Using IPsec with Multiservices MICs on MX Series Routers
|
|
- Silas Spencer
- 6 years ago
- Views:
Transcription
1 Using IPsec with Multiservices MICs on MX Series Routers Test Case April 2017 Version 1.0
2 Juniper Networks, Inc Innovation Way Sunnyvale, California USA Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. The information in this document is current as of the date on the title page. Copyright 2017, Juniper Networks, Inc. All rights reserved. ii Copyright 2017, Juniper Networks, Inc.
3 Contents Overview... 1 Test Case Highlights... 2 Key Configuration Elements... 3 Configuring IPsec Tunnels... 3 Configuring the VRF Instance... 3 Results and Output from SFO Results with IPsec Tunnels Using Physical IP Addresses... 7 Results with IPsec Tunnels Established Using Loopback Addresses... 8 Copyright 2017, Juniper Networks, Inc. iii
4 iv Copyright 2017, Juniper Networks, Inc.
5 Overview This test case is for an IPsec encryption and multiservices MIC solution running on provider edge (PE) devices. The physical topology (shown in Figure 1) includes the following: MX240 devices running Junos OS Release 15.1F5-S6 Other switches used as customer edge (CE) devices, such as QFX5100 devices The Ixia product used to simulate BGP peers and generate traffic Figure 1 Physical Topology Figure 2 shows a local topology. MX Series routers are used as MPLS PE routers to carry traffic. In this example, a customer wants to secure critical traffic using IPsec VPN while retaining the current MPLS Layer 3 VPN environment already in place. There are two sites (SFO and NYC) and each one is multihomed for redundancy purposes. On each router, there are two virtual routing and forwarding (VRFs) instances; one for the legacy Layer 3 VPN environment where traffic is nonencrypted, and one where IPsec tunnels are used to transport the encrypted traffic. Each IPsec VRF is fully meshed with other IPsec VRFs in the network. For the test case shown in Figure 1, there are three sites (SFO, NYC, and ATL) with a total of four IPsec tunnels configured on each router. For example at location SFO, SFO01 has one IPsec tunnel connected to NYC01, and one IPsec tunnel connected to NYC02; likewise, SFO01 has one IPsec tunnel connected to ATL01, and one IPsec tunnel connected to ATL02. Copyright 2017, Juniper Networks, Inc. 1
6 Figure 2 shows a sample local topology using just the two sites SFO and NYC, where EBGP runs on top of the IPsec tunnels. Depending on the failure scenario, this ensures that once the EBGP peer is no longer reachable through the IPsec tunnel, traffic is diverted to the second IPsec tunnel. Figure 2 Local Topology Notes: The main goal for this test case is to have resiliency, and measure convergence time upon different failure scenarios. Scaling and throughput are not part of this test case. Test Case Highlights The following are the test case feature highlights: Deployment Two IPsec tunnel deployment methods were tested: one where the IPsec tunnels terminated on a physical interface, and the other used the loopback addresses. Configuration First, base configurations were used, then the IPsec environment was added on top of the configurations, and finally, EBGP was run on top of the IPsec tunnels. High Availability Load-balancing policy and BGP multipath were configured allowing traffic to be load-balanced equally between each IPsec tunnel from the local site to the remote sites. Failover Testing End-users impact was recorded for the following failover test cases: link failures, card failures, and ingress router failures. 2 Copyright 2017, Juniper Networks, Inc.
7 Key Configuration Elements Configuring IPsec Tunnels This section configures an IPsec tunnel between PE1 (SFO01) and PE2 (NYC01). You can adjust and reuse the configuration to create the other IPsec tunnels. 1. To configure the appropriate package, enter: set chassis fpc X pic Y adaptive-services service-package layer-3 2. To configure the ms-interface, enter: set interfaces ms-2/0/0 unit 1 family inet set interfaces ms-2/0/0 unit 1 service-domain inside set interfaces ms-2/0/0 unit 2 family inet set interfaces ms-2/0/0 unit 2 service-domain outside 3. To configure the service sets, enter: set services service-set sset1 next-hop-service inside-service-interface ms-2/0/0.1 set services service-set sset1 next-hop-service outside-service-interface ms-2/0/ To configure the IPsec tunnels, enter: set services ipsec-vpn rule SFO01-NYC01 term 1 from source-address /0 set services ipsec-vpn rule SFO01-NYC01 term 1 from destination-address /0 set services ipsec-vpn rule SFO01-NYC01 term 1 then remote-gateway set services ipsec-vpn rule SFO01-NYC01 term 1 then dynamic ike-policy ike_policy set services ipsec-vpn rule SFO01-NYC01 term 1 then dynamic ipsec-policy ipsec_policy set services ipsec-vpn rule SFO01-NYC01 term 1 then tunnel-mtu 9192 set services ipsec-vpn rule SFO01-NYC01 term 1 then anti-replay-window-size 4096 set services ipsec-vpn rule SFO01-NYC01 match-direction input set services ipsec-vpn ipsec proposal ipsec_proposal protocol esp set services ipsec-vpn ipsec proposal ipsec_proposal authentication-algorithm hmac-sha1-96 set services ipsec-vpn ipsec proposal ipsec_proposal encryption-algorithm aes-192-cbc set services ipsec-vpn ipsec policy ipsec_policy proposals ipsec_proposal set services ipsec-vpn ike proposal ike_proposal authentication-method pre-shared-keys set services ipsec-vpn ike proposal ike_proposal dh-group group14 set services ipsec-vpn ike proposal ike_proposal authentication-algorithm sha-256 set services ipsec-vpn ike proposal ike_proposal encryption-algorithm aes-256-cbc set services ipsec-vpn ike policy ike_policy mode main set services ipsec-vpn ike policy ike_policy proposals ike_proposal set services ipsec-vpn ike policy ike_policy pre-shared-key ascii-text "$ABC123" Configuring the VRF Instance This section configures the VRF on PE1 (SFO01) to support the PE1-PE2 (SFO01-NYC01) and PE1-PE3 (SFO01-NYC02) connections. You can adjust and reuse the configuration to create the other VRFs. To configure the vrf routing-instance, enter: set routing-instances vrf-ipsec instance-type vrf set routing-instances vrf-ipsec interface xe-1/1/4.1 set routing-instances vrf-ipsec interface ms-2/0/0.1 set routing-instances vrf-ipsec interface ms-2/0/0.3 set routing-instances vrf-ipsec interface lo0.1 set routing-instances vrf-ipsec route-distinguisher 64518:100 set routing-instances vrf-ipsec vrf-import import set routing-instances vrf-ipsec vrf-export block-static set routing-instances vrf-ipsec vrf-export no-100-exp set routing-instances vrf-ipsec vrf-table-label set routing-instances vrf-ipsec routing-options static route /32 next-hop ms- 2/0/0.1 set routing-instances vrf-ipsec routing-options static route /32 next-hop ms- 2/0/0.3 set routing-instances vrf-ipsec routing-options autonomous-system Copyright 2017, Juniper Networks, Inc. 3
8 set routing-instances vrf-ipsec protocols bgp group external-ce type external set routing-instances vrf-ipsec protocols bgp group external-ce local-address set routing-instances vrf-ipsec protocols bgp group external-ce export static-to-bgp set routing-instances vrf-ipsec protocols bgp group external-ce peer-as set routing-instances vrf-ipsec protocols bgp group external-ce neighbor set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 type external set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 multihop set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 local-address set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 family inet unicast loops 2 set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 peer-as set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 local-as set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 multipath multiple-as set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 neighbor import test-import set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 neighbor export no-advertise-200 set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 neighbor bfdliveness-detection minimum-interval 100 set routing-instances vrf-ipsec protocols bgp group ebgp-nyc01 neighbor bfdliveness-detection multiplier 3 set routing-instances vrf-ipsec protocols bgp group ebgp-nyc02 type external set routing-instances vrf-ipsec protocols bgp group ebgp-nyc02 multihop set routing-instances vrf-ipsec protocols bgp group ebgp-nyc02 local-address set routing-instances vrf-ipsec protocols bgp group ebgp-nyc02 family inet unicast loops 2 set routing-instances vrf-ipsec protocols bgp group ebgp-nyc02 peer-as set routing-instances vrf-ipsec protocols bgp group ebgp-nyc02 local-as set routing-instances vrf-ipsec protocols bgp group ebgp-nyc02 multipath multiple-as set routing-instances vrf-ipsec protocols bgp group ebgp-nyc02 neighbor export no-advertise-200 set routing-instances vrf-ipsec protocols bgp group ebgp-nyc02 neighbor bfdliveness-detection minimum-interval 200 set routing-instances vrf-ipsec protocols bgp group ebgp-nyc02 neighbor bfdliveness-detection multiplier 3 Results and Output from SFO01 The IPsec tunnels from SFO01 to both routers on the NYC site (the first tunnel uses loopback IP addresses, as configured above; the second tunnel uses physical interface IP addresses, not shown above): user@sfo01-re0# run show services ipsec-vpn ipsec security-associations Service set: SFO01-NYC01, IKE Routing-instance: default Rule: SFO01-NYC01, Term: 1, Tunnel index: 5 Local gateway: , Remote gateway: <<< using loopback addresses to establish IPsec tunnels IPsec inside interface: ms-2/0/0.1, Tunnel MTU: 9192 Direction SPI AUX-SPI Mode Type Protocol inbound tunnel dynamic ESP outbound tunnel dynamic ESP Service set: SFO01-NYC02, IKE Routing-instance: default Rule: SFO01-NYC02, Term: 1, Tunnel index: 4 Local gateway: , Remote gateway: <<< using physical interface IP IPsec inside interface: ms-2/0/0.3, Tunnel MTU: 9192 Direction SPI AUX-SPI Mode Type Protocol inbound tunnel dynamic ESP outbound tunnel dynamic ESP 4 Copyright 2017, Juniper Networks, Inc.
9 The route towards the remote EBGP peers reachable through the ms- interface: run show route vrf-ipsec.inet.0: 17 destinations, 88 routes (17 active, 0 holddown, 0 = Routing Use Only, # = Forwarding Use Only + = Active Route, - = Last Active, * = Both /32 *[Static/5] 1d 20:42:38 > via ms-2/0/0.1 user@sfo01-re0# run show route vrf-ipsec.inet.0: 17 destinations, 88 routes (17 active, 0 holddown, 0 = Routing Use Only, # = Forwarding Use Only + = Active Route, - = Last Active, * = Both /32 *[Static/5] 1d 20:53:29 > via ms-2/0/0.3 Both EBGP sessions are up: user@sfo01-re0# run show bgp neighbor Peer: AS Local: AS Group: ebgp-nyc01 Routing-Instance: vrf-ipsec Forwarding routing-instance: vrf-ipsec Type: External State: Established Flags: <Sync RSync> Last State: EstabSync Last Event: RecvKeepAlive Last Error: None Export: [ no-advertise-200 ] Options: <Multihop Preference LocalAddress AddressFamily PeerAS Multipath LocalAS Refresh> Options: <MultipathAs BfdEnabled PeerSpecficLoopsAllowed> Address families configured: inet-unicast Local Address: Holdtime: 90 Preference: 170 Local AS: Local System AS: Number of flaps: 11 Last flap event: BfdDown Peer ID: Local ID: Active Holdtime: 90 Keepalive Interval: 30 Group index: 2 Peer index: 0 BFD: enabled, up NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality Restart flag received from the peer: Notification NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer does not support LLGR Restarter functionality Peer supports 4 byte AS extension (peer-as 64514) Peer does not support Addpath Table vrf-ipsec.inet.0 Bit: RIB State: BGP restart is complete RIB State: VPN restart is complete Send state: in sync Active prefixes: 1 Received prefixes: 14 Accepted prefixes: 14 Suppressed due to damping: 0 Advertised prefixes: 14 Copyright 2017, Juniper Networks, Inc. 5
10 Last traffic (seconds): Received 2 Sent 20 Checked 47 Input messages: Total 3737 Updates 37 Refreshes 0 Octets Output messages: Total 3724 Updates 30 Refreshes 0 Octets Output Queue[1]: 0 (vrf-ipsec.inet.0, inet-unicast) user@sfo01-re0# run show bgp summary Groups: 7 Peers: 11 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending bgp.l3vpn Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State #Active/Received/Accepted/Damped... < > d 4:21:32 Establ vrf-ipsec.inet.0: 1/14/14/ d 4:33:58 Establ vrf-ipsec.inet.0: 1/14/14/0 The /24 subnet behind the NYC site is learned by SFO01 through the two EBGP neighbors, and both nexthops are installed on SFO01 (load-balancing the traffic): user@sfo01-re0> show route /24 vrf-ipsec.inet.0: 17 destinations, 88 routes (17 active, 0 holddown, 0 = Routing Use Only, # = Forwarding Use Only + = Active Route, - = Last Active, * = Both /24 *[BGP/170] 1d 07:33:38, localpref 100, from AS path: I, validation-state: unverified > via ms-2/0/0.3 via ms-2/0/0.1 [BGP/170] 1d 07:33:38, localpref 100, from AS path: I, validation-state: unverified > via ms-2/0/0.3 user@sfo01-re0> show route forwarding-table destination /24 extensive Routing table: default.inet [Index 0] Internet: Routing table: vrf-ipsec.inet [Index 4] Internet: Destination: /24 Route type: user Route reference: 0 Route interface-index: 0 Multicast RPF nh index: 0 Flags: sent to PFE Next-hop type: unilist Index: Reference: 1 Next-hop type: indirect Index: Reference: 2 Weight: 0x0 Next-hop type: unicast Index: 693 Reference: 4 Next-hop interface: ms-2/0/0.3 Weight: 0x0 Next-hop type: indirect Index: Reference: 2 Weight: 0x0 Next-hop type: unicast Index: 692 Reference: 4 Next-hop interface: ms-2/0/0.1 Weight: 0x0 Test gear was used to measure the convergence times observed on the SFO01 device under test (DUT). 6 Copyright 2017, Juniper Networks, Inc.
11 Results with IPsec Tunnels Using Physical IP Addresses The following failure scenarios show the results of end-to-end re-convergence testing with IPsec tunnels established using physical IP addresses. The Packet Loss Duration (ms) column indicates the amount of traffic loss and the speed of convergence. On SFO01: Scenario: Cable pull xe-1/1/1 (SFO01-NYC02) Failover: On PE, using SFO01-NYC01 Scenario: Disabling both xe-1/1/0 (SFO01-NYC01) and xe-1/1/1 (SFO01-NYC02) through the CLI Failover: At CE, using SFO02-NYC0x Scenario: Removing the MS-MIC Failover: At CE, using SFO02-NYC0x Copyright 2017, Juniper Networks, Inc. 7
12 Scenario: Simulating power failure (pulling power cable) Failover: At CE, using SFO02-NYC0x Results with IPsec Tunnels Established Using Loopback Addresses The following failure scenarios show the results of end-to-end re-convergence testing with IPsec tunnels established using loopback addresses (which yielded slightly better results). The Packet Loss Duration (ms) column indicates the amount of traffic loss and the speed of convergence. On SFO01: Scenario: Disabling xe-1/1/0 (SFO01-NYC01) through the CLI Failover: On PE, using SFO01-NYC02 Scenario: Disabling both xe-1/1/0 (SFO01-NYC01) and xe-1/1/1 (SFO01-NYC02) through the CLI Failover: At CE, using SFO02-NYC0x 8 Copyright 2017, Juniper Networks, Inc.
13 Scenario: Removing the MS-MIC Failover: At CE, using SFO02-NYC0x Copyright 2017, Juniper Networks, Inc. 9
Network Configuration Example
Network Configuration Example Configuring the BGP Local Autonomous System Attribute Release NCE0045 Modified: 2016-11-08 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000
More informationNetwork Configuration Example
Network Configuration Example Configuring External BGP Peering Release NCE0056 Modified: 2017-01-20 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationJunos OS Multiple Instances for Label Distribution Protocol Feature Guide Release 11.4 Published: Copyright 2011, Juniper Networks, Inc.
Junos OS Multiple Instances for Label Distribution Protocol Feature Guide Release 11.4 Published: 2011-11-08 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000
More informationPennNet and MAGPI. Shumon Huque University of Pennsylvania April 1st 2009
PennNet and MAGPI Shumon Huque University of Pennsylvania April 1st 2009 1 This presentation was prepared for Roch Guerin s TCOM 502 course (Advanced Networking) at Penn in April 2009. I was invited to
More informationNetwork Configuration Example
Network Configuration Example Interconnecting a Layer 2 Circuit with a Layer 3 VPN Modified: 2017-01-19 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationNetwork Configuration Example
Network Configuration Example Configuring VPLS Multihoming Using Autodiscovery (FEC 129) Release NCE0072 Modified: 2016-10-26 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA
More informationNetwork Configuration Example
Network Configuration Example Ingress Replication for MVPN and for IP Multicast Using Next Gen MVPN Modified: 2016-12-20 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000
More informationDeploy MPLS L3 VPN. APNIC Technical Workshop October 23 to 25, Selangor, Malaysia Hosted by:
Deploy MPLS L3 VPN APNIC Technical Workshop October 23 to 25, 2017. Selangor, Malaysia Hosted by: Issue Date: [201609] Revision: [01] Acknowledgement Cisco Systems Course Outline MPLS L3 VPN Models L3
More information6VPE. Overview. Juniper IPv6 lab exercise: 6VPE
Lab 7 6VPE Overview In this lab, you will configure the infrastructure that will be used to support 6VPE. All these exercises assume you already have intermediate level of understanding of the JUNOS CLI
More informationNGEN MVPN with P2MP LSP
IMPLEMENTATION GUIDE NGEN MVPN with P2MP LSP Implementation Guide Although Juniper Networks has attempted to provide accurate information in this guide, Juniper Networks does not warrant or guarantee the
More informationConfiguring Advanced BGP
CHAPTER 6 This chapter describes how to configure advanced features of the Border Gateway Protocol (BGP) on the Cisco NX-OS switch. This chapter includes the following sections: Information About Advanced
More informationBGP as a Service (BGPaaS) Feature in Contrail Cloud 3.0
BGP as a Service (BGPaaS) Feature in Contrail Cloud 3.0 BGPaaS Overview: Juniper has provided a new feature to use BGP as a service in Contrail Cloud 3.0 as referred on Juniper- Techpubs-BGPaaS: https://www.juniper.net/techpubs/en_us/contrail3.0/topics/concept/bgp-as-a-service-overview.html
More informationBraindumpsVCE. Best vce braindumps-exam vce pdf free download
BraindumpsVCE http://www.braindumpsvce.com Best vce braindumps-exam vce pdf free download Exam : JN0-692 Title : Service Provider Routing and Switching Support, Professional Vendor : Juniper Version :
More informationNetwork Configuration Example
Network Configuration Example Translational Cross-Connect and Layer 2.5 VPNs Modified: 2016-12-16 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationNetwork Configuration Example
Network Configuration Example Load Balancing Layer 3 VPN Traffic While Simultaneously Using IP Header Filtering Modified: 2017-01-19 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089
More informationSolution Guide. Infrastructure as a Service: EVPN and VXLAN. Modified: Copyright 2016, Juniper Networks, Inc.
Solution Guide Infrastructure as a Service: EVPN and VXLAN Modified: 2016-10-16 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net All rights reserved.
More informationBGP Best External. Finding Feature Information
The feature provides the network with a backup external route to avoid loss of connectivity of the primary external route. The feature advertises the most preferred route among those received from external
More informationNetwork Configuration Example
Network Configuration Example Configuring Protocol Independent Multicast Join Load Balancing Release NCE0054 Modified: 2017-01-20 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089
More informationMPLS VPN Multipath Support for Inter-AS VPNs
The feature supports Virtual Private Network (VPN)v4 multipath for Autonomous System Boundary Routers (ASBRs) in the interautonomous system (Inter-AS) Multiprotocol Label Switching (MPLS) VPN environment.
More informationBGP Persistence. Restrictions for BGP Persistence. Information About BGP Persistence
BGP persistence enables the router to retain routes that it has learnt from the configured neighbor even when the neighbor session is down. BGP persistence is also referred as long lived graceful restart
More informationNetwork Configuration Example
Network Configuration Example Configuring BGP Autodiscovery for LDP VPLS Release NCE0035 Modified: 2017-01-24 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationBGP mvpn BGP safi IPv4
The BGP mvpn BGP safi 129 IPv4 feature provides the capability to support multicast routing in the service provider s core IPv4 network This feature is needed to support BGP-based MVPNs BGP MVPN provides
More informationBGP Route Reflector Commands
This chapter provides details of the commands used for configuring Border Gateway Protocol (BGP) Route Reflector (RR). address-family (BGP), on page 2 keychain, on page 5 neighbor (BGP), on page 7 remote-as
More informationNetwork Configuration Example
Network Configuration Example Virtual Router Use Case for Educational Networks Release NCE0039 Modified: 2017-01-23 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000
More informationConfiguration Commands. Generic Commands. shutdown BGP XRS Routing Protocols Guide Page 731. Syntax [no] shutdown
BGP Configuration Commands Generic Commands shutdown Syntax [no] shutdown Description This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration
More informationNetwork Configuration Example
Network Configuration Example Configuring the BGP Local Preference Release NCE0046 Modified: 2016-11-08 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationTraffic Load Balancing in EVPN/VXLAN Networks. Tech Note
Traffic Load Balancing in EVPN/VXLAN Networks Tech Note December 2017 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks assumes no
More informationJuniper JN Enterprise Routing and Switching Support Professional (JNCSP-ENT)
Juniper JN0-694 Enterprise Routing and Switching Support Professional (JNCSP-ENT) http://killexams.com/exam-detail/jn0-694 D. An OSPF adjacency is flapping. Answer: C, D QUESTION: 44 You use static routes
More informationJNCIE-SP (Service Provider) Lab preparation workbook v2.0
1 inet ZERO JNCIE-SP lab workbook with detailed solutions version 2.0 JNCIE-SP (Service Provider) Lab preparation workbook v2.0 For Juniper Networks, inc - JNCIE-SP Lab Exam http://www.inetzero.com - Copyright
More informationBGP AS-Override Split-Horizon
The feature enables a Provider Edge (PE) device using split-horizon to avoid advertisement of routes propagated by a Customer Edge (CE) device to the same CE device. The BGP AS-Override Split-Horizon feature
More informationContents. BGP commands 1
Contents BGP commands 1 address-family ipv4 1 address-family ipv6 2 address-family link-state 3 advertise-rib-active 4 aggregate 5 balance 7 balance as-path-neglect 9 bestroute as-path-neglect 10 bestroute
More informationJunos OS. Translational Cross-Connect and Layer 2.5 VPNs Feature Guide. Release Published: Copyright 2011, Juniper Networks, Inc.
Junos OS Translational Cross-Connect and Layer 2.5 VPNs Feature Guide Release 11.4 Published: 2011-11-08 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationJNCIP Juniper Networks Certified Internet Professional Study Guide - Chapter 5
JNCIP Juniper Networks Certified Internet Professional Study Guide - Chapter 5 by Harry Reynolds This book was originally developed by Juniper Networks Inc. in conjunction with Sybex Inc. It is being offered
More informationProtecting an EBGP peer when memory usage reaches level 2 threshold 66 Configuring a large-scale BGP network 67 Configuring BGP community 67
Contents Configuring BGP 1 Overview 1 BGP speaker and BGP peer 1 BGP message types 1 BGP path attributes 2 BGP route selection 6 BGP route advertisement rules 6 BGP load balancing 6 Settlements for problems
More informationNetwork Configuration Example
Network Configuration Example Configuring a Single SRX Series Device in a Branch Office Modified: 2017-01-23 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationNetwork Configuration Example
Network Configuration Example Configuring Ethernet CFM Over VPLS Modified: 2017-01-24 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net All rights
More informationHow to configure IPSec VPN between a Cradlepoint router and a SRX or J Series Juniper router
How to configure IPSec VPN between a Cradlepoint router and a SRX or J Series Juniper router Summary This article presents an example configuration of a Policy-Based site-to-site IPSec VPN tunnel between
More informationTELCO GROUP NETWORK. Rafał Jan Szarecki 23/10/2011
TELCO GROUP NETWORK Rafał Jan Szarecki 23/10/2011 GOALS G-NET Regional (MEA) TELCO has 12 national s OpCo. Build international network infrastructure, to allow all OpCo offer VPNs with sites in multiple
More informationIPv6 Switching: Provider Edge Router over MPLS
Multiprotocol Label Switching (MPLS) is deployed by many service providers in their IPv4 networks. Service providers want to introduce IPv6 services to their customers, but changes to their existing IPv4
More informationJuniper.Selftestengine.jn0-694.v by.KIM-HL.52q
Juniper.Selftestengine.jn0-694.v2013-10-24.by.KIM-HL.52q Number: jn0-694 Passing Score: 800 Time Limit: 120 min File Version: 18.5 http://www.gratisexam.com/ Exam Code: JN0-694 Exam Name: Enterprise Routing
More informationJuniper JN0-101 Exam Questions & Answers
Juniper JN0-101 Exam Questions & Answers Number: JN0-101 Passing Score: 800 Time Limit: 120 min File Version: 23.4 ht t p:/ / w w w.gratisexam.com/ Juniper JN0-101 Exam Questions & Answers Exam Name: Juniper
More informationImplementing BGP on Cisco ASR 9000 Series Router
Implementing BGP on Cisco ASR 9000 Series Router Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free interdomain routing between autonomous systems.
More informationIOS Implementation of the ibgp PE CE Feature
IOS Implementation of the ibgp PE CE Feature Document ID: 117567 Contributed by Luc De Ghein, Cisco TAC Engineer. Apr 04, 2014 Contents Introduction Background Information Implement ibgp PE CE BGP Customer
More informationMPLS VPN Explicit Null Label Support with BGP. BGP IPv4 Label Session
MPLS VPN Explicit Null Label Support with BGP IPv4 Label Session The MPLS VPN Explicit Null Label Support with BGP IPv4 Label Session feature provides a method to advertise explicit null in a Border Gateway
More informationConfiguring BGP community 43 Configuring a BGP route reflector 44 Configuring a BGP confederation 44 Configuring BGP GR 45 Enabling Guard route
Contents Configuring BGP 1 Overview 1 BGP speaker and BGP peer 1 BGP message types 1 BGP path attributes 2 BGP route selection 6 BGP route advertisement rules 6 BGP load balancing 6 Settlements for problems
More informationImplementing DCI VXLAN Layer 3 Gateway
This chapter module provides conceptual and configuration information for Data Center Interconnect (DCI) VXLAN Layer 3 Gateway on Cisco ASR 9000 Series Router. Release Modification Release 5.3.2 This feature
More informationIPv6 Switching: Provider Edge Router over MPLS
Multiprotocol Label Switching (MPLS) is deployed by many service providers in their IPv4 networks. Service providers want to introduce IPv6 services to their customers, but changes to their existing IPv4
More informationConfiguring Multicast VPN Inter-AS Support
Configuring Multicast VPN Inter-AS Support Last Updated: December 23, 2011 The Multicast VPN Inter-AS Support feature enables Multicast Distribution Trees (MDTs) used for Multicast VPNs (MVPNs) to span
More informationNetwork Configuration Example
Network Configuration Example Deploying Secure Multicast Market Data Services for Financial Services Environments Modified: 2016-07-29 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089
More informationConnecting to a Service Provider Using External BGP
Connecting to a Service Provider Using External BGP First Published: May 2, 2005 Last Updated: August 21, 2007 This module describes configuration tasks that will enable your Border Gateway Protocol (BGP)
More informationIPv6 Commands: n to re
IPv6 Commands: n to re nai (proxy mobile IPv6), page 3 neighbor override-capability-neg, page 4 neighbor send-label, page 6 neighbor translate-update, page 9 network (IPv6), page 12 nis address, page 14
More informationMPLS VPN Route Target Rewrite
The feature allows the replacement of route targets on incoming and outgoing Border Gateway Protocol (BGP) updates Typically, Autonomous System Border Routers (ASBRs) perform the replacement of route targets
More informationMPLS VPN--Inter-AS Option AB
The feature combines the best functionality of an Inter-AS Option (10) A and Inter-AS Option (10) B network to allow a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) service provider
More informationCCIE R&S v5.0. Troubleshooting Lab. Q1. PC 110 cannot access R7/R8, fix the problem so that PC 110 can ping R7
Troubleshooting Lab Q1. PC 110 cannot access R7/R8, fix the problem so that PC 110 can ping R7 Q2. R17 should have one default route which points to R12 via PPP as shown below R17# sh ip route S* 0.0.0.0/0
More informationJunos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will
More informationExam Name: Service Provider, Professional (JNCIP-SP)
Vendor: Juniper Exam Code: JN0-660 Exam Name: Service Provider, Professional (JNCIP-SP) Version: DEMO QUESTION 1 Click the Exhibit button. Customer A is complaining that CE1 and CE2 cannot form an OSPF
More informationDMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458
DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458 BRKCCIE-3003 @CCIE6458 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public About the Presenter Johnny Bass Networking industry since
More informationBGP Commands on Cisco ASR 9000 Series Router
This module describes the commands used to configure and monitor Border Gateway Protocol (BGP) on Cisco ASR 9000 Series Aggregation Services Routers using Cisco IOS XR software. The commands in this module
More informationImplementing MPLS VPNs over IP Tunnels
The MPLS VPNs over IP Tunnels feature lets you deploy Layer 3 Virtual Private Network (L3VPN) services, over an IP core network, using L2TPv3 multipoint tunneling instead of MPLS. This allows L2TPv3 tunnels
More informationIP Routing: BGP Command Reference, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
IP Routing: BGP Command Reference, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) First Published: January 22, 2013 Last Modified: January 22, 2013 Americas Headquarters Cisco Systems, Inc. 170 West
More informationImplementing AutoVPN Network Design Using the SRX Series with ibgp as the Dynamic Routing Protocol
APPLICATION NOTE Introduction to AutoVPN Implementing AutoVPN Network Design Using the SRX Series with ibgp as the Dynamic Routing Protocol Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Introduction...3
More informationBGP Event-Based VPN Import
The feature introduces a modification to the existing Border Gateway Protocol (BGP) path import process. The enhanced BGP path import is driven by events; when a BGP path changes, all of its imported copies
More informationModule 6 Implementing BGP
Module 6 Implementing BGP Lesson 1 Explaining BGP Concepts and Terminology BGP Border Gateway Protocol Using BGP to Connect to the Internet If only one ISP, do not need BGP. If multiple ISPs, use BGP,
More informationTroubleshooting High CPU Caused by the BGP Scanner or BGP Router Process
Troubleshooting High CPU Caused by the BGP Scanner or BGP Router Process Document ID: 107615 Contents Introduction Before You Begin Conventions Prerequisites Components Used Understanding BGP Processes
More informationOperation Manual BGP. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 BGP/MBGP Overview... 1-1 1.1.1 Introduction to BGP... 1-1 1.1.2 BGP Message Types... 1-2 1.1.3 BGP Routing Mechanism... 1-2 1.1.4 MBGP... 1-3 1.1.5 BGP Peer
More informationInterdomain VPLS and deployment experiences
Interdomain VPLS and deployment experiences 17 TF NGN meeting April 14, 2005 (Zürich) Laura Serrano 1/28 Index Introduction Concepts Intradomain environment Interdomain environment
More informationPass4sure JN q
Pass4sure JN0-660 206q Number: JN0-660 Passing Score: 800 Time Limit: 120 min File Version: 14.5 Juniper JN0-660 Service Provider Routing and Switching, Professional Passed on 2014-02-02 with a 836 having
More informationConfiguring Internal BGP Features
This module describes how to configure internal Border Gateway Protocol (BGP) features. Internal BGP (ibgp) refers to running BGP on networking devices within one autonomous system. BGP is an interdomain
More informationConnecting to a Service Provider Using External BGP
Connecting to a Service Provider Using External BGP This module describes configuration tasks that will enable your Border Gateway Protocol (BGP) network to access peer devices in external networks such
More informationConfiguration prerequisites 45 Configuring BGP community 45 Configuring a BGP route reflector 46 Configuring a BGP confederation 46 Configuring BGP
Contents Configuring BGP 1 Overview 1 BGP speaker and BGP peer 1 BGP message types 1 BGP path attributes 2 BGP route selection 6 BGP route advertisement rules 6 BGP load balancing 6 Settlements for problems
More informationBGP Commands: M through N
match additional-paths advertise-set, on page 3 match as-path, on page 6 match community, on page 8 match extcommunity, on page 10 match local-preference, on page 12 match policy-list, on page 14 match
More informationNetwork Configuration Example
Network Configuration Example Configuring Hierarchical VPLS Release NCE0015 Modified: 2017-01-24 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationFiberstoreOS BGP Command Line Reference
FiberstoreOS BGP Command Line Reference Contents 1 BGP Commands...1 1.1 address-family...1 1.2 aggregate-address...2 1.3 bgp always-compare-med... 2 1.4 bgp bestpath as-path ignore...3 1.5 bgp bestpath
More informationibgp Multipath Load Sharing
This feature module describes the feature. This feature enables the BGP speaking router to select multiple ibgp paths as the best paths to a destination. The best paths or multipaths are then installed
More informationMPLS VPN Inter-AS Option AB
First Published: December 17, 2007 Last Updated: September 21, 2011 The feature combines the best functionality of an Inter-AS Option (10) A and Inter-AS Option (10) B network to allow a Multiprotocol
More informationJunos OS. Source Class Usage Feature Guide. Release Published: Copyright 2011, Juniper Networks, Inc.
Junos OS Source Class Usage Feature Guide Release 11.4 Published: 2011-11-14 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net This product
More informationVendor: Juniper. Exam Code: JN Exam Name: Service Provider Routing and Switching Support, Professional. Version: Demo
Vendor: Juniper Exam Code: JN0-692 Exam Name: Service Provider Routing and Switching Support, Professional Version: Demo QUESTION 1 You have applied a customized EXP rewrite rule on router R1 on the egress
More informationNetwork Configuration Example
Network Configuration Example Configuring Dual-Stack Lite for IPv6 Access Release NCE0025 Modified: 2016-10-12 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationInterAS Option B. Information About InterAS. InterAS and ASBR
This chapter explains the different InterAS option B configuration options. The available options are InterAS option B, InterAS option B (with RFC 3107), and InterAS option B lite. The InterAS option B
More informationBGP-MVPN SAFI 129 IPv6
Subsequent Address Family Identifier (SAFI) 129, known as VPN Multicast SAFI, provides the capability to support multicast routing in the service provider's core IPv6 network. Border Gateway Protocol (BGP)
More informationImplementing BGP. BGP Functional Overview. Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free
Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free interdomain routing between autonomous systems. An autonomous system is a set of routers under a
More informationMPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses
MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses The Multiprotocol Label Switching (MPLS) VPN Inter-AS with Autonomous System Boundary Routers (ASBRs) Exchanging VPN-IPv4 Addresses feature allows
More informationBGP Anycast. In This Chapter SR Advanced Configuration Guide Page 937. This section describes advanced BGP anycast configurations.
BGP Anycast In This Chapter This section describes advanced BGP anycast configurations. Topics in this section include: Applicability on page 938 Summary on page 939 Overview on page 940 Configuration
More informationChapter 21 RIP Configuration Guidelines
Chapter 21 RIP Configuration Guidelines To configure the Routing Information Protocol (RIP), you include the following statements: protocols { rip { any-sender; authentication-key password; authentication-type
More informationNetwork Configuration Example
Network Configuration Example Configuring RSVP-Signaled Point-to-Multipoint LSPs on Logical Systems Modified: 2017-01-18 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000
More informationEstablishing MPLS LSPs Across Multiple Autonomous Systems for Next-Gen Multicast VPNs
Establishing MPLS LSPs Across Multiple Autonomous Systems for Next-Gen Multicast VPNs Configuration Example October 2016 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000
More informationDMVPN for R&S CCIE Candidates
DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458 BRKCCIE-3003 @CCIE6458 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public About the Presenter Johnny Bass Networking industry since
More informationBGP MPLS VPNs. Introduction
This chapter describes services that are supported for Border Gateway Protocol (BGP) Multi-Protocol Label Switching (MPLS) Virtual Private Networks (VPNs). MPLS is a licensed Cisco feature that requires
More informationTable of Contents 1 BGP Configuration 1-1
Table of Contents 1 BGP Configuration 1-1 BGP Overview 1-1 Formats of BGP Messages 1-2 BGP Path Attributes 1-4 BGP Route Selection 1-8 ibgp and IGP Synchronization 1-11 Settlements for Problems in Large
More informationBorder Gateway Protocol - BGP
BGP Fundamentals Border Gateway Protocol - BGP Runs over TCP (port 179) TCP connection required before BGP session Need to be reachable! Path vector routing protocol Best path selection based on path attributes
More informationNetwork Configuration Example
Network Configuration Example Configuring a Two-Tiered Virtualized Data Center for Large Enterprise Networks Release NCE 33 Modified: 2016-08-01 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California
More informationConfiguring basic MBGP
Contents Configuring MBGP 1 MBGP overview 1 Protocols and standards 1 MBGP configuration task list 1 Configuring basic MBGP 2 Controlling route advertisement and reception 2 Configuration prerequisites
More informationConfiguring IPv6 Provider Edge over MPLS (6PE)
Finding Feature Information, page 1 Configuring 6PE, page 1 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature
More informationTable of Contents. BGP Configuration 1
Table of Contents BGP Configuration 1 BGP Overview 1 Formats of BGP Messages 2 BGP Path Attributes 5 BGP Route Selection 9 ibgp and IGP Synchronization 11 Settlements for Problems in Large Scale BGP Networks
More informationAPNIC elearning: MPLS L3 VPN
ANIC elearning: MLS L3 VN 18 JANUARY 2017 11:00 AM AEST Brisbane (UTC+10) Issue Date: 07 July 2015 Revision: 2.0 Introduction resenter/s Jessica Bei Wei Training Officer jwei@apnic.net Specialties: Routing
More informationHow to Configure Forcepoint NGFW Route-Based VPN to AWS with BGP TECHNICAL DOCUMENT
How to Configure Forcepoint NGFW Route-Based VPN to AWS with BGP TECHNICAL DOCUMENT Table of Contents TABLE OF CONTENTS 1 INTRODUCTION 2 AWS Configuration: 2 Forcepoint Configuration 3 APPENDIX 7 Troubleshooting
More informationMPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution
MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution This feature lets you configure your carrier supporting carrier network to enable Border Gateway Protocol (BGP) to transport routes and Multiprotocol
More informationConfiguring BGP. Cisco s BGP Implementation
Configuring BGP This chapter describes how to configure Border Gateway Protocol (BGP). For a complete description of the BGP commands in this chapter, refer to the BGP s chapter of the Network Protocols
More informationNetwork Configuration Example
Network Configuration Example Configuring Active Flow Monitoring Version 9 Modified: 2017-01-18 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net All
More informationAccurate study guides, High passing rate! IT TEST BOOK QUESTION & ANSWER. Ittestbook provides update free of charge in one year!
IT TEST BOOK QUESTION & ANSWER Ittestbook provides update free of charge in one year! Accurate study guides, High passing rate! Exam : HC-224-ENU Title : Huawei Certified Datacom Professional - Fast Certification
More information