Difference between revisions of "TDC Juniper CPE/Dynamisk routing"
m |
m (removed Category:SRX Packet-Based Forwarding using HotCat) |
||
Line 229: | Line 229: | ||
[[Category:Juniper]] | [[Category:Juniper]] | ||
− |
Revision as of 22:37, 13 January 2015
I denne opgave kan du enten vælge at konfigurere OSPF eller BGP alt efter preference. Eller hvert medlem af holdet kan konfigurere hver sin protokol:-)
OSPF
Tegning findes i klassen.
Default timers:
- Hello
- 10 sekunder
- Dead
- 40 Sekunder
Implmentering
For at konfigurere OSPF på en SRX kasse skal man igennem følgende skridt:
- Konfigurer router-id
- Konfigurer OSPF interfaces
- Herunder passiv interfaces
- Sæt reference båndbredde
- Tillad OSPF i host-inbound
- Kontroller det virker
Router-ID
Konfiguration af Router-ID finder sted under router-options stanza.
Router-ID er et 32 bits streng skrevet i dotted decimal notation som en IPv4 adresse.
Router-ID kan ikke være i 0.0.0.0/8 eller 127.0.0.0/8 området.
[edit]
root@SRX240# <input>show routing-options router-id</input>
<notice>router-id 24.24.24.24;</notice>
OSPF Konfiguration
Konfigurations af OSPF parametre sker under protocols ospf stanza'en
[edit]
root@SRX07# <input>show protocols ospf</input>
area 0.0.0.0 {
interface ge-0/0/0.10;
interface vlan.10 {
passive;
}
}
Reference båndbredde
Default reference båndbredde ligger på 100Mbit/s, så den alle links på 100Mbit/s og over vil have en cost på 1.
Her ændrer vi den til 10Gbit/s istedet.
root@SRX240# <input>run show ospf interface detail</input>
Interface State Area DR ID BDR ID Nbrs
ge-0/0/1.10 DR 0.0.0.0 24.24.24.24 0.0.0.0 0
Type: LAN, Address: 10.64.0.1, Mask: 255.255.255.252, MTU: 1500, <notice>Cost: 1</notice>
DR addr: 10.64.0.1, Priority: 128
Adj count: 0
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Protection type: None
Topology default (ID 0) -> <notice>Cost: 1</notice>
[edit]
root@SRX240# <input>set protocols ospf reference-bandwidth 10G</input>
[edit]
root@SRX240# <input>commit</input>
commit complete
[edit]
root@SRX240# run show ospf interface detail
Interface State Area DR ID BDR ID Nbrs
ge-0/0/1.10 DR 0.0.0.0 24.24.24.24 0.0.0.0 0
Type: LAN, Address: 10.64.0.1, Mask: 255.255.255.252, MTU: 1500, <notice>Cost: 10</notice>
DR addr: 10.64.0.1, Priority: 128
Adj count: 0
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Protection type: None
Topology default (ID 0) -> <notice>Cost: 10</notice>
Tillad OSPF trafik
OSPF Trafik skal selvfølgelig også tillades i vores host-inbound-traffic regl
[edit]
root@SRX07# <input>show security zones security-zone untrust</input>
screen untrust-screen;
interfaces {
ge-0/0/0.10 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
<notice>protocols {
ospf;
}</notice>
}
}
}
Fejlfinding
Interfaces
root@SRX07> <input>show ospf interface</input>
Interface State Area DR ID BDR ID Nbrs
ge-0/0/0.10 BDR 0.0.0.0 24.24.24.24 7.7.7.7 <notice>1</notice>
vlan.10 DRother 0.0.0.0 0.0.0.0 0.0.0.0 0
root@SRX07> <input>show ospf interface detail</input>
Interface State Area DR ID BDR ID Nbrs
ge-0/0/0.10 BDR 0.0.0.0 24.24.24.24 7.7.7.7 1
Type: LAN, Address: 10.64.0.26, Mask: 255.255.255.252, MTU: 1500, Cost: 1
DR addr: 10.64.0.25, BDR addr: 10.64.0.26, Priority: 128
<notice>Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub</notice>
Auth type: None
Protection type: None
Topology default (ID 0) -> Cost: 1
vlan.10 DRother 0.0.0.0 0.0.0.0 0.0.0.0 0
Type: LAN, Address: 10.56.10.1, Mask: 255.255.255.0, MTU: 1500, Cost: 1
Adj count: 0, Passive
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Protection type: None
Topology default (ID 0) -> Passive, Cost: 1
Routing
root@SRX07> <input>show ospf route</input>
Topology default Route Table:
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface Address/LSP
24.24.24.24 Intra AS BR IP 1 ge-0/0/0.10 10.64.0.25
<notice>0.0.0.0/0 Ext2</notice> Network IP 0 ge-0/0/0.10 10.64.0.25
10.56.10.0/24 Intra Network IP 1 vlan.10
<notice>10.64.0.0/30 Intra Network IP 11 ge-0/0/0.10 10.64.0.25</notice>
10.64.0.24/30 Intra Network IP 1 ge-0/0/0.10
root@SRX07> <input>show route protocol ospf</input>
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
<notice>0.0.0.0/0 *[OSPF/150] 04:12:28, metric 0, tag 0
> to 10.64.0.25 via ge-0/0/0.10
10.64.0.0/30 *[OSPF/10] 00:15:42, metric 11
> to 10.64.0.25 via ge-0/0/0.10</notice>
224.0.0.5/32 *[OSPF/10] 07:08:58, metric 1
MultiRecv
Naboer
root@SRX07> <input>show ospf neighbor</input>
Address Interface State ID Pri Dead
10.64.0.25 ge-0/0/0.10 Full 24.24.24.24 128 32
Pakker
Med det samme OSPF er konfigureret begynder den at sende pakker på interfaces. Hvis den ikke modtager pakker skyldes det som regl firewall politikker.
root@SRX07> show ospf statistics
Packet type Total Last 5 seconds
Sent Received Sent Received
<notice>Hello 1939 1791</notice> 1 0
DbD 3 2 0 0
LSReq 1 1 0 0
LSUpdate 8 20 0 0
LSAck 18 7 0 0
DBDs retransmitted : 0, last 5 seconds : 0
LSAs flooded : 5, last 5 seconds : 0
LSAs flooded high-prio : 2, last 5 seconds : 0
LSAs retransmitted : 0, last 5 seconds : 0
LSAs transmitted to nbr: 1, last 5 seconds : 0
LSAs requested : 1, last 5 seconds : 0
LSAs acknowledged : 20, last 5 seconds : 0
Flood queue depth : 0
Total rexmit entries : 0
db summaries : 0
lsreq entries : 0
Receive errors:
None
Nabo problemer
Hvis der aldrig bliver oprettet naboskaber men pakker bliver sendt og modtaget kan vi aktivere en traceoption.
root@SRX07> <input>show configuration protocols ospf</input>
<notice>traceoptions {
file ospf.tr;
flag error detail;
flag event detail;
}</notice>
area 0.0.0.0 {
interface ge-0/0/0.10;
interface vlan.10 {
passive;
}
}
Se filen med monitor start ospf.tr eller show log ospf.tr
root@SRX07> clear ospf neighbor
root@SRX07> show log ospf.tr
Jan 13 21:19:11.156267 RPD_OSPF_NBRDOWN: OSPF neighbor 10.64.0.25 (realm ospf-v2 ge-0/0/0.10 area 0.0.0.0) state changed from Full to Down due to KillNbr (event reason: command to clear a neighbor was issued)
Jan 13 21:19:11.156662 OSPF Interface event job created at restart phase 0.
Jan 13 21:19:11.157507 Interface ge-0/0/0.10 area 0.0.0.0 event NeighborChange
Jan 13 21:19:11.160539 OSPF Interface event job processed 1 events.
Jan 13 21:19:11.160638 OSPF Interface event job deleted.
Jan 13 21:19:11.162147 OSPF neighbor 10.64.0.25 (IFL 71, area 0.0.0.0, rtbl idx 0) deleted
Jan 13 21:19:11.171780 OSPF programmed periodic xmit from 10.64.0.26 to 224.0.0.5 (IFL 71, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0) interval 10 0
Jan 13 21:19:11.179759 RPD_OSPF_NBRUP: OSPF neighbor 10.64.0.25 (realm ospf-v2 ge-0/0/0.10 area 0.0.0.0) state changed from Init to ExStart due to 2WayRcvd (event reason: neighbor detected this router)
Jan 13 21:19:11.179873 OSPF Interface event job created at restart phase 0.
Jan 13 21:19:11.180455 Interface ge-0/0/0.10 area 0.0.0.0 event NeighborChange
Jan 13 21:19:11.180932 OSPF Interface event job processed 1 events.
Jan 13 21:19:11.181003 OSPF Interface event job deleted.
Jan 13 21:19:11.186901 OSPF neighbor 10.64.0.25 (IFL 71, area 0.0.0.0, rtbl idx 0) set, 40 0
Jan 13 21:19:11.187271 OSPF programmed periodic xmit from 10.64.0.26 to 224.0.0.5 (IFL 71, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0) interval 10 0
Jan 13 21:19:11.189557 OSPF programmed periodic xmit from 10.64.0.26 to 224.0.0.5 (IFL 71, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0) interval 10 0
Jan 13 21:19:11.272292 RPD_OSPF_NBRUP: OSPF neighbor 10.64.0.25 (realm ospf-v2 ge-0/0/0.10 area 0.0.0.0) state changed from Loading to Full due to LoadDone (event reason: OSPF loading completed)
BGP
Tegning findes i klassen
Følg denne [BGP JUNOS|Guide] men glem alt omkring IPv6.
Vær opmærksom på at guiden arbejder i packet-based flow
Links
Examples: Configuring OSPF Traffic Control OSPF_JUNOS