1 / 48

Operating Juniper Networks Routers in the Enterprise

Operating Juniper Networks Routers in the Enterprise. Chapter 8: Miscellaneous Features. Chapter Objectives. After successfully completing this chapter, you will be able to: List some commonly used features found in the enterprise Describe the purpose of VRRP and identify when it is used

pdean
Télécharger la présentation

Operating Juniper Networks Routers in the Enterprise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operating Juniper Networks Routers in the Enterprise Chapter 8: Miscellaneous Features

  2. Chapter Objectives • After successfully completing this chapter, you will be able to: • List some commonly used features found in the enterprise • Describe the purpose of VRRP and identify when it is used • Configure and monitor VRRP • Describe the DHCP services offered in JUNOS software • Configure and verify proper operation of DHCP services

  3. Agenda: Miscellaneous Features • Introduction to VRRP • Configuring VRRP • Monitoring VRRP Operation • Introduction to DHCP Services • Configuring a DHCP Server • Monitoring DHCP Server Operation • Configuring a DHCP/BOOTP Relay Agent • Monitoring DHCP/BOOTP Relay Operation

  4. What Is VRRP? • An election protocol used to designate one of multiple VRRP routers as master, which assumes the forwarding responsibilities for a LAN • Means of incorporating redundancy in a LAN • Typically used in high-availability Ethernet networks • Defined in RFC 2338

  5. VRRP Terminology • Virtual router—Virtual entity that functions as default router on LAN; consists of VRID and IP address used as gateway address known as VIP address • VRRP router—Any router participating in VRRP including the master and all backup routers • Master router—VRRP router performing packet forwarding and responding to ARP requests • Backup router—VRRP router available to assume the role of the master router upon failure

  6. VRRP Mechanics • VRRP communications: • Communicates using multicast address (224.0.0.18) • Communication interval (every second by default) • Communication confined to local network (TTL = 255) • Speakers must be configured with common settings (for example, VRID and authentication parameters) • Virtual router MAC address used for LAN communications • Determining master: • Priority (higher is preferred) • Router that owns virtual router’s IP address (always master) • Preemption behavior is optional (except when VIP address is owned)

  7. VRRP States • VRRP states include: • Initialize—Router negotiates VRRP roles through startup events, no forwarding can be performed while in this state • Master—Router assumes traffic forwarding responsibilities for the LAN and responds to ARP requests • Backup—Router monitors master VRRP router and is ready to assume forwarding responsibilities if failure occurs • Transition—Router switches between master and backup states, no forwarding can be performed while in this state

  8. VRRP Design Considerations (1 of 3) • What does your network topology consist of? • How many routers are participating in VRRP? • How many outbound WAN circuits exist, and is one circuit preferred over another? • Which router do you want as master? • Does one router have advantages over another router? • What address will be used for the VIP address? • Will load balancing be needed? • Is the load significant, and is there a benefit to balancing the traffic in your environment?

  9. VRRP Design Considerations (2 of 3) • Will preemption be enabled? • Is maintaining the same VRRP router as the master router more important than the possible disruption that comes with preemption? • Is security on the LAN a concern? • Do you need the VRRP exchanges secured to avoid any potential security risks?

  10. VRRP Design Considerations (3 of 3) • Design should account for WAN link failure scenarios • Add alternate paths • Track WAN interface state to force failover Add alternate path between R1 and R2 Force mastership changes from R1 to R2 if circuit goes down R1 = Master se-1/0/0 fe-2/0/1 X .1/30 .2/24 GW= .1 .2/30 VIP = .1/24 .100/24 .2/30 .3/24 .1/30 se-1/0/0 fe-2/0/1 R2 = Backup

  11. VRRP Case Study: Overview • Scenario: • Occasionally, all external communications for ZooNet Inc. cease because of disruptions, caused by various reasons, which affect the network’s only path out towards the Internet and remote locations • Mr. Billy “The Man” Bob, the CEO of ZooNet Inc., has noticed a drop in productivity because of the disruptions and has authorized the purchase of new Juniper Networks equipment to incorporate redundancy into the network design, and as a result, reduce the number of network-related disruptions

  12. R1 GW= .1 fe-2/0/1 se-1/0/0 .2/30 .100/24 .1/30 .1/24 VRRP Case Study: Existing Topology • ZooNet Inc.’s existing topology consists of end users connecting to a switch that has a single connection to a single router, with a single circuit to the Internet Test your understanding:What events could disrupt connectivity towards the Internet with the current design?

  13. R1 = Master .1/30 fe-2/0/1 se-1/0/0 .2/24 GW= .1 .2/30 VIP = .1/24 .100/24 .2/30 se-1/0/0 .3/24 fe-2/0/1 .1/30 R2 = Backup VRRP Case Study: Proposed Topology • ZooNet Inc.’s proposed topology consists of adding an additional router, configuring VRRP on the LAN interfaces for both routers, and adding a second circuit for external communications

  14. R1 = Master se-1/0/0 fe-2/0/1 .1/30 .2/24 GW= .1 .2/30 VIP = .1/24 .100/24 .2/30 .3/24 .1/30 se-1/0/0 fe-2/0/1 R2 = Backup VRRP Case Study: Results • The results of this design: • Traffic flows through R1 under normal operation • If R1 fails, R2 assumes the master role and forwards traffic • Failover between R1 and R2 is transparent for end users

  15. Agenda: Miscellaneous Features • Introduction to VRRP • Configuring VRRP • Monitoring VRRP Operation • Introduction to DHCP Services • Configuring a DHCP Server • Monitoring DHCP Server Operation • Configuring a DHCP/BOOTP Relay Agent • Monitoring DHCP/BOOTP Relay Operation

  16. GW= .1 R1 .1/30 User X (.100/24) fe-2/0/1 se-1/0/0 .1/24 .2/30 R2 .2/30 se-1/0/0 .2/24 fe-2/0/1 User Y (.101/24) .1/30 GW= .2 Sample VRRP Topology • Goals: • Configure VRRP on R1 and R2 to allow for redundancy during failure scenarios • Continue load-balancing all outbound traffic to make use of resources involved in the forwarding path

  17. Sample VRRP Configuration • Configuration on R1 and R2 to accomplish objectives Priority value of 255 is required when VIP and interface IP addresses are the same R2 Configuration R1 Configuration fe-2/0/1 { vlan-tagging; unit 100 { vlan-id 100; family inet { address 10.222.1.1/24 { vrrp-group 100 { virtual-address 10.222.1.1; priority 255; } vrrp-group 101 { virtual-address 10.222.1.2; priority 100; } } } } } fe-2/0/1 { vlan-tagging; unit 100 { vlan-id 100; family inet { address 10.222.1.2/24 { vrrp-group 100 { virtual-address 10.222.1.1; priority 100; } vrrp-group 101 { virtual-address 10.222.1.2; priority 255; } } } } } Group 100 = Backup Group 101 = Master Group 100 = Master Group 101 = Backup Priority determines master/backup state

  18. VRRP Configuration Options (1 of 2) • track • Monitors or tracks interface state for interfaces forwarding traffic received through a VRRP interface • Reduces designated priority value for a given VRRP group if tracked interface goes down—ideal way to maintain external reachability during a WAN link failure • accept-data • Allows master router to respond to ICMP requests sent to VIP address—by default, master router does not respond • Violates RFC 2338 if enabled, but can help avoid unnecessary problem reports

  19. VRRP Configuration Options (2 of 2) • authentication-type • Authentication options include none, simple, and MD5 • MD5 authentication is suggested for LANs with security concerns • preempt • Router with higher priority will assume master role—default behavior • Can turn preemption off to avoid unwanted mastership changes

  20. Test Your Understanding of VRRP Options • What happens if se-1/0/0.0 goes down? Assume that a second VRRP router is configured to use similar settings except with the default priority value of 100 fe-2/0/1 { vlan-tagging; unit 100 { vlan-id 100; family inet { address 10.222.1.2/24 { vrrp-group 100 { virtual-address 10.222.1.1; priority 110; no-preempt; accept-data; authentication-type md5; authentication-key "$9$w7saUq.5F6AfT"; ## SECRET-DATA track { interface se-1/0/0.0 { priority-cost 11; } } } } } } }

  21. Agenda: Miscellaneous Features • Introduction to VRRP • Configuring VRRP • Monitoring VRRP Operation • Introduction to DHCP Services • Configuring a DHCP Server • Monitoring DHCP Server Operation • Configuring a DHCP/BOOTP Relay Agent • Monitoring DHCP/BOOTP Relay Operation

  22. Monitoring VRRP Operation (1 of 2) • Use show vrrp to view VRRP state • Use the detail or extensive options to increase the amount of VRRP-related details displayed user@host> show vrrp? Possible completions: <[Enter]> Execute this command … detail Display detailed output extensive Display extensive output … | Pipe through a command user@host> show vrrp Interface Unit Group Type Address Int state VR state Timer fe-2/0/1 100 100 lcl 10.222.1.2 up master A 0.839 vip 10.222.1.1

  23. Monitoring VRRP Operation (2 of 2) • Use show vrrp interface interface to view VRRP details for a specific interface • To display an individual group’s details for a given interface, add the group option user@host> show vrrp interface ? Possible completions: <interface-name> Name of interface group Number of VRRP group (0..255) user@host> show vrrp interface fe-2/0/1 Interface: fe-2/0/1.100, Interface index: 68, Groups: 1, Active : 1 Interface VRRP PDU statistics Advertisement sent : 48426 Advertisement received : 19 Packets received : 19 No group match received : 0 Interface VRRP PDU error statistics Invalid IPAH next type received : 0 Invalid VRRP TTL value received : 0 Invalid VRRP version received : 0 Invalid VRRP PDU type received : 0 Invalid VRRP authentication type received: 0 Invalid VRRP IP count received : 0 Invalid VRRP checksum received : 0 …

  24. VRRP Tracing (1 of 2) • Set traceoptionsunder [edit protocols vrrp] • Flag options are specific to VRRP [edit protocols vrrp] user@host# set traceoptions ? Possible completions: + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups > file Trace file information > flag Tracing parameters [edit protocols vrrp] user@host# set traceoptions flag ? Possible completions: all Trace all events database Trace database general Trace general events interfaces Trace interface messages normal Trace normal events packets Trace packets state Trace state transitions timer Trace timer events

  25. VRRP Tracing (2 of 2) • View logged contents with show log filename • Logged contents are sent to /var/log/vrrpd by default user@host> show log vrrpd Jun 13 11:19:42 Sending Jun 13 11:19:42 Source : 010.222.001.002 Jun 13 11:19:42 Destin : 224.000.000.018 Jun 13 11:19:42 TTL : 255 Jun 13 11:19:42 Protocol: 51 Jun 13 11:19:42 45c00040c2560000ff330c820ade0102e0000012 Jun 13 11:19:42 70040000abababab0000c255c94c67e5a7dcb2d9 Jun 13 11:19:42 dd61c360210159010201781d0ade010100000000 Jun 13 11:19:42 00000000 …

  26. Agenda: Miscellaneous Features • Introduction to VRRP • Configuring VRRP • Monitoring VRRP Operation • Introduction to DHCP Services • Configuring a DHCP Server • Monitoring DHCP Server Operation • Configuring a DHCP/BOOTP Relay Agent • Monitoring DHCP/BOOTP Relay Operation

  27. DHCP Introduced • DHCP transfers host-specific configuration details from a designated DHCP server to individual DHCP clients while managing the allocation of IP addresses on a LAN • Scalable method of managing LAN resources • Follows client/server model • Based on the BOOTP

  28. DHCP Terminology • DHCP server—Device that allocates IP addresses and delivers configuration settings to client hosts in a dynamic fashion • DHCP client—Device that requests network configuration details including an IP address assignment from a selected DHCP server • Relay agent—Device (generally a router) that relays DHCP requests from DHCP clients on one network to a DHCP server on a different network • Binding—Group of network configuration details linked or bound to a DHCP client; a binding includes at least an IP address and is managed by the DHCP server

  29. DHCP Mechanics • DHCP client: • Searches for DHCP server • Requests configuration details from a specific DHCP server • Verifies that assigned address is not in use • Applies configuration parameters assigned by DHCP server • DHCP server: • Stores configuration details defined by LAN administrator • Listens for DHCP requests from DHCP clients • Allocates configuration details to clients based on requests • Manages IP address assignment

  30. DHCP Services in the Enterprise • DHCP server mode (J-series routers only) • Use J-Web Quick Configuration DHCP wizard or configure through CLI at [system services dhcp] hierarchy • Compatible with DHCP server mode used within autoinstallation • DHCP/BOOTP relay agent (all JUNOS software routers) • Configured through CLI at [forwarding-options helpers bootp] hierarchy • Cannot use both options simultaneously

  31. DHCP Server Mode • DHCP server mode (J-series only): • Dynamically assigns addresses to end hosts from user-defined pool • Eliminates the need for a dedicated DHCP server on a LAN Configuration Details fe-2/0/1 J-series router configured for DHCP server mode PC configured as DHCP client .1/24 DHCP Client Request X No dedicated DHCP server required

  32. DHCP/BOOTP Relay Agent • DHCP/BOOTP relay agent: • Router relays DHCP requests from end hosts on one network to a designated server on a different network • Eliminates the need for a DHCP server on every LAN DHCP client request Configuration details are sent from server to router DHCP client (LAN A) Router fe-2/0/0 fe-1/0/0 DHCP server (LAN C) Configuration details relayed from router to DHCP clients .1/24 .1/24 .100/24 fe-2/0/1 DHCP client requests relayed from router to server DHCP client (LAN B) DHCP client request

  33. Agenda: Miscellaneous Features • Introduction to VRRP • Configuring VRRP • Monitoring VRRP Operation • Introduction to DHCP Services • Configuring a DHCP Server • Monitoring DHCP Server Operation • Configuring a DHCP/BOOTP Relay Agent • Monitoring DHCP/BOOTP Relay Operation

  34. Configuring DHCP:Common Configuration Options (1 of 2) • Address pool—User-defined pool of IP addresses that are dynamically allocated to clients • Can specifically exclude addresses within pool range from being assigned • Static binding—Mapping between fixed IP address and a specific client’s MAC address or client identifier • Address lease—Length of time in seconds a client holds the lease for an IP address assigned by the DHCP server (default and maximum)

  35. Configuring DHCP: Common Configuration Options (2 of 2) • Router—IPv4 addresses for one or more routers available to DHCP clients • Domain name server—DNS name servers available to DHCP clients • WINS server—IPv4 addresses for one or more NetBIOS name servers that manage the WINS database for the LAN

  36. Configuring DHCP: Example [edit interfaces] user@host# show … fe-2/0/0 { unit 0 { family inet { address 10.3.3.1/24; } } } … [edit system services dhcp] user@host# show pool 10.3.3.0/24 { address-range low 10.3.3.2 high 10.3.3.254; exclude-address { 10.3.3.10; } maximum-lease-time 86400; default-lease-time 86400; name-server { 172.18.35.100; } wins-server { 172.18.35.105; } router { 10.3.3.1; } } Interface receiving DHCP requests Address pool and exclusion settings DHCP lease settings DNS and WINS server settings Router IPv4 address sent to DHCP clients

  37. Agenda: Miscellaneous Features • Introduction to VRRP • Configuring VRRP • Monitoring VRRP Operation • Introduction to DHCP Services • Configuring a DHCP Server • Monitoring DHCP Server Operation • Configuring a DHCP/BOOTP Relay Agent • Monitoring DHCP/BOOTP Relay Operation

  38. Monitoring DHCP Server Operation (1 of 3) • Use show system services dhcp pool to view DHCP address pool information user@host> show system services dhcp pool Pool name Low address High address Excluded addresses 10.3.3.0/24 10.3.3.1 10.3.3.254 10.3.3.10 • Use showsystem services dhcp binding to view DHCP binding and lease details user@host> show system services dhcp binding IP Address Hardware Address Type Lease expires at 10.3.3.2 00:a0:12:00:12:ab dynamic 2004-05-03 13:01:45 PDT 10.3.3.3 00:a0:12:00:13:02 dynamic 2004-05-03 13:01:52 PDT

  39. Monitoring DHCP Server Operation (2 of 3) • Use show system services dhcp statistics to view DHCP statistics user@host> show system services dhcp statistics Packets dropped: Total 0 Messages received: BOOTREQUEST 0 DHCPDECLINE 0 DHCPDISCOVER 147 DHCPINFORM 0 DHCPRELEASE 81 DHCPREQUEST 138 Messages sent: BOOTREPLY 0 DHCPOFFER 132 DHCPACK 132 DHCPNAK 0

  40. Monitoring DHCP Server Operation (3 of 3) • Use show system services dhcp conflictto view address conflict details within the DHCP pool user@host> show system services dhcp conflict Detection time Detection method Address 2004-08-03 19:04:00 PDT client 10.3.3.4 2004-08-04 04:23:12 PDT ping 10.3.3.5 • Use clear system services dhcp conflict to clear address conflicts • Add the address switch to clear a specific conflict user@host> clear system services dhcp conflict ? Possible completions: <[Enter]> Execute this command <address> DHCP conflict address …

  41. DHCP Tracing • Set traceoptions under [edit system services dhcp] • Flag options are specific to DHCP • View logged contents with show log filename • Logged contents are sent to /var/log/dhcpd by default [edit system services dhcp] user@host# show traceoptions { file dhcpd; flag conflict; flag binding; flag event; level error; } …

  42. Agenda: Miscellaneous Features • Introduction to VRRP • Configuring VRRP • Monitoring VRRP Operation • Introduction to DHCP Services • Configuring a DHCP Server • Monitoring DHCP Server Operation • Configuring a DHCP/BOOTP Relay Agent • Monitoring DHCP/BOOTP Relay Operation

  43. DHCP/BOOTP Relay Configuration • Sample DHCP/BOOTP relay configuration: [edit forwarding-options helpers bootp] user@host# show description "Global DHCP relay service"; server 172.18.24.38; maximum-hop-count 4; minimum-wait-time 1; interface { fe-2/0/0 { no-listen; description "No DHCP relay service"; } fe-2/0/1 { description "Unique DHCP relay service"; server 172.18.36.12; maximum-hop-count 4; minimum-wait-time 1; } } Settings used for all interfaces not specifically referenced in configuration Interface will not listen or participate in relay services Interface will use unique settings for relay services

  44. Agenda: Miscellaneous Features • Introduction to VRRP • Configuring VRRP • Monitoring VRRP Operation • Introduction to DHCP Services • Configuring a DHCP Server • Monitoring DHCP Server Operation • Configuring a DHCP/BOOTP Relay Agent • Monitoring DHCP/BOOTP Relay Operation

  45. Monitoring DHCP/BOOTP Relay Operation • Use traceoptions to monitor DHCP/BOOTP relay events [edit forwarding-options] user@host# show helpers { traceoptions { level all; flag bootp; } bootp { server 172.19.100.100; } } • Logged contents are sent to /var/log/fud by default • Use the show log fud command to view logged contents user@host> show log fud Jun 25 17:18:52 new server addr 172.19.100.100 port 67 routing instance default Jun 25 17:18:52 fud_config_bootp_get_defaults(): bootps defaults set Jun 25 17:18:55 requester 0.0.0.0 if fe-2/0/0[l2 if ] hw type 1 hw len 6 secs 0 …

  46. Review Questions • Describe a typical VRRP environment. How do VRRP routers communicate within this environment? • Name the VRRP states. What occurs during these VRRP states? • What is the purpose of a VRRP virtual router? • Describe the purpose of the VIP address and VRID. • Which platforms support DHCP server mode? • List some benefits of using a Juniper Networks router as a BOOTP/DHCP relay agent.

  47. Lab 6: Miscellaneous Features (VRRP and DHCP) • Configure and monitor VRRP. • Configure and monitor DHCP services.

  48. Education Services

More Related