Advanced Juniper Networks Routing in the Enterprise_Student Guide_8.a.pdf

(38933 KB) Pobierz
Advanced Juniper Networks
Routing in the Enterprise
8.a
Student Guide
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Course Number: EDU-JUN-AJRE
Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks
are the property of their respective owners.
Advanced Juniper Networks Routing in the Enterprise Student Guide,
Revision 8.a
Copyright © 2006, Juniper Networks, Inc.
All rights reserved. Printed in USA.
Revision 8.a—December 2006
PLACE REVISION HISTORY HERE.
The information in this document is current as of the date listed above.
The information in this document has been carefully verified and is believed to be accurate for software Release 8.0R2. Juniper Networks assumes no
responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental
or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.
Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The JUNOS software has no
known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent
applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you
understand and agree to be bound by those terms and conditions.
Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses.
The software license may state conditions under which the license is automatically terminated. You should consult the license for further details.
Contents
Chapter 1:
Chapter 2:
Course Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
JUNOS Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Policy Language and Policy Evaluation Process Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Firewall Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-34
Unicast Reverse-Path Forwarding Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-65
Lab 1: Policy Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-71
Chapter 3:
BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
BGP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
IBGP Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14
EBGP Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
BGP-IGP Interaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30
Chapter 4:
Enterprise Routing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Enterprise BGP Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Case Study: Primary/Secondary Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
Lab 2: BGP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75
Chapter 5:
Transitioning Between IGPs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Transition Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Overlay Transition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14
Route Redistribution Transition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20
Integrated Transition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26
Lab 3: IGP Transition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34
Chapter 6:
JUNOS Services Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
JUNOS Services Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-3
Layer 2 Services Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
Layer 3 Services Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Lab 4: Layer 2 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-34
Chapter 7:
Stateful Firewall and Network Address Translation. . . . . . . . . . . . . . . . . . . . . 7-1
Stateful Firewall and NAT Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Configuring Stateful Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16
Configuring NAT Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19
Implementing Stateful Firewall and NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-29
Monitoring Stateful Firewall and NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-38
Lab 5: Stateful Firewall and NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-46
Contents • iii
Chapter 8:
IPSec VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
IPSec VPN Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
IPSec VPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Implementation Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-29
Lab 6: IPSec VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-38
Chapter 9:
Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
CoS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
Traffic Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11
Traffic Queueing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-18
Traffic Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-21
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-31
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-36
Lab 7: Class-of-Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-41
Chapter 10: Branch Office Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1
Overview of Connectivity Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
Routing and Security Implications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7
CoS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12
Lab 8: Branch Office Connectivity (Optional). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-20
Appendix A: Life of a Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3
Example 1: Interface-Style Service Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5
Example 2: Next-Hop-Style Service Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-44
Appendix B: EIGRP to OSPF Migration Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Appendix C: Sample Routing Engine Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1
Appendix D: Sample IPSec-over-GRE VPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .D-1
iv • Contents
Course Overview
Advanced Juniper Networks Routing in the Enterprise
(AJRE) is an instructor-led course
designed to provide enterprise network engineers with the knowledge and skills necessary to
use Juniper Networks routers to meet their networks’ requirements. It covers advanced routing
and services configurations of Juniper Networks J-series and M-series platforms, focussing
specifically on advanced configurations commonly used in the enterprise environment.
Objectives
After successfully completing this course, you should be able to:
Explain how Juniper Networks routers evaluate policies.
Implement a stateless firewall filter to protect the Routing Engine (RE).
Implement both an inbound and outbound routing policy for traffic over multiple
ISP connections using BGP.
Monitor and troubleshoot BGP sessions and policy application.
Successfully transition a network running a distance-vector IGP to use a link-state
protocol.
Configure Layer 2 services, including the Multilink Point-to-Point (MLPPP)
protocol, Multilink Frame Relay (MLFR), and the Compressed Real-Time Transport
Protocol (CRTP).
Implement a stateful firewall to enforce a firewall policy.
Implement Network Address Translation (NAT).
WIth a virtual private network (VPN) design, create the VPNs between some
combination of J-series and M-series routers.
Given a class-of-service (CoS) design, configure appropriate CoS policies.
List two branch-office connectivity solutions and the traffic considerations that
apply to each.
Given a list of technical constraints, implement certain branch-office connectivity
solutions.
Explain the interaction of various configuration elements with CoS configuration.
Intended Audience
The primary audience for this course is network engineers who work in an enterprise
environment.
Course Level
This is an advanced-level course.
.
Course Overview • v

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin