Download Print this page

Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP-IPV6-IGP CONFIGURATION GUIDE 2010-10-31 Configuration Manual

Software for e series broadband services routers ip, ipv6, and igp configuration guide

Table Of Contents

page of 444

/ 444
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

JunosE™ Software

for E Series™ Broadband

Services Routers

IP, IPv6, and IGP Configuration Guide

Release

11.3.x

Published: 2010-10-01

Copyright © 2010, Juniper Networks, Inc.

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP-IPV6-IGP CONFIGURATION GUIDE 2010-10-31 and is the answer not in the manual?

Questions and answers

Summary of Contents for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP-IPV6-IGP CONFIGURATION GUIDE 2010-10-31

Page 1 JunosE™ Software for E Series™ Broadband Services Routers IP, IPv6, and IGP Configuration Guide Release 11.3.x Published: 2010-10-01 Copyright © 2010, Juniper Networks, Inc.
Page 2 Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Page 3 REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable...
Page 4 Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license. Copyright © 2010, Juniper Networks, Inc.
Page 5 (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA http://www.gnu.org/licenses/gpl.html...
Page 6 Copyright © 2010, Juniper Networks, Inc.
Page 7 Index ............405 Copyright © 2010, Juniper Networks, Inc.
Page 8 JunosE 11.3.x IP, IPv6, and IGP Configuration Guide viii Copyright © 2010, Juniper Networks, Inc.
Page 9: Table Of Contents
Before You Configure IP ..........13 Copyright © 2010, Juniper Networks, Inc.
Page 10 Fast Reroute Protection ........49 Copyright © 2010, Juniper Networks, Inc.
Page 11 Platform Considerations ..........128 Copyright © 2010, Juniper Networks, Inc.
Page 12 Monitoring Neighbor Discovery ........197 Copyright © 2010, Juniper Networks, Inc.
Page 13 OSPF Configuration Tasks ......... . . 245 Copyright © 2010, Juniper Networks, Inc.
Page 14 Managing and Replacing MD5 Keys ......324 Copyright © 2010, Juniper Networks, Inc.
Page 15 Configuring Default Routes ........357 Copyright © 2010, Juniper Networks, Inc.
Page 16 Index ............405 Copyright © 2010, Juniper Networks, Inc.
Page 17 Figure 21: Transit Router Topology ........361 Copyright © 2010, Juniper Networks, Inc.
Page 18 JunosE 11.3.x IP, IPv6, and IGP Configuration Guide xviii Copyright © 2010, Juniper Networks, Inc.
Page 19 Table 15: IS-IS Graceful Restart Timers ....... . . 330 Copyright © 2010, Juniper Networks, Inc.
Page 20 JunosE 11.3.x IP, IPv6, and IGP Configuration Guide Copyright © 2010, Juniper Networks, Inc.
Page 21: About The Documentation
Audience This guide is intended for experienced system and network specialists working with Juniper Networks E Series Broadband Services Routers in an Internet access environment. E Series and JunosE Text and Syntax Conventions Table 1 on page xxii defines notice icons used in this documentation.
Page 22: Table 1: Notice Icons
Indicates that you must press two or more Press Ctrl + b. keys simultaneously. Syntax Conventions in the Command Reference Guide Plain text like this Represents keywords. terminal length Italic text like this Represents variables. mask, accessListName xxii Copyright © 2010, Juniper Networks, Inc.
Page 23: Obtaining Documentation
CD-ROMs or DVD-ROMs, see the Portable Libraries page at http://www.juniper.net/techpubs/resources/index.html Copies of the Management Information Bases (MIBs) for a particular software release are available for download in the software image bundle from the Juniper Networks Web site at http://www.juniper.net/...
Page 24: Self-Help Online Tools And Resources
7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/...
Page 25: Internet Protocol
PART 1 Internet Protocol Configuring IP on page 3 Configuring IPv6 on page 121 Configuring Neighbor Discovery on page 189 Copyright © 2010, Juniper Networks, Inc.
Page 26 JunosE 11.3.x IP, IPv6, and IGP Configuration Guide Copyright © 2010, Juniper Networks, Inc.
Page 27: Configuring Ip
A connection-oriented protocol exchanges control information with the remote computer to verify that it is ready to receive data before sending it. Copyright © 2010, Juniper Networks, Inc.
Page 28: Ip Packets
MTU, it is necessary to divide the datagram into smaller fragments for transmission in a process called fragmentation. See “Fragmentation” on page 24. IP Layering TCP/IP is organized into four conceptual layers (as shown in Figure 1 on page 5). Copyright © 2010, Juniper Networks, Inc.
Page 29: Network Interface Layer
Platform Considerations For information about modules that support IP on the ERX7xx models, ERX14xx models, and the Juniper Networks ERX310 Broadband Services Router: See ERX Module Guide, Table 1, Module Combinations for detailed module specifications. See ERX Module Guide, Appendix A, Module Protocol Support for information about the modules that support IP.
Page 30: References
JunosE 11.3.x IP, IPv6, and IGP Configuration Guide For information about modules that support IP on the Juniper Networks E120 and E320 Broadband Services Routers: See E120 and E320 Module Guide, Table 1, Modules and IOAs for detailed module specifications.
Page 31: Ip Addressing
0 to 31. The 32-bit address field consists of two parts: a network number and a host number whose boundaries are defined based on the class of IP address. Hosts attached to the same network must share a common prefix designating their network number. Copyright © 2010, Juniper Networks, Inc.
Page 32: Subnetwork Mask Format Options
For example, an IP address and subnetwork mask in dotted decimal notation would appear as follows: 10.10.24.6 255.255.0.0 Prefix length notation (often called network prefix format) allows for more efficient allocation of IP addresses than the old Class A, B, and C address scheme. The prefix Copyright © 2010, Juniper Networks, Inc.
Page 33: Subnet Addressing
Classes A, B, and C have the following natural masks, which define the network and host portions of each class: Class A natural mask 255.0.0. Class B natural mask 255.255.0.0 Class C natural mask 255.255.255.0 Copyright © 2010, Juniper Networks, Inc.
Page 34: Classless Addressing With Cidr
A service provider has a group of customers with class C addresses that begin with 192.56. Despite this relationship, the service provider announces each of the networks individually into the global Internet routing mesh. Copyright © 2010, Juniper Networks, Inc.
Page 35: Adding And Deleting Addresses
You cannot add a secondary address until you add the primary address. You cannot add a secondary address to bridged Ethernet interfaces. You cannot change a primary address to a secondary address. An interface can have multiple secondary addresses. Copyright © 2010, Juniper Networks, Inc.
Page 36: Deleting A Secondary Address
BGP networks) by decreasing the number of routing table changes required when a change in the network topology occurs. Direct next-hops point routes in the routing table toward individual, direct next-hop connections. (See Figure 6 on page 13.) Copyright © 2010, Juniper Networks, Inc.
Page 37: Before You Configure Ip
1/0 host1(config-if)#atm sonet stm-1 host1(config-if)#no loopback host1(config-if)#atm clock internal chassis host1(config-if)#interface atm 1/0.10 host1(config-if)#atm pvc 10 0 20 aal5snap Refer to the appropriate chapters for information about configuring a specific type of interface. Copyright © 2010, Juniper Networks, Inc.
Page 38: Creating A Profile
TCP connections when path MTU detection is not sufficient unnumbered—Configures IP on this interface without a specific address virtual-router—Specifies a virtual router to which interfaces created by this profile will be attached Copyright © 2010, Juniper Networks, Inc.
Page 39 See ip directed-broadcast ip mtu Use to assign the MTU size sent on an IP interface. Example host1(config-if)#ip mtu 5000 Use the no version to remove the assignment from the profile. See ip mtu ip redirects Copyright © 2010, Juniper Networks, Inc.
Page 40 See ip unnumbered ip virtual-router Use to assign a virtual router to a profile. You can configure a virtual router using RADIUS instead of adding one to the profile by using the ip virtual-router command. Example Copyright © 2010, Juniper Networks, Inc.
Page 41: Assigning A Profile
Before sending a packet, the host searches its cache for Internet-to-Ethernet address mapping. If the mapping is not found, the host sends an ARP request. Copyright © 2010, Juniper Networks, Inc.
Page 42: How Arp Works
Host 1 transmits the IP packet to layer 3 DA (host 2) using router 1’s MAC address. Router 1 forwards IP packet to host 2. Router 1 might send an ARP request to identify the MAC of host 2. (See Figure 9 on page 19.) Copyright © 2010, Juniper Networks, Inc.
Page 43: Figure 9: Sample Arp Process-4 And 5
By default, E Series routers check all received ARP packets for spoofing and process only those ARP packets whose source IP address is outside the range of the network mask. ARP packets with a source IP address of 0.0.0.0 and the router IP address as Copyright © 2010, Juniper Networks, Inc.
Page 44 8000 Use the no version to restore the default value. See arp timeout clear arp Use to clear dynamic entries from the ARP cache. To clear a particular entry, specify all of the following: Copyright © 2010, Juniper Networks, Inc.
Page 45: Mac Address Validation
You can enable DHCP to perform the function independently and dynamically. See JunosE Link Layer Configuration Guide . The arp validate command adds the IP-MAC address pair to the validation table maintained on the physical interface. Copyright © 2010, Juniper Networks, Inc.
Page 46: Broadcast Addressing
Use the no version to remove an entry from the ARP cache. See arp Broadcast Addressing A broadcast is a data packet destined for all hosts on a particular physical network. Network hosts recognize broadcasts by special addresses. Copyright © 2010, Juniper Networks, Inc.
Page 47: Broadcast Tasks
You specify an IP address to set the broadcast address. Example host1(config-if)#ip broadcast-address 255.255.255.255 Use the no version to restore the default IP broadcast address. See ip broadcast-address ip directed-broadcast Use to enable translation of directed broadcasts to physical broadcasts. Example host1(config-if)#ip directed-broadcast Copyright © 2010, Juniper Networks, Inc.
Page 48: Fragmentation
Example host1(config-if)#ip mtu 1000 Use the no version to restore the default MTU size. See ip mtu Copyright © 2010, Juniper Networks, Inc.
Page 49: Ip Routing
The router uses ARP to find the physical address that corresponds to the Internet address for any host or router on networks directly connected to it. Copyright © 2010, Juniper Networks, Inc.
Page 50: Figure 10: Routers In A Small Network
OSPF 10.2.0.0/16 10.5.0.3 IS-IS 10.2.0.0/16 10.5.0.3 EBGP 10.2.0.0/16 10.5.0.3 10.5.0.0/30 10.5.0.2 connected Table 4: Routing Table for Router LA Destination Next-Hop Route Administrative Network Router Type Distance Metric 10.1.0.0/16 10.5.0.2 static 10.1.0.0/16 10.5.0.2 OSPF Copyright © 2010, Juniper Networks, Inc.
Page 51: Setting The Administrative Distance For A Route
If the IP routing table contains several routes to the same prefix—for example, an OSPF route and a RIP route—the route with the lowest administrative distance is used for forwarding. To set the administrative distance for BGP routes, see JunosE BGP and MPLS Configuration Guide. Copyright © 2010, Juniper Networks, Inc.
Page 52: Setting The Metric For A Route
ID is, by convention, formatted as an IP address, it is not required to be a configured address of the router. If you do not use the ip router-id command to assign a router ID, the router uses one of its configured IP addresses as the router ID. ip router-id Copyright © 2010, Juniper Networks, Inc.
Page 53: Establishing A Static Route
(lower) than the distance of the static route you want to resolve. Figure 11: Static Routes with Indirect Next Hops On the Boston router in the network shown in Figure 11 on page 29: Copyright © 2010, Juniper Networks, Inc.
Page 54: Verifying Next Hops For Static Routes
Copyright © 2010, Juniper Networks, Inc.
Page 55: Bfd Next Hop Verification Configuration Example
Use the multiplier keyword to specify a multiplier number in the range 1–255. Optionally, you can include the last-resort keyword when you use the verify bfd-liveness-detection keywords to instruct the router to install the static route in the Copyright © 2010, Juniper Networks, Inc.
Page 56: How Rtr Next-Hop Verification Works
E Series routers support next-hop verification on any type of lower-layer interface. RTR Configuration Example Figure 12 on page 33 shows a sample configuration that illustrates the next-hop verification feature. In this example, two Fast Ethernet interfaces are configured between a remote Copyright © 2010, Juniper Networks, Inc.
Page 57: Figure 12: Sample Configuration For Next-Hop Verification
Down The router installs a route to 10.1.1.2, using Fast Ethernet interface 4/0 as the next hop. Down The router installs a route to 10.1.1.2, using Fast Ethernet interface 4/1 as the next hop. Copyright © 2010, Juniper Networks, Inc.
Page 58: Configuring Rtr Next-Hop Verification
You must configure the RTR probe as an echo type to use next-hop verification. For information, see “Configuring the Probe Type” on page 63. host1(config-rtr)#type echo protocol ipIcmpEcho 10.1.1.2 source fastEthernet 4/0 c. Specify the interface on which the RTR probe expects to receive responses. Copyright © 2010, Juniper Networks, Inc.
Page 59 IP destination address 10.1.1.2 is usable. host1(config)#ip route 10.1.1.2 255.255.255.255 10.1.1.2 fastEthernet 4/0 verify rtr 10 last-resort Establish a static route associated with RTR 11. Copyright © 2010, Juniper Networks, Inc.
Page 60 1.1.0.0/16 subnet is forwarded to the SRP module by the line module. Although the SRP module responds only to traffic destined to the 1.1.1.1 subnet and Copyright © 2010, Juniper Networks, Inc.
Page 61 Example host1(config)#ip route 10.1.1.5 255.255.255.0 10.1.1.5 fastEthernet 1/0 verify rtr 5 last-resort Use the no version to remove a static route from the routing table. See ip route ip unnumbered Copyright © 2010, Juniper Networks, Inc.
Page 62: Setting Up Default Routes
IP address. This interface cannot be another unnumbered interface. Example host1(config-if)#ip unnumbered fastEthernet 0/0 Use the no version to disable IP processing on an interface. See ip unnumbered Copyright © 2010, Juniper Networks, Inc.
Page 63: Adding A Host Route To A Peer On A Ppp Interface
Use to enable the generation of traps for source address validation failure on the router. You can specify a VRF context for which you want to enable trap validation for source address validation. Example Copyright © 2010, Juniper Networks, Inc.
Page 64: Defining Tcp Maximum Segment Size
MSS is used by TCP to define the maximum amount of data that a TCP interface can accept in any single packet (or segment size). The MSS value is typically negotiated during connection establishment and is not renegotiated. Copyright © 2010, Juniper Networks, Inc.
Page 65: Configuring Ip Path Mtu Discovery
PMTU successfully (minutes2). The range of these two timers is 1–30 minutes. The timer defaults to 10 minutes. Issue the age-timer infinite keyword to disable PMTU aging functions. Example 1—Enables path MTU discovery host1:VR1(config)#tcp path-mtu-discovery Copyright © 2010, Juniper Networks, Inc.
Page 66: Limiting Pmtu
MTU discovery is disabled for this connection. Example host1:VR1(config)#tcp path-mtu-discovery min-mtu 255 Use the no version to remove any limitation so that the virtual router uses the discovered path MTU value. See tcp path-mtu-discovery Copyright © 2010, Juniper Networks, Inc.
Page 67: Specifying Black Hole Thresholds
You can remove the IP configuration from an interface or subinterface. no ip interface Use to remove the IP configuration from an interface or subinterface and disable IP processing on the interface. Example host1(config-if)#no ip interface See no ip interface Copyright © 2010, Juniper Networks, Inc.
Page 68: Clearing Ip Routes
See clear ip interface Setting a Baseline The router enables you to set a baseline for statistics on an IP interface. baseline ip interface Use to set a baseline for a specified IP interface. Example Copyright © 2010, Juniper Networks, Inc.
Page 69: Disabling Forwarding Of Packets
A specifies a loose-source route as B, D or C, D, or B, C, D. ip source-route Use to enable forwarding of source-routed packets in a VR or VRF. Forwarding is disabled by default in all VRs. Example host1(config)#ip source-route Copyright © 2010, Juniper Networks, Inc.
Page 70: Forcing An Interface To Appear Up
2 interface and the description is applied to that static IP interface. You cannot assign a profile to a layer 2 interface that has a static interface configured above it. Copyright © 2010, Juniper Networks, Inc.
Page 71: Enabling Link Status Traps
Use to set the speed of the interface in bits per second. By default, the speed is determined from a lower-layer interface. Example host1(config-if)#ip speed 1000 Use the no version to set the speed to the default, 0. See ip speed Copyright © 2010, Juniper Networks, Inc.
Page 72: Configuring Equal-Cost Multipath Load Sharing
If one of the ECMP next hops is an indirect next hop, ECMP uses hashed mode load balancing. Example host1(config)#virtual-router router_0 host1:router_0(config)#interface serial 4/0:1/22.22 host1:router_0(config-subif)#ip multipath round-robin host1:router_0(config-subif)#exit Use the no version to set the ECMP mode to the default, hashed. See ip multipath round-robin Copyright © 2010, Juniper Networks, Inc.
Page 73: Fast Reroute Protection
IP operations. The TTL specifies a hop count. This configured TTL value can be overridden by other commands that specify a TTL. ip ttl Use to set a default value for the IP header TTL field for all IP operations. Example host1(config)#ip ttl 255 Copyright © 2010, Juniper Networks, Inc.
Page 74: Protecting Against Tcp Rst Or Syn Dos Attacks
If the segment timestamp is larger than the value of the last valid timestamp, and the sequence number is less than the last Copyright © 2010, Juniper Networks, Inc.
Page 75: Protecting Against Tcp Out Of Order Dos Attacks
TCP does not take into account the buffering scheme that the receiver uses. If the receiver uses a fixed-size receive buffer (that is, buffering all packets) regardless of length, a Copyright © 2010, Juniper Networks, Inc.
Page 76: Limiting Buffers Per Router
See tcp resequence-buffers default-vr-maximum tcp resequence-buffers vr-maximum Use to define the maximum number of buffers that the current or specified virtual router can use. Specify a value of zero (0) to turn off the limit assignment. Copyright © 2010, Juniper Networks, Inc.
Page 77: Limiting Buffers Per Connection
A higher timer value can enhance SRP performance, but it can also delay the implementation of routing table changes on the line modules. Be aware of the possible effect on network performance before you reconfigure the forwarding table hold-down timer. Copyright © 2010, Juniper Networks, Inc.
Page 78: Ip Tunnel Routing Table
In the absence of a primary interface, you can still configure shared IP interfaces; however, in this scenario, data received on the layer 2 interface is discarded. You cannot create shared IP interfaces for the following kinds of interface: Copyright © 2010, Juniper Networks, Inc.
Page 79: Configuring Shared Ip Interfaces
Use the specified name to refer to the shared IP interface; you cannot use the layer 2 interface to refer to them, because the shared interface can be moved. Example host1(config)#interface ip si0 Use the no version to delete the IP interface. See interface ip ip share-interface Copyright © 2010, Juniper Networks, Inc.
Page 80: Moving Ip Interfaces
Moving IP Interfaces You can move an IP shared interface from one layer 2 interface to another by issuing the ip share-interface command to specify a different layer 2 interface. Moving an IP interface Copyright © 2010, Juniper Networks, Inc.
Page 81: Ip Shared Interface Statistics
This message notifies the originator that a better gateway exists to the assigned destination address. With the ip redirects command (used in Interface Configuration mode) you can enable or disable ICMP redirects. This attribute is enabled by default. If it is enabled on the IP Copyright © 2010, Juniper Networks, Inc.
Page 82: Icmp Tasks
Use the no version to disable the sending of redirect messages. See ip redirects ip unreachables Use to enable the generation of an ICMP unreachable message when a packet is received that the router cannot deliver. Example host1(config-if)#ip unreachables Copyright © 2010, Juniper Networks, Inc.
Page 83: Specifying A Source Address For Icmp Messages
192.56.20.1, the maximum number of hops of the trace is 20, and the timeout value is 10 seconds: host1#traceroute 192.56.20.1 20 timeout 10 ping Use to send an ICMP or ICMPv6 echo request packet to the IP address that you specify. You can specify a VRF context. Copyright © 2010, Juniper Networks, Inc.
Page 84 By default the router increments packets by one byte; for example, it sends 100, 101, 102, 103, ... 1000. If the sweep interval is 5, the router sends 100, 105, 110, 115, ... 1000. Copyright © 2010, Juniper Networks, Inc.
Page 85 M—Could not fragment, DF bit set m—Parameter problem message N—Network unreachable P—Protocol unreachable Q—Source quench r—Redirect message T—Timestamp request message t —Timestamp reply message U—Destination unreachable Example host1(config)#interface serial 5/2:1/1 host1(config-if)#ip address 172.16.1.1 255.255.255.0 Copyright © 2010, Juniper Networks, Inc.
Page 86: Response Time Reporter
RTR configuration is associated with a specific virtual router, distinct from any other virtual router. Configuration Tasks To configure RTR: Configure the probe type—an echo probe or a path echo probe. (Optional) Configure probe characteristics: Copyright © 2010, Juniper Networks, Inc.
Page 87: Configuring The Probe Type
Use the no version to delete all configuration information for an RTR probe. See rtr type Use to set an echo or path echo probe: echo—Limited to end-to-end RTR operations; corresponds to SNMP ping Copyright © 2010, Juniper Networks, Inc.
Page 88: Configuring Optional Characteristics
Maximum number of consecutive failures operations-per-hop Number of probes per hop owner Owner of the probe receive-interface Interface on which the probe expects to receive responses request-data-size Request’s payload size samples-of-history-kept Maximum number of history samples User-defined tag Copyright © 2010, Juniper Networks, Inc.
Page 89 Use the no version to return to the default, no owner. See owner request-data-size Use to set the protocol data size, in bytes, in the request packet. Example host1(config-rtr)#request-data-size 20 Use the no version to return to the default value, 1 byte. See request-data-size Copyright © 2010, Juniper Networks, Inc.
Page 90: Capturing Statistics
When the number of hops reaches the specified number (that is, size), no additional statistical information about the path is stored. This option applies only to pathEcho entries. To turn off this feature, set the value to 0. Example host1(config-rtr)#hops-of-statistics-kept 5 Copyright © 2010, Juniper Networks, Inc.
Page 91: Collecting History
RTR entries have the same target address. receive-interface Use to specify the interface on which the RTR probe expects to receive responses. You must set this attribute when multiple RTR entries are configured to use the same target address. Copyright © 2010, Juniper Networks, Inc.
Page 92: Setting Reaction Conditions
Use to enable the path-change reaction. The path-change event is triggered when a change is detected in the hop table. At most, there can be one such event per test. Example host1(config)#rtr reaction-configuration 1 path-change Copyright © 2010, Juniper Networks, Inc.
Page 93: Scheduling The Probe
When you have configured the RTR probe, you must schedule the operation to begin collecting statistics and other information about problems that may arise. rtr schedule Use to create an RTR schedule. Example host1(config)#rtr schedule 5 Copyright © 2010, Juniper Networks, Inc.
Page 94: Shutting Down The Probe
Use the no version to stop the test. The no version stops the probe operation by putting it in the default state, pending. See rtr schedule start-time Shutting Down the Probe You can shut down the RTR probe operation. rtr reset Copyright © 2010, Juniper Networks, Inc.
Page 95: Monitoring Rtr
Use to display statistical information for a particular probe operation or for all operations. Field descriptions rtrIndex—Index number of the RTR probe operationsSent—Number of probe operations sent operationsRecvd—Number of probe operations received lastGoodResponse—Time when last valid probe operation was received Copyright © 2010, Juniper Networks, Inc.
Page 96 RTR probe uses to start a response time operation life—Length of the test Copyright © 2010, Juniper Networks, Inc.
Page 97 ------- -------- ------------ ------ ------ ----- echo 10.5.0.200 pathEcho 10.5.0.11 rtrIndex source restartTime owner ---------- ------------------ ----------- ---------- fastEthernet0/0 rtrIndex samples admin reactionConfiguration ---------- ------- -------- ------------------------ enabled enabled Copyright © 2010, Juniper Networks, Inc.
Page 98 RTR entry was created test—Index number of the pathEcho test hop—Index number of the hop count operation—Index number of the probe operation address—Address of router at the hop Example host1#show rtr history Echo Entries: Copyright © 2010, Juniper Networks, Inc.
Page 99 Example host1#show rtr hops rtrIndex address minRtt maxRtt avgRtt rttSumSqr ---------- ---- ----------- ------ ------ ------ -------- Copyright © 2010, Juniper Networks, Inc.
Page 100: Monitoring Ip
IP configuration and monitor IP interfaces and statistics. System Event Logs To troubleshoot and monitor IP, use the following system event logs: ipAccessList—IP access list matching ipEngine—IP chassis manager ipGeneral— IP general information ipIfCreator—IP interface creator events Copyright © 2010, Juniper Networks, Inc.
Page 101: Establishing A Baseline
Use the delta keyword with IP show commands to specify that baselined statistics are to be shown. Example host1#baseline ip udp There is no no version. See baseline ip udp Copyright © 2010, Juniper Networks, Inc.
Page 102: Ip Show Commands
Reference Guide Interfaces “show ip interface” on page 85 Shared IP interfaces “show ip interface shares” on page 90 Protocols “show ip protocols” on page 93 Redistribution policies “show ip redistribute” on page 96 Copyright © 2010, Juniper Networks, Inc.
Page 103 172.19.0.0 0.0.255.255 0.0.0.0 255.255.255.255 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 IP Access List 10: permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 IP Access List 11: deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 See show access-list Copyright © 2010, Juniper Networks, Inc.
Page 104 A hold-down timer value of zero (0) distributes an update after each change to the routing table. Example host1#show forwarding-table route-holddown Hold-down timer value is 3 seconds. See show forwarding-table route-holddown show ip Use to display general information about IP. Field descriptions Copyright © 2010, Juniper Networks, Inc.
Page 105 Router advertisement—Status of router discovery advertisement: enabled, disabled Proxy Arp—Status of the feature: enabled, disabled Administrative debounce-time—Configured debounce behavior, enabled or disabled. If enabled, indicates time in milliseconds that the router waits before generating an Copyright © 2010, Juniper Networks, Inc.
Page 106 Out Scheduler Drops Conformed Packets, Bytes—Outgoing packets and bytes dropped by the scheduler even though they conformed to the traffic contract Out Scheduler Drops Exceeded Packets, Bytes—Outgoing packets and bytes that were dropped by the scheduler because they exceeded the contract Copyright © 2010, Juniper Networks, Inc.
Page 107 AS Path Access List 1: permit AS Path Access List 2: deny AS Path Access List 3: permit _109_ deny AS Path Access List 4: permit _109$ deny AS Path Access List 10: deny _109$ Copyright © 2010, Juniper Networks, Inc.
Page 108 Status—Whether the routing table for the virtual router is valid Example host1#show ip forwarding-table slot 9 Free Memory = 3,166KB Virtual Router Memory Load Errors Status (KB) ---------------- --------- ------------- -------- 4128 Valid 3136 Valid 2256 Valid Copyright © 2010, Juniper Networks, Inc.
Page 109 IP Statistics Sent: generated—Number of packets generated no routes—Number of packets that could not be routed Copyright © 2010, Juniper Networks, Inc.
Page 110 ARP spoof checking—Status of the check for spoofed ARP packets received on an IP interface, enabled or disabled. This field is not displayed when you use the detail keyword. In Received Packets, Bytes—Total number of packets and bytes received on the IP interface Copyright © 2010, Juniper Networks, Inc.
Page 111 Out Scheduler Drops Exceeded Packets, Bytes—Packets and bytes dropped by the scheduler because they exceeded the contract Out Policed Packets—Packets discarded on the egress interface due to rate limiting Copyright © 2010, Juniper Networks, Inc.
Page 112 Out Fabric Dropped Packets 0 Example 2 host1#show ip interface gigabitEthernet 1/1.200 GigabitEthernet1/1 line protocol Ethernet is up, ip is not present Network Protocols: IP Multipath mode = hashed Auto Configure = disabled Auto Detect = disabled Copyright © 2010, Juniper Networks, Inc.
Page 113 For example, In Forwarded Packets can be reported as greater than In Received Packets. Rather than displaying In Total Dropped Packets as a negative value, the command displays it as the sum of all drop reasons other than fabric drops; fabric drops Copyright © 2010, Juniper Networks, Inc.
Page 114 Router advertisement = disabled Administrative debounce-time = disabled Operational debounce-time = disabled Access routing = disabled Multipath mode = hashed In Received Packets 120, Bytes 12000 Unicast Packets 60, Bytes 6000 Multicast Packets 60, Bytes 6000 Copyright © 2010, Juniper Networks, Inc.
Page 115 Unnumbered Interface on loopback100 ( IP address 202.1.1.1 ) Operational MTU = 1500 Administrative MTU = 0 Operational speed = 155520000 Administrative speed = 0 Discontinuity Time = 0 Router advertisement = disabled Administrative debounce-time = disabled Copyright © 2010, Juniper Networks, Inc.
Page 116 Auto Detect—Router automatically detects packets that do not match any entries in the demultiplexer table; enabled or disabled Auto Configure—Dynamic creation of subscriber interfaces on a primary IP interface; enabled or disabled IP FlowStats—Enabled or disabled Copyright © 2010, Juniper Networks, Inc.
Page 117 Neighbor Incoming/Outgoing update prefix tree—Number of the prefix tree for incoming or outgoing routes Neighbor Incoming/Outgoing update filter list—Number of filter list for incoming routes Routing for Networks—Network for which BGP is currently injecting routes For IS-IS: Copyright © 2010, Juniper Networks, Inc.
Page 118 Filter applied to incoming route update—Access list applied to incoming RIP route updates Global route map—Route map that specifies all RIP interfaces on the router Distance—Value added to RIP routes added to the IP routing table; the default is 120. Copyright © 2010, Juniper Networks, Inc.
Page 119 Filter applied to outgoing route update is not set Filter applied to incoming route update is not set No global route map Distance is 120 Interface Auth fastEthernet0/0 none Redistributing: ospf Routing for Networks: 192.168.1.0/255.255.255.0 See show ip protocols Copyright © 2010, Juniper Networks, Inc.
Page 120 I- route type intra, IA- route type inter, E- route type external, i- metric type internal, e- metric type external, O- OSPF, E1- external type 1, E2- external type2, N1- NSSA external type1, N2- NSSA external type2 L- MPLS label, V- VR/VRF, *- indirect next-hop Copyright © 2010, Juniper Networks, Inc.
Page 121 At MON FEB 04 2008 14:18:04 UTC MPLS tunnel routes (not used for forwarding): 3 total routes, 216 bytes in route entries 1 bgp tunnel routes 1 ldp tunnel routes 1 rsvp tunnel routes Copyright © 2010, Juniper Networks, Inc.
Page 122 L- MPLS label, V- VR/VRF, *- indirect next-hop Prefix/Length Type Next Hop Dst/Met Intf --------------- ------- --------------- --------- ------------------- 21.21.21.2/32 Static 0.0.0.0 loopback0[V:pe2] 2.2.2.2/32 30.30.30.2 110/3 ATM2/0.30 31.31.31.2 110/3 ATM2/0.31 10.10.10.0/24 Connect 10.10.10.1 ATM2/0.10 20.20.20.0/24 Connect 20.20.20.1 ATM2/0.21 4.4.4.4/32 2.2.2.2* 200/2 Copyright © 2010, Juniper Networks, Inc.
Page 123 6 10.10.0.231 IP address Interface Next Hop ------------ ---------------- ------------ 10.10.0.231 fastEthernet 6/0 10.10.0.231 Example 2 host1#show ip route slot 9 90.248.1.2 IP address Interface Next Hop ------------ ---------------- ------------ 90.248.1.2 serial9/23:2 Copyright © 2010, Juniper Networks, Inc.
Page 124 SO_USELOOPBACK—Bypass the hardware if/when possible SO_LINGER—Linger on a close() if data is present SO_OOBINLINE—Leave received out-of-band data in-line SO_REUSEPORT—Allow reuse of local port so_state—State of each socket; knowledge of BSD Sockets API is useful to understand this information Copyright © 2010, Juniper Networks, Inc.
Page 125 (and memory being returned to the free pool) Call to rsSocket()—Call to create the socket using rsSocket() as opposed to socket() Call to socket()—8-bit value indicating how the call went Call to connect()—8-bit value indicating how the call went Copyright © 2010, Juniper Networks, Inc.
Page 126 Call to recv()—16-bit value indicating the return status Call to recvmsg()—16-bit value indicating the return status Call to read()—16-bit value indicating the return status Example 1 host1#show ip socket statistics 5 10.13.5.70:23 --> 10.10.132.71:2000 type: 1 (SOCK_STREAM) Copyright © 2010, Juniper Networks, Inc.
Page 127 You can specify an IP mask that filters specific routes. Field descriptions Prefix—IP address prefix Length—Prefix length Next Hop—IP address of the next hop Met—Number of hops Dist—Administrative distance of the route; see Table 5 on page 27 Copyright © 2010, Juniper Networks, Inc.
Page 128 Use to display the configuration, current per-VR, and per-router state of the TCP resequencing buffer management functions. Use the vrfName variable to specify a specific VRF for which you want to view information. Field descriptions TCP Resequence Buffer Management Configuration Copyright © 2010, Juniper Networks, Inc.
Page 129 Global buffers in use: 5 High Water: 15 VR Buffers in use: 17 High Water: 32 Buffers Discarded Because Global Limit Exceeded: 25 Buffers Discarded Because VR Limit Exceeded: 15 See show tcp resequence-buffers show tcp path-mtu-discovery Copyright © 2010, Juniper Networks, Inc.
Page 130 See show tcp paws show tcp statistics Use to display all TCP statistics. Baselining is supported for this command. Use the ip keyword to display only IPv4 statistics. Use the ipv6 keyword to display only IPv6 statistics. Copyright © 2010, Juniper Networks, Inc.
Page 131 Global Diagnostic Data Unknown Connection log—Includes the following global statistics: Copyright © 2010, Juniper Networks, Inc.
Page 132 TCP connection bad offset pkts—Number of bad offset packets received on the TCP connection short pkts—Number of short packets received on the TCP connection Copyright © 2010, Juniper Networks, Inc.
Page 133 T/O pre-estab—Number of times the keepalive timer expired before the connection reached the established state. This is a per-connection statistic. tcpkeeptimeo_idle—Number of times the keepalive timer popped, but no keepalive was sent because of connection idle-time considerations. This is a per-connection statistic. Copyright © 2010, Juniper Networks, Inc.
Page 134 Ignored due to idle-timeout considerations A packet was sent Ignored because the connection did not have the keepalive option set OR the connection was in the process of closing RST/SYN-Ack DoS Protection—Specifies when this function is enabled Copyright © 2010, Juniper Networks, Inc.
Page 135 Timer 1—Amount of time the virtual router waits after receiving an ICMP Too Big message before attempting to increase the path MTU Timer 2—Amount of time the virtual router waits after successfully increasing the MTU before attempting to increase it more Copyright © 2010, Juniper Networks, Inc.
Page 136 Time to next increase attempt—Amount of time, in seconds, until the router retries to increase the MTU Black Hole Detection State—State of the black hole detection mechanism: none, detecting, probable, or unknown Out-of-Order Packet Queue Information—Information regarding packet queue buffers Copyright © 2010, Juniper Networks, Inc.
Page 137 0 chksum err pkts, 0 bad offset pkts, 0 short pkts 0 duplicate pkts, 0 out of order pkts Sent: 281 total pkts, 210 data pkts, 3089 bytes 0 retransmitted pkts, 0 retransmitted bytes Example 2—Additional fields displayed by diagnostic keyword Copyright © 2010, Juniper Networks, Inc.
Page 138 Keepalive timer: 0 2MSL timer: 0 tcpDisconnect()s: 0 keep T/O pre-estab: 0 tcpkeeptimeo_idle: 0 TCP Connection Event Log (most recent at bottom) TCPS_ELOG_PRU_ATTACH TCPS_ELOG_PRU_BIND Example 3—Additional fields displayed by detailed keyword host1#show ip tcp statistics detailed Copyright © 2010, Juniper Networks, Inc.
Page 139 Field descriptions IP Statistics Rcvd: router Id—Router ID number total—Number of frames received local destination—Frames with this router as their destination hdr errors—Number of packets containing header errors addr errors—Number of packets containing addressing errors Copyright © 2010, Juniper Networks, Inc.
Page 140 (ping) packets echo rpy—Number of echo replies received timestamp req—Number of requests for a timestamp Copyright © 2010, Juniper Networks, Inc.
Page 141 UDP packets sent errors—Number of error packets sent TCP Global Statistics Connections: attempted—Number of outgoing TCP connections attempted accepted—Number of incoming TCP connections accepted established—Number of TCP connections established dropped—Number of TCP connections dropped Copyright © 2010, Juniper Networks, Inc.
Page 142 Sent: 15 forwarded, 25144 generated, 0 out disc 0 no routes,0 routing discards Route: 57680 routes in table 0 timestamp req, 0 timestamp rpy 0 addr mask req, 0 addr mask rpy ICMP statistics: Copyright © 2010, Juniper Networks, Inc.
Page 143 Example host1#show ip udp statistics UDP Statistics: Rcvd: 39196 total, 0 checksum errors, 29996 no port Sent: 210 total, 0 errors See show ip udp statistics show profile brief Copyright © 2010, Juniper Networks, Inc.
Page 144 Example host1(config)#route-map westford permit 10 host1(config-route-map)#match community 44 host1(config-route-map)#set local-pref 400 host1(config-route-map)#exit host1(config)#exit host1#show route-map westford route-map 1, permit, sequence 10 Match clauses: match community 44 Set clauses: set local-pref 400 See show route-map Copyright © 2010, Juniper Networks, Inc.
Page 145: Chapter 2 Configuring Ipv6
The intent of this design change is not to take a radical step away from IPv4, but to enhance IP addressing and maintain other IPv4 functions that work well. The differences between IPv4 and IPv6 include the following: Copyright © 2010, Juniper Networks, Inc.
Page 146: Ipv6 Packet Headers
IPv6 packets can use a standard or an extended format. IPv4 and IPv6 Header Differences The main difference between IPv4 and IPv6 resides in their headers. Figure 13 on page 123 provides a comparison between the two protocol versions. Copyright © 2010, Juniper Networks, Inc.
Page 147: Standard Ipv6 Headers
Destination address—Identifies the final destination node address for the packet. Extension Headers In IPv6, extension headers are used to encode optional Internet-layer information. Extension headers are placed between the IPv6 header and the upper-layer header in a packet. Copyright © 2010, Juniper Networks, Inc.
Page 148: Ipv6 Addressing
IPv6 address. Table 8 on page 124 provides compressed IPv6 address format examples. Table 8: Compressed IPv6 Formats IPv6 Address Type Full Format Compressed Format Unicast 10FB:0:0:0:C:ABC:1F0C:44DA 10FB::C:ABC:1F0C:44DA Multicast FD01:0:0:0:0:0:0:1F FD01::1F Loopback 0:0:0:0:0:0:0:1 Unspecified 0:0:0:0:0:0:0:0 Copyright © 2010, Juniper Networks, Inc.
Page 149: Address Types
Anycast – Used for a set of interfaces on different nodes. An anycast transmission sends packets to only one of the interfaces associated with the address, not to all of the interfaces. This interface is typically the closest interface, as defined by the routing protocol. Copyright © 2010, Juniper Networks, Inc.
Page 150: Address Scope
Therefore, each member of an anycast group must be configured to recognize certain addresses as anycast addresses. Copyright © 2010, Juniper Networks, Inc.
Page 151: Icmp Support
BGP networks) by decreasing the number of routing table changes required when a change in the network topology occurs. Direct next-hops point routes in the routing table toward individual, direct next-hop connections. (See Figure 14 on page 127.) Figure 14: Direct Next Hops Copyright © 2010, Juniper Networks, Inc.
Page 152: Platform Considerations
RFC 2460—Internet Protocol, Version 6 (IPv6) (December 1998) RFC 2461—Neighbor Discovery for IP Version 6 (IPv6) (December 1998) RFC 2462—IPv6 Stateless Address Autoconfiguration (December 1998) RFC 2463—Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification (December 1998) Copyright © 2010, Juniper Networks, Inc.
Page 153: Before You Configure Ipv6
Use to specify an IPv6 license. Purchase an IPv6 license to allow IPv6 configuration on the E Series router. NOTE: Acquire the license from Juniper Networks Customer Services and Support or your Juniper Networks sales representative. Example host1(config)#license ipv6 license-value...
Page 154: Creating An Ipv6 Profile
Use to add an IPv6 address to an interface or a subinterface. Example host1(config)#interface atm 1/0.25 host1(config-if)#ipv6 address 1::1/64 NOTE: You can use this command in Interface Configuration or Subinterface Configuration mode. Copyright © 2010, Juniper Networks, Inc.
Page 155 Use to set the MTU size of IPv6 packets sent on an interface. The range is 128–10240. Example host1(config-if)#ipv6 mtu 1000 Use the no version to restore the default MTU size. See ipv6 mtu Copyright © 2010, Juniper Networks, Inc.
Page 156: Assigning A Profile
Use to assign a profile to a PPP interface. The profile configuration is used to dynamically create an upper IP interface. Example host1(config-if)#interface atm 3/1.50 host1(config-if)#encapsulation ppp host1(config-if)#profile boston Use the no version to remove the assignment from the interface. See profile Copyright © 2010, Juniper Networks, Inc.
Page 157: Enabling Source Address Validation
You can set a destination to receive and send traffic from and to a network or to use a specific route through the network. Example host1(config)#ipv6 route 7fff::0/16 1::1 Use the no version of this command to remove a static route from the routing table. See ipv6 route Copyright © 2010, Juniper Networks, Inc.
Page 158: Specifying An Ipv6 Hop Count Limit
1::1 clear ipv6 interface Use to set a baseline for counters on a specified IPv6 interface. Example host1#clear ipv6 interface atm 2/0 There is no no version. See clear ipv6 interface ipv6 enable Copyright © 2010, Juniper Networks, Inc.
Page 159 MTUs configured on the nodes along the path to the destination address. This reduces packet fragmentation, which contributes to performance problems. The default is not to sweep (all packets are the same size). Copyright © 2010, Juniper Networks, Inc.
Page 160 Hop count in the range 1–255; the default is 32 You can also force transmission of the packets on a specified interface regardless of what the IPv6 address lookup indicates. Copyright © 2010, Juniper Networks, Inc.
Page 161: Configuring Shared Ipv6 Interfaces
Use the specified name to refer to the shared IPv6 interface; you cannot use the layer 2 interface to refer to them, because the shared interface can be moved. Example host1(config)#interface ipv6 si1 Use the no version to delete the IPv6 interface. See interface ipv6 ipv6 share-interface Copyright © 2010, Juniper Networks, Inc.
Page 162: Adding A Description
Use the no version to remove the text description or alias. See ipv6 description IPv6 TCP Configuration IPv6 supports TCP configuration. You use the same commands to configure TCP on IPv6 as you do to configure TCP on IPv4. Copyright © 2010, Juniper Networks, Inc.
Page 163: Setting Mss For Tcp Connections
Issue the command without any keywords to enable path MTU discovery. Issue the age-timer keyword to set the time (minutes) that TCP waits before attempting to increase the path MTU after receiving an ICMP Too Big message or after previously Copyright © 2010, Juniper Networks, Inc.
Page 164: Limiting Pmtu
Use to limit the maximum MTU size used for the path MTU. Example host1:VR1(config)#tcp path-mtu-discovery max-mtu 512 Use the no version to remove any limitation so that the virtual router uses the path MTU discovery value. See tcp path-mtu-discovery tcp path-mtu-discovery min-mtu Copyright © 2010, Juniper Networks, Inc.
Page 165: Specifying Black Hole Thresholds
If the source did send the RST or SYN message, it recognizes the ACK message to be spurious and resends another RST or SYN message. The second RST or SYN message causes the router to shut down the connection. Copyright © 2010, Juniper Networks, Inc.
Page 166: Preventing Tcp Paws Timestamp Dos Attacks
The flow of data between hosts eventually stops, resulting in a denial of service condition. Use the tcp paws-disable command to disable PAWS processing. Copyright © 2010, Juniper Networks, Inc.
Page 167: Protecting Against Tcp Out Of Order Dos Attacks
Limiting Buffers per Router The tcp resequence-buffers global-maximum command enables you to limit the number of outstanding buffers on the entire router. tcp resequence-buffers global-maximum Copyright © 2010, Juniper Networks, Inc.
Page 168: Limiting Buffers Per Virtual Router
See tcp resequence-buffers vr-maximum Limiting Buffers per Connection The tcp resequence-buffers connection-maximum command and tcp resequence-buffers default-connection-maximum command allow you to limit the number of outstanding buffers on existing or newly established connections. tcp resequence-buffers connection-maximum Copyright © 2010, Juniper Networks, Inc.
Page 169: Configuring Equal-Cost Multipath Load Sharing
Use to control the maximum number of parallel routes that the routing protocol supports. The maximum number of routes can be in the range 1–16 for BGP, IS-IS, OSPF, or RIP. Example host1(config-router)#maximum-paths 2 Copyright © 2010, Juniper Networks, Inc.
Page 170: Fast Reroute Protection
NOTE: The E Series router automatically starts IPv6 processing when you begin configuring an IPv6 interface. However, by issuing the ipv6 command without using the no option, you can create an IPv6 processing instance with no IPv6 configuration. See ipv6 Copyright © 2010, Juniper Networks, Inc.
Page 171: Clearing Ipv6 Routes
Use to clear all dynamic IPv6 neighbors. Use the include-statics keyword to clear both dynamic neighbors and static neighbors. Use the statics-only keyword to clear only IPv6 static neighbors. Example host1(config)#clear ipv6 neighbors Copyright © 2010, Juniper Networks, Inc.
Page 172: Monitoring Ipv6
Use the udp keyword to set a baseline for UDP statistics Use the delta keyword with IPv6 show commands to specify that baselined statistics are to be shown. Example host1#baseline ipv6 There is no no version See baseline ipv6 baseline ipv6 interface Copyright © 2010, Juniper Networks, Inc.
Page 173: Ipv6 Show Commands
There is no no version. See baseline tcp IPv6 show Commands You can monitor the following aspects of IPv6 using show ipv6 commands: To Display Command General IPv6 information show ipv6 Copyright © 2010, Juniper Networks, Inc.
Page 174 Use to display general IPv6 information. Example host1#show ipv6 Ipv6 Unicast Routing: Enabled Default hop limit: not specified Number of interfaces: 2 Default interface source address/mask: fe80::90:1a00:210:fd0/128 See show ipv6 show ipv6 address show ipv6 interface Copyright © 2010, Juniper Networks, Inc.
Page 175 MTU size redirects—Received packet redirects Copyright © 2010, Juniper Networks, Inc.
Page 176 Group membership (queries, responses, reductions)—Number of queries, responses, and reduction requests sent to a group of which the interface is assigned Operational MTU—Value of the MTU Administrative MTU—Value of the MTU if it has been administratively overridden using the configuration Copyright © 2010, Juniper Networks, Inc.
Page 177 Multicast Packets, Bytes—Multicast packets and bytes received on the IPv6 interface which are then multicast-routed are counted as multicast packets In Total Dropped Packets, Bytes—Total number of inbound packets and bytes dropped on this interface Copyright © 2010, Juniper Networks, Inc.
Page 178 Conformed—Number of packets and bytes that exceed the committed access rate but conform to the peak access rate Exceeded—Number of packets and bytes exceeding the peak access rate queue, traffic class, bound to ipv6—Queue and traffic class bound to the specified IPv6 interface Copyright © 2010, Juniper Networks, Inc.
Page 179 Dropped committed packets 0, bytes 0 Dropped conformed packets 0, bytes 0 Dropped exceeded packets 0, bytes 0 Example 2 host1#show ipv6 address detail 5:1:1::2 FastEthernet9/1.5 line protocol VlanSub is up, ipv6 is up Copyright © 2010, Juniper Networks, Inc.
Page 180 Out Forwarded Packets 22, Bytes 2480 Unicast Packets 22, Bytes 2480 Multicast Routed Packets 0, Bytes 0 Out Total Dropped Packets 8, Bytes 0 Out Scheduler Dropped Packets 0, Bytes 0 Out Policed Packets 0 Out Discarded Packets 8 Copyright © 2010, Juniper Networks, Inc.
Page 181 Unicast Packets 5, Bytes 588 Multicast Packets 8, Bytes 768 In Total Dropped Packets 0, Bytes 0 In Policed Packets 0 In Invalid Source Address Packets 0 In Error Packets 0 In Discarded Packets 0 Copyright © 2010, Juniper Networks, Inc.
Page 182 Dropped committed packets 0, bytes 0 Dropped conformed packets 0, bytes 0 Dropped exceeded packets 0, bytes 0 loopback5 line protocol IpLoopback is up, ipv6 is up Network Protocols: IPv6 Link local address: fe80::90:1a00:740:1d44 Internet address: 10:1:1:0:290:1aff:fe40:1d44/64 (eui-64) Copyright © 2010, Juniper Networks, Inc.
Page 183 Dropped conformed packets 0, bytes 0 Dropped exceeded packets 0, bytes 0 Example 4 host1#show ipv6 interface FastEthernet 9/0.6 FastEthernet9/0.6 line protocol VlanSub is up, ipv6 is up Description: IPv6 interface in Virtual Router Hop6 Copyright © 2010, Juniper Networks, Inc.
Page 184 Committed: 0 packets, 0 bytes Conformed: 0 packets, 0 bytes Exceeded: 0 packets, 0 bytes IPv6 policy local-input ipv6PolLocIn5 rate-limit-profile Rlp1Mb classifier-group clgC entry 1 Committed: 0 packets, 0 bytes Conformed: 0 packets, 0 bytes Copyright © 2010, Juniper Networks, Inc.
Page 185 Unicast Packets 0, Bytes 0 Multicast Packets 0, Bytes 0 In Total Dropped Packets 0, Bytes 0 In Policed Packets 0 In Invalid Source Address Packets 0 In Error Packets 0 In Discarded Packets 0 Copyright © 2010, Juniper Networks, Inc.
Page 186 0 redirects In Received Packets 13, Bytes 1356 Unicast Packets 5, Bytes 588 Multicast Packets 8, Bytes 768 In Total Dropped Packets 0, Bytes 0 In Policed Packets 0 In Invalid Source Address Packets 0 Copyright © 2010, Juniper Networks, Inc.
Page 187 Group membership: 0 queries, 0 responses, 0 reductions 0 redirects Sent: 13 total, 0 errors 0 rtr solicits, 9 rtr advertisements 2 neighbor solicits, 2 neighbor advertisements Group membership: 0 queries, 0 responses, 0 reductions 0 redirects Copyright © 2010, Juniper Networks, Inc.
Page 188 ICMPv6 statistics: Rcvd: 0 total, 0 errors 0 rtr solicits, 0 rtr advertisements 0 neighbor solicits, 0 neighbor advertisements Group membership: 0 queries, 0 responses, 0 reductions 0 redirects Sent: 0 total, 0 errors Copyright © 2010, Juniper Networks, Inc.
Page 189 Dropped committed packets 0, bytes 0 Dropped conformed packets 0, bytes 0 Dropped exceeded packets 0, bytes 0 Example 6 host1# show ipv6 interface brief Interface IPv6-Address Status Protocol Description ----------------- ------------------ ------- -------- ---------------- null0 Unnumbered Copyright © 2010, Juniper Networks, Inc.
Page 190 Use to display information on IPv6 local address pools, such as prefix delegation parameters and attributes that control the assignment of prefixes to requesting routers. Specify the pool name to limit the display to a specific IPv6 local pool. Copyright © 2010, Juniper Networks, Inc.
Page 191 Domain Search List—List of domain names configured in the IPv6 local pool for DNS resolution IPv6 Local Address Pool Statistics: Allocations—Number of prefixes allocated to DHCPv6 clients from the local address pool Allocation Errors—Number of errors encountered during the allocation of prefixes Copyright © 2010, Juniper Networks, Inc.
Page 192 2002:2002::/48 1 day 1 day 3003:3003::/56 1 day 1 day 4004:4004:0:ff00::/64 1 day 1 day 5005:5005::/48 infinite infinite Exclude 5005:5005:1::/48 5005:5005:2::/48 - 5005:5005:a::/48 Dns Servers 3001::1 3001::2 Domain Search List test1.com test2.com test3.com test4.com Copyright © 2010, Juniper Networks, Inc.
Page 193 State ----------------- ----------------- ------- -------------- ----- ----- FastEthernet4/1 1::1 dynamic 0090.1a40.05e5 reach 3 Example 2 host1# show ipv6 neighbors summary Total IPv6 neighbors: 7 By type: 5 global, 2 link-local, 0 anycast, 0 unknown Copyright © 2010, Juniper Networks, Inc.
Page 194 Shutdown in overload state—Status of shutdown in an overload state Default local preference—Default value for local preference IGP synchronization—Indicates whether synchronization is enabled or disabled Default originate—Indicates whether network 0.0.0.0 is redistributed into BGP Auto summary—Status of autosummary Copyright © 2010, Juniper Networks, Inc.
Page 195 IGP synchronization is enabled Default originate is disabled Auto summary is enabled Always compare MED is disabled Compare MED within confederation is disabled Advertise inactive routes is disabled Advertise best external route to internal peers is disabled Copyright © 2010, Juniper Networks, Inc.
Page 196 Use to display the current state of the routing table, including routes not used for forwarding. You can display all routes, a specific route, detailed information about all or a specific route, or summary counters for the routing table. Field descriptions Prefix—IPv6 address prefix Length—Prefix length Copyright © 2010, Juniper Networks, Inc.
Page 197 0 dvmrp routes Last route added/deleted: null by Invalid At MON FEB 04 2008 14:18:04 UTC MPLS tunnel routes (not used for forwarding): 3 total routes, 216 bytes in route entries 1 bgp tunnel routes Copyright © 2010, Juniper Networks, Inc.
Page 198 Router FE80::83B3:60A4 on FastEthernet2/0, last update 3 min Hops 0, Lifetime 6000 sec, AddrFlag=0, OtherFlag=0 Reachable time 0 msec, Retransmit time 0 msec Prefix 3FFE:C00:8007::800:207C:4E37/96 autoconfig Valid lifetime -1, preferred lifetime -1 Copyright © 2010, Juniper Networks, Inc.
Page 199 Field descriptions IPv6 statistics Rcvd: total—Total number of packets received local destination—Number of packets received with this router as their destination hdr errors—Number of packets containing header errors addr errors—Number of packets containing addressing errors Copyright © 2010, Juniper Networks, Inc.
Page 200 Group membership (queries, responses, reductions)—Number of queries, responses, and reduction requests received from within a group to which the interface is assigned ICMP statistics Sent: Copyright © 2010, Juniper Networks, Inc.
Page 201 0 total, 0 local destination 0 hdr errors, 0 addr errors 0 unkn proto, 0 discards Sent: 0 forwarded, 0 generated 0 out disc Mcast: 0 received 0 forwarded Routes: 7 in routing table Copyright © 2010, Juniper Networks, Inc.
Page 202 Use the brief keyword to display summary information or the detailed keyword to display extensive information. Use the diagnostic keyword to display diagnostic information collected on the TCP statistics in addition to the detailed information. This command shows information Copyright © 2010, Juniper Networks, Inc.
Page 203 The reason for rejection is not given. This information may be useful in tracking down DoS attacks. # connection-reqs rejected—Total number of connection attempts that have been rejected Copyright © 2010, Juniper Networks, Inc.
Page 204 TCP connection Diagnostics: PRU_ Operations counters—Number of calls for each of the indicated PRU_operations within the TCP service API. These are per-connection statistics. Copyright © 2010, Juniper Networks, Inc.
Page 205 TCP Connection Event Log (most recent at bottom)—Event log for the TCP connection. It shows the last 32 events that occurred on the connection. The most recent event is at the bottom of the list. This is per-connection data. TCPS_ELOG_PRU_ATTACH TCPS_ELOG_PRU_BIND Copyright © 2010, Juniper Networks, Inc.
Page 206 Providing this information can help determine whether attacks are occurring. Bogus RSTs—Number of RSTs that were judged to be invalid (that is, their timer expired) and therefore ignored Copyright © 2010, Juniper Networks, Inc.
Page 207 # ICMP TooBigs for unk. connection—Number of ICMP Too Big messages that the router has received for TCP connections that do not exist. When PMTU is disabled, this counter does not increase. PMTU Increase Attempts—Number of attempts the router has made to increase the PMTU Copyright © 2010, Juniper Networks, Inc.
Page 208 Out-of-Order Packet Queue Information—Information regarding packet queue buffers Buffers Outstanding—Number of buffers currently on the connection reordering queue High Water—Most buffers that have ever been on the connection reordering queue Copyright © 2010, Juniper Networks, Inc.
Page 209 Sent: 281 total pkts, 210 data pkts, 3089 bytes 0 retransmitted pkts, 0 retransmitted bytes Example 2—Additional fields displayed by diagnostic keyword host1#show tcp statistics diagnostic Global Diagnostic Data Unknown Connection log Source address/port -> local port Copyright © 2010, Juniper Networks, Inc.
Page 210 TCP Connection Event Log (most recent at bottom) TCPS_ELOG_PRU_ATTACH TCPS_ELOG_PRU_BIND Example 3—Additional fields displayed by detailed keyword host1#show tcp statistics detailed RST/SYN-Ack Protection is: ENABLED RSTs acked: 0 ...Bogus RSTs: 0 SYNs acked: 0 ...Bogus SYNs: 0 Data Insertions rejected: 0 Copyright © 2010, Juniper Networks, Inc.
Page 211 Number of attempts to increase PMTU: 0 Time to next increase attempt: 0 seconds Black Hole Detection State: none Out-of-order Packet Queue Information Buffers Outstanding: 25 High Water: 28 Buffers discarded: 15 TCP-Paws is disabled See show tcp statistics Copyright © 2010, Juniper Networks, Inc.
Page 212 JunosE 11.3.x IP, IPv6, and IGP Configuration Guide Copyright © 2010, Juniper Networks, Inc.
Page 213: Configuring Neighbor Discovery
Nodes use prefixes to distinguish between destinations that reside on an attached link and those destinations that it can reach only through a router. Parameter discovery—How a node learns various parameters (link parameters or Internet parameters) that it places in outgoing packets. Copyright © 2010, Juniper Networks, Inc.
Page 214: Platform Considerations
Before you configure Neighbor Discovery, you must configure IPv6. For information about configuring IPv6, see “Configuring IPv6” on page 121. Configuring Ethernet interfaces to function with IPv6 requires Neighbor Discovery configuration for the interface. Copyright © 2010, Juniper Networks, Inc.
Page 215: Configuring Neighbor Discovery
(Optional) Configure the router advertisement lifetime in seconds. host1(config-if)#ipv6 nd ra-lifetime 900 (Optional) Configure the router advertisement to list a specified prefix, for a valid lifetime and preferred lifetime. The following example also advertises the prefix as Copyright © 2010, Juniper Networks, Inc.
Page 216: Using Ipv6 Profiles And Radius To Configure Neighbor Discovery Route Advertisements
The JunosE Software enables you to use profiles to dynamically configure IPv6 interfaces. When you create an IPv6 profile, you can also include Neighbor Discovery route advertisement characteristics, which are then configured on the dynamically-created IPv6 interfaces. Copyright © 2010, Juniper Networks, Inc.
Page 217: Radius-Based Configuration
Use to enable the IPv6 Neighbor Discovery process on an interface. Example host1(config)#interface fastEthernet 3/0 host1(config-if)#ipv6 nd Use the no version of this command to disable the Neighbor Discovery process. See ipv6 nd ipv6 nd active-solicitations Copyright © 2010, Juniper Networks, Inc.
Page 218 Use to set the “other stateful configuration” flag in IPv6 router advertisements. Example host1(config-if)#ipv6 nd other-config-flag Use the no version of this command to clear the flag from IPv6 router advertisements. See ipv6 nd other-config-flag ipv6 nd prefix-advertisement Copyright © 2010, Juniper Networks, Inc.
Page 219 1 10 45 Use the no version of this command to restore the default value (zero [0] milliseconds for router advertisements and 3,600,000 milliseconds [1 hour] for Neighbor Discovery activity of the E Series router). Copyright © 2010, Juniper Networks, Inc.
Page 220: Configuring Proxy Neighbor Advertisements
NOTE: This command is redundant when configuring Neighbor Discovery over Ethernet, because neighbor solicitations and advertisements are automatically sent on Ethernet interfaces. Enable IPv6 neighbor proxy. host1(config-if)#ipv6 nd proxy ipv6 nd proxy Copyright © 2010, Juniper Networks, Inc.
Page 221: Configuring Duplicate Address Detection Attempts
See ipv6 nd dad attempts Monitoring Neighbor Discovery Neighbor Discovery-specific output appears in the output of various IPv6 show commands. For detailed information about IPv6 show commands and their output, see “Configuring IPv6” on page 121. Copyright © 2010, Juniper Networks, Inc.
Page 222 JunosE 11.3.x IP, IPv6, and IGP Configuration Guide Copyright © 2010, Juniper Networks, Inc.
Page 223: Internet Protocol Routing
PART 2 Internet Protocol Routing Configuring RIP on page 201 Configuring OSPF on page 235 Configuring IS-IS on page 317 Copyright © 2010, Juniper Networks, Inc.
Page 224 JunosE 11.3.x IP, IPv6, and IGP Configuration Guide Copyright © 2010, Juniper Networks, Inc.
Page 225: Configuring Rip
RIP uses the hop count as the metric (also known as cost) to compare the value of different routes. The hop count is the number of routers that data packets must traverse between RIP networks. Metrics range from 0 for a directly connected network to 16 for Copyright © 2010, Juniper Networks, Inc.
Page 226: Rip Messages
See E120 and E320 Module Guide, Table 1, Modules and IOAs for detailed module specifications. See E120 and E320 Module Guide, Appendix A, IOA Protocol Support for information about the modules that support RIP. References For more information about RIP, consult the following resources: Copyright © 2010, Juniper Networks, Inc.
Page 227: Features
If the password is fewer than 16 octets, it must be left-justified and padded to the right with nulls (0x00). Authentication is applied per RIP interface. You can specify either text or MD5 authentication. Text authentication uses a simple password that must be shared by the Copyright © 2010, Juniper Networks, Inc.
Page 228: Subnet Masks
RIP message. Multicasting To reduce unnecessary load on hosts that are not listening to RIPv2 messages, an IP multicast address is used for periodic broadcast messages. The IP multicast address is 224.0.0.9. Copyright © 2010, Juniper Networks, Inc.
Page 229: Route Summaries
You can disable split horizon and enable poison reverse routing updates that advertise routes originating on the interface, but for each of these routes the metric is set to infinity to explicitly advertise that these networks are not reachable. Copyright © 2010, Juniper Networks, Inc.
Page 230: Equal-Cost Multipath
(Optional) Specify a RIP receive version for an interface. By default, RIP interfaces on your router receive both RIPv1 and RIPv2. (Optional) Specify a RIP send version for an interface. By default, RIP interfaces on your router send only RIPv1. Copyright © 2010, Juniper Networks, Inc.
Page 231 (Optional) Redistribute routes from other protocols into RIP, or from RIP to other protocols. host1(config-router)#redistribute rip 5 host1(config-router)#route-map 4 host1(config-router)#redistribute bgp 100 route-map 4 (Optional) Enable unicast communication with RIP neighbors. host1(config-router)#neighbor 10.10.21.100 host1(config-router)#passive-interface atm atm 2/0.16 Copyright © 2010, Juniper Networks, Inc.
Page 232: Relationship Between Address And Network Commands
Configures RIP with the default values: Send version is RIPv1, receive version is RIPv1 and RIPv2, authentication is not enabled. Example host1(config-router)#address 10.2.1.1 Use the no version to delete the RIP interface. See address address authentication key Copyright © 2010, Juniper Networks, Inc.
Page 233 Use to restrict the RIP version that the router can send on an interface. The default is to send only RIPv1. Example host1(config-router)#address 10.2.1.1 send version 2 Use the no version to restore the default value, 1. See address send version clear ip rip redistribution Copyright © 2010, Juniper Networks, Inc.
Page 234 Configuring a default metric lowers the priority of the routes. Use a metric in the range 1 – 16. Example host1(config-router)#default-metric 5 Use the no version to restore the default value, 0. See default-metric disable Copyright © 2010, Juniper Networks, Inc.
Page 235 Use the no version to stop application of the distribute list. See distribute-list interface-event-disable Use to configure RIP to purge the routing table for interfaces that were brought down by some event. Example host1(config-router)#interface-event-disable Copyright © 2010, Juniper Networks, Inc.
Page 236 Use the no version to remove authentication from all RIP interfaces. See ip rip authentication mode ip rip receive version Use to restrict the RIP version that the router can receive on an interface. The default is both RIPv1 and RIPv2. Example Copyright © 2010, Juniper Networks, Inc.
Page 237 Use to specify a prefix tree that summarizes routes for a particular route map. Use the ip prefix-tree command to set the conditions of the prefix tree, including which routes to summarize and how many bits of the network address to preserve. Copyright © 2010, Juniper Networks, Inc.
Page 238 You can specify either the standard subnet mask or the inverse subnet mask. Example 1—standard subnet mask host1(config-router)#network 10.2.1.0 255.255.255.0 Example 2—inverse subnet mask host1(config-router)#network 10.2.1.0 0.0.0.255 Use the no version to disable RIP on the specified interface. See network Copyright © 2010, Juniper Networks, Inc.
Page 239 100 route-map 4 Example 2 host1(config)#router bgp 100 host1(config-router)#redistribute rip 5 Use the no version to disable redistribution. See redistribute. route-map Use to specify a route map for RIP. Example host1(config)#router rip host1(config-router)#route-map 4 Copyright © 2010, Juniper Networks, Inc.
Page 240 IP routing table with the clear ip routes * command. Example host1(config)#route-map dist1 permit 5 host1(config-route-map)#match community boston42 host1(config-route-map)#set distance 33 host1(config-route-map)#exit host1(config)#router rip 100 host1(config-router)#table-map dist1 host1(config-router)#exit host1(config)#exit host1#clear ip routes * Copyright © 2010, Juniper Networks, Inc.
Page 241 To change the RIP version on a specific interface, use the ip rip receive version and the ip rip send version commands, or the address receive version and address send version commands. Example host1(config-router)#version 2 Copyright © 2010, Juniper Networks, Inc.
Page 242: Enabling Rip On Dynamic Ip Interfaces
RIP interfaces, use the no rip copy-to-dynamic command to stop the use of RIP on any new, dynamic interfaces, and then use the clear ip rip dynamic-interfaces command to clear any existing RIP dynamic interfaces. See ip rip copy-to-dynamic Copyright © 2010, Juniper Networks, Inc.
Page 243: Clearing Dynamic Rip Interfaces
By default, RIP routes are available for both unicast forwarding and multicast reverse path forwarding checks. Example host1(config)#router rip host1(config-router)#ip route-type unicast Use the no version to restore the default value, both. See ip route-type Copyright © 2010, Juniper Networks, Inc.
Page 244: Configuring The Bfd Protocol For Rip
Use the address bfd-liveness-detection command when you have used the address command to configure the RIP network. Use the ip rip bfd-liveness-detection command when you have used the network command to configure the RIP network. Copyright © 2010, Juniper Networks, Inc.
Page 245: Remote Neighbors
You must explicitly configure remote neighbors on the RIP routers to specify the remote neighbor with which the router will form an adjacency and the source IP address the router will use for RIP packets destined to its peer remote neighbor. Copyright © 2010, Juniper Networks, Inc.
Page 246 An IP access list acts as a filter. Refer to access-list in the JunosE Command Reference Guide for more information. Example host1(config)#distribute-list 5 in Use the no version to stop application of the distribute list. See distribute-list Copyright © 2010, Juniper Networks, Inc.
Page 247 Use the no version to restore the default value, 1. See send version split-horizon Use to configure the split horizon and poison reverse features for RIP remote neighbors. Split horizon is enabled by default; poison reverse routing updates are disabled by default. Copyright © 2010, Juniper Networks, Inc.
Page 248: Monitoring Rip
The results of this request may vary. For instance, the debug commands provide information about problems with the network or the router, whereas the show commands provide information about the actual state and configuration of your router. Copyright © 2010, Juniper Networks, Inc.
Page 249: Debug Commands
You can specify a VRF instance for the show ip rip commands. You can use the output filtering feature of the show command to include or exclude lines of output based on a text string you specify. See JunosE System Basics Configuration Guide, for details. Copyright © 2010, Juniper Networks, Inc.
Page 250 Distance—Value added to RIP routes added to the IP routing table. The default is 120. Number of route changes—Number of times the router has been told to route changes by its peers Number of route queries—Number of times the router has received route requests from other routers Copyright © 2010, Juniper Networks, Inc.
Page 251 Triggered updates sent—Number of triggered updates sent; triggered updates are sent before the entire RIP routing table is sent; triggered by events such as adding a new RIP route or redistribution Received updates—Number of updates received Copyright © 2010, Juniper Networks, Inc.
Page 252 No filter is applied to incoming route update for all interfaces No global route map No table map Default metric = 1 Distance = 120 Number of route changes = 3 Number of route queries = 0 Copyright © 2010, Juniper Networks, Inc.
Page 253 Update interval = 30 (secs) Invalid interval = 180 (secs) Hold down time = 120 (secs) Flush interval = 300 (secs) Route Type both unicast and multicast Max Ecmp Paths = 4 Default-Information originate always = enabled Copyright © 2010, Juniper Networks, Inc.
Page 254 Receive version = def Authentication mode = none Default metric = default BFD minimum receive interval(msec) = BFD minimum transmit interval(msec)= 500 BFD multiplier = 2 Passive Interface = No Access-list applied to outgoing route = none Copyright © 2010, Juniper Networks, Inc.
Page 255 Specify the active keyword to limit the display to active routes learned via RIP updates. Specify the inactive keyword to limit the display to routes that the router will discard in the immediate future. Field descriptions Prefix—IP address prefix Length—Prefix length Copyright © 2010, Juniper Networks, Inc.
Page 256 Field descriptions Time since last update received—Time in seconds since an update was received from this peer Peer version—Version of IS-IS running on the peer Bad packets received—Number of bad packets received from the peer Copyright © 2010, Juniper Networks, Inc.
Page 257 Triggered updates sent—Number of triggered updates sent; triggered updates are sent before the entire RIP routing table is sent; triggered by events such as adding a new RIP route or redistribution Received updates—Number of updates received Example 1 Copyright © 2010, Juniper Networks, Inc.
Page 258 Mask—Network mask specified in the ip summary-address command to identify which routes to summarize Metric—Metric advertised with the summary RIP prefix Example host1#show ip rip summary-address Summary Address Mask Metric 4.3.0.0 255.255.0.0 4.4.0.0 255.255.0.0 See show ip rip summary-address Copyright © 2010, Juniper Networks, Inc.
Page 259: Configuring Ospf
Remote Neighbors on page 285 Configuring OSPF Graceful Restart on page 288 Disabling and Reenabling Incremental SPF on page 291 Configuring OSPF Traps on page 291 Neighbor Uptime Tracking on page 292 Monitoring OSPF on page 292 Copyright © 2010, Juniper Networks, Inc.
Page 260: Overview
(LSAs) between areas. area ID A unique number that identifies an area. Typically, formatted as an IP address. authentication A process whereby a user or data source proves that it is what it claims to be. Copyright © 2010, Juniper Networks, Inc.
Page 261 For example, router LSAs are flooded within the area to which the router belongs, summary LSAs are flooded to other areas through the backbone, and external LSAs are flooded throughout the OSPF domain. Copyright © 2010, Juniper Networks, Inc.
Page 262 Routers that have interfaces to a common network. nonbroadcast network A network that has no broadcast capability but supports more than two routers. Not-so-stubby area Similar to a stub area, but can also import selected external LSAs. (NSSA) Copyright © 2010, Juniper Networks, Inc.
Page 263: Platform Considerations
Figure 16: OSPF Topology Platform Considerations For information about modules that support OSPF on the ERX7xx models, ERX14xx models, and the ERX310 Broadband Services Router: See ERX Module Guide, Table 1, Module Combinations for detailed module specifications. Copyright © 2010, Juniper Networks, Inc.
Page 264: References
You can split up an OSPF AS into areas. Doing this reduces the size of the link-state database (LSDB). Each OSPF area runs as a separate network and maintains its own LSDB. OSPF computes routes only to destinations within the area, and does not flood routes beyond the area boundaries. Copyright © 2010, Juniper Networks, Inc.
Page 265: Routing Priority
Simple password authentication—Requires a 64-bit unencrypted password in each OSPF packet. Cryptographic authentication—Uses a shared secret key that is configured on each router on a network. RFC 2328 defines the use of OSPF cryptographic authentication with the MD5 algorithm. Copyright © 2010, Juniper Networks, Inc.
Page 266: Opaque Lsas
Base (MIB) supported by your router. The MIBs folder contains information about all supported standard and Juniper Networks E Series enterprise (proprietary) MIBs. OSPF does not act as a host within the router and therefore does not support the ospfIfMetric and ospfHost tables.
Page 267: Implementing Ospf For Ipv6
The flooding process is modified to manage unrecognized LSAs and the new LSA flooding scope. The route calculation has been updated to handle modifications in the LSA database. Supported LSA Types OSPFv3 supports the following LSA types: Copyright © 2010, Juniper Networks, Inc.
Page 268: Unsupported Ospf Components
This release does not support the following OSPF components when implementing OSPF for IPv6: Virtual link Not-so-stubby-area (NSSA) Nonbroadcast multiaccess (NBMA) Remote neighbor Traffic engineering extensions SNMP traps Features specified in “OSPF as the PE/CE Protocol in BGP/MPLS IP VPNs” (draft-ietf-l3vpn-ospf-2547) Copyright © 2010, Juniper Networks, Inc.
Page 269: Ospf Configuration Tasks
You can issue the no network area command, which deletes all OSPF interfaces within the specified range. If the OSPF interface was created with the address area command, you can issue the no address area command to delete the specified interface. Copyright © 2010, Juniper Networks, Inc.
Page 270: Enabling Ospfv3
Assign an area ID associated with each range of IP addresses. Each router running OSPFv2 has a database describing a map of the routing domain. This map needs to be identical in all participating routers. network area Copyright © 2010, Juniper Networks, Inc.
Page 271 IP interface’s network exactly. (In other words, by default the exact network of the IP interface is going to be summarized into other areas.) See network area ospf enable Copyright © 2010, Juniper Networks, Inc.
Page 272: Creating A Single Ospfv2 Interface
You can specify either an IP address or an unnumbered interface. Configures OSPFv2 with the default values. You can configure the interface with a nondefault value by using the other address commands. You must first issue the Copyright © 2010, Juniper Networks, Inc.
Page 273: Specifying An Ospf Router Id
Use to specify a different IP address for the router to use as the OSPF router ID. Example host1(config-if)#router-id 192.168.50.5 Use the no version to force OSPF to use the previous OSPF router ID behavior. See router-id Copyright © 2010, Juniper Networks, Inc.
Page 274: Aggregating Ospf Networks
After you enter this area range command, only the aggregated range 2.2.0.0/16 is going to be summarized. Use the no version to disable the aggregation of routes at the OSPF area border. See area range Copyright © 2010, Juniper Networks, Inc.
Page 275: Configuring Ospf Interfaces
OSPF MTU that can be sent over an OSPF interface without fragmentation. Configuring OSPF attributes for OSPF networks includes setting the following: Cost Dead interval Hello interval Router priority Retransmit interval Transmit delay Copyright © 2010, Juniper Networks, Inc.
Page 276: Address Commands
The interface can have an IP address, or it can be unnumbered. Example host1(config-router)#address unnumbered atm 4/0.1 area 3 host1(config-router)#address unnumbered atm 4/0.1 cost 50 Use the no version to reset the path cost to the default value, 1. See address cost address dead-interval Copyright © 2010, Juniper Networks, Inc.
Page 277 Applies only to nonbroadcast multiaccess (NBMA) networks. Every broadcast and NBMA network has a designated router. The interface can have an IP address, or it can be unnumbered. Copyright © 2010, Juniper Networks, Inc.
Page 278: Ip Ospf And Ipv6 Ospf Commands
The no version of the command resets the specified parameters to unspecified. If the no version of the command takes effect for a specified IP interface, there is no default value for the specified parameters. The parameter is set back to unspecified Copyright © 2010, Juniper Networks, Inc.
Page 279 The router LSA advertises the link-state metric as the link cost. For the IPv6 command, you can specify an optional process ID in the range 1–65535. Example 1 host1(config)#interface fastethernet 0/0 host1(config-if)#ip ospf cost 50 Example 2 host1(config)#interface fastethernet 0/0 host1(config-if)#ipv6 ospf cost 50 Copyright © 2010, Juniper Networks, Inc.
Page 280 Example 1 host1(config-if)#ip ospf hello-interval 8 Example 2 host1(config-if)#ipv6 ospf hello-interval 8 Use the no version to restore the default value, 10 seconds. See ip ospf hello-interval See ipv6 ospf hello-interval ipv6 ospf mtu-ignore Copyright © 2010, Juniper Networks, Inc.
Page 281 For the IPv6 command, you can specify an optional process ID in the range 1–65535. Example 1 host1(config-if)#ip ospf priority 2 Example 2 host1(config-if)#ipv6 ospf priority 2 Use the no version to restore the default value, 1. See ip ospf priority See ipv6 ospf priority ip ospf retransmit-interval Copyright © 2010, Juniper Networks, Inc.
Page 282: Comparison Example
In the following example you configure a range of OSPF interfaces with the network area command. host1(config)#interface fastEthernet 0/0 host1(config-if)#ip address 1.1.1.1 255.255.255.0 host1(config-if)#ip address 2.2.2.2 255.255.255.0 secondary host1(config-if)#exit host1(config)#router ospf 1 host1(config-router)#network 1.1.1.0 0.0.0.255 area 0 host1(config-router)#network 2.2.2.0 0.0.0.255 area 0 Copyright © 2010, Juniper Networks, Inc.
Page 283: Precedence Of Commands
You can divide your OSPF routing domain into OSPF areas. Dividing into areas provides the following benefits: Reduces resource demands placed on routers and links Reduces the router CPU usage by the OSPF routing calculation Copyright © 2010, Juniper Networks, Inc.
Page 284 Use the no-summary keyword to create a “totally stubby area” and restrict type 3 summary LSAs from flowing into the area. However, type 3 default-route LSAs can continue to flow into the area and a type 3 default-route LSA is advertised into the NSSA. Copyright © 2010, Juniper Networks, Inc.
Page 285 The two endpoint routers must be attached to a common area, called the virtual link’s transit area. Virtual links are part of the backbone and behave as if they were unnumbered point-to-point networks between the two routers. Copyright © 2010, Juniper Networks, Inc.
Page 286 Specify an interval in the range 0–3600 seconds; the default value is 5 seconds. Set the value greater than the expected round-trip delay. Example host1(config-router)#area 27.0.0.0 virtual-link 27.8.4.2 retransmit-interval 6 Use the no version to remove the interface’s retransmit interval. See area virtual-link retransmit-interval area virtual-link transmit-delay Copyright © 2010, Juniper Networks, Inc.
Page 287: Optimizing The Cost To Reach A Range Of Ospf Routers Within An Area
Consider the topology shown in Figure 17 on page 264. Copyright © 2010, Juniper Networks, Inc.
Page 288: Figure 17: Optimizing Ospf Area Aggregate Costs
10.1.1.0 to be announced into area 0. ABR 2 calculates the following costs: A cost of 2 to reach Router 6: ABR 2-->Router 6 A cost of 2 to reach Router 5: ABR 2-->Router 5 Copyright © 2010, Juniper Networks, Inc.
Page 289: Configuring Authentication
If the packet is not sent within the dead interval, the adjacency breaks down and is not reestablished until both sides of the adjacency have the same password or key. address authentication-key Copyright © 2010, Juniper Networks, Inc.
Page 290 The MD5 key is a character string up to 16 characters long. You must also specify a key identifier and whether the key is entered in unencrypted or encrypted format. If you do not specify which, the string is assumed to be unencrypted. Copyright © 2010, Juniper Networks, Inc.
Page 291 Use to specify that no authentication is used for the particular virtual link. Example host1(config-router)#area 27.0.0.0 virtual-link 27.2.3.4 authentication-none The no version has no effect. See area virtual-link authentication-none area virtual-link message-digest-key md5 Copyright © 2010, Juniper Networks, Inc.
Page 292 Use the no version to set authentication for the interface to none without removing any configured MD5 key. You can subsequently apply MD5 authentication to the interface without having to reconfigure the key. See ip ospf authentication message-digest ip ospf authentication-none Copyright © 2010, Juniper Networks, Inc.
Page 293: Configuring The Bfd Protocol For Ospf
When you issue the ip ospf bfd-liveness-detection or ipv6 ospf bfd-liveness-detection command on an OSPF peer, the peer establishes BFD liveness detection with all BFD-enabled OSPF peers. When the local peer receives an update from a remote OSPF Copyright © 2010, Juniper Networks, Inc.
Page 294 You can change the BFD liveness detection parameters at any time without stopping or restarting the existing session; BFD automatically adjusts to the new parameter value. However, no changes to BFD parameters take place until the values resynchronize with each peer. Example 1 (OSPFv2) Copyright © 2010, Juniper Networks, Inc.
Page 295: Configuring Additional Parameters
Configure three static routes. host1(config)#ip route 20.20.20.0 255.255.255.0 192.168.1.0 host1(config)#ip route 20.20.21.0 255.255.255.0 192.168.1.0 host1(config)#ip route 20.21.0.0 255.255.255.0 192.168.1.0 Configure an access list with filters on routes 20.20.20.0/24 and 20.20.21.0/24. host1(config)#access-list boston permit 20.20.0.0 0.0.255.255 Copyright © 2010, Juniper Networks, Inc.
Page 296 If you want this command to apply to OSPF interfaces already configured, you need to bounce the existing interfaces: Use the no network and then the network command for the selected OSPF interfaces. Example 1—OSPFv2 Copyright © 2010, Juniper Networks, Inc.
Page 297 Maximum path splits 1 Area BACKBONE(0.0.0.0) Area is a transit area SPF algorithm executed 425 times ABR count 0 ASBR count 1 LSA Count 12 Number of interfaces in this area is 24 Area ranges are: Copyright © 2010, Juniper Networks, Inc.
Page 298 There is no no version. See clear ipv6 ospf process clear ip ospf database Use to delete all entries from the OSPF link-state database and to reset all adjacencies. Example Copyright © 2010, Juniper Networks, Inc.
Page 299 CAUTION: Using this command purges all external LSAs and reoriginates. Example 1 host1#clear ip ospf redistribution Example 2 host1#clear ipv6 ospf redistribution There is no no version. See clear ip ospf redistribution See clear ipv6 ospf redistribution Copyright © 2010, Juniper Networks, Inc.
Page 300 Use to configure the administrative distance for OSPF routes. Example host1(config-router)#distance ospf external 60 Default settings: Intra-area routes—110 Interarea routes—112 External routes—114 Use the no version to restore the default values. See distance ip ospf shutdown ipv6 ospf shutdown Copyright © 2010, Juniper Networks, Inc.
Page 301 To enable equal-cost multipath (ECMP) for OSPF, you need to specify a value for maximum paths greater than 1. Example host1(config-router)#maximum-paths 2 Use the no version to restore the default value, 4. See maximum-paths ospf bandwidth Copyright © 2010, Juniper Networks, Inc.
Page 302 If you do not specify route-map, all routes are redistributed. By default, all routes are imported as external type 2 routes. If you specify route-map but do not list any route map tags, no routes are imported. Use to redistribute routes from OSPF into other non-OSPF routing domains. Copyright © 2010, Juniper Networks, Inc.
Page 303 If you set the hold time to 0, there is no delay between two consecutive SPF calculations. They can be done one immediately after the other. Example host1(config-router)#timers spf 2 Use the no version to return to the default value, 3 seconds. See timers spf Copyright © 2010, Juniper Networks, Inc.
Page 304: Methods For Calculating Ospf Interface Cost
Alternatively, you can create one or more route maps that set the metric and apply them selectively to redistributed routes: host1(config)#access-list 1 permit any any host1(config)#route-map defmetric host1(config-route-map)#match ip address 1 host1(config-route-map)#set metric 10 host1(config-route-map)#exit host1(config)#router ospf 5 host1(config-router)#redistribute bgp route-map defmetric Copyright © 2010, Juniper Networks, Inc.
Page 305: Configuring Ospf For Nbma Networks
Use the no version to restore the default value for the medium. See address network ip ospf network Use to configure the network type on all OSPF interfaces on the OSPF network to a type other than the default for the medium. Example Copyright © 2010, Juniper Networks, Inc.
Page 306: Traffic Engineering
As a result, OSPF considers metrics for IGP paths and the tunnel metric, and might forward traffic along a best path, through the MPLS tunnel, or both. Copyright © 2010, Juniper Networks, Inc.
Page 307: Using Ospf Routes For Multicast Rpf Checks
You can use the ip route-type or ipv6 route-type command to specify whether OSPF routes are available for only unicast forwarding protocols or only multicast reverse-path-forwarding (RPF) checks. Routes available for unicast forwarding appear Copyright © 2010, Juniper Networks, Inc.
Page 308: Ospf And Bgp/Mpls Vpns
OSPF and BGP/MPLS VPNs Some network topologies use OSPF as the routing protocol between CE and PE routers in BGP/MPLS VPNs. See JunosE BGP and MPLS Configuration Guide, for information about configuring OSPF for this purpose. Copyright © 2010, Juniper Networks, Inc.
Page 309: Remote Neighbors
0 br549hee Use the no version to delete the password. See authentication-key authentication message-digest Use to specify that MD5 authentication is to be used on the OSPF remote neighbor interface. Example host1(config-router-rn)#authentication message-digest Copyright © 2010, Juniper Networks, Inc.
Page 310 Use to set the time interval between hello packets that the router sends on the OSPF remote-neighbor interface. Specify a value in the range 1–65535 seconds; the default value is 40 seconds. Example host1(config-router-rn)#hello-interval 15 Use the no version to restore the default value, 40 seconds. See hello-interval Copyright © 2010, Juniper Networks, Inc.
Page 311 Use to set the estimated time it takes to transmit a link-state update packet on the OSPF remote-neighbor interface. Specify a value in the range 0–3600 seconds; the default value is 1 second. Example host1(config-router-rn)#transmit-delay 3 Use the no version to restore the default value, 1 second. See transmit-delay Copyright © 2010, Juniper Networks, Inc.
Page 312: Remote Neighbors And Sham Links
(for the specified grace period as defined in the grace LSA). If the restarting router does not become fully adjacent with the helper router before the grace period expires, the helper Copyright © 2010, Juniper Networks, Inc.
Page 313 Use to configure the OSPFv2 or OSPFv3 router to function as an OSPF graceful restart helper router. Example host1(config-router)#graceful-restart helper Use the no version to disable OSPF graceful restart helper mode capability on the router. See graceful-restart helper graceful-restart helper-abort-topology-change Copyright © 2010, Juniper Networks, Inc.
Page 314 SPF, and updates any routes in the routing table. Example host1(config-router)#graceful-restart restart-time 350 Use the no version to return the restart duration to its default value, 180 seconds. See graceful-restart restart-time Copyright © 2010, Juniper Networks, Inc.
Page 315: Disabling And Reenabling Incremental Spf
LSA by this router maxAgeLsa—To indicate that an LSA in this router LSDB has reached its maximum age value ifStateChange—To indicate a state change on an OSPF interface traps Copyright © 2010, Juniper Networks, Inc.
Page 316: Neighbor Uptime Tracking
Commands The debug commands provide information about the following OSPF items: Copyright © 2010, Juniper Networks, Inc.
Page 317 Use to cancel the display of information about a selected event. The same OSPF variables can be designated as in the debug ip ospf or debug ipv6 ospf commands. Copyright © 2010, Juniper Networks, Inc.
Page 318: Show Commands
Use to display general information about OSPF routing processes. Field descriptions Routing Process—Process ID, router ID, domain ID OSPF administrative state—Enabled or disabled OSPF operational state—Enabled or disabled Incremental External SPF—On or off Graceful Restart Capability—On or off Copyright © 2010, Juniper Networks, Inc.
Page 319 LSA discard count: 0 Supports only single TOS(TOS0) routes SPF schedule delay 0 secs, Hold time between two SPFs 3 secs Maximum path splits 4 Number of active areas in this router is 0 Copyright © 2010, Juniper Networks, Inc.
Page 320 ABDR count 0 ASBDR count 0 LSA Count 0 Number of interfaces in this area is 0 Area ranges are: Number of active areas in this router is 4 normal, 1 stub, 2 NSSA. Copyright © 2010, Juniper Networks, Inc.
Page 321 INTRA 0.0.0.0 5.5.0 250 4.4.4.250 fastethernet0 ABR/ASBR INTRA 0.0.0.1 6.6.6.250 4.4.4.13 fastethernet0 INTRA 0.0.0.1 Example 2 host1#show ipv6 ospf border-routers OSPF Area Border Routers Destination NEXT_HOP Interface RouteType Area 10.0.0.10 FE80::3 ATM4/1.39 INTRA 0.0.0.0 Copyright © 2010, Juniper Networks, Inc.
Page 322 For external links, set to integer For grace links, set to integer ADV Router—ID of the advertising router Age—Link-state age Seq#—Link-state sequence number (detects old or duplicate LSAs) Checksum—Fletcher checksum of the complete contents of the LSA Copyright © 2010, Juniper Networks, Inc.
Page 323 Link Local Address—Originating router's link-local interface address on the link Prefixes—Prefixes associated with this LSA Number of Prefixes—Number of prefixes associated with this LSA Referenced LSA Type—Router LSA or network LSA with which the IPv6 address prefixes should be associated Copyright © 2010, Juniper Networks, Inc.
Page 324 AS Summary Link States (Area 0.0.0.0) Link ID ADV Router Age Seq# Checksum 5.5.0.250 192.168.1.13 491 0x80000002 0xe9d4 AS External Link States Link ID ADV Router Age Seq# Checksum 8.8.8.0 5.5.0.250 502 0x8000005f 0x2d67 Router Link States (Area 0.0.0.1) Copyright © 2010, Juniper Networks, Inc.
Page 325 Seq# Checksum 0.0.0.0 1.1.1.1 0x80000003 0xf7a4 0.0.0.0 2.2.2.2 0x80000003 0x7825 V3 Inter-Area Net Link States (Area 0.0.0.1) Link ID ADV Router Seq# Checksum 0.0.0.2 2.2.2.2 0x80000004 0x6a4f V3 Intra-Area Prefix Link States (Area 0.0.0.1) Copyright © 2010, Juniper Networks, Inc.
Page 326 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000002 Checksum: 0x8519 Length: 40 Link connected to: a Point To Point Network Neighboring router's Router Id: 1.1.1.1 Neighboring router's Interface Id: 0x32000006 Local Interface ID : 0x3200000a Metric 1 Copyright © 2010, Juniper Networks, Inc.
Page 327 LS Type: Intra Area Prefix Links Link State ID: 0.0.0.1 Advertising Router: 1.1.1.1 LS Seq Number: 0x80000003 Checksum: 0x911a Length: 44 Number of Prefixes 1 Referenced LSA Type 0x 2001 Referenced LSA Advertising Router 1.1.1.1 Referenced LSA ID 0 Copyright © 2010, Juniper Networks, Inc.
Page 328 See show ip ospf database See show ipv6 ospf database show ip ospf database link-local Use to display OSPF database link local states. Field descriptions Interface—Interface for which you are obtaining link-local LSA LS age—Age of LSA Copyright © 2010, Juniper Networks, Inc.
Page 329 Options—Optional capabilities supported by the described portion of the routing domain LS Type—Type of LSA; opaque area TE router address or opaque area TE link LSA Link State ID—Link-state ID of the opaque LSA Copyright © 2010, Juniper Networks, Inc.
Page 330 TE Router-ID: 100.1.1.1 LS age: 919 Options: (TOS-capable, No Type7-LSA, ExternalRoutingCapability, No Multicast Capability, No External Attributes LSA) LS Type: Opaque-Area (TE Links) Link State ID: 1.0.0.1(Instance) Advertising Router: 100.1.1.1 LS Seq Number: 0x80000003 Checksum: 0xf66e Copyright © 2010, Juniper Networks, Inc.
Page 331 Designated Router—Designated router ID and respective interface IP address Backup Designated Router—Designated router ID and respective interface IP address of the backup router Timer intervals—Configuration of timer intervals: Hello, Dead, Wait, and Retransmit Neighbor Count—Number of neighbors and their state; adjacent neighbors Copyright © 2010, Juniper Networks, Inc.
Page 332 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 3.3.3.3 (Designated Router) See show ip ospf interface See show ipv6 ospf interface Copyright © 2010, Juniper Networks, Inc.
Page 333 Internal OSPF Statistics, bytes allocated/free: LSA bytes allocated:216 Router LSA bytes allocated:936 Summary bytes allocated:0 Neighbor RTX bytes allocated:0 Timers bytes allocated:352 Ospf total bytes free:824368 Ospf heap total bytes allocated:1048576 Internal OSPF Statistics, allocation failures: Copyright © 2010, Juniper Networks, Inc.
Page 334 10 events for all OSPF neighbors or a specific OSPF neighbor. This neighbor uptime tracking feature is not available for OSPFv3. For more information, see “Neighbor Uptime Tracking” on page 292. Field descriptions Neighbor ID—Neighbor’s router ID Pri—Router priority of neighbor State—OSPF neighbor’s state Copyright © 2010, Juniper Networks, Inc.
Page 335 Event Cause Time ============================================== ATM2/0.12 Seen WED DEC 14 07:09:12 ATM2/0.12 DOWN Interface down WED DEC 14 07:05:47 ATM2/0.12 Seen WED DEC 14 07:02:32 See show ipv6 ospf neighbors show ip ospf remote-neighbor interface Copyright © 2010, Juniper Networks, Inc.
Page 336 No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 221.221.221.221 See show ip ospf remote-neighbor interface Copyright © 2010, Juniper Networks, Inc.
Page 337 LSA Router Id Triggers 00:04:47 0.000 23.23.23.3 Protocol Off 00:04:43 0.000 23.23.23.3 LSA Add 00:04:39 0.000 12.12.12.2 LSA Add 00:04:35 0.010 23.23.23.3 LSA Update 00:03:56 0.000 23.23.23.3 Protocol Off 00:03:52 0.000 23.23.23.3 LSA Add Copyright © 2010, Juniper Networks, Inc.
Page 338 LSA discard count—Total number of packets discarded Copyright © 2010, Juniper Networks, Inc.
Page 339 Virtual link to router 192.168.1.13 in state POINT-TO-POINT Transmit Delay is 1 sec Timer intervals configured, Hello 10 sec, Dead 40 sec, Retransmit 5 sec See show ip ospf virtual-links Copyright © 2010, Juniper Networks, Inc.
Page 340 JunosE 11.3.x IP, IPv6, and IGP Configuration Guide Copyright © 2010, Juniper Networks, Inc.
Page 341: Configuring Is-Is
Intermediate System (IS) devices. The IS-IS routing protocol provides routing for pure Open Systems Interconnection (OSI) environments. IS-IS as implemented on the E Series router supports IP networks and Copyright © 2010, Juniper Networks, Inc.
Page 342: Is-Is Terms
Only a level 2 router can exchange packets with external routers located outside its routing domain. link-state PDU (LSP) PDU broadcast by link-state protocols that contains information about neighbors and path costs; used to maintain routing tables; also known as link-state advertisement Copyright © 2010, Juniper Networks, Inc.
Page 343: Figure 18: Overview Of Is-Is Topology
Figure 18 on page 319 illustrates some of the terms described in Table 13 on page 318. Figure 18: Overview of IS-IS Topology Copyright © 2010, Juniper Networks, Inc.
Page 344: Iso Network Layer Addresses
Consequently, the static tables are likely to become rapidly outdated. The router supports dynamic resolution of hostnames to system identifiers. You can use the clns host command to map the hostname to the NSAP address, and therefore to Copyright © 2010, Juniper Networks, Inc.
Page 345: Authentication
NOTE: The router supports simple authentication for compatibility with existing IS-IS implementations. However, we recommend that you do not use the simple authentication method because it is insecure (the text can be “sniffed” ). Copyright © 2010, Juniper Networks, Inc.
Page 346: Hmac Md5 Authentication
Router SanJose accepts packets from router LA and router SanDiego, and simply ignores the message digest included in their packets. Router LA and router SanDiego reject packets from router SanJose because those packets do not include a message digest. Copyright © 2010, Juniper Networks, Inc.
Page 347: Specifying Md5 Start And Stop Timing
Example The following commands configure both key 1 and key 2 to be accepted between 08:00:00 and 23:00:00. When the current time reaches 09:00:00, the router begins Copyright © 2010, Juniper Networks, Inc.
Page 348: Halting Md5 Authentication
The domain-authentication { csnp | psnp } command enables or disables simple authentication or HMAC MD5 authentication of IS-IS level 2 CSNP packets or PSNP packets. By default, authentication of CSNPs and PSNPs is disabled. Copyright © 2010, Juniper Networks, Inc.
Page 349: Extensions For Traffic Engineering
Integrated IS-IS allows for the mixing of routing domains; that is, IP-only routers, OSI-only routers, and dual (IP and OSI) routers. OSI and IP packets are forwarded directly over the link-layer services without needing mutual encapsulation. The E Series router supports Copyright © 2010, Juniper Networks, Inc.
Page 350: Equal-Cost Multipath
(in Router Configuration mode) to specify that the router generate and accept only new-style TLV tuples. For a discussion of IS-IS support for TLV tuples, see “Extensions for Traffic Engineering” on page 325. Copyright © 2010, Juniper Networks, Inc.
Page 351: Setting Route Tags
For example, the following commands define a route map to modify the metric and metric type attributes of IS-IS routes configured with a route tag value of 221. The redistribute isis ip command, as described in “Redistributing Routes Between Levels” Copyright © 2010, Juniper Networks, Inc.
Page 352: Unsupported Features
For IS-IS routes, the route map you apply by using the table-map command contains one or more set commands that can modify the following route attributes: distance origin Copyright © 2010, Juniper Networks, Inc.
Page 353: Graceful Restart
LSP database. Including the restart TLV in hello packets also ensures that neighboring routers will maintain their active adjacencies to the restarting router and keep the restarting router in the network topology. Copyright © 2010, Juniper Networks, Inc.
Page 354: Is-Is For Ipv6
It does not affect IP traffic. Platform Considerations For information about modules that support IS-IS on the ERX7xx models, ERX14xx models, and the ERX310 Broadband Services Router: See ERX Module Guide, Table 1, Module Combinations for detailed module specifications. Copyright © 2010, Juniper Networks, Inc.
Page 355: References
RFC 2966—Domain-wide Prefix Distribution with Two-Level IS-IS (October 2000) RFC 2973—IS-IS Mesh Groups (October 2000) RFC 3277—Intermediate System to Intermediate System (IS-IS) Transient Blackhole Avoidance (April 2002) RFC 3373—Three-Way Handshake for Intermediate System to Intermediate System (IS-IS) Point-to-Point Adjacencies (September 2002) Copyright © 2010, Juniper Networks, Inc.
Page 356: Features
Traffic engineering for MPLS 32-bit (4-octet) route tags Table maps Graceful restart IPv6 routing Before You Run IS-IS At least one IP address/router ID must be configured on your router for IS-IS to run. Copyright © 2010, Juniper Networks, Inc.
Page 357: Configuration Tasks
Use the same tag name for ip router isis as you did for the router isis command. Copyright © 2010, Juniper Networks, Inc.
Page 358 Example host1(config)#router isis floor12 Use the no version to disable IS-IS routing. See router isis Copyright © 2010, Juniper Networks, Inc.
Page 359: Summary Example
Configure any of the following desired IS-IS options for the address family: redistributing routes from other protocols, redistributing IS-IS IPv6 routes between levels, distributing level 2 routing information to level 1 routers throughout the IS-IS Copyright © 2010, Juniper Networks, Inc.
Page 360 Use the same tag name for ipv6 router isis as you did for the router isis command. Example—Enables ISIS for IPv6 on an interface. host1(config-if)#ipv6 router isis bldg1 Copyright © 2010, Juniper Networks, Inc.
Page 361: Summary Example
1 or level 2 hello packets. You can specify whether the password is for level 1 or level 2 hellos. Example host1(config-if)#isis authentication-key 0 red5flower6 Use the no version to delete the password. See isis authentication-key isis message-digest-key Copyright © 2010, Juniper Networks, Inc.
Page 362: Configuring Link-State Metrics
Configuring a Reference Bandwidth to Set a Default Metric By default, all IS-IS interfaces without a configured metric have the same routing metric, 10, However, when you configure a reference bandwidth for IS-IS, the default metric is Copyright © 2010, Juniper Networks, Inc.
Page 363: Setting The Csnp Interval
Use the no version to restore the default value. See isis csnp-interval Configuring Hello Packet Parameters You can set the hello interval and the hello multiplier for IS-IS hello packets. isis hello-interval isis hello-multiplier Copyright © 2010, Juniper Networks, Inc.
Page 364 Example host1(config-if)#isis hello-interval 6 level-1 host1(config-if)#isis hello-multiplier 10 level-1 Use the no version to restore a default value. See isis hello-interval See isis hello-multiplier Copyright © 2010, Juniper Networks, Inc.
Page 365: Padding Is-Is Hello Packets
LSP ID for point-to-point links. You can select an interval in the range 1–65535 seconds. The default value is 5 seconds. Specify a number greater than the expected round-trip delay between any two routers on your network. Copyright © 2010, Juniper Networks, Inc.
Page 366: Setting The Designated Router Priority
You can configure an individual priority for level 1 and level 2 by choosing a priority level in the range 0–127. The default priority level is 64. Specifying the level 1 or level 2 keyword resets the priority only for level 1 or level 2 routing, respectively. Copyright © 2010, Juniper Networks, Inc.
Page 367: Configuring Passive Interfaces
ATM 2/0.1 and ATM 2/1.1. IS-IS advertises the IP address of loopback 0 in its link-state PDUs, but runs only on ATM 2/0.1 and ATM 2/1.1: host1(config)#router isis floor12 host1(config-router)#net 47.0010.0000.0000.0000.0001.0001.1111.1111.1111.00 host1(config-router)#passive-interface loopback 0 host1(config-router)#exit Copyright © 2010, Juniper Networks, Inc.
Page 368: Configuring Adjacency
On point-to-point interfaces, the level 1 and level 2 hellos are in the same packet. Level 1-2 is the default. Example host1(config-if)#isis circuit-type level-2-only Use the no version to restore the default value, level-1-2. See isis circuit-type Copyright © 2010, Juniper Networks, Inc.
Page 369: Configuring Route Tags For Is-Is Interfaces
To make use of the route tag to modify route attributes or redistribute routes, you must reference the tag value in a route map. Example host1(config)#interface atm 3/0 host1(config-if)#isis tag 45 Use the no version to remove the route tag from the interface. See isis tag Copyright © 2010, Juniper Networks, Inc.
Page 370: Configuring Point-To-Point-Over-Lan Circuits
IP unnumbered interface borrows the IP address of another interface on the node. Point-to-point-over-LAN circuits separate the concept of network type from media type, and enable you to apply unnumbered interface configurations to LANs. The point-to-point-over-LAN feature requires the following: Copyright © 2010, Juniper Networks, Inc.
Page 371: Summary Example
In the following command guidelines, many parameters are preset to a default value. Use the no version of those commands to restore default values. Setting Authentication Passwords You can configure simple authentication or HMAC MD5 authentication for either an area or a domain. area-authentication-key Copyright © 2010, Juniper Networks, Inc.
Page 372 You can specify whether the key is entered in unencrypted or encrypted format. If you do not specify which, the string is assumed to be unencrypted. Example host1(config-router)#domain-authentication-key 8 4kl6n39us Use the no version to delete the password. See domain-authentication-key domain-message-digest-key Copyright © 2010, Juniper Networks, Inc.
Page 373: Configuring Authentication Of Csnps And Psnps
HMAC MD5 key specified by the domain-message-digest-key command. You must specify either the csnp keyword to enable authentication of level 2 CSNP packets, or the psnp keyword to enable authentication of level 2 PSNP packets. Copyright © 2010, Juniper Networks, Inc.
Page 374: Configuring Redistribution
Configure a route map that matches the previous access list and applies an internal metric type: host1(config)#route-map 1 host1(config-route-map)#match ip address 1 host1(config-route-map)#set metric-type internal Configure redistribution into IS-IS of the static routes with route map 1: Copyright © 2010, Juniper Networks, Inc.
Page 375 See clear ip isis redistribution See clear isis ipv6 redistribution disable-dynamic-redistribute Use to halt the dynamic redistribution of routes that are initiated by changes to a route map. Dynamic redistribution is enabled by default. Example host1(config-router)#disable-dynamic-redistribute Copyright © 2010, Juniper Networks, Inc.
Page 376: Redistributing Routes Between Levels
Because a level 1 router by default has knowledge only of level 1 routes, traffic from a level 1 router to a router in another area passes through the nearest level 1-2 router as its next hop. Consider the topology shown in Figure 20 on page 353. Copyright © 2010, Juniper Networks, Inc.
Page 377: Figure 20: Example Of Level 1 And Level 2 Routing
IS-IS routes to be redistributed. For details about configuring and using route maps, see JunosE IP Services Configuration Guide. To redistribute IPv6 routes from one IS-IS level to another, use the redistribute isis command from within the IS-IS IPv6 address family. redistribute isis Copyright © 2010, Juniper Networks, Inc.
Page 378: Controlling Granularity Of Routing Information
IS-IS. When used, it increases the number of prefixes throughout the domain, causing increased memory consumption, transmission requirements, and computation requirements throughout the domain. A trade-off decision must be made between scalability and optimality. Copyright © 2010, Juniper Networks, Inc.
Page 379: Configuring A Global Default Metric
Use the no version to remove the global default value. This restores the default value of 10 to all active IS-IS interfaces except for interfaces that have been individually configured with another metric value. See metric Copyright © 2010, Juniper Networks, Inc.
Page 380: Configuring Metric Type
Old style refers to TLVs having metrics with a narrow (six-bit) field with a value in the range 0–63. New style refers to TLVs having metrics with a wider field, as provided for in current extensions to IS-IS traffic engineering. Copyright © 2010, Juniper Networks, Inc.
Page 381: Setting The Administrative Distance
Use to generate a default route into an IS-IS routing domain. When you specify a route map with this command and the router has a route to 0.0.0.0 in the routing table, IS-IS originates an advertisement for 0.0.0.0 in its LSPs. Copyright © 2010, Juniper Networks, Inc.
Page 382: Setting Router Type
Use to configure the router to act as either a station router (level 1), an area router (level 2), or as both a station router and an area router (level-1-2). Always configure the type of IS-IS router. Level-1-2 is the default. Example host1(config-router)#is-type level-2-only Copyright © 2010, Juniper Networks, Inc.
Page 383: Summarizing Routes
When you start or reload a transit router that is running both IS-IS and BGP, the router is temporarily unavailable to the routing domain. Other routers in that routing domain must select alternative paths to destinations that used the transit router. When the transit Copyright © 2010, Juniper Networks, Inc.
Page 384: Waiting For Bgp Convergence
The average rate of learning new routes has dropped to a low level. Example Topology Figure 21 on page 361 shows a sample topology where source end system A is communicating with destination end system B through routers 1, 2, 3, and 4. Copyright © 2010, Juniper Networks, Inc.
Page 385: Suppression For Is-Is Graceful Restart
You can configure the transit router to set the overload bit when it reloads and to then wait for a specified interval before it clears the bit and retransmits its LSP. More commonly, and to avoid the transient black holes, you configure the transit router to wait for BGP to Copyright © 2010, Juniper Networks, Inc.
Page 386 By default, the overload bit is not set. Example 1 host1(config-router)#set-overload-bit Example 2 host1(config-router)#set-overload-bit on-startup 900 Example 3 host1(config-router)#set-overload-bit on-startup wait-for-bgp 450 Use the no version to disable the setting. See set-overload-bit Copyright © 2010, Juniper Networks, Inc.
Page 387: Ignoring Lsp Errors
You can also use the system log command to generate the desired log messages. Example host1(config-router)#log-adjacency-changes severity 3 verbosity low Use the no version to disable the function. See log-adjacency-changes Configuring LSP Parameters You can specify the following parameters for LSPs: Copyright © 2010, Juniper Networks, Inc.
Page 388 If the MTU of a link is lowered to less than 1500 bytes, the LSP MTU must be lowered accordingly on each router in the network. If this is not done, routing may become unpredictable. Example host1(config-router)#lsp-mtu 1500 Use the no version to restore the default value, 1497. See lsp-mtu lsp-refresh-interval Copyright © 2010, Juniper Networks, Inc.
Page 389: Specifying The Spf Interval
LSDB and flood new LSPs throughout the network. Therefore, a router that receives a new LSP is likely to receive more LSPs in the following seconds. An immediate response to a given change is going to miss the subsequent topology changes and spend CPU Copyright © 2010, Juniper Networks, Inc.
Page 390: Defining The Spf Route Calculation Level
IP prefix, change in attributes of an existing IP prefix, or the removal of an existing IP prefix). Because changes in IP prefixes happen more frequently than other events, using the PRC SPF results in faster IS-IS convergence and saves router resources. However, you can Copyright © 2010, Juniper Networks, Inc.
Page 391: Setting Clns Parameters
Use the no version to restore the default value, 30 seconds. See clns holding-time clns host Use to define a name-to-NSAP mapping that can then be used with commands requiring NSAPs. The default is that no mapping is defined. Copyright © 2010, Juniper Networks, Inc.
Page 392: Setting The Maximum Parallel Routes
Use when you want interfaces in the same mesh group to act as a virtual multiaccess network. LSPs seen on one interface in a mesh group are not flooded to another interface in the same mesh group. Example Copyright © 2010, Juniper Networks, Inc.
Page 393: Configuring Table Maps
(in Router Configuration mode). You can then configure one or more optional timing parameters for graceful restart on the router. To enable IS-IS graceful restart and configure optional graceful restart parameters: Copyright © 2010, Juniper Networks, Inc.
Page 394 For more information about monitoring graceful restart, see “show isis nsf” on page 386 command description in “Monitoring IS-IS Parameters” on page 377 and the “show clns neighbors” on page 397 command description in “Displaying CLNS” on page 390. nsf ietf Copyright © 2010, Juniper Networks, Inc.
Page 395 90 Example 2 host1(config-router)#nsf t1 retry-times 2 Use the no version to restore the default time interval, 5 seconds, or the default number of retry attempts, 1. See nsf t1 nsf t2 Copyright © 2010, Juniper Networks, Inc.
Page 396: Summary Example
120 Example 2 host1(config-router)#nsf t3 adjacency Use the no version to restore the default T3 wait time, 100 seconds. See nsf t3 Summary Example host1(config)#router isis floor12 host1(config-router)#net 47.0010.0000.0000.0000.0001.0001.1111.1111.1111.00 host1(config-router)#exit host1(config)#interface atm 0/1 Copyright © 2010, Juniper Networks, Inc.
Page 397: Configuring Is-Is For Mpls
MPLS traffic engineering requires that IS-IS generate the new-style TLVs that enable wider metrics. Use the metric-style wide command to generate the new-style TLVs. If you are using some IS-IS routers that still do not understand the new-style TLVs, use the Copyright © 2010, Juniper Networks, Inc.
Page 398: Using Is-Is Routes For Multicast Rpf Checks
(RPF) checks. Routes available for unicast forwarding appear in the unicast view of the routing table, whereas routes available for multicast RPF checks appear in the multicast view of the routing table. ip route-type Copyright © 2010, Juniper Networks, Inc.
Page 399: Configuring The Bfd Protocol For Is-Is
Use to enable BFD (bidirectional forwarding detection) and define BFD values to more quickly detect IS-IS data path failures. The peers in an IS-IS adjacency use the configured values to negotiate the actual transmit intervals for BFD packets. Copyright © 2010, Juniper Networks, Inc.
Page 400: Disabling The Is-Is Protocol
Deletes all adjacencies with the IS-IS instance NOTE: Rebooting the router does not affect the state of the IS-IS protocol. protocol shutdown Use to disable the IS-IS protocol without removing the IS-IS configuration. Example Copyright © 2010, Juniper Networks, Inc.
Page 401: Monitoring Is-Is
For more information about using event logs, see the JunosE System Event Logging Reference Guide. Monitoring IS-IS Parameters You can monitor the IS-IS link-state database and IS-IS debug information. Use the commands in this section to: Copyright © 2010, Juniper Networks, Inc.
Page 402 CSNP/PSNP packets spf-events —IS-IS Shortest Path First events spf-statistics—IS-IS SPF timing and statistic data spf-triggers—IS-IS SPF triggering events update-packets—IS-IS update-related packets Copyright © 2010, Juniper Networks, Inc.
Page 403 ----- -------------------------------- ----------------- ------ fred 47.0005.80FF.F800.0000.0001.0001 0000.0000.0011.00 static karen 47.0005.80FF.F800.0000.0001.0001 0000.0000.0012.00 static See show hosts show isis database Use to display IS-IS link-state database information. Request specific show isis database statistics by selecting from these options: Copyright © 2010, Juniper Networks, Inc.
Page 404 IPv4 Interface Address—Address of the interface IPv4 Neighbor Address—Address of a neighbor Maximum link bandwidth—Bandwidth capacity of the link in bits per second Reservable link bandwidth—Amount of bandwidth reservable on the link (whether reserved or not) Copyright © 2010, Juniper Networks, Inc.
Page 405 IS-IS Level-1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL zion.00-00* 0x00000011 0xBFAD 0/0/0 Area Address: 47.0005.80FF.F800.0000.0000.0003 NLPID: 0x81 0xcc IP Address: 222.9.1.1 Hostname: zion Router ID: 222.9.1.1 Metric: 0 ES 2220.0900.1001 Copyright © 2010, Juniper Networks, Inc.
Page 406 Metric: 10 IP 221.1.6.0/24 Metric: 10 IP 221.1.4.0/24 Metric: 0 IP 222.9.1.1/32 Example 4 host1#show isis database Getafix:v2 IS-IS Level-1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL Getafix:v2.00-00* 0x00000001 0xEB53 1097 0/0/0 Copyright © 2010, Juniper Networks, Inc.
Page 407 Metric: 10 IS host1:1.00 Metric: 10 IS host1:3.00 Metric: 10 IP 4.4.4.0/24 Metric: 10 IP 20.0.0.0/24 Metric: 10 IP 40.0.0.0/24 Metric: 10 IP 30.0.0.0/24 Metric: 10 IPv6 Internal Up 1:1:1:102::/64 See show isis database Copyright © 2010, Juniper Networks, Inc.
Page 408 Reservable link bandwidth—Amount of bandwidth reservable on the link (whether reserved or not) Unreserved bandwidth—Amount of bandwidth available for reservation on the link TE default metric—Traffic engineering default metric value Affinity Bits—Attributes flooded for the link Copyright © 2010, Juniper Networks, Inc.
Page 409 Maximum link bandwidth: Reservable link bandwidth: Unreserved bandwidth: Priority 0: Priority 1: Priority 2: Priority 3: Priority 4: Priority 5: Priority 6: Priority 7: TE default metric: See show isis mpls advertisements show isis mpls tunnel Copyright © 2010, Juniper Networks, Inc.
Page 410 Adj. Wait Time—Maximum time, in seconds, that an IS-IS process on the restarting router waits for all interfaces with IS-IS adjacencies to come up before completing the restart process Copyright © 2010, Juniper Networks, Inc.
Page 411 Restart Ack Recv Adj Count : 0(level-1) 0(level-2) LAN If DIS Wait Count Restart CSNP Adj Recv Count: 0(level-1) 0(level-2) Local LSP Wait Count : 0(level-1) 0(level-2) See show isis nsf show isis spf-log Copyright © 2010, Juniper Networks, Inc.
Page 412 Use to display the status of IS-IS aggregate addresses. Field descriptions Address—Aggregate addresses advertised by summarization process Mask—IP subnet masks used for the summary routes Level—Level for which multiple groups of addresses can be summarized Metric—Metric used to advertise the summary Copyright © 2010, Juniper Networks, Inc.
Page 413 See show isis topology undebug isis Use to cancel the display of information about a selected event. The same IS-IS variables can be designated as in the debug isis command. Example Copyright © 2010, Juniper Networks, Inc.
Page 414: Displaying Clns
IS-IS: System ID Length Mismatches: 0 IS-IS: Maximum Area Mismatches: 0 Interface: atm2/1.3 IS-IS: Baseline last set 0 days, 0 hours, 1 minutes, 43 seconds IS-IS: Protocol PDUs (in/out): 32/36 IS-IS: Init Failures: 0 Copyright © 2010, Juniper Networks, Inc.
Page 415 ATT—Attach bit; indicates that the router is a level 2 router and can reach other areas P—P bit; detects whether intermediate system is capable of area partition repair OL—Overload bit; determines whether intermediate system is congested Example host1#show isis database IS-IS Level-1 Link State Database Copyright © 2010, Juniper Networks, Inc.
Page 416 1 PSNP packets and/or level 1 CSNP packets has been enabled by means of the area-authentication command Key-id—Numeric identifier for the authentication key Type—Type of authentication: hmac-md5 or password; an asterisk after the type indicates that the key is active Copyright © 2010, Juniper Networks, Inc.
Page 417 Init—Router is an IS and is waiting for an IS-IS hello message. IS-IS regards the neighbor as not adjacent. Type—Level 1, level 2, and level 1-2 type adjacencies L1—Router adjacency for level 1 routing only Copyright © 2010, Juniper Networks, Inc.
Page 418 Routing for Area: 49.0001 Ip route-type both Example 3—For IS-IS adjacencies host1#show clns is-neighbors System Id Interface State Type Priority Circuit Id 0000.0000.7500 atm2/0.111 L1L2 127 0000.0000.0000.00 Example 4—For detailed information on IS-IS adjacencies Copyright © 2010, Juniper Networks, Inc.
Page 419 Circuit ID—Circuit ID of the IS-IS router at each level Number of active level 1 and level 2 adjacencies—Number of adjacencies active at each level Designated IS—Name of the designated IS-IS router at each level Copyright © 2010, Juniper Networks, Inc.
Page 420 Mesh Group Inactive LDP is configured through LDP autoconfig LDP-IGP Synchronization: Achieved Example 2 host1#show clns interface brief Clns Intf brief Table -------------------- l1/l2 interface state level DIS(L-1) DIS(L-2) Metric ------------- ----- --------- ------------- -------------- ------ Copyright © 2010, Juniper Networks, Inc.
Page 421 ES-IS, IS-IS, and Static. Area Address(es)—Area addresses of the ES or IS Ip Address(es)—IP addresses of the ES or IS Graceful Restart Capable—Whether graceful restart is enabled (yes) or disabled (no) on the ES or IS Copyright © 2010, Juniper Networks, Inc.
Page 422 Manual area addresses—Configured area addresses Routing for area address(es)—Identified for level 1 routing processes. For level 2 routing processes, lists the domain address. Interfaces supported by IS-IS—Interfaces and type Distance—Configured distance value Redistributing—Protocols being redistributed into IS-IS Example Copyright © 2010, Juniper Networks, Inc.
Page 423 IS-IS: Level-1 LSPs Sent Rcvd Dropped—Number of level 1 LSPs sent, received, and dropped IS-IS: Level-2 LSPs Sent Rcvd Dropped—Number of level 2 LSPs sent, received, and dropped IS-IS: LSP checksum errors received—Number of LSP checksum errors received Copyright © 2010, Juniper Networks, Inc.
Page 424 IS-IS: Level-1 PSNPs (in/out)—Number of level 1 PSNPs received and sent on the interface IS-IS: Level-2 PSNPs (in/out)—Number of level 2 PSNPs received and sent on the interface IS-IS: LSP Retransmissions—Number of LSPs retransmitted on the interface Copyright © 2010, Juniper Networks, Inc.
Page 425 IS-IS: Maximum Area Mismatches: 0 IS-IS: Area/Domain Authentication Failures: 0 IS-IS: Level-1 LSPs Sent: 1 Rcvd: 6769 Dropped: 6769 IS-IS: Level-2 LSPs Sent: 1 Rcvd: 6769 Dropped: 6769 IS-IS: LSP checksum errors received: 0 Copyright © 2010, Juniper Networks, Inc.
Page 426 IS-IS: Bad LSPs: 0 IS-IS: LSP Retransmissions: 0 IS-IS: Level-1 Designated IS Changes: 1 IS-IS: Level-2 Designated IS Changes: 1 IS-IS: Invalid 9542s: 0 IS-IS: Malformed PDU received: 0 IS-IS: Authentication Failures: 0 See show clns traffic Copyright © 2010, Juniper Networks, Inc.
Page 427: Part 3 Index
PART 3 Index Index on page 405 Copyright © 2010, Juniper Networks, Inc.
Page 428 JunosE 11.3.x IP, IPv6, and IGP Configuration Guide Copyright © 2010, Juniper Networks, Inc.
Page 429: Index
261 address-family command..........336 defining..............240, 245 adjacencies, clearing IS-IS..........377 stub areas..............239, 261 adjacency levels, IS-IS............343 ARP (Address Resolution Protocol) displaying information on.........392 ARP protocol..............80 logging changes between........363 hosts..................17 adjacency, OPSF..............236 physical and logical addresses........7 Copyright © 2010, Juniper Networks, Inc.
Page 430 BGP............84 baseline ip udp..............76 complete sequence number PDU. See CSNP baseline ipv6 interface..........149 connection-oriented protocols..........3 baseline ipv6 local pool..........149 Connectionless Network Protocol. See CLNP baseline tcp.............76, 149 Connectionless Network Service Protocol. See CLNS Copyright © 2010, Juniper Networks, Inc.
Page 431 ECMP (equal-cost multipath) RIP..................206 IP.................48, 145 default-metric command..........210 IS-IS.................325, 367 description OSPF.............242, 275, 283 adding to IP interfaces..........46 RIP................203, 206 adding to IPv6 interfaces..........138 end system. See ES entry, routing table..............26 equal-cost multipath. See ECMP Copyright © 2010, Juniper Networks, Inc.
Page 432 Internet Layer, TCP/IP..............5 hello packet validity rate, IS-IS........367 interval rate, LSP (IS-IS)............363 Hello protocol.................237 intra-area routes, OSPF............241 hello-interval command...........286 IP......................3 HMAC MD5 ARP protocol..............7, 17 authentication, IS-IS...........322 assigning router IDs............28 IS-IS area-wide password........348 broadcast addressing..........22, 23 Copyright © 2010, Juniper Networks, Inc.
Page 433 35 directed broadcast............14 ip route-type..........219, 283, 374 filter-options-all..............14 ip router isis............333, 335 IGMP..................14 ip router-id................28 ignore-df-bit..............14 ip sa-validate............39, 133 inactivity-timer..............14 ip share-interface..........55, 137 inspection................14 Copyright © 2010, Juniper Networks, Inc.
Page 434 Copyright © 2010, Juniper Networks, Inc.
Page 435 CLNS............390 routes dynamic hostname resolution........367 summarizing............359 ECMP................325 using for multicast RPF checks......374 enabling................333 routing levels/layers........318, 338, 358 Copyright © 2010, Juniper Networks, Inc.
Page 436 (IS-IS)..........367 line modules message digests..............265 forwarding table on............25 message-digest-key md5 command......287 link-state advertisements. See LSAs metric link-state metrics, IS-IS.............338 IS-IS global default.............354 link-state packets. See LSPs, IS-IS IS-IS interface...............338 Copyright © 2010, Juniper Networks, Inc.
Page 437 See NET BGP and................242 network interface layer (TCP/IP).........5 BGP/MPLS VPNs and..........284 network layer addresses............320 configuring network masks................9 areas................259 network service access point. See NSAP authentication.............265 network, OSPF routing............256 incremental SPF..........291 interfaces..............251 NBMA networks...........281 Copyright © 2010, Juniper Networks, Inc.
Page 438 RTR probes....67 packet-switching networks...........4 redirects, IP................58 packets, IP..................4 redistribute command broadcast packets............22 IS-IS..................352 echo request and trace packets.......59 OSPF...............242, 278 ICMP messages and............57 RIP..................215 IPv6 echo request and trace........134 redistribute isis ip command...........354 Copyright © 2010, Juniper Networks, Inc.
Page 439 PPP response messages.............201 interface................38 route specificity.............216 default routes..............35 route tags...............203 disabling forwarding of packets......40 split horizon mechanism..........203 identifying a router............28 subnet masks..............203 maximum number of parallel routes....48, 145 summarizing routes............203 monitoring..........84, 96, 99, 166 Copyright © 2010, Juniper Networks, Inc.
Page 440 See also RIP show clns................392 show clns interface.............395 Copyright © 2010, Juniper Networks, Inc.
Page 441 133 show ipv6 address............150 SPF (shortest path first) calculations....311, 386 show ipv6 local pool...........166 IS-IS..................365 show ipv6 neighbors...........166 SPF hold time show ipv6 protocols............170 interval................279 show ipv6 route.............172 IS-IS..................365 show ipv6 routers............172 SPF, incremental..............291 Copyright © 2010, Juniper Networks, Inc.
Page 442 138 triggered-update-disable command......216 tcp mss..............40, 138 troubleshooting tcp path-mtu-discovery........40, 138 dropped packets............85 tcp path-mtu-discovery IS-IS...................377 black-hole-detect-threshold.......40, 138 OSPF................292 tcp path-mtu-discovery max-mtu....40, 138 RIP..................224 tcp path-mtu-discovery min-mtu....40, 138 ttl command................288 tcp paws-disable..........48, 138 type command................63 Copyright © 2010, Juniper Networks, Inc.
Page 443 IP..................38 IPv6..................130 unreachable messages (ICMP)........58 unreliable protocols...........4, 57, 127 update-source command........224, 288 User Datagram Protocol. See UDP validating source addresses........39, 133 verifying next hops for static routes........30 virtual links, OSPF..........239, 241, 261 virtual-router command............16 Copyright © 2010, Juniper Networks, Inc.
Page 444 JunosE 11.3.x IP, IPv6, and IGP Configuration Guide Copyright © 2010, Juniper Networks, Inc.

This manual is also suitable for:

Junose 11.3