Monday, 10 October 2011

JNCIS-ENT - JN0-343

Switching


Exam Objectives

Bridging Mechanisms
Learning, Forwarding, Flooding, Filtering, Aging


To turn off MAC learning on an interface use the command:
set ethernet-switching-options interfaces ge-0/0/0.0 no-mac-learning


To change the MAC aging timer:
set ethernet-switching-options mac-table-aging-time <60 to 1000000 seconds>


Network Layers
Access, Aggregation, Core, WAN Edge


EX Series Switches
EX2200, EX3200, EX4200, EX4500, EX8200


Ethernet Configuration


[edit interfaces]
ge-0/0/1  {
     unit 0  {
          family ethernet-switching;
     }
}


A range of interfaces can be configured:


[edit interfaces]
interface-range MyRange {
     member ge-0/0/1;
     member ge-0/0/2;
     member-range ge-0/0/4 ge0/0/6;
       unit 0  {
            family ethernet-switching;
       }
}

Speed and Duplex


user@switch-1> show configuration interfaces ge-0/0/1 
ether-options {
    no-auto-negotiation;
    link-mode full-duplex;
    speed {
        1g;
    }
}
unit 0 {
    family ethernet-switching;
}

Viewing the Bridge Table

#show ethernet-switching table [extensive]
#clear ethernet-switching table [interface | mac | vlan]

Viewing the layer 2 forwarding table

#show route forwarding-table family ethernet-switching 

Static bridge table entries can be added as follows:

[edit ethernet-switching-options]
static  {
    vlan default  {
        mac 00:11:22:33:44:55 next-hop ge-0/0/1;
    }
}

VLANs

Create a VLAN called v10 

[edit]
set vlans v10

Assign an interface to VLAN v10 as an access port:

[edit interfaces ge-0/0/1]
unit 0  {
   family ethernet-switching  {
        port-mode access;
        vlan  {
            members v10;
        }
   }
}

Or alternatively:

[edit vlans]
v10  {
        vlan-id 10;
        interface  {
             ge-0/0/1.0;
        }
}

To configure a trunk port:

[edit interfaces ge-0/0/10]
unit 0  {
   family ethernet-switching  {
        port-mode trunk;
        vlan  {
            members [ v10   v20 ];
        }
   }
}

#show vlans

Voice VLAN Configuration

[edit ethernet-switching-options]
voip  {
     interface (access-ports | interface-name)  {
         vlan (vlan-name | vid);
         forwarding-class <class>;
     }
}

Native VLAN

Use the command native-vlan-id for passing untagged packets over a trunked port

Routed VLAN Interfaces (RVI)

Create the layer 3 address:

[edit interfaces vlan]
unit 10
   family inet  {
       address 192.168.1.1/24;
    }
}
     
Associate the address with a VLAN:

[edit vlans]
v10  {
     vlan-id 10;
     interface  {
         ge-0/0/1;
     }
     l3-interface vlan.10;
}

#show interfaces terse vlan

Spanning Tree (802.1D)

Port States: Disabled, Blocking, Listening, Learning, Forwarding
Destination address of a BPDU address is 01:80:C2:00:00:00, source address is the outgoing port of the originating switch.
BPDUs can either be configuration BPDUs or TCN (Topology Change Notification) BPDUs.

Interface costs:

10Mbps = 2,000,000
100Mbps = 200,000
1Gbps = 20,000
10Gbps = 2,000

Rapid Spanning Tree (802.1w)

Port States: Discarding, Learning, Forwarding

Configuring STP

[edit protocols stp]
bridge-priority 32K;
max-age 20;
hello-time 2;
forward-delay 15;

Configuring RSTP

[edit protocols rstp]
bridge-priority 32K;
max-age 20;
hello-time 2;
forward-delay 15;
interface ge0/0/1.0  {
     disable;
}
interface ge-0/0/2.0  {
     priority 128;
     mode point-to-point;
}
interface ge-0/0/3.0  {
     cost 20000;
     mode shared;
}
interface ge-0/0/4.0  {
     edge;
}

#show spanning-tree [bridge | interface | mstp | statistics]

BPDU Protection

When stp is enabled:

[edit protocols rstp]
interface ge-0/0/1.0 {
     edge;
}
bpdu-block-on-edge;

When stp is disabled:

[edit ethernet-switching-options]
bdpu-block  {
      interface ge-0/0/1.0;
}

#show ethernet-switching interfaces
# clear ethernet-switching bpdu-error

Loop Protection

[edit protocols rstp]
interface ge-0/0/1.0  {
    bpdu-timeout-action  {
         block;
    }
}

When a port configured with loop protection stops receiving BDPUs it will transition to the loop-inconsistent state.

Root Protection


[edit protocols rstp]
bridge-priority 4k;
interface all  {
    no-root-port;
    }

This configuration would be applied to the root bridge which means that it will not accept superior BPDUs on any port. Recovery is automatic.
NB - loop protection and root protection cannot be enabled on an interface at the same time.

Port Security

By default a port will not automatically recover from an error disable condition. This can be configured as follows:

[edit ethernet-switching-options]
port-error-disable  {
     disable-timeout 3600;
}

Or you can clear the condition with:
#clear ethernet-switching port-error interface

MAC Limiting

[edit ethernet-switching-options]
secure-access-port  {
     interface  ge-0/0/1.0  {
         allowed-mac [ 00:11:22:33:44:55:66  11:22:33:44:55:66  ];
! Only allow the configured MAC address on that port
     interface  ge-0/0/2.0  {
         mac-limit 2 action ;
! If the configured limit is broken take the action - log, drop, shutdown or none
     vlan default  {
         mac-move-limit 1 action shutdown
! Prevents a MAC address moving to a new interface  
   }
}

#show log messages  | match limit
#show ethernet-switching interfaces

DHCP Snooping

[edit ethernet-switching-options]
secure-access-port  {
    interface ge-0/0/1.0  {
        no-dhcp-trusted;
! Stops the port from receiving DHCP server traffic    
    }
    interface ge-0/0/2.0  {
        dhcp-trusted;
! Server accepts DHCP Server traffic - DHCPOFFER, DHCPACK, DHCPNAK etc.
    vlan default  {
         examine-dhcp ;
! Enable DHCP snooping on a VLAN
    }
     dhcp-snooping-file  {
          location /var/tmp/MySnoop;
          write-interval 60;
! Write dhcp snooping to a file which is persistent over reboots
     }
}

#run file show /var/tmp/MySnoop
#show dhcp snooping statistics
#show dhcp snooping binding

Dynamic ARP Inspection (DAI)

Arp packets received on an untrusted port are validated against the DHCP snooping database. It is disabled by default - it is enabled per VLAN. If a port is configured with a static IP address it must be configured as trusted in order to bypass DAI by using the dhcp-trusted command.
DAI is enabled on a VLAN with the arp-inspection command.

#show arp inspection statistics

Static arp entry can be added as follows:

[edit ethernet-switching-options]
secure-access-port  {
     interface ge-0/0/1.0  {
           static-ip  192.168.1.1 vlan default  mac :00:11:22:33:44:55;
    }

IP Source Guard

Prevents IP spoofing. Configure using the ip-source-guard command on the VLAN.

#show ip-source-guard

Device Security and Firewall Filters

Storm control is enabled  by default on all interfaces:

[edit ethernet-switching-options]
storm-control  {
      interface all;
}.

Default action is for offending traffic to be dropped. This can be changed with the action-shutdown command. In order to make the interface automatically recover from a shutdown event configure set ethernet-switching-options port-error-disable disable-timeout <seconds>

#show ethernet-switching interfaces

Firewall Filters

Three kinds of stateless firewall filters - Port-based, VLAN-based and Router-based.

[edit firewall filter ethernet-switching]
#show filter MAC-limit
term 1  {
      from  {
            source-mac-address  {
                   00:11:22:33:44:55:66;
            }
       }
       then accept;
}
term 2  {
        then  {
            discard;
            count invalid-mac-record;
        }
}

The above rule accepts all packets from the specified mac and denies and logs all violations.

It is applied to the interface or VLAN as follows:

[edit interfaces]
#show ge-0/0/1
unit 0  {
      family ethernet-switching {
            filter  {
                input MAC-limit;
            }
       }
}

#show firewall

High Availability

Link Aggregation Groups

802.1ad

Aggregated interfaces must be created:
[edit chassis]
#set aggregated-devices ethernet device-count 1

This will create an interface called ae0 which will remain the down state until physical interfaces are added to it.

[edit interfaces]
#set ae0 aggregated-ether-options lacp active 
#set ge-0/0/1 ether-options 802.3ad ae0 
#set ge-0/0/3 ether-options 802.3ad ae0

#show lacp interfaces
#show lacp statistics

Redundant Trunk Group

[set ethernet-switching-options]
#set redundant-trunk-group group MyGroup interface ae0.0 primary
#set redundant-trunk-group group MyGroup interface ge0/0/1

The primary keyword means that the interface will always be considered active if it is operational.

#show redundant-trunk-group

Virtual Chassis

Up to 10 EX4200 switches can be in a virtual chassis. Virtual Chassis Ports (VCP) on the rear of the EX4200 are used to interconnect switches - an uplink port can be used by issuing the command:

#request virtual-chassis vc-port set pic-slot 1 port 0 

this converts port xe-0/1/0 to vcp-255/1/0.

Switches in a VC are assigned an ID from 0 to 9 based on the order that they are added. This can be changed with the command:

#request  virtual-chassis  renumber  member-id  0  new-member-id  5   


A member of the VC can be shutdown with the command:


#request system halt member <member-id>


A member of the VC can be logged on to with the command:


#request session member <member-id>


VC are managed via a vme interface.
A new switch added to a VC must be running the same JUNOS as the master or it will be placed in an "inactive" state. This can be overcome with the command auto-sw-update under the [edit virtual-chassis] hierarchy.


Set priority with the command


#set member <member-id> mastership-priority <priority>
(value from 1 to 255, 128 is the default, highest is best)


#show virtual-chassis
#show virtual-chassis vc-port


Routing


Static Routes


[edit routing-options]
#show
static  {
     route 0.0.0.0/0  {
         next-hop 192.168.1.254;
         }
     }
}


The Preference keyword can be used when there are multiple next hops in a static route and you need to define a priority. Default is 5 and lower is better.


The no-advertise keyword can be used to prevent the static route from being redistributed into other routing protocols. 


Aggregate Routes



Aggregate routes become active in the routing table when at least one of the contributing routes for the aggregate is also active in the routing table. 

[edit routing-options]
#show
aggregate  {
                route 192.168.1.0/22
                }
}

Default route preference for aggregate routes is 130 and next hop type is reject.

Use the command 
#show route <prefix>  exact detail

Generated Routes


A means of generating a default route.


[edit routing-options]
#show
generate  {
     route 0.0.0.0/0;
}

Martian Addresses

[edit routing-options]
#show martians
#show route martians

             0.0.0.0/0 exact -- allowed
             0.0.0.0/8 orlonger -- disallowed
             127.0.0.0/8 orlonger -- disallowed
             128.0.0.0/16 orlonger -- disallowed
             191.255.0.0/16 orlonger -- disallowed
             192.0.0.0/24 orlonger -- disallowed
             223.255.255.0/24 orlonger -- disallowed
             240.0.0.0/4 orlonger -- disallowed
             224.0.0.0/4 exact -- disallowed
             224.0.0.0/24 exact -- disallowed

Routing Instances

#show route instance

Default unicast routing instance is called the master routing instance which includes the inet.0 routing table.

Common routing instance types:


forwarding: Used to implement filter-based forwarding for common Access Layer applications;
l2vpn: Used in Layer 2 VPN implementations;
no-forwarding: Used to separate large networks into smaller administrative entities;
virtual-router: Used for non-VPN-related applications such as system virtualization;
vpls: Used for point-to-multipoint LAN implementations between a set of sites in a VPN; and
vrf: Used in Layer 3 VPN implementations.

New routing instances can be created as follows:

[edit routing-instances MyInstance]
#show
instance-type virtual-router;
interface ge-0/0/1.0;
<output omitted - other routing options...>


#show interfaces terse  routing-instance MyInstance
#show route table MyInstance.inet.0


Sharing routes between routing tables


[edit routing-options]
#show
rib-groups  {
     MyRibGroup  {
          export-rib MyInstance1;
          import-rib MyInstance2;
          import-policy MyPolicy;
     }
}


Export is where the tables are from, import is to where they are going. The rib group is then applied to routing protocols, interface routes or both.

Routing between instances


Creation of a logical tunnel interface to link routing instances:


[edit interfaces lt-0/0/0]
#show 
unit 0 {
    encapsulation ethernet;
    peer-unit 1;
    family inet {
    }
}
unit 1 {
    encapsulation ethernet;
    peer-unit 0;
    family inet;
}




Load Balancing


JUNOS devices only perform destination-based load sharing, not per-packet load sharing.


[edit policy-options]
#show
policy-statement MyLBPolicy  _
   from   {
      route-filter 192.168.1.0/24 exact;
      route-filter 192.168.2.0/24 exact;
   }
   then  {
        load-balance per-packet;
   }
}


This then needs to be applied as an export policy:


[edit routing-options]
#show
forwarding-table  {
    export MyLBPolicy;
}


To match all routes just omit the "from" section. Internet Processor II based systems can load balance up to 64 equal cost paths, Internet Processor I ASIC based systems can load balance up to 8 equal cost paths.


A traffic flow is determined by the following:


- Incoming interface index
- Source Address
- Destination Address
- Protocol


To include layer 4 data in the calculation use:


set forwarding-options hash-key family-inet layer-3
set forwarding-options hash-key family-inet layer-4



Filter Based Forwarding


Three steps:
1. Create a match filter under the [edit firewall] hierarchy
2. Create routing instances 
3. Create a rib-group


e.g. 


1. Create a match filter under the [edit firewall] hierarchy


[edit firewall family inet filter MyFilter]
#show
term match-first-subnet  {
     from  {
           source-address  {
                 192.168.50.0/24;
            }
      }
      then  {
              routing-instance first-ISP;
      }

term match-second-subnet  {
     from  {
           source-address  {
                 192.168.100.0/24;
            }
      }
      then  {
              routing-instance second-ISP;
      }


! Here we have created a filter called MyFilter with two match statements matching two different source subnets which are then forwarded to two different routing instances.


[edit interfaces ge-0/0/0]
#show
unit 0  {
      family inet  {
            filter  {
                 input MyFilter;
             }
             address 10.1.1.1/24;
             address 10.1.2.1/24;
       }
}


! Here the filter is applied to the physical interface as an input filter.


2. Create routing instances 


[edit routing-instances]
#show
first-ISP  {
        instance-type forwarding;
        routing-options  {
             static  {
                   route 0.0.0.0/0 next-hop 10.0.0.1;
              }
         }
}

second-ISP  {
        instance-type forwarding;
        routing-options  {
             static  {
                   route 0.0.0.0/0 next-hop 10.0.1.1;
              }
         }
}

3. Create a rib-group

[edit routing-options]
interface-routes  {
      rib-group inet MyRibGroup:
}
rib-groups  {
      MyRibGroup  {
           import-rib  [ inet.0 first-ISP.inet.0  second-ISP.inet.0  ];
      }
}




Open Shortest Path First (OSPF)


LSA = Link State Announcement
LSDB = Link State Database


OSPF Packet Types:


Type 1 = Hello


Sent to 224.0.0.5 every 10 seconds. For neighbours to form they must agree on Network Mask, Hello Interval, Dead Interval and Options. 


Type 2 = Database description



OSPF uses database description (DD) packets only during the adjacency formation process between two OSPF routers. The DD packets serve two main purposes: determining who is in charge of the database synchronization, and actually transferring the LSA headers between the two systems


Type 3 = Link State Request


LSR are sent by are sent by an OSPF router when it detects that its database is stale.


Type 4 = Link State Update


A link-state update packet is the basic information block in OSPF. It can contain multiple LSAs. Sent to all OSPF routers multicast address (224.0.0.5) or all DRs (224.0.0.6)


Type 5 = Link State Acknowledgement


OSPF sends link-state acknowledgment packets after the receipt of a link-state update packet.


OSPF Adjacency Formation:


- Down
- Init
- 2Way
- Exstart
- Exchange
- Loading
- Full


Designated Router Election:


DR priority can range from 0 to 255, default in JUNOS is 128 (higher is better). Priority of 0 means a router will never become a DR.
RID is a tie-breaker, higher is better.


OSPF Router Types:


Area Border Router (ABR) - An OSPF router with links in two areas
Autonomous System Border Router (ASBR) - Inject routes from outside the OSPF domain
Backbone Router - An OSPF router with a link to area 0
Internal Router - An OSPF with all its links in one area


OSPF Area Types:


Routes that are generated from within an area, where the destination belongs to the area, are referred to as intra-area, or internal, routes.


Routes that originate from other areas are referred to as interarea or summary routes.


Routes that originate from other routing protocols, or different OSPF processes, and that are injected into OSPF through redistribution, are referred to as external routes. 


Stub Areas - AS external routes (type 4 and 5) are not flooded into these areas. You cannot create a virtual link through a stub area and a stub area cannot contain an ASBR.


Totally Stubby Area - receives only a default route from the backbone ABRs do not flood LSA 
types 3, 4, or 5 into totally stubby areas.


Not So Stubby Area - allows external routes to be flooded within the area.


LSA Packet Types:


Type 1: Router: Router LSAs describe the interfaces and neighbors of each OSPF router to all other OSPF routers within the same area (intra-area).
Type 2Network: Network LSAs describe an Ethernet segment. These LSAs are sent by the designated router to other OSPF routers within the same area (intra-area).
Type 3: Summary: Summary LSAs describe IP prefixes learned from Router and Network LSAs. These LSAs are sent by the ABR attached to the area from where the prefix information was learned and sent to other OSPF areas (interarea). Note that as summary LSAs are re-injected into different areas, the LSA type never changes, but the cost and advertising router details do change.
Type 4: ASBR Summary: ASBR Summary LSAs describe the router-id of ASBR routers located in remote areas. These LSAs are sent by the ABR attached to the area in which the ASBR is located to other OSPF areas (interarea). Note that as ASBR summary LSAs are re-injected into different areas, the LSA type never changes, but the cost and advertising router details do change.
Type 5: External: External LSAs describe IP prefixes redistributed from other routing protocols, such as RIP, BGP, or even static routes. These LSAs are sent by ASBRs injecting the external routes into OSPF. By default, the Junos OS marks these LSAs with the type 2 designation, which means the cost of the associated OSPF route is not added. You can alter this default behavior and mark these external prefixes with the type 1 designation, which means the cost to the ASBR will be included. External LSAs are flooded to all OSPF areas except areas defined as stub areas.
Type 6: Multicast OSPF LSA;

Type 7: NSSA External: NSSA External LSAs are similar to External LSAs (type 5) in that they describe IP prefixes redistributed from other routing protocols, such as RIP, BGP, or even static routes. These LSAs are sent by ASBRs in NSSA areas. These LSAs are translated to type 5 LSAs by the ABR attached to NSSA area in which the type 7 LSAs originate.
Type 8: External attributes LSA;
Type 9: Opaque LSA (link scope);
Type 10: Opaque LSA (area scope—used for traffic engineering); and
Type 11: Opaque LSA (AS scope).

OSPF Configuration


[edit protocols]
#show
router-id 192.168.1.1;


ospf  {
     area 0.0.0.0  {
          interface ge-0/0/1.0;
          interface lo0.0;
      }
}


Route metric is calculated by the equation cost =  reference bandwidth / bandwidth


#show ospf neighbor [detail | extensive]
#clear ospf neighbor
#show ospf interface
#show ospf route
#show ospf database
#show ospf statistics
#show ospf log


Border Gateway Protocol (BGP)


BGP Neighbour States:


Idle
Connect
Active
OpenSent
OpenConfirmed
Established


BGP Message Types:


Open
Update
Keepalive
Notification 


Local Preference - higher is preferred


BGP Route Selection


- Prefer highest local preference
- Prefer shortest AS-path
- Prefer lowest origin value ( I [IGP] < E [EGP] < ? [Incomplete]) 
- Prefer lowest MED value
- Prefer EBGP learnt routes over IBGP
- Prefer best exit from AS

- For EBGP routes prefer current active route or prefer lowest router ID
- Prefer paths with shortest cluster list
- Prefer paths from router with lowest peer ID


Sample BGP Config


[edit routing-options]
#show
router-id 192.168.1.1;
autonomous-system 65001;


[edit protocols bgp]
#show
group MyInternalGroup  {
      type internal;
      local-address 192.168.1.1;
      neighbor 192.168.1.2;
}
group MyExternalGroup  {
      type external;
      peer-AS  65111;
      neighbor 192.168.101.1;
}


BGP next-hop-self option


[edit policy-options]
#show
policy-statement MyPolicy  {
     term ChangeNextHop  {
           then   {
                 next-hop-self
           }
     }
}


[edit protocols bgp]
#show
group MyInternalGroup  {
      type internal;
      local-address 192.168.1.1;
      export MyPolicy;
      neighbor 192.168.1.2;

Advertising Aggregate Routes


[edit routing-options  aggregate]
#show
route 10.0.0.0/8


[edit policy-options policy-statement MyAggregatePolicy]
#show 
term MatchAggregate  {
      from   {
            protocol aggregate;
            route-filter 10.0.0.0/8 exact;
      }

[edit protocols bgp]
#show
group MyInternalGroup  {
      type external;
      local-address 192.168.1.1;
      export MyAggregatePolicy
      neighbor 192.168.101.1;
}


#show bgp summary
#show bgp neighbor
#show route protocol bgp
#show route-receive protocol bgp 192.168.101.2
#show route advertising-protocol bgp 192.168.101.2


IP tunneling


GRE  - tunnel IP, IPX, Appletalk, IPV6. Adds 24 bytes overhead to an IP packet. IP Protocol Type 47. Defined as gr-x/y/z.
IP-IP - IP only tunnelling. Adds 20 bytes overhead. Defined as ip-x/y/z.


GRE Tunnel Sample Configuration


[edit interface gr-0/0/0]
#show
unit 0   {
       tunnel  {
             source 192.168.101.1;
             destination 192.168.101.2;
       }
       family inet;
}


#set system internet-options gre-path-mtu-discovery


High Availability



Graceful restart (GR): This feature allows uninterrupted packet forwarding and temporary suppression of all routing protocol updates. GR enables a router to pass through intermediate convergence states that are hidden from the rest of the network. Can be enabled globally at the [edit protocols] hierarchy or enabled disabled for specific protocols / groups etc. GR helper mode is enabled by default, restarting router mode is not.

Graceful Routing Engine switchover (GRES): This feature enables a routing platform with redundant REs to continue forwarding packets even if one RE fails. Graceful RE switchover preserves interface and kernel information and ensures that traffic is not interrupted. Graceful RE switchover does not, however, preserve the control plane.
It can be enabled with the command:
#set redundancy graceful-switchover


#request  chassis routing-engine master [acquire | release | switch]
#show system switchover


Nonstop active routing (NSR): This feature uses the same infrastructure as graceful RE switchover to preserve interface and kernel information. However, NSR also saves routing protocol information by running the routing protocol process (rpd) on the backup RE. By saving this additional information, NSR is selfcontained and does not rely on helper routers to assist the routing platform in restoring routing protocol information. NSR is advantageous in networks where neighbor routers do not support GR. As a result of this enhanced functionality, NSR is a natural replacement for GR. NSR and GR are mutually exclusive and cannot be enabled at the same time. Note that graceful RE switchover must be configured for NSR to function properly.
#set routing-options nonstop-routing
#show task replication
#request routing-engine  login other-routing-engine 


Bidirectional Forwarding Detection (BFD): This feature is a simple hello mechanism that detects failures in a network. BFD sends hello packets at a specified, regular interval. A neighbor failure is detected when the routing device stops receiving a reply after a specified interval. BFD works with a wide variety of network environments and topologies. The failure detection timers for BFD have shorter time limits than default failure detection mechanisms, providing faster detection.
#set protocols bgp group MyGroup bfd-liveness-detection minimum-interval 300
#show bfd session


Virtual Router Redundancy Protocol (VRRP): This feature enables hosts on a LAN to make use of redundant routing platforms on that LAN without requiring more than the static configuration of a single default route on the hosts. The VRRP routing platforms share the IP address corresponding to the default route configured on the hosts. At any time, one of the VRRP routing platforms is the master (active) and the others are backups. If the master fails, one of the backup routers becomes the new master router, providing a virtual default routing platform and enabling traffic on the LAN to be routed without relying on a single routing platform.
VRRP Multicast address is 224.0.0.18.
MAC address used is 00-00-5E-00-01-VRID where VRID is the configured VRRP ID.
VRRP priority ranges from 1 to 255 - higher is better, 100 is the default.
VRRP states are; Initialize, Master, Backup, Transition.


[edit interface ge-0/0/1]
#show
unit 0  {
    family inet  {
        address 192.168.100.1/24;
              vrrp-group 10  {
                   virtual-address 192.168.100.254;
                   priority 200;
              }
         }
     }
}


Use the command accept-data configuration option to allow the master router to respond to icmp requests sent to the VIP address even if it does not own that specific address.


#show vrrp summary
#show vrrp track
#show vrrp detail


IPV6


40 byte header


Version (4 bits)
Traffic Class (8 bits)
Flow Label (20 bits)
Payload Length (16 bits)
Next Header (8 bits)
Hop Limit (8 bits)
Source Address (128 bits)
Destination Address (128 bits)


Unicast, Multicast and Anycast


Strings of 0's in an address can be shortened - so:


abcd:0000:0000:0000:0000:abcd:abcd:abcd 
becomes:
abcd::abcd:abcd:abcd


Loopback address is ::1


Link Local: The link-local unicast address is identified with the binary prefix 1111111010 followed by a string of 54 binary zeros, the host-generated Interface ID, and a 64-bit mask.


Site Local:  Site-local unicast addresses are identified with the binary prefix 1111111011 followed by 54 bits for the subnet ID, and the host-generated interface ID. Not routable on the internet.


Global Unicast Address:Global unicast addresses are globally unique and are used to connect to and route through the Internet.


IPV6 Sample Configuration


[edit interfaces]
#show
ge-0/0/1  {
      unit 0  {
          family inet6  {
                address fec0:0:0:2003::1/64;
          }
      }
}


#show route table inet6
#show ipv6 neighbors 


IPV6 Static Route Example


[edit routing-options]
#show
rib inet6.0  {
    static  {
        route 0::/0  {
            next-hop fec0:0:0:2003::2;
            preference 250;
        }
     }
}


IPV6 Tunneling


- IPV4-compatible addressing
- Configured tunnels
- 6to4
- 6over4


IP6-over-IP4 Tunnel example:



interfaces {
    gr-0/0/0 {
        unit 0 {
            tunnel {
                source 10.0.0.1;
                destination 10.0.1.1;
            }
            family inet6 {
                address fec0:0:1006::1/126;
            }
        }
    }

IS-IS


ES = End System (host)
IS = Intermediate System (router)


Routers can be L1, L2 or L1/L2.


IS-IS PDUs:


- IS-IS hello - 01-80-C2-00-00-14 (Level 1) and 01-80-C2-00-00-15 (Level 2)
- Link State PDUs
- Complete Sequence Number PDUs
- Partial Sequence Number PDUs
- TLV PDUs


DIS (Designated Intermediate System) can have a value from 0 to 127, default is 64, 0 is disabled, higher is better. Highest MAC address is used as a tie breaker. DIS sends out hello packets every 3 seconds. No backup DIS is elected. A non-DIS router sends out hello packets every 9 seconds.


IS-IS Metrics - maximum path value = 1023, maximum link value = 63. Delay , expense and error are additional optional metrics.


ISIS Sample Configuration


[edit interfaces]
#show
ge-0/0/1  {
unit 0  {
     family iso;
     family inet  {
          address 192.168.1.1/24;
      }
   }
}


lo0  {
      unit 0  {
           family inet  {
                address 1.1.1.1/32;
           }
           family iso  {
                 address 49.0001.0192.0168.0201.00;
           } 
      }
}


#show isis interface
#show isis database [extensive]
#show isis adjacency [detail]
#clear isis adjacency 
#show isis spf log
#show isis statistics
#show isis route

No comments:

Post a Comment