Sie sind auf Seite 1von 710
JUNOS® Software Interfaces and Routing Configuration Guide for J-series Services Routers and SRX-series Services Gateways

JUNOS® Software

Interfaces and Routing Configuration Guide for J-series Services Routers and SRX-series Services Gateways

Release 9.2

Juniper Networks, Inc.

1194 North Mathilda Avenue Sunnyvale, California 94089 USA

408-745-2000

www.juniper.net

This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain.

This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirton s EGP, UC Berkeley s routing daemon (routed), and DCNs HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates.

This product includes software developed by Maker Communications, Inc., copyright © 1996, 1997, Maker Communications, Inc.

Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

JUNOS Software Interfaces and Routing Configuration Guide Release 9.2 Copyright © 2008, Juniper Networks, Inc. All rights reserved. Printed in USA.

Revision History August 2008 Revision 1

The information in this document is current as of the date listed in the revision history.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. The JUNOS software has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

SOFTWARE LICENSE

The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you understand and agree to be bound by those terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details. For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.

End User License Agreement

READ THIS END USER LICENSE AGREEMENT ( AGREEMENT ) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are Juniper Networks, Inc. and its subsidiaries (collectively Juniper ), and the person or organization that

originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software ( Customer ) (collectively, the Parties ).

2. The Software. In this Agreement, Software means the program modules and features of the Juniper or Juniper-supplied software, and updates and

releases of such software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller. Embedded Software means Software which Juniper has embedded in the Juniper equipment.

3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive

and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:

a. Customer shall use the Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer

has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the Steel-Belted Radius software on multiple computers requires multiple licenses, regardless of whether such computers are physically contained on a single

chassis.

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits to

Customer s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software

to be used only in conjunction with other specific Software. Customers use of the Software shall be subject to all such limitations and purchase of all applicable

licenses.

d. For any trial copy of the Software, Customer s right to use the Software expires 30 days after download, installation or use of the Software. Customer

may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period by re-installing the Software after the 30-day trial period.

e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer s enterprise network.

Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall

not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any locked or key-restricted feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use the Embedded Software on non-Juniper equipment; (j) use the Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein.

5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish

such records to Juniper and certify its compliance with this Agreement.

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer

shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer s internal business purposes.

7.

Ownership. Juniper and Juniper's licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software,

associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that

accompanies the Software (the Warranty Statement ). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper s or its suppliers or licensors liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties.

9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license

granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customers possession or control.

10. Taxes. All license fees for the Software are exclusive of taxes, withholdings, duties, or levies (collectively Taxes ). Customer shall be responsible for

paying Taxes arising from the purchase of the license, or importation or use of the Software.

11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign

agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer s ability to export the Software without an export license.

12. Commercial Computer Software. The Software is commercial computer softwareand is provided with restricted rights. Use, duplication, or disclosure

by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface

information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available.

14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology

are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License

( GPL ) or the GNU Library General Public License ( LGPL )), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL at http://www.gnu.org/licenses/lgpl.html.

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions

of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous les documents y compris tout

avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).

Abbreviated Table of Contents

 

About This Guide

xxv

Part 1

Support Overview for Interface and Routing Features

 

Chapter 1

Support for Interface and Routing Features on Different Device Types

3

Part 2

Configuring Router Interfaces

 

Chapter 2

Interfaces Overview Configuring Ethernet, DS1, DS3, and Serial Interfaces Configuring Channelized T1/E1/ISDN PRI Interfaces Configuring Digital Subscriber Line Interfaces Configuring Point-to-Point Protocol over Ethernet Configuring ISDN Configuring USB Modems for Dial Backup Configuring Link Services Interfaces Configuring uPIMs as Ethernet Switches

11

Chapter 3

73

Chapter 4

111

Chapter 5

127

Chapter 6

159

Chapter 7

179

Chapter 8

225

Chapter 9

243

Chapter 10

291

Part 3

Configuring Routing Protocols

 

Chapter 11

Routing Overview Configuring Static Routes Configuring a RIP Network Configuring an OSPF Network Configuring the IS-IS Protocol Configuring BGP Sessions

299

Chapter 12

335

Chapter 13

347

Chapter 14

361

Chapter 15

381

Chapter 16

389

Part 4

Configuring Private Communications over Public Networks with MPLS

 

Chapter 17

Multiprotocol Label Switching Overview Enabling MPLS Configuring Signaling Protocols for Traffic Engineering Configuring Virtual Private Networks Configuring CLNS VPNs

407

Chapter 18

425

Chapter 19

429

Chapter 20

441

Chapter 21

463

JUNOS Software Interfaces and Routing Configuration Guide

Part 5

Configuring Routing Policies and Stateless Firewall Filters

 

Chapter 22

Configuring Routing Policies Configuring Stateless Firewall Filters (ACLs)

477

Chapter 23

497

Part 6

Configuring Class of Service

 

Chapter 24

Class-of-Service Overview Configuring Class of Service

529

Chapter 25

557

Part 7

Index

Index

639

Table of Contents

About This Guide

xxv

Objectives Audience Supported Routing Platforms How to Use This Manual Document Conventions

xxv

xxv

xxvi

xxvi

xxviii

 

JUNOS Software Documentation for J-series Services Routers and SRX-series Services Gateways Documentation Feedback Requesting Technical Support

xxx

xxxi

xxxii

Part 1

Support Overview for Interface and Routing Features

Chapter 1

Support for Interface and Routing Features on Different Device Types

3

Part 2

Configuring Router Interfaces

Chapter 2

Interfaces Overview

11

Interface Support on Different Device Types Interfaces Terms Network Interfaces Media Types Network Interface Naming Interface Naming Conventions Understanding CLI Output for Interfaces Data Link Layer Overview Physical Addressing Network Topology Error Notification Frame Sequencing Flow Control Data Link Sublayers MAC Addressing

11

13

18

18

18

18

21

22

22

23

23

23

23

23

23

JUNOS Software Interfaces and Routing Configuration Guide

Ethernet Interface Overview

24

Ethernet Access Control and Transmission

25

Collisions and Detection

25

Collision Detection

25

Backoff Algorithm

25

Collision Domains and LAN Segments

26

Repeaters

26

Bridges and Switches

26

Broadcast Domains

27

Ethernet Frames

27

T1 and E1 Interfaces Overview

28

T1 Overview

28

E1 Overview

29

T1 and E1 Signals

29

Encoding

29

AMI Encoding

29

B8ZS and HDB3 Encoding

30

T1 and E1 Framing

30

Superframe (D4) Framing for T1

30

Extended Superframe (ESF) Framing for T1

31

T1 and E1 Loopback Signals

31

Channelized T1/E1/ISDN PRI Interfaces Overview

32

T3 and E3 Interfaces Overview

32

Multiplexing DS1 Signals

32

DS2 Bit Stuffing

33

DS3 Framing

33

M13 Asynchronous Framing

34

C-Bit Parity Framing

35

Serial Interface Overview

37

Serial Transmissions

37

Signal Polarity

38

Serial Clocking Modes

39

Serial Interface Transmit Clock Inversion

39

DTE Clock Rate Reduction

39

Serial Line Protocols

40

EIA-530

40

RS-232

40

RS-422/449

41

V.35

42

X.21

42

ADSL Interface Overview

43

ADSL Systems

43

ADSL2 and ADSL2+

44

Asynchronous Transfer Mode

44

SHDSL Interface Overview

44

ISDN Interface Overview

45

ISDN Channels

45

ISDN Interfaces

45

Table of Contents

Typical ISDN Network

46

NT Devices and S and T Interfaces

46

U Interface

47

ISDN Call Setup

47

Layer 2 ISDN Connection Initialization

47

Layer 3 ISDN Session Establishment

47

Interface Physical Properties

48

Bit Error Rate Testing

49

Interface Clocking

49

Data Stream Clocking

50

Explicit Clocking Signal Transmission

50

Frame Check Sequences

50

Cyclic Redundancy Checks and Checksums

51

Two-Dimensional Parity

51

MTU Default and Maximum Values

51

Physical Encapsulation on an Interface

52

Frame Relay

53

Virtual Circuits

53

Switched and Permanent Virtual Circuits

53

Data-Link Connection Identifiers

54

Congestion Control and Discard Eligibility

54

Point-to-Point Protocol

54

Link Control Protocol

55

PPP Authentication

55

Network Control Protocols

56

Magic Numbers

56

CSU/DSU Devices

57

Point-to-Point Protocol over Ethernet

57

PPPoE Discovery

57

PPPoE Sessions

58

High-Level Data Link Control

58

HDLC Stations

58

HDLC Operational Modes

59

Interface Logical Properties

59

Protocol Families

60

Common Protocol Suites

60

Other Protocol Suites

60

IPv4 Addressing

61

IPv4 Classful Addressing

61

IPv4 Dotted Decimal Notation

62

IPv4 Subnetting

62

IPv4 Variable-Length Subnet Masks

63

IPv6 Addressing

63

IPv6 Address Representation

64

IPv6 Address Types

64

IPv6 Address Scope

64

JUNOS Software Interfaces and Routing Configuration Guide

 

IPv6 Address Structure Enabling IPv6 in Secure Context Virtual LANs Special Interfaces Discard Interface Loopback Interface Management Interface Services Interfaces MLPPP and MLFR MLFR Frame Relay Forum CRTP

65

65

66

67

70

70

70

71

72

72

72

Chapter 3

Configuring Ethernet, DS1, DS3, and Serial Interfaces

73

Before You Begin Configuring InterfacesQuick Configuration Configuring an E1 Interface with Quick Configuration Configuring an E3 Interface with Quick Configuration Configuring a Fast Ethernet Interface with Quick Configuration Configuring Gigabit Ethernet InterfacesQuick Configuration Configuring T1 Interfaces with Quick Configuration Configuring T3 Interfaces with Quick Configuration Configuring Serial Interfaces with Quick Configuration Configuring Redundant Ethernet Interfaces Quick Configuration Configuring Network Interfaces with a Configuration Editor Adding a Network Interface with a Configuration Editor Configuring Static ARP Entries on Ethernet Interfaces Deleting a Network Interface with a Configuration Editor Verifying Interface Configuration Verifying the Link State of All Interfaces Verifying Interface Properties

73

74

76

79

83

86

89

93

96

100

103

104

105

106

107

107

108

Chapter 4

Configuring Channelized T1/E1/ISDN PRI Interfaces

111

Channelized T1/E1/ISDN PRI Terms Channelized T1/E1/ISDN PRI Overview Channelized T1/E1/ISDN PRI Interfaces Drop and Insert ISDN PRI Transmission on Channelized Interfaces Before You Begin Configuring Channelized T1/E1/ISDN PRI interfaces with a Configuration Editor Configuring Channelized T1/E1/ISDN PRI Interface as a Clear Channel Configuring Channelized T1/E1/ISDN PRI Interface to Drop and Insert Time Slots Configuring Channelized T1/E1/ISDN PRI Interfaces for ISDN PRI Operation

111

112

112

113

113

114

114

114

117

119

Table of Contents

 

Verifying Channelized T1/E1/ISDN PRI Interfaces Verifying Channelized Interfaces Verifying Clear-Channel Interfaces Verifying ISDN PRI Configuration on Channelized T1/E1/ISDN PRI Interfaces Frequently Asked Questions About Channelized T1/E1/ISDN PRI Interfaces What Clock Combinations Are Possible for Channelized T1/E1/ISDN PRI Drop and Insert?

122

122

123

124

124

124

Chapter 5

Configuring Digital Subscriber Line Interfaces

127

DSL Terms Before You Begin Configuring ATM-over-ADSL Interfaces Configuring an ATM-over-ADSL Interface with Quick Configuration Adding an ATM-over-ADSL Network Interface with a Configuration Editor Configuring ATM-over-SHDSL Interfaces Configuring an ATM-over-SHDSL Interface with Quick Configuration Adding an ATM-over-SHDSL Interface with a Configuration Editor Configuring CHAP on DSL Interfaces (Optional) Verifying DSL Interface Configuration Verifying ADSL Interface Properties Displaying a PPPoA Configuration for an ATM-over-ADSL Interface Verifying an ATM-over-SHDSL Configuration

127

128

129

129

134

139

140

144

149

150

151

154

155

Chapter 6

Configuring Point-to-Point Protocol over Ethernet

159

PPPoE Terms PPPoE Overview PPPoE Interfaces Ethernet Interface ATM-over-ADSL or ATM-over-SHDSL Interface PPPoE Stages PPPoE Discovery Stage PPPoE Session Stage Optional CHAP Authentication Before You Begin Configuring PPPoE Interfaces with Quick Configuration

159

160

161

161

161

162

162

162

162

163

163

JUNOS Software Interfaces and Routing Configuration Guide

 

Configuring PPPoE with a Configuration Editor Setting the Appropriate Encapsulation on the Interface (Required) Configuring PPPoE Encapsulation on an Ethernet Interface Configuring PPPoE Encapsulation on an ATM-over-ADSL or ATM-over-SHDSL Interface Configuring PPPoE Interfaces (Required) Configuring CHAP on a PPPoE Interface (Optional) Verifying a PPPoE Configuration Displaying a PPPoE Configuration for an Ethernet Interface Displaying a PPPoE Configuration for an ATM-over-ADSL or ATM-over-SHDSL Interface Verifying PPPoE Interfaces Verifying PPPoE Sessions Verifying the PPPoE Version Verifying PPPoE Statistics

166

166

167

168

169

172

173

173

174

175

176

177

177

Chapter 7

Configuring ISDN

179

ISDN Terms ISDN Overview ISDN Interfaces ISDN BRI Interface Types ISDN PRI Interface Types Dialer Interface Before You Begin Configuring ISDN BRI Interfaces with Quick Configuration Configuring ISDN BRI Physical Interfaces with Quick Configuration Configuring ISDN BRI Dialer Interfaces with Quick Configuration Configuring ISDN Interfaces and Features with a Configuration Editor Adding an ISDN BRI Interface (Required) Configuring Dialer Interfaces (Required) Configuring Dial Backup Configuring Dialer Filters for Dial-on-Demand Routing Backup Configuring the Dialer Filter Applying the Dial-on-Demand Dialer Filter to the Dialer Interface Configuring Dialer Watch Adding a Dialer Watch Interface on the Device Configuring the ISDN Interface for Dialer Watch Configuring Dial-on-Demand Routing Backup with OSPF Support (Optional) Configuring Bandwidth on Demand (Optional) Configuring Dialer Interfaces for Bandwidth on Demand Configuring an ISDN Interface for Bandwidth on Demand Configuring Dial-In and Callback (Optional) Configuring Dialer Interfaces for Dial-In and Callback Configuring an ISDN Interface to Screen Incoming Calls Configuring the Device to Reject Incoming ISDN Calls

179

182

182

182

183

183

183

184

184

187

191

191

194

197

198

198

199

200

200

200

201

202

202

206

207

208

210

211

Table of Contents

 

Disabling Dialing Out Through Dialer Interfaces Disabling ISDN Signaling Verifying the ISDN Configuration Displaying the ISDN Status Verifying an ISDN BRI Interface Verifying an ISDN PRI Interface and Checking B-Channel Interface Statistics Checking D-Channel Interface Statistics Displaying the Status of ISDN Calls Verifying Dialer Interface Configuration

212

213

213

214

215

216

217

219

220

Chapter 8

Configuring USB Modems for Dial Backup

225

USB Modem Terms USB Modem Interface Overview Before You Begin Connecting the USB Modem to the Device's USB Port Configuring USB Modems for Dial Backup with a Configuration Editor Configuring a USB Modem Interface for Dial Backup Configuring a Dialer Interface for USB Modem Dial Backup Configuring Dial Backup for a USB Modem Connection Configuring a Dialer Filter for USB Modem Dial Backup Configuring Dialer Watch for USB Modem Dial Backup Configuring Dial-In for a USB Modem Connection Configuring PAP on Dialer Interfaces (Optional) Configuring CHAP on Dialer Interfaces (Optional)

225

226

227

227

228

228

229

233

233

235

237

238

239

Chapter 9

Configuring Link Services Interfaces

243

Link Services Terms Link Services Interfaces Overview Services Available on J-series Link Services Interface Link Services Exceptions on J-series Services Routers Multilink Bundles Overview Link Fragmentation and Interleaving Overview Compressed Real-Time Transport Protocol Overview Queuing with LFI on J-series Devices Queuing on Q0s of Constituent Links Queuing on Q2s of Constituent Links Load Balancing with LFI Configuring CoS Components with LFI Shaping Rate Scheduling Priority Buffer Size Before You Begin Configuring the Link Services Interface with Quick Configuration Configuring the Link Services Interface with a Configuration Editor Configuring MLPPP Bundles and LFI on Serial Links Configuring an MLPPP Bundle Enabling Link Fragmentation and Interleaving

243

244

245

245

246

247

248

248

249

250

250

251

251

252

252

252

253

255

255

256

258

JUNOS Software Interfaces and Routing Configuration Guide

 

Defining Classifiers and Forwarding Classes Defining and Applying Scheduler Maps Applying Shaping Rates to Interfaces Configuring MLFR FRF.15 Bundles Configuring MLFR FRF.16 Bundles Configuring CRTP Verifying the Link Services Interface Configuration Displaying Multilink Bundle Configurations Displaying Link Services CoS Configurations Verifying Link Services Interface Statistics Verifying Link Services CoS Frequently Asked Questions About the Link Services Interface Which CoS Components Are Applied to the Constituent Links? What Causes Jitter and Latency on the Multilink Bundle? Are LFI and Load Balancing Working Correctly? Why Are Packets Dropped on a PVC Between a J-series Device and Another Vendor?

259

261

265

266

269

271

273

273

274

276

278

280

280

282

282

289

Chapter 10

Configuring uPIMs as Ethernet Switches

291

Gigabit Ethernet uPIM Switch Overview Switching mode Connecting uPIMs in a Daisy-Chain Enhanced Switching Mode Link Aggregation Configuring Gigabit Ethernet uPIM Switches Verifying Gigabit Ethernet uPIM Switch Configuration Verifying Status of uPIM Switch Ports

291

292

292

292

293

294

296

296

Part 3

Configuring Routing Protocols

Chapter 11

Routing Overview

299

Routing Support On Different Device Types Routing Terms Routing Overview Networks and Subnetworks Autonomous Systems Interior and Exterior Gateway Protocols Routing Tables Forwarding Tables Dynamic and Static Routing Route Advertisements Route Aggregation RIP Overview Distance-Vector Routing Protocols Maximizing Hop Count RIP Packets

299

301

305

306

306

306

306

307

308

308

309

311

311

312

312

Table of Contents

 

Split Horizon and Poison Reverse Efficiency Techniques Limitations of Unidirectional Connectivity RIPng Overview RIPng Protocol Overview RIPng Standards RIPng Packets OSPF Overview Link-State Advertisements Role of the Designated Router Path Cost Metrics Areas and Area Border Routers Role of the Backbone Area Stub Areas and Not-So-Stubby Areas IS-IS Overview IS-IS Areas Network Entity Titles and System Identifiers IS-IS Path Selection Protocol Data Units IS-IS Hello PDU Link-State PDU Complete Sequence Number PDU Partial Sequence Number PDU BGP Overview Point-to-Point Connections BGP Messages for Session Establishment BGP Messages for Session Maintenance IBGP and EBGP Route Selection Local Preference AS Path Origin Multiple Exit Discriminator Default MED Usage Additional MED Options for Path Selection Scaling BGP for Large Networks Route Reflectors for Added Hierarchy Confederationsfor Subdivision

313

314

315

315

315

316

316

317

317

318

318

319

320

321

321

322

322

322

322

323

323

323

323

324

324

325

325

326

327

328

328

329

329

330

331

331

333

Chapter 12

Configuring Static Routes

335

Static Routing Overview Static Route Preferences Qualified Next Hops Control of Static Routes Route Retention Readvertisement Prevention Forced Rejection of Passive Route Traffic Default Properties Before You Begin Configuring Static Routes with Quick Configuration

335

336

336

336

337

337

337

337

337

338

JUNOS Software Interfaces and Routing Configuration Guide

 

Configuring Static Routes with a Configuration Editor Configuring a Basic Set of Static Routes (Required) Controlling Static Route Selection (Optional) Controlling Static Routes in the Routing and Forwarding Tables (Optional) Defining Default Behavior for All Static Routes (Optional) Verifying the Static Route Configuration Displaying the Routing Table

339

340

341

343

344

345

345

Chapter 13

Configuring a RIP Network

347

RIP Overview RIP Traffic Control with Metrics Authentication Before You Begin Configuring a RIP Network with Quick Configuration Configuring a RIP Network with a Configuration Editor Configuring a Basic RIP Network (Required) Controlling Traffic in a RIP Network (Optional) Controlling Traffic with the Incoming Metric Controlling Traffic with the Outgoing Metric Enabling Authentication for RIP Exchanges (Optional) Enabling Authentication with Plain-Text Passwords Enabling Authentication with MD5 Authentication Verifying the RIP Configuration Verifying the RIP-Enabled Interfaces Verifying the Exchange of RIP Messages Verifying Reachability of All Hosts in the RIP Network

347

348

348

348

348

350

350

353

353

355

356

356

357

358

358

359

360

Chapter 14

Configuring an OSPF Network

361

OSPF Overview Enabling OSPF OSPF Areas Path Cost Metrics OSPF Dial-on-Demand Circuits Before You Begin Configuring an OSPF Network with Quick Configuration Configuring an OSPF Network with a Configuration Editor Configuring the Router Identifier (Required) Configuring a Single-Area OSPF Network (Required) Configuring a Multiarea OSPF Network (Optional) Creating the Backbone Area Creating Additional OSPF Areas Configuring Area Border Routers Configuring Stub and Not-So-Stubby Areas (Optional) Tuning an OSPF Network for Efficient Operation Controlling Route Selection in the Forwarding Table Controlling the Cost of Individual Network Segments

361

362

362

362

362

362

363

365

365

366

367

368

368

369

370

372

372

373

Table of Contents

 

Enabling Authentication for OSPF Exchanges Controlling Designated Router Election Verifying an OSPF Configuration Verifying OSPF-Enabled Interfaces Verifying OSPF Neighbors Verifying the Number of OSPF Routes Verifying Reachability of All Hosts in an OSPF Network

374

375

376

376

377

378

379

Chapter 15

Configuring the IS-IS Protocol

381

IS-IS Overview ISO Network Addresses System Identifier Mapping Before You Begin Configuring IS-IS with a Configuration Editor Verifying IS-IS on a Services Router Displaying IS-IS Interface Configuration Displaying IS-IS Interface Configuration Detail Displaying IS-IS Adjacencies Displaying IS-IS Adjacencies in Detail

381

381

382

382

383

384

385

385

386

386

Chapter 16

Configuring BGP Sessions

389

BGP Overview BGP Peering Sessions IBGP Full Mesh Requirement Route Reflectors and Clusters BGP Confederations Before You Begin Configuring BGP Sessions with Quick Configuration Configuring BGP Sessions with a Configuration Editor Configuring Point-to-Point Peering Sessions (Required) Configuring BGP Within a Network (Required) Configuring a Route Reflector (Optional) Configuring BGP Confederations (Optional) Verifying a BGP Configuration Verifying BGP Neighbors Verifying BGP Groups Verifying BGP Summary Information Verifying Reachability of All Peers in a BGP Network

389

389

390

390

390

390

391

392

393

395

396

399

400

401

402

402

403

JUNOS Software Interfaces and Routing Configuration Guide

Part 4

Configuring Private Communications over Public Networks with MPLS

Chapter 17

Multiprotocol Label Switching Overview

407

MPLS Support On Different Device Types MPLS and VPN Terms MPLS Overview Label Switching Label-Switched Paths Label-Switching Routers Labels Label Operations Penultimate Hop Popping LSP Establishment Static LSPs Dynamic LSPs Traffic Engineering with MPLS Point-to-Multipoint LSPs Point-to-Multipoint LSP Properties Point-to-Multipoint LSP Configuration Signaling Protocols Overview Label Distribution Protocol LDP Operation LDP Messages Resource Reservation Protocol RSVP Fundamentals Bandwidth Reservation Requirement Explicit Route Objects Constrained Shortest Path First Link Coloring VPN Overview VPN Components VPN Routing Requirements VPN Routing Information VRF Instances Route Distinguishers Route Targets to Control the VRF Table Types of VPNs Layer 2 VPNs Layer 2 Circuits Layer 3 VPNs

407

408

411

411

412

412

413

413

414

414

414

415

415

415

416

417

417

417

417

417

418

418

418

419

420

420

421

421

422

422

422

423

423

423

423

424

424

Chapter 18

Enabling MPLS

425

Deleting Security Services Enabling MPLS on the Router

425

426

Table of Contents

Chapter 19

Configuring Signaling Protocols for Traffic Engineering

429

Signaling Protocol Overview LDP Signaling Protocol RSVP Signaling Protocol Before You Begin Configuring LDP and RSVP with a Configuration Editor Configuring LDP-Signaled LSPs Configuring RSVP-Signaled LSPs Verifying an MPLS Configuration Verifying an LDP-Signaled LSP Verifying LDP Neighbors Verifying LDP Sessions Verifying the Presence of LDP-Signaled LSPs Verifying Traffic Forwarding over the LDP-Signaled LSP Verifying an RSVP-Signaled LSP Verifying RSVP Neighbors Verifying RSVP Sessions Verifying the Presence of RSVP-Signaled LSPs

429

429

430

430

430

431

433

435

435

435

436

437

437

437

438

438

439

Chapter 20

Configuring Virtual Private Networks

441

VPN Configuration Overview Sample VPN Topology Basic Layer 2 VPN Configuration Basic Layer 2 Circuit Configuration Basic Layer 3 VPN Configuration Before You Begin Configuring VPNs with a Configuration Editor Configuring Interfaces Participating in a VPN Configuring Protocols Used by a VPN Configuring MPLS for VPNs Configuring a BGP Session Configuring Routing Options for VPNs Configuring an IGP and a Signaling Protocol Configuring LDP for Signaling Configuring RSVP for Signaling Configuring a Layer 2 Circuit Configuring a VPN Routing Instance Configuring a VPN Routing Policy Configuring a Routing Policy for Layer 2 VPNs Configuring a Routing Policy for Layer 3 VPNs Verifying a VPN Configuration Pinging a Layer 2 VPN Pinging a Layer 3 VPN Pinging a Layer 2 Circuit

441

442

442

442

443

444

444

445

446

447

448

449

450

450

452

453

454

456

457

460

461

462

462

462

JUNOS Software Interfaces and Routing Configuration Guide

Chapter 21

Configuring CLNS VPNs

463

CLNS Terms CLNS Overview Before You Begin Configuring CLNS with a Configuration Editor Configuring a VPN Routing Instance (Required) Configuring ES-IS Configuring IS-IS for CLNS Configuring CLNS Static Routes Configuring BGP for CLNS Verifying CLNS VPN Configuration Displaying CLNS VPN Configuration

463

464

465

465

466

467

468

470

471

471

471

Part 5

Configuring Routing Policies and Stateless Firewall Filters

Chapter 22

Configuring Routing Policies

477

Routing Policies Routing Policy Overview Routing Policy Terms Default and Final Actions Applying Routing Policies Routing Policy Match Conditions Routing Policy Actions Before You Begin Configuring a Routing Policy with a Configuration Editor Configuring the Policy Name (Required) Configuring a Policy Term (Required) Rejecting Known Invalid Routes (Optional) Injecting OSPF Routes into the BGP Routing Table (Optional) Grouping Source and Destination Prefixes in a Forwarding Class (Optional) Configuring a Policy to Prepend the AS Path (Optional) Configuring Damping Parameters (Optional)

477

477

478

478

478

478

480

482

482

483

483

484

486

488

489

492

Chapter 23

Configuring Stateless Firewall Filters (ACLs)

497

Stateless Firewall Filter Support On Different Device Types Stateless Firewall Filters Stateless Firewall Filter Overview Stateless Firewall Filter Terms Chained Stateless Firewall Filters Planning a Stateless Firewall Filter Stateless Firewall Filter Match Conditions Stateless Firewall Filter Actions and Action Modifiers Before You Begin

497

498

498

498

498

499

499

503

504

Table of Contents

 

Configuring a Stateless Firewall Filter with a Configuration Editor Stateless Firewall Filter Strategies Strategy for a Typical Stateless Firewall Filter Strategy for Handling Packet Fragments Configuring a Routing Engine Firewall Filter for Services and Protocols from Trusted Sources Configuring a Routing Engine Firewall Filter to Protect Against TCP and ICMP Floods Configuring a Routing Engine Firewall Filter to Handle Fragments Applying a Stateless Firewall Filter to an Interface Verifying Stateless Firewall Filter Configuration Displaying Stateless Firewall Filter Configurations Displaying Stateless Firewall Filter Logs Displaying Firewall Filter Statistics Verifying a Services, Protocols, and Trusted Sources Firewall Filter Verifying a TCP and ICMP Flood Firewall Filter Verifying a Firewall Filter That Handles Fragments

504

504

504

505

505

508

513

517

518

518

521

522

523

523

524

Part 6

Configuring Class of Service

Chapter 24

Class-of-Service Overview

529

CoS Support on Different Device Types CoS Terms Benefits of CoS CoS Across the Network JUNOS CoS Components Code-Point Aliases Classifiers Behavior Aggregate Classifiers Multifield Classifiers Forwarding Classes Loss Priorities Forwarding Policy Options Transmission Queues Schedulers Transmit Rate Delay Buffer Size Scheduling Priority Shaping Rate RED Drop Profiles Default Drop Profiles Virtual Channels Policers for Traffic Classes Rewrite Rules How CoS Components Work CoS Process on Incoming Packets CoS Process on Outgoing Packets

530

531

532

533

533

534

534

534

535

536

537

538

538

538

539

539

540

540

540

541

541

542

542

542

543

543

JUNOS Software Interfaces and Routing Configuration Guide

 

Default CoS Settings Default CoS Values and Aliases Forwarding Class Queue Assignments Scheduler Settings Default Behavior Aggregate Classifiers Defining BA Classifiers Applying a BA Classifier to a Logical Interface CoS Value Rewrites Sample Behavior Aggregate Classification Transmission Scheduling CoS Queuing for Tunnels Benefits of CoS Queuing on Tunnel Interfaces How CoS Queuing Works Limitations on CoS Shapers for Tunnel Interfaces

543

544

547

548

548

550

550

551

551

552

553

554

554

555

Chapter 25

Configuring Class of Service

557

Before You Begin Configuring CoS with Quick Configuration Defining CoS Components Defining CoS Value Aliases Defining Forwarding Classes Defining Classifiers Defining Rewrite Rules Defining Schedulers Defining Virtual Channel Groups Assigning CoS Components to Interfaces Configuring CoS Components with a Configuration Editor Configuring a Policer for a Firewall Filter Configuring and Applying a Firewall Filter for a Multifield Classifier Assigning Forwarding Classes to Output Queues Configuring Forwarding Classes Assigning a Forwarding Class to an Interface Example: Configuring Up to Eight Forwarding Classes Configuring and Applying Rewrite Rules Configuring and Applying Behavior Aggregate Classifiers Example: Defining Aliases for Bits Configuring RED Drop Profiles for Congestion Control Example: Configuring RED Drop Profiles Configuring Schedulers Example: Configuring Priority Scheduling Configuring and Applying Scheduler Maps Scheduler Maps: Sample Configuration Schedulers: Sample Configuration Configuring and Applying Virtual Channels Configuring and Applying Adaptive Shaping for Frame Relay Configuring CoS Queuing for Tunnels with a Configuration Editor Configuring CoS for GRE Tunnels Preserving the ToS Value of a Tunneled Packet Configuring Strict High Priority for Queuing with a Configuration Editor

557

558

558

560

562

564

566

568

574

576

579

580

581

584

586

586

587

591

594

598

600

602

603

606

607

610

610

611

615

616

617

619

620

Table of Contents

 

Configuring Large Delay Buffers with a Configuration Editor Maximum Delay Buffer Sizes Available to Interfaces Delay Buffer Size Allocation Methods Specifying Delay Buffer Sizes for Queues Configuring a Large Delay Buffer on a Channelized T1 interface Verifying a CoS Configuration Verifying Multicast Session Announcements Verifying a Virtual Channel Configuration Verifying a Virtual Channel Group Configuration Verifying an Adaptive Shaper Configuration Displaying CoS Tunnel Configurations Verifying a CoS GRE Tunnel Queuing Configuration Verifying a CoS IP-IP Tunnel Configuration

627

627

628

629

630

632

632

632

633

633

633

634

636

Part 7

Index

Index

639

JUNOS Software Interfaces and Routing Configuration Guide

About This Guide

This preface provides the following guidelines for using the JUNOS Software Interfaces and Routing Configuration Guide:

Objectives on page xxv

Audience on page xxv

Supported Routing Platforms on page xxvi

How to Use This Manual on page xxvi

Document Conventions on page xxviii

JUNOS Software Documentation for J-series Services Routers and SRX-series Services Gateways on page xxx

Documentation Feedback on page xxxi

Requesting Technical Support on page xxxii

Objectives

This guide contains instructions for configuring the J-series and SRX-series interfaces for basic IP routing with standard routing protocols. It also shows how to create backup ISDN interfaces, configure digital subscriber line (DSL) connections and link services, create stateless firewall filtersalso known as access control lists (ACLs)and configure class-of-service (CoS) traffic classification.

and configure class-of-service (CoS) traffic classification. NOTE: This manual documents Release 9.2 of JUNOS software.

NOTE: This manual documents Release 9.2 of JUNOS software. For additional informationeither corrections to or information that might have been omitted from this manual see the JUNOS Software with Enhanced Services Release Notes or JUNOS Software for SRX-series Services Gateways Release Notes at http://www.juniper.net.

Audience

This manual is designed for anyone who installs, sets up, configures, monitors, or administers a J-series Services Router running JUNOS software with enhanced services or an SRX-series services gateway running JUNOS software. The manual is intended for the following audiences:

Customers with technical knowledge of and experience with networks and network security, the Internet, and Internet routing protocols

Network administrators who install, configure, and manage Internet routers

JUNOS Software Interfaces and Routing Configuration Guide

Personnel operating the equipment must be trained and competent; must not conduct themselves in a careless, willfully negligent, or hostile manner; and must abide by the instructions provided by the documentation.

Supported Routing Platforms

This manual describes features supported on J-series Services Routers running JUNOS software with enhanced services and SRX-series services gateways running JUNOS software.

How to Use This Manual

This manual and the other manuals in this set explain how to install, configure, and manage:

JUNOS software with enhanced services for J-series Services Routers

JUNOS software for SRX-series services gateways

Table 1 on page xxvi identifies the tasks required to configure and manage these devices and shows where to find task information and instructions.

For an annotated list of the documentation referred to in Table 1 on page xxvi, see JUNOS Software Documentation for J-series Services Routers and SRX-series Services Gatewayson page xxx. All documents are available at http://www.juniper.net/techpubs/.

Table 1: Tasks and Related Documentation

Task

Related Documentation

Basic Device Installation and Setup

Reviewing safety warnings and compliance statements

Installing hardware and establishing basic connectivity

Initially setting up a device

J-series Services Routers:

JUNOS Software with Enhanced Services Quick Start

JUNOS Software with Enhanced Services Hardware Guide

JUNOS Software with Enhanced Services Release Notes

SRX-series services gateways:

SRX 5600 Services Gateway Getting Started Guide

SRX 5800 Services Gateway Getting Started Guide

Migration from ScreenOS or JUNOS Software to JUNOS Software with Enhanced Services (if necessary)

Migrating from JUNOS Release 8.3 or later to JUNOS software with enhanced services

Migrating from ScreenOS Release 5.4 or later JUNOS software with enhanced services

Context Changing to Secure Context or Router Context

Changing the device from one context to another and understanding the factory default settings

JUNOS Software with Enhanced Services Migration Guide (J-series Services Routers only)

JUNOS Software Administration Guide

Table 1: Tasks and Related Documentation (continued)

About This Guide

Task

Related Documentation

Interface Configuration

Configuring device interfaces

Deployment Planning and Configuration

Understanding and gathering information required to design network firewalls and IPsec VPNs

Implementing a JUNOS software with enhanced services firewall from a sample scenario

Implementing a policy-based IPsec VPN from a sample scenario

Security Configuration

Configuring and managing the following security services:

Stateful firewall policies

Zones and their interfaces and address books

IPsec VPNs

Firewall screens

Interface modes: Network Address Translation (NAT) mode and Router mode

Public Key Cryptography (PKI)

Application Layer Gateways (ALGs)

Chassis clusters

Intrusion Detection and Prevention (IDP)

Routing Protocols and Services Configuration

Configuring routing protocols, including static routes and the dynamic routing protocols RIP, OSPF, BGP, and IS-IS

Configuring class-of-service (CoS) features, including traffic shaping and policing

Configuring packet-based stateless firewall filters (access control lists) to control access and limit traffic rates

Configuring MPLS to control network traffic patterns

WAN Acceleration Module Installation (Optional)

Installing and initially configuring a WXC Integrated Services Module (ISM 200)

User and System Administration

JUNOS Software Interfaces and Routing Configuration Guide

JUNOS Software CLI Reference

JUNOS Software with Enhanced Services Design and Implementation Guide (J-series Services Routers only)

JUNOS Software Security Configuration Guide

JUNOS Software CLI Reference

JUNOS Software Interfaces and Routing Configuration Guide

JUNOS Software CLI Reference

WXC Integrated Services Module Installation and Configuration Guide (J-series Services Routers only)

JUNOS Software Interfaces and Routing Configuration Guide

Table 1: Tasks and Related Documentation (continued)

Task

Related Documentation

Administering user authentication and access JUNOS Software Administration Guide

Monitoring the device, routing protocols, and routing operations

Configuring and monitoring system alarms and events, real-time performance (RPM) probes, and performance

Monitoring the firewall and other security-related services

Managing system log files

Upgrading software

Diagnosing common problems

User Interfaces

Understanding and using the J-Web interface

Understanding and using the CLI configuration editor

Document Conventions

JUNOS Software with Enhanced Services Quick Start (J-series Services Routers only)

JUNOS Software Administration Guide

Table 2 on page xxviii defines the notice icons used in this guide.

Table 2: Notice Icons

Icon

Meaning

Description

guide. Table 2: Notice Icons Icon Meaning Description Informational note Caution Warning Laser warning Indicates

Informational note

CautionNotice Icons Icon Meaning Description Informational note Warning Laser warning Indicates important features or

WarningIcon Meaning Description Informational note Caution Laser warning Indicates important features or instructions.

Laser warningMeaning Description Informational note Caution Warning Indicates important features or instructions. Indicates a

Indicates important features or instructions.

Indicates a situation that might result in loss of data or hardware damage.

Alerts you to the risk of personal injury or death.

Alerts you to the risk of personal injury from a laser.

Table 3 on page xxviii defines the text and syntax conventions used in this guide.

Table 3: Text and Syntax Conventions

Convention

Description

Examples

Bold text like this

Represents text that you type.

To enter configuration mode, type the

configure command:

user@host> configure

Table 3: Text and Syntax Conventions (continued)

About This Guide

Convention

Description

Examples

Fixed-width text like this

Italic text like this

Represents output that appears on the terminal screen.

Introduces important new terms.

Identifies book names.

Identifies RFC and Internet draft titles.

Italic text like this

Represents variables (options for which you substitute a value) in commands or configuration statements.

Plain text like this

Represents names of configuration statements, commands, files, and directories; IP addresses; configuration hierarchy levels; or labels on routing platform components.

< > (angle brackets)

Enclose optional keywords or variables.

| (pipe symbol)

Indicates a choice between the mutually exclusive keywords or variables on either side of the symbol. The set of choices is often enclosed in parentheses for clarity.

# (pound sign)

Indicates a comment specified on the same line as the configuration statement to which it applies.

[ ] (square brackets)

Enclose a variable for which you can substitute one or more values.

Indention and braces ( { } )

Identify a level in the configuration hierarchy.

; (semicolon)

Identifies a leaf statement at a configuration hierarchy level.

J-Web GUI Conventions

Bold text like this

Represents J-Web graphical user interface (GUI) items you click or select.

user@host> show chassis alarms No alarms currently active

A policy term is a named structure that defines match conditions and actions.

JUNOS System Basics Configuration Guide

RFC 1997, BGP Communities Attribute

Configure the machines domain name:

[edit] root@# set system domain-name domain-name

To configure a stub area, include the stub statement at the [edit

protocols ospf area area-id]

hierarchy level.

The console port is labeled

CONSOLE.

stub <default-metric metric>;

broadcast | multicast

(string1 | string2 | string3)

rsvp { # Required for dynamic MPLS only

community name members [ community-ids ]

[edit] routing-options { static { route default { nexthop address; retain;

}

}

}

In the Logical Interfaces box, select All Interfaces.

To cancel the configuration, click Cancel.

JUNOS Software Interfaces and Routing Configuration Guide

Table 3: Text and Syntax Conventions (continued)

Convention

Description

Examples

> (bold right angle bracket)

Separates levels in a hierarchy of J-Web selections.

In the configuration editor hierarchy, select Protocols>Ospf.

JUNOS Software Documentation for J-series Services Routers and SRX-series Services Gateways

Table 4 on page xxx lists the software manuals and release notes for J-series Services Routers running JUNOS software with enhanced services and SRX-series services gateways running JUNOS software.

All documents are available at http://www.juniper.net/techpubs/.

Table 4: JUNOS Software Documentation for J-series Services Routers and SRX-series Services Gateways

Book

Description

All Platforms

JUNOS Software Interfaces and Routing Configuration Guide

JUNOS Software Security Configuration Guide

JUNOS Software Administration Guide

JUNOS Software CLI Reference

JUNOS Network Management Configuration Guide

JUNOS System Log Messages Reference

Explains how to configure J-series and SRX-series interfaces for basic IP routing with standard routing protocols, ISDN service, firewall filters (access control lists), and class-of-service (CoS) traffic classification.

Explains how to configure and manage J-series and SRX-series security services such as stateful firewall policies, IPsec VPNs, firewall screens, Network Address Translation (NAT), Public Key Cryptography, chassis clusters, Application Layer Gateways (ALGs), and Intrusion Detection and Prevention (IDP).

Shows how to monitor J-series and SRX-series devices and routing operations, firewall and security services, system alarms and events, and network performance. This guide also shows how to administer user authentication and access, upgrade software, and diagnose common problems.

Provides the complete configuration hierarchy available on J-series and SRX-series devices. This guide also describes the configuration statements and operational mode commands unique to these devices.

Describes enterprise-specific MIBs for JUNOS software. The information in this guide is applicable to M-series, T-series, EX-series, J-series, and SRX-series devices.

Describes how to access and interpret system log messages generated by JUNOS software modules and provides a reference page for each message. The information in this guide is applicable to M-series, T-series, EX-series, J-series, and SRX-series devices.

About This Guide

Table 4: JUNOS Software Documentation for J-series Services Routers and SRX-series Services Gateways (continued)

Book

Description

J-series Services Routers Only

JUNOS Software with Enhanced Services Design and Implementation Guide

JUNOS Software with Enhanced Services Quick Start

JUNOS Software with Enhanced Services Hardware Guide

JUNOS Software with Enhanced Services Migration Guide

WXC Integrated Services Module Installation and Configuration Guide

JUNOS Software with Enhanced Services Release Notes

SRX-series Services Gateways Only

JUNOS Software for SRX-series Services Gateway Release Notes

Documentation Feedback

Provides guidelines and examples for designing and implementing IPsec VPNs, firewalls, and routing on J-series Services Routers running JUNOS software with enhanced services.

Explains how to quickly set up a J-series Services Router. This document contains router declarations of conformity.

Provides an overview, basic instructions, and specifications for J-series Services Routers. This guide explains how to prepare a site, unpack and install the router, replace router hardware, and establish basic router connectivity. This guide contains hardware descriptions and specifications.

Provides instructions for migrating an SSG device running ScreenOS software or a J-series Services Router running the JUNOS software to JUNOS software with enhanced services.

Explains how to install and initially configure a WXC Integrated Services Module in a J-series Services Router for application acceleration.

Summarizes new features and known problems for a particular release of JUNOS software with enhanced services on J-series Services Routers, including J-Web interface features and problems. The release notes also contain corrections and updates to the manuals and software upgrade and downgrade instructions for JUNOS software with enhanced services.

Summarizes new features and known problems for a particular release of JUNOS software on SRX-series services gateways, including J-Web interface features and problems. The release notes also contain corrections and updates to the manuals and software upgrade and downgrade.

We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to techpubs-comments@juniper.net, or fill out the documentation feedback form at

to include the following information with your comments:

Document name

Document part number

JUNOS Software Interfaces and Routing Configuration Guide

Page number

Software release version (not required for Network Operations Guides [NOGs])

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need postsales technical support, you can access our tools and resources online or open a case with JTAC.

JTAC policiesFor a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at

Product warranties For product warranty information, visit

JTAC Hours of Operation The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features:

Search for known bugs: http://www2.juniper.net/kb/

Find product documentation: http://www.juniper.net/techpubs/

Find solutions and answer questions using our Knowledge Base:

Download the latest versions of software and review release notes:

Search technical bulletins for relevant hardware and software notifications:

Join and participate in the Juniper Networks Community Forum:

Open a case online in the CSC Case Manager: http://www.juniper.net/cm/

To verify service entitlement by product serial number, use our Serial Number

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

Use the Case Manager tool in the CSC at http://www.juniper.net/cm/ .

Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

About This Guide

For international or direct-dial options in countries without toll-free numbers, visit

JUNOS Software Interfaces and Routing Configuration Guide

Part 1

Support Overview for Interface and Routing Features

Support for Interface and Routing Features on Different Device Types on page 3

JUNOS Software Interfaces and Routing Configuration Guide

Chapter 1

Support for Interface and Routing Features on Different Device Types

The following tables list features that are documented in this guide and specifies the devices on which each of these features is supported.

Table 5: Support Information: Interfaces

Feature

J-series

SRX-series

More Information

Services

Services

Routers

Gateways

Asymmetric digital subscriber line (ADSL) interface

Yes

No

ADSL Interface

 

Overview on page 43

Channelized E1 interface

Yes

No

Channelized T1/E1/ISDN PRI

 

Interfaces Overviewon page 32

Channelized ISDN PRI interface

Yes

No

Channelized T1/E1/ISDN PRI

 

Interfaces Overviewon page 32

Channelized T1 interface

Yes

No

Channelized T1/E1/ISDN PRI

 

Interfaces Overviewon page 32

Class-of-service support interface

Yes

No

Special Interfaces on page 67

Discard interface

Yes

No

Discard Interface on page 70

Ethernet interface

Yes

Yes

Ethernet Interface

 

Overview on page 24

E1 interface

Yes

No

E1 Overview on page 29

E3 interface

Yes

No

T3 and E3 Interfaces

 

Overview on page 32

Fast Ethernet interface

Yes

No

Interfaces Terms on page 13

Generic routing encapsulation (GRE) interface

Yes

No

Special Interfaces on page 67

Gigabit Ethernet interface

Yes

Yes

Interfaces Terms on page 13

Internally configured interface used by the system Yes as a control path between the WXC Integrated Services Module and the Routing Engine

No

Special Interfaces on page 67

JUNOS Software Interfaces and Routing Configuration Guide

Table 5: Support Information: Interfaces (continued)

Feature

J-series

SRX-series

More Information

Services

Services

Routers

Gateways

Internally generated GRE interface

Yes

No

Special Interfaces on page 67

Internally generated link services interface

Yes

No

Special Interfaces on page 67

Internally generated IP-over-IP interface

Yes

No

Special Interfaces on page 67

Internally generated multicast tunnel interface

Yes

No

Special Interfaces on page 67

Internally generated Protocol Independent Multicast de-encapsulation interface

Yes

No

Special Interfaces on page 67

Internally generated Protocol Independent Multicast encapsulation interface

Yes

No

Special Interfaces on page 67

IP-over-IP encapsulation interface

Yes

No

Special Interfaces on page 67

ISDN interface

Yes

No

ISDN Interface

 

Overview on page 45

Link services interface

Yes

No

Services Interfaces on page 71

Loopback Interface

Yes

Yes

Loopback Interface on page 70

Management interface

Yes

Yes

Management Interfaceon page 70

Multicast tunnel interface

Yes

No

Special Interfaces on page 67

Passive monitoring interface

Yes

No

Special Interfaces on page 67

Point-to-Point Protocol over Ethernet (PPPoE) interface

Yes

No

Configuring Point-to-Point Protocol over Ethernet on page 159

Protocol Independent Multicast de-encapsulation interface

Yes

No

Special Interfaces on page 67

Protocol Independent Multicast encapsulation interface

Yes

No

Special Interfaces on page 67

Secure tunnel interface

Yes

No

Special Interfaces on page 67

Serial interface

Yes

No

Serial Interface

 

Overview on page 37

Symmetric high-speed DSL (SHDSL) interface

Yes

No

SHDSL Interface

 

Overview on page 44

T1 interface

Yes

No

T1 Overview on page 28

T3 interface

Yes

No

T3 and E3 Interfaces

 

Overview on page 32

Universal serial bus (USB) model physical interface

Yes

No

Special Interfaces on page 67

Chapter 1: Support for Interface and Routing Features on Different Device Types

Table 6: Support Information: Routing Options

 

J-series

SRX-series

Services

Services

Feature

Routers

Gateways

More Information

IPv4 options and broadcast Internet diagrams

Yes

Yes

Routing Overview on page 299

IPv6 routing, forwarding, global address configuration, and Internet Control Message Protocol (ICMP)

Yes

No

Routing Overview on page 299

Static routing

Yes

Yes

Static Routing

 

Overview on page 335

RIP v1, v2

Yes

Yes

RIP Overview on page 311

RIP next generation (RIPng)

Yes

No

RIPng Overview on page 315

OSPF v2

Yes

Yes

OSPF Overview on page 316

OSPF v3

Yes

No

OSPF Overview on page 316

IS-IS

Yes

No

IS-IS Overview on page 321

BGP

Yes

Yes

BGP Overview on page 323

BGP extensions for IPv6

Yes

No

BGP Overview on page 323

Neighbor Discovery Protocol and Secure Neighbor Discovery Protocol

Yes

No

JUNOS Routing Protocols Configuration Guide

Multiple virtual routers

Yes

Yes

JUNOS Routing Protocols Configuration Guide

Internet Group Management Protocol (IGMP)

Yes

No

JUNOS Multicast Protocols Configuration Guide

Protocol Independent Multicast (PIM)

Yes

No

JUNOS Multicast Protocols Configuration Guide

Distance Vector Multicast Routing Protocol (DVMRP)

Yes

No

JUNOS Multicast Protocols Configuration Guide

Single-source multicast

Yes

No

JUNOS Multicast Protocols Configuration Guide

Multicast Source Discovery Protocol (MSDP)

Yes

No

JUNOS Multicast Protocols Configuration Guide

Session Announcement Protocol (SAP) and Session Description

Yes