGP is required for the Constrained
Shortest Path First (CSPF) LSP, which is the default with the Junos OS The IGP is almost needed in all SP networks: • advertising the loopback IP addresses is a pre-requisite for signalling plane: • iBGP uses it • LDP uses it • RSVP TE uses it • L2TPv3 uses it • When MPLS is used we need a working IPv4 cloud to exchange label information with LDP or RSVP TE. otherwise an iBGP session state would depend on the state of other iBGP sessions and this is not desirable from a troubleshooting point and for more robustness. OSPF or IS-IS are very good in doing the job of advertising loopbacks and backbone links and they do it efficiently with fast convergence. • iBGP sessions can be seen like user traffic flows that use routing table entries built by IGP and eventually MPLS paths. Routing Tables • Juniper mpls.0 table (LFIB)>show route table mpls.0 • Juniper RIB i2 VRF in router >show route table i2.inet.0 • Juniper FIB> show route forwarding-table vpn i2 • Labels received from next-hop routers are also stored in the FEC mapping table (inet.3) MPLS in Junos
• Junos has a completely different approach to MPLS.
Let’s start with IP routing tables: • Some routing protocols still have their own data structures (OSPF or IS-IS topology database), others don't (BGP and RIP). • There are no per-protocol IP routing tables (or BGP RIB); entries from different routing protocols are stored directly in the main IP routing table (inet.0); • Active routes from the IP routing table are copied into the IP forwarding table (because inet.0 serves both as IP routing table and BGP RIB, you might have inactive routes in the inet.0 table); • LDP and other label distribution protocols (for example, MPLS-TE) create local labels and FEC-to-label mappings: • Labels received LDP neighbors are stored in the LDP database; • Labels received from next-hop routers are also stored in the FEC mapping table (inet.3); • Local LDP labels are created for all entries in the inet.3 table (thus implementing ordered label distribution control) and stored in the LDP database; • Local labels are also created for loopback interfaces (default behavior) or IP prefixes matched by the egress- policy routing policy; • Local-to-next-hop label mappings are stored in Label Routing Table (mpls.0) and copied into Label Forwarding Table (LFIB). • Finally, Junos uses the FEC mapping table to insert outbound labels into the IP routing table (not just FIB). The FEC mapping table is (by default) used only for BGP destinations. Traffic toward BGP next hop (for example, SNMP traffic sent to a PE-router’s loopback interface) is thus not labeled, traffic for BGP destinations using the same next hop is. MPLS traffic flow • If you enable MPLS (yet again using default settings) in a Junos-based network, the routers generate labels only for the loopback interfaces, and label only the traffic sent toward BGP destinations reachable through loopback-based BGP next hops Firewall • A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. • Types of firewalls • Proxy firewall An early type of firewall device, a proxy firewall serves as the gateway from one network to another for a specific application. Proxy servers can provide additional functionality such as content caching and security by preventing direct connections from outside the network. However, this also may impact throughput capabilities and the applications they can support. Stateful Firewall • Stateful inspection firewall • Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed. Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection. UTM • Unified threat management (UTM) firewall • A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus. It may also include additional services and often cloud management. UTMs focus on simplicity and ease of use.
• Next-generation firewall (NGFW)
• Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next- generation firewalls to block modern threats such as advanced malware and application-layer attack • Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses. VPLS • VPLS (Virtual Private LAN Services) is one of the service offering in MPLS which helps to provide the extension of broadcast domain from one to multiple sites over the wan SIP • sip is a signalling protocol which set up ip communication • H.323 is recommended by (ITU-T), which defines a set of standards for the transmission of packet multimedia data over networks. • Traffic engineering allows you to control the path that data packets follow, bypassing the standard routing model, which uses routing tables. • The core of the traffic engineering design is based on building label-switched paths (LSPs) among routers. An LSP is connection-oriented, like a virtual circuit in Frame Relay or ATM. LSPs are not reliable: Packets entering an LSP do not have delivery guarantees, although preferential treatment is possible. LSPs also are similar to unidirectional tunnels in that packets entering a path are encapsulated in an envelope and switched across the entire path without being touched by intermediate nodes. NGN • NGN converges the traditional voice data & video on to a Single packet (IP) infrastructure & enables Triple Play services on the same network to the customer. • Point of Interconnectivity (POI) using Media Gateways with majority of existing Telecom Operators. • NLD backbone has been rolled out in locations covering all major circles of India.