BD Link IIG LLD v1.0

Low Level Design IIG
(BD Link Communication Ltd.)
Version 1.0
CO-CONFIDENTIAL
-1-
BD Link IIG Low Level Design
Document Title
Customer: Title: Document Name: BD Link Communication Ltd. Low Level Design IIG Low Level Design IIG v1.0
Document Control
Author(s), quality control and client sign-off Company Author(s): Review And Verification : Gazi Communications Gazi Communications Name Aziz Uddin Mahmud Md. Imdadul Islam Swapan Gupta Md. Wahid Uz Zaman Signature
Release
Version
1.0
Date Released
18.10.2012
Change Notice
N/A
Pages Affected
N/A
Remarks/Changes
1st Release
Distribution List
Copy Number 01 02 03 Name BD LINKTeam GAZI Technical Team GAZI Project Repository
CO-CONFIDENTIAL
-2-
Page 2
Copyright and other intellectual property rights Copyright and other Intellectual property rights in any original programs, specifications, reports or other items arising in the course of, or resulting from the project shall remain the property of Gazi Communication although BD LINK shall have a non-exclusive and non-transferable license to all such items for its own purposes. Nothing in this agreement shall enable either party to make use of any intellectual property rights vested in the other party prior to the commencement of this assignment.
CO-CONFIDENTIAL
-3-
Page 3
Contents
1. 2. Executive Summary.............................................................................................................. 7 Proposed Design Overview .................................................................................................. 8 2.1. Design Summary .......................................................................................................... 9 2.2. Solution Detail ............................................................................................................ 10 2.2.1. Logical Topology......................................................................................................... 11 2.2.2. BGP Routing Topology ............................................................................................... 13 2.2.3. OSPF Routing Topology ............................................................................................. 15 2.2.4. Dhaka Main POP Design (Phase -1 Deployment)........................................................ 17 Device Naming, Port Connectivity & IP Addressing ......................................................... 19 3.1. Devices Naming Convention ....................................................................................... 19 3.2. Physical Connectivity Mapping & IP Addressing .......................................................... 20 Device Configuration .......................................................................................................... 21 4.1. Initial JONOS Configuration ........................................................................................ 21 4.1.1. Login via Console ....................................................................................................... 21 4.1.2. Set Root Password ..................................................................................................... 21 4.1.3. Enable System Services ............................................................................................. 22 4.1.4. Configuring Local username ....................................................................................... 22 4.2. Dhaka Core Router -1 Configuration ........................................................................... 22 4.2.1. System Basic Configuration ........................................................................................ 22 4.2.2. Management Interface Configuration .......................................................................... 23 4.2.3. Chassis Configuration ................................................................................................. 23 4.2.4. Interface Configuration ................................................................................................ 23 4.2.5. OSPF Configuration .................................................................................................... 24 4.2.6. BGP Configuration ...................................................................................................... 25 4.2.7. Sample RE filter Configuration .................................................................................... 25 4.2.8. SNMP Configuration ................................................................................................... 27 4.3. Dhaka Core Router -2 Configuration ........................................................................... 28 4.3.1. System Basic Configuration ........................................................................................ 28 4.3.2. Management Interface Configuration .......................................................................... 28 4.3.3. Chassis Configuration ................................................................................................. 28 4.3.4. Interface Configuration ................................................................................................ 29 4.3.5. OSPF Configuration .................................................................................................... 30 4.3.6. BGP Configuration ...................................................................................................... 31 4.3.7. Sample RE filter Configuration .................................................................................... 31 4.3.8. SNMP Configuration ................................................................................................... 33 4.4. Dhaka Aggregation Router -1 Configuration ................................................................ 34
-4BD Link IIG Low Level Design
3.
4.
CO-CONFIDENTIAL
Page 4
4.4.1. System Basic Configuration ........................................................................................ 34 4.4.2. Management Interface Configuration .......................................................................... 34 4.4.3. Chassis Configuration ................................................................................................. 34 4.4.4. Interface Configuration ................................................................................................ 35 4.4.5. OSPF Configuration .................................................................................................... 36 4.4.6. BGP Configuration ...................................................................................................... 37 4.4.7. Bandwidth Configuration ............................................................................................. 37 4.4.8. Sample RE filter Configuration .................................................................................... 37 4.4.9. SNMP Configuration ................................................................................................... 39 4.5. Dhaka Aggregation Router -2 Configuration ................................................................ 39 4.5.1. System Basic Configuration ........................................................................................ 39 4.5.2. Management Interface Configuration .......................................................................... 40 4.5.3. Chassis Configuration ................................................................................................. 40 4.5.4. Interface Configuration ................................................................................................ 41 4.5.5. OSPF Configuration .................................................................................................... 42 4.5.6. BGP Configuration ...................................................................................................... 42 4.5.7. Sample Bandwidth Configuration ................................................................................ 43 4.5.8. Sample RE filter Configuration .................................................................................... 43 4.5.9. SNMP Configuration ................................................................................................... 45 4.6. Dhaka Data Center Switch-1 Configuration ................................................................. 45 4.6.1. System Basic Configuration ........................................................................................ 45 4.6.2. VLAN &Trunk Configuration ........................................................................................ 46 4.6.3. SNMP Configuration ................................................................................................... 51 4.7. Dhaka Data Center Switch-2 Configuration ................................................................. 51 4.7.1. System Basic Configuration ........................................................................................ 51 4.7.2. VLAN &Trunk Configuration ........................................................................................ 52 4.7.3. SNMP Configuration ................................................................................................... 57 4.8. IDP Configuration ....................................................................................................... 58 4.8.1. OS Up gradation through CLI ...................................................................................... 58 4.8.2. System Basic Configuration through Web GUI (ACM) ................................................. 58 4.8.3. NSM Server Configuration .......................................................................................... 58 4.8.3.1. REDHAT 5 OS Installation ................................................................................. 58 4.8.3.2. NSM server 2010.4 OS Installation ..................................................................... 59 4.8.3.3. NSM client Installation for configuration the NSM server ...................................... 59 4.8.3.4. IDP device adding into NSM server ..................................................................... 59 4.8.3.5. Policy implementation ......................................................................................... 63 4.8.3.6. Log view and reporting, custom report generation ................................................ 67 4.9. DC Firewall 1 & 2 Configuration .................................................................................. 70 4.9.1. OS Upgrade................................................................................................................ 70 4.9.2. System Basic Configuration ........................................................................................ 70 4.9.3. Interface Configuration ................................................................................................ 71
CO-CONFIDENTIAL -5BD Link IIG Low Level Design
Page 5
4.9.4. HA Configuration ........................................................................................................ 73 4.9.5. Security Policy Configuration ...................................................................................... 74 5. LLD v 1.0 Signoff ................................................................................................................ 76
CO-CONFIDENTIAL
-6-
Page 6
1. Executive Summary
Government of Bangladesh has taken initiative to increase the penetration rate of Internet usage; as a result its legal entity BTRC issued new IIG licenses to qualified Service Provider. BD LINK Communication Limited has been awarded a license to provide International Internet Gateway (IIG) services for ISPs and Broadband Wireless Access providers (BWAs). IIG will serve as an Internet Exchange for routing International Incoming and Outgoing Internet based data traffic. The Exchange will be connected with the existing Submarine cable as main link and with Satellite Earth Station / VSAT as backup until another ILDC is available. All ISPs shall be connected to global Internet through IIGs. IIG licensee will arrange both ILDC and bandwidth and Satellite bandwidth. The licensee may arrange ILDC bandwidth from tier-1 overseas service provider after taking prior permission from the commission. BD LINK has the vision to become the preferred partner for all ISPs and BWAs in Bangladesh. To fulfil its requirement of pioneering the IIG market BD LINK selected the best IP Network Equipment Vendor Juniper Network with state of art technology and solution. Gazi Communication limited is the only Elite partner of Juniper Network in Bangladesh will help BD LINK in building its IIG solution with Equipment and Solution from Juniper with its world class inhouse resources. Gazi Communication will provide design and implementation service to BD LINK to build an IIG based on Industry best practices. Juniper Network offers devices that provide innovative features and functionality and offer massive scalability. The proposed solution from Juniper, combine cost containment and scalability. Juniper Series Routers offer service providers industry-leading performance, service capabilities, reliability, and efficiencies in a compact form factor.
CO-CONFIDENTIAL
-7-
Page 7
2. Proposed Design Overview
CO-CONFIDENTIAL
-8-
Page 8
2.1.
Design Summary
There will be data Centre at Dhaka and will also be acting as the primary International internet gateway site. WAN network will be three layer architecture i.e. Core, Aggregation & Access. WAN network will be enabled with OSPF hierarchical protocol. There will be no single point of failure in data Centre network. Core routers will run EBGP session with Upstream Provider. In the Internet Gateway layer redundant routers has been considered for 1 + 1 box redundancy. Each Core/Internet gateway router has been dimensioned with redundant power supply. Upstream connectivity with tier-1 ISPs will be in STM-1. Downstream connectivity with Aggregation router will be on GE. Aggregation routers will aggregate all the traffic from the domestic ISPs and will pass it to Internet gateway Routers. In the Aggregation layer redundant routers has been considered for 1 + 1 box level redundancy. Each aggregation router has been dimensioned with redundant power supply. Downstream connectivity with Access switches will be on GE. Core routers will have connectivity with BTRC and NMC/LEA. Access switches will be connected to both Aggregation routers through dual uplink GE ports for uplink redundancy. ISPs will be connected to Aggregation Routers or access switches. ISPs will be connected to TX/FX ports.
CO-CONFIDENTIAL
-9-
Page 9
2.2.
Solution Detail
As per guideline from the authority IIG will be connected to the Global Internet through existing Submarine cable as the main link and they can have backup connectivity through VSAT. It will connect all ISPs through its distribution network initially from Dhaka and will expand as per demand and regularity requirement. The related information and assumptions considered for design are as follows: BD LINK will install one single PoP (Main PoP) with device level redundancy at Gateway and Aggregation level and will be located at Dhaka. BD LINK will connect to one upstream provider initially and will go for redundant link, provision for link level should be considered in the design. There will be one DPI to filter traffic as per regularity requirement and also based on BD LINK policy. This design will consider two types of PoPs; one for distribution only which means to connect ISPs to the main PoP and other type is with Gateway and DPI services to ensure redundancy. BD LINK will make rollout plan considering business justification and customer & regularity requirement. This design will emphasize on Main PoP deployment and its related configuration and also considering scalability to accommodate future growth of new gateway and distribution network.
CO-CONFIDENTIAL
- 10 -
Page 10
2.2.1. Logical Topology
The above topology diagram considers the full deployment of BD LINK IIG. We have shown the four Major components in the diagram: Main PoP IIG Perimeter and Monitoring Zone Type-1 PoP: PoP with Gateway & DPI Type-2 PoP: PoP to connect Clients to the Main PoP.
CO-CONFIDENTIAL - 11 BD Link IIG Low Level Design
Page 11
The Main PoP will be deployed immediately and act as the HUB of IIG. Main PoPs Gateway Routers will be connected to the upstream provider, in case of single connectivity to the upstream one Gateway Router will be configured with eBGP and the second one will be treated as the backup for Gateway Router-1 to ensure device level redundancy. And after having the second upstream link VSAT/Terrestrial/Submarine the Gateway Router-2 will be configured using eBGP with the upstream and iBGP with Gateway Router-1. Interior Gateway Protocol OSPF will be configured between all Gateway and Aggregation Routers. All those will be placed in backbone area including all their connected interfaces. The Aggregation Routers will have iBGP session with the Gateway Routers and eBGP with each ISP or BWA clients. These routers will have different policies based on BD LINK requirement. The IIG perimeter firewalls will be connected to Aggregation Routers. The Firewall will have three zones Outside, DMZ, and Inside. Outside zone will be connected with the Aggregation Routers, DMZ will be created to place to offer any value added service for the clients and internal servers, application and administration zone will be placed in Inside Zone. In future if BD LINK deploy Type-1 PoP with Gateway and DPI functionality we recommend to connect the Gateway Router of Type-1 PoP with Main PoPs Gateway Routers to ensure link level redundancy of local transmission vendor. The Gateway and Aggregation Router will be configured in similar fashion like Main PoPs GW & Aggregation Router. And will have IGP & EGP neighbor ship between PoPs Gateway Routers. In case of Type-2 PoP we recommend to go with layer-2 connectivity with Aggregation Router of Main PoP which will be similar configuration of distributing link from Main PoPs Access Switch with eBGP neighbor ship with ISP or BWA clients router at Aggregation level of Main PoP. We have given detail of each segments description and IGP & EGP routing topology in different section of this document.
CO-CONFIDENTIAL
- 12 -
Page 12
2.2.2. BGP Routing Topology
The main requirement for the routing is to accommodate redundancy, load balancing but with symmetry. The BGP routing for IIG will be as follows: The Gateway Routers will be connected through STM-1/STM-4 to upstream provider in a point-to-point topology due to TDM interface. Gateway Router-1 will be connected to one tier-1 service provider and will have eBGP peering and receive full routing table. (Only default route can be taken till implementation of second Gateway). Gateway Router-2 will be connected to another tier-1 service provider through STM-1/STM-4
Page 13
and will have eBGP peering and take full routing table. There will be iBGP session with Gateway Router-1 and Gateway Router-2. The DPI Juniper IDP-8200 will be deployed in transparent mode to filter unwanted traffic and to allow only legitimate traffic. There will be iBGP session with Aggregation Router-1 and both the Gateway Routers and receive full routing table from both the Gateway. There will be iBGP session with Aggregation Router-2 and both the Gateway Routers and receive full routing table from both the Gateway. Different ISPs will connect directly or through access switch to the Aggregation Routers. Aggregation Routers will have eBGP session with ISPs Gateway Routers. But based on requirement for small ISPs connectivity can be arranged using alternate routing. We have classified PoP into below category: Type-1: PoP with Gateway and DPI Type-2: PoP to connect ISPs. Will be part of distribution/access network. The Gateway Router of Main PoP will be connected to PoP type-1s Gateway Router to provide link redundancy. There will be iBGP session between Main PoP and Type-1 PoPs gateway router.
CO-CONFIDENTIAL
- 14 -
Page 14
2.2.3. OSPF Routing Topology
The IGP protocol of BD LINK IIG solution should be OSPF. OSPF is a link state and hierarchical protocol, it requires to have one backbone area (Area 0) and others areas which should be connected directly (physically or logically through virtual link) with backbone area. As BD LINK will have Main PoP and Type 1 & Type 2 PoPs in its solution. We suggest to define the Backbone Area consisting Gateway & Aggregation Router of Main PoP and Type-1 PoP. (As defined in the diagram).
CO-CONFIDENTIAL
- 15 -
Page 15
We will configure OSPF backbone area in Main PoP, IGP domain will contain Gateway Routers and Aggregation Routers. Gateway Router 1 & 2 and Aggregation Router 1 & 2 will be in backbone area. And the DPI will be configured to pass through all BGP & OSPF route update packets. As this will be a Ethernet/Broadcast network the role for DR & BDR can be given to either Gateway Router or Aggregation Router considering device with less responsibility in other part. All the links in Gateway Router like Interfaces connected to Upstream, Interfaces connected to Aggregation and Interfaces between Gateways should be declared in the same area to avoid static routing or redistribution. But except Links connected to Aggregation Routers all others links should be configured not to send routing updates as there will be no IGP neighbour. Both the Aggregation Routers will be configured with OSPF and all its directly connected interfaces will be declared in backbone area to avoid static routing or redistribution. But in case of client connectivity all the links with ISPs and BWAs can be redistributed to ensure better management but it is highly recommended to create ACL with the customer connected point-to-point IPs. In case of addition of a customer the ACL can be modified by adding one permit entry in the ACL which has already been redistributed in OSPF. Using these ACL in the route map for redistribution will give better visibility and manageability for the administrator. In future if BD LINK setup new type-1 PoP, the Gateway and Aggregation Router of those PoP will be configured similar to Main PoPs IGP configuration and will have OSPF neighbour ship between Gateways of Main PoP and Type-1 PoP.
CO-CONFIDENTIAL
- 16 -
Page 16
2.2.4. Dhaka Main POP Design (Phase -1 Deployment)
The scope of this phase is to install and commission devices only at the Main PoP. The Core Component of Main PoP or Phase-I deployment are two Gateway Routers, two Aggregation Routers and one DPI. Both the Gateway Routers will be connected with two separate upstream providers and will be configured using eBGP. And will take entire routing table from both upstream providers. These two Routers will have iBGP peering.
CO-CONFIDENTIAL
- 17 -
Page 17
The Aggregation Routers will be configured using iBGP with both the Gateway Router and take full routing table from both which ultimately ensure the facility for traffic engineering. In case of Single Link Gateway Routers can be configured to pass only default routes to the aggregation as it will have only one path to forward traffic. But the Gateway Router should take entire routing table as its a requirement to comply with the guideline provided by the authority. The connectivity for the ISPs and BWAs will be from the Aggregation Router directly or through access switch based on clients requirement and business guideline.
CO-CONFIDENTIAL
- 18 -
Page 18
3. Device Naming, Port Connectivity & IP Addressing

3.1. Devices Naming Convention
The hostnames have to be unique across the network. So hierarchical & logical naming convention has been planned for BD LINK network as shown below: SL 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. Country Bangladesh Bangladesh Bangladesh Bangladesh Bangladesh Bangladesh Bangladesh Bangladesh Bangladesh Bangladesh Bangladesh Bangladesh Bangladesh Bangladesh Location Dhaka Dhaka Dhaka Dhaka Dhaka Dhaka Dhaka Dhaka Dhaka Dhaka Dhaka Dhaka Dhaka Dhaka Device Function Core Router -1 Core Router - 2 Agg. Router - 1 Agg. Router - 2 DPI - 01 DC Firewall - 1 DC Firewall - 2 DC Switch -1 DC Switch -2 DNS Server - 1 DNS Server - 2 NMS Server MRTG NSMXpress Device Model MX10-T-DC MX10-T-DC MX5-T-DC MX5-T-DC IDP8200 SRX240H SRX240H EX2200-24T-4G EX2200-24T-4G 5016I-TF 5016I-TF 5016I-TF 5016I-TF 5016I-TF Host Name DHK_GW_RTR_01 DHK_GW_RTR_02 DHK_AGG_RTR_01 DHK_AGG_RTR_02 IDP_01 DHK_FW1 DHK_FW2 DHK_DC_SW_01 DHK_DC_SW_02 DNS Server -1 DNS Server -2 NMS Server MRTG Server NSMXpress Server
CO-CONFIDENTIAL
- 19 -
Page 19
3.2.
Physical Connectivity Mapping & IP Addressing
*** Pls. follow the Device Connectivity & IP Addressing Xls file for detail.
CO-CONFIDENTIAL
- 20 -
Page 20
4. Device Configuration
This section captures the configuration of Juniper devices being deployed in BDLINK network in Dhaka to provide IP transit services towards International Upstream Internet Service Providers to local ISP customers.
4.1.
Initial JONOS Configuration

This section captures the initial configuration to be done on Juniper routers using Console to make the routers reachable across WAN for further configuration.
4.1.1. Login via Console

Connect to console and login with username root. (Initially no password will be prompted) root% prompt will be seen. Type cli and root> prompt will be seen. Type configure and root# prompt will be seen, which is the configuration mode. root% cli root> ##Operational Mode root> configure root# ##Configuration Mode
4.1.2. Set Root Password

JUNOS does not allow to commit configuration unless password for root is configured. This can be tested if we try to commit while setting up router initially. root# commit [edit] 'system' Missing mandatory statement: 'root-authentication' error: commit failed: (missing statements) If you see this error, it means that root authentication needs to be configured. Please use the below CLI to configure root authentication. root# set system root-authentication plain-text-password New password: Retype new password:
CO-CONFIDENTIAL
- 21 -
Page 21
[edit] root# commit commit complete
4.1.3. Enable System Services

By default telnet, ssh and ftp are not enabled. Follow the steps below to enable these services. set system services ftp set system services telnet set system services ssh This should only be enabled after Junos Upgrade
4.1.4. Configuring Local username

Username root cannot be used when connecting to router via telnet. It can be used only for console and ssh. Use below CLI to configure username and password. set system login user ispoperation set system login user ispoperation class super-user set system login user ispoperation authentication plain-text-password New password: ispnoc@2341 Retype new password: ispnoc@2341
4.2.
Dhaka Core Router -1 Configuration

This section captures the configuration of Dhaka Core Router -1.
4.2.1. System Basic Configuration

system { host-name DHK_GW_RTR_01; time-zone Asia/Dhaka; no-source-route; commit synchronize; name-server 103.12.236.1; ports { console { log-out-on-disconnect; type vt100; } } routing-options {
Page 22
router-id 103.12.236.40; autonomous-system 58668; }
4.2.2. Management Interface Configuration

interfaces { fxp0 { unit 0 { family inet { address 10.100.102.2/24; } } }
4.2.3. Chassis Configuration

fpc 0 { pic 1 { tunnel-services { bandwidth 1g; } } } aggregated-devices { ethernet { device-count 2; } } alarm { management-ethernet { link-down ignore; } } }
4.2.4. Interface Configuration

interfaces { ge1/0/0 {
CO-CONFIDENTIAL
- 23 -
Page 23
description "Connected to AGG1 via IDP-01 port ge-0 "; unit 0 { family inet { address 103.12.236.17/30; } } ge1/0/1 { description "Connected to DHK_GW_RTR_02"; unit 0 { family inet { address 103.12.236.25/30; } } so-1/2/0 { description "Connected to Upstream1" unit 0 { family inet { address x.x.x.x/30; } } } lo0 { unit 0 { family inet { address 103.12.236.40/32; } } }
4.2.5. OSPF Configuration

protocols { ospf { area 0.0.0.0 { interface ge-1/0/0.0; interface ge-1/0/1.0; interface lo0.0; interface so-0/2/0 { passive; } }
CO-CONFIDENTIAL
- 24 -
Page 24
} }
4.2.6. BGP Configuration

protocols { bgp { group BGP-Internal { type internal; local-address 103.12.236.40/32; export redistribute-to-ibgp; neighbor103. 12.236.41; neighbor103. 12.236.42; neighbor103. 12.236.43; } group BGP-External { type external; export redistributed-connected; neighbor X.X.X.X { peer-as XX; } } }
4.2.7. Sample RE filter Configuration

firewall { filter PROTECT-RE-FILTER { term ROUTER-ACCESS { from { source-address { A.A.A.0/24; } destination-address { F.F.F.F/32; /* fxp0 IP address */ } protocol tcp; destination-port [ ssh telnet ]; } then accept; } term PERMIT-BGP { from { protocol tcp; source-address B.B.B.B/32; /* Add addresses from
Page 25
port bgp; } then accept; } term PERMIT-OSPF { from { protocol ospf; } then accept; } term PERMIT-DNS { from { protocol udp; source-address D.D.D.D/32; /* DNS-SERVER ADD port domain; } then accept; } term PERMIT-NTP { from { protocol [ udptcp ]; source-address N.N.N.N/32; /* NTP SERVER ADD port ntp; } then accept; } term PERMIT-UDP-TRACEROUTE { from { protocol udp; destination-port 33434-33534; } then { count traceroute; accept; } } term PERMIT-TACACS+ { from { protocol tcp; source-address T.T.T.T/32; /* TACACS SERVER source-port 49; } then accept; } term PERMIT-ICMP { from {
CO-CONFIDENTIAL
- 26 -
Page 26
protocol icmp; icmp-type [ echo-request echo-reply unreachable ti } then accept; } term PERMIT-TCP-ESTABLISHED { from { protocol tcp; tcp-established; } then accept; } term DENY-OTHERS { then { discard; } } } } interfaces { lo0 { unit 0 { family inet { filter { input PROTECT-RE-FILTER; } } } } } } }
4.2.8. SNMP Configuration

snmp { location "Location Name"; community test123 { authorization read-only; clients { 103.12.236.3/32; 103.12.236.4/32; } }
CO-CONFIDENTIAL
- 27 -
Page 27
4.3.
Dhaka Core Router -2 Configuration

This section captures the configuration of Dhaka Core router-2.

system { host-name DHK_GW_RTR_02; time-zone Asia/Dhaka; no-source-route; commit synchronize; name-server 103.12.236.1; ports { console { log-out-on-disconnect; type vt100; } } routing-options { router-id 103.12.236.41; autonomous-system 58668; }

interfaces { fxp0 { unit 0 family inet { address 10.100.102.2/24; } }

fpc 0 { pic 1 { tunnel-services { bandwidth 1g;
Page 28
} } } aggregated-devices { ethernet { device-count 2; } } alarm { management-ethernet { link-down ignore; } } }

interfaces { ge1/0/0 { description "Connected to DHK_GW_RTR_01"; unit 0 { family inet { address 103.12.236.21/30; } } ge1/0/1 { unit 0 { family inet { address 103.12.236.26/30; } } ge1/0/2 { unit 0 { family inet { } ge1/0/3 { unit 0 {
CO-CONFIDENTIAL
- 29 -
Page 29
family inet { } }
ge-1/0/4 { unit 0 { family inet } } ge-1/0/5 { unit 0 { family inet } } so-0/2/0 { description "Connected to Upstream1" unit 0 { family inet { address x.x.x.x/30; } } } lo0 { unit 0 { family inet { address 103.12.236.41; } } }

protocols { ospf { area 0.0.0.0 { interface ge-1/0/0; interface ge-1/0/1; interface so-0/2/0; { passive; }
CO-CONFIDENTIAL
- 30 -
Page 30
interface lo0.0; } } }

protocols { bgp { group BGP-Internal { type internal; local-address 103.12.236.41; export redistribute-to-ibgp; neighbor 103.12.236.40; neighbor 103.12.236.42; neighbor 103.12.236.43; } group BGP-External { type external; export redistributed-connected; neighbor X.X.X.X { peer-as XX; } } }

firewall { filter PROTECT-RE-FILTER { term ROUTER-ACCESS { from { source-address { A.A.A.0/24; } destination-address { F.F.F.F/32; /* fxp0 IP address */ } protocol tcp; destination-port [ ssh telnet ]; } then accept; } term PERMIT-BGP {
Page 31
from { protocol tcp; source-address B.B.B.B/32; /* Add addresses from port bgp; } then accept; } term PERMIT-OSPF { from { protocol ospf; } then accept; } term PERMIT-DNS { from { protocol udp; source-address D.D.D.D/32; /* DNS-SERVER ADD port domain; } then accept; } term PERMIT-NTP { from { protocol [ udptcp ]; source-address N.N.N.N/32; /* NTP SERVER ADD port ntp; } then accept; } term PERMIT-UDP-TRACEROUTE { from { protocol udp; destination-port 33434-33534; } then { count traceroute; accept; } } term PERMIT-TACACS+ { from { protocol tcp; source-address T.T.T.T/32; /* TACACS SERVER source-port 49; } then accept;
CO-CONFIDENTIAL
- 32 -
Page 32
} term PERMIT-ICMP { from { protocol icmp; icmp-type [ echo-request echo-reply unreachable ti } then accept; } term PERMIT-TCP-ESTABLISHED { from { protocol tcp; tcp-established; } then accept; } term DENY-OTHERS { then { discard; } } } } interfaces { lo0 { unit 0 { family inet { filter { input PROTECT-RE-FILTER; } } } } } } }

snmp { location "Location Name"; community test123 { authorization read-only; clients { 103.12.236.3/32;
CO-CONFIDENTIAL
- 33 -
Page 33
103.12.236.4/32; } } }
4.4.
Dhaka Aggregation Router -1 Configuration

This section captures the configuration of Dhaka Aggregation router-1.

system { host-name DHK_AGG_RTR_01; time-zone Asia/Dhaka; no-source-route; commit synchronize; name-server 103.12.236.1; ports { console { log-out-on-disconnect; type vt100; } } routing-options { router-id 103.12.236.42; autonomous-system 58668; }


fpc 0 {
Page 34
pic 1 { tunnel-services { bandwidth 1g; } } } aggregated-devices { ethernet { device-count 2; } } alarm { management-ethernet { link-down ignore; } } }

interfaces {
ge1/0/0 { description "Connected to DHK_GW_RTR_01 via IDP-01 port ge-1 "; unit 0 { family inet { address 103.12.236.18/30; } } } ge1/0/1 { description "Connected to DHK_AGG_RTR_02"; unit 0 { family inet { address 103.12.236.23/30; } } } ge1/0/2 { description "Connected to DHK_FW1"; unit 0 { family inet {
Page 35
address 103.12.236.29/30; } } } ge1/0/3 { unit 0 { family inet { } } } ge-1/0/4 { unit 0 { family inet { } } } ge-1/0/5 { unit 0 { family inet { } } }
lo0 { unit 0 { family inet { address 103.12.236.42/32; } } }

protocols { ospf { area 0.0.0.0 { interface ge-1/0/0; interface ge-1/0/1; interface ge-1/0/2; interface lo0.0; }
Page 36
} }

4.4.7. Bandwidth Configuration
firewall { policer 3MB { if-exceeding { bandwidth-limit 3072000; burst-size-limit 384k; } then discard; } } ----- Policy May be Changed based on requirement

firewall { filter PROTECT-RE-FILTER { term ROUTER-ACCESS { from { source-address { A.A.A.0/24; /* MANAGEMENT STATION ADDRESS RANGE */
CO-CONFIDENTIAL
- 37 -
Page 37
} destination-address { F.F.F.F/32; /* fxp0 IP address */ } protocol tcp; destination-port [ ssh telnet ]; } then accept; } term PERMIT-BGP { from { protocol tcp; source-address B.B.B.B/32; /* Add addresses from BGP Peers */ port bgp; } then accept; } term PERMIT-OSPF { from { protocol ospf; } then accept; } term PERMIT-DNS { from { protocol udp; source-address D.D.D.D/32; /* DNS-SERVER ADDRESS */ port domain; } then accept; } term PERMIT-NTP { from { protocol [ udptcp ]; source-address N.N.N.N/32; /* NTP SERVER ADDRESS */ port ntp; } then accept; } term PERMIT-UDP-TRACEROUTE { from { protocol udp; destination-port 33434-33534; } then { count traceroute;
CO-CONFIDENTIAL
- 38 -
Page 38
accept; } } term PERMIT-TACACS+ { from { protocol tcp; source-address T.T.T.T/32; /* TACACS SERVER ADDRESS */ source-port 49; } then accept; } term PERMIT-ICMP { from { protocol icmp; icmp-type [ echo-request echo-reply unreachable time-exceeded ]; } then accept; } term PERMIT-TCP-ESTABLISHED { from { protocol tcp; tcp-established; }

snmp { location "Location Name"; community test123 { authorization read-only; clients { 103.12.236.3/32; 103.12.236.4/32; } } }
4.5.
Dhaka Aggregation Router -2 Configuration

This section captures the configuration of Dhaka Aggregation router-2.

system { host-name DHK_AGG_RTR_02;
CO-CONFIDENTIAL
- 39 -
Page 39
time-zone Asia/Dhaka; no-source-route; commit synchronize; name-server 103.12.236.1; ports { console { log-out-on-disconnect; type vt100; } } routing-options { router-id 103.12.236.43; autonomous-system 58668; }


fpc 0 { pic 1 { tunnel-services { bandwidth 1g; } } } aggregated-devices { ethernet { device-count 2; } } alarm { management-ethernet { link-down ignore; } } }
CO-CONFIDENTIAL
- 40 -
Page 40

interfaces { ge1/0/0 { description "Connected to DHK_GW_RTR_01 via IDP-01 port ge-3"; unit 0 { family inet { address 103.12.236.22/30; } } } ge1/0/1 { description "Connected to DHK_AGG_RTR_01"; unit 0 { family inet { address 103.12.236.30/30; } } } ge1/0/2 { description "Connected to DHK_FW2"; unit 0 { family inet { address 103.12.236.37/30; } } } ge1/0/3 { unit 0 { family inet { } } } ge-1/0/4 { unit 0 { family inet { } } } ge-1/0/5 { unit 0 { family inet { } }
Page 41
lo0 { unit 0 { family inet { address 103.12.236.43/32; } } }

protocols { ospf { area 0.0.0.0 { interface ge-1/0/0; interface ge-1/0/1; interface ge-1/0/2; interface lo0.0; } } }

CO-CONFIDENTIAL
- 42 -
Page 42
4.5.7. Sample Bandwidth Configuration
firewall { policer 3MB { if-exceeding { bandwidth-limit 3072000; burst-size-limit 384k; } then discard; } } -----Policy May be Changed based on requirement

firewall { filter PROTECT-RE-FILTER { term ROUTER-ACCESS { from { source-address { A.A.A.0/24; /* MANAGEMENT STATION ADDRESS RANGE */ } destination-address { F.F.F.F/32; /* fxp0 IP address */ } protocol tcp; destination-port [ ssh telnet ]; } then accept; } term PERMIT-BGP { from { protocol tcp; source-address B.B.B.B/32; /* Add addresses from BGP Peers */ port bgp; } then accept; } term PERMIT-OSPF { from { protocol ospf; } then accept; } term PERMIT-DNS { from {
Page 43
protocol udp; source-address D.D.D.D/32; /* DNS-SERVER ADDRESS */ port domain; } then accept; } term PERMIT-NTP { from { protocol [ udptcp ]; source-address N.N.N.N/32; /* NTP SERVER ADDRESS */ port ntp; } then accept; } term PERMIT-UDP-TRACEROUTE { from { protocol udp; destination-port 33434-33534; } then { count traceroute; accept; } } term PERMIT-TACACS+ { from { protocol tcp; source-address T.T.T.T/32; /* TACACS SERVER ADDRESS */ source-port 49; } then accept; } term PERMIT-ICMP { from { protocol icmp; icmp-type [ echo-request echo-reply unreachable time-exceeded ]; } then accept; } term PERMIT-TCP-ESTABLISHED { from { protocol tcp; tcp-established; }
CO-CONFIDENTIAL
- 44 -
Page 44

}
4.6.
Dhaka Data Center Switch-1 Configuration

This section captures the configuration of Dhaka Data Center Switch-1.

system { host-name DHK_DC_SW_01; services { ftp; ssh; } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } commit { factory-settings { reset-chassis-lcd-menu; reset-virtual-chassis-configuration; } } }
CO-CONFIDENTIAL
- 45 -
Page 45
4.6.2. VLAN &Trunk Configuration

interfaces { ge-0/0/0 { description "Connected to DHK_FW_01" unit 0 { family ethernet-switching { port-mode trunk; vlan { members all; } } } } ge-0/0/1 { description "Connected to DNS-server-1" unit 0 { family ethernet-switching { vlan { members server; } } } } ge-0/0/2 { description "Connected to DNS-server-2" unit 0 { family ethernet-switching { vlan { members server; } } } } ge-0/0/3 { description "Connected to NMS-server" unit 0 { family ethernet-switching { vlan { members server; } } }
CO-CONFIDENTIAL
- 46 -
Page 46
} } ge-0/0/4 { description "Connected to MRTG-server" unit 0 { family ethernet-switching { vlan { members server; } } } } } ge-0/0/5 { description "Connected to NSM-server" unit 0 { family ethernet-switching { vlan { members server; } } } } } ge-0/0/6 { unit 0 { family ethernet-switching; } } ge-0/0/7 { unit 0 { family ethernet-switching; } } ge-0/0/8 { unit 0 { family ethernet-switching; } } ge-0/0/9 { unit 0 { family ethernet-switching; } }
CO-CONFIDENTIAL
- 47 -
Page 47
ge-0/0/10 { unit 0 { family ethernet-switching; } } ge-0/0/11 { unit 0 { family ethernet-switching; } } ge-0/0/12 { unit 0 { family ethernet-switching; } } ge-0/0/13 { unit 0 { family ethernet-switching; } } ge-0/0/14 { unit 0 { family ethernet-switching; } } ge-0/0/15 { unit 0 { family ethernet-switching; } } ge-0/0/16 { unit 0 { family ethernet-switching; } } ge-0/0/17 { unit 0 { family ethernet-switching; } } ge-0/0/18 { unit 0 { family ethernet-switching; } } ge-0/0/19 {
CO-CONFIDENTIAL
- 48 -
Page 48
unit 0 { family ethernet-switching; } } ge-0/0/20 { unit 0 { family ethernet-switching; } } ge-0/0/21 { unit 0 { family ethernet-switching; } } ge-0/0/22 { unit 0 { family ethernet-switching; } } ge-0/0/23 { unit 0 { family ethernet-switching; } } ge-0/1/0 { description connected to DHK_FW_02 unit 0 { family ethernet-switching { port-mode trunk; vlan { members all; } } } xe-0/1/0 { unit 0 { family ethernet-switching; } } ge-0/1/1 { description Connected to DHK_DC_SW_01; unit 0 { family ethernet-switching { port-mode trunk; vlan { members all;
CO-CONFIDENTIAL
- 49 -
Page 49
} } } } xe-0/1/1 { unit 0 { family ethernet-switching; } } ge-0/1/2 { unit 0 { family ethernet-switching; } } xe-0/1/2 { unit 0 { family ethernet-switching; } } ge-0/1/3 { unit 0 { family ethernet-switching; } } } protocols { igmp-snooping { vlan all; } rstp; lldp { interface all; } lldp-med { interface all; } } ethernet-switching-options { storm-control { interface all; } }
vlans {
CO-CONFIDENTIAL
- 50 -
Page 50
ISP1 { vlan-id 2; } ISP2 { vlan-id 3; } ISP3 { vlan-id 4; } }

}
4.7.
Dhaka Data Center Switch-2 Configuration

This section captures the configuration of Dhaka Data Center Switch-2.

system { host-name DHK_DC_SW_02; services { ftp; ssh; } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any;
CO-CONFIDENTIAL
- 51 -
Page 51
} } commit { factory-settings { reset-chassis-lcd-menu; reset-virtual-chassis-configuration; } } }
4.7.2. VLAN &Trunk Configuration

interfaces { description "Connected to DHK_FW_02" ge-0/0/0 { unit 0 { port-mode trunk; family ethernet-switching { vlan { members all; } } } } ge-0/0/1 { unit 0 { family ethernet-switching { } } } ge-0/0/2 { unit 0 { family ethernet-switching { } } } ge-0/0/3 { description "Connected to NMS" unit 0 { family ethernet-switching { vlan { members mgt; } }
CO-CONFIDENTIAL
- 52 -
Page 52
} } } ge-0/0/4 { description "Connected to MRTG" unit 0 { family ethernet-switching { vlan { members mgt; } } } } ge-0/0/5 { description "Connected to NSMXpress" unit 0 { family ethernet-switching { vlan { members mgt; } } } } ge-0/0/6 { description "Connected to DHK_CORE_01" unit 0 { family ethernet-switching { vlan { members mgt; } } } } ge-0/0/7 { description "Connected to DHK_CORE_02" unit 0 { family ethernet-switching { vlan { members mgt; } } } } ge-0/0/8 { description "Connected to DHK_IDP_01" unit 0 {
CO-CONFIDENTIAL
- 53 -
Page 53
family ethernet-switching { vlan { members mgt; } } } } ge-0/0/9 { description "Connected to DHK_AGG_01" unit 0 { family ethernet-switching { vlan { members mgt; } } } } ge-0/0/10 { description "Connected to DHK_AGG_02" unit 0 { family ethernet-switching { vlan { members mgt; } } } } ge-0/0/11 { unit 0 { family ethernet-switching; } } ge-0/0/12 { unit 0 { family ethernet-switching; } } ge-0/0/13 { unit 0 { family ethernet-switching; } } ge-0/0/14 { unit 0 { family ethernet-switching; }
CO-CONFIDENTIAL
- 54 -
Page 54
} ge-0/0/15 { unit 0 { family ethernet-switching; } } ge-0/0/16 { unit 0 { family ethernet-switching; } } ge-0/0/17 { unit 0 { family ethernet-switching; } } ge-0/0/18 { unit 0 { family ethernet-switching; } } ge-0/0/19 { unit 0 { family ethernet-switching; } } ge-0/0/20 { unit 0 { family ethernet-switching; } } ge-0/0/21 { unit 0 { family ethernet-switching; } } ge-0/0/22 { unit 0 { family ethernet-switching; } } ge-0/0/23 { unit 0 { family ethernet-switching; } }
CO-CONFIDENTIAL
- 55 -
Page 55
ge-0/1/0 { description connected to DHK_FW_02 unit 0 { family ethernet-switching { port-mode trunk; vlan { members all; } } } xe-0/1/0 { unit 0 { family ethernet-switching; } } ge-0/1/1 { description Link DHK_DC_SW_01; unit 0 { family ethernet-switching { port-mode trunk; vlan { members all; } } } } xe-0/1/1 { unit 0 { family ethernet-switching; } } ge-0/1/2 { unit 0 { family ethernet-switching; } } xe-0/1/2 { unit 0 { family ethernet-switching; } } ge-0/1/3 { unit 0 { family ethernet-switching; }
CO-CONFIDENTIAL
- 56 -
Page 56
} } protocols { igmp-snooping { vlan all; } rstp; lldp { interface all; } lldp-med { interface all; } } ethernet-switching-options { storm-control { interface all; } }
vlans { ISP4 { vlan-id 4; } ISP5 { vlan-id 5; } ISP6 { vlan-id 6; } }

}
CO-CONFIDENTIAL
- 57 -
Page 57
4.8.
IDP Configuration
4.8.1. OS Up gradation through CLI

Following steps to upgrade/install IDP OS:
the following file are required for IDP OS upgradation +sensor_5_0r1.sh +sensor_5_1r2.sh +sensor_5_1r3.sh
[root@idp ~]# cd /tmp [root@idptmp]# ls -l -rw-rw-r-- 1 admin admin 474454694 Jul 11 23:04 sensor_5_1r2.sh
to excute the above file with following [root@idptmp]# sh sensor_5_0r1.sh [root@idptmp]# sh sensor_5_1r2.sh [root@idptmp]# sh sensor_5_1r3.sh
4.8.2. System Basic Configuration through Web GUI (ACM)

Step1. Host name configuration Step2. DNS configurations Step3. IP configuration for MGT access Step4. default gateway
4.8.3. NSM Server Configuration

4.8.3.1. REDHAT 5 OS Installation
First need to install RedHat Linux before Install NSM.
CO-CONFIDENTIAL
- 58 -
Page 58
4.8.3.2.
NSM server 2010.4 OS Installation

Following steps to install nsm on a linux server: Step 1. Following files are required for NSM +Linux server +Linux system update utilities + Windows Ui client Step 2. Move all the three files to the nsm server. Step 3.unzip the systemupdate file +untar it , will get a folder named rhes4/rhes5. +move inside this folder and run the script rhes5.sh
Step 4. After this unzip the Linux server file(nsm_2010.4s3_linux_servers_x86.zip) will get the script file nsm_2010.4s3_linux_servers_x86.zip run this script to perform the installation tar xvf nsm_2010.4s3_linux_servers_x86.zip Step 5.nsm client installation on the workstation.
4.8.3.3.
NSM client Installation for configuration the NSM server

NSM Client software need to install in a Workstation to configure NSM Server.
4.8.3.4.
IDP device adding into NSM server

Following Screenshots shown IDP device adding into a NSM Server.
CO-CONFIDENTIAL
- 59 -
Page 59
CO-CONFIDENTIAL
- 60 -
Page 60
CO-CONFIDENTIAL
- 61 -
Page 61
CO-CONFIDENTIAL
- 62 -
Page 62
4.8.3.5.
Policy implementation
Following Screenshots shown Policy configuration to IDP.
CO-CONFIDENTIAL
- 63 -
Page 63
CO-CONFIDENTIAL
- 64 -
Page 64
CO-CONFIDENTIAL
- 65 -
Page 65
CO-CONFIDENTIAL
- 66 -
Page 66
4.8.3.6.
Log view and reporting, custom report generation

Following Screenshots shown log view, reporting & custom report generation from NSM server.
CO-CONFIDENTIAL
- 67 -
Page 67
CO-CONFIDENTIAL
- 68 -
Page 68
CO-CONFIDENTIAL
- 69 -
Page 69
4.9.
DC Firewall 1 & 2 Configuration
4.9.1. OS Upgrade
OS upgradation with JUNOS 10.4R10.7 through command line Steps: Copy the JUNOS OS file into /var/tmpfrom the pen drive >request system software add /var/tmp/junos-srxsme-10.0R2.10-domestic.tgz no-copy no-validate reboot.

root@% root@%cli root>configure root# set system root authentication plain-text password root# set system host name DHK_FW root# set system login user test class supper-user authentication plain-text password test# set system services telnet test# set system services ssh
Page 70

interfaces { ge-0/0/3 { gigether-options { redundant-parent reth1; } } ge-0/0/4 { gigether-options { redundant-parent reth0; } } ge-0/0/5 { gigether-options { redundant-parent reth2; } } ge-5/0/3 { gigether-options { redundant-parent reth1; } } ge-5/0/4 { gigether-options { redundant-parent reth0; } } ge-5/0/5 { gigether-options { redundant-parent reth2; } } fab0 { fabric-options { member-interfaces { ge-0/0/2; } } } fab1 { fabric-options { member-interfaces { ge-5/0/2;
CO-CONFIDENTIAL
- 71 -
Page 71
} } } reth0 { vlan-tagging; redundant-ether-options { redundancy-group 1; } unit XX { vlan-id XX; family inet { address XX.XX.XX.XX/XX; } } unit 102 { vlan-id 102; family inet { address XX.XX.XX.XX/XX; } } } reth1 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address 103.12.236.38/30; } } } reth2 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address 10.100.102.8/24; } } } } Interfaces will configure with UNTRUST, TRUST and DMZ zone security-zone trust {
CO-CONFIDENTIAL
- 72 -
Page 72
interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { all; } protocols { all; } security-zone untrust { screen untrust-screen; interfaces { ge-0/0/1.0; } security-zone DMZ { interfaces { ge-0/0/2.0 { Host-inbound-traffic { System-services { all; } Protocols { all; }
4.9.4. HA Configuration
VRRP/JSRP will configure for HA with Active/Standby mode. Device-1 will act as master and device-2 will act as standby mode, once master will goes down then device-2 will take the full ownership. groups { node1 { system { host-name FW2; } interfaces { fxp0 { unit 0 { family inet { address 10.100.102.10/24; } } }
Page 73
} } node0 { system { host-name FW1; } interfaces { fxp0 { unit 0 { family inet { address 10.100.102.9/24; } } } } } } chassis { cluster { reth-count 4; redundancy-group 0 { node 0 priority 100; node 1 priority 1; } redundancy-group 1 { node 0 priority 100; node 1 priority 50; preempt; interface-monitor { ge-0/0/3 weight 60; ge-0/0/5 weight 60; ge-0/0/4 weight 60; } } } }
4.9.5. Security Policy Configuration

Policy1: TRUST to UNTRUST: permit any any policies { from-zone trust to-zone untrust { policy trust-to-untrust { match {
CO-CONFIDENTIAL
- 74 -
Page 74
source-address any; destination-address any; application any; } then { permit; } Policy2: UNRUST to TRUST: deny all policies { from-zone untrust to-zone trust { policy untrust-to-trust { match { source-address any; destination-address any; application any; } then { deny; } Policy3: DMZ to UNTRUST: permit any any policies { from-zone DMZ to-zone untrust { policy untrust-to-trust { match { source-address any; destination-address any; application any; } then { permit; }
Policy4: UNTRUST to DMZ: only permit particular application services with dedicated port. Policy5: Screening policy will be configured for UNTRUST zone. Policy6: ALG policy will configure based on Application /services.
CO-CONFIDENTIAL
- 75 -
Page 75
5. LLD v 1.0 Signoff

Low Level Design v1.0 Approved With Amendments Amendments: [YES / NO] [YES / NO]
BD LINK LLD v1.0 Approval & Signoff BD LINK Team GAZI Project Manager
LLD Check:
Name: Designation
LLD Verification:
________________________________ Signature of the GAZI PM GAZI Implementation Manager
LLD Approval:
Name: Designation
________________________________ Signature of the GAZI IM
Comments:
Please Call to Gazi Project Manager on + 8801711-992626 If this form is not returned within three (3) days, Gazi Communication will assume full acceptance of this document without modification.
CO-CONFIDENTIAL
- 76 -
Page 76

BD Link IIG LLD v1.0

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

BD Link IIG LLD v1.0

Hochgeladen von

Copyright:

Verfügbare Formate

Low Level Design IIG

(BD Link Communication Ltd.)

BD Link IIG Low Level Design

BD Link IIG Low Level Design

BD Link IIG Low Level Design

BD Link IIG Low Level Design

BD Link IIG Low Level Design

2. Proposed Design Overview

BD Link IIG Low Level Design

BD Link IIG Low Level Design

BD Link IIG Low Level Design

2.2.1. Logical Topology

BD Link IIG Low Level Design

2.2.2. BGP Routing Topology

BD Link IIG Low Level Design

2.2.3. OSPF Routing Topology

BD Link IIG Low Level Design

BD Link IIG Low Level Design

2.2.4. Dhaka Main POP Design (Phase -1 Deployment)

BD Link IIG Low Level Design

BD Link IIG Low Level Design

3. Device Naming, Port Connectivity & IP Addressing

BD Link IIG Low Level Design

Physical Connectivity Mapping & IP Addressing

BD Link IIG Low Level Design

Initial JONOS Configuration

4.1.1. Login via Console

4.1.2. Set Root Password

BD Link IIG Low Level Design

[edit] root# commit commit complete

4.1.3. Enable System Services

4.1.4. Configuring Local username

Dhaka Core Router -1 Configuration

4.2.1. System Basic Configuration

router-id 103.12.236.40; autonomous-system 58668; }

4.2.2. Management Interface Configuration

4.2.3. Chassis Configuration

4.2.4. Interface Configuration

BD Link IIG Low Level Design

4.2.5. OSPF Configuration

BD Link IIG Low Level Design

4.2.6. BGP Configuration

4.2.7. Sample RE filter Configuration

BD Link IIG Low Level Design

4.2.8. SNMP Configuration

BD Link IIG Low Level Design

Dhaka Core Router -2 Configuration

4.3.1. System Basic Configuration

4.3.2. Management Interface Configuration

4.3.3. Chassis Configuration

} } } aggregated-devices { ethernet { device-count 2; } } alarm { management-ethernet { link-down ignore; } } }

4.3.4. Interface Configuration

BD Link IIG Low Level Design

4.3.5. OSPF Configuration

BD Link IIG Low Level Design

4.3.6. BGP Configuration

4.3.7. Sample RE filter Configuration

BD Link IIG Low Level Design

4.3.8. SNMP Configuration

BD Link IIG Low Level Design

Dhaka Aggregation Router -1 Configuration

4.4.1. System Basic Configuration