Difference between revisions of "RIP JUNOS"
From Teknologisk videncenter
m (Created page with "=Setup= Cisco router er forbundet via en GRE tunnel til en SRX100. Netværket hedder 10.255.0.16/30 på tunnellen.<br/> Netværket bag Cisco routeren 10.197.1.0/25 samt de statis...") |
m (→Juniper konfiguration) |
||
| Line 35: | Line 35: | ||
==Juniper konfiguration== | ==Juniper konfiguration== | ||
===RIP=== | ===RIP=== | ||
| + | Konfigurationen af rip ligger under protocol rip. Sender version 2 RIP beskeder som multicast, og modtager kun version 2 beskeder. | ||
| + | <source lang=cli> | ||
| + | [edit protocols rip] | ||
| + | root@SRX100# <input>show</input> | ||
| + | send multicast; | ||
| + | receive version-2; | ||
| + | group RIP-GR { | ||
| + | neighbor gr-0/0/0.20; | ||
| + | } | ||
| + | </source> | ||
| + | Hvis vi kontrollerer route tabellen ser vi ingen lærte rip routes: | ||
| + | <source lang=cli> | ||
| + | [edit protocols rip] | ||
| + | root@SRX100# <input>run show route protocol rip</input> | ||
| + | |||
| + | inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden) | ||
| + | + = Active Route, - = Last Active, * = Both | ||
| + | |||
| + | 224.0.0.9/32 *[RIP/100] 00:03:27, metric 1 | ||
| + | MultiRecv | ||
| + | |||
| + | inet6.0: 19 destinations, 25 routes (19 active, 0 holddown, 0 hidden) | ||
| + | </source> | ||
| + | RIP statistikkerne siger at vi ikke modtager nogle pakker via tunnelen, selv om vi har verificeret Cisco routeren sender. | ||
| + | <source lang=cli> | ||
| + | root@SRX100# run show rip statistics | ||
| + | RIPv2 info: port 520; holddown 120s. | ||
| + | rts learned rts held down rqsts dropped resps dropped | ||
| + | 0 0 0 0 | ||
| + | |||
| + | gr-0/0/0.20: 0 routes learned; 0 routes advertised; timeout 180s; update interval 30s | ||
| + | Counter Total Last 5 min Last minute | ||
| + | ------- ----------- ----------- ----------- | ||
| + | Updates Sent 0 0 0 | ||
| + | Triggered Updates Sent 0 0 0 | ||
| + | Responses Sent 0 0 0 | ||
| + | Bad Messages 0 0 0 | ||
| + | RIPv1 Updates Received 0 0 0 | ||
| + | RIPv1 Bad Route Entries 0 0 0 | ||
| + | RIPv1 Updates Ignored 0 0 0 | ||
| + | <notice>RIPv2 Updates Received 0 0 0</notice> | ||
| + | RIPv2 Bad Route Entries 0 0 0 | ||
| + | RIPv2 Updates Ignored 0 0 0 | ||
| + | Authentication Failures 0 0 0 | ||
| + | RIP Requests Received 0 0 0 | ||
| + | RIP Requests Ignored 0 0 0 | ||
| + | none 0 0 0 | ||
| + | </source> | ||
===Security Zones=== | ===Security Zones=== | ||
| + | SRX firewallen kører flow-mode og RIP skal tillades i sikkerheds zonen, GRE interfacet tilhører.<br/> | ||
| + | Zonen her hedder VOICE da den bruges til IPT. | ||
| + | <source lang=cli> | ||
| + | [edit security zones security-zone VOICE] | ||
| + | root@SRX100# <input>show</input> | ||
| + | host-inbound-traffic { | ||
| + | system-services { | ||
| + | ping; | ||
| + | } | ||
| + | <notice>protocols { | ||
| + | rip; | ||
| + | }</notice> | ||
| + | } | ||
| + | </source> | ||
| + | Og straks begynder opdateringerne at trille ind: | ||
| + | <source lang=cli> | ||
| + | root@SRX100# <input>run show rip statistics</input> | ||
| + | RIPv2 info: port 520; holddown 120s. | ||
| + | rts learned rts held down rqsts dropped resps dropped | ||
| + | 4 0 0 0 | ||
| + | |||
| + | gr-0/0/0.20: 4 routes learned; 0 routes advertised; timeout 180s; update interval 30s | ||
| + | Counter Total Last 5 min Last minute | ||
| + | ------- ----------- ----------- ----------- | ||
| + | Updates Sent 0 0 0 | ||
| + | Triggered Updates Sent 0 0 0 | ||
| + | Responses Sent 0 0 0 | ||
| + | Bad Messages 0 0 0 | ||
| + | RIPv1 Updates Received 0 0 0 | ||
| + | RIPv1 Bad Route Entries 0 0 0 | ||
| + | RIPv1 Updates Ignored 0 0 0 | ||
| + | <notice>RIPv2 Updates Received 2 0 0</notice> | ||
| + | RIPv2 Bad Route Entries 0 0 0 | ||
| + | RIPv2 Updates Ignored 0 0 0 | ||
| + | Authentication Failures 0 0 0 | ||
| + | RIP Requests Received 0 0 0 | ||
| + | RIP Requests Ignored 0 0 0 | ||
| + | none 0 0 0 | ||
| + | root@SRX100# <input>run show route protocol rip</input> | ||
| + | |||
| + | inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden) | ||
| + | + = Active Route, - = Last Active, * = Both | ||
| + | |||
| + | <notice>10.197.1.0/25 *[RIP/100] 00:01:16, metric 2, tag 0 | ||
| + | > to 10.255.0.18 via gr-0/0/0.20 | ||
| + | 87.48.131.50/32 *[RIP/100] 00:01:16, metric 2, tag 0 | ||
| + | > to 10.255.0.18 via gr-0/0/0.20 | ||
| + | 87.48.131.54/32 *[RIP/100] 00:01:16, metric 2, tag 0 | ||
| + | > to 10.255.0.18 via gr-0/0/0.20 | ||
| + | 87.48.133.100/32 *[RIP/100] 00:01:16, metric 2, tag 0 | ||
| + | > to 10.255.0.18 via gr-0/0/0.20</notice> | ||
| + | 224.0.0.9/32 *[RIP/100] 00:10:44, metric 1 | ||
| + | MultiRecv | ||
| + | </source> | ||
| + | Men der bliver ikke sendt nogle updates den anden retning | ||
| + | <source lang=cli> | ||
| + | EM565039#show ip route rip | ||
| + | Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP | ||
| + | D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area | ||
| + | N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 | ||
| + | E1 - OSPF external type 1, E2 - OSPF external type 2 | ||
| + | i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 | ||
| + | ia - IS-IS inter area, * - candidate default, U - per-user static route | ||
| + | o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP | ||
| + | + - replicated route, % - next hop override | ||
| + | |||
| + | Gateway of last resort is 93.166.111.101 to network 0.0.0.0 | ||
| + | |||
| + | EM565039#<input>debug ip rip</input> | ||
| + | RIP protocol debugging is on | ||
| + | EM565039# | ||
| + | Oct 1 21:22:35.884 UTC+2: RIP: sending v2 update to 224.0.0.9 via Tunnel20 (10.255.0.18) | ||
| + | Oct 1 21:22:35.884 UTC+2: RIP: build update entries | ||
| + | Oct 1 21:22:35.884 UTC+2: 10.197.1.0/25 via 0.0.0.0, metric 1, tag 0 | ||
| + | Oct 1 21:22:35.884 UTC+2: 87.48.131.50/32 via 0.0.0.0, metric 1, tag 0 | ||
| + | Oct 1 21:22:35.884 UTC+2: 87.48.131.54/32 via 0.0.0.0, metric 1, tag 0 | ||
| + | Oct 1 21:22:35.884 UTC+2: 87.48.133.100/32 via 0.0.0.0, metric 1, tag 0 | ||
| + | EM565039# | ||
| + | </source> | ||
===Routing Policies=== | ===Routing Policies=== | ||
| + | Der er endnu ikke oprettet nogle import og export politikker.<br/> | ||
| + | ;import:Alt modtaget trafik bliver automatisk sendt til route tabellen. implicit permit | ||
| + | ;export:Intet bliver taget fra route tabellen og send til naboer uden en explicit permit. implicit deny | ||
| + | Alle direkte forbundne netværk bliver exporteret hvis de ligger indenfor 10.197.1.0/24 og har en /24 eller længere maske. | ||
| + | <source lang=cli> | ||
| + | [edit policy-options policy-statement RIP-EXPORT] | ||
| + | root@SRX100# <input>show</input> | ||
| + | term 1 { | ||
| + | from { | ||
| + | protocol direct; | ||
| + | route-filter 10.197.1.0/24 orlonger; | ||
| + | } | ||
| + | then accept; | ||
| + | } | ||
| + | [edit protocols rip] | ||
| + | root@SRX100# <input>show</input> | ||
| + | send multicast; | ||
| + | receive version-2; | ||
| + | group RIP-GR { | ||
| + | export RIP-EXPORT; | ||
| + | neighbor gr-0/0/0.20; | ||
| + | } | ||
| + | </source> | ||
| + | Og SRX'en begynder nu at sende updates | ||
| + | <source lang=cli> | ||
| + | root@SRX100# <input>run show rip statistics</input> | ||
| + | RIPv2 info: port 520; holddown 120s. | ||
| + | rts learned rts held down rqsts dropped resps dropped | ||
| + | 4 0 0 0 | ||
| + | |||
| + | gr-0/0/0.20: 4 routes learned; 1 routes advertised; timeout 180s; update interval 30s | ||
| + | Counter Total Last 5 min Last minute | ||
| + | ------- ----------- ----------- ----------- | ||
| + | <notice>Updates Sent 1 0 0 | ||
| + | Triggered Updates Sent 1 0 0</notice> | ||
| + | Responses Sent 0 0 0 | ||
| + | Bad Messages 0 0 0 | ||
| + | RIPv1 Updates Received 0 0 0 | ||
| + | RIPv1 Bad Route Entries 0 0 0 | ||
| + | RIPv1 Updates Ignored 0 0 0 | ||
| + | RIPv2 Updates Received 29 11 3 | ||
| + | RIPv2 Bad Route Entries 0 0 0 | ||
| + | RIPv2 Updates Ignored 0 0 0 | ||
| + | Authentication Failures 0 0 0 | ||
| + | RIP Requests Received 0 0 0 | ||
| + | RIP Requests Ignored 0 0 0 | ||
| + | none 0 0 0 | ||
| + | </source> | ||
| + | Cisco routeren begynder også at modtage opdateringer | ||
| + | <source lang=cli> | ||
| + | Oct 1 21:32:24.909 UTC+2: RIP: received v2 update from 10.255.0.17 on Tunnel20 | ||
| + | Oct 1 21:32:24.909 UTC+2: <notice>10.197.1.128/25</notice> via 0.0.0.0 in 1 hops | ||
| + | EM565039#<input>show ip route rip</input> | ||
| + | Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP | ||
| + | D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area | ||
| + | N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 | ||
| + | E1 - OSPF external type 1, E2 - OSPF external type 2 | ||
| + | i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 | ||
| + | ia - IS-IS inter area, * - candidate default, U - per-user static route | ||
| + | o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP | ||
| + | + - replicated route, % - next hop override | ||
| + | |||
| + | Gateway of last resort is 93.166.111.101 to network 0.0.0.0 | ||
| + | |||
| + | 10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks | ||
| + | <notice>R 10.197.1.128/25 [120/1] via 10.255.0.17, 00:00:02, Tunnel20</notice> | ||
| + | EM565039# | ||
| + | </source> | ||
{{Source cli}} | {{Source cli}} | ||
[[Category:Juniper]] | [[Category:Juniper]] | ||
Revision as of 21:36, 1 October 2014
Contents
Setup
Cisco router er forbundet via en GRE tunnel til en SRX100. Netværket hedder 10.255.0.16/30 på tunnellen.
Netværket bag Cisco routeren 10.197.1.0/25 samt de statiske routes skal sendes til SRX100'eren og 10.197.1.128/25 netværket bag SRX100'eren skal sendes tilbage til Cisco routeren.
Cisco configurationen
Skal tillade det internt 10.197.1.0/25 netværk og nogle statisk konfigurerede host routes på tværs af tunnellen.
EM565039#<input>show run</input>
router rip
version 2
redistribute static
passive-interface ATM0.34
network 10.0.0.0
distribute-list prefix RIP-OUT out
no auto-summary
!
ip prefix-list RIP-OUT seq 5 deny 0.0.0.0/0
ip prefix-list RIP-OUT seq 10 permit 10.197.0.0/16 le 32
ip prefix-list RIP-OUT seq 20 permit 87.48.0.0/16 ge 32
!deny 0.0.0.0/0 er lidt dobbelt konfekt med det virker:-)
Verification
Her sikrer vi os at de rigtige netværk bliver sendt til naboen over tunnellen
EM565039#<input>debug ip rip</input>
RIP protocol debugging is on
Oct 1 20:56:32.403 UTC+2: RIP: sending v2 update to 224.0.0.9 via Tunnel20 (10.255.0.18)
Oct 1 20:56:32.403 UTC+2: RIP: build update entries
Oct 1 20:56:32.403 UTC+2: <notice>10.197.1.0/25 via 0.0.0.0, metric 1, tag 0</notice>
Oct 1 20:56:32.403 UTC+2: <notice>87.48.131.50/32 via 0.0.0.0, metric 1, tag 0</notice>
Oct 1 20:56:32.403 UTC+2: <notice>87.48.131.54/32 via 0.0.0.0, metric 1, tag 0</notice>
Oct 1 20:56:32.403 UTC+2: <notice>87.48.133.100/32 via 0.0.0.0, metric 1, tag 0</notice>Nu er vi sikker på Cisco enden sender RIP routes så lad os kigge på Juniper enden
Juniper konfiguration
RIP
Konfigurationen af rip ligger under protocol rip. Sender version 2 RIP beskeder som multicast, og modtager kun version 2 beskeder.
[edit protocols rip]
root@SRX100# <input>show</input>
send multicast;
receive version-2;
group RIP-GR {
neighbor gr-0/0/0.20;
}Hvis vi kontrollerer route tabellen ser vi ingen lærte rip routes:
[edit protocols rip]
root@SRX100# <input>run show route protocol rip</input>
inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
224.0.0.9/32 *[RIP/100] 00:03:27, metric 1
MultiRecv
inet6.0: 19 destinations, 25 routes (19 active, 0 holddown, 0 hidden)RIP statistikkerne siger at vi ikke modtager nogle pakker via tunnelen, selv om vi har verificeret Cisco routeren sender.
root@SRX100# run show rip statistics
RIPv2 info: port 520; holddown 120s.
rts learned rts held down rqsts dropped resps dropped
0 0 0 0
gr-0/0/0.20: 0 routes learned; 0 routes advertised; timeout 180s; update interval 30s
Counter Total Last 5 min Last minute
------- ----------- ----------- -----------
Updates Sent 0 0 0
Triggered Updates Sent 0 0 0
Responses Sent 0 0 0
Bad Messages 0 0 0
RIPv1 Updates Received 0 0 0
RIPv1 Bad Route Entries 0 0 0
RIPv1 Updates Ignored 0 0 0
<notice>RIPv2 Updates Received 0 0 0</notice>
RIPv2 Bad Route Entries 0 0 0
RIPv2 Updates Ignored 0 0 0
Authentication Failures 0 0 0
RIP Requests Received 0 0 0
RIP Requests Ignored 0 0 0
none 0 0 0Security Zones
SRX firewallen kører flow-mode og RIP skal tillades i sikkerheds zonen, GRE interfacet tilhører.
Zonen her hedder VOICE da den bruges til IPT.
[edit security zones security-zone VOICE]
root@SRX100# <input>show</input>
host-inbound-traffic {
system-services {
ping;
}
<notice>protocols {
rip;
}</notice>
}Og straks begynder opdateringerne at trille ind:
root@SRX100# <input>run show rip statistics</input>
RIPv2 info: port 520; holddown 120s.
rts learned rts held down rqsts dropped resps dropped
4 0 0 0
gr-0/0/0.20: 4 routes learned; 0 routes advertised; timeout 180s; update interval 30s
Counter Total Last 5 min Last minute
------- ----------- ----------- -----------
Updates Sent 0 0 0
Triggered Updates Sent 0 0 0
Responses Sent 0 0 0
Bad Messages 0 0 0
RIPv1 Updates Received 0 0 0
RIPv1 Bad Route Entries 0 0 0
RIPv1 Updates Ignored 0 0 0
<notice>RIPv2 Updates Received 2 0 0</notice>
RIPv2 Bad Route Entries 0 0 0
RIPv2 Updates Ignored 0 0 0
Authentication Failures 0 0 0
RIP Requests Received 0 0 0
RIP Requests Ignored 0 0 0
none 0 0 0
root@SRX100# <input>run show route protocol rip</input>
inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
<notice>10.197.1.0/25 *[RIP/100] 00:01:16, metric 2, tag 0
> to 10.255.0.18 via gr-0/0/0.20
87.48.131.50/32 *[RIP/100] 00:01:16, metric 2, tag 0
> to 10.255.0.18 via gr-0/0/0.20
87.48.131.54/32 *[RIP/100] 00:01:16, metric 2, tag 0
> to 10.255.0.18 via gr-0/0/0.20
87.48.133.100/32 *[RIP/100] 00:01:16, metric 2, tag 0
> to 10.255.0.18 via gr-0/0/0.20</notice>
224.0.0.9/32 *[RIP/100] 00:10:44, metric 1
MultiRecvMen der bliver ikke sendt nogle updates den anden retning
EM565039#show ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 93.166.111.101 to network 0.0.0.0
EM565039#<input>debug ip rip</input>
RIP protocol debugging is on
EM565039#
Oct 1 21:22:35.884 UTC+2: RIP: sending v2 update to 224.0.0.9 via Tunnel20 (10.255.0.18)
Oct 1 21:22:35.884 UTC+2: RIP: build update entries
Oct 1 21:22:35.884 UTC+2: 10.197.1.0/25 via 0.0.0.0, metric 1, tag 0
Oct 1 21:22:35.884 UTC+2: 87.48.131.50/32 via 0.0.0.0, metric 1, tag 0
Oct 1 21:22:35.884 UTC+2: 87.48.131.54/32 via 0.0.0.0, metric 1, tag 0
Oct 1 21:22:35.884 UTC+2: 87.48.133.100/32 via 0.0.0.0, metric 1, tag 0
EM565039#Routing Policies
Der er endnu ikke oprettet nogle import og export politikker.
- import
- Alt modtaget trafik bliver automatisk sendt til route tabellen. implicit permit
- export
- Intet bliver taget fra route tabellen og send til naboer uden en explicit permit. implicit deny
Alle direkte forbundne netværk bliver exporteret hvis de ligger indenfor 10.197.1.0/24 og har en /24 eller længere maske.
[edit policy-options policy-statement RIP-EXPORT]
root@SRX100# <input>show</input>
term 1 {
from {
protocol direct;
route-filter 10.197.1.0/24 orlonger;
}
then accept;
}
[edit protocols rip]
root@SRX100# <input>show</input>
send multicast;
receive version-2;
group RIP-GR {
export RIP-EXPORT;
neighbor gr-0/0/0.20;
}Og SRX'en begynder nu at sende updates
root@SRX100# <input>run show rip statistics</input>
RIPv2 info: port 520; holddown 120s.
rts learned rts held down rqsts dropped resps dropped
4 0 0 0
gr-0/0/0.20: 4 routes learned; 1 routes advertised; timeout 180s; update interval 30s
Counter Total Last 5 min Last minute
------- ----------- ----------- -----------
<notice>Updates Sent 1 0 0
Triggered Updates Sent 1 0 0</notice>
Responses Sent 0 0 0
Bad Messages 0 0 0
RIPv1 Updates Received 0 0 0
RIPv1 Bad Route Entries 0 0 0
RIPv1 Updates Ignored 0 0 0
RIPv2 Updates Received 29 11 3
RIPv2 Bad Route Entries 0 0 0
RIPv2 Updates Ignored 0 0 0
Authentication Failures 0 0 0
RIP Requests Received 0 0 0
RIP Requests Ignored 0 0 0
none 0 0 0Cisco routeren begynder også at modtage opdateringer
Oct 1 21:32:24.909 UTC+2: RIP: received v2 update from 10.255.0.17 on Tunnel20
Oct 1 21:32:24.909 UTC+2: <notice>10.197.1.128/25</notice> via 0.0.0.0 in 1 hops
EM565039#<input>show ip route rip</input>
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 93.166.111.101 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
<notice>R 10.197.1.128/25 [120/1] via 10.255.0.17, 00:00:02, Tunnel20</notice>
EM565039#