Difference between revisions of "TDC Juniper CPE/Dynamisk routing"

From Teknologisk videncenter
Jump to: navigation, search
m
Line 229: Line 229:
  
 
[[Category:Juniper]]
 
[[Category:Juniper]]
[[Category:SRX Packet-Based Forwarding]]
 

Revision as of 22:37, 13 January 2015

I denne opgave kan du enten vælge at konfigurere OSPF eller BGP alt efter preference. Eller hvert medlem af holdet kan konfigurere hver sin protokol:-)

OSPF

Tegning findes i klassen.
Default timers:

Hello
10 sekunder
Dead
40 Sekunder

Implmentering

For at konfigurere OSPF på en SRX kasse skal man igennem følgende skridt:

  1. Konfigurer router-id
  2. Konfigurer OSPF interfaces
    1. Herunder passiv interfaces
  3. Sæt reference båndbredde
  4. Tillad OSPF i host-inbound
  5. Kontroller det virker

Router-ID

Konfiguration af Router-ID finder sted under router-options stanza.
Router-ID er et 32 bits streng skrevet i dotted decimal notation som en IPv4 adresse.
Router-ID kan ikke være i 0.0.0.0/8 eller 127.0.0.0/8 området.

[edit]
root@SRX240# <input>show routing-options router-id</input>
<notice>router-id 24.24.24.24;</notice>

OSPF Konfiguration

Konfigurations af OSPF parametre sker under protocols ospf stanza'en

[edit]
root@SRX07# <input>show protocols ospf</input>
area 0.0.0.0 {
    interface ge-0/0/0.10;
    interface vlan.10 {
        passive;
    }
}

Reference båndbredde

Default reference båndbredde ligger på 100Mbit/s, så den alle links på 100Mbit/s og over vil have en cost på 1.
Her ændrer vi den til 10Gbit/s istedet.

root@SRX240# <input>run show ospf interface detail</input>
Interface           State   Area            DR ID           BDR ID          Nbrs
ge-0/0/1.10         DR      0.0.0.0         24.24.24.24     0.0.0.0            0
  Type: LAN, Address: 10.64.0.1, Mask: 255.255.255.252, MTU: 1500, <notice>Cost: 1</notice>
  DR addr: 10.64.0.1, Priority: 128
  Adj count: 0
  Hello: 10, Dead: 40, ReXmit: 5, Not Stub
  Auth type: None
  Protection type: None
  Topology default (ID 0) -> <notice>Cost: 1</notice>

[edit]
root@SRX240# <input>set protocols ospf reference-bandwidth 10G</input>

[edit]
root@SRX240# <input>commit</input>
commit complete

[edit]
root@SRX240# run show ospf interface detail
Interface           State   Area            DR ID           BDR ID          Nbrs
ge-0/0/1.10         DR      0.0.0.0         24.24.24.24     0.0.0.0            0
  Type: LAN, Address: 10.64.0.1, Mask: 255.255.255.252, MTU: 1500, <notice>Cost: 10</notice>
  DR addr: 10.64.0.1, Priority: 128
  Adj count: 0
  Hello: 10, Dead: 40, ReXmit: 5, Not Stub
  Auth type: None
  Protection type: None
  Topology default (ID 0) -> <notice>Cost: 10</notice>

Tillad OSPF trafik

OSPF Trafik skal selvfølgelig også tillades i vores host-inbound-traffic regl

[edit]
root@SRX07# <input>show security zones security-zone untrust</input>
screen untrust-screen;
interfaces {
    ge-0/0/0.10 {
        host-inbound-traffic {
            system-services {
                dhcp;
                tftp;
            }
            <notice>protocols {
                ospf;
            }</notice>
        }
    }
}

Fejlfinding

Interfaces

root@SRX07> <input>show ospf interface</input>
Interface           State   Area            DR ID           BDR ID          Nbrs
ge-0/0/0.10         BDR     0.0.0.0         24.24.24.24     7.7.7.7            <notice>1</notice>
vlan.10             DRother 0.0.0.0         0.0.0.0         0.0.0.0            0

root@SRX07> <input>show ospf interface detail</input>
Interface           State   Area            DR ID           BDR ID          Nbrs
ge-0/0/0.10         BDR     0.0.0.0         24.24.24.24     7.7.7.7            1
  Type: LAN, Address: 10.64.0.26, Mask: 255.255.255.252, MTU: 1500, Cost: 1
  DR addr: 10.64.0.25, BDR addr: 10.64.0.26, Priority: 128
  <notice>Adj count: 1
  Hello: 10, Dead: 40, ReXmit: 5, Not Stub</notice>
  Auth type: None
  Protection type: None
  Topology default (ID 0) -> Cost: 1
vlan.10             DRother 0.0.0.0         0.0.0.0         0.0.0.0            0
  Type: LAN, Address: 10.56.10.1, Mask: 255.255.255.0, MTU: 1500, Cost: 1
  Adj count: 0, Passive
  Hello: 10, Dead: 40, ReXmit: 5, Not Stub
  Auth type: None
  Protection type: None
  Topology default (ID 0) -> Passive, Cost: 1

Routing

root@SRX07> <input>show ospf route</input>
Topology default Route Table:

Prefix             Path  Route      NH       Metric NextHop       Nexthop
                   Type  Type       Type            Interface     Address/LSP
24.24.24.24        Intra AS BR      IP            1 ge-0/0/0.10   10.64.0.25
<notice>0.0.0.0/0          Ext2</notice>  Network    IP            0 ge-0/0/0.10   10.64.0.25
10.56.10.0/24      Intra Network    IP            1 vlan.10
<notice>10.64.0.0/30       Intra Network    IP           11 ge-0/0/0.10   10.64.0.25</notice>
10.64.0.24/30      Intra Network    IP            1 ge-0/0/0.10

root@SRX07> <input>show route protocol ospf</input>

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

<notice>0.0.0.0/0          *[OSPF/150] 04:12:28, metric 0, tag 0
                    > to 10.64.0.25 via ge-0/0/0.10
10.64.0.0/30       *[OSPF/10] 00:15:42, metric 11
                    > to 10.64.0.25 via ge-0/0/0.10</notice>
224.0.0.5/32       *[OSPF/10] 07:08:58, metric 1
                      MultiRecv

Naboer

root@SRX07> <input>show ospf neighbor</input>
Address          Interface              State     ID               Pri  Dead
10.64.0.25       ge-0/0/0.10            Full      24.24.24.24      128    32

Pakker

Med det samme OSPF er konfigureret begynder den at sende pakker på interfaces. Hvis den ikke modtager pakker skyldes det som regl firewall politikker.

root@SRX07> show ospf statistics

Packet type             Total                  Last 5 seconds
                   Sent      Received        Sent      Received
   <notice>Hello           1939          1791</notice>           1             0
     DbD              3             2           0             0
   LSReq              1             1           0             0
LSUpdate              8            20           0             0
   LSAck             18             7           0             0

DBDs retransmitted     :                    0, last 5 seconds :          0
LSAs flooded           :                    5, last 5 seconds :          0
LSAs flooded high-prio :                    2, last 5 seconds :          0
LSAs retransmitted     :                    0, last 5 seconds :          0
LSAs transmitted to nbr:                    1, last 5 seconds :          0
LSAs requested         :                    1, last 5 seconds :          0
LSAs acknowledged      :                   20, last 5 seconds :          0

Flood queue depth      :               0
Total rexmit entries   :               0
db summaries           :               0
lsreq entries          :               0

Receive errors:
  None

Nabo problemer

Hvis der aldrig bliver oprettet naboskaber men pakker bliver sendt og modtaget kan vi aktivere en traceoption.

root@SRX07> <input>show configuration protocols ospf</input>
<notice>traceoptions {
    file ospf.tr;
    flag error detail;
    flag event detail;
}</notice>
area 0.0.0.0 {
    interface ge-0/0/0.10;
    interface vlan.10 {
        passive;
    }
}

Se filen med monitor start ospf.tr eller show log ospf.tr

root@SRX07> clear ospf neighbor

root@SRX07> show log ospf.tr
Jan 13 21:19:11.156267 RPD_OSPF_NBRDOWN: OSPF neighbor 10.64.0.25 (realm ospf-v2 ge-0/0/0.10 area 0.0.0.0) state changed from Full to Down due to KillNbr (event reason: command to clear a neighbor was issued)
Jan 13 21:19:11.156662 OSPF Interface event job created at restart phase 0.
Jan 13 21:19:11.157507 Interface ge-0/0/0.10 area 0.0.0.0 event NeighborChange
Jan 13 21:19:11.160539 OSPF Interface event job processed 1 events.
Jan 13 21:19:11.160638 OSPF Interface event job deleted.
Jan 13 21:19:11.162147 OSPF neighbor 10.64.0.25 (IFL 71, area 0.0.0.0, rtbl idx 0) deleted
Jan 13 21:19:11.171780 OSPF programmed periodic xmit from 10.64.0.26 to 224.0.0.5 (IFL 71, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0) interval 10 0
Jan 13 21:19:11.179759 RPD_OSPF_NBRUP: OSPF neighbor 10.64.0.25 (realm ospf-v2 ge-0/0/0.10 area 0.0.0.0) state changed from Init to ExStart due to 2WayRcvd (event reason: neighbor detected this router)
Jan 13 21:19:11.179873 OSPF Interface event job created at restart phase 0.
Jan 13 21:19:11.180455 Interface ge-0/0/0.10 area 0.0.0.0 event NeighborChange
Jan 13 21:19:11.180932 OSPF Interface event job processed 1 events.
Jan 13 21:19:11.181003 OSPF Interface event job deleted.
Jan 13 21:19:11.186901 OSPF neighbor 10.64.0.25 (IFL 71, area 0.0.0.0, rtbl idx 0) set, 40 0
Jan 13 21:19:11.187271 OSPF programmed periodic xmit from 10.64.0.26 to 224.0.0.5 (IFL 71, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0) interval 10 0
Jan 13 21:19:11.189557 OSPF programmed periodic xmit from 10.64.0.26 to 224.0.0.5 (IFL 71, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0) interval 10 0
Jan 13 21:19:11.272292 RPD_OSPF_NBRUP: OSPF neighbor 10.64.0.25 (realm ospf-v2 ge-0/0/0.10 area 0.0.0.0) state changed from Loading to Full due to LoadDone (event reason: OSPF loading completed)

BGP

Tegning findes i klassen
Følg denne [BGP JUNOS|Guide] men glem alt omkring IPv6.
Vær opmærksom på at guiden arbejder i packet-based flow

Links

Examples: Configuring OSPF Traffic Control OSPF_JUNOS

Referencer