Tag Archives: Forwarding Plane

Notas estudo JNCIS-ENT parte 1

Os guides disponibilizados pela dividem-se em Switching e Routing, eu iniciei os estudos pela componente de Switching.

Mecanismos de Bridging:
Learning – Baseado no Source Address
Forwading – Baseado no Destination Address
Flooding – mecanismo transparente para enviar pacotes para unknown MAC addresses
Filtering
Aging – By default 300sec

!Desativar o Learning de Mac na porta do switch
[email protected]#  set ethernet-switching-options interfaces ge-0/0/0.0 no?
Possible completions:
no-mac-learning      Disable mac learning for this interface

{master:0}[edit]
[email protected]#  set ethernet-switching-options mac-table-aging-time ?
Possible completions:
<mac-table-aging-time>  MAC aging time (60..1000000 seconds)
{master:0}[edit]
[email protected]#  set vlans vlan-name mac-table-aging-time ?
Possible completions:
<mac-table-aging-time>  MAC aging time (60..1000000 seconds)

3-2-1 Architecture Solutions

3-2-1 Architecture is fabric technology

Virtual-chassis – combina vários Layers em apenas um managed device

Quantum Fabric (QFabric) – combina varias funções de um Multilayer switched network em apenas um managed device

Enterprise Devices and Layer 2 Switching

As plataformas J/SRX/EX/QFX suportam operações Layer 2 switching, mas o J/SRX não suporta todas as funcionalidades.

Fixed Chassis POE:
EX2200
EX3200
EX3300
EX4200

Virtual-Chassis:
EX2200
EX3300
EX4200
EX4500

Modular EX Series
EX6210
EX8208
EX8216

Virtual-Chassis
Requer a External Routing Engine (XRE) hardware
EX8208
EX8216

Routing Engines/Switch Fabrics no mesmo modulo (SRE)
EX6210
EX8208

Control and Forwarding Functions

RE – tem a tabelas Routing/Forwarding/Bridging

PFE – tabelas Layer 2/Layer3 forwarding

Ingress Unknown Source Mac-Address

1. Frames on ingress
2. O ingress PFE faz MAC lookup e determina que o MAC e unknow
3. O ingress PFE envia para o RE o header info, onde o MAC é adicionado ou descartado (Mac limited)
4. Se o RE adicionar um novo MAC a Bridge table, os PFEs serão atualizados com esta nova entrada

Egress Unknown Destination Mac-Address

1. Frames on ingress
2. O ingress PFE faz MAC lookup e determina que o MAC é unknow e replica as frames para outros PFEs e por todas as interface no mesmo Broadcast Domain (VLAN)
3. Todos os outros PFEs replicam as frames e fazem forward para todas as portas egress no mesmo Broadcast Domain

Enabling Layer 2

Definindo interfaces individualmente

set interfaces ge-0/0/6 unit 0 family ethernet-switching

Definindo Range de interfaces

Usando comando member

set interfaces interfaces-range range-1 member ge-0/0/6
set interfaces interfaces-range range-1 member ge-0/0/7
set interfaces interfaces-range range-1 member ge-0/0/8
set interfaces interfaces-range range-1 unit 0 family ethernet-switching

Usando comando member-range

set interfaces interfaces-range range-1 member-range ge-0/0/6 to ge-0/0/8
set interfaces interfaces-range range-1 unit 0 family ethernet-switching

É possível combinar usando member e member-range

[email protected]# show
interface-range range-1 {
member ge-0/0/10;
member-range ge-0/0/6 to ge-0/0/8;
unit 0 {
family ethernet-switching;
}
}

Ethernet switching process (eswd)

Após executar o show interfaces terse na coluna Proto ,o eth-switch significa que a porta se encontra em Layer 2.

master:0}[edit]
[email protected]# run show interfaces terse
Interface               Admin Link Proto    Local                 Remote
ge-0/0/0                up    down
ge-0/0/12               up    up
ge-0/0/12.0             up    up   eth-switch

set interfaces ge-0/0/6 ether-options no-auto-negotiation link-mode full-duplex
set interfaces ge-0/0/6 ether-options speed 1g
set interfaces ge-0/0/6 unit 0 family ethernet-switching

{master:0}
[email protected]> show interfaces extensive ge-0/0/6
Physical interface: ge-0/0/6, Enabled, Physical link is Up
Interface index: 135, SNMP ifIndex: 124, Generation: 138
Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, Duplex: Full-Duplex,

Bridging Table

show ethernet-switching table

Layer 2 Forwarding Table

show route forwading-table family ethernet-switching

{master:0}
[email protected]> show route forwarding-table family ethernet-switching
Routing table: default.ethernet-switching
ETHERNET-SWITCHING:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    66     1
2, *               user     0                    comp  1304     2
2, *               intf     0                    rslv  1302     1
2, 00:26:88:02:74:86 user     0                  ucst  1303     3 ge-0/0/6.0
2, 00:26:88:02:74:87 user     0                  ucst  1305     3 ge-0/0/7.0
2, 00:26:88:02:74:88 user     0                  ucst  1306     3 ge-0/0/8.0

Defining Static Bridge Table Entries

set ethernet-switching-options static vlan default mac 00:26:88:02:74:86 next-hop ge-0/0/6.0

Access | Trunk Switchports

A default VLAN e untaged (VLAN 0)

{master:0}[edit]
[email protected]# run show vlans
Name           Tag     Interfaces
default
ge-0/0/6.0*

{master:0}[edit]
[email protected]#set vlans default vlan-id 100

[email protected]# run show vlans
Name           Tag     Interfaces
default        100
ge-0/0/6.0*

O * significa que a interface está activa

Configuring VLANs

set vlans v10 vlan-id 10
set vlans v20 vlan-id 20

Configuring Access Ports

By default as interfaces estão em access

set interface ge-0/0/8 unit 0 family ethernet-switching port-mode access vlan members v10
set interface ge-0/0/9 unit 0 family ethernet-switching port-mode access vlan members v20

Metodo Alternativo #1
{master:0}[edit vlans]
[email protected]# show
v10 {
vlan-id 10;
interface {
ge-0/0/8.0;
}
}
v20 {
vlan-id 20;
interface {
ge-0/0/9.0;
}
}

Configuring Trunk Ports

!Permitir estritamente determinadas VLANs
set interface ge-0/0/12 unit 0 family ethernet-switching port-mode trunk vlan members v10 v20

!Permitir todas as VLANs
set interface ge-0/0/12 unit 0 family ethernet-switching port-mode trunk vlan members all

Metodo Alternativo #1

[email protected]# show
v10 {
vlan-id 10;
interface {
ge-0/0/12.0;
}
}
v20 {
vlan-id 20;
interface {
ge-0/0/12.0;
}
}

{master:0}[edit]
[email protected]# run show ethernet-switching interfaces ge-0/0/12.0
Interface    State  VLAN members        Tag   Tagging  Blocking
ge-0/0/12.0  up     v10                 10    tagged   unblocked
v20                 20    tagged   unblocked

Voice VLAN

set vlans voice vlan-id 30
set vlans data vlan-id 40
set ethernet-switching-options voip interface ge-0/0/6.0 vlan voice forwarding-class assured-forwarding

{master:0}[edit]
[email protected]# show ethernet-switching-options
voip {
interface ge-0/0/6.0 {
vlan voice;
forwarding-class assured-forwarding;
}
}

set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode trunk vlan members [voice data]

{master:0}[edit]
[email protected]# show interfaces ge-0/0/12.0
family ethernet-switching {
port-mode trunk;
vlan {
members [ data voice ];
}
}

[email protected]# run show ethernet-switching interfaces ge-0/0/12.0
Interface    State  VLAN members        Tag   Tagging  Blocking
ge-0/0/12.0  up     data                40    tagged   unblocked
v10                 10    tagged   unblocked
v20                 20    tagged   unblocked
voice               30    tagged   unblocked

By default o Trunk faz drop a trafego com VLAN 0 (default) ou seja untaged, para contornar este comportamente deve ser usado o native-vlan-id

set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode trunk native-vlan-id default vlan members [default]

{master:0}[edit]
[email protected]# commit
error: Trunk/Tagged-access interface ge-0/0/12.0 should not have a vlan default with tag value 0
error: configuration check-out failed

{master:0}[edit]
[email protected]# set vlans default vlan-id 100
[email protected]# commit
configuration check succeeds
commit complete

Router VLAN Interface (RVI)

{master:0}[edit]
[email protected]# set interfaces vlan unit 10 family inet address 172.23.10.1/24
[email protected]# set vlans v10 l3-interface vlan.10
[email protected]# set interfaces vlan unit 20 family inet address 172.23.20.1/24
[email protected]# set vlans v20 l3-interface vlan.20

[email protected]# run show interfaces terse
Interface               Admin Link Proto    Local                 Remote
vlan                    up    up
vlan.10                 up    up   inet     172.23.10.1/24
vlan.20                 up    up   inet     172.23.20.1/24

Share

Notas estudo JNCIA-Junos parte 1

Estas são as minhas notas de estudo para o exame JNCIA-Junos JN0-102, o material de estudo usado é referido no post Exame JNCIA-Junos JN0-102. Irei dividir  em vários posts para tornar a leitura mais agradável.

Arquitectura

O JunOS é composto por Routing Engine (RE) e Packet Forwarding Engine (PFE).

Control Plane – Routing Engine (RE)

Data Plane – Packet Forwarding Engine (PFE), a Forwarding table é uma cópia da Forwarding table no RE

Routing Engine (RE)—-link interno—-Packet Forwarding Engine (PFE)

O JunOS é composto por módulos diferentes independentes de software, não utilizando a arquitectura monolítica usada por outros Fabricantes.

O exception traffic (processado pelo RE) é rate-limit no link interno protegendo o Control Plane de ataques (DDOS). Este rate-limit não é configuravel, durante a congestão o JunOS dá preferência ao tráfego local e de control destinado ao RE.

Detalhes sobre alguns produtos Juniper:

M Multi-service ate 320 gbps half-duplex
T ate 25 tbps
J Series Services Routers ate 2 Gbps, usado em remote, branch
Mx Series Ethernet Services Routers ate 960 Gbps half-duplex
EX Series switches ate 6.2 Tbps full duplex
SRX Series Services Gateways ate 120 Gbps

CLI Modes

Existem 2 modos: Operational e Configuration Mode

Operational Mode – identificado pelo caracter >

Configuration Mode – identificado pelo caracter #

Diferenças entre Brief e Terse

[email protected]> show interfaces em0 terse
Interface               Admin Link Proto    Local                 Remote
em0                           up    up
em0.0                        up    up   inet     10.0.0.21/24

[email protected]> show interfaces em0 brief
Physical interface: em0, Enabled, Physical link is Up
Description:
Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Clocking: Unspecified,
Speed: 1000mbps
Device flags   : Present Running
Interface flags: SNMP-Traps

Logical interface em0.0
Flags: SNMP-Traps Encapsulation: ENET2
inet  10.0.0.21/24

By default as formas de completar o comando são usando o SPACE ou TAB

Para desativar com base na sessão:

[email protected]>  set cli complete-on-space off

Usando o | (Pipe)

[email protected]# show | display set
set version 10.4R1.9
set system host-name R1

[email protected]# show | match host
host-name R1;

[email protected]# set system ntp server 1.1.1.1

[email protected]# show | compare
[edit system]
+   ntp {
+       server 1.1.1.1;
+   }

[edit]

Movendo-se entre hierarquias:

up xx – sob xx níveis na hierarquia, quando omitido o valor = 1
top – top da hierarquia
exit – sobe um nível na hierarquia
exit configuration-mode – sai do modo de configuração

[email protected]#  wildcard delete interfaces ge-1/*
matched: ge-1/0/0
matched: ge-1/0/1
Delete 2 objects? [yes,no] (no) yes

Comandos de ajuda na configuração:

rename – renomear um comando na configuracao, pex mudar o nome de uma interface

replace pattern – mudar a config com base num padrao pex replace pattern em4 with em5

copy – copia a config de uma interface para outra

Desativar vs Desabilitar

Activate/Deactivate – permite nao ignorar/ignorar um comando na configuração

deactivate interfaces em4
activate interfaces em4

Usando o deactivate :

interfaces {
inactive: em4 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}

Enable/Disable – permite activar/desativar p.ex uma interface

Usando o disable:

[email protected]#set interfaces em4 disable

interfaces {
em4 {
disable;
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}

annotate – permite adicionar comentários a configuração

annotate interfaces “n mudem interface”

Fazer commit da config

commit – passa a candidate a active

commit check – apenas valida a candidate config

commit confirmed – necessário efetuar um 2 commit num período de 10 minutos (default) caso contrario e feito rollback automaticamente.

Em devices com RE redundantes, é necessário fazer commit synchronize. E possível mudar o comportamento usando o comando set system commit synchronize. Após este comando o commit sincroniza automaticamente os RE

set system max-configurations-on-flash xx – xx representa o numero  máximo de configs guardadas

Guardar Configuração em ficheiro

Guarda a config atual apartir da hierarquia onde se encontra no momento

[email protected]#save path/filename

ftp:// user:[email protected]/path/filename
scp:// [email protected]/path/filename

Loading Config Files

[email protected]# load (replace | merge | override) terminal

replace – usa a tag replace para substituir
merge – adiciona a config atual a nova config
override – carregar uma nova config fazendo overwrite á actual, comando possível no top da hierarquia

Usar o relative para fazer load para a hierarquia onde se está no momento

[email protected]# load (replace | merge | override) (filename | terminal) relative

Parâmetros de accesso

Define o timeout do CLI

[email protected]>  set cli idle-timeout 60
Idle timeout set to 60 minutes

[email protected]>  set cli idle-timeout 0
Idle timeout disabled

Powering on and off JunOS

request system halt – permite um shutdown graceful antes de remover o power. O system power é mantido sendo feito reboot com actividade na consola

Management Netowrk Parameters

O routing estático apenas está disponível quando o routing protocol process (rpd) está Up, caso este pare de funcionar é possível configurar um backup router.

set system backup-router 172.20.101.1 destination 100.100.100.0/24

Share