Beruflich Dokumente
Kultur Dokumente
Routing
10.b
Student Guide
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Contents
Chapter 1: Course Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1
Chapter 2: OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1
OSPFv2 Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Link-State Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-13
Protocol Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-40
OSPF Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-61
Lab 1: OSPF Multiarea Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-69
www.juniper.net
Contents iii
iv Contents
www.juniper.net
Course Overview
This four-day course is designed to provide students with detailed coverage of OSPF, IS-IS, BGP, and
routing policy. Through demonstrations and hands-on labs, students will gain experience in
configuring and monitoring the Junos operating system and in monitoring device and protocol
operations. This course is based on the Junos OS Release 10.4R5.5.
Objectives
After successfully completing this course, you should be able to:
www.juniper.net
Identify some scenarios in a service provider network that can be solved using routing
policy or specific configuration options.
Use routing policy and specific configuration options to implement solutions for
various scenarios.
Describe various BGP attributes in detail and explain the operation of those attributes.
Configure confederations.
Intended Audience
This course benefits individuals responsible for implementing, monitoring, and troubleshooting
Layer 3 components of a service providers network.
Course Level
Advanced Junos Service Provider Routing is an advanced-level course.
Prerequisites
Students should have intermediate-level networking knowledge and an understanding of the Open
Systems Interconnection (OSI) model and the TCP/IP protocol suite. Students should also attend
the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials (JRE), and Junos
Intermediate Routing (JIR) courses prior to attending this class.
vi Course Overview
www.juniper.net
Course Agenda
Day 1
Chapter 1: Course Introduction
Chapter 2: OSPF
Lab 1: OSPF Multiarea Networks
Chapter 3: OSPF Areas
Lab 2: Configuring and Monitoring OSPF Areas and Route Summarization
Chapter 4: OSPF Case Studies and Solutions
Lab 3: Advanced OSPF Options and Policy
Day 2
Chapter 5: IS-IS
Lab 4: IS-IS Configuration and Monitoring
Chapter 6: Advanced IS-IS Operations and Configuration Options
Lab 5: Advanced IS-IS Configuration Options and Routing Policy
Chapter 7:
Day 3
Chapter 8: BGP
Lab 7: BGP
Chapter 9: BGP Attributes and PolicyPart 1
Lab 8: BGP Attributes: Next-Hop, Origin, MED, and AS Path
Day 4
Chapter 10: BGP Attributes and PolicyPart 2
Lab 9: BGP Attributes: Local Preference and Communities
Chapter 11: Route Reflection and Confederations
Lab 10: Scaling BGP (Detailed)
Chapter 12: BGP Route Damping
Lab 11: BGP Route Damping (Detailed)
www.juniper.net
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI)
or a graphical user interface (GUI). To make the language of these documents easier to read, we
distinguish GUI and CLI text from chapter text according to the following table.
Style
Description
Usage Example
Franklin Gothic
Normal text.
Courier New
Console text:
Screen captures
commit complete
Noncommand-related
syntax
Description
Usage Example
Normal CLI
No distinguishing variant.
Physical interface:fxp0,
Enabled
Normal GUI
GUI Input
Description
Usage Example
CLI Variable
policy my-peers
GUI Variable
CLI Undefined
GUI Undefined
ping 10.0.x.y
Select File > Save, and type
filename in the Filename field.
www.juniper.net
Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class
locations from the World Wide Web by pointing your Web browser to:
http://www.juniper.net/training/education/.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
Go to http://www.juniper.net/techpubs/.
Locate the specific software or hardware release and title you need, and choose the
format in which you want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or
account representative.
www.juniper.net
Additional Information ix
x Additional Information
www.juniper.net
www.juniper.net
Introductions
The slide asks several questions for you to answer during class introductions.
www.juniper.net
Course Contents
The slide lists the topics we discuss in this course.
www.juniper.net
Prerequisites
The slide lists the prerequisites for this course.
www.juniper.net
www.juniper.net
www.juniper.net
Additional Resources
The slide provides links to additional resources available to assist you in the installation,
configuration, and operation of Juniper Networks products.
www.juniper.net
Satisfaction Feedback
Juniper Networks uses an electronic survey system to collect and analyze your comments and
feedback. Depending on the class you are taking, please complete the survey at the end of the class,
or be sure to look for an e-mail about two weeks from class completion that directs you to complete
an online survey form. (Be sure to provide us with your current e-mail address.)
Submitting your feedback entitles you to a certificate of class completion. We thank you in advance
for taking the time to help us improve our educational offerings.
www.juniper.net
Course List
You can access the latest Education Services offerings covering a wide range of platforms at
http://www.juniper.net/training/technical_education/.
www.juniper.net
www.juniper.net
Multiple tracks;
www.juniper.net
www.juniper.net
Find Us Online
The slide lists some online resources to learn and share information about Juniper Networks.
www.juniper.net
Any Questions?
If you have any questions or concerns about the class you are attending, we suggest that you voice
them now so that your instructor can best address your needs during class.
www.juniper.net
www.juniper.net
Chapter 22 OSPF
www.juniper.net
OSPFv2 Review
The slide lists the topics we cover in this chapter. We discuss the highlighted topic first.
www.juniper.net
OSPF Chapter 23
Link-State Protocol
OSPF is an interior gateway protocol (IGP) based on the concept of a link-state database (LSDB). As
such, each OSPF-speaking router in the network attempts to form an adjacency with each
neighboring OSPF router. When these adjacencies are in place, each router generates and floods
LSAs into the network in a reliable manner. The LSAs are placed into the LSDB on each router where
the SPF algorithm is calculated to find the best path to each end node in the network.
LSAs are installed in the OSPF database that forms the topology map of the network;
and
The SPF algorithm is run to determine the shortest path to each destination subnet.
Chapter 24 OSPF
www.juniper.net
Hierarchical Design
OSPF gains scalability as a protocol through the use of a hierarchical design. Portions of the network
are designated as separate areas. These remote areas are then connected through a common area
known as the backbone.
www.juniper.net
OSPF Chapter 25
The LSDB
In addition to discovering neighbors and flooding LSAs, a third major task of the OSPF protocol is to
create and maintain the LSDB. The link-state, or topological, database stores the LSAs as a series of
records. The contents stored within the LSDB include details such as the advertising routers ID, its
attached networks and neighboring routers, and the cost associated with those networks or
neighbors. According to the OSPF RFC, each router in an OSPF area must have an identical LSDB to
ensure accurate routing knowledge. We discuss OSPF areas later in this course.
The information recorded in the database is used as input data to calculate the shortest paths (that
is, least-cost paths) for all destination prefixes within the network. OSPF uses the SPF algorithm or
Dijkstra algorithm to calculate, all at once, the shortest paths to all destinations. It performs this
calculation by creating a tree of shortest paths incrementally and picking the best candidate from
that tree. The results of this calculation are then handed to the routers routing table for the actual
forwarding of data packets.
Chapter 26 OSPF
www.juniper.net
Packet Types
Every OSPF router uses a specific set of packets to perform its functions. The packet types include
the following:
www.juniper.net
Hello: Sent by each router to form and maintain adjacencies with its neighbors.
Database description: Used by the router during the adjacency formation process. It
contains the header information for the contents of the LSDB on the router.
Link-state request: Used by the router to request an updated copy of a neighbors LSA.
Link-state update: Used by the router to advertise LSAs into the network.
Link-state acknowledgment: Used by the router to ensure the reliable flooding of LSAs
throughout the network.
OSPF Chapter 27
Hierarchical Design
The slide graphically displays the hierarchical nature of OSPF. A backbone area (0.0.0.0) is the
connecting point for all other areas. By specification, each area must attach to the backbone in at
least one location.
Area 1, Area 2, and Area 3 each contain routers internal to that area as well as a single area border
router (ABR). The ABR generates summary LSAs that represent the routes within its area and floods
those to the backbone. The ABR is also responsible for generating summary LSAs that represent the
backbone routes and injecting those into its attached area.
Chapter 28 OSPF
www.juniper.net
OSPF Routers
OSPF routers can take on a number of different roles within an OSPF domain. The following list
shows the common types of OSPF routers along with a brief description:
www.juniper.net
ABR: An OSPF router with links in two areas, the ABR is responsible for connecting OSPF
areas to the backbone. It transmits network information between the backbone and
other areas.
Autonomous system boundary router (ASBR): An OSPF router that injects routing
information from outside the OSPF AS, an ASBR is typically located in the backbone.
However, the OSPF specification allows an ASBR to be in other areas as well.
Backbone router: Defined as any OSPF router with a link to Area 0 (the backbone), this
router can also be an internal or ABR depending on whether it has links to other,
nonbackbone areas.
Internal router: An internal router is an OSPF router with all its links within an area. If
that router is located within the backbone area (Area 0.0.0.0), it is also known as a
backbone router.
OSPF Chapter 29
OSPF Interfaces
All logical interfaces associated with the area should be listed under the area. Remember the
loopback interface, if it should be advertised.
www.juniper.net
OSPF Interfaces
All logical interfaces associated with the particular area should be listed under that area. Remember
the loopback interface, if it should be advertised.
www.juniper.net
www.juniper.net
Link-State Advertisements
The slide highlights the topic we discuss next.
www.juniper.net
www.juniper.net
LSA Types
The following list provides the details of the LSA types:
Router LSA: Sent by each router to describe its individual links and their status.
Summary LSA: Sent by an ABR to describe routes or other information from one area
into another.
AS external LSA: Sent by an ASBR to describe routes external to the OSPF domain.
NSSA LSA: Sent by an ASBR in a not-so-stubby area (NSSA) to describe routes external
to the OSPF domain.
External attributes LSA: Used to tunnel attributes used by other routing protocols
through OSPF.
Opaque LSAs: Used to transmit information not currently supported by other LSA types.
Examples include graceful restart and traffic engineering information.
www.juniper.net
LSA Functions
Each of the LSA types listed previously has a specific function within the OSPF domain. They each
describe a portion of the topology used by the Dijkstra (SPF) algorithm to supply routing information
to a routing table. We discuss each LSA in more detail on future slides.
Each LSA has a maximum age of 3600 seconds (1 hour) associated with it. This maximum provides
a mechanism for removing stale information from the database. To ensure that its LSAs are
up-to-date, each OSPF router periodically refreshes them prior to reaching the maximum age limit.
The Junos operating system performs this refresh every 50 minutes (3000 seconds).
www.juniper.net
LSA Header
The following list details the information contained in the LSA header:
www.juniper.net
LS age (2 bytes): Measured in seconds, the link state age is the time since the LSA was
first originated. Each router increments this field prior to reflooding the LSA.
Options (1 byte): Indicates support for OSPF options. Within the context of an individual
LSA, the E bit (position 7) is set in all External LSAs and the P bit (position 5) is set in all
NSSA external LSAs.
Link-state ID (4 bytes): Describes various portions of the OSPF domain. Each LSA type
uses this field in a different manner.
Advertising router (4 bytes): The router ID of the router that first originated the LSA.
LS sequence number (4 bytes): Verifies that each router has the most recent version of
an LSA. This field is incremented each time a new version is generated. Values range
from 0x80000000 to 0x7FFFFFFF.
LS checksum (2 bytes): The checksum of the entire LSA contents, minus the link state
age field. This field is used to ensure data integrity in the LSDB.
Length (2 bytes): The entire length of the individual LSA, including the header.
Router LSA
Each OSPF-speaking router generates a Type 1 LSA to describe the status and cost (metric) of all
interfaces on the router. This LSA is flooded to each router in the OSPF area. It is defined as having
an area scope; therefore, it is not flooded across an area boundary. In addition to the standard LSA
header, the router LSA also contains the following fields:
V, E, and B bits (1 byte): Following five bits set to a value of 0, the V, E, and B bits
represent the characteristics of the originating router. The V bit is set when a virtual link
is established. An ASBR sets the E bit. An ABR sets the B bit.
Number of links (2 bytes): This value gives the total number of links represented by the
following set of fields.
Link ID (4 bytes): This field represents to what the far side of the link is connected. It is
used in conjunction with the link type field.
Link data (4 bytes): This field represents to what the near side of the link is connected.
It is used in conjunction with the link type field.
Number of ToS metrics (1 byte): This field lists the number of type of service (ToS)
metrics encoded. Only a value of 0 is supported.
Metric (2 bytes): This field provides the cost to transmit data out of the interface.
www.juniper.net
Transit (Type 2): A connection to a broadcast segment is always noted as a transit link.
The link ID field contains the interface IP address of the segments designated router.
The link data field contains the interface IP address of the local router.
Stub (Type 3): A router advertises a stub network when a subnet does not connect to
any OSPF neighbors. Advertising a stub network occurs for the loopback interface and
any passive interfaces. In addition, the IP subnet for any point-to-point interface is
advertised as a stub because the adjacency was formed over an unnumbered interface.
The link ID field for a stub network contains the IP network number and the link data
field contains the subnet mask.
Virtual link (Type 4): A virtual link operates between an ABR connected to Area 0 and an
ABR that is not connected to Area 0. Once established, the virtual link appears in the
Area 0 router LSA of each endpoint. The link ID field contains the neighbors router ID,
and the link data field contains the interface IP address of the local router.
This router is both an ABR as well as an ASBR, which we can see by the setting of bits
0x3. Recall that position 7 (0x2) is for the E bit, which is set when the originating router
is an ASBR. Bit position 8 (0x1) is for the B bit, which is set when the originating router
is an ABR. Combining these two fields results in a value of 0x3, which we see in the
database capture.
This router has three links connected to Area 0, which we can determine because of two
factors. First, the link count field is set to a value of 3. Second, the LSA is shown in the
database within the Area 0.0.0.0 section. Recall that a router LSA has area scope, so a
separate LSA is generated for each area representing the links only within that area.
A single point-to-point link exists, and two links are connected to stub networks. This
fact is clearly visible from the information in the type fields.
www.juniper.net
www.juniper.net
The router LSA will be regenerated in 48 minutes and 50 seconds as indicated by the
Gen timer. The OSPF standard requires that every LSA be refreshed every 60 minutes.
The Juniper implementation refreshes LSAs every 50 minutes. By default, any LSA that
is not refreshed expires after 60 minutes.
This router LSA was originated by the same router from which the capture was taken.
Notice the asterisk (*) next to the link-state ID value of 192.168.20.1. Also note that
the last line of the capture states that this LSA is Ours.
The router LSA was installed 1 minutes and 10 seconds ago. If not refreshed, the LSA
will expire in 58 minutes and 50 seconds, when its 3600 second maximum age is
exceeded. The LSA was last flooded 1 minutes and 8 seconds ago. These details are
shown in the Installed, expires, and sent fields, and they are present for every
LSA in the show ospf database extensive output.
www.juniper.net
Network LSA
Each OSPF router elected to be the DR on a broadcast link generates a Type 2 LSA. This LSA lists
each router connected to the broadcast link, including the DR itself. In addition to the standard LSA
header, the network LSA also contains the following fields:
www.juniper.net
Network mask (4 bytes): This field denotes the IP subnet mask for the interface
connected to the broadcast network.
Attached router (4 bytes): This field is repeated for each router connected to the
broadcast network. The value of each instance is the router ID of the attached routers.
You can deduce the total number of routers listed by the length of the LSA.
The designated router for this network is 10.0.12.2, which you can determine by
examining the link-state ID field. This field lists the DRs IP address.
Because only two instances of the attached router field are present, you can safely
deduce that only two routers are connected to the link. The router IDs of those two
routers are 192.168.20.2 and 192.168.20.4.
www.juniper.net
www.juniper.net
The designated router for the segment is 192.168.20.4 and its interface address is
10.0.12.2.
Summary LSA
Each ABR that transmits information from one OSPF area into another generates a Type 3 LSA to
describe that information. This LSA is flooded to each router in the OSPF area. This LSA has an area
scope; therefore, it is not reflooded across the area boundary by another ABR. Instead, the receiving
ABR generates a new Type 3 LSA describing the link and floods it into the adjacent area.
In addition to the standard LSA header, the summary LSA also contains the following fields:
Network mask (4 bytes): This field represents the subnet mask associated with the
network advertised. It is used in conjunction with the link-state ID field, which
encapsulates the network address in a Type 3 LSA.
Metric (3 bytes): This field provides the cost of the route to the network destination.
When the summary LSA is representing an aggregated route (using the area-range
command), this field is set to the largest current metric of the contributing routes.
ToS (1 byte): This field describes any optional ToS information encoded within the
network described. The Junos OS does not use this field.
www.juniper.net
This router is an ABR because it contains a database for area 0.0.0.0. Within that area,
three summary LSAs are listed. Two of the LSAs (the first and second ones listed) are
from the router where the capture was taken. As with the router LSA earlier, notice that
an asterisk (*) is next to the link-state ID values of 10.0.10.0 and 10.0.12.0. Also
note that the last line of the LSA states that the LSA is Ours.
A second router in the backbone (192.168.21.1) generates the other summary LSA.
The network advertised by that ABR is 10.0.14.0/24. The network has a metric of 1
encoded within the LSA. The local router adds the cost to reach 192.168.21.1 to the
metric of 1 prior to calculation of the SPF algorithm.
www.juniper.net
We do not know the 32-bit value for the area, but we know that an internal area router
exists within it192.168.21.2.
Using the metric values in the summary LSAs, we can determine that the area router
and the ABR are connected over the 10.0.14.0/24 subnet.
Within area 0.0.0.10, we now know that the 192.168.20.2 router is directly connected
to our local router of 192.168.20.1. We use the summary LSA metric value to make that
determination.
www.juniper.net
www.juniper.net
Network mask (4 bytes): This field has no meaning in a Type 4 LSA and is set to 0.0.0.0.
The address of the ASBR is encoded in the link-state ID field.
Metric (3 bytes): This field provides the cost of the route to the ASBR.
ToS (1 byte): This field describes any optional type of service information used to reach
the ASBR described. This field is not used.
This router is an ABR because it contains a database for Area 0.0.0.0. Within that area,
two ASBR summary LSAs are listed on the slide. The second LSA is from the local router
(where the capture was taken). As with the router LSA earlier, notice that an asterisk (*)
is next to the link-state ID value and that the last line of the LSA states that the LSA is
Ours.
The second router in the backbone (192.168.21.1) generates the other ASBR summary
LSA.
The two ASBRs being advertised are 192.168.21.2 and 192.168.20.4. You can see this
information coded in the link-state ID fields. Because the router ID of the ASBR is a full
32-bit value, the network mask is not needed and is set to a value of 0.0.0.0.
The metrics to each of the ASBRs are encoded in the appropriate field in the LSA. As
with the summary LSA (Type 3), the local router must add the cost to reach a remote
ABR to the encoded metric prior to calculation of the SPF algorithm.
www.juniper.net
www.juniper.net
Routers 192.168.20.4 and 192.168.21.2 both have export policies configured within
OSPF, which means that they have set the E bit in their router LSAs.
Based on the E bit setting in the router LSAs, the ABRs of 192.168.20.1 and
192.168.21.1 generate ASBR summary LSAs across the area boundaries. In our case,
we see the type 4 LSAs within area 0.0.0.0.
AS External LSA
Each ASBR generates a Type 5 LSA to advertise any networks external to the OSPF domain. This LSA
is flooded to each nonstub router in the entire OSPF domain. In addition to the standard LSA header,
the AS external LSA also contains the following fields:
Network mask (4 bytes): This field represents the subnet mask associated with the
network advertised. It is used in conjunction with the link-state ID field, which
encapsulates the network address in a Type 5 LSA.
E bit (1 byte): The E bit determines the type of external metric represented by the metric
field. It is followed by 7 bits, all set to 0 to make up the entire byte. A value of 0, the
default value, indicates that this is a Type 2 external metric. Thus, any local router
should use the encoded metric as the total cost for the route when performing an SPF
calculation. A value of 1 indicates that this is a Type 1 external metric. Therefore, the
encoded metric of the route should be added to the cost to reach the advertising ASBR.
This additive value then represents the total cost for the route.
Metric (3 bytes): This field represents the cost of the network as set by the ASBR.
Forwarding address (4 bytes): This field provides the address toward which packets
should be sent to reach the network. A value of 0.0.0.0 represents the ASBR itself.
External route tag (4 bytes): This 32-bit value field can be assigned to the external
route. OSPF does not use this value, but it might be interpreted by other protocols.
www.juniper.net
The external LSDB lists all the LSAs. This listing denotes their domain scope status as
not belonging to a particular OSPF area.
This router is generating the first LSA listed. As with the router LSA earlier, an asterisk
(*) exists next to the link-state ID value, and the last line of the LSA states that the LSA
is Ours.
Different routers generate each of the other three LSAs because the advertising router
field is different for each LSA.
Examination of the link-state ID and the network mask fields shows that the four
different networks advertised are 20.20.1.0/24, 20.20.3.0/24, 20.20.5.0/24, and
20.20.6.0/24. Each of these networks has a metric value of 0 encoded. In addition,
each of these LSAs is a Type 2 metric (as seen by the type field). Type 2 is the default
type for route redistribution. It reflects only the cost of the path from the ASBR to the
destination. A Type 1 tells the local router to add the cost to reach the remote ASBR to
the encoded metric prior to calculation of the SPF algorithm. The metric to the ASBR is
used because the forwarding address field for each LSA is listed as 0.0.0.0.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Notice that the LSA is listed within the area 0.0.0.20 database. This listing denotes its
area scope status as belonging to a single NSSA area.
An examination of the link-state ID and the network mask fields shows that the network
advertised is 20.20.6.0/24. This network has a metric value of 0 encoded. It also is
listed as a Type 2 metric (as seen by the type field).
The NSSA does know the network connecting the ASBR to the remote domain. You can
see this fact by examining the forwarding address field where it lists the router ID of the
ASBR, 192.168.21.2.
The area attached to the 192.168.21.1 router is area 0.0.0.20. It is also currently
configured as an NSSA.
The 20.20.6.0/24 route is being injected into area 0.0.0.20 as a Type 7 LSA. It is
translated into a Type 5 LSA by the 192.168.21.1 router.
www.juniper.net
Future Extensibility
RFC 2370 defines the OSPF opaque LSA. It was designed to extend the protocol to support future
enhancements without generating new LSA types. As of this writing, production networks use both
the Type 9 and Type 10 opaque LSAs. The Type 9 LSA supports graceful restart. The Type 10 LSA
supports MPLS traffic engineering. The Type 11 opaque LSA is not used at this time.
Flooding Scope
The main difference between the opaque LSAs is in the flooding scope of each type: the Type 9 LSA
has a link-local scope, the Type 10 LSA has an area scope, and the Type 11 LSA has domain scope.
Protocol Operations
The slide highlights the topic we discuss next.
www.juniper.net
www.juniper.net
The local router is an ABR between the backbone and Area 0.0.0.1, which you can see
clearly through the existence of two databases on the router.
Within Area 0.0.0.1, a broadcast link is in use. In addition, the DR on that link is the
router whose address is 10.222.1.1. Notice the Type 2 LSA within the Area 0.0.0.1
database. The link-state ID is 10.222.1.1, the DRs IP address on the link.
Multiple routers act as ASBRs and inject routes into the OSPF domain. Those routers
are 192.168.16.1, 192.168.20.1, 192.168.32.1, and 192.168.36.1. The routes
advertised by those ASBRs can be used once the local router has knowledge of how to
reach the ASBR.
One of the ASBRs is the local router, 192.168.16.1. One of the external LSAs lists this
router ID, and that LSA is marked with an asterisk (*). A second ASBR is a router within
Area 0.0.0.1 (192.168.20.1). This router ID is found within a router LSA in the Area
0.0.0.1 database. A third ASBR is a router within the backbone (192.168.36.1). This
router ID is found within a router LSA in the Area 0.0.0.0 database. The fourth ASBR is a
router in an area beyond the backbone (192.168.32.1). This router ID is found within an
ASBR summary LSA in both the Area 0.0.0.0 and the Area 0.0.0.1 databases.
www.juniper.net
www.juniper.net
Dijkstra Algorithm
After a router receives a new LSA and places it into the LSDB, the router runs an algorithm known as
the Dijkstra algorithm (also called the shortest-path-first algorithm). This computation uses the
database as a data source and results in a loop-free network topology using the best metric from the
local router to all nodes in the network.
During the course of this calculation, the algorithm uses three databasesthe LSDB, the candidate
database, and the tree database. As we have explored, the LSDB is the total compilation of routing
knowledge in the network. Conceptually, it consists of multiple tuples in the form of (router ID,
neighbor ID, and cost), which describe each link in the network.
OSPF evaluates each tuple in the candidate database and delete any tuples whose neighbor ID is
currently in the tree database and whose cost to the root is greater than the entry currently in the
tree database. This evaluation is repeated until only the lowest-cost tuple per neighbor ID remains.
Continued on the next page.
www.juniper.net
For each new entry in the candidate database, determine the cost from the root to each
neighbor ID. Move the tuple with the lowest cost from the candidate database into the
tree database. If multiple tuples exist with an equal cost, choose one randomly.
2.
If a new neighbor ID appears in the tree database, move all tuples in the LSDB with a
router ID equal to the new tree entrys neighbor ID into the candidate database.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Cost of an Interface
Prior to advertising a network into the OSPF domain, each router must determine the cost associated
with that network. Often referred to as the metric, the cost is simply what the router views as the
overhead associated with transmitting a packet on that interface. Because each OSPF-speaking
router advertises these cost values in its router LSAs, each router can determine the total cost (or
metric) to reach any destination in the network.
www.juniper.net
Reference Bandwidth
To alter the calculation values, use the reference-bandwidth command within the [edit
protocols ospf] configuration hierarchy. The value entered has a value in bits per second. You
can use the standard Junos shortcut notations of k (kilobits per second), m (megabits), and g
(gigabits). The entered value becomes the new numerator value in the bandwidth calculation. As
noted on the slide, you still can assign a metric statically to an individual interface.
www.juniper.net
SPF Calculations
After receiving a new LSA from another router in the area, the local router performs an SPF
calculation using all the values contained in the router and network LSAs. As mentioned on a
previous slide, the cost is calculated from the root node to every other node in the network using the
metric cost of the outgoing interfaces.
www.juniper.net
Overload Settings
You can turn on the overload setting, turn it off as a permanent value, or have a timer associated
with it. If the timer is omitted, the metric values are changed when you commit the configuration. The
values will remain until you remove the overload setting from the configuration and commit it again.
However, if you assign a timer value, the metrics are not changed automatically. The timer
associated with the overload setting only initializes when the routing protocol daemon (RPD)
initializes. This timer can run from 601800 seconds. When the timer expires, the metrics return to
normal in the router LSAs, but the configuration still contains the overload option.
Chapter 256 OSPF
www.juniper.net
Case Study
Service provider networks are typically built with multiple paths from ingress and egress points for
redundancy. During maintenance operations on a router, preventing the router from receiving and
forwarding transit traffic can be beneficial. The overload feature provides this function.
In the graphic, R2 is scheduled for maintenance. An alternate path exists through R3. Once R2 is put
in overload mode, the other routers will be notified and transit traffic will traverse R3. Any traffic
destined for networks that terminate on R2 will be forwarded to R2.
www.juniper.net
OSPF Router ID
Each OSPF-speaking router in a network must select a 32-bit value to use as the router ID (RID) of
the router. This RID uniquely identifies the router within the OSPF domain. It is transmitted within the
LSAs used to populate the LSDB and is used to calculate the shortest-path tree using the method
described on a previous slide.
It is very important in a link-state network that no two routers share the same RID value. If two
routers share the same RID value, the LSDB might not be consistent on all routers. This
inconsistency happens because the RID is one method to verify if an LSA is already present in the
database. Therefore, new critical information from one of the routers is never present in all the
routers. In addition, because the Dijkstra calculation uses the RID, it is possible that an individual
router might not generate a loop-free shortest path topology. This scenario could have a disastrous
affect on IP routing.
www.juniper.net
www.juniper.net
www.juniper.net
OSPF Authentication
The slide highlights the topic we discuss next.
www.juniper.net
Authentication
The four different forms of authentication that the Junos OS supports are none, simple, MD5, and
IPsec. IPsec was added as of the Junos OS release 8.3. IPsec is configured at the [edit
protocols ospf area area-id interface interface-name] hierarchy using the set
ipsec-sa name; command. See the Junos OS Routing Protocols Configuration Guide for more
information.
Authentication Default
The default operation of the OSPF process is the none mode. Thus, no authentication key is
configured on any interface.
Plain-Text Passwords
With simple authentication type configured, each OSPF packet includes a plain-text password. This
password can be captured easily through a packet analysis system. Therefore, although this
password protects against an inadvertent configuration, it does not provide any security.
www.juniper.net
Encrypted Checksum
To provide better security in an OSPF network, we recommend that you use an authentication type of
MD5. MD5 includes an encrypted checksum in all OSPF packets instead of a simple-text password.
Each OSPF-speaking router uses the same MD5 algorithm to calculate the checksum value, so
interoperability and a correct result can be virtually guaranteed.
Authentication Keys
The actual password to verify and authenticate packets is contained within the authentication
command. You can configure each individual interface with an authentication value.
Key ID Values
You configure each individual interface with a key value. All interfaces in the area might share the
same key value, or each interface might contain a separate value.
www.juniper.net
www.juniper.net
www.juniper.net
Authentication Mismatch
OSPF routers must agree on the authentication method to be neighbors. Use the traceoptions
commands if you suspect there might be an authentication mismatch.
The log shows that the local router is ignoring an OSPF packet from 172.20.77.1 due to an
authentication mismatch. No authentication method is configured on the local router, so the type is
none. The remote router has MD5 authentication configured.
www.juniper.net
www.juniper.net
OSPF LSAs;
Review Questions
1.
2.
3.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
OSPF Scalability
With a link-state protocol, flooding link-state update packets and running the shortest-path-first (SPF)
algorithm consumes router resources. As the size of the network grows and more routers are added
to the autonomous system (AS), this use of resources becomes a bigger and bigger issue. This issue
stems from the RFC requirement that all OSPF routers share an identical link-state database (LSDB).
Eventually, the routers spend so much time flooding and running the SPF algorithm that they cannot
route data packets. Clearly, this scenario is not optimal.
It can hide some instabilities in one OSPF area from all other OSPF areas.
For route summarization to be effective, you must carefully plan the addressing within your OSPF
network so that subnets can be more easily summarized. Complete coverage of route summarization
is beyond the scope of this course.
Chapter 34 OSPF Areas
www.juniper.net
OSPF Areas
Using OSPF, you can segment an AS into smaller groups known as areas. Using areas achieves the
OSPF hierarchy that can facilitate growth and scalability. You can constrain LSA flooding by using
multiple areas, which can effectively reduce the size of the LSDB on an individual OSPF router. Each
OSPF router maintains a separate and identical LSDB for each area to which it is connected.
To ensure correct routing knowledge and connectivity, OSPF maintains a special area known as the
backbone area. The backbone area is designated as Area 0.0.0.0 (or simply Area 0). All other OSPF
areas must connect themselves to the backbone area. By default, all data traffic between OSPF
areas transits the backbone. You can alter this default behavior and eliminate the requirement of all
interarea traffic transiting Area 0.0.0.0 by configuring a multiarea adjacency on the same logical
interface. The multiarea adjacency feature is documented in RFC 5185 and is discussed in the next
chapter.
www.juniper.net
OSPF Routers
OSPF routers can perform several different roles within an OSPF domain. The following list shows the
common types of OSPF routers along with a brief description:
Area border router (ABR): An OSPF router with links in two areas, the ABR is responsible
for connecting OSPF areas to the backbone. It transmits network information between
the backbone and other areas.
Autonomous system boundary router (ASBR): An OSPF router that injects routing
information from outside the OSPF AS, an ASBR is typically located in the backbone.
However, the OSPF specification allows an ASBR to be in other areas as well.
Backbone router: Defined as any OSPF router with a link to Area 0 (the backbone), this
router can also be an internal or area border router depending on whether it has links to
other, nonbackbone areas.
Internal router: An internal router is an OSPF router with all its links within an area. If
that router is located within the backbone area (Area 0.0.0.0), it is also known as a
backbone router.
www.juniper.net
Intra-area or internal routes: Routes that are generated from within an area, where the
destination belongs to the area;
Interarea or summary routes: Routes that originate from other areas; and
External routes: Routes that originate from other routing protocols, or different OSPF
processes, and that are injected into OSPF through redistribution.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
NSSA Operation
The slide highlights the topic we discuss next.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
NSSA Configuration
The slide highlights the topic we discuss next.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Route Summarization
This slide highlights the topic we discuss next.
www.juniper.net
Route Summarization
To reduce the size of the LSDB in Area 0.0.0.0 (and other remote OSPF areas), you can configure the
ABR not to perform its default one-for-one mapping function, which is accomplished using an
address range statement on the ABR with the area-range command. All Type 1 and Type 2 LSAs
that fall within that address range will no longer be advertised individually into the backbone.
Instead, a single Type 3 summary LSA is advertised. The metric associated with this summary route
will be equal to the highest metric associated with the individual contributing routes.
Because only the ABR performs this mapping function, you configure the area-range command
on ABR routers only.
www.juniper.net
Route Summarization
To reduce the size of the LSDB in Area 0.0.0.0 (and other remote OSPF areas), you can configure the
ABR not to perform its default one-for-one mapping function. You can configure an address range on
the ABR by using the area-range command within the NSSA configuration hierarchy. All Type 7
LSAs that fall within that address range are not advertised individually into the backbone. Instead, a
single Type 5 external LSA is advertised.
Because only the ABR performs this mapping function, only the ABR is configured with the
area-range command.
Note that the area-range command referenced on this page is specific to the NSSA configuration
hierarchy and affects only Type 7 LSA routes. The area-range command discussed in the previous
slide was within the area hierarchy itself and affected Type 1 and Type 2 LSA routes. The
configuration can have these two commands in place at the same time, and they will summarize
different aspects of the local area routing domain.
www.juniper.net
Suppressing Routes
The default action of the area-range command causes the generation of a single Type 3 summary
LSA into the backbone for all prefixes that fall within the defined range. You can configure the ABR
with the restrict keyword to block one or more prefixes from advertisement into the OSPF
backbone. Such a configuration will prevent routing information from each Type 1 and Type 2 LSA
that falls within the address range from being advertised to the backbone, which in turn can block
connectivity to those prefixes for routers in other areas.
Use the restrict function when you want to prevent interarea routing, or when you want a default
route to be used instead of the more preferred summary information that would otherwise be
generated.
Because only the ABR is responsible for this mapping function, you configure only ABR routers with
the area-range restrict command.
www.juniper.net
www.juniper.net
www.juniper.net
Review Questions
1.
2.
3.
4.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Virtual Links
The slide lists the topics we cover in this chapter. We discuss the highlighted topic first.
www.juniper.net
www.juniper.net
www.juniper.net
Summary LSA
One of the primary jobs of the ABR router is to generate summary LSAs into its attached areas. This
function provides interarea connectivity for the non-ABR routers.
www.juniper.net
www.juniper.net
www.juniper.net
Technical OSPF
From the OSPF RFC 2324:
Any router running OSPF attached to multiple areas is known as Area Border Router
(ABR). An ABR will have topological information of all attached areas and will run SPF for
each area. (Section 3.3)
Technically, you can create a multiarea OSPF network with no Area 0. However, we do not
recommend this configuration, because SPF will process all LSAs in all areas and the ABR loses its
OSPF loop detection mechanism.
Functional OSPF
In practice, an ABR should always be connected to Area 0. Because the ABR calculation is similar to
a distance vector protocol when processing the Type 3 LSA, a loop avoidance mechanism must be in
place. This requirement is met with an Area 0 and a rule that SPF will only process LSAs within that
area database.
www.juniper.net
www.juniper.net
Case Study
In this case study, ISP A has acquired ISP B. Both networks are running multiarea OSPF and they
must get both networks communicating with each other.
www.juniper.net
www.juniper.net
www.juniper.net
Connectivity Issues
As soon as the physical connection is created, limited connectivity is achieved. For example, the B6
router can now reach the A1 router in ISP As Area 0. However, ISP As Area 0 routers cannot reach
ISP Bs Area 0 routers. The cause of this limited connectivity is the lack of a contiguous Area 0
backbone.
www.juniper.net
Virtual Tunnels
One solution to the connectivity problem is to create a virtual tunnel between the two backbone
areas of the companies. This feature, known as a virtual link, provides a logical connection between
areas. Essentially, OSPF packets are tunneled through a transit area to establish an OSPF adjacency
and logically connect the two areas together. This establishes full connectivity between the two
companies.
Remember that a virtual tunnel is a control plane feature only. SPF will still calculate the shortest
physical path between two points, which might not be the same path as the virtual tunnel. This
calculation could create some confusion when troubleshooting, which is one of the primary reasons
virtual tunnels are not considered long term solutions.
www.juniper.net
www.juniper.net
www.juniper.net
Contiguous Area 0
Once the neighbor is established over the virtual link, connectivity is restored, all LSAs are
processed, and routes to each company are installed into the routing table.
www.juniper.net
www.juniper.net
Multiarea Adjacencies
By default, a single interface can belong to only one OSPF area. However, in some situations, you
might want to configure an interface to belong to more than one area. Doing so allows the
corresponding link to be considered an intra-area link in multiple areas and to be preferred over
other higher-cost intra-area paths. For example, you configure an interface to belong to multiple
areas with a high-speed backbone link between two ABRs to enable you to create multiarea
adjacencies that belong to different areas.
As defined in RFC 5185, OSPF Multi-Area Adjacency, the ABRs establish multiple adjacencies
belonging to different areas over the same logical interface. Each multiarea adjacency is announced
as a point-to-point unnumbered link in the configured area by the routers connected to the link. For
each area, one of the logical interfaces is treated as primary, and the remaining interfaces that are
configured for the area are designated as secondary.
www.juniper.net
Case Study
The slide displays the case study topology.
www.juniper.net
Link Failure
In normal operation, if a link failure occurred between R1 and R3, traffic from R1 to R3 would flow
from R4 to R2 and then to R3, which creates three hops to reach a router that was previously one
hop away.
www.juniper.net
www.juniper.net
Adjacency Verification
Verify adjacencies with the show ospf neighbor command.
Normal Trace
For the case study, R1 is one hop away from R3.
www.juniper.net
www.juniper.net
Point-to-Point Interface
Interface ge-1/0/4.1100 now has two OSPF links, however, the secondary link show up as a
point-to-point interface.
www.juniper.net
Adjacency Is Formed
Two adjacencies are now formed over ge-1/0/4.1100 for Area 0 and Area 100.
www.juniper.net
External Reachability
The slide highlights the topic we discuss next.
www.juniper.net
Route Redistribution
For route distribution to occur, an export policy must be written and applied. Because external routes
in OSPF have an interarea flooding scope, the policies are applied globally. This feature allows
external routes to be sent into all areas that allow it. When an external route is brought into OSPF, it
appears as an external Type 5 LSA of Type 2. If an external LSA Type 1 must be configured, you can
modify it with a policy.
www.juniper.net
Mutual Redistribution
Special care must be taken when redistribution is configured in a network. When multiple
redistribution points are present sub-optimal routing and loops could occur. Generally, if the source
route has a lower preference than the protocol into which it is being redistributed, no issues occur.
However, when the source route has a higher preference, issues can occur. Several methods exist to
resolve these issue, but the easiest method usually involves modifying route preference values.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
ABR Translation
Because the route was originated from the NSSA, the ABR must convert the Type 7 LSA to a Type 5
for interarea advertisement.
Forwarding Address
When the ABR translates the Type 7 into a Type 5, it places the ASBRs address into the forwarding
address. This action supports optimal routing because only one ABR will translate the Type 7s to
Type 5s in the presence of multiple ABRs. This router might not be in the optimal path for routers in
other areas.
ASBR Summary
The ABRs also create a Type 4 LSA to represent the ASBR to other areas.
www.juniper.net
www.juniper.net
The Result
The result of the preference change is now a default that points properly to the ABRs in the NSSA.
www.juniper.net
SPF Review
After a router receives a new LSA and places it into the LSDB, the router runs an algorithm known as
the Dijkstra algorithm (also called the shortest-path-first [SPF] algorithm). This computation uses the
database as a data source and results in a loop-free network topology using the best metric from the
local router to all nodes in the network.
During the course of this calculation, the algorithm uses three databasesthe LSDB, the candidate
database, and the tree database. As we have explored, the LSDB is the total compilation of routing
knowledge in the network. Conceptually, it consists of multiple tuples in the form of (router ID,
neighbor ID, and cost), which describe each link in the network.
www.juniper.net
Import Policy
An import policy can be applied between the tree database and the routing table. This policy allows
filtering of routes from the LSDB to the routing table, but it only applies to external routes, as in the
case for OSPF export policy. Note that the database stays consistent and the import policy does not
block any normal LSA flooding.
www.juniper.net
www.juniper.net
Modify Policy
To see prefix limits in action, a policy is modified to send all RIP routes into OSPF.
RIP Redistribution
This policy causes all RIP routes to be sent into OSPF.
www.juniper.net
Prefix Limit
To stop the large amount of LSAs that could enter the router, a prefix limit of zero is configured.
The Result
The result is that no RIP routes are distributed. This prefix limit setting ensures that a configuration
error does not affect your network.
www.juniper.net
www.juniper.net
Review Questions
1.
2.
3.
www.juniper.net
www.juniper.net
Chapter 52 IS-IS
www.juniper.net
Overview of IS-IS
The slide lists the topics we cover in this chapter. We discuss the highlighted topic first.
www.juniper.net
IS-IS Chapter 53
The ISO
The protocol was developed by Digital Equipment Corporation for its DECnet Phase V. The
International Organization for Standardization (ISO) standardized IS-IS to be the routing protocol for
the ISO's Connectionless Network Protocol (CLNP) and is described in ISO 10589. The ISO was
working on IS-IS at the same time as the Internet Advisory Board (IAB) was working on OSPF. ISO
proposed that IS-IS be adopted as the routing protocol for TCP/IP in place of OSPF. This proposal was
driven by the opinion that TCP/IP was an interim protocol suite that would eventually be replaced by
the Open Systems Interconnection (OSI) suite.
Chapter 54 IS-IS
www.juniper.net
CNLS
Connectionless Network Service (CLNS) is the service that CLNP provides to route messages to their
destinations. This service is independent of any other messages and can transmit data before a
circuit is established. M, MX, and T Series routers only support IP routing with IS-IS. They do not
support CLNP or CLNS routing. Full IS-IS CLNP routing (including End SystemtoIntermediate
System [ES-IS] routing) is supported on SRX Series Gateways and J Series Routers.
Dual IS-IS
The Integrated IS-IS protocol was proposed to support the transition from TCP/IP to OSI. Integrated
IS-IS, also known as dual IS-IS, provides a single routing protocol capable of routing both CLNS and
IP. Integrated IS-IS was developed to operate in a CLNS, IP, or CLNS/IP setting.
Single Algorithm
Like all integrated routing protocols, Integrated IS-IS requires that all routers run a single routing
algorithm. LSPs sent by routers running Integrated IS-IS include all destinations running either IP or
CLNP Network Layer protocols. Routers running Integrated IS-IS still must support protocols such as
the Address Resolution Protocol (ARP), the Internet Control Message Protocol (ICMP) for IP, and the
ES-IS protocol for CLNP.
Continued on the next page.
www.juniper.net
IS-IS Chapter 55
LSPs
Standard IS-IS packets must be modified to support multiple Network Layer protocols. IS-IS packet
formats were designed to support the addition of new fields without a loss of compatibility with
nonintegrated versions of IS-IS.
IS-IS adds type/length/value (TLV) objects (discussed further on the following pages) to support
integrated routing. These TLVs tell intermediate systems (ISs) which Network Layer protocols are
supported by other ISs and whether end stations running other protocols can be reached. They also
include any other required Network Layer, protocol-specific information.
Chapter 56 IS-IS
www.juniper.net
Operation of IS-IS
An IS-IS network is a single AS, also called a routing domain, that consists of end systems (ESs) and
intermediate systems (ISs). End systems are network entities that send and receive packets.
Intermediate systemswhich is the OSI term for a routersend and receive packets and relay, or
forward, packets. IS-IS packets are called PDUs.
IS-IS Areas
In IS-IS, a single AS can be divided into smaller groups called areas. Routing between areas is
organized hierarchically, allowing a domain to be divided administratively into smaller areas. IS-IS
accomplishes this organization by configuring Level 1 and Level 2 intermediate systems. Level 1
systems route within an area, and Level 2 intermediate systems route between areas and toward
other ASs. A Level 1/Level 2 system routes within an area on one interface and between areas on
another.
A Level 1/Level 2 system sets the attached bit in the Level 1 PDUs that it generates into a Level 1
area to indicate that it is a Level 2-attached backbone router and that it can be used to reach
prefixes outside the Level 1 area. Level 1 routers create a default route for interarea prefixes, which
points to the closest (in terms of metrics) Level 1/Level 2-attached router.
www.juniper.net
IS-IS Chapter 57
Chapter 58 IS-IS
www.juniper.net
www.juniper.net
IS-IS Chapter 59
OSPF Areas
IS-IS and OSPF are link-state routing protocols with many similarities. Differences exist between
them as well. Recall that, under OSPF, routers separate areas. The slide shows how a typical OSPF
network might be broken up into areas. Some interfaces are in one area, and other interfaces are in
another area. When an OSPF router has interfaces in more than one area, it is an ABR.
www.juniper.net
IS-IS Areas
In IS-IS areas, a Level 1/Level 2 router fulfills the same purpose as an area border router (ABR) in
OSPF. Likewise, the collection of Level 2 routers in IS-IS is the backbone, while Area 0 is the
backbone in OSPF. However, in IS-IS, all routers are completely within an area, and the area borders
are on the links, not on the routers. The routers that connect areas are Level 2 routers, and routers
that have no direct connectivity to another area are Level 1 routers. An intermediate system can be a
Level 1 router, a Level 2 router, or both (an L1/L2 router).
www.juniper.net
IS-IS PDUs
The slide highlights the topic we discuss next.
www.juniper.net
www.juniper.net
Flooded Periodically
The IS-IS LSPs are flooded when either a network change occurs or often enough to keep the
database from having stale information. Each LSP has a 2-byte field named the remaining lifetime.
Each IS-IS router initializes this field to a certain value when the LSP is created. By default, this timer
value is set to 1200 seconds, or 20 minutes. Each router takes this value and begins a countdown
toward 0. Before the timer expires (at approximately 317 seconds), the originating system
regenerates the LSP and floods it to all its neighbors.
www.juniper.net
PDU Type
The 1-byte PDU type field denotes whether the PDU is Level 1 or Level 2 PDU. A value of 18
represents a Level 1 PDU and a value of 20 is a Level 2 PDU. With this exception as well as different
multicast destination addresses, the PDU contents and formats are identical to each other.
LSP ID Field
The ID of the LSP uniquely identifies it within the IS-IS domain. The 8-octet field is comprised of the
routers system ID (6 bytes), the circuit ID (1 byte), and the LSP number (1 byte). The system ID is
located within the NET address of the router and is used exactly as is. The LSP number field
represents a fragmented LSP. The initial LSP receives a value of 0x00, and it is incremented by 1 for
each following fragment.
The circuit ID field helps distinguish LSPs advertised from a single router. By default, all LSPs
representing the router as a node use a value of 0x00 for the circuit ID field. When a router is
operating as a designated intermediate system (DIS), it places the value of the circuit ID into this
field and generates a separate LSP for the broadcast segment. The Junos OS uses a constant value
circuit ID value of 0x01 for the loopback interface as well as all point-to-point interfaces. Each
broadcast segment receives a unique circuit ID value beginning at 0x02 and incrementing to a
maximum value of 0xff.
Continued on the next page.
www.juniper.net
Attached Bit
Any IS-IS router with a Level 2 adjacency to a system in another area sets the Attached bit in its
Level 1 LSP. Level 1 routers can then forward data packets to that attached router for transport out
of the local area.
Overload Bit
An IS-IS router can set the overload bit to inform the other routers in the network that it is incapable
of reliably transmitting transit packets to other portions of the network. While the original intent of
the bit was to ease memory problems on individual routers, modern-era routers do not have such
constraints. In todays network environment, the bit is often used to take a router out of service for
maintenance or to allow it to fully converge within the network before forwarding traffic.
IS Type Bits
The IS type bits inform other routers in the network about the capabilities of the local router. Two
possible settings are available for these bits. When the bits are set to a value of 01 (0x01), the local
router can support only Level 1 routing. A value of 11 (0x03), however, means that the local router
can support both Level 1 and Level 2 routing. These settings are the only two settings possible for
these bits.
www.juniper.net
Hello Transmission
Routers send hello packets at a fixed interval on all interfaces to establish and maintain neighbor
relationships. The hello interval field advertises this interval in the hello packet. By default, a DIS
router sends hello packets every 3 seconds, and a non-DIS router sends hello packets every 9
seconds.
Continued on the next page.
www.juniper.net
PDU Fields
The following list provides the details of the PDU fields:
Circuit type: Defines the router as an Level 1, Level 2, or Level 1/Level 2 router;
Source ID: Identifies the system ID of the router that originated the hello PDU;
Holding time: Specifies the period a neighbor should wait to receive the next hello PDU
before declaring the originating router dead;
Priority: Provides a value between 0 and 127 used for DIS election; and
LAN ID: Identifies the system ID or the DIS plus one more octet (the pseudo-node ID) to
differentiate this LAN ID from another LAN ID that might have the same DIS.
www.juniper.net
IS-IS LSPs
IS-IS sends LSPs at regular intervals and when an IS discovers any of the following:
Once LSPs are distributed appropriately, IS-IS runs the Dijkstra algorithm to compute optimal paths
to each ES. This algorithm iterates on the length of a path, examining the LSPs of all ISs working
outward from the host IS. At the end of the computation, IS-IS forms a connectivity tree yielding the
shortest paths, including all intermediate hops, to each IS.
www.juniper.net
www.juniper.net
www.juniper.net
TLV 1 (Area address): Provides the area address encoded within the IS-IS NET on the
loopback 0 (lo0) interface.
TLV 2 (IS reachability): Advertises the IS neighbors adjacent to the local router as well as
the metric used to reach those neighbors.
TLV 10 (Authentication): Contains the authentication type and the configured password.
TLV 128 (IP internal reachability): Advertises the IP address and subnet mask for each
of the routers interfaces capable of supporting IP version 4 (IPv4) traffic.
TLV 129 (Protocols supported): Informs other routers in the network which Layer 3
protocols the local router supports. By default, the Junos OS supports both IPv4 and IP
version 6 (IPv6). On the J Series Services Router and the SRX Series Services Gateways,
you can also use the Junos OS to support CLNS.
www.juniper.net
TLV 130 (IP external reachability): Advertises the network and subnet mask for all
routes advertised into IS-IS by using a policy.
TLV 132 (IP interface address): Advertises the host IP address for all router interfaces.
TLV 134 (Traffic engineering IP router ID): Advertises the 32-bit router ID (RID) of the
local router.
TLV 135 (Extended IP reachability): Advertises the IP address and subnet mask for
router interfaces that can support traffic engineering. This TLV also populates the TED.
TLV 137 (Dynamic hostname resolution): Advertises the ASCII hostname configured on
the local router. Other IS systems use this TLV to resolve the hostname of the router for
use in show command output and within certain TLVs.
www.juniper.net
TLV 222 (Multiple topology IS reachability): Advertises the IS neighbors adjacent to the
local router and the routers that support multiple topologies of IS-IS.
TLV 229 (Multiple topologies supported): Advertises which multiple topologies of IS-IS
the local router supports. Each topology is identified by a 12-bit ID field.
TLV 235 (Multiple topology IP reachability): Advertises the IP information for interfaces
that support multiple topologies. This TLV contains multiple sub-TLVs, which define the
actual information. Each set of sub-TLVs is accompanied by the 12-bit topology ID field.
IPv6 TLVs
The following list provides the details of the TLVs that support IPv6:
TLV 232 (IPv6 interface address): Advertises the IPv6 interface address for those
interfaces that support IPv6 traffic.
TLV 236 (IPv6 reachability): Advertises information about the network link on which the
IPv6 protocol is operating. This TLV contains multiple sub-TLVs that contain the actual
metric information, among other things.
www.juniper.net
www.juniper.net
TLV type (1 byte): The type of the TLV is encoded in this field with a constant value of 1.
TLV length (1 byte): This field contains the length of the remaining fields in the TLV.
Together, the TLV length and area length fields allow an IS-IS router to determine the
number of area addresses encoded within the TLV.
Area length (1 byte): The length of the following advertised area is encoded in this field.
Area ID (variable): This field can range from 1 to 13 bytes. It contains the actual area
address configured within the NET ID of the router.
IS Reachability TLV
Each IS-IS router advertises its adjacencies with neighboring systems through this TLV. The various
metric fields as well as the neighbor ID field are repeated for each adjacent neighbor. The metric
values are encoded in a 6-bit field resulting in possible metrics between 0 and 63. These values are
sometimes referred to as old-style or small metrics. The IS reachability TLV contains the following
fields:
TLV type (1 byte): The type of the TLV is encoded in this field with a constant value of 2.
TLV length (1 byte): The length of the remaining fields in the TLV is placed in this field.
This length allows the router to determine the number of neighbors encoded within the
TLV. Each set of neighbors and metrics occupies 11 octets of space. Therefore, the field
length minus 1 (for the virtual flag) should be divisible by 11, resulting in the number of
adjacent neighbors.
Virtual flag (1 byte): An IS-IS router sets this flag when the advertised information
should be used to repair a nonadjacent Level 2 area. The Junos OS does not support
partition repair and this field is set to a constant value of 0x00.
www.juniper.net
www.juniper.net
Default metric (1 byte): The first bit in this field is a reserved bit and is set to a value of
0. The second bit in this field can be used to support internal and external metrics by
indicating the metric type; internal and external metrics are not comparable. Because
this TLV is never leaked, the I/E bit is always coded to a zero to indicate an internal type.
The remaining 6 bits are used to encode the metric cost to reach the adjacent neighbor.
Delay metric (1 byte): The Junos OS does not support the use of type of service (ToS)
metrics within IS-IS. The S bit is set to a constant value of 1 (not supported), while the
I/E and metric bits are all set to a constant value of 0.
Expense metric (1 byte): The Junos OS does not support the use of ToS metrics within
IS-IS. The S bit is set to a constant value of 1 (not supported), while the I/E and metric
bits are all set to a constant value of 0.
Error metric (1 byte): The Junos OS does not support the use of ToS metrics within IS-IS.
The S bit is set to a constant value of 1 (not supported), while the I/E and metric bits are
all set to a constant value of 0.
Authentication TLV
If configured to support authentication, an IS-IS router includes this TLV in all advertised link-state
PDUs. The authentication TLV contains the following fields:
TLV type (1 byte): The type of the TLV is encoded in this field with a constant value of 10.
TLV length (1 byte): The length of the remaining fields in the TLV is placed in this field.
Authentication type (1 byte): The specific form of authentication is encoded in this field.
Plain-text authentication uses a value of 1, while Message Digest 5 (MD5)
authentication uses a value of 54.
Password (Variable): The actual authentication data is stored in this field. When MD5 is
used, the size of this field is always 16 bytes.
www.juniper.net
TLV type (1 byte): The type of the TLV is encoded in this field with a constant value of 22.
TLV length (1 byte): The length of the remaining fields in the TLV is placed in this field.
Wide metric (3 bytes): The metric cost to reach the adjacent neighbor is encoded in this
field.
www.juniper.net
Sub-TLV length (1 byte): The length of any optional sub-TLVs is encoded in this field. If no
sub-TLVs are present, the field is set to a value of 0.
www.juniper.net
TLV type (1 byte): The type of the TLV is encoded in this field, which holds a constant
value of 128.
TLV length (1 byte): The length of the remaining fields in the TLV is placed in this field.
This length allows the router to determine the number of prefixes advertised within the
TLV. Each set of metrics and addresses occupies 12 octets of space.
Default metric (1 byte): The first bit in this field is known as the Up/Down (U/D) bit. It is
used to provide information to IS-IS routers in a multilevel network to allow for prefix
advertisements across a level boundary and to prevent routing loops. The second bit in
this field can be used to indicate whether a given pair of metrics are comparable by
indicating a metric type of either internal or external. Although some Junos OS versions
made use of the I/E bit for TLV 128, the current release ignores this bit upon reception
and treats all prefixes as internal. The final 6 bits represent the metric cost to reach the
advertised prefix.
www.juniper.net
Delay metric (1 byte): The Junos OS does not support the use of ToS metrics within IS-IS.
The S bit, the R bit, and the metric bits are all set to a constant value of 0.
Expense metric (1 byte): The Junos OS does not support the use of ToS metrics within
IS-IS. The S bit, the R bit, and the metric bits are all set to a constant value of 0.
Error metric (1 byte): The Junos OS does not support the use of ToS metrics within IS-IS.
The S bit, the R bit, and the metric bits are all set to a constant value of 0.
www.juniper.net
www.juniper.net
TLV type (1 byte): The type of the TLV is encoded in this field. A constant value of 129 is
placed in this field.
TLV length (1 byte): The length of the remaining fields in the TLV is placed in this field.
This length allows a router to determine the number of NLPIDs encoded within the TLV.
Network Layer protocol ID (1 byte): The 8-bit NLPID is placed within this field. By default,
the Junos OS supports both IPv4 (0xCC) and IPv6 (0x8E) and encodes those values in
this TLV. On J Series routers and SRX Series devices, you can also configure the
Junos OS to support the CLNS protocol by configuring clns-routing at the [edit
protocols isis] configuration hierarchy.
TLV type (1 byte): The type of the TLV is encoded in this field with a constant value of
130.
TLV length (1 byte): The length of the remaining fields in the TLV is placed in this field.
This length allows the router to determine the number of prefixes advertised within the
TLV. Each set of metrics and addresses occupies 12 octets of space.
Default metric (1 byte): The first bit in this field is the U/D bit. It is used by IS-IS routers
in a multilevel network to allow for prefix advertisements across a level boundary and to
prevent routing loops. The second bit in this field can be used to indicate whether a
given pair of metrics are comparable by indicating a metric type of either internal or
external. Although some Junos OS versions made use of the I/E bit for TLV 130, the
current release ignores this bit upon reception and treats all prefixes as external by
virtue of their being carried within TLV 130. The final 6 bits represent the metric cost to
reach the advertised prefix.
www.juniper.net
www.juniper.net
Delay metric (1 byte): The Junos OS does not support the use of ToS metrics within IS-IS.
The S bit, the R bit, and the metric bits are all set to a constant value of 0.
Expense metric (1 byte): The Junos OS does not support the use of ToS metrics within
IS-IS. The S bit, the R bit, and the metric bits are all set to a constant value of 0.
Error metric (1 byte): The Junos OS does not support the use of ToS metrics within IS-IS.
The S bit, the R bit, and the metric bits are all set to a constant value of 0.
IP address (4 bytes): The IPv4 prefix being advertised in the TLV is encoded in this field.
Subnet mask (4 bytes): The subnet mask associated with the advertised prefix is stored
in this field.
TLV type (1 byte): The type of the TLV is encoded in this field with a constant value of
132.
TLV length (1 byte): The length of the remaining fields in the TLV is placed in this field.
This length allows a router to determine the number of addresses encoded within the
TLV.
www.juniper.net
TE IP RID TLV
All routers configured to support traffic engineering, which is the Junos OS default setting, generate
this TLV. The RID of the local router is placed in this field for use in the TED. The TE IP RID TLV
contains the following fields:
www.juniper.net
TLV type (1 byte): The type of the TLV is encoded in this field with a constant value of
134;
TLV length (1 byte): The length of the remaining fields in the TLV is placed in this field
with a constant value of 4; and
IPv4 address (4 bytes): The RID of the local router is placed in this field.
TLV type (1 byte): The type of the TLV is encoded in this field with a constant value of
135.
TLV length (1 byte): The length of the remaining fields in the TLV is placed in this field.
This length allows the router to determine the number of prefixes advertised within the
TLV.
Metric (4 bytes): The metric of the advertised prefix is encoded in this field.
www.juniper.net
www.juniper.net
Prefix length (1 byte): The first bit in this field is the U/D bit, which is used to allow
prefixes to be advertised across a level boundary and to prevent routing loops. The
second bit in this field is the sub bit, which denotes if any optional sub-TLVs are
associated with the advertised prefix. The final 6 bits represent the length of the
advertised prefix.
Optional sub-TLV type (1 byte): The type of the sub-TLV is encoded in this field. The
Junos OS currently supports only one sub-TLV type, which is a 32-bit route tag with a
type code of 1.
Optional sub-TLV length (1 byte): The length of the remaining fields in the sub-TLV is
placed in this field.
Optional sub-TLV (variable): For the supported route tag sub-TLV, the 32-bit tag value is
placed in this field. IS-IS route tagging offers the same administrative filtering
capabilities as the OSPF protocol. IS-IS traffic engineering extensions, which enable
TLV 135, must be enabled to support route tagging. TE extensions are enabled for IS-IS
by default.
TLV type (1 byte): The type of the TLV is encoded in this field with a constant value of
137.
TLV length (1 byte): The length of the hostname field is placed in this field. Possible
values range from 1 to 255 octets.
Hostname (Variable): The locally configured ASCII hostname of the router is placed in
this field.
www.juniper.net
The local router is configured within Area 49.0001, and the area length is 3 bytes. This
information is available in the Area Address field and TLV 1.
The local routers RID is 192.168.48.1. This information is available in the IP router
id field and TLV 134.
The LSP was originated by the Sao Paulo router, because the Hostname field of TLV
137 lists SaoPaulo in its payload.
The local router has an IS adjacency with the Sydney routers at a metric of 10. This
information is available in the IS Neighbor field and TLV 2.
The IP address of the routers interface toward Sydney is 10.222.60.2, as seen in TLV
22, sub-TLV 6.
The local router is advertising two internal local IS-IS routes, 10.222.60.0/24 and
192.168.48.1/32. This information is available from the IP Prefix field and TLV
128.
www.juniper.net
The local router has a policy configured to advertise the external prefix of
192.168.49.0/24. This information is available in the IP external prefix field
and TLV 130.
All three prefixes advertised by the local router are carried in TLV 135 and are visible in
the IP extended prefix field.
www.juniper.net
www.juniper.net
www.juniper.net
DIS Election
The IS-IS DIS election process is achieved by assigning a Level 1 priority and a Level 2 priority on
every IS-IS router interface, with a range of 0 through 127. The Junos OS uses a default priority of 64
for both levels. The router advertises its priority in the hello PDUs sent from each interface. The L1
priority is advertised in L1 hello PDUs, and the L2 priority is advertised in L2 hello PDUs. If the priority
is 0, the router is ineligible to become the DIS. Interfaces to nonbroadcast networks automatically
have a priority of 0. The router with the higher priority value becomes the DIS. In the event of a tie,
the router with the numerically highest subnetwork point of attachment (SNPA), which is a fancy
name for a MAC address, wins the election.
DIS Characteristics
Unlike OSPF, however, an IS-IS router attached to a broadcast, multi-access network establishes
adjacencies with all of its neighbors on the network, not just the DIS. Each router multicasts its LSPs
to all of its neighbors, and the DIS uses a system of PDUscalled sequence number PDUsto ensure
that the flooding of LSPs is reliable. Also unlike OSPF, no election of a backup designated router
occurs in IS-IS. If the IS-IS DIS fails, a new DIS is elected. Another characteristic is that if a new router
with a higher priority than the existing DIS becomes active, or if the new router has an equal priority
and a higher subnetwork point of attachment (MAC address), the new router becomes the DIS. When
the DIS changes, a new set of LSPs must be flooded.
www.juniper.net
Pseudo-Node
IS-IS elects a DIS on broadcast and multi-access networks for the same reason as OSPF. Rather than
having each router connected to the LAN advertise an adjacency with every other router connected
to the LAN, the network itself is considered a routera pseudo-node. Each router, including the DIS,
advertises a single link to the pseudo-node. The DIS also advertises, as the representative of the
pseudo-node, a link to all of the attached routers.
www.juniper.net
IP Configuration Necessary
You can check several things while troubleshooting IS-IS adjacency problems. When establishing
adjacencies in IS-IS, all routers on a link must agree upon the IP subnet to which they belong, except
on point-to-point links, which can be unnumbered or use /32 addressing. The Junos OS needs the IP
portion of the network to function so that the IS-IS adjacency will work.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Reference Bandwidth
To enable the calculation, use the reference-bandwidth command within the [edit
protocols isis] configuration hierarchy. The value entered has a value in bits per second. Use
the standard Junos shortcut notations of k (kilobits per second), m (megabits), and g (gigabits). The
entered value becomes the numerator value in the bandwidth calculation.
www.juniper.net
www.juniper.net
Index (detail output only): Displays the interface index assigned by the Junos kernel.
Circuit type (detail output only): Displays the circuit type, which can be 1Level 1
only, 2Level 2 only, or 3Level 1 and Level 2.
LSP interval (detail output only): Displays the interfaces link-state PDU interval.
Interface (brief output only): Displays the interface through which the adjacency is
made.
www.juniper.net
www.juniper.net
L1/L2 Metric: Displays the interfaces metric for Level 1 and Level 2. If no
information exists, the metric is 0.
Priority (detail output only): Displays the priority value for this interface.
Metric (detail output only): Displays the metric value for this interface.
Hello (s) (detail output only): Displays the interfaces hello interval.
Hold (s) (detail output only): Displays the interfaces hold time.
System (brief output only): Displays the system identifier (sysid), printed as a name if
possible.
State: Displays the state of the adjacency. It can be Up, Down, New, One-way,
Initializing, or Rejected.
Hold (secs) (brief/standard output only): Displays the remaining hold time of the
adjacency. Note that the show isis adjacency command returns brief output by
default.
SNPA (brief output only): Displays the subnetwork point of attachment (MAC address of
the next hop).
www.juniper.net
www.juniper.net
Expires in (detail output only): Displays how long until the adjacency expires, in
seconds;
Priority (detail output only): Displays the priority to become the DIS;
Up/Down transitions (detail output only): Displays the count of adjacency status
changes from up to down or from down to up;
Last transition (detail output only): Displays the time of the last up/down
transition;
Circuit type (detail output only): Displays the bit mask of levels on this interface,
which can be 1Level 1 router, 2Level 2 router, or 1/2both Level 1 and Level 2
routers;
Speaks (detail output only): Displays the protocols supported by this neighbor; and
SNPA: Displays the subnetwork point of attachment (MAC address of the next hop);
Start time (log output only): Displays the time that the SPF computation started;
Elapsed time (log output only): Displays the length of time required to complete the
SPF computation in seconds;
Count (log output only): Displays the number of times the SPF was triggered; and
Reason (log output only): Displays the reason that the SPF computation was
completed.
www.juniper.net
Received: Displays the number of PDUs received since IS-IS started or since the
statistics were zeroed.
Processed: Displays the number of PDUs received less the number dropped.
Sent: Displays the number of PDUs transmitted since IS-IS started or since the
statistics were zeroed.
Rexmit: Displays the number of PDUs retransmitted since IS-IS started or since the
statistics were zeroed.
Total packets received/sent: Displays the total number of PDUs received and
transmitted since IS-IS started or since the statistics were zeroed.
SNP queue length: Displays the number of CSNPs and PSNPs sitting on the SNP
queue waiting for processing. This value is almost always 0.
www.juniper.net
LSP queue length: Displays the number of LSPs sitting on the link-state PDU queue
waiting for processing. This value is almost always 0.
SPF runs: Displays the number of SPF calculations performed. If this number is
incrementing rapidly, it indicates that the network is unstable.
Fragments rebuilt: Displays the number of link-state PDU fragments that the local
system has computed.
LSP regenerations: Displays the number of link-state PDUs that have been
regenerated. An link-state PDU is regenerated when it is nearing the end of its lifetime
and it has not changed.
Purges initiated: Displays the number of purges that the system initiated. A
purge is initiated if the software decides that an link-state PDU must be removed from
the network.
www.juniper.net
www.juniper.net
Current version: Displays the number of the current version of the IS-IS routing
table.
L: Displays the level, which can be 1Level 1 only; 2Level 2 only; and 3Level 1 and
Level 2.
Version: Displays the version (or run) of SPF that generated the route.
Type: Displays the metric type. It can be int (internal) or ext (external).
Via: Displays the system identifier of the next hop, displayed as a name if possible.
Lifetime (in seconds): Displays the remaining lifetime of the LSP, in seconds.
IP prefix (detail and extensive output only): Displays the prefix advertised by this
LSP.
Metric (detail and extensive output only): Displays the metric of the prefix or neighbor.
www.juniper.net
www.juniper.net
Review Questions
1.
2.
3.
4.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
IS-IS Operations
The slide lists the topics we cover in this chapter. We discuss the highlighted topic first.
www.juniper.net
www.juniper.net
www.juniper.net
This router has both Level 1 and Level 2 adjacencies. You can determine this fact by the
existence of two databases on the router.
Within the Level 1 area, R1 is the router that can communicate with other Level 2
systems. You can determine this fact by the Attached keyword in its Level 1 LSP.
The R2 and R3 routers are configured to operate at Level 1 only because their
attributes are set to 0x01 (not shown in the output). Notice the L1 designation and the
absence of a L2 notation within the Attributes field.
The R3 router is the designated intermediate system (DIS) for one of its links in the
network. You can determine this fact by the extra LSP advertised as R3.02-00. The
circuit ID of the interface upon which it is the DIS is 0x02.
Dijkstra Algorithm
After a router receives a new LSP and places it into the LSDB, the router runs an algorithm known as
the Dijkstra algorithm (or shortest-path-first [SPF] algorithm). This computation uses the database as
a data source and results in a loop-free network topology using the best metric from the local router
to all nodes in the network.
During the course of this calculation, the algorithm uses three databasesthe LSDB, the candidate
database, and the tree database. Remember that the LSDB is the total compilation of routing
knowledge in the network. Conceptually, it consists of multiple tuples in the form of router ID (RID),
neighbor ID, and cost, which describe each link in the network.
When the algorithm operates, the local router moves its own local tuple into the tree database and
all tuples for its links into the candidate database. It then performs the following steps until the
candidate database is empty:
1.
For each new entry in the candidate database, the router determines the cost from root
to each neighbor ID. The SPF algorithm moves the tuple with the lowest cost from the
candidate database into the tree database. If multiple tuples exist with an equal cost,
one is chosen randomly.
2.
If a new neighbor ID appears in the tree database, any tuples in the LSDB with a router
ID equal to the new tree entrys neighbor ID are moved into the candidate database.
www.juniper.net
Each tuple in the candidate database is evaluated and any tuples whose neighbor ID is
currently in the tree database and whose cost to the root is greater than the entry
currently in the tree database are deleted. Step 1 is repeated until the candidate
database is empty.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Automatically Enabled
The functionality of the PRC is automatically enabled when you configure IS-IS within the Junos OS
you do not have to do anything to benefit from the enhancement. Conversely, no configuration option
is available to disable this feature.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
SPF Calculations
After receiving a new LSP from another router, the local router performs an SPF calculation using all
the values contained in the LSPs in the database. As mentioned on a previous slide, the cost is
calculated from the root node to every other node in the network using the metric cost of the
outgoing interfaces.
www.juniper.net
Authentication Types
The Junos OS supports three different forms of authentication for the IS-IS protocol. These types are
none, simple, and Message Digest 5 (MD5). The type of authentication used must match on all
routers within a level.
www.juniper.net
Level Authentication
Configuration of any authentication at either Level 1 or Level 2 secures hello, link-state, and
sequence number PDUs.
In the example on the slide, MD5 authentication is enabled for Level 1, and simple authentication is
configured for Level 2.
Note
Take care when configuring authentication on a
point-to-point interface. IS-IS uses a single hello
PDU on these interfaces (as opposed to a
broadcast interface having a Level 1 and a Level
2 hello). Thus, the local router uses the
authentication configured at the lowest level for
the hello PDUs on this interface. Potential
problems might arise if one side of the interface
is operating both Level 1 and Level 2 while the
other side is operating only Level 2.
Continued on the next page.
www.juniper.net
Per-Interface Authentication
As is a common practice within the Junos OS configuration hierarchy, IS-IS authentication options
configured at an interface level supercede any options configured at a higher level.
Interface fe-0/0/0.0 on the slide has MD5 authentication configured for hello PDUs sent at Level 2
using the hello-authentication commands. This hello authentication will be used only on
that specific interface.
www.juniper.net
www.juniper.net
Full-Mesh Topologies
At times, the default flooding mechanism might be a disadvantage. Such is the case with a full-mesh
physical or logical topology. In this type of an environment, each IS-IS router receives extra copies of
the same LSP. These extra copies are not needed and can be discarded safely.
In the example on the slide, the R4 router receives an LSP generated from the R1 router three times.
www.juniper.net
Group Numbers
To configure a mesh group within the Junos OS, assign each interface within IS-IS a group number by
using the mesh-group command. This number can be any 32-bit value. Within each local router,
any LSPs received on an interface assigned to a mesh group are not flooded out any interfaces
within that same mesh group.
www.juniper.net
Overload Settings
You can turn the overload setting on or off as a permanent value, or you can associate a timer
with it. If the timer is omitted, then the overload bit is set once you commit the configuration. The bit
remains until you remove the overload setting from the configuration, and the configuration is
committed once again. However, if you assign a timer value, the bit is not set automatically. The timer
associated with the overload bit initializes only when the routing protocol daemon (rpd) also
initializes. This timer can run from between 60 and 1800 seconds. Once the timer expires, the bit is
removed from the LSPs, but the configuration still contains the overload command.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
The Result
The result of the preference change is now a default that points properly to the IS-IS router.
www.juniper.net
www.juniper.net
www.juniper.net
Review Questions
1.
2.
3.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Multilevel Configuration
The slide highlights the topic we discuss next.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Review Questions
1.
2.
3.
4.
www.juniper.net
www.juniper.net
Chapter 82 BGP
www.juniper.net
Review of BGP
The slide lists the topics we cover in this chapter. We discuss the highlighted topic first.
www.juniper.net
BGP Chapter 83
What Is BGP?
The Border Gateway Protocol (BGP) is a routing protocol between autonomous systems (ASs) and is
sometimes referred to as a path-vector routing protocol because it uses an AS path, used as a
vector, to prevent interdomain routing loops. The term path vector, in relation to BGP, means that
BGP routing information includes a series of AS numbers, indicating the path that a route takes
through the network. Although BGP is primarily used for inter-AS routing, BGP is also used in large
networks for MPLS-based VPNs and is used to separate large OSPF domains. BGP is much more
scalable and offers a greater amount of control through policy than an IGP.
BGP exchanges routing information among ASs. An AS is a set of routers that operate under the
same administration. BGP routing information includes the complete route to each destination. BGP
uses the routing information to maintain an information base of Network Layer reachability
information (NLRI), which it exchanges with other BGP systems.
BGP is a classless routing protocol, that supports prefix routing, regardless of the class definitions of
IP version 4 (IPv4) addresses. BGP routers exchange routing information between peers. The peers
must be connected directly for inter-AS BGP routing (unless certain configuration changes are done).
The peers depend on established TCP connections, which we address later in this chapter.
BGP version 4 (BGP4) is essentially the only exterior gateway protocol (EGP) currently used in the
Internet. It is defined in RFC 4271, which made the former standard of more than 10 years,
RFC 1771, obsolete.
Chapter 84 BGP
www.juniper.net
www.juniper.net
BGP Chapter 85
Chapter 86 BGP
www.juniper.net
Idle: The Idle state is the initial state when all incoming BGP connections are refused. A
start event is required for the local system to initialize BGP resources and prepare for a
transport connection with the other BGP peer.
Connect: In the Connect state, BGP is waiting for the transport protocol connection to
be completed. If the transport protocol connection succeeds, the local system sends an
Open message and transitions to the OpenSent state. If the transport protocol
connection fails, the local system restarts the ConnectRetryTimer, searches for a
connection initiated by the remote BGP peer, and changes its state to Active.
www.juniper.net
BGP Chapter 87
Chapter 88 BGP
Active: In the Active state, BGP is trying to acquire a peer by initiating a transport
protocol connection. If the transport protocol connection succeeds, the local system
sends an Open message to its peer and transitions to the OpenSent state. If the local
systems BGP state remains in the Active state, you should check physical connectivity
as well as the configuration on both peers.
OpenSent: In the OpenSent state, BGP waits for an Open message from its peer. When
an Open message is received, it is checked and verified to ensure that no errors exist. If
an error is detected, the system transitions back to the Idle state. If no errors are
detected, BGP sends a Keepalive message.
Established: In the Established state, BGP can exchange Update, Notification, and
Keepalive messages with its peer. When the local system receives an Update or
Keepalive message and when the negotiated hold timer value is nonzero, it restarts its
hold timer. If the negotiated hold timer reaches zero, the local system sends out a
Keepalive message and restarts the hold timer.
www.juniper.net
Open: The open message is sent once the TCP three-way handshake is complete. The
open message initiates the BGP session and contains details about the BGP neighbor
and information about supported and negotiated options.
Update: BGP uses update messages to transport routing information between BGP
peers. Depending on the receiving devices routing policy, this routing information is
either added to the routing table or ignored.
Keepalive: BGP does not use keepalives at the Transport LayerTCP fills this need.
Instead, peers exchange keepalives as often as needed to ensure that the hold timer
does not expire.
www.juniper.net
BGP Chapter 89
Notification: BGP uses notification messages to signal when something is wrong with
the BGP session. A notification is sent when an unsupported option is sent in an open
message and when a peer fails to send an update or keepalive. When an error is
detected, the BGP session is closed.
Refresh: Normally a BGP speaker cannot be made to readvertise routes that have
already been sent and acknowledged (using TCP). The route refresh message supports
soft clearing of BGP sessions by allowing a peer to readvertise routes that have already
been sent. This soft clearing has some very specific uses when working with
MPLS-based VPNs and adding new customer sites to existing customer VPN structures.
Each BGP message uses the same fixed size header, which is 19 bytes. BGP keepalive messages do
not include any data portion following the header.
www.juniper.net
www.juniper.net
BGP Attributes
The primary purpose of BGP is not to find the shortest path to a given destination; rather, its purpose
is to find the best path. Each AS determines the best path to a prefix by determining its own
outbound routing preferences, the inbound routing preferences of the routes originator (as updated
by ASs along the path between the source and destination ASs), and some information that is
collected about the path itself. All this information is contained in path attributes that describe the
path to a prefix. The path attributes contain the information that BGP uses to implement the routing
policies of source, destination, and transit ASs.
The slide lists some common BGP attributes. We cover the listed attributes in greater detail on
subsequent pages.
www.juniper.net
www.juniper.net
ISP As Network
The slide highlights a portion of ISP As network. Internally, ISP A maintains reachability information
for each prefix within its aggregate address range. Therefore, every router in ISP A has knowledge
about the /24 prefix assigned to Customer A. This reachability information can be maintained by
either an IGP or by IBGP.
Even though ISP A has reachability information about each prefix internally, it advertises the
aggregate prefixes externally only. Because other networks use the same path to reach all prefixes
available on ISP As network, other networks do not need the more specific information. To reduce
the size of the global routing table, ISPs typically do not transmit the prefixes of their statically routed
customers to their peers; rather, they just transmit the aggregate prefixes from which their
addresses are assigned.
www.juniper.net
www.juniper.net
Customer Bs Aggregate
Customer B is currently a single-homed network but is planning on adding a second connection to
another ISP in the near future. Customer B advertises its portable /20 prefix to ISP C with an
AS path, indicating that it was originated locally. ISP C sends the advertisement to ISP B, who sends
it to ISP A, with each ISP updating the path attributes as it sends the route.
ISP A does not have a BGP session to Customer A, so Customer A does not receive any routing
information for Customer Bs prefix. However, receiving the route information is not necessary
because Customer A has a static default route that directs all Internet-bound traffic to ISP A. Once
the traffic reaches ISP A, ISP A follows the BGP-received route to Customer B.
www.juniper.net
www.juniper.net
Loopback Peering
You maintain only one IBGP session between each internal peer. The IGP is used to maintain
reachability between the loopback addresses regardless of the physical topology, allowing the IBGP
sessions to stay up even when the physical topology changes.
The physical topology is relevant in one respect: each router along the path between BGP speakers
must have enough information to make consistent routing decisions about packet forwarding. In
many cases, this requirement means that all routers along all possible physical paths between BGP
speakers must run BGP; however, in some networks this requirement is not necessary.
Interface Peering
Recall that EBGP sessions are simply BGP sessions between two routers in different autonomous
systems. When two EBGP peers have a single path between them, EBGP sessions are usually
established over the shared subnet between two peers, using the IP addresses assigned to the
interfaces on that subnet as the session endpoints. By establishing the EBGP session using the IP
address assigned to the interfaces on the shared subnet, you gain many advantages. One of these
advantages is that you prevent either AS from needing to maintain any routing information about the
other AS (besides what it received through BGP). You also ensure that all traffic flows over this
particular shared subnet.
www.juniper.net
Configuring BGP
The slide illustrates the sample configuration.
In this configuration example, we see some parameters defined under the [edit
routing-options] and [edit protocols bgp] hierarchies. Under the [edit
routing-options] hierarchy, we defined the systems router identifier (RID) and the local AS
number. Optionally, you can configure the systems local AS number under the global BGP hierarchy
for a specific BGP group, or, for a specific BGP neighbor, use the local-as configuration option.
When the AS number is configured at multiple hierarchy levels, the AS number specified at the most
specific hierarchy level is used. The ability to specify different AS numbers at different hierarchy
levels can be quite useful, especially when merging networks with different AS numbers.
Because we are using loopback-based peering for the internal BGP group, we must reference
loopback addresses in the related BGP configuration. In this case, the neighbor address is the
remote peers loopback address. The local-address is the local devices loopback address. If
the local address is not specified, the system uses the interface address of the egress interface
used to reach the referenced peer address. Because the peer is expecting to form an IBGP peering
session using the 192.168.100.1 address, you must specify that address as the local-address
in the configuration.
Continued on the next page.
www.juniper.net
www.juniper.net
BGP Authentication
All BGP protocol exchanges can be authenticated to guarantee that only trusted routing devices
participate in the ASs routing. By default, authentication is disabled. You can configure Message
Digest 5 (MD5) authentication. The MD5 algorithm creates an encoded checksum that is included in
the transmitted packet. The receiving routing device uses an authentication key (password) to verify
the packets MD5 checksum.
www.juniper.net
www.juniper.net
BGP Operations
The slide highlights the topic we discuss next.
www.juniper.net
www.juniper.net
IBGP peers advertise routes received from EBGP peers to other IBGP peers.
2.
EBGP peers advertise routes learned from IBGP or EBGP peers to other EBGP peers.
3.
IBGP peers do not advertise routes received from IBGP peers to other IBGP peers.
The purpose of the advertisement rules is to prevent routing loops on a BGP network.
www.juniper.net
www.juniper.net
Hidden Routes
You might expect all routes received from a BGP peer would be installed in the RIB-LOCAL table and
be visible using the show route protocol bgp command. But hidden BGP routes occur for
several reasons:
An import policy might exist that prevents the route from being installed; or
Unresolvable Next-Hop
The most common reason for hidden BGP routes is an unresolvable next-hop. The BGP Update
message contains a protocol next-hop IP address. If the router cannot resolve this address using its
routing table, the route cannot be used and is not installed in the routing table.
The number of hidden routes is always shown in the output of the show route command. To view
why routes are hidden, issue the show route hidden extensive command.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
The router compares routes for the highest local preference (the only choice based on a
higher, rather than lower, value).
2.
The router evaluates the AS-path attribute next, where a shorter path is preferred. This
attribute is often a common tiebreaker for routes.
3.
The router evaluates the origin code. The lowest origin code is preferred: ( I [IGP] < E
[EGP] < ? [Incomplete]).
www.juniper.net
www.juniper.net
4.
If any of the remaining routes are advertised from the same neighboring AS, the router
checks the MED attributes for the lowest value. The absence of a MED value is
interpreted as a MED of 0.
5.
If multiple routes remain, the router prefers any routes learned through an EBGP peer
over routes learned through an IBGP peer. If all remaining routes were learned through
EBGP, the router skips to Step 9.
6.
If the remaining routes were learned through IBGP, use the path with the lowest IGP
cost to the IBGP peer. For each IBGP peer, install a physical next hop based on the
following three rules:
a.
BGP examines both the inet.0 and the inet.3 routing tables for the BGP
next-hop value. The physical next hop of the instance with the lowest Junos OS
preference is used, which often means that BGP uses the inet.3 version of the
next hop, through an MPLS LSP.
b.
Should the preference values in the inet.0 and the inet.3 routing tables tie,
the physical next hop of the instance in inet.3 is used.
c.
When a preference tie exists and the instances are in the same routing table, the
number of equal-cost paths of each instance are examined. The physical next
hop of the instance with more paths is installed. This tie might occur when the
traffic-engineering bgp-igp option is used for MPLS.
7.
BGP then uses the route advertised from the peer with the lowest RID (usually the
loopback IP address). When comparing external routes from two distinct neighboring
ASs, if the routes are equal up to the RID comparison step, the currently active route is
preferred. This preference helps prevent issues with MED-related route oscillation. The
external-router-id command overrides this behavior and prefers the external
route with the lowest RID, regardless of which route is currently active.
8.
The router then examines the cluster-list attribute for the shortest length. The cluster list
is similar in function to an AS path.
9.
The router prefers routes from the router with the lowest peer IP address.
www.juniper.net
www.juniper.net
www.juniper.net
Configure multipath on R1
The configuration of the R1 router now contains the multipath command within the peer group for
AS 2. After committing the configuration, we examine the contents of the local routing table. We still
see the four routes advertised from AS 2, and each listing of the prefix still contains two versions of
the route. As before, the routes from the R2 router are marked active while the routes from the R3
router are marked inactive.
The effect of the multipath command on the routes from AS 2 is that the next hop for the routes
from R3 (10.222.29.2) are now added to the version of the route from R2. The next-hop information
for the inactive route version does not change in this environment.
Because each active route now has two next hops in the routing table, the default Junos OS
load-balancing process can be used. Each route has a single next hop selected, and this single next
hop is placed into the forwarding table. All traffic for each route uses just that single next hop. The
overall benefit of this system is the total amount of traffic sent from AS 1 to AS 2 can now be
load-balanced over the two inter-AS links. In our small example, just the 172.16.20.16/30 route is
using the 10.222.29.2 next hop, while the other three routes maintained the 10.222.28.2 next hop.
As more routes are announced between the AS networks, the selection of the next hops becomes
more evenly distributed.
Although not shown on the slide, you can also see the effects of using multipath in the output of the
show bgp summary command. The route information from both R2 and R3 now appears as
4/4/0. The routes from R2 are active, while the next-hop values from R3 are also used to forward
user traffic.
www.juniper.net
www.juniper.net
www.juniper.net
Load Balancing
You can alter the default behavior of the Junos OS to install a single next hop per route in the
forwarding table with a routing policy. The policy should contain the action of then
load-balance per-packet and be applied as an export policy to the forwarding table within
the [edit routing-options] configuration hierarchy.
After committing the configuration, we see the same 172.16.20.4/30 route in the routing table of
the local router. The same protocol information is displayed and again, a single next hop has been
selected. This selection mechanism is not affected by our load-balancing policy, so we cannot verify
whether it is working by examining the routing table. Instead, a look at the forwarding table shows
the outcome of our policy. Both the 10.10.1.1 and the 10.10.2.1 next hops are listed as valid
outbound interfaces for the 172.16.20.4/30 route. Traffic destined for this route is now forwarded
across both available next hops using a microflow hashing algorithm. The default inputs to the
microflow hash are the incoming router interface, the source IP address, and the destination IP
address. You can modify the inputs to the hashing algorithm at the [edit
forwarding-options hash-key family inet] configuration hierarchy. Specifying the
layer-4 command at this configuration hierarchy incorporates Layer 4 source and destination port
information into the hash key.
www.juniper.net
Configuration Options
The slide highlights the topic we discuss next.
www.juniper.net
passive Option
By default, a local router initiates a BGP open message to the remote router to establish the session.
The passive command stops this default action, and no open message is sent. The IP address and
AS of the remote peer are still configured, but the remote router must initiate the BGP session.
allow Option
The related option of allow also stops the sending of a BGP open message to the remote router. In
addition, the allow command also relaxes the requirement of explicitly configuring the remote
routers IP address by allowing you to define a subnet range for connections. BGP processes any
open message received from an IP address within the configured range and initiates a session with
that remote router.
www.juniper.net
www.juniper.net
www.juniper.net
Graceful Restart
Graceful restart (GR) addresses the situation described on the previous slide. GR allows a router
undergoing a restart event, including a restart of the routing protocol daemon (rpd), to inform its
adjacent neighbors and peers of its condition. The restarting router requests a grace period from the
neighbor or peer, which can then cooperate with the restarting router. When a restart event occurs
and GR is enabled, the restarting router can still forward traffic during the restart period, and
convergence in the network is not disrupted. The neighbors or peers of the restarting router, also
known as helper routers, hide the restart event from other devices not directly connected to the
restarting router. In other words, the restart is not visible to the rest of the network, and the
restarting router is not removed from the network topology.
The GR request occurs only if the following conditions are met:
www.juniper.net
The restarting router is not already cooperating with another restart already in progress;
and
GR Support
As shown on the slide, GR is supported by several standards-based protocols. A number of RFCs and
drafts exist that document the operational details for GR and each of the protocols for which GR is
supported. While these different protocols implement GR slightly differently, the basic concepts and
operations are the same from a high availability point of view.
GR Requirements
Routers must have GR enabled to support both GR router modesthe restarting router mode and
helper router mode. By default, Junos devices can operate as helper routers but not as restarting
routers; restarting router mode functionality must be enabled through configuration. We cover GR
configuration on subsequent slides.
In addition to having the GR functionality enabled, the router must support nonstop forwarding
operations, which simply means the router must be able to continue forwarding traffic during times
of control plane instability. Nonstop forwarding is an inherent attribute of Junos devices because of
the architectural design, which cleanly separates the control and forwarding planes.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
local-as loops number: Specify the maximum number of times that the local AS
number can appear in an AS path received from a BGP peer. For number, include a
value from 1 through 10.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Review Questions
1.
2.
3.
4.
5.
www.juniper.net
Lab 7: BGP
The slide provides the objective for this lab.
www.juniper.net
www.juniper.net
Various BGP attributes in detail and explains the operation of those attributes; and
www.juniper.net
BGP Policy
The slide lists the topics we cover in this chapter. We discuss the highlighted topic first.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Next Hop
The slide highlights the topic we discuss next.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Other AS Networks
Note that routers in AS 30 use AS 20 to reach the networks in AS 1, because of a shorter AS-path
length through AS 20. Also, routers in AS 20 use AS 2 to reach the networks in AS 1, because of a
shorter AS-path length. Finally, routers in AS 10 use AS 3 to reach the networks in AS 1, because of a
shorter AS-path length. Why should AS 40 be the only AS confused about the best way to reach AS 1?
www.juniper.net
www.juniper.net
Other AS Networks
Note that, because of shorter AS-path length, the following occur:
Routers in AS 30 still use AS 20 to reach the networks in AS 1.
Routers in AS 20 still use AS 2 to reach the networks in AS 1.
Routers in AS 10 still use AS 3 to reach the networks in AS 1.
Notice also that all the other AS networks on the slide (besides AS 40) still use the AS-path length for
route selection. The origin code is truly only effective when the AS-path lengths are equal.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Increases the current MED value by 50 for all routes within the 192.168.32.0/20
network; and
Decreases the current MED value by 50 for all routes within the 10.124.0.0/16 network
with a mask shorter than /24. Should the current value be less than 50, the result of
this policy action will be a MED value of 0.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
AS Path
The slide highlights the topic we discuss next.
www.juniper.net
www.juniper.net
www.juniper.net
AS-Path Prepending
The only standard approach to alter the AS-path attribute is to add information to it by prepending.
You can use a routing policy to extend (by prepending) AS-path information artificially onto an existing
AS path. This type of a policy is often an attempt to influence traffic coming into an AS from another
AS.
Continued on the next page.
www.juniper.net
Note that this behavior on the part of AS 2 (using AS 20 instead of sending directly to AS 1) is
unexpected and would not occur without the routing policy. This behavior is extended to AS 20 as
well, because AS 2 cannot shorten the AS path advertised by AS 1, even if AS 2 would like to shorten
it.
www.juniper.net
www.juniper.net
Brackets ([ ]): Enclose the local AS number associated with the AS path if more than one
AS number is configured on the router or if the AS number is being prepended.
Braces ({ }): Enclose AS setsgroups of AS numbers in which the order does not matter.
A set commonly results from route aggregation. The numbers in each AS set are
displayed in ascending order.
In the output on the slide, you can see four routes with different AS paths. The second route
represents a bracket output, the third route represents an AS set, and the fourth route represents a
confederation.
www.juniper.net
Regular Expressions
Often, administrative BGP routing policies require that route announcements or prefixes be found
and acted on based on the information contained within the AS-path attribute. This requirement
might be to enforce some administrative policy regarding other AS networks. Sometimes, it is just
easier to find routes based on their AS path than by looking for many specific prefixes and routes
individually.
Other Uses
The slide lists some examples of the types of information that must be found in the AS path.
www.juniper.net
Context-Sensitive Matching
Regular expressions allow information in a string to be found within a specific context, not just in
isolated instances. You can use regular expressions in conjunction with the BGP AS-path attribute to
match routes within a policy.
www.juniper.net
Each AS Is an Entity
Within the Junos AS-path regular expression syntax, the term is a complete AS value. You can use the
wildcard character of the dot ( . ) to represent a single AS number as well. Thus, the Junos OS detects
an AS number of 1024 (for example) not as the four character text string of 1, 0, 2, 4, but as the
single entity of 1024. To the Junos OS, AS numbers are not sequences of characters.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Format
Both the definition and application of the AS-path regular expressions occurs within the
policy-options configuration hierarchy. The regular expression in proper term operator
format is given a name with the as-path statement.
AS-Path Name
You can reference the regular expression name within a policy.
www.juniper.net
The AS path starts off with any AS value zero or more times, followed by
www.juniper.net
Given a Policy
Consider the routing policy shown on the slide.
.* 1024: Starts with any AS zero or more times, followed by 1024. The route will not
match the term as-paths. This definition does not allow for AS numbers after 1024.
Therefore, it is rejected by the final action.
1024 .*: Starts with 1024, followed by zero or more AS numbers. The route does
match the term as-paths. It is accepted.
.* 1024 .*: Starts with any AS zero or more times, followed by 1024, followed by
zero or more AS numbers. The route does match the term as-paths. It is accepted.
www.juniper.net
www.juniper.net
.* 44{1,2} .*: Starts with any AS zero or more times, followed by 44 once or
twice, followed by zero or more AS numbers. The route does match the term
as-paths. It is accepted.
2685 44{1,3} 1024: Start with AS 2685, followed by 44 one to three times,
followed by 1024. The route does not match the term as-paths. Therefore, it is
rejected by the final action.
1024 44{1,3} 2685: Start with AS 1024, followed by 44 one to three times,
followed by 2685. The route does match the term as-paths. It is accepted.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Various BGP attributes in detail and explained the operation of those attributes; and
www.juniper.net
Review Questions
1.
2.
3.
4.
www.juniper.net
www.juniper.net
The BGP attributes local preference and communities and explains the operation of
those attributes; and
www.juniper.net
Local Preference
The slide lists the topics we cover in this chapter. We discuss the highlighted topic first.
www.juniper.net
Local-Preference Power
The BGP attribute of local preference is the highest tiebreaker in the BGP path selection process. If a
BGP next hop is reachable, and BGP knows multiple routes, BGP always chooses the route with the
highest local preference. Thus, local preference is the first BGP attribute that favors one path over
another.
www.juniper.net
Pay Attention
When it comes to routing policy configurations, make sure to change local preference on the BGP
routes, not the preference of the BGP protocol as a whole!
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Local AS Only
The slide points out the local nature of local preference. Consider another AS called ISP E linked by
two lower-speed, but equal, links to ISP A. Which link should ISP E use to reach 192.168.27.0/24 in
ISP B?
Because EBGP does not propagate the local-preference values used inside ISP A, the ISP E AS has
no knowledge of the local-preference routing decisions made within ISP A with regard to the
192.168.27.0/24 route. ISP A, of course, still wants traffic from ISP E to flow towards R2 to avoid
shuttling all this traffic across its backbone.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Communities
The slide highlights the topic we discuss next.
www.juniper.net
www.juniper.net
www.juniper.net
Overlapping Communities
You should also avoid having too many overlapping communities. Customer routes belonging to
multiple communities can also be an issue.
When it comes to communities, simplicity is always a worthwhile goal.
www.juniper.net
Well-Known Communities
Certain well-known communities have a global meaning and special purposes. They are defined in
RFC 1997. All BGP implementations that understand communities (communities are optional, but
transitive) must know these communities and respect their functions.
Community Format
The BGP community attribute itself is just a list of the individual community attribute values
associated with the route (tags). Because no real limit exists on the number of tags in the list, a route
can belong to many communities. No predefined, upper limit exists on the number of communities
allowed on a route.
Continued on the next page.
www.juniper.net
www.juniper.net
No-export (0xFFFFFF01): This value tells routers to distribute routes with this
community tag within the confederation or AS, but no farther.
No-advertise (0xFFFFFF02): This value tells routers not to advertise these routes to
other BGP peers at all. (Despite appearances, this BGP community is quite useful.)
No-export-subconfed (0xFFFFFF03): This value tells routers not to distribute routes with
this community tag to external BGP peers (thus, they are confined to the sub-AS).
No-Export
The no-export community typically makes sure that route aggregation is optimal by suppressing more
specific routes. The no-export-subconfed just extends this aggregate concept to the sub-AS.
No-Advertise
The no-advertise community has a very narrow scope. Routes go to a BGP peer and no farther,
usually because peers know the routes through other means. This community is often used in a
LAN-connected router environment or when two BGP peers have multiple links between them.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
No-Export Example
The slide shows a typical use of the BGP no-export community.
AS 1 has multiple BGP sessions to its neighbor, AS 2. AS 1 also uses AS 2 as a transit AS for
connectivity to the Internet. AS 1 wants to advertise 172.17.0.0/16 to the Internet because AS 1
owns that entire address space. In addition, AS 1 also wants to advertise more specific route
information (shown as 172.17.0/17 and 172.17.128/17) only to its peer, AS 2.
Advertising the specifics as well as the aggregate to AS 2 would assist AS 2 to route user traffic into
AS 1 more efficiently because load sharing could be used on the more specific routes, as shown on
the slide. However, why should the whole Internet know or care about these specifics?
To assist AS 2 in finding and rejecting the more specific routes, AS 1 assigns the no-export
community to the 172.17.0.0/17 and the 172.17.128.0/17 routes. The BGP edge routers in AS 2 that
connect to the Internet automatically suppress and do not readvertise the /17 routes. Only the /16
route is readvertised to the Internet.
www.juniper.net
www.juniper.net
www.juniper.net
Enforcing Communities
Of course, setting local preferences in other AS networks with communities requires all the AS
administrators to cooperate. Nothing makes an AS respect the community attribute value.
www.juniper.net
www.juniper.net
www.juniper.net
Configuring Communities
You configure BGP communities in the Junos OS at the [edit policy-options] CLI hierarchy
level. You simply give the community a name and a number of members in the form of the
community ID. When you define multiple community members, a logical AND is between them. Thus,
a given name represents Community1, AND Community2, AND Community3, and so on.
Community ID Format
The community ID has an as-number:community-value format, with a colon (:) separating the
high-order and low-order octets. You can use the keywords no-export, no-advertise, and
no-export-subconfed to specify the well-known community values.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Default Is to Send
If you do not delete community attribute values, by default, all BGP communities are sent to all peers
inside an AS and outside the AS. Why clutter up the routing updates with useless and potentially
harmful information?
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
65001:100. = AS 65001 with community values of 1000, 1001, 1002, 1003, 1004,
1005, 1006, 1007, 1008, or 1009.
11.1:1000 = AS 1101, 1111, 1121,1131, 1141, 1151, 1161, 1171, 1181, or 1191
with a community value of 1000.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
The BGP attributes local preference and communities in detail and explained the
operation of those attributes; and
Review Questions
1.
2.
3.
4.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
1.
2.
3.
Because route reflection allows IBGP peers to send routes to other IBGP peers, RR2
sends the routes to RR3; and
4.
Because RR3 has no way of knowing the routes received from RR2 came from RR1,
RR3 sends them to RR1, forming a loop.
Cluster List
The cluster list attribute is analogous to the AS path attribute and is used to prevent loops. If an RR
receives a route with its own cluster ID in the cluster list, it drops the route. In addition, each router in
the network can use this attribute in the BGP path selection algorithm prior to using the peer IP
address attribute. BGP chooses the route with the shortest cluster list length. This process follows
the same theory as the AS path attribute.
The cluster ID is very similar to an AS number and should be unique within an individual AS. The
cluster ID is added to the cluster list attribute when a route is sent to clients and non-clients.
Originator ID
The originator ID attribute provides the router ID of the first router to advertise the route in the AS. It
also is used for loop prevention in the rare case where the cluster list does not prevent a loop.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Route Propagation
The next series of slides shows the flow of routing information in a route reflection network using a
basic topology.
We begin with a client in the left-most cluster advertising the 10.10.10.0/24 route to the clusters
route reflector.
The slide details how the 10.10.10.0/24 route is readvertised to all other clients in the cluster as well
as to all non-client IBGP peers of the reflector. This process applies to all other routes the route
reflector receives from a client in its cluster.
This slide shows how the other route reflectors in the network readvertise all routes received from
IBGP peers (the other reflectors in this example) to all of their cluster clients.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
BGP Confederations
The slide highlights the topic we discuss next.
www.juniper.net
Within a Sub-AS
The confederation sub-AS networks act just like a real AS; they require a full mesh of IBGP
connectivity within themselves. Should the full mesh of the sub-AS grow too large, route reflection
might be used within a sub-AS to scale the network.
Each sub-AS must have a unique AS number defined, and most administrators use a private AS
number from the 64512 to 65535 range.
Continued on the next page.
www.juniper.net
www.juniper.net
AS Confederation Sequence
As a route is advertised over a CBGP link, BGP modifies the AS path attribute to include the sub-AS
number. BGP places this sub-AS number into an AS confederation sequence, as denoted by
parentheses, within the AS path attribute. The sequence is a new AS path segment attribute with a
type code of 3.
The sub-AS values are sequenced in the order in which the route has traversed the network, with the
primary purpose being loop prevention within the confederation network. The confederation
sequence is not used in the calculation of AS path length for the BGP active route selection
algorithm. For routers within a confederation network, the confederation sequence appears as a
single, internal BGP AS network.
AS Confederation Set
Should some routing aggregation occur within the confederation network, the granularity of the
confederation sequence might be lost. This process is very similar to conventional BGP route
aggregation.
In this situation, the AS confederation sequence becomes an AS confederation set and is denoted by
curly braces within the AS path output. The set is also a new AS path segment attribute with a type
code of 4.
The routers within the confederation view the AS confederation set in the same manner as a
sequence. That is, the set is still used for loop prevention even though the ordering of the sub-AS
numbers is no longer significant.
Chapter 1122 Route Reflection and Confederations
www.juniper.net
www.juniper.net
Confederation Peering
The slide shows an example of a BGP confederation network. The global AS of 201 is split up into five
sub-AS networks65000, 65001, 65002, 65003, and 65004. The sub-AS networks are connected
with EBGP-like connections (sometimes called CBGP). Because the CBGP links behave like EBGP,
there is no need for a full-mesh topology between each sub-AS. Therefore, you can provision CBGP
connections wherever it is logically, or physically, convenient.
Some of the sub-AS networks on the slide are using route reflection within the sub-AS to eliminate
the need for a full IBGP mesh. The combination of BGP confederations and route reflection
simultaneously allows for great flexibility in scaling your AS to hundreds or thousands of routers.
www.juniper.net
www.juniper.net
www.juniper.net
Review Questions
1.
2.
3.
4.
5.
6.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Routing Is Dynamic
In any real network, routes can appear and disappear rapidly if a link fails and restores itself
repeatedly in a short period of time. This is because any routes (and there could be thousands) that
use the failed interface as a next hop must respond to the failure, and the change in next hop must
propagate to all other routers on the network. This rapid changing of routing next hops is called route
flapping or just flapping as the link flaps up and down.
Update/Withdrawn Pairs
Flapping results in a rapid sequence of BGP update or withdrawn messages. Recall that BGP routers
must maintain separate memory tables for inbound and outbound traffic on a per-peer basis. In
addition, the BGP routing protocol propagates information on an as-needed basis. These two factors
make BGP unstable in the face of a flapping link.
Every BGP router that receives one of these update or withdrawn messages must send this
information on to all its BGP router peers. Much like the link-state IGPs of OSPF and IS-IS, BGP must
also recalculate its routing tables and databases every time a new update is received. If the new
information alters the path selection process, a new route is chosen for the RIB-LOCAL, and the new
route must be sent downstream to all BGP peers.
Continued on the next page.
www.juniper.net
www.juniper.net
Bad Links
Routes in a network can flap for any number of reasons. Quite possibly, the most frequent reason for
a link flap is because of faulty circuit that is on the brink of outright failure. Any link that rapidly
changes from seemingly operational to failing is a potential source of route flapping.
Unstable IGPs
Route flapping is not totally a BGP phenomenon. IGPs that are unstable because of faulty links can
affect BGP when IGP routes are injected into BGP for advertising. BGP stability is always desirable
and can be enhanced with careful use of static definitions and aggregates instead of injecting raw
IGP routes into BGP.
www.juniper.net
Congested Links
Link congestion can cause route flaps if the overloaded links drop the BGP sessions that keep the
BGP routes fresh.
www.juniper.net
Route Damping
Because route flapping can be so harmful to BGP, the protocol was extended to support route
damping. RFC 2439, BGP Route Flap Damping (November 1998), defines route damping.
Sometimes the term dampening is seen and used.
EBGP Only
Route damping is only applied to routes received from an EBGP peer. EBGP sessions can carry
information about thousands of routes. Each EBGP session must update or withdraw these routes as
required. Route damping seeks to reward route stabilities while penalizing route flapping. Once
damping is enabled, the router begins to maintain a database of instability. If an EBGP-received
route experiences enough flaps, the local BGP process ignores information about that route. This
reaction results in not including this information in the route selection process and not advertising
route changes to downstream BGP peers. Note that some ISPs no longer use damping.
www.juniper.net
www.juniper.net
www.juniper.net
Default Value = 0
When a previously unknown (that is, new) route arrives at a BGP router that has damping enabled,
the new route is assigned a figure of merit value of 0.
Continued on the next page.
www.juniper.net
As the EBGP peer withdraws the route, the figure of merit is increased by a value of
1000;
As the EBGP peer readvertises the route, the figure of merit is increased by a value of
1000; and
As attributes for the route change through new update messages from the EBGP peer,
the figure of merit is increased by a value of 500.
Point Reduction
The points given to a route decay (that is, reduce in value) at a certain rate, known as the
half-life. As long as points decay faster than they accumulate, the route is not suppressed.
www.juniper.net
Cutoff Threshold
The figure-of-merit value interacts with the damping parameters. The slide lists these parameters.
The suppress variable is the configured threshold where a BGP route is considered unstable and is
not used. This variable represents the value of the penalty that establishes the point at which
damping is initiated. When this value is reached, the route is cutoff (suppressed). The default value
of suppress is 3000. Possible values range from 120000. If changed, this value must be less
than or equal to the merit ceiling c, or damping never occurs.
Reuse Threshold
The reuse variable is the configured threshold where a BGP route is considered usable once again.
This variable is the value to which the penalty must decay before the router considers the route in its
path selection. The default value of the reuse is 750. Possible values range from 120000.
Decay Half-Life
The half-life variable is the rate at which the figure of merit is decreased to half its value once
the value is larger than 0. The default value of the half-life is 15 minutes. Possible values range
from 145 minutes.
Continued on the next page.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
AS 1 wants to operate the default damping values for routes from AS 100;
AS 1 does not want to damp any routes from its customer; and
AS 1 wants to damp all routes aggressively from the Internet except for certain prefixes.
The next few slides in this sequence examine how you can implement these damping policies.
The next slide outlines the routing policies you can use to accomplish these goals. We detail the
application of these routing policies on a later slide.
www.juniper.net
suppress is 1500;
reuse is 200;
max-suppress is 120.
A policy named customer-inbound is defined with no from statement, so all possible routes
match the policy. The policy has an action of damping do-not-damp. This action sets the profile of
do-not-damp to all routes.
A policy named internet-inbound is defined with two terms. The let-some-through term
has several route-filter statements with actions defined of damping do-not-damp. This term
further lists an action of then accept. A second term of damp-all-others has no from
statement defined, so all routes are subjected to the damping aggressive-damp action.
Warning: This version of the internet-inbound policy contains a logic flaw and does not work.
Please do not use this policy in your network. A corrected version is presented on a later slide. Can
you spot the flaw?
www.juniper.net
www.juniper.net
www.juniper.net
Damping History
The slide shows the output from the show route damping history command.
Any routes displayed by this command were withdrawn from the router. However, the router retains a
record of these routes should they be readvertised to the local router. Some notable details in the
display include the following:
www.juniper.net
The route is currently hidden. We see this in both the State: <Hidden Ext> field as
well as the Preference: /-101 field. Notice that no Junos OS protocol preference
value is defined.
There is a field (Merit) for the current figure-of-merit value. The two values that follow
list the value after the last BGP update (or withdrawal), and the current value after
experiencing some decay. For this route, the values are Merit: 2777/2454. Thus,
the value at the last update/withdrawal was 2777 (note that this value need not
necessarily exceed the default suppress threshold of 3000), and the current value is
2454.
The default parameters are used (Default damping parameters used). If this
route were evaluated by a policy with a damping action, the new damping profile name
would appear in the output.
The route is currently active. We see this both by the asterisk (*) in the output as well as
the State: <Active Ext> field.
There is a field (Merit) for the current figure-of-merit value. The two values list the
value after the last update (or withdrawal) and the current value after experiencing
some decay. For this route, the values are Merit: 2000/1954.
www.juniper.net
Damped Routes
The slide shows the output from the show route damping suppressed command.
Any routes displayed by this command were advertised to the router, but these routes have a figure
of merit that is currently above the suppress threshold, and the route is unusable.
Manual Clearing
The route remains in this state until the figure of merit crosses below the reuse threshold. A route
can have the figure of merit reduced to 0 administratively by using the clear bgp damping
command.
On the slide, the route 200.200.200.0/24 is currently suppressed and hidden. After we issue the
clear bgp damping command, the route is no longer hidden.
www.juniper.net
www.juniper.net
Review Questions
1.
2.
3.
4.
5.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Course Introduction
This chapter contains no review questions.
Chapter 2:
OSPF
1.
LSA Type 9 supports graceful restart.
2.
The metric or cost of a routers links can be automatically altered with the reference-bandwidth
command.
3.
The different forms of OSPF authentication include none, simple, and MD5.
Chapter 3:
OSPF Areas
1.
The ABR does not forward Type 4 and Type 5 LSAs into a stub area or NSSA. Type 3 LSAs are also not
forwarded in an OSPF NSSA with no summaries.
2.
You must configure all routers that are in the stub area or NSSA.
3.
The ABR of the stub area can optionally inject a 0.0.0.0/0 default route into the stub area or NSSA.
4.
The backbone area is affected by the area-range command.
Chapter 4:
Chapter 5:
IS-IS
1.
A PDU is a protocol data unit. It is used to send information about the IS-IS configuration between network
devices.
www.juniper.net
2.
The segments are called type/length/value (TLVs). They describe the originating router.
3.
Because IS-IS is deterministic, the added IS will assume the role of the DIS immediately and flood out new
PDUs to all other ISs on that segment.
4.
Set family iso and net on the physical and loopback interfaces. On the loopback interface, add an IP
address and an ISO address. Ensure that the Area Address portion of the NET is the same. Under
[protocols isis], disable Level 2.
Chapter 6:
Chapter 7:
Chapter 8:
BGP
1.
Using loopback addresses for peering sessions between IBGP neighbors maintains reachability even when
the physical topology changes as long as a viable path exists.
2.
EBGP-learned routes are advertised to both EBGP and IBGP peers. IBGP-learned routes are advertised to
EBGP peers. However, IBGP-learned routes are not advertised to other IBGP peers to prevent routing
loops.
www.juniper.net
3.
With Junos OS, all new BGP routes have an origin code of I=Internal.
When you configure multipath on a BGP router, the route selection algorithm ignores both the router ID
and the peer ID selection criteria.
Five approaches can solve the BGP next hop issue: Next-hop self; IGP passive interfaces; Export direct
routes into IGP; Static routes; and IGP adjacency formed on inter-AS links to EBGP peers.
Chapter 9:
www.juniper.net
www.juniper.net