1 / 74

Any Questions?

Any Questions?. Protocol Independent Properties and Routing Policy. Routing Capabilities that are not related to a specific routing protocol Protocol Independent Properties (PIP) Routing Policy Need to understand syntax and function. Pg 71. Protocol Independent Properties and Routing Policy.

bozica
Télécharger la présentation

Any Questions?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Any Questions?

  2. Protocol Independent Properties and Routing Policy • Routing Capabilities that are not related to a specific routing protocol • Protocol Independent Properties (PIP) • Routing Policy • Need to understand syntax and function Pg 71

  3. Protocol Independent Properties and Routing Policy • Understanding the default behavior of routers • Static routes • Direct routes • Understanding the default behavior of routing protocols • Default policy • Setting up routing policy filters • Control what routing updates get into the router and what routing updates are sent out Pg 71

  4. Protocol Independent Properties and Routing Policy • Understanding the default behavior of routers • Static routes • Direct routes • Understanding the default behavior of routing protocols • Default policy • Setting up routing policy filters • Control what routing updates get into the router and what routing updates are sent out Pg 71

  5. Protocol Independent Properties • Static, aggregated, and generated routes • Global preference • Martian routes • Route tables and routing information base (RIB) groups • Autonomous system (AS) number and router ID Pg 72

  6. Routing Policy • Policy overview, import and export policy • Policy components (terms, match conditions, actions, policy chains) • Route filters • Advanced policy concepts Pg 72

  7. Static, Aggregate and Generated Routes • Static routes are routes programmed directly on the router • Not learned through updates from routing protocols • Can be useful • Since they aren’t dynamic, use can cause outages when something goes wrong on the network • OK for stub networks at the edge • Single point of entry/egress anyway Pg 72

  8. Static, Aggregate and Generated Routes • Can be used to send updates though other protocols like BGP • Sending a route that is always up that represents numerous other more specific routes which may or may not be up at any given time • Hide instability from other routers Pg 72

  9. Static, Aggregate and Generated Routes • Static, Aggregate and Generated routes are all defined statically • Can all be supernet • Represent and aggregated sum of network prefixes • Can be subnets • Subnetwork of a full class address Pg 72

  10. Static, Aggregate and Generated Routes Pg 73

  11. Static, Aggregate and Generated Routes • Discard • A discard next hop results in the silent discard of matching traffic. Silent here refers to the fact that no Internet Control Message Protocol (ICMP) error message is generated back to the source of the packet. You normally choose a discard next hop when the goal is to advertise a single aggregate that represents a group of prefixes, with the expectation that any traffic attracted by the aggregate route will longest-match against one of the more specific routes, and therefore be forwarded according to the related next hop rather than the reject or discard next hop of the aggregate route itself. The use of discard is best current practice when advertising an aggregate because the generation of ICMP error messages can consume system resources and may end up bombarding an innocent third party, as in the case of spoofed source addressing as part of a distributed denial of service (DDoS) attack. Pg 73

  12. Static, Aggregate and Generated Routes • Reject • A reject next hop results in the generation of an ICMP error message reporting an unreachable destination for matching traffic. This is the default next hop type of an aggregated route and for a generated route when it has no contributors. • Forwarding • A forwarding next hop is used to move traffic to a downstream node, and it is typically specified as the IP address of a directly connected device. Matching traffic is then forwarded to the specified next hop. On a multiaccess network such as a LAN, this involves the resolution of the IP address to a link layer address through the Address Resolution Protocol (ARP) or some form of static mapping. When directing traffic over a point-to-point interface, the next hop can be specified as an interfae name; however, LAN interface types require an IP address next hop due to their multipoint nature. Pg 73

  13. Forwarding Next Hop Qualifier • resolve • The resolve keyword allows you to define an indirect next hop for a static route, which is to say an IP forwarding address that does not resolve to a directly connected interface route. For example, you could specify a static route that points to a downstream neighbor’s loopback address. In this case, matching traffic will result in a recursive lookup against the specified (lo0) next hop to select a directly connected forwarding next hop. If a parallel connection exists, the failure of the currently used link results in a new recursive lookup and selection of the remaining link for packet forwarding. • qualified-next-hop • The qualified-next- hop keyword allows you to define a single static route with a list of next hops that are individually qualified with a preference. In operation, the most preferred qualified next hop that is operational—that is, the next hop can be resolved and the interface that is operational is used. When that next hop is no longer usable, the next-best-qualified next hop is selected. That is to say, when the primary link is down, the router selects the next preferred next hop, which may point to a low-speed backup facility. Pg 74

  14. Any Questions?

  15. Static vs. Aggregate • Static routes are active whenever they have a viable next hop • Can be a discard/reject for blocking traffic • Aggregates need contributing routes • A more specific route learned through another mechanism • Static definition or OSPF/dynamic routing protocol • Contributing routes are more specific than aggregates • supernetting Pg 74

  16. contributing routes • Aggregate route 10.1/16 can be activated by route 10.1.1/24 • It has a longer (more specific) mask and shares the same 16 high-order prefix bits as the aggregate route. • The route 10.2.2/24 does not contribute to a10.1/16 aggregate as it does not share the same aggregate prefix. Pg 74

  17. contributing routes • Routing Policy can be used to filter what routes can contribute • Only active routes are subject to routing policy • A given route can only contribute to a single aggregate route • Aggregates can contribute to other less specific aggregates • 10.0.0.0 /16 can contribute to 10.0.0.0/8 Pg 75

  18. Aggregate vs. Generated • Similar in that both require contributers • Aggregate always has next hop of discard or reject • Generated routes are more like routes of last resort Pg 75

  19. Any Questions?

  20. Route Attributes and Flags • When defining static routes you include attributes • AS • BGP Community • Route Tag • Metric • Etc • Attributes don’t always affect usage, depending on protocol in use Pg 77

  21. Route Attributes and Flags • Can also set flags to control how the route is handled • No-advertise flag • Prevents that route from being exported to routing protocols Pg 77

  22. Static Route Example • Route [network/mask] next-hop [IP address] Pg 79

  23. Route Preference • Routes can be learned from multiple sources • Static • Direct • Dynamic Protocols (RIP, OSPF, BGP, etc) • Each source has a preference • Used to determine which one to use if multiple results Pg 78

  24. Pg 78

  25. Floating Static Routes • Static route with a modified preference • Less preferred than one learned dynamically • Provide backup to routes that should be dynamic [ edit routing-options static route 0. 0. 0. 0/0] lab@PBR# show next-hop 172. 16. 1. 1; preference 11; [ edit routing-options static route 0. 0. 0. 0/0] lab@PBR# run show route 200. 0. 0. 0 inet. 0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0. 0. 0. 0/0 *[ Static/11] 00: 00: 06 > to 172. 16. 1. 1 via fe-0/0/0. 412 Pg 80

  26. Martian Routes • Route that should not be present • Martian table is full of routes that shouldn’t be used • Reserved addressing –RFC 1918 • Martian routes are excluded from route update processing • Filters without the use of an export policy Pg 81

  27. Martian Routes • Can view them [ edit routing-options] lab@Bock# run show route martians table inet. 0 inet. 0: 0. 0. 0. 0/0 exact -- allowed 0. 0. 0. 0/8 orlonger -- disallowed 127. 0. 0. 0/8 orlonger -- disallowed 128. 0. 0. 0/16 orlonger -- disallowed 191. 255. 0. 0/16 orlonger -- disallowed 192. 0. 0. 0/24 orlonger -- disallowed 223. 255. 255. 0/24 orlonger -- disallowed 240. 0. 0. 0/4 orlonger -- disallowed Pg 81

  28. Martian Routes • Cannot explicitly remove entries, but you can write new ones that will change behavior Pg 81

  29. Any Questions?

  30. Martian Routes • Cannot explicitly remove entries, but you can write new ones that will change behavior [ edit routing-options martians] lab@Cider# set 0/0 exact (default is deny) [ edit routing-options martians] lab@Cider# show 0. 0. 0. 0/0 exact; After the change is committed, the results are confirmed: [ edit routing-options martians] lab@Cider# run show route martians table inet. 0 inet. 0: 0. 0. 0. 0/0 exact -- disallowed 0. 0. 0. 0/8 orlonger -- disallowed 127. 0. 0. 0/8 orlonger -- disallowed 128. 0. 0. 0/16 orlonger -- disallowed 191. 255. 0. 0/16 orlonger -- disallowed 192. 0. 0. 0/24 orlonger -- disallowed 223. 255. 255. 0/24 orlonger -- disallowed 240. 0. 0. 0/4 orlonger -- disallowed Pg 81

  31. Routing Tables and ROB groups • Router can maintain many routing tables for specific purposed • Automatically created some • One for each family • Can create your own by using virtual routers or VPNs and Virtual Roue and Forwarding table (VRF) • Can also create directly with RIB groups Pg 83

  32. Default tables • inet.0 • The inet.0 table is the default unicast route table for the IPv4 protocol. This is the main route table used to store unicast routes such as interface local/direct, static, or dynamically learned routes. • inet.1 • The inet. 1 table serves as a multicast forwarding cache. This table constrains the various IPv4 (S,G) group entries that are dynamically created as a result of join state. • inet.2 • The inet. 2 table houses unicast routes that are used for multicast reverse path forwarding (RPF) lookup, typically as learned through MP-BGP using SAFI 2. The IPv4 unicast routes stored in this table can be used by multicast protocols such as the Distance Vector Multicast Routing Protocol (DVMRP), which requires a specific RPF table. In contrast, PIM does not need an inet. 2 because it can perform RPF checks against the inet. 0 table. You can import routes from inet.0 into inet. 2 using RIB groups, or install routes directly into inet. 2 from a multicast routing protocol. Pg 83

  33. Default tables • inet.3 • The inet. 3 table contains MPLS LSP information. This table contains the egress address of the MPLS LSP, along with the LSP name and outgoing interface, and is populated by both RSVP and LSP. The inet.3 table is used when the local router functions as the ingress to an LSP. • instance_name. inet. 0 • When you configure a VRF or VR routing instance, the resultant instance creates a route table based on the routing instance’s name. For example, defining a Layer 3 VPN instance called ce1 results in the creation of a route table named ce1. inet. 0. A routing instance differs from a logical router in that various routing instances share a single instance of the routing protocol daemon (rpd), whereas each LR gets its own instance of rpd, which in turn provides greater isolation. Note that LRs are not supported on J-series platforms with the 8.0 release used to write this book. • inet6. 0 • The inet6.0 table is used to house IPv6 unicast route tables. Pg 83

  34. Default tables • bgp. l3vpn.0 • The bgp. l3vpn.0 table contains routes learned from other Provider Edge (PE) routers in a Layer 3 VPN environment via BGP. Routes in this table are copied into a particular Layer 3 VRF when there is a matching route table. • bgp. l2vpn.0 • The bgp.l2vpn. 0 table contains routes learned from other PE routers in a Layer 2 VPN environment via BGP. The related Layer 2 routing information is copied into Layer 2 VRFs based on matching target communities. • mpls.0 • The mpls. 0 table houses the MPLS label-switching operations used when the local router is acting as a transit label-switching router (LSR) in support of LSPs. • iso. 0 • The iso.0 table houses IS-IS routes, which consist of a network entity title (NET) and a host ID. When using IS-IS in support of IP routing, you can expect to see only the local router’s NET, which is typically assigned to the loopback interface, because in this context the IS-IS protocol is used to convey IP, not ISIS routes. • juniper_private • JUNOS software needs to communicate internally with service Physical Interface Cards (PICs). The juniper_private tables are created as needed to facilitate these internal communications between the RE and service PIC hardware. Pg 83

  35. User Defined RIB and RIB Groups • Allows you to create your own route tables and merge information from different tables together. Pg 86

  36. Any Questions?

  37. Router ID • Usually an IP V4 address on the router • Used to identify routers when sending and receiving router updates • For routing protocols • No need for a route to have a route to that IP address, just an identifier • Only one RID per router Pg 88

  38. Router ID • Different assignments • Explicitly with set router-id command • [edit routing-options] • lab@pbr# set router-id 1.1.1. • Use the lo0 interface • Loopback interfaces don’t go down, so the address is always available • If not configured, RID is the primary IP address of the first interface that comes online • Usually loopback if set to non 127.0.0.1 Pg 89

  39. Router ID • To route to RID • Since 8.5 you need to set up IGP on the interface Pg 89

  40. Autonomous System Number • Required for BGP • More details in Chapter 5 • Configured in the routing-options directory • lab@pbr# Set autonomous-system 100 • Used by routers to indentify if routing updates are internal or external Pg 89

  41. Any Questions?

  42. Routing Policy • Used to manage routing information • Not related to data • Policy is configured in the • Edit policy-options level • Filters have a similar syntax Pg 90

  43. Routing Policy • Control what routes are installed into the route table for possible selection as an active route • Control what routes are exported from the route table, and into which protocols • Alter attributes of routes, either at reception or at the time of advertisement to other peers Pg 90

  44. Routing Policy • Need routing policy if the default routing policy doesn’t meet your needs • For example • Directly connected routes aren’t advertised in RIP • Need a policy to make that happen Pg 90

  45. When and How is Policy Applies • Import Policy • Before updates get to the router table • Show route receive-protocol bgp • Export Policy • After routing table but before information is sent to the neighbors • Affects what you tell others Pg 91

  46. When and How is Policy Applies Pg 91

  47. When and How is Policy Applies • Link State Protocols don’t send updates the same way • OSPF • Not much for import policy • Check chapter 4 Pg 91

  48. General Process • Create a policy • Set terms • Set matches • Set Action • Apply policy to a protocol • Import • Export Pg 93

  49. Applying to BGP and RIP • Different hierarchies available • Global • Group • Neighbor • Only most explicit is used Pg 93

  50. Applying to BGP and RIP • Different hierarchies available [ edit protocols bgp] lab@PBR# show export global_export; group internal { export internal_export; neighbor 1. 1. 1. 1 { export neighbor_1. 1. 1. 1_export; } neighbor 2. 2. 2. 2; } group other { neighbor 3. 3. 3. 3; } Pg 93

More Related