Zaawansowane Przeczanie IP

dr in. ukasz Sturgulewski, luk@kis.p.lodz.pl, http://luk.kis.p.lodz.pl/

ZPIP - v2015

Poczony model sieci

ZPIP - v2015

Hierarchiczny model sieci

WAN Edge

Core Tier

WAN Edge
Router

WAN Edge
Router

L2/L3
Switch

L2/L3
Switch

Aggregation
Tier
SSL VPN
Firewall
IPSec VPN
IPS
L2/L3
Switch

Security Sprawl
Hard to manage
STP in a flat L2
access network

L2/L3
Switch

Access
Tier L2
Switch
Servers +
Storage

ZPIP - v2015

Hierarchiczny model sieci

BUILDING A

BUILDING B

EX4300VC-3a

EX6200-1b

WLC
Cluster

WLA

WLA

WLA

EX4300VC-2a

LAG

Centralized
DHCP and
other services

WLA
EX3300VC-1a

App Servers

WLA

WLA

WLA

4
LAG

SRX Series
Cluster
Internet
LAG

LAG

EX4600VC-1a

ZPIP - v2015

EX9200-1b

Hierarchiczny model sieci

Zalety modelu hierarchicznego:

Skalowalno
Utrzymanie, konserwacja, przywracanie po
awariach (modularna budowa)

Nadmiarowo

Wydajno

Bezpieczestwo

Zarzdzanie
ZPIP - v2015

Przeczniki modularne i stae

MODULAR

Core

EX8208
EX8200
Virtual Chassis

EX8216

Aggregation

1 TB/slot chassis

40x10G

8x10G

40G and 100G LC

1G-Copper

Access

Extra-Scale

EX6200

10G Copper

1G-Fiber
Service Modules

2008

2009

2010

2011

2012

FIXED

Core
EX4200Virtual Chassis

EX4500
Virtual Chassis

Aggregation
EX4200

Access

EX3200

EX3300
Virtual Chassis

Industrial Grade

EX4500
EX3300 EX4200-PX
EX2200
ZPIP - v2015

Faster Virtual
Chassis Backplane

External RPS

EX2200-C
6

Juniper EX3300
podstawowa charakterystyka
24-48 Port Fixed
Configuration Access
Switch

POE+ Model Option

4 SFP/SFP+ uplinks
Fixed power supply (AC/DC) and
fans
Data center airflow
RPS support

Virtual Chassis technology

Airflow

PoE/+
ports

PSU

Total PoE
Power

EX3300-24T

F-to-B

AC

EX3300-48T

F-to-B

AC

EX3300-24P

F-to-B

24

AC

405W

Proven Juniper technology

EX3300-48P

F-to-B

48

AC

740W

EX3300-24T-DC

F-to-B

DC

EX3300-48T-BF

B-to-F

AC

10 - member Virtual Chassis

Virtual Chassis over 10GbE
uplinks
Virtual Chassis between
switches up to 40Km apart.

Junos operating system

Layer 3 (OSPF, PIM)

SKU

ZPIP - v2015

Juniper EX3300
budowa, zcza
LCD

Front View

Fixed, standalone configuration

17.4W x 12.0D x 1.75H inches
1 RU height

1GbE Network Ports, PoE+ capable

Gb/10Gbe SFP+
Uplink Ports

Internal power
Fixed uplinks
Environmental Ranges
Operating Temp: 0 to 45 C*
Operating Altitude: up to 10K ft*
Low acoustics: 40-45dB

Rear View

Management interfaces

1GbE Management Port

LCD easy bringup

Console (RJ45)
Out-of-band Ethernet (RJ45)

USB

Console Port

System Fan

Fan Exhaust

RPS Connector
AC Power Supply

ZPIP - v2015

Juniper EX3300
Virtual Chassis
Up to 10 members in a virtual chassis
over 10GE uplinks
Last two uplinks configured as VC ports
by default
All four uplinks can be configured as
non-VC uplink port
All four uplinks can be configured as
virtual chassis ports
Supported Optics

80 Gbps uplink/VC bandwidth

EX-SFP-10GE-DAC-1M

Each uplink auto-detect for GE/10 GE

10GE DAC cables recommended for VC
(one per EX3300)
No VC cable shipped with EX3300
system by default

EX-SFP-10GE-DAC-7M
EX-SFP-10GE-LR
EX-SFP-10GE-LRM
EX-SFP-10GE-SR

No mixed-mode VC with EX4200 or

EX4500

EX-SFP-10GE-USR
EX-SFP-1GE-LX
EX-SFP-1GE-SX

ZPIP - v2015

Juniper EX4550
1U 32-port 1/10GbE Switch

Wire-rate performance on all ports

2 expansion slots
8x1/10GbE SFP/SFP+, 128 Gbps Virtual
Chassis module
1/10G BASE-T module
2x40G QSFP+ module
~2us Latency
Front-back and back-front airflow
SFP+ version is MACSec capable

Virtual Chassis Technology

256 Gbps virtual backplane (up to 320

Gbps with 40GbE module)

Manage up to 10 as a single device

Extend over 10GbE uplinks (40GbE)

Virtual Chassis with EX4200 & EX4500

Software Parity with 12.1

MPLS (L2VPN, L3VPN)

RE-SDK
ZPIP - v2015

11

Juniper EX4550
1U 32-port 100M/1G/10GT
Switch

Wire-rate performance on all ports

2 Expansion Slots
8x100M/1/10G-BaseT, 8x1/10G
SFP/SFP+ , 128 Gbps VC module
~3.8us Latency
Cat5e, Cat6 and Cat6a

Virtual Chassis Technology

320 Gbps virtual backplane

Manage up to 10 as a single device

Extend over 10GbE uplinks ( SFP+ or

10GT)

Virtual Chassis with EX4200 & EX4500

Software Parity with EX455032F

EX4550 Rear View

12.2r4 or 12.3r1
MPLS (L2VPN, L3VPN)
RE-SDK
ZPIP - v2015

Redundant Power modules

Redundant Cooling modules

Expansion Module slot

12

Juniper EX4550

Ease of Migration to higher speeds

Deploy as 1G migrate to 10G as you grow.

4550-32T can also operate at 100mbps

Reduce deployment cost by removing

Optics.

EX4550-32T is 25 % cheaper with Cat 6a

cables compared with EX4550-32F with
DAC cables

Cat6a cables 90% cheaper than similar

DAC cables

Cat6a supports up to 100m

Flexibility of Deployment Mix and

Match with Fiber

Up to 16 x 10G SFP+ ports with expansion

slots

Cat5e
10 Gigabit Ethernet up to 45 meters
Cat6
10 Gigabit Ethernet up to 55 meters
Cat6a
10 Gigabit Ethernet up to 100
meters

ZPIP - v2015

13

Juniper EX4550
Front View

Expansion Slot
(PIC 1)

32 built in Tri-speed 100M/G/10G ports

Mgmt Con USB Mini

USB
Con

Rear View

Redundant PSUs
Both AC/DC options

Expansion Slot
(PIC 2)
ZPIP - v2015

Redundant FAN modules

14

JunOS
Security
SRX Series

Routers

Switches
EX Series

T Series

M Series

J Series

MX Series

SSL VPN (SA Series) Radius (SBR Series)

WLAN

Management

Network Access Control (UAC Series)

vGW Virtual
Gateway (Altor)

RingMaster - SmartPass

WL Series
ZPIP - v2015

15

JunOS

Prezentacje:
IJOS-12.a_C2_JUNOS_Fundamentals.ppt
IJOS-12.a_C3_User_Interfaces.ppt

ZPIP - v2015

16

Zcza RJ45 i SFP

MIKROTIK ROUTERBOARD RB922UAGS 5HPACD 802.11AC 866MBPS

ZPIP - v2015

17

Zcza SFP

SFP (Small Form-factor Pluggable)

Transceiver (hot-plug), nadajnik - odbiornik.

Budowa i elektroniczny interfejs - standardy MSA
(Multiple Source Agreement group).
Zapewnia poczenie z rnymi typami mediw i
standardw warstwy 2.
Poprzednik GBIC, przez to czsto zwany mini-GBIC.
Wspierany przez bardzo szerokie grono dostawcw
urzdze sieciowych.

ZPIP - v2015

18

Zcza SFP

Moduy SFP:
dla wielomodowych wiatowodw
dla jednomodowych wiatowodw
(rne dugoci fali, take dwukierunkowe)
dla kabli miedzianych

http://www.napad.pl/produkty-614-5337-modul-swiatlowodowy-sf-sm31020-gp-sftp.htm
ZPIP - v2015

19

Zcza SFP

Zgodnie ze specyfikacj MSA, transceivery SFP

posiadaj 256-bajtow pami EEPROM, ktra
zawiera informacje o zdolnociach
transceivera, standardowym interfejsie,
producencie oraz inne informacje, ktre
dostpne s poprzez interfejs I2C na 8bitowym adresie 1010000X (A0h).
Czsto producenci urzdze ograniczaj uycie
wkadek innych dostawcw.
http://sfp.guru/pl/baza-wiedzy/97-standard-sfp

ZPIP - v2015

20

Zcza SFP

Technologia DDM:

Nowoczesne optyczne transceivery SFP wspieraj funkcje

DDM (Digital Diagnostics Monitoring), zgodnie ze standardami
SFF-8472. Funkcja ta zwana jest te jako DOM (Digital Optical
Monitoring). Moduy z t funkcj daj uytkownikowi
moliwo monitorowania parametrw SFP, takich jak
optyczna moc na wyjciu, optyczna moc na wejciu,
temperatura, laserowy prd polaryzacji i napicie zasilania, w
czasie rzeczywistym.
Kontroler diagnostycznego monitoringu jest dostpny na
urzdzeniu I2C pod adresem 1010001X (A2h).

http://sfp.guru/pl/baza-wiedzy/97-standard-sfp
ZPIP - v2015

21

Zcza SFP

Rozmiary:
Wysoko 8.5 mm
Szeroko 13.4 mm
Gboko 56.5 mm
Generalnie im mniejsze wymiary tym lepiej wiksza gsto portw (ale s problemy z
budow ukadw w tym odprowadzanie
ciepa).

ZPIP - v2015

22

SFP pin-out, kodowanie

Pin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Name
VeeT
TxFault
TxDisable
MOD-DEF(2)
MOD-DEF(1)
MOD-DEF(0)
RateSelect
LOS
VeeR
VeeR
VeeR
RDRD+
VeeR
VccR
VccT
VeeT
TD+
TDVeeT

Function
Transmitter ground
Transmitter fault indication
Optical output disabled when high
Data for serial ID interface
Clock for serial ID interface
Grounded by the module to indicate module presence
Low selects reduced bandwidth
When high, indicates received optical power below worst-case receiver sensitivity
Receiver ground
Receiver ground
Receiver ground
Inverted received data
Received data
Receiver ground
Receiver power (3.3 V)
Transmitter power (3.3 V)
Transmitter ground
Transmit data
Inverted transmit data
Transmitter ground

kodowanie 8b/10b oraz 64b/66b

ZPIP - v2015

23

Kable DAC (Direct Attach Copper Cable)

Kable DAC ()

MIKROTIK ROUTERBOARD SFP/SFP+ DIRECT ATTACH CABLE

ZPIP - v2015

24

Kable DAC (Direct Attach Copper Cable)

MIKROTIK ROUTERBOARD SFP/SFP+ DIRECT ATTACH CABLE

ZPIP - v2015

25

Kable DAC (Direct Attach Copper Cable)

Direct-Attach Copper
10Gig SFP+ Direct Attach Cable Assemblies
are constructed with high frequency 10 GHz,
100 ohm parallel shielded pairs, with two wire
pairs in the cable (30 AWG for cables less
than 4m in length and uses 24 AWG for 4m
and longer cables)

2-pair twin-axial cable

Pasywny (maks. 7m)

Aktywny
>= 1 Gb/s, full duplex

SFP+ connector

http://www.panduit.com/heiler/InstallInstructions/N-COSFPPassive--PN533B--ENG.pdf

ZPIP - v2015

26

Kable DAC (Direct Attach Copper Cable)

Direct-Attach Copper
Mniejsze opnienia (25-30x) ni na skrtce
Cat6 / Cat6a / Cat7
Niski BER (Bit Error Ratio) < 1018
Zagicia mog by problemem!

ZPIP - v2015

27

Dostpno, nadmiarowo
HA

High Availability:

VC

Virtual Chassis
STP Spanning Tree Protocol
RTG Redundant Trunk Groups
LAG Link Aggregation Groups

ZPIP - v2015

28

VC, STP, RTG, LAG

VC

LAG

LAG
VC

VC

JEX_11.a_C7_HighAvailability.ppt
ZPIP - v2015

29

CTI laboratoria sieciowe

ZPIP - v2015

30

CTI laboratoria sieciowe

Konsola urzdze sieciowych dostpna poprzez serwer

terminali (Opengear).
Wszystkie urzdzenia, zgromadzone w laboratorium,
maj porty konsolowe podczone do serwera
terminali.
Poprzez SSH np. putty naley poczy si z serwerem
terminali, nr portu TCP zwizany jest z nr fizycznego
portu w serwerze terminali.

ZPIP - v2015

31

Zadanie 1

Przygotowa 4 przeczniki EX3300 do

zadania:
Przywrci fabryczn konfiguracj
Nada unikatow nazw
Skonfigurowa haso dla root

ZPIP - v2015

32

Usuwanie hase z urzdze

ZPIP - v2015

33

Kasowanie konfiguracji startowych

ZPIP - v2015

34

Kasowanie konfiguracji startowych

Z menu urzdzenia (EX3300):

MAINTENANCE:
SYSTEM REBOOT?
FACTORY DEFAULT?

IDLE
STATUS
MAINT

ZPIP - v2015

35

Konfigurowanie nazwy urzdzenia

ZPIP - v2015

36

Zadanie 2

Poczy 4 urzdzenia EX3300 w jedno

logiczne urzdzenie (Virtual Chassis)
VC
RE0
LC0
RE1
LC1

ZPIP - v2015

37

Virtual Chassis EX3300

Preprovisioned

Preprovisioning a Virtual Chassis configuration allows

you to assign the member ID and role for each switch
in the Virtual Chassis:

Check the JunOS version compatibility:

show version
Make a list of the serial numbers of all the switches to be
connected in a Virtual Chassis configuration.
show chassis hardware
Note the desired role (routing-engine (master or
backup) or line-card) of each switch.
Interconnect the member switches using uplink ports 2 and 3
of your EX3300 switches.
Power on only the switch that you plan to use as the master
switch. Do not power on the other switches at this time.
ZPIP - v2015

38

Virtual Chassis EX3300

Preprovisioned

Specify the preprovisioned configuration mode:

[edit virtual-chassis]
user@switch# set preprovisioned
Specify all the members that you want to included in the
Virtual Chassis configuration, listing each switchs serial
number with the desired member ID and the desired role:
[edit virtual-chassis]
user@switch# set member id role rola
user@switch# set member id serial-number sn
user@switch# set member id location opis_gdzie

ZPIP - v2015

39

Virtual Chassis EX3300

Preprovisioned
(EX4500 switches only) Verify the PIC mode setting:
user@switch> show chassis pic-mode
If the PIC mode setting is not set to virtual-chassis, set the PIC mode
to virtual-chassis:
user@switch> request chassis pic-mode virtual-chassis
(EX4500 switches only) Set the 10-Gigabit Ethernet SFP+ port as a VCP
interface:
user@switch> request virtual-chassis vc-port set pic-slot
pic-slot-number port port-number
where:

pic-slot-number The PIC slot number, which is 0 when specifying a

native port, 1 when specifying a port on the uplink module in PIC slot
number 1, and 2 when specifying a port on an uplink module in PIC slot
number 2.
port-number The port number on the switch or uplink module.

ZPIP - v2015

40

Virtual Chassis EX3300

Nonprovisioned

If you do not edit the Virtual Chassis

configuration file, a nonprovisioned
configuration is generated by default.
The mastership priority value for each member
switch is 128. The master role is selected by
default.
We recommend that you specify the same
mastership priority value for the desired
master and backup members.
ZPIP - v2015

41

Virtual Chassis EX3300

Nonprovisioned

Interconnect the member switches using uplink

ports 2 and 3 on your EX3300 switches
Power on only the switch that you plan to use as
the master switch
Configure mastership priority for the master,
backup, and other members:
[edit virtual-chassis]
user@SWA0# set member 0 mastership-priority 255
user@SWA0# set member 3 mastership-priority 255

Power on the member switches in sequential order,

one by one.
ZPIP - v2015

42

Virtual Chassis EX3300

Options

Options:

(Optional. Recommended for a two-member Virtual Chassis)

Disable the split and merge feature:
[edit virtual-chassis]
user@switch# set no-split-detection
(Optional) Configure the master switch with the virtual
management Ethernet (VME) interface for out-of-band
management of the Virtual Chassis:
[edit]
user@switch# set interfaces vme
unit 0 family inet address ip-address/mask

ZPIP - v2015

43

show virtual-chassis status

ZPIP - v2015

44

show virtual-chassis vc-port

ZPIP - v2015

45

show virtual-chassis vc-path

ZPIP - v2015

46

show chassis hardware

ZPIP - v2015

47

Testy
Sprawdzi status VC
Sprawdzi porty VC

VC

Sprawdzi ciek od portu A do portu B

Zrobi transfer FTP, wyczy urzdzenie
na ciece ;P

ZPIP - v2015

48

Testy
Skonfigurowa adres IP dla VC
Skonfigurowa dostp poprzez SSH

Do ktrego urzdzenia musz si

podczy fizycznie aby poczy si ze
skonfigurowanym adresem IP?

ZPIP - v2015

49

Testy
Zmiana roli
Zmiana Members ID

ZPIP - v2015

50

ZPIP

KONIEC
ZPIP - v2015

51