Beruflich Dokumente
Kultur Dokumente
Routing
August 2009
JNCIE-ER
* JN0-342
* 60 questions
* 70%minimum to pass
Junos :)
* lauched in 1998
* "The power of One"
- one OS
- one Release
- one Architecture
* Architecture (SW&HW)
- Control Plane
* a PC with BSD on which Junos runs
* CLI
* Routing Engine
- routing protocols -> routing table -> forwarding table
- one ore more real-time OS threads
- main objective: generate FT and send it to the PFE
- Forwarding Plane
* Packet Forwarding Engine
- basiclly Hight Performance Swich
- based on ASICs
- haz a copy of the forwarding table
- the Control Plane had daemons
- "devide & conquer": modularity
* J-Series
- same model as M and T series
- runs real-time BSD kernel
- emulates everything:
- RE
- PFE
- Services
* Routing platforms:
- M,T,MX series
- J series
* Security platforms
- SRX Series
- J Series
* Switching platforms:
- EX3200, EX4200
- EX8200
* M-Series
- Hardware-based forwarding
- IA-32 microprocesor
* Terminology
- RE: Routing Engine
- CB: Control Board
- PFE: Packet Forwarding Engine
- FPC: Flexible PIC Concentrator
- cFPC: compact FPC
- PIC: Physical Interface Card
- PIM: Physical Interface Module
- FEB: Fordarding Engine Board
* M7i
- 7 = Gbps half duplex throughput
- out of band Ethernet interface: just for management
* M10i
- 2*REs
- 2*CFEBs
* Interface naming
MM-F/P/T
MM=Media type (e1,fe,ge,se,t1,t3)
F = FPC slot
P = PIC
T = port number
* Network Management
User interface
- CLI
- J-Web
Solutions
something Scope
-SNMP
* Getting in
- JWeb
- CLI
* from console
* from telnet/ssh
- Dedicated Ethernet port
* M series fxp0
* EX Series me0
* User Authentification
- local database
* name & password
* individual accounts and home dir
* Authentication order
(c) authentication-order radius tacplus password
* Configurations
- Active configuration
(c) configure
- Candidate configuration
(c) commit
- rollback 0 = Active
- 1-49 backup active configs
(c) rollback X
backup X become candidate config
- (c) configure private - each user gets a candidate
* Junos CLI
- Operational mode
* monitor and troubleshoot (ping&palls)
* user@router>
- Configuration mode
* user@router#
- if you login as root, you get in the unix shell
* (c) cli
- EMACS style
* ctrl+b
* ctrl+a
* ctrl+f
- spacebar completes
- ? shows posibilites
- help ~= man in UNIX
- help refernce = examples of configs
- | pipe
- match ~= grep in UNIX
- edit ~= cd in the command hierarchie
- up ~= cd ..
- top ~= cd /
- up N = N levels up
- comparing
(c) show [something] | compare rollback [N]
(c) file FILE compare FILE2
- rename, replace, copy
(c) rename interfaces ge-0/0/10 to ge-0/0/11
(c) replace pattern ge-0/0/10 with ge-0/0/11
(c) copy
- commiting
(c) commit
(c) commit check = check without commit
(c) commit confirmed = temp commit to active
(c) commit at
(c) commit comment
- save
(c) save FILENAME
- run ~= IOS's do
(c) run ping ...
* J-Web GUI
- quick configuration wizards
- configuration mainanance
- system monitoring
- manipulate files
- install packets
- install licences
* gracefull shutdown
(c) request system halt
(w) Manage -> Reboot
* Autoinstalation
- adress acquisition (DHCP, RARP, SLARP)
- files and config (TFTP, FTP)
(c) show system autoinstalation
* Factory default
- doesn't load with a root password
(c) load factory-default
(c) set system autoinstalation interfaces/configuration-server
- DHCP server mode on built-in Einterfaces only
* stop/restart autoinstall
(ch) request system autoinstalation stop
(ch) restart autoinstalation
- hidden commands: sensitive
* Interface config
MM-F/P/T
F = pim slot number
P = virtual PIM number (set to 0 for Jseries)
T = port number
- logical units = cisco's subinterfaces
- PPP and HDLC don't suport units...only has unit 0
- multiple IP addressesd on logical units
- Phsysical properties
* clocking
* crambling
* FCS
* MTU
* data link protocols, keepalives
* diagnostic charateristics
- Logical properties
* protocol family: inet, inet6, iso, mpls
* Family MTU
* Addesses (ipv6,ipv4, net)
* Interfaces on J-Web
(w) Configuration -> Quick Configuration -> Interfaces
* Interfaces on CLI
- disable
- detele disable
- deactivate: comment line in config
* Interface Groups
(c) show groups
* Monitoring Interfaces
(w) Monitor -> Interfaces
(c) monitor interface
* restart Card
(c) request chassis fpc restart
* Monitor trafic
(c) monitor traffic
* Trace ~= debug
* file keyword
- filename, facility, archive
* Trace
(c) show log FILENAME
(c) montor start FILENAME ~=tail -f
(c) monitor stop / Esc+q to suspent montor start
(c) clear log FILENAME
* License Management
- no licence=feature will work, but with messages and no support
* File System
/ root
/config first 3 rollbacks
/var/db/config rollback 4-49
/var/tmp
* System cleanup
(w) Manage -> Files
(c) file delete
(c) request system software delete-backup
* Password recovery
- spacebar on boot
- boot -s to boot in sigle-user mode
(c) recovery
- protocols:
* Direct (~=connected)
* Local
* Static
* RIP
* OSPF
* Routing policy
- what does in or out to/from the RT
- Import policy Neighbor -> RT
- Export policy RT->Neighbor
-
* route filter
(c) router-filter [dest-prefix] [match-type] [actions]
* exact
* orlonger
* longer
* upto
* prefix-lenght-range /x-/y
- longest match matches first if more route-filters
*THIS IS IMPORTANT!
* RIP
* default policy is reject
- doesn't send anything, doesn't accept anything
* VRRP:
- Master and Backup Routers
- Virtual router has the VIP address
- higher priority is better
- muticast on 224.0.0.18
- keepalive every 1sec
- preemption is optional
* DHCP
- Server, Client. Relay, Binding
* Adjanceny Formation
- down
- 2Way
- ExStart
- Exchange
- Loading
- Full
* LSA Types
- Type 1 - Router LSA
* one per router in an area
* the router describes himselv to the area
- Type 2 - Network LSA
* when a DR is elected
- Type 3 and 4 - Summary Links
* generated by the ABR
- Type 5 - External LSA
* generated by the ASBR
- Type 7 - NSSA External Links
* generated by the ASBR
* Layer 2 services
- MLPPP
- MLFR
- CRTP
* Layer 3 services
- NAT/PAT
- Statefull firewall
- IPSec VPN
- Intrusion Detection
* Servies provided by
- AS PIC
(c) chassis fpc
- AS Module (M7i)
- JSeries software proceses
- Link Services PIC
- Tunnel PIC
* MLPPP
- Multi Link PPP
- crates virtual links
- loadlancing
(c) interfaces ls-0/0/0