1 / 18

Device Infrastructure

Device Infrastructure. Device Infrastructure Topics for the JNCIE-SP Exam. High availability features of the Junos OS Be familiar with graceful restart, GRES, NSR, and VRRP Aggregated Ethernet interfaces Understand how LACP and the minimum-links command function

shofner
Télécharger la présentation

Device Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Device Infrastructure

  2. Device Infrastructure Topics for the JNCIE-SP Exam • High availability features of the Junos OS • Be familiar with graceful restart, GRES, NSR, and VRRP • Aggregated Ethernet interfaces • Understand how LACP and the minimum-links command function • Securing and monitoring Junos devices • Be familiar with firewall filters, syslogging, and user accounts • Basic automation implementation and monitoring • Understand how to configure the router to use scripts

  3. Aggregated Ethernet Considerations • When configuring aggregated Ethernet interfaces • Aggregated device count • Must be greater than the largest configured Aggregate Ethernet interface number • LACP • Active or passive mode • minimum-links statement • Must be set on both sides • Defaults to a value of 1 • Always test Layer 3 connectivity • LACP might show Layer 2 connectivity but this does not guarantee Layer 3 functionality

  4. VRRP Considerations • When configuring VRRP • VRRP default behaviors • Higher priority member always preempts • Virtual IP address does not respond to requests • Interface tracking values must not be greater than the current priority value • The virtual IP address must be within the same subnet of the interface address in which it resides

  5. Configuring User Accounts • When configuring user accounts • User templates • If the RADIUS server is unreachable, configure a local user with the user template for the user class to test the template • Regular expressions • Use to specify which commands to allow or deny • authentication-order • [ radius password ]versus radius • Useful commands • show cli authorization • load merge terminal relative

  6. Firewall Filter Considerations • When configuring firewall filters • Break down the list of tasks • Individual smaller tasks are easier to handle • Use of syslog versus log • Use the log statement to troubleshoot and verify • prefix-list and apply-path can be used to help simplify tasks • Use port names instead of port numbers • port sshinstead of port 22 • Control plane protection • Apply firewall filter to the loopback interface • Implicit deny statement

  7. Commit Script Considerations • When configuring commit scripts • Specify script name • file script-name • Script name must also be specified in the sourcestatement • Remote script retrieval • HTTP, FTP, or SCP can be used • Syntax: source “protocol://username@host:/location/script-name” • refresh command • Globally for all commit scripts, or on a per commit script basis • Configuration mode command that acts like an operational mode command • Must be performed before a commit is issued

  8. Task and Topology • Task • High availability is required for the C1 router connected to R1 and R2. Configure a VRRP group in which R1 is the master for the 10.30.40.0/24 range. R2 must acquire mastership if two out of three of R1’s internal interfaces fail. The virtual IP address of 10.30.40.100, that belongs to the VRRP group, must not respond to any ping requests. R1 ge-0/0/1 .1 ge-0/0/4 C1 ge-0/0/2 .3 ge-0/0/3 ge-0/0/9 .2 R2

  9. What Now? • VRRP must be configured on R1 and R2 • VRRP group number is not specified—it is up to you to choose one • Interfaces involved are ge-0/0/4 for R1 and ge-0/0/9 for R2 • Address range to work with is 10.30.40.0/24 • Virtual IP address is 10.30.40.100 • R1 is the master and R2 is the backup • Interface tracking on R1’s three internal interfaces is required • If two of R1’s internal interfaces go down, the interface tracking values must reduce R1’s priority lower than R2’s priority • The virtual IP address cannot respond to ping requests—the accept-data statement must not be configured • What are the required components?

  10. Task Completion (1 of 3) • Initial verification • Verify interface state lab@R1> show interfaces terse ge-0/0/4 Interface Admin Link Proto Local Remote ge-0/0/4 up up ge-0/0/4.0 up up inet 10.30.40.1/24 lab@R2> show interfaces terse ge-0/0/9 Interface Admin Link Proto Local Remote ge-0/0/9 up up ge-0/0/9.0 up up inet 10.30.40.2/24

  11. Task Completion (2 of 3) • VRRP configuration—R1 [edit interfaces ge-0/0/4] lab@R1# show unit 0 { family inet { address 10.30.40.1/24 { vrrp-group 1 { virtual-address 10.30.40.100; priority 149; track { interface ge-0/0/1 { priority-cost 25; } interface ge-0/0/2 { priority-cost 25; } interface ge-0/0/3 { priority-cost 25; } } } } } }

  12. Task Completion (3 of 3) • VRRP configuration—R2 [edit interfaces ge-0/0/9] lab@R2# show unit 0 { family inet { address 10.30.40.2/24 { vrrp-group 1 { virtual-address 10.30.40.100; priority 100; } } } }

  13. Task Verification (1 of 5) • VRRP verification—R1 [edit interfaces ge-0/0/4] lab@R1# run show vrrp detail Physical interface: ge-0/0/4, Unit: 0, Address: 10.30.40.1/24 Index: 70, SNMP ifIndex: 519, VRRP-Traps: disabled Interface state: up, Group: 1, State: master, VRRP Mode: Active Priority: 149, Advertisement interval: 1, Authentication type: none Delay threshold: 100, Computed send rate: 0 Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: 10.30.40.100 Advertisement Timer: 0.856s, Master router: 10.30.40.1 Virtual router uptime: 00:03:02, Master router uptime: 00:01:36 Virtual Mac: 00:00:5e:00:01:01 Tracking: enabled Current priority: 149, Configured priority: 149 Priority hold time: disabled Interface tracking: enabled, Interface count: 3 Interface Int state Int speed Incurred priority cost ge-0/0/1.0 up 1g 0 ge-0/0/2.0 up 1g 0 ge-0/0/3.0 up 1g 0 Route tracking: disabled

  14. Task Verification (2 of 5) • VRRP verification—R2 [edit interfaces ge-0/0/9] lab@R2# run show vrrp detail Physical interface: ge-0/0/9, Unit: 0, Address: 10.30.40.2/24 Index: 70, SNMP ifIndex: 531, VRRP-Traps: disabled Interface state: up, Group: 1, State: backup, VRRP Mode: Active Priority: 100, Advertisement interval: 1, Authentication type: none Delay threshold: 100, Computed send rate: 0 Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: 10.30.40.100 Dead timer: 3.547s, Master priority: 149, Master router: 10.30.40.1 Virtual router uptime: 00:05:02 Tracking: disabled

  15. Task Verification (3 of 5) • VRRP verification—R1 [edit interfaces ge-0/0/4] lab@R1# up 1 set ge-0/0/1 disable [edit interfaces ge-0/0/4] lab@R1# up 1 set ge-0/0/2 disable [edit interfaces ge-0/0/4] lab@R1# commit commit complete [edit interfaces ge-0/0/4] lab@R1# run show vrrp detail Physical interface: ge-0/0/4, Unit: 0, Address: 10.30.40.1/24 Interface state: up, Group: 1, State: backup, VRRP Mode: Active … Tracking: enabled Current priority: 99, Configured priority: 149 Priority hold time: disabled Interface tracking: enabled, Interface count: 3 Interface Int state Int speed Incurred priority cost ge-0/0/1.0 down 0 25 ge-0/0/2.0 down 0 25 ge-0/0/3.0 up 1g 0

  16. Task Verification (4 of 5) • VRRP verification—R2 [edit interfaces ge-0/0/9] lab@R2# run show vrrp detail Physical interface: ge-0/0/9, Unit: 0, Address: 10.30.40.2/24 Index: 70, SNMP ifIndex: 531, VRRP-Traps: disabled Interface state: up, Group: 1, State: master, VRRP Mode: Active Priority: 100, Advertisement interval: 1, Authentication type: none Delay threshold: 100, Computed send rate: 0 Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: 10.30.40.100 Advertisement Timer: 0.386s, Master router: 10.30.40.2 Virtual router uptime: 16:26:10, Master router uptime: 16:00:36 Virtual Mac: 00:00:5e:00:01:01 Tracking: disabled

  17. Task Verification (5 of 5) • VRRP verification—R1 [edit interfaces ge-0/0/4] lab@R1# up 1 delete ge-0/0/1 disable [edit interfaces ge-0/0/4] lab@R1# up 1 delete ge-0/0/2 disable [edit interfaces ge-0/0/4] lab@R1# commit commit complete [edit interfaces ge-0/0/4] lab@R1# run show vrrp detail Physical interface: ge-0/0/4, Unit: 0, Address: 172.20.20.3/24 Interface state: up, Group: 1, State: master, VRRP Mode: Active … Tracking: enabled Current priority: 149, Configured priority: 149 Priority hold time: disabled Interface tracking: enabled, Interface count: 3 Interface Int state Int speed Incurred priority cost ge-0/0/1.0 up 1g 0 ge-0/0/2.0 up 1g 0 ge-0/0/3.0 up 1g 0

More Related