Tag Archives: OSPF

Renewing my JNCIP-ENT

Once you got the email from the vendor saying something like “Your certification is about to expire”, the only thing which come to my mind is “Dam it! Again…..”

So long story short, the exam is 120 minutes, 65 questions  and the same blueprint from last time. The only change i noticed was the Junos Software release, it is 15.1 now
I used my notes here from my previous studies.
There is another exam to achieve the JNCIP-ENT (JN0-646) which has the same blueprint but uses an Enhanced Layer 2 Software (ELS). The CLI it’s slightly on switching configs.

I got 73%, so it’s a pass! Maybe i get energy to face the JNCIE before i receive again the famous email “…about to expire”

I don’t remember the price of the JNCIP exam because i did it 3 years ago, but by the priced published by PearsonVue it increased apparently

Share

Exame JNCIP-ENT JN0-643

Hoje realizei o exame JN0-643 da Juniper, este exame não é abrangido pelo “Fast track Program” :(. Depois de realizar as formações Advanced Junos Enterprise Routing (AJER) e Advanced Junos Enterprise Switching (AJEX) foi rever as notas e praticar mais a componente de Multicast e QoS.

Pré-Requisitos

É necessário ter a certificação JNCIA-Junos e JNCIS-ENT

Material de Estudo

Como referi anteriormente as formações foram uma base muito importante bem como os materiais disponibilizados. Além dos Labs durante as formações,  usei posteriormente o Juniper Olive , Virtual Labs e o JunosSphere.

Junos Software Release

  • 12.3
  • 12.1 for SRX Series Devices

Treinamento recomendado

Advanced Junos Enterprise Routing (AJER)

Advanced Junos Enterprise Switching (AJEX)

Download Notas Estudo Advanced Junos Enterprise Routing (AJER)

Download Notas Estudo Advanced Junos Enterprise Switching (AJEX)

Objectivos Exame

  • OSPF
  • BGP
  • IP Multicast
  • Ethernet Switching and Spanning Tree
  • Layer 2 Authentication and Access Control
  • IP Telephony Features
  • Class of Service (CoS)
**Clique para expandir/colapsar os objectivos em detalhe**

Exame

A prova tem a duração de 120 minutos com 70 questões. O minimo para passar é de 65%

Resultado

Como sempre o resultado é temporário, mas desta vez as as boas noticias chegaram mais depressa que o previsto. Passei!
juniper_certmanager_09112014
Aqui fica o logo oficial

junipe-jncip-ent

 

Referências:

Juniper Learning Portal

Juniper JNCIS-ENT

Junos documentation

Junos documentation for EX Series switches

Juniper Certificações Junho 2013

Exame JNCIA-Junos JN0-102

Exame JNCIS-ENT JN0-643

Share

Notas estudo JNCIS-ENT parte 11

Nota: Este Post faz parte do guide de Routing.

Monitoring Commands

show ospf route
show ospf database
show ospf statistics
show ospf log

[email protected]> show ospf interface extensive
Interface           State   Area            DR ID           BDR ID          Nbrs
ge-0/0/3.0          DR      0.0.0.1         192.168.1.2     192.168.1.1        1
Type: LAN, Address: 172.26.1.2, Mask: 255.255.255.252, MTU: 1500, Cost: 1
DR addr: 172.26.1.2, BDR addr: 172.26.1.1, Priority: 128, Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Topology default (ID 0) -> Cost: 0
ge-0/0/1.0          BDR     0.0.0.0         192.168.1.3     192.168.1.2        1
Type: LAN, Address: 172.26.2.1, Mask: 255.255.255.252, MTU: 1500, Cost: 1
DR addr: 172.26.2.2, BDR addr: 172.26.2.1, Priority: 128, Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Topology default (ID 0) -> Cost: 0

O campos de output do comando show ospf interface são:
• Intf: Displays the name of the interface running OSPF.
• State: Displays the state of the interface. It can be BDR ,  Down,  DR,  DRother,  Loop,  PtToPt , or  Waiting.
• Area: Displays the number of the area in which the interface is located.
• DR ID: Displays the address of the area’s designated router.
• BDR ID : Displays the BDR for a particular subnet.
• Nbrs: Displays the number of neighbors on this interface.
• Type (detail and extensive output only): Displays the type of interface. It can be  LAN ,  NBMA,  P2MP,  P2P , or
Virtual.
• address (detail and extensive output only): Displays the IP address of the neighbor.
• mask (detail and extensive output only): Displays the mask of the interface.
• MTU  (detail and extensive output only): Displays the interface’s maximum transmission unit (MTU).
• cost (detail and extensive output only): Displays the interface’s cost (metric).
• DR addr (detail and extensive output only): Displays the address of the designated router.
• BDR addr : Displays the address of the BDR.
• adj count (detail and extensive output only): Displays the number of adjacent neighbors.
• Flood list (extensive output only): Displays the list of LSAs pending flood on this interface.
• Ack list  (extensive output only): Displays the list of pending acknowledgments on this interface.
• Descriptor list (extensive output only): Displays the list of packet descriptors.
• Dead (detail and extensive output only): Displays the configured value for the dead timer.
• Hello (detail and extensive output only): Displays the configured value for the hello timer.
• ReXmit  (detail and extensive output only): Displays the configured value for the retransmit timer.
• OSPF area type (detail and extensive output only): Displays the type of OSPF area, which can be Stub,  Not
Stub, or  NSSA.

O campos de output do comando show ospf route são:
• Prefix : Displays the destination of the route.
• Route/Path Type: Displays how the route was learned:
– ABR : Route to area border router;
– ASBR: Route to AS border router;
– Ext : External router;
– Inter: Interarea route;
– Intra: Intra-area route; or
– Network: Network router.
• Metric : Displays the route’s metric value.
• Next hop i/f: Displays the interface through which the route’s next hop is reachable.
• Next hop addr : Displays the address of the next hop.
• area (detail output only): Displays the area ID of the route.
• options (detail output only): Displays the option bits from the LSA.
• origin  (detail output only): Displays the router from which the route was learned.

O campos de output do comando show ospf database extensive são:
• bits: Displays the flags describing the router that generated the LSP.
• link count: Displays the number of links in the advertisement.
• Each link contains the following output fields:
– id: Displays the ID of a router or subnet on the link.
– data: For stub networks, displays the subnet mask; otherwise, it displays the IP address of the router that
generated the LSP.
– type: Displays the type of link; it can be  PointToPoint,  Transit,  Stub, or  Virtual.
– TOS count: Displays the number of type-of-service (ToS) entries in the advertisement.
– TOS 0 metric: Displays the metric for ToS 0.
• Each ToS entry contains the following output fields:
– TOS : Displays the ToS value.
– metric : Displays the metric for the ToS.
– Aging timer  (extensive output only): Displays how long until the LSA expires (displayed as hrs:min:sec).
– Installed (extensive output only): Displays how long ago the route was installed.
– expires (extensive output only): Displays how long until the route expires (displayed in hrs:min:sec).
– Ours (extensive output only): Indicates that this advertisement is local.

!Visualizar as ocorrências dos cálculos do SPF
show ospf log

OSPF Tracing

set protocols ospf traceoptions file trace-ospf
set protocols ospf traceoptions flag error detail
set protocols ospf traceoptions flag event detail
set protocols ospf area 0 interface ge-0/0/0.0
set protocols ospf area 0 interface lo0.0

Viewing OSPF Error Counters

show ospf statistics
clear ospf statistics

Chapter 4 Border Gateway Protocol

Why BGP?
BGP é um path-vector protocol usado para interdomain routing.

RFC 4271 – BGP version 4 (BGP4)

BGP Peering Sessions

Neighbor States:
TCP Connectivity
Idle
Connect
Active

BGP Connectivity:
OpenSent
OpenConfirm
Established

BGP Message Types
Open
Update
Keepalive
Notification
Refresh – soft clearing do BGP

BGP Update Messages

Descrevem um single path para múltiplos prefixos. BGP peer assume essa informação enquanto não receber nenhum update subsequente advertindo um novo path para o prefixo ou lista-lo como unreachable.

BGP Message Types

BGP Attributes
Type Well-know mandatory
AS Path
Origin
Next-hop

Type Well-know discretionary:
Local Preference
Atomic Aggregator

Type Optional transitive:
Community
Agregator

Type Optional nontransitive:
MED
Cluster List
Originator ID

BGP Attributes

Type Well-know mandatory – A implementação do BGP deve obrigatoriamente suportar
Type Well-know discretionary – A implementação do BGP deve obrigatoriamente suportar
Type Optional transitive – a sua implementação não é obrigatória, mas caso suportado devem ser passados sem serem modificados aos outros Peers BGP
Type Optional nontransitive – a sua implementação não é obrigatória. Se um atributo optional nontransitive não for reconhecido, e ignorado e não enviado aos outros peers

Os Common BGP Attributes:Next-hop,Local Preference,AS-Path,Origin,MED,Community

Next-Hop Attribute

Se o next-hop para um determinado prefixo não for reachable, e colocado na tabela de routing como hidden

show route hidden

Local-Preference Attribute

Atributo visível apenas entre iBGP peers, permite direcionar tráfego de outbound para um determinado peer

Caso seja configurado o local-preference na config e via routing policy, o sistema usa o valor da routing policy

AS-Path Attribute

Verifica o AS-Path e caso o router identifique o seu próprio AS number neste update, é feito Drop devido ao mecanismo de Loop.

É advertido aos restantes peers o best path (menor AS Path para um prefixo)

Origin Attribute

O router que adverte o prefixo e responsável por inserir o atributo Origin

IGP – BGP assigna valor 0 a rota IGP. Exemplos: OSPF, IS-IS, static, e aggregate.
EGP – BGP assigna valor 1 a rota. Rotas EGP do protocolo EGP original, predecessor do BGP
Incomplete – BGP assigna valor 3 a rotas unknown. Estas rotas são conhecidas como não tendo origem no IGP ou EGP

By default o junOS assigna o valor I de IGP, este pode ser alterado usando um routing policy

MED Attribute

Usado para influenciar tráfego inbound (para o meu AS), o BGP assume o MED com valor 0 caso não seja usado o atributo.

Usar o comando metric-out no BGP protocol, group ou neighbor, é possível também usar na routing policy usando metric

Community Attribute

Permite identificar um conjunto de atributos de um grupo de prefixos

set policy-options policy-statement ibgp-export from neighbor 172.25.125.2
set policy-options policy-statement ibgp-export then community set custom-routes

set policy-options community custom-routes members 64700:133

[email protected]# set policy-options policy-statement ibgp-export then community ?
Possible completions:
<community_name>     Name to identify a BGP community
+                    Add BGP communities to the route
–                    Remove BGP communities from the route
=                    Set the BGP communities in the route
add                  Add BGP communities to the route
delete               Remove BGP communities from the route
set                  Set the BGP communities in the route

Summary of BGP Active Route Selection

1. Maior Local Preference
2. AS-Path mais curto
3. Menor Origin Value (I [IGP] < E [EGP] < ? [Incomplete])
4. Menor MED
5. Preferencia de rotas eBGP sob iBGP
6. Prefere best exit do AS (Escolhe o menor cost IGP para o next-hop do BGP)
7. Para rotas eBGP recebidas, prefere a corrente rota, de outra forma prefere a com o menor RID
8. Cluster Length mais curto
9.Prefere as rotas do peer com o menor Peer ID

Descrição de algumas das regras:

6. Escolhe o menor cost IGP para o next-hop do BGP. Para iBGP peer, instala os next-hop com base nas seguintes 3 regras:
a. BGP examina as tabelas inet.0 e inet.3 para encontrar o next-hop. É escolhido o next-hop com menor preference, frequentemente o BGP usa a versão do next-hop inet.3, via MPLS LSP.

b. A preference deve empatar na inet.0 e inet.3, e usado o next-hop na instance inet.3

c. Quando existe um empate na preference e a instance esta na mesma routing table, e examinado o numero de equal-cost paths por cada instance. E instalado o next-hop da instance com mais paths
Este empate é capaz ocorrer quando traffic-engineering bgp-igp é usado no MPLS.

7. BGP usa a rota advertida pelo peer com menor RID. Quando comparando rotas external de 2 External ASs distinctos, se as rotas forem iguais ate a comparação do RID, e preferida a corrente rota.
Esta preferência previne issues relacionados com oscilação de rotas relacionados com o MED
O comando external-router-id sobrepoem-se a este comportamento e prefere a rota external com o menor RID, independentemente de que rota esta atualmente activa.

IBGP Next-Hop Propagation

By default o Next-hop de uma rota eBGP não e alterada, quando e injectada no iBGP.
Usar o comando next-hop self na routing policy

Referências:

Notas estudo JNCIS-ENT parte 1

Notas estudo JNCIS-ENT parte 2

Notas estudo JNCIS-ENT parte 3

Notas estudo JNCIS-ENT parte 4

Notas estudo JNCIS-ENT parte 5

Notas estudo JNCIS-ENT parte 6

Notas estudo JNCIS-ENT parte 7

Notas estudo JNCIS-ENT parte 8

Notas estudo JNCIS-ENT parte 9

Notas estudo JNCIS-ENT parte 10

Share

Notas estudo JNCIS-ENT parte 10

Nota: Este Post faz parte do guide de Routing.

OSPF Routers

Area border router (ABR) – conectado a 2 areas, em que uma delas é a area 0
Autonomous system boundary router (ASBR)
Backbone router – contido apenas na area 0
Internal router – contido apenas numa area

OSPF Area Types

Intra-Area routes
External routes
Inter-Area routes

A config de Stub Area injecta uma default route, e remove as external routes.
A Totally Stubby Area recebem apenas a default route. O ABR não envia LSA type 3/4/5
Apenas o Not-so-stubby-area (NNSA) permite injectar rotas externas dentro de uma area, de qualquer forma external routes não são enviados para a area NSSA (ABR não envia LSA type 4/5)

LSA Types

Type 1 – Router
Type 2 – Network
Type 3 – Summary
Type 4 – ASBR Summary
Type 5 – External
Type 7 – NSSA External
Type 6 – Multicast OSPF LSA
Type 8 – External attributes LSA
Type 9 – Opaque LSA (link scope)
Type 10 – Opaque LSA (area scope—used for traffic engineering)
Type 11 – Opaque LSA (AS scope)
Para restringir os LSA type 3 no NSSA usar o comando no-summaries

junOS OS OSPF Support

Suporta:
OSPVv2/v3
Autenticacao (MD5) e IPsec
Summarization
External prefix limits – Limitar o numero de prefixos external usando prefix-export-limit.By default sem limite
Graceful restart (GR) – By default disabled. O router informa os neighbors antes de reiniciar. Os neighbors continuam a enviar tráfego para o router pensando que este continua na topologia.E definido um período em que os neighbors consideram o router parte de topologia.
Bidirectional Forwarding Detection (BFD) – Os timers sao adaptive. Por exemplo, o timer pode adaptar-se a um valor + alto se a adjacência falhar, ou um neighbor negociar um valor + alto que o configurado

Basic Configuration

!IPv4
set protocols ospf area interface

!IPv6
set protocols ospf3 area interface

Determining the Router ID

!Config explicitamente o RID
set routing-options router-id 192.168.100.1

O junOS define o router-id através de um loopback com mask diferente de 127/8 em primeiro lugar, senão existitir nenhum loopback
O junOS usa o próximo IP disponível, tipicamente a dedicated management interface.

Configuring OSPF

!Manipular custo do OSPF na interface
set protocols ospf area 0.0.0.1 interface ge-1/0/0.0 metric 100
set protocols ospf area 0.0.0.1 interface lo0.0

O custo de uma interface no OSPF e definido pela formula:
cost = reference-bandwidth / bandwidth

!By default reference bandwidth e de 100mbps
[email protected]# set protocols ospf reference-bandwidth ?
Possible completions:
Bandwidth for calculating metric defaults

Defining and Applying the Redistribution Policy

set policy-options policy-statement 2ospf term match-direct-route from protocol direct
set policy-options policy-statement 2ospf term match-direct-route from route-filter 172.18.1.0/24 exact
set policy-options policy-statement 2ospf term match-direct-route then accept

set protocols ospf export 2ospf

[email protected]> show ospf neighbor extensive
Address          Interface              State     ID               Pri  Dead
172.26.1.1       ge-0/0/3.0             Full      192.168.1.1      128    33
Area 0.0.0.1, opt 0x42, DR 172.26.1.2, BDR 172.26.1.1
Up 22:01:45, adjacent 22:01:37
Topology default (ID 0) -> Bidirectional
172.26.2.2       ge-0/0/1.0             Full      192.168.1.3      128    32
Area 0.0.0.0, opt 0x42, DR 172.26.2.2, BDR 172.26.2.1
Up 1d 03:41:28, adjacent 1d 03:41:28
Topology default (ID 0) -> Bidirectional
172.26.3.2       ge-0/0/2.0             Full      192.168.1.3      128    34
Area 0.0.0.0, opt 0x42, DR 172.26.3.2, BDR 172.26.3.1
Up 1d 03:43:14, adjacent 1d 03:43:14
Topology default (ID 0) -> Bidirectional

O campos de output são :
• Address: Displays the address of the neighbor.
• Intf: Displays the interface through which the neighbor is reachable.
• State: Displays the state of the neighbor, which can be  Attempt,  Down,  Exchange ,  ExStart,  Full,  Init,
Loading, or  2Way.
• ID: Displays the RID of the neighbor.
• Pri : Displays the priority of the neighb or to become the designated router.
• Dead: Displays the number of seconds until the neighbor becomes unreachable.
• area (detail and extensive output only): Displays the area in which the neighbor is located.
• opt  (detail and extensive output only): Displays the option bits from the neighbor.
• DR (detail and extensive output only): Displays the address of the designated router.
• BDR  (detail and extensive output only): Displays the address of the BDR.
• Up (detail and extensive output only): Displays the length of time since the neighbor came up.
• adjacent  (detail and extensive output only): Displays the le ngth of time since the adjacency with the neighbor was established.

!Remover as adjacências
clear ospf neighbor

Referências:

Notas estudo JNCIS-ENT parte 1

Notas estudo JNCIS-ENT parte 2

Notas estudo JNCIS-ENT parte 3

Notas estudo JNCIS-ENT parte 4

Notas estudo JNCIS-ENT parte 5

Notas estudo JNCIS-ENT parte 6

Notas estudo JNCIS-ENT parte 7

Notas estudo JNCIS-ENT parte 8

Notas estudo JNCIS-ENT parte 9

Share

Notas estudo JNCIS-ENT parte 9

Nota: Este Post faz parte do guide de Routing.

Chapter 3 Open Shortest Path First

OSPF Packet Types

Type 1 – Hello
Type 2 – Database Description
Type 3 – Link-State Request
Type 4 – Link-State Update
Type 5 – Link-State Acknowledgment

Hello Packet

Enviado para 224.0.0.5 a cada 10 segundos
Pacote com os seguintes headers:
Network mask*
Hello interval*
Dead interval*
Options*
Router Priority
Designated router
Backup designated router
Neighbor

*Os fields devem fazem match para formar adjacência sob um broadcast medium. O Network Mask não requer match em links point-to-point

Database Description Packet

Usados apenas durante a adjacência, serve para indicar o responsavel pelo processo database synchronization e transferir os LSA headers entre devices.

O Router com RID superior e indicado como Master no processo database synchronization, o Master define e mantém a sequence numbers na transferência.

Database Description fields:
OSPF header
Sequence number
LSA header

Link-State Request

Se a database não tiver nenhum refresh requisita informação ao neighbor

Link-State Request fields:
OSPF header
Link-state type
Link-state ID
Advertising router

Link-State Update

Contem diversos LSAs, é transmitido através do 224.0.0.5 ou 224.0.0.6 dependendo do link type. São transmitidos com base em Request na formação inicial da adjacência

Link-State Update fields:
OSPF header
Number of advertisements
Link-state advertisements

Link-State Acknowledgment

Estes pacotes são recebidos em resposta aos LSA Update enviados.

Forming Adjacency

Adjacency states:
Down
Init
2Way – Existe comunicacao bidirecional
ExStart – determina qual o router Master/Slave
Exchange – trocam os LSA headers das suas databases, caso o router não conheça um LSA header faz LSA requests a solicitar a restante informação
Loading – Indica que o route continua a receber informação do peer
Full – As databases estão síncronas, estado convergente

[email protected]# set protocols ospf area 0.0.0.0 interface ge-1/1/0.110

[email protected]# run show ospf interface
Interface           State   Area            DR ID           BDR ID          Nbrs
ge-1/1/0.110        DR      0.0.0.0         10.210.14.132   0.0.0.0            0

[email protected]# set protocols ospf area 0.0.0.0 interface ge-1/1/0.110 interface-type p2p

[email protected]# run show ospf interface
Interface           State   Area            DR ID           BDR ID          Nbrs
ge-1/1/0.110        PtToPt  0.0.0.0         0.0.0.0         0.0.0.0            0

Electing a Dedignated Router

Elegido DR com Best Priority (valores [1- 255]), by default 128. O Tie-breaker é o RID + alto
O processo para eleger o BDR é idêntico, este assume funções caso detecte que o DR fique indisponível
Priority = 0 não é considerado no processo de seleção e o estado é DRother

Não existe preempt, se um router com melhor priority ficar activo e já existir um DR, o DR não é substituído

OSPF Neighbor Relationship

O state away existe entre routers DROther (non-DR/BDR)

OSPF Areas

O tráfego interarea transita pelo backbone (area 0), este comportamento pode ser alterado usando multi-area adjacency na mesma logical interface eliminando assim a necessidade do tráfego interarea transitar pelo backbone. Multi-area adjacency documentada no RFC 5185

Referências:

Notas estudo JNCIS-ENT parte 1

Notas estudo JNCIS-ENT parte 2

Notas estudo JNCIS-ENT parte 3

Notas estudo JNCIS-ENT parte 4

Notas estudo JNCIS-ENT parte 5

Notas estudo JNCIS-ENT parte 6

Notas estudo JNCIS-ENT parte 7

Notas estudo JNCIS-ENT parte 8

Share

Notas Estudo BCVRE 170-010 parte 4

Chapter 9 Logging

Logging Basics

As Log messages são guardadas /var/log/messages, quando o ficheiro atinge 500kb
renomeia-o para messages.0 e abre um novo ficheiro.

O vRouter mantém os logs separados para bootup messages, PPP connection setup, IPsec connection setup, e outras features

[email protected]:~$ show log | match ERROR | more
May 16 13:30:50 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#995: sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument
May 16 13:31:20 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#995: sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument
May 18 00:10:55 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#1043:sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument

show log all
!Mostra as ultimas 10 entradas
show log tail

Feature-Specific Logging

Actvar o debugging

[email protected]:~$ monitor protocol ospf enable ?
Possible completions:
database-timer
Enable OSPF database-timer debugging
events        Enable OSPF event packet debugging
ifsm          Enable OSPF ifsm debugging
lsa           Enable OSPF lsa debugging
nfsm          Enable OSPF nfsm debugging
nsm           Enable OSPF nsm debugging
packet        Enable OSPF packet debugging
route         Enable OSPF route debugging

[email protected]:~$ monitor protocol ospf enable events ?
Possible completions:
<Enter>       Execute the current command
abr           Enable OSPF abr event debugging
asbr          Enable OSPF asbr event debugging
lsa           Enable OSPF lsa event debugging
nssa          Enable OSPF nssa event debugging
os            Enable OSPF os event debugging
router        Enable OSPF router event debugging
vlink         Enable OSPF vlink event debugging

Para realizar logs de tráfego em transito (NAT,Firewall,etc) é preciso activar o log nas respectivas rules

[email protected]# set nat source rule 10 log enable

As entradas sao guardadas em /var/log/messages

Monitor Real-Time

Monitorizar em real-time

monitor protocol ospf
monitor nat source

Crtl-C para sair da captura

Sample Log Output

OSPF Hello packets:

[email protected]:~$ monitor protocol ospf enable packet hello
[email protected]:~$ monitor protocol ospf
Apr  5 20:30:51 vRouter ospfd[1949]: Hello received from [172.24.42.53] v
[eth2:192.168.13.1]
Apr  5 20:30:51 vRouter ospfd[1949]:  src [192.168.13.3],
Apr  5 20:30:51 vRouter ospfd[1949]:  dst [224.0.0.5]
Apr  5 20:30:51 vRouter ospfd[1949]: Packet 172.24.42.53 [Hello:RECV]:
Options *|-|-|-|-|-|E|*
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth1:192.168.12.1
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth2:192.168.13.1
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth1:192.168.12.1].
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth3:192.168.101.1
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth2:192.168.13.1].
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth3:192.168.101.1].

NAT packets:

[email protected]# set nat source rule 30 log enable

[email protected]# run show log nat
Apr  5 18:17:01 vRouter kernel: [595980.330716] [NAT-SRC-30-MASQ] IN=
OUT=pppoe1
SRC=192.168.2.104 DST=173.12.167.194 LEN=56 TOS=0x00 PREC=0x00 TTL=62
ID=52504 PROTO=UDP SPT=7172 DPT=64544 LEN=36
Apr  5 18:17:01 vRouter kernel: [595980.341042] [NAT-SRC-30-MASQ] IN=
OUT=pppoe1
SRC=192.168.2.104 DST=173.12.167.194 LEN=56 TOS=0x00 PREC=0x00 TTL=62
ID=16918 PROTO=UDP SPT=7172 DPT=64545 LEN=36
Output omitted

Chapter 10 OSPF Single-Area

Configuring OSPF

[email protected]# show protocols ospf
area 0 {
network 10.1.1.0/24
network 10.10.1.0/24
network 10.10.2.0/24
}

[email protected]# show protocols
ospf {
area 0 {
network 10.0.0.0/8
}
default-information {
originate {
}
}
passive-interface eth1
passive-interface eth2
}

Verifying OSPF Operations

[email protected]:~$ show ip route
Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP
O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter
area
> – selected route, * – FIB route, p – stale info
Gateway of last resort is not set
O       10.1.1.0/24 [110/1] is directly connected, eth1, 00:02:57
C    *> 10.1.1.0/24 is directly connected, eth1
O    *> 10.2.1.0/24 [110/2] via 10.10.1.2, eth2, 00:01:30
O    *> 10.2.2.0/24 [110/2] via 10.10.1.2, eth2, 00:01:30
O    *> 10.3.1.0/24 [110/2] via 10.10.2.2, eth3, 00:00:41
O    *> 10.3.2.0/24 [110/2] via 10.10.2.2, eth3, 00:00:41
O       10.10.1.0/24 [110/1] is directly connected, eth2, 00:02:57
Output omitted

[email protected]:~$ show ip ospf neighbors
OSPF Process 0:
Neighbor ID     Pri State           Dead Time Address         Interface
172.24.42.52      1 Full/DR           31.721s 10.10.1.2       eth1
172.24.42.53      1 Full/DR           35.533s 10.10.2.2       eth2

[email protected]:~$ show ip ospf database
OSPF Router with ID (172.24.42.51) (Process ID 0)
Router Link States (Area 0.0.0.0)
Link ID         ADV Router      Age  Seq#       CkSum  Link count
172.24.42.51    172.24.42.51     869 0x80000005 0x1d44 3
172.24.42.52    172.24.42.52     884 0x80000005 0x84f7 3
172.24.42.53    172.24.42.53     836 0x80000005 0xe555 4
Net Link States (Area 0.0.0.0)
Link ID         ADV Router      Age  Seq#       CkSum
10.10.1.1       172.24.42.51     918 0x80000001 0x04a5
10.10.2.1       172.24.42.51     869 0x80000001 0x07a0
AS External Link States
Link ID         ADV Router      Age  Seq#       CkSum  Route              Tag
0.0.0.0         192.168.200.1     10 0x80000002 0xa3f1 E2 0.0.0.0/0       254

[email protected]:~$ show ip ospf database router 172.24.42.51
OSPF Router with ID (192.168.200.1) (Process ID 0)
Router Link States (Area 0.0.0.0)
LS age: 1587
Options: 0x2 (-|-|-|-|-|-|E|-)
Flags: 0x0
LS Type: router-LSA
Link State ID: 192.168.200.1
Advertising Router: 192.168.200.1
LS Seq Number: 80000005
Checksum: 0x1d44
Length: 60
Number of Links: 3
Link connected to: Stub Network
(Link ID) Network/subnet number: 10.1.1.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.10.1.1
(Link Data) Router Interface address: 10.10.1.1
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.10.2.1
(Link Data) Router Interface address: 10.10.2.1
Number of TOS metrics: 0
TOS 0 Metric: 1

Referências:

Notas Estudo BCVRE 170-010 parte 1

Notas Estudo BCVRE 170-010 parte 2

Notas Estudo BCVRE 170-010 parte 3

Vyatta vRouter 5400 Online Documentation

Brocade Certified vRouter Engineer 2013 (BCVRE) Exam

Voucher gratuito Brocade Certified vRouter Engineer (BCVRE) 170-010 Exam

Network Functions Virtualization

Certification Brocade Community

Certification Exam Information

Share

Notas estudo JNCIA-Junos parte 2

Help

O JunOS tem integrado um livraria que permite por exemplo ver qual o significado do output de uma mensagem de syslog.

[email protected]# help ?
Possible completions:
<[Enter]>            Execute this command
apropos              Find help information about a topic
reference            Reference material
syslog               System log error messages
tip                  Tip for the day
topic                Help for high level topics
|                    Pipe through a command

Separation of configuration edit and activation

validation checks
version control
automated rollback

candidate configuration ->commit->validated configuration->active configuration

configure private – permite que todos os users alterem em simultâneo a active config

configure exclusive – proíbe  outros efetuarem alterações enquanto estiver conectado ao device

show command – mostra a config candidate relativamente a hierarquia onde se está inserido no momento

Set/Edit Command

From Top
[email protected]#set sytem services finger
[email protected]#set sytem services ftp
[email protected]#set sytem services ssh

From Sublevel
[email protected]#edit system services
[edit system services]
[email protected]#set finger
[email protected]#ser ftp
[email protected]#set ssh

Rollback

Apenas modifica a candidate config (não esquecer do commit)

rollback 0 – reset a candidate para a config atualmente ativa+
rollback n – n representa o numero da config ativa
rollback rescue – load o rescue file previamente criado

Fazer commit num determinado período

[email protected]#commit at 02:00:00

run command – permite executar comandos em config mode como se estivesse no Operational mode

Junos Sytem Health
Real-time Performance Monitoring (RPM)
Flow accounting – cflowd

Health monitor
RMON

Junos Sytem Health Diagnostic

System logging
hardware and operating events
Trace logging
protocol operations
snmp

Routing tables

Predefined Routing tables
inet.0 ipv4 unicast
inet.1 multicast forwarding cache
inet.2 usado para MBGP para permitir reverse path forwarding (RPF) checks
inet.3 usado para MPLS path information
inet.4 usado para MSDP routes
inet6.0 Usado para IPv6 unicast
mpls.0 usado para MPLS next hops

Route preference = Administrative Distance (Cisco World)

DIRECT 0
LOCAL 0
STATIC 5
OSPF internal 10
RIP 100
OSPF AS external 150
BGP (both EBGP and IBGP) 170

show route forwarding-table – existe uma entrada default para quando o prefix não existe, notificando a source device com ICMP unreachable

Default Routing Instance

A tabela default unicast de nome master e inclui a inet.0, e poderá tb incluir a inet6.0

show route instance

User-Defined instances

edit routing-instances new-instance instance-type instance-type

Existem diversos tipos de instances:

forwarding – Forwarding instance
l2vpn – Layer 2 VPN routing instance
layer2-control -Layer 2 control protocols
no-forwarding -Nonforwarding instance
virtual-router -Virtual routing instance
virtual-switch -Virtual switch routing instance
vpls -VPLS routing instance
vrf -Virtual routing forwarding instance

show route table new-instace.inet.0

Rotas estáticas

O next-hop pode ser a opção de bit bucket, as opções de discard/reject permite descartar o tráfego.

discard – faz drop silenciosamente (não envia ICMP)
reject – envia ICMP unreachable

set routing-options
static{
route 0.0.0.0/0 next-hop 172.30.25.1;
route 172.28.102.0/24 {
next-hop 10.210.11.190;
no-readdvertise;
resolve;
}
}

O nex-hop deve ser directamente ligado, porque by default o JunOS não faz lookups recursivos. Para permitir é necessário usar o comando resolve

Qualified Next hops

Permite indicar a preferência de uma rota (floating route)

qualified-next-hop x.x.x.x {
preference 7;
}

Config OSPF

Apartir da versão 8.x o Loop0/router-id é advertido automaticamente

set protocols ospf
set area 0 interface ge-0/0/1.{0} Se a unit não for referenciada, o JunOS considera como 0
set area 0 interface ge-0/0/3.0 passive

O JunOS converte a area 0 para decimal 0.0.0.0

show
area 0.0.0.0 {
interface ge-0/0/1.0;
interface ge-0/0/2.0;
interface ge-0/0/3.0 {
passive;
}

show ospf neighbor {detail,extensive}
show route protocol ospf

NETCONF XML Interface

set system load patch terminal

NTP

Para o sistema sincronizar quando faz booting é necessário configurar:

set system ntp boot-server 1.1.1.1

set system time-zone Europe/Lisbon

request system configuration rescue {save | delete} – efetua uma cópia da actual config como rescue config

rollback rescue – este comando apenas altera a candidate config

Operational Mode

show system  command arguments:
alarms: Displays  current system  alarms
boot-messages: Displays the messages seen during the last system boot
connections: Displays the status of local TCP and UDP connections
processes: Displays the system’s process table
statistics : Provides options for viewing various protocol statistics
storage: Displays the status of the file system storage space.

show version detail (inclui as versões das pacotes instalados)

Junos Naming Convention

Package-release-edition

jroute-10.1R1.8-domestic-signed.tgz
release:
• Describes the Junos version
• Includes major and minor release numbers, release type (Release,Beta or Internal), build number and spin number
edition:
• Versions are either domestic-supporting strong encryption, or export-not supporting encryption
• Federal Information Processing Standards (or FIPS) editions provide advanced network security

the letter is an R to
indicate that this is released software. If you are involved in testing prereleased software,
this letter might be a B (for beta-level software) or I (for internal, test, or experimental
versions of software). The release also includes a build and spin number for the Junos
version.
Here, the release is 9.5R1.8, which is  version 9.5, which has been released, build 1,
spin 8.-signed.tgz – Junos software is digitally signed and compressed using Secure Hash Algorithm (SHA-1) and
Message Digest 5 (MD5) checksums.
A package is installed only if the checksum within it matches the hash recorded in its corresponding file. The actual checksum used depends on the software version.

Package :
jinstall usado nas M/Mx/T Series
jinstall-ex usado nos EX Series,
junos-jsr usado J Series
junos-srx usado nos SRX Series

Upgrading JunOS

>reques system software add /var/tmp/jbundle-10.1R1.8-domestic.tgz reboot

Commands Useful in Upgrading Software:
• request system software add /var/tmp/<image-name> upgrades software
• request system storage cleanup  deletes images
• show system storagedisplays compact-flash  device storage  details
• request system software add /var/tmp/<image-name> reboot  upgrades the software

Permite verificar quais os ficheiros a serem eliminados

[email protected]> request system storage ?
Possible completions:
cleanup              Clean up temporary files and rotate logs
[email protected]> request system storage cleanup ?
Possible completions:
<[Enter]>            Execute this command
dry-run              Only list the cleanup candidates, do not remove them

[email protected]> request system storage cleanup dry-run

Referências:

Notas estudo JNCIA-Junos parte 1

Share