Juniper IGP - CONFIGURATION GUIDE V11.1.X Configuration Manual Download Page 76 | Manualshive

Page: 76 / 454

background image

■

If the source did not send the RST or SYN message, the source accepts the ACK
message as part of an existing connection. As a result, the source does not send
another RST or SYN message and the router does not shut down the connection.

NOTE:

Enabling this command slightly modifies the way TCP processes RST or SYN

messages to ensure that they are genuine.

tcp ack-rst-and-syn

■

Use to help protect the router from TCP RST and SYN denial of service attacks.

■

Example

host1(config)#

tcp ack-rst-and-syn

■

Use the

no

version to disable this protection.

■

See tcp ack-rst-and-syn

Preventing TCP PAWS Timestamp DoS Attacks

The TCP Protect Against Wrapped Sequence (PAWS) number option works by
including the TCP timestamp option in all TCP headers to help validate the packet
sequence number.

Normally, in PAWS packets that have the timestamps option enabled, hosts use an
internal timer to compare the value of the timestamp associated with incoming
segments against the last valid timestamp the host recorded. If the segment timestamp
is larger than the value of the last valid timestamp, and the sequence number is less
than the last acknowledgement sent, the host updates its internal timer with the new
timestamp and passes the segment on for further processing.

If the host detects a segment timestamp that is smaller than the value of the last
valid timestamp or the sequence number is greater than the last acknowledgement
sent, the host rejects the segment.

A remote attacker can potentially determine the source and destination ports and
IP addresses of both hosts that are engaged in an active connection. With this
information, the attacker might be able to inject a specially crafted segment into the
connection that contains a fabricated timestamp value. When the host receives this
fabricated timestamp, it changes its internal timer value to match. If this timestamp
value is larger than subsequent timestamp values from valid incoming segments,
the host determines the incoming segments as being too old and discards them. The
flow of data between hosts eventually stops, resulting in a denial of service condition.

Use the

tcp paws-disable

command to disable PAWS processing.

52

■

IP Routing

JUNOSe 11.0.x IP, IPv6, and IGP Configuration Guide

«
...
74
75
76
77
78
...
»

Summary of Contents for IGP - CONFIGURATION GUIDE V11.1.X

Page 1: ...r E Series Broadband Services Routers IP IPv6 and IGP Configuration Guide Release 11 1 x Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale California 94089 USA 408 745 2000 www juniper net Pub...

Page 2: ...3 599 5 905 725 5 909 440 6 192 051 6 333 650 6 359 479 6 406 312 6 429 706 6 459 579 6 493 347 6 538 518 6 538 899 6 552 918 6 567 902 6 578 186 and 6 590 785 JUNOSe Software for E Series Broadband S...

Page 3: ...alms devices links ports or transactions or require the purchase of separate licenses to use particular features functionalities services applications operations or capabilities or provide throughput...

Page 4: ...n connection with such withholding taxes by promptly providing Juniper with valid tax receipts and other required documentation showing Customer s payment of any withholding taxes completing appropria...

Page 5: ...nted to in writing by the party to be charged If any portion of this Agreement is held invalid the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement T...

Page 6: ...vi...

Page 7: ...hapter 1 Configuring IP 3 Chapter 2 Configuring IPv6 125 Chapter 3 Configuring Neighbor Discovery 193 Part 2 Internet Protocol Routing Chapter 4 Configuring RIP 205 Chapter 5 Configuring OSPF 241 Chap...

Page 8: ...viii JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Page 9: ...IP Functions 4 Moving Data Between Layers 4 Routing Datagrams to Remote Hosts 4 Fragmenting and Reassembling Datagrams 4 IP Layering 5 Network Interface Layer 5 Internet Layer 5 Transport Layer 5 Appl...

Page 10: ...ng RTR Next Hop Verification 34 Setting Up Default Routes 39 Setting Up an Unnumbered Interface 39 Adding a Host Route to a Peer on a PPP Interface 39 Enabling Source Address Validation 40 Enabling So...

Page 11: ...rce Address for ICMP Messages 61 Reachability Commands 62 Response Time Reporter 65 Configuration Tasks 65 Configuring the Probe Type 66 Configuring Optional Characteristics 67 Capturing Statistics 69...

Page 12: ...ks 148 Limiting Buffers per Router 148 Limiting Buffers per Virtual Router 149 Limiting Buffers per Connection 149 Configuring Equal Cost Multipath Load Sharing 150 Hashed Mode 150 Defining Maximum Pa...

Page 13: ...0 Configuration Tasks 210 Relationship Between address and network Commands 213 Enabling RIP on Dynamic IP Interfaces 223 Clearing Dynamic RIP Interfaces 223 Using RIP Routes for Multicast RPF Checks...

Page 14: ...entication 272 Authentication Requirements 272 Configuring the BFD Protocol for OSPF 276 Configuring Additional Parameters 278 Methods for Calculating OSPF Interface Cost 287 Default Metrics 288 Confi...

Page 15: ...on Tasks 341 Enabling IS IS for IP Routing 341 Summary Example 343 Enabling and Configuring IS IS for IPv6 Routing 343 Summary Example 345 Configuring IS IS Interface Specific Parameters 346 Configuri...

Page 16: ...Configuring LSP Parameters 373 Specifying the SPF Interval 375 Defining the SPF Route Calculation Level 376 Setting CLNS Parameters 377 Setting the Maximum Parallel Routes 378 Configuring a Virtual Mu...

Page 17: ...es with Indirect Next Hops 30 Figure 12 Sample Configuration for Next Hop Verification 34 Chapter 2 Configuring IPv6 125 Figure 13 IPv4 and IPv6 Header Comparison 127 Figure 14 Direct Next Hops 132 Fi...

Page 18: ...xviii List of Figures JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Page 19: ...ample Configuration 34 Table 7 Probe Characteristics 67 Chapter 2 Configuring IPv6 125 Table 8 Compressed IPv6 Formats 128 Part 2 Internet Protocol Routing Chapter 5 Configuring OSPF 241 Table 9 OSPF...

Page 20: ...xx List of Tables JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Page 21: ...tion in the latest release notes differs from the information in the documentation follow the JUNOSe Release Notes To obtain the most current version of all Juniper Networks technical documentation se...

Page 22: ...2 Routing Process OSPF 2 with Router ID 5 5 0 250 Router is an Area Border Router ABR Represents information as displayed on your terminal s screen Fixed width text like this There are two levels of...

Page 23: ...from the Juniper Networks Web site athttp www juniper net Documentation Feedback We encourage you to provide feedback comments and suggestions so that we can improve the documentation to better meet...

Page 24: ...e notes http www juniper net customers csc software Search technical bulletins for relevant hardware and software notifications https www juniper net alerts Join and participate in the Juniper Network...

Page 25: ...Part 1 Internet Protocol Configuring IP on page 3 Configuring IPv6 on page 125 Configuring Neighbor Discovery on page 193 Internet Protocol 1...

Page 26: ...2 Internet Protocol JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Page 27: ...rnet Control Message Protocol on page 59 Reachability Commands on page 62 Response Time Reporter on page 65 Monitoring IP on page 79 Overview TCP IP is a suite of data communications protocols Two of...

Page 28: ...number in the datagram header to select the transport layer protocol Each host to host transport layer protocol has a unique protocol number that identifies it to IP Routing Datagrams to Remote Hosts...

Page 29: ...hms are run and the datagram is passed to the network interface layer for transmission on the attached network Transport Layer The transport layer is the third level of the TCP IP protocol stack It is...

Page 30: ...e following resources RFC 768 User Datagram Protocol August 1980 RFC 791 Internet Protocol DARPA Internet Program Protocol Specification September 1981 RFC 792 Internet Control Message Protocol Septem...

Page 31: ...ternet timestamp Broadcast addressing both limited broadcast and directed broadcast Support for 32 000 discrete simultaneous IP interfaces per router to support thousands of logical connections Capabi...

Page 32: ...s Hosts attached to the same network must share a common prefix designating their network number Four types of IP classes lend themselves to different network configurations depending on the desired r...

Page 33: ...contiguous bits equal to 1 in the subnetwork mask This format appears immediately following the dotted decimal IP address using a N format NOTE You can issue the network prefix with or without a space...

Page 34: ...osts on it Figure 4 on page 10 shows how the mask 255 255 0 0 is applied to network 10 0 0 0 The mask divides the IP address 10 0 0 1 into a network portion of 10 a subnet portion of 0 and a host port...

Page 35: ...R can reduce the number of entries globally in Internet routing tables A service provider has a group of customers with class C addresses that begin with 192 56 Despite this relationship the service p...

Page 36: ...the primary address ip address Command Use the following command to add addresses to or delete addresses from an interface ip address Use to add a primary address or to add secondary addresses to an i...

Page 37: ...routing table changes required when a change in the network topology occurs Direct next hops point routes in the routing table toward individual direct next hop connections See Figure 6 on page 13 Fig...

Page 38: ...a profile A profile is a set of characteristics that acts as a pattern that can be dynamically assigned to an IP interface You can manage a large number of IP interfaces efficiently by creating a prof...

Page 39: ...Configuration mode to create or edit a profile See JUNOSe Link Layer Configuration Guide for information about creating profiles and on other characteristics that can be applied to the profile host1 c...

Page 40: ...tcp adjust mss Use to modify the maximum segment size MSS for TCP SYN packets traveling through the interface The router compares the MSS value of incoming or outgoing packets against the MSS adjustm...

Page 41: ...o a profile You can configure a virtual router using RADIUS instead of adding one to the profile by using the ip virtual router command Example host1 config profile ip virtual router VR1 Use the no ve...

Page 42: ...is removed if it is not used within a certain period of time Before sending a packet the host searches its cache for Internet to Ethernet address mapping If the mapping is not found the host sends an...

Page 43: ...ddress of the ARP request So if host 1 sends another IP packet to host 2 host 1 searches its ARP table for the router 1 MAC address If the default router gateway becomes unavailable then all the routi...

Page 44: ...line access multiplexers DSLAMs even if you configure the router to check for spoofed ARP packets DSLAMs perform this task instead of the router If you disable checking for spoofed ARP packets on the...

Page 45: ...rticular entry specify all of the following ipAddress IP address in four part dotted decimal format corresponding to the local data link address interfaceType Interface type see Interface Types and Sp...

Page 46: ...rface If the validation is added statically via the CLI the IP address MAC address pairs are stored in NVS The entries are used for MAC validation only if MAC validation is enabled on the interface vi...

Page 47: ...adcast A packet is sent to a specific network or series of networks A limited broadcast address includes the network or subnet fields In a limited broadcast packet destined for a local network the net...

Page 48: ...oadcast Use to enable translation of directed broadcasts to physical broadcasts Example host1 config if ip directed broadcast Use the no version to disable the function See ip directed broadcast Fragm...

Page 49: ...uters as intermediate packet switches Routers forward a packet through the interconnected system of networks and routers until the packet reaches a router that is attached to the same network as the d...

Page 50: ...hat are attached to each network are not shown because each router makes its forwarding decisions based on the network number and not on the address of each individual host The router uses ARP to find...

Page 51: ...ed 10 2 0 1 10 2 0 0 16 0 0 connected 10 5 0 3 10 5 0 0 30 Setting the Administrative Distance for a Route The administrative distance is an integer that is associated with each route known to a route...

Page 52: ...PLS Configuration Guide To set the administrative distance for RIP IS IS and OSPF use the following distance commands in Router Configuration mode distance Use to set an administrative distance for RI...

Page 53: ...Identifying a Router Within an Autonomous System The router ID is commonly one of the router s defined IP addresses Although the router ID is by convention formatted as an IP address it is not requir...

Page 54: ...t Hops On the Boston router in the network shown in Figure 11 on page 30 1 Configure a static route to 10 2 0 0 16 with a next hop of 10 5 0 2 which is not directly connected and an administrative dis...

Page 55: ...the state of the IP service For additional information about BFD see JUNOSe IP Services Configuration Guide If you specify the bfd liveness detection keywords with a minimum receive interval minimum t...

Page 56: ...in the range 100 65535 milliseconds Use the multiplier keyword to specify a multiplier number in the range 1 255 Optionally you can include the last resort keyword when you use the verify bfd liveness...

Page 57: ...ion uses Fast Ethernet interfaces E Series routers support next hop verification on any type of lower layer interface RTR Configuration Example Figure 12 on page 34 shows a sample configuration that i...

Page 58: ...et interface 4 0 as the next hop Down Up The router installs a route to 10 1 1 2 using Fast Ethernet interface 4 1 as the next hop Up Down Although both RTR operations are down the last resort keyword...

Page 59: ...config rtr 10 host1 config rtr b Configure the RTR probe as an echo type and set the IP destination address and source interface You must configure the RTR probe as an echo type to use next hop verifi...

Page 60: ...3 host1 config rtr reaction configuration 11 test completion host1 config rtr schedule 11 life 3 host1 config rtr schedule 11 restart time 1 host1 config rtr schedule 11 start now 6 Establish a static...

Page 61: ...255 You cannot shutdown a loopback interface BEST PRACTICE We recommend that you configure a 32 bit subnet mask for the loopback interface For example if you configure a loopback interface with the I...

Page 62: ...sociated RTR operation Optionally you can include the last resort keyword when you use the verify rtr keywords to instruct the router to install the static route in the routing table even if the speci...

Page 63: ...the possible creation of multiple paths and routing loops Setting Up an Unnumbered Interface An unnumbered interface does not have an IP address assigned to it Unnumbered interfaces are often used in...

Page 64: ...alidate Use to enable source address validation Example host1 config if ip sa validate Use the no version to disable source address validation See ip sa validate Enabling Source Address Validation Tra...

Page 65: ...m segment size MSS for TCP SYN packets traveling through the interface The router compares the MSS value of incoming or outgoing packets against the adjusted MSS setting and replaces smaller values th...

Page 66: ...as large as possible without requiring fragmentation anywhere along the path from the source to the destination This datagram size is referred to as the path MTU PMTU and it is equal to the smallest...

Page 67: ...cifying PMTU limits keep the following in mind If a PMTU discovery value is lower than the configured minimum MTU setting PMTU discovery is disabled for that connection If a PMTU discovery value is la...

Page 68: ...This behavior is often referred to as a black hole tcp path mtu discovery black hole detect threshold Use to specify the minimum MTU value used for the path MTU If the discovered PMTU value is less th...

Page 69: ...according to an IP prefix or a VPN routing and forwarding VRF table Use an asterisk to clear all dynamic routes from the routing table Example host1 clear ip routes There is no no version See clear ip...

Page 70: ...an error message if you try to set this command for interfaces other than the SRP Ethernet interface Example host1 config if ip disable forwarding Use the no version to enable forwarding of packets on...

Page 71: ...ear as if it is up regardless of the state of the lower layers ip alwaysup Use to force an IP interface to appear as up regardless of the state of lower layers This command reduces route topology chan...

Page 72: ...interface that has a static interface configured above it NOTE The ip description command is replacing the description command to assign a description to a static IP interface ip description Use to as...

Page 73: ...ation addresses to determine which of the available paths in the ECMP set to use Hashed mode is the default ECMP mode of operation Defining Maximum Paths You can add routing table entries manually as...

Page 74: ...ECMP mode to the default hashed See ip multipath round robin maximum paths Use to control the maximum number of parallel routes that the routing protocol supports The maximum number of routes can be...

Page 75: ...TTL value can be overridden by other commands that specify a TTL ip ttl Use to set a default value for the IP header TTL field for all IP operations Example host1 config ip ttl 255 Use the no version...

Page 76: ...mp is larger than the value of the last valid timestamp and the sequence number is less than the last acknowledgement sent the host updates its internal timer with the new timestamp and passes the seg...

Page 77: ...d delivery can occur To prevent buffers from consuming too many resources TCP limits the amount of data it accepts to the number of data bytes that the receiver is willing to receive and buffer TCP do...

Page 78: ...m Use to specify the default buffer limit assigned to all virtual routers when the virtual router is established Specify a value of zero 0 to turn off the limit assignment Example host1 config tcp res...

Page 79: ...connection is established Specify a value of zero 0 buffers to turn off the default limit Example host1 config tcp resequence buffers default connection maximum 100 Use the no version to revert the co...

Page 80: ...P interface to negotiate certain IP parameters for example IPCP for PPP ARP for Ethernet and Inverse ARP for Frame Relay If you do not configure a primary IP interface in such cases the layer 2 interf...

Page 81: ...Optional Create a primary IP interface host1 config if ip address 10 1 1 1 255 255 255 255 host1 config if exit 3 Create the shared IP interface host1 config interface ip si0 4 Associate the shared IP...

Page 82: ...ently See ip share interface ip share nexthop Use to specify that the shared IP interface dynamically tracks a next hop If the next hop changes the shared IP interface moves to the new layer 2 interfa...

Page 83: ...shared interface has its own statistics Packets transmitted on a shared IP interface are always counted only in the shared IP interface Subscriber Interfaces A subscriber interface is an extension of...

Page 84: ...on mode you can enable or disable ICMP redirects This attribute is enabled by default If it is enabled on the IP interface and if the internal ICMP redirect queue is not full the router sends an ICMP...

Page 85: ...can use the ip icmp update source command to instruct ICMP to use an already configured interface or a specified IP address as the source address of the ICMP message For example you can specify that...

Page 86: ...an specify the following options packetCount Number of packets to send to the destination IP address If you specify a zero 0 echo requests packets are sent indefinitely data pattern Sets the type of b...

Page 87: ...to 1000 bytes in increments equal to the sweep interval By default the router increments packets by one byte for example it sends 100 101 102 103 1000 If the sweep interval is 5 the router sends 100...

Page 88: ...that router packets follow when traveling to their destination You can specify A VRF context Destination IP or IPv6 address Source interface for each of the transmitted packets Source address for each...

Page 89: ...a specific virtual router distinct from any other virtual router Configuration Tasks To configure RTR 1 Configure the probe type an echo probe or a path echo probe 2 Optional Configure probe character...

Page 90: ...u change the type for an existing RTR entry all values are reset including the administrative status There is no default value More than one RTR entry can become active provided each entry s target ad...

Page 91: ...be expects to receive responses receive interface Request s payload size request data size Maximum number of history samples samples of history kept User defined tag tag Probe timeout in milliseconds...

Page 92: ...return to the default value 1 byte See request data size tag Use to set an identifier for the probe Example host1 config rtr tag westford Use the no version to return to the default no tag See tag ti...

Page 93: ...fied number that is size no additional statistical information about the path is stored This option applies only to pathEcho entries To turn off this feature set the value to 0 Example host1 config rt...

Page 94: ...iving Interface When you configure multiple RTR entries to use the same target address you must issue the receive interface command to set the interface on which the probe expects to receive responses...

Page 95: ...umber of consecutive probe operations are not received or when they are received after a timeout Example host1 config rtr reaction configuration 1 operation failure 3 There is no no version See rtr re...

Page 96: ...en the test ends and no responses are received from the destination At most there can be one such event per test Example host1 config rtr reaction configuration 1 test failure There is no no version S...

Page 97: ...restart time Use to specify a restart time in seconds after which a test is restarted Example host1 config rtr schedule 5 restart time 15 Use the no version to stop the test The no version stops the p...

Page 98: ...OfEntries Number of RTR entries according to type entriesEnabled RTR entries with administrative status enabled entriesActive RTR entries with operational status enabled Example host1 show rtr applica...

Page 99: ...onsSent operationsRcvd lastGoodResponse 1 5208 5187 08 30 2000 05 09 rtrIndex operStatus minRtt maxRtt avgRtt rttSumSqr 1 enabled 0 1785 3 7109208 PathEcho Entries rtrIndex testAttempts testSuccesses...

Page 100: ...event is triggered when this number of probe operations is not received or when the operations are received after a timeout timeout Time in milliseconds that the probe waits for a response tag Identi...

Page 101: ...rget Interface used to reach target is not operational invalidHostAddress Target address is not supported noRouteToTarget Target address is not reachable responseReceived Probe operation replied by ta...

Page 102: ...40 10 5 0 11 2 165 3 3 08 30 2000 20 40 10 5 0 11 2 165 3 4 08 30 2000 20 40 10 5 0 11 See show rtr history show rtr hops Use to display RTR hops information Field descriptions rtrIndex Index number...

Page 103: ...if the option is now the status is enabled if the option is pending the status is disabled operStatus Enabled only if entryStatus and adminStatus are enabled and the test is running operStatus remains...

Page 104: ...to set a statistics baseline for IP statistics Baselining is not supported for IP socket statistics The router implements the baseline by reading and storing the statistics at the time the baseline is...

Page 105: ...be shown Example 1 host1 baseline tcp Example 2 host1 baseline ip tcp There is no no version See baseline tcp IP show Commands You can monitor the following aspects of IP using show ip commands Comma...

Page 106: ...the delta keyword with IP show commands to specify that baselined statistics are to be shown You can use the output filtering feature of the show command to include or exclude lines of output based on...

Page 107: ...Ethernet6 0 12 40 0 2 24320 0020 6393 4233 atm5 0 1 172 18 2 1 21600 0020 bed2 8738 atm5 1 1 172 18 2 2 21600 0020 5b91 60f2 atm5 1 1 172 31 192 206 21600 00d0 43b5 1032 atm5 1 1 See show arp show for...

Page 108: ...ary information about the interface Use the detail keyword to display detailed information about the interface Field descriptions Network Protocols Network protocols configured on this interface Inter...

Page 109: ...cast routed are counted as multicast packets In Policed Packets Bytes Packets and bytes that were received and dropped for any of the following reasons exceeding the token bucket limit exceeding the r...

Page 110: ...nistrative debounce time 10 mSecs Operational debounce time disabled Access routing disabled Multipath mode hashed In Received Packets 2849 Bytes 759428 Unicast Packets 2849 Bytes 759428 Multicast Pac...

Page 111: ...ed routing table distribution attempt as an error Attempts can fail for many reasons during normal operation a failed attempt does not necessarily indicate a problem It is normal to see many Load Erro...

Page 112: ...session is redirected line protocol Status of the line protocol Description Text description or alias if configured for the interface Link up down trap Status of SNMP link up down traps on the interfa...

Page 113: ...packets received redirect Receive packet redirects echo req Echo request ping packets echo rpy Echo replies received timestamp req Requests for a timestamp timestamp rpy Replies of timestamp requests...

Page 114: ...MAC validation packets a destination address lookup failure or when the destination address is an IP interface that has a route configured to the null 0 interface In Invalid Source Address Packets Pac...

Page 115: ...led Internet address is 1 1 1 2 255 255 255 0 IP statistics Rcvd 0 local destination 0 hdr errors 0 addr errors 0 unkn proto 0 discards Frags 0 reasm ok 0 reasm req 0 reasm fails 0 frag ok 0 frag crea...

Page 116: ...ast Packets 0 Bytes 0 Multicast Routed Packets 0 Bytes 0 Out Scheduler Dropped Packets 0 Bytes 0 Out Policed Packets 0 Bytes 0 Out Discarded Packets 0 queue 0 traffic class best effort bound to ip Gig...

Page 117: ...he sum of all drop reasons other than fabric drops fabric drops are reported as 0 but might actually be nonzero If you halt traffic the In Total Dropped Packets and Out Total Dropped Packets values ar...

Page 118: ...er Drops Conformed Packets 0 Bytes 0 Out Scheduler Drops Exceeded Packets 0 Bytes 0 Out Policed Packets 0 Bytes 0 ip si0 is up line protocol is up Network Protocols IP Virtual Router vr a Layer 2 inte...

Page 119: ...Bytes 0 Multicast Packets 0 Bytes 0 In Policed Packets 0 Bytes 0 In Error Packets 0 In Invalid Source Address Packets 0 Out Forwarded Packets 101 Bytes 5252 Unicast Packets 101 Bytes 5252 Multicast R...

Page 120: ...red interface none Router Directed Broadcast Enabled ICMP Redirects Disabled Access Route Addition Enabled Network Address Translation Enabled domain inside Source Address Validation Enabled Ignore DF...

Page 121: ...e groups of addresses at a given level or routes learned from other routing protocols Routing for Networks Network for which IS IS is currently injecting routes For OSPF Router ID OSPF process ID for...

Page 122: ...ocol is running Redistributing Protocol to which RIP is redistributing routes Routing for Networks Network for which RIP is currently injecting routes Example host1 show ip protocols Routing Protocol...

Page 123: ...igured route redistribution policy Field descriptions To Protocol that routes are distributed into From Protocol that routes are distributed from status Redistribution status route map number Number o...

Page 124: ...VR VRF indirect next hop Prefix Length Type Next Hop Dist Met Intf 172 16 2 0 24 Bgp 192 168 1 102 20 1 fastEthernet0 0 10 10 0 112 32 Static 192 168 1 1 1 1 fastEthernet0 0 10 1 1 0 24 Connect 10 1 1...

Page 125: ...oute type inter E route type external i metric type internal e metric type external O OSPF E1 external type 1 E2 external type2 N1 NSSA external type1 N2 NSSA external type2 L MPLS label V VR VRF indi...

Page 126: ...2 2 2 2 32 O I 30 30 30 2 110 3 ATM2 0 30 31 31 31 2 110 3 ATM2 0 31 10 10 10 0 24 Connect 10 10 10 1 0 0 ATM2 0 10 20 20 20 0 24 Connect 20 20 20 1 0 0 ATM2 0 21 4 4 4 4 32 Bgp 2 2 2 2 200 2 3 3 3 3...

Page 127: ...0 10 10 0 231 Example 2 host1 show ip route slot 9 90 248 1 2 IP address Interface Next Hop 90 248 1 2 serial9 23 2 Example 3 host1 show ip route slot 9 90 249 255 255 IP address Interface Next Hop 9...

Page 128: ...SEPORT Allow reuse of local port so_state State of each socket knowledge of BSD Sockets API is useful to understand this information SS_NOFDREF No file table reference any more SS_ISCONNECTED Socket i...

Page 129: ...the free pool Call to rsSocket Call to create the socket using rsSocket as opposed to socket Call to socket 8 bit value indicating how the call went Call to connect 8 bit value indicating how the call...

Page 130: ...5 10 13 5 70 23 10 10 132 71 2000 type 1 SOCK_STREAM opts 13 SO_DEBUG SO_REUSEADDR SO_KEEPALIVE so_state 177 SS_NOFDREF SS_CANTSENDMORE SS_CANTRCVMORE SS_PRIV 18 0 0 0 0 23 0 0 0 0 0 type 1 SOCK_STRE...

Page 131: ...ify BFD or verify rtr RTR keywords were not specified as part of the ip route command The display can include the following BFD up down Current status of the associated BFD operation operation number...

Page 132: ...be on the reordering queues of all connections in all virtual routers Default Per VR Maximum Default maximum number of buffers for all connections in a single VR Default Connection Maximum Default ma...

Page 133: ...s Discarded Because Global Limit Exceeded 25 Buffers Discarded Because VR Limit Exceeded 15 See show tcp resequence buffers show tcp path mtu discovery Use to display PMTU information Field descriptio...

Page 134: ...cs Use the brief keyword to display summary information or the detailed keyword to display extensive information Use the diagnostic keyword to display diagnostic information collected on the TCP stati...

Page 135: ...local port for the connection attempt and the number of identical attempts that have been received on that port in a row The reason for rejection is not given This information may be useful in trackin...

Page 136: ...nection out of order pkts Number of packets received out of order on the TCP connection Diagnostics PRU_ Operations counters Number of calls for each of the indicated PRU_operations within the TCP ser...

Page 137: ...ction statistic keep T O pre estab Number of times the keepalive timer expired before the connection reached the established state This is a per connection statistic tcpkeeptimeo_idle Number of times...

Page 138: ...value indicates the count of packets that would have been acknowledged if the protections were enabled Providing this information can help determine whether attacks are occurring Bogus RSTs Number of...

Page 139: ...r does not increase ICMP TooBigs for unk connection Number of ICMP Too Big messages that the router has received for TCP connections that do not exist When PMTU is disabled this counter does not incre...

Page 140: ...tion reordering queue High Water Most buffers that have ever been on the connection reordering queue Buffers discarded Number of buffers that were discarded because keeping them would have exceeded th...

Page 141: ...ddr 192 168 1 139 Remote port 1038 State ESTABLISHED Authentication None Rcvd 295 total pkts 159 in sequence pkts 299 bytes 0 chksum err pkts 0 bad offset pkts 0 short pkts 0 duplicate pkts 0 out of o...

Page 142: ...tion is ENABLED RSTs acked 0 Bogus RSTs 0 SYNs acked 0 Bogus SYNs 0 Data Insertions rejected 0 PMTUD Information PMTUD ENABLED Administrative Minimum MTU 512 Administrative Maximum MTU none Timer 1 10...

Page 143: ...ets containing header errors addr errors Number of packets containing addressing errors unkn proto Number of packets received containing unknown protocols discards Number of discarded packets IP Stati...

Page 144: ...rpy Number of echo replies received timestamp req Number of requests for a timestamp timestamp rpy Number of replies to timestamp requests addr mask req Number of mask requests received addr mask rpy...

Page 145: ...opped Number of TCP connections dropped closed Number of TCP connections closed currently established Number of TCP connections currently established TCP Global Statistics Rcvd total pkts Total number...

Page 146: ...param probs 0 src quench 0 redirects 0 echo req 0 echo rpy 0 timestamp req 0 timestamp rpy 0 addr mask req 0 addr mask rpy Sent 463866 total 0 errors 163676 dest unreach 0 time excd 0 param prob 0 sr...

Page 147: ...tatistics show profile brief Use to list all profile names Field descriptions Profile Profile names Example host1 show profile brief Profile foo trill profile4 See show profile brief show route map Us...

Page 148: ...Set clauses set local pref 400 See show route map 124 Monitoring IP JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Page 149: ...anaging IPv6 Interfaces on page 139 Configuring Shared IPv6 Interfaces on page 141 Adding a Description on page 143 IPv6 TCP Configuration on page 143 Configuring Equal Cost Multipath Load Sharing on...

Page 150: ...n to establish an end to end connection before transmitting data Instead just like its IPv4 predecessor IPv6 continues to rely on protocols in other layers to establish the connection if connection or...

Page 151: ...iring a specific class of service CoS routers can identify these packets and handle them in a similar fashion Payload length Previously the total length field in IPv4 the payload length field specifie...

Page 152: ...ress Representation IPv6 addresses consist of eight hexadecimal groups Each hexadecimal group separated by a colon consists of a 16 bit hexadecimal value The following is an example of the IPv6 format...

Page 153: ...link Site local Used as private addresses to restrict communication to a domain portion NOTE IPv6 routers must not forward packets that have site local source or destination addresses outside the site...

Page 154: ...tside the site Multicast addresses support 16 different types of scope including node link site organization and global scope A four bit field in the prefix identifies the scope Address Structure Unic...

Page 155: ...ple the trace destination address is 1 1 the maximum number of hops of the trace is 20 and the timeout value is 10 seconds host1 traceroute ipv6 1 1 hop limit 20 timeout 10 IPv6 Tunnel Routing Table T...

Page 156: ...decreasing the number of state changes required to achieve convergence Platform Considerations For information about modules that support IPv6 and Neighbor Discovery on the ERX7xx models ERX14xx mode...

Page 157: ...ion Base for IP Version 6 Textual Conventions and General Group December 1998 RFC 2466 Management Information Base for IP Version 6 ICMPv6 Group December 1998 You can access these and other Internet R...

Page 158: ...profile A profile is a set of characteristics that acts as a pattern that can be dynamically assigned to an IPv6 interface You can manage a large number of IPv6 interfaces efficiently by creating a p...

Page 159: ...command to remove an IPv6 address See ipv6 address ipv6 nd Use to enable the IPv6 Neighbor Discovery process on an interface You can include the following commands in IPv6 profiles to configure Neigh...

Page 160: ...re the default MTU size See ipv6 mtu ipv6 unnumbered Use to set up an unnumbered interface An unnumbered interface does not have an IPv6 address assigned to it Unnumbered interfaces are often used in...

Page 161: ...arrives on an interface the router performs a routing table lookup using the source address The result from the routing table lookup is an interface to which packets destined for that address are rou...

Page 162: ...se a specific route through the network Example host1 config ipv6 route 7fff 0 16 1 1 Use the no version of this command to remove a static route from the routing table See ipv6 route Specifying an IP...

Page 163: ...o version See clear ipv6 interface ipv6 enable Use to enable or disable an IPv6 interface at any time NOTE By default an IPv6 interface is enabled when you first create it Example host1 config if ipv6...

Page 164: ...eping across a range of sizes For example you can configure the sweep interval to sweep across the range of packets from 100 bytes to 1000 bytes in increments equal to the sweep interval By default th...

Page 165: ...size might help locate any MTU problems that exist between your router and a particular device Hop count in the range 1 255 the default is 32 You can also force transmission of the packets on a speci...

Page 166: ...2 interface to refer to them because the shared interface can be moved Example host1 config interface ipv6 si1 Use the no version to delete the IPv6 interface See interface ipv6 ipv6 share interface...

Page 167: ...onfig if ipv6 description boston01 ipv6 interface Example 2 host1 config subif ipv6 description dallas05 ipv6 subinterface Use the no version to remove the text description or alias See ipv6 descripti...

Page 168: ...he smallest MTU for each hop in the path Path MTU discovery is the process of discovering the PMTU value and using that value when transmitting IP datagrams Enabling PMTU Discovery Use the tcp path mt...

Page 169: ...d for that connection If a PMTU discovery value is larger than the configured maximum MTU setting the configured maximum MTU setting is used The maximum MTU setting must be greater than the minimum MT...

Page 170: ...outer from denial of service DoS attacks Normally when it receives an RST or SYN message for an existing connection TCP attempts to shut down the TCP connection This action is expected under normal co...

Page 171: ...potentially determine the source and destination ports and IP addresses of both hosts that are engaged in an active connection With this information the attacker might be able to inject a specially cr...

Page 172: ...byte of TCP space Under these conditions an attacker can send a large number of 1 byte packets to an E Series router in which each packet is buffered consuming an entire packet buffer and eventually c...

Page 173: ...current or specified virtual router can use Specify a value of zero 0 to turn off the limit assignment Example host1 config tcp resequence buffers vr maximum Use the no version to revert the virtual r...

Page 174: ...er then balances traffic across these sets of equal cost paths by using hashed mode Hashed Mode Hashed mode uses hashing of source and destination addresses to determine which of the available paths i...

Page 175: ...FEC pointed to by the indirect next hop is either an interface or a direct next hop An indirect next hop member is not resolved to an interface if it points to another indirect next hop or to an equa...

Page 176: ...nd ipv6 neighbor Use to create static IPv6 neighbors Example host1 config ipv6 neighbor 1 10 fastEthernet 1 0 0002 7dfa 0034 Use the no version of this command to delete the neighbor See ipv6 neighbor...

Page 177: ...ent logs see the JUNOSe System Event Logging Reference Guide Establishing a Baseline IPv6 statistics are stored in system counters The only way to reset the system counters is to reboot the system You...

Page 178: ...ool There is no no version See baseline ipv6 local pool baseline tcp Use to set a statistics baseline for all both IPv4 and IPv6 TCP statistics or for only IPv4 or IPv6 statistics The router implement...

Page 179: ...r advertisements received show ipv6 static IPv6 static routes show ipv6 traffic IPv6 statistics traffic show ipv6 udp statistics IPv6 UDP information show license ipv6 IPv6 license string show tcp sta...

Page 180: ...r destination hdr errors Number of packets containing header errors addr errors Number of packets containing addressing errors unkn proto Number of packets received containing unknown protocols discar...

Page 181: ...eceived with destination unreachable admin unreach Packets sent because the destination was administratively unreachable for example due to a firewall filter parameter problem Packets received with pa...

Page 182: ...whether the RA includes the link layer ND RA interval Interval in seconds of the neighbor discovery router advertisement ND RA lifetime Lifetime in seconds of the neighbor discovery router advertisem...

Page 183: ...ace Out Total Dropped Packets Total number of outbound packets and bytes dropped by this interface Out Scheduler Dropped Packets Bytes Number of outbound packets and bytes dropped by the scheduler Out...

Page 184: ...disabled other config flag is disabled ND RA advertising prefixes configured on interface In Received Packets 12 Bytes 1260 Unicast Packets 5 Bytes 588 Multicast Packets 7 Bytes 672 In Total Dropped P...

Page 185: ...r config flag is disabled ND RA advertising prefixes configured on interface ICMPv6 statistics Rcvd 12 total 0 errors 0 rtr solicits 7 rtr advertisements 1 neighbor solicits 1 neighbor advertisements...

Page 186: ...ytes 0 Out Total Dropped Packets 0 Bytes 0 Out Scheduler Dropped Packets 0 Bytes 0 Out Policed Packets 0 Out Discarded Packets 0 FastEthernet9 1 5 line protocol VlanSub is up ipv6 is up Description IP...

Page 187: ...s advertised ND RA interval is 200 seconds lifetime is 1800 seconds ND RA managed flag is disabled other config flag is disabled ND RA advertising prefixes configured on interface In Received Packets...

Page 188: ...ded 0 packets 0 bytes IPv6 policy output ipv6PolOut2 rate limit profile RlpOutA classifier group clgB entry 1 Committed 0 packets 0 bytes Conformed 0 packets 0 bytes Exceeded 0 packets 0 bytes rate li...

Page 189: ...Packets 8 Bytes 768 Multicast Routed Packets 0 Bytes 0 Out Total Dropped Packets 5 Bytes 0 Out Scheduler Dropped Packets 0 Bytes 0 Out Policed Packets 0 Out Discarded Packets 5 queue 0 traffic class...

Page 190: ...no routes 0 discards ICMPv6 statistics Rcvd 0 destination unreach 0 admin unreach 0 parameter problem 0 time exceeded 0 pkt too big 0 echo requests 0 echo replies Sent 0 destination unreach 0 admin u...

Page 191: ...ed 0 pkt too big 5 echo requests 0 echo replies Operational MTU 1500 Administrative MTU 0 Operational speed 100000000 Administrative speed 0 Creation type Static ND reachable time is 3600000 milliseco...

Page 192: ...cards Sent 0 generated 0 no routes 0 discards ICMPv6 statistics Rcvd 0 destination unreach 0 admin unreach 0 parameter problem 0 time exceeded 0 pkt too big 0 echo requests 0 echo replies Sent 0 desti...

Page 193: ...ped conformed packets 0 bytes 0 Dropped exceeded packets 0 bytes 0 loopback5 line protocol IpLoopback is up ipv6 is up Network Protocols IPv6 Link local address fe80 90 1a00 740 1d44 Internet address...

Page 194: ...gA entry 1 Committed 0 packets 0 bytes Conformed 0 packets 0 bytes Exceeded 0 packets 0 bytes rate limit profile Rlp8Mb Committed 0 packets 0 bytes Conformed 0 packets 0 bytes Exceeded 0 packets 0 byt...

Page 195: ...uring normal operation a failed attempt does not necessarily indicate a problem It is normal to see many Load Errors per day If the Status field does not indicate Valid then the routing table distribu...

Page 196: ...ed in a particular pool Total Number of prefixes available for allocation to clients from a particular pool In Use Number of prefixes in a pool that are currently used by DHCPv6 clients Pool Name of t...

Page 197: ...xample 1 Displaying information on IPv6 local address pools host1 show ipv6 local pool IPv6 Local Address Pools Pool Start End example 2002 2002 48 2002 2002 ffff 48 example 3003 3003 56 3003 3003 0 1...

Page 198: ...es or both Use the static keyword to display only static entries Use the dynamic keyword to display only dynamic entries Use the summary keyword to display summary information Field descriptions Inter...

Page 199: ...terface Specifier for the unnumbered interface or none if the interface is numbered Router Router name Access Route Addition Enabled or disabled Source Address Validation Enabled or disabled Administr...

Page 200: ...MED as worst Status of Missing MED as worst Route flap dampening Status of route dampening Log neighbor changes Status of Log neighbor changes Fast External Fallover Status of Fast External Fallover...

Page 201: ...re 20 ext 200 int and 200 local Client to client reflection is enabled Cluster ID is 1 1 1 1 Route target filter is enabled Default IPv4 unicast is enabled Local RIB version 8 FIB version 8 Neighbor s...

Page 202: ...ndex An autogenerated value for the next hop interface Example 1 host1 show ipv6 route Prefix Length Type Dst Met Intf 1 16 Connect 0 0 loopback1 5 64 Connect 0 0 ATM4 0 15 6 64 Static 1 0 ATM4 0 15 2...

Page 203: ...keyword to display router advertisements that differ from the advertisements configured Field descriptions Route Router for which this information applies Hops Number of hops that the router uses in...

Page 204: ...etransmit time 0 msec Example 2 host1 show ipv6 routers conflicts Router FE80 203 FDFF FE34 7039 on FastEthernet1 0 last update 1 min CONFLICT Hops 64 Lifetime 1800 sec AddrFlag 0 OtherFlag 0 Reachabl...

Page 205: ...ets that could not be routed that were discarded IPv6 statistics Mcast received Number of multicast packets received forwarded Number of multicast packets forwarded IPv6 statistics Routes Number of ro...

Page 206: ...ble for example due to a firewall filter parameter problem Packets received with parameter errors time exceeded Packets received with time to live exceeded pkt too big Number of packet too big message...

Page 207: ...bor advertisements Group membership 0 queries 0 responses 0 reductions Sent 3 total 0 errors 0 destination unreach 0 admin unreach 0 parameter problem 0 time exceeded 0 pkt too big 0 redirects 0 echo...

Page 208: ...TCP Global Statistics Connections attempted Number of outgoing TCP connections attempted accepted Number of incoming TCP connections accepted established Number of TCP connections established TCP Glo...

Page 209: ...ed This statistic often indicates that either a socket connection limit has been reached or that there was no memory to hold the socket data structures TCP Session Statistics Local addr Local address...

Page 210: ...ed and before the data structure gets removed This is a per connection statistic Connect request rejected Number of times an incoming connection request was not approved This is a per connection stati...

Page 211: ...ents can be recorded Did a PRU_CONNECT Fast Timeout Did a PRU_CONNECT2 2MSL Timeout Did a PRU_DISCONNECT Retransmit Timeout Did a PRU_ACCEPT Persist Timeout Did a PRU_SHUTDOWN Received FIN packet Did...

Page 212: ...pired and therefore ignored Data Insertions rejected Number of packets received and dropped because they are believed to have been inserted by an attacker NOTE This count is maintained even when the p...

Page 213: ...router to increase or decrease its estimate of the MSS Calculated MSS to peer MSS that path MTU discovery has calculated if PMTUD is enabled to the peer MSS received from peer MSS that the peer recei...

Page 214: ...kts 0 in sequence pkts 0 bytes 0 chksum err pkts 0 bad offset pkts 0 short pkts 0 duplicate pkts 0 out of order pkts Sent 0 total pkts 0 data pkts 0 bytes 0 retransmitted pkts 0 retransmitted bytes Lo...

Page 215: ...ONTROL 0 PRU_SENSE 0 PRU_RCVOOB 0 PRU_SENDOOB 0 PRU_SOCKADDR 0 PRU_PEERADDR 0 PRU_CONNECT2 0 PRU_FASTTIMO 0 PRU_SLOWTIMO 0 PRU_PROTORCV 0 PRU_PROTOSEND 0 Wildcard Matches 2 Rcv d Packets after connect...

Page 216: ...nsmissions MTU MSS Information ENABLED on this connection MSS in effect 536 Calculated MSS to peer 536 MSS received from peer 0 Application set MSS 0 Xmit Interface MSS 0 MSS Sent to Peer 0 ICMP DestU...

Page 217: ...s use ND to actively track the ability to reach neighbors When a router or the path to a router fails nodes actively search for alternatives to reach the destination IPv6 Neighbor Discovery correspond...

Page 218: ...support Neighbor Discovery For information about modules that support Neighbor Discovery on the E120 and E320 Broadband Services Routers See E120 and E320 Module Guide Table 1 Modules and IOAs for det...

Page 219: ...ns using a specified interval host1 config if ipv6 nd ns interval 500 4 Optional Configure the interface to assume that a neighbor is reachable for a specified time after a reachable confirmation even...

Page 220: ...files to configure Neighbor Discovery route advertisements for dynamically configured interfaces In addition you can use RADIUS to configure the prefix in Neighbor Discovery route advertisements for d...

Page 221: ...bility confirmation event occurs ipv6 nd reachable time Disables router advertisement transmissions ipv6 nd suppress ra For additional information about using IPv6 profiles to configure dynamic interf...

Page 222: ...managed address configuration flag in IPv6 router advertisements Example host1 config if ipv6 nd managed config flag Use the no version of this command to clear the flag from IPv6 router advertisemen...

Page 223: ...6 nd ra interval 500 Use the no version of this command to restore the default interval 200 seconds See ipv6 nd ra interval ipv6 nd ra lifetime Use to specify the router lifetime value in seconds in I...

Page 224: ...et interface See ipv6 nd suppress ra ipv6 nd suppress ra source link layer Use to suppress IPv6 router advertisement transmissions on a local area network Ethernet interface Example host1 config if ip...

Page 225: ...messages However the router relies on the receiving device to understand the address duplication and does not prompt a conflict if the address already exists The CLI allows you to specify the number...

Page 226: ...pecific output appears in the output of various IPv6 show commands For detailed information about IPv6 show commands and their output see Configuring IPv6 on page 125 202 Monitoring Neighbor Discovery...

Page 227: ...Part 2 Internet Protocol Routing Configuring RIP on page 205 Configuring OSPF on page 241 Configuring IS IS on page 325 Internet Protocol Routing 203...

Page 228: ...204 Internet Protocol Routing JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Page 229: ...rks RIP uses distance vector routing to route information through IP networks Distance vector routing requires that each router simply inform its neighbors of its routing table For each network path t...

Page 230: ...he RIP request and response messages also contain a list of route entries Each route entry contains the following Address Entry Identifier The type of address Destination IP address The destination ad...

Page 231: ...e RIP routing domain from external RIP routes which may have been imported from an EGP exterior gateway protocol or another IGP interior gateway protocol Routers supporting protocols other than RIP sh...

Page 232: ...host1 config interface fastEthernet 0 0 host1 config if ip rip send version 2 host1 config if ip rip authentication mode text host1 config if ip rip authentication key ke6G72mV Example 2 The followin...

Page 233: ...ort for routes matching a route map Alternatively you can explicitly specify routes for RIP to summarize Prefix Tree Example The following example shows how to configure a 16 bit route summary 1 Speci...

Page 234: ...Multipath RIP supports equal cost multipath ECMP and installs into the routing table multiple entries for paths to the same destination Each of these multiple paths to a given destination must have th...

Page 235: ...onal Specify a RIP send version for an interface By default RIP interfaces on your router send only RIPv1 Optional Specify an authentication mode and authentication password or key This step is permit...

Page 236: ...route map 4 host1 config router redistribute bgp 100 route map 4 12 Optional Enable unicast communication with RIP neighbors host1 config router neighbor 10 10 21 100 host1 config router passive inte...

Page 237: ...alues Send version is RIPv1 receive version is RIPv1 and RIPv2 authentication is not enabled Example host1 config router address 10 2 1 1 Use the no version to delete the RIP interface See address add...

Page 238: ...ss receive version address send version Use to restrict the RIP version that the router can send on an interface The default is to send only RIPv1 Example host1 config router address 10 2 1 1 send ver...

Page 239: ...t route See default information originate default metric Use to configure RIP to apply this metric for redistributed routes on all subsequently created interfaces Configuring a default metric lowers t...

Page 240: ...of the distribute list See distribute list interface event disable Use to configure RIP to purge the routing table for interfaces that were brought down by some event Example host1 config router inte...

Page 241: ...assword requests and updates from this router are rejected Specify md5 keyID to send an MD5 hash to neighbors Neighbors must share the MD5 key to decrypt the message and encrypt the response Example h...

Page 242: ...cify a metric associated with the summary address The default metric is 1 Example host1 config router ip summary address 4 4 0 0 255 255 0 0 5 host1 config router ip summary address 4 3 0 0 255 255 0...

Page 243: ...work mask to the new address so that RIP runs on that specific network If you do not specify an interface s network the network is not advertised in any RIP updates You can specify either the standard...

Page 244: ...om the source routing protocol to the current routing protocol If you do not specify the route map option all routes are redistributed If you specify the route map option but no route map tags are lis...

Page 245: ...d to the IP routing table The new route map is applied to all routes currently in and those subsequently placed in the forwarding table Previously redistributed routes are redistributed with the chang...

Page 246: ...s invalid 60 host1 config router timers holddown 60 host1 config router timers flush 90 Use the no version to restore the default values 30 180 120 300 See timers triggered update disable Use to preve...

Page 247: ...terfaces command CAUTION Issuing the ip rip copy to dynamic command enables RIP on all dynamic unnumbered interfaces that reference the interface and become active after issuing the command This may u...

Page 248: ...ing table whereas routes available for multicast RPF checks appear in the multicast view of the routing table ip route type Use to specify whether RIP routes are available only for unicast forwarding...

Page 249: ...a peer does not receive a BFD packet within the detection interval it declares the BFD session to be down and purges all routes learned from the remote peer NOTE Before the router can use the address...

Page 250: ...ote Neighbors You can create RIP remote neighbors to enable the router to establish neighbor adjacencies through unidirectional interfaces such as MPLS tunnels rather than the standard practice of usi...

Page 251: ...ghbors Remote neighbors must share the MD5 key to decrypt the message and encrypt the response This command is supported only in RIPv2 Authentication is disabled by default Example host1 config router...

Page 252: ...25 100 14 Use the no version to remove the remote neighbor and any attributes configured for the remote neighbor See remote neighbor send version Use to restrict the RIP version that the router can s...

Page 253: ...en the RIP router must have two unique local source IP addresses one for each of its remote neighbors Example host1 config router rn update source atm 2 0 17 Use the no version to delete the source ad...

Page 254: ...0 7 You can set the verbosity of the messages you want displayed low medium high Example host1 debug ip rip events Use the no version to cancel the display of any information about the designated vari...

Page 255: ...Name to limit the display to a specific VRF Use the ifconfig keyword to display address and interface configuration information instead of the default operational data Field descriptions Router Inform...

Page 256: ...te 0 0 0 0 0 if the default route exists in the IP routing table Triggered Updates Ability enabled or disabled of RIP to send triggered updates Purge Routes on Interface Down Event Ability enabled or...

Page 257: ...r BFD session failure The default is 300 milliseconds BFD minimum transmit interval msec Configured minimum interval between BFD control packets sent by the local RIP peer used with RIP peers to negot...

Page 258: ...rk netmask Neighbor No Configured Neighbors Address Operational Data Unnumbered Rip is up ATM2 1 18 Dynamic creation and inherits configuration from loopback1 Received bad packet 0 Received bad routes...

Page 259: ...tric default Passive Interface No Access list applied to outgoing route none Access list applied to incoming route none Route map applied to outgoing route none Copy configuration to dynamic interface...

Page 260: ...nfiguration Rx Receive version of RIP on this interface Auth Type of authentication password text or MD5 Met Current value is the same as the router one the default metric Based on MIB 2 for RIP the i...

Page 261: ...cates that the next address the packet should be sent to is the router that originally sent the RIP message Intf Interface that the route has learned Example host1 show ip rip database Prefix Length t...

Page 262: ...1 Bad packet received 0 Bad routes received 0 BFD Down 192 168 1 250 Time since last update received 7 Peer version 2 Bad packet received 0 Bad routes received 0 BFD Up See show ip rip peer show ip ri...

Page 263: ...Number of route changes 901 Number of route queries 0 fastEthernet 0 0 10 2 1 32 Received bad packet 0 Received bad routes 0 Triggered updates sent 2 Received updates 41 See show ip rip statistics sho...

Page 264: ...240 Monitoring RIP JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Page 265: ...OSPF Areas on page 266 Optimizing the Cost to Reach a Range of OSPF Routers Within an Area on page 270 Configuring Authentication on page 272 Configuring the BFD Protocol for OSPF on page 276 Configu...

Page 266: ...an AS and after a short convergence period calculate new loop free routes This protocol has been designed expressly for the TCP IP Internet environment including explicit support for classless interdo...

Page 267: ...ing CIDR A designated device OSPF router with which other routers form adjacencies reducing the number of adjacencies required on a broadcast or NBMA network designated router A collection of routers...

Page 268: ...only to NSSAs Type 8 Not supported Type 9 Opaque LSA with a link local scope Type 9 LSAs are not flooded beyond the local network local link Type 10 Opaque LSA with an area local scope Type 10 LSAs ar...

Page 269: ...g into the area however type 3 LSAs carrying default route information alone are injected into the area Totally stubby area A logical link between two backbone routers for which the link tunnels throu...

Page 270: ...pf ospfv3 graceful restart 04 txt November 2006 expiration RFC 2328 OSPF Version 2 April 1998 RFC 2370 The OSPF Opaque LSA Option July 1998 RFC 2740 OSPF for IPv6 RFC 3623 Graceful OSPF Restart Novemb...

Page 271: ...SPF as type 2 external Type 2 metric is much larger than the cost of any intra AS path the cost is equal to the external cost This is the OSPF default External 4 lowest If you use the redistribute com...

Page 272: ...ath ECMP When building the shortest path tree OSPF calculates all paths of equal cost to a given destination If equal cost paths exist OSPF inserts into the routing table the next hops for all equal c...

Page 273: ...rs New LSAs have been added to distribute IPv6 address information and data required for next hop resolution In addition to the obvious address and processing modifications to handle IPv6 addressing c...

Page 274: ...options bits in the Network LSA to be originated for the link Intra area prefix LSA new for OSPFv3 Associates a list of IPv6 address prefixes with a transit network link by referencing a network LSA...

Page 275: ...these tasks Starting OSPF You enable OSPFv2 and OSPFv3 differently When you enable OSPFv2 on your router you can create either a range of OSPFv2 interfaces or a single OSPFv2 interface When enabling...

Page 276: ...PFv3 provides IPv6 support in the OSPF protocol To enable OSPFv3 1 Issue the ipv6 router ospf command and specify a process ID 2 Use the router id command to specify a router ID for OSPFv3 See Specify...

Page 277: ...if ip address 2 2 2 1 255 255 255 0 host1 config if ip address 2 2 1 1 255 255 255 0 secondary host1 config router ospf 2 host1 config router network 2 2 2 0 0 0 0 255 area 0 host1 config router netwo...

Page 278: ...from the OSPFv2 router context Example 1 host1 config router ospf 5 Example 2 host1 config ipv6 router ospf 5 Use the no version to end the designated OSPF routing process See router ospf See ipv6 ro...

Page 279: ...o version of this command is deprecated and might be removed in a future release Use the ospf shutdown command to disable OSPF on the router See ospf enable router ospf Use to set an OSPF process ID T...

Page 280: ...command area range Use to aggregate OSPF routes at an OSPF area border Use only for ABRs You can configure multiple instances of the area range command for a single OSPF area By default the range of c...

Page 281: ...the address For OSPF these commands summarize only routes from other routing protocols that are being redistributed into OSPF With these commands you can reduce the load of advertising many OSPF exter...

Page 282: ...etwork The ip ospf commands configure OSPF attributes for all OSPF networks in the given interface context for example in a multinet environment where multiple IP networks sit on top of an Ethernet in...

Page 283: ...ddress or it can be unnumbered Example host1 config router address 192 168 10 32 area 6 host1 config router address 192 168 10 32 dead interval 60 Use the no version to reset the dead interval to the...

Page 284: ...ress retransmit interval Use to specify the time between LSA retransmissions for the interface when an acknowledgment for the LSA is not received Specify an interval in the range 0 3600 seconds the de...

Page 285: ...the value previously specified by the address command NOTE The ip ospf commands configure OSPF attributes for all OSPF networks in the given interface context for example in a multinet environment wh...

Page 286: ...e no version to reset the path cost to the default value 1 See ip ospf cost See ipv6 ospf cost ip ospf dead interval ipv6 ospf dead interval Use to configure the interval since the last hello packet w...

Page 287: ...6 ospf mtu ignore Use to specify that the interface disregard the MTU size contained in the data description packet When enabled the interface accepts data description packets from its neighbor even i...

Page 288: ...xample 2 host1 config if ipv6 ospf priority 2 Use the no version to restore the default value 1 See ip ospf priority See ipv6 ospf priority ip ospf retransmit interval ipv6 ospf retransmit interval Us...

Page 289: ...rk area command host1 config interface fastEthernet 0 0 host1 config if ip address 1 1 1 1 255 255 255 0 host1 config if ip address 2 2 2 2 255 255 255 0 secondary host1 config if exit host1 config ro...

Page 290: ...host1 config int fastEthernet 0 0 host1 config if ip ospf cost 23 The cost of OSPF interface 10 10 1 1 does not change The previously issued address cost command is more specific for the interface an...

Page 291: ...stub area An NSSA is like a stub area but it can also import external AS routes in a limited way To cause NSSA border routers to generate a type 7 default LSA in the OSPF database if there is a defaul...

Page 292: ...can continue to flow into the area Example host1 config router area 47 0 0 0 stub Use the no version to disable this function See area stub area virtual link Use to configure an OSPF virtual link A v...

Page 293: ...version to remove the virtual link s hello interval See area virtual link hello interval area virtual link retransmit interval Use to configure the retransmission interval on an OSPF virtual link The...

Page 294: ...o area Use to remove the specified area only if no OSPF interfaces are configured in the area Example host1 config router no area 47 0 0 0 There is no affirmative version of this command there is only...

Page 295: ...ABR 1 Router 4 Router 5 ABR 2 Router 6 A cost of 3 to reach Router 5 ABR 1 Router 4 Router 5 A cost of 2 to reach Router 4 ABR 1 Router 4 The highest individual cost is 5 ABR 1 subsequently advertises...

Page 296: ...print or message digest of the input MD5 is used to create digital signatures It is a one way hash function meaning that it takes a message and converts it into a fixed string of digits called a messa...

Page 297: ...rsion of that configuration command can delete the MD5 key ID and password Example host1 config router address 10 12 10 2 authentication message digest Use the no version to set authentication for the...

Page 298: ...e digest Use to specify that MD5 authentication is used for the particular virtual link You must configure the MD5 key ID and password with the area virtual link message digest key md5 command Switchi...

Page 299: ...me password on all neighboring routers on the same network Use this password only when you enable authentication for the interface You can specify whether the key is entered in unencrypted or encrypte...

Page 300: ...eys The MD5 key is a character string up to 16 characters long You must also specify a key identifier and whether the key is entered in unencrypted or encrypted format If you do not specify which the...

Page 301: ...Services Configuration Guide ip ospf bfd liveness detection ipv6 ospf bfd liveness detection Use to enable BFD bidirectional forwarding detection and define BFD values to more quickly detect OSPFv2 o...

Page 302: ...F You can use these commands to perform the tasks listed in Table 11 on page 278 Table 11 Additional Configuration Tasks Set the maximum paths Filter and apply policy to routes Enable automatic cost c...

Page 303: ...show ip ospf database OSPF Database Router Link States Area 0 0 0 0 Link ID ADV Router Age Seq Checksum 192 168 1 250 192 168 1 250 3 0x80000006 0x39a1 192 168 254 7 192 168 254 7 220 0x80000169 0xd2b...

Page 304: ...nly on the interface type See auto cost reference bandwidth See ospf auto cost reference bandwidth baseline ip ospf baseline ipv6 ospf Use to set a baseline for OSPF statistics and counters The follow...

Page 305: ...k state updates 0 link state acks Sent 0 total 0 pkts dropped 0 hello 0 database desc 0 link state req 0 link state updates 0 link state acks Supports only single TOS TOS0 routes SPF schedule delay 0...

Page 306: ...neighbor command simultaneously on both ends of the OSPF link Doing so brings the OSPF link down completely In this event you must do one of the following on both sides of the link to bring the link b...

Page 307: ...ault generate a default route into the OSPF routing domain The software must have a default route before it generates one except when you have specified the always keyword You can specify a metric for...

Page 308: ...to enable OSPF on the interface See ip ospf shutdown See ipv6 ospf shutdown log adjacency changes ospf log adjacency changes Use to configure the router to send a log message when the state of an OSP...

Page 309: ...n OSPF interface as part of its calculation of the OSPF interface cost The router uses various methods and precedence rules for the commands to calculate the OSPF interface cost For information on the...

Page 310: ...f you specify route map but do not list any route map tags no routes are imported Use to redistribute routes from OSPF into other non OSPF routing domains Example 1 host1 config router ospf 5 host1 co...

Page 311: ...ace Cost The router uses the methods and precedence listed in Table 12 on page 287 to calculate the OSPF interface cost Table 12 Methods and Precedence for Calculating OSPF Interface Cost Precedence C...

Page 312: ...the metric and apply them selectively to redistributed routes host1 config access list 1 permit any any host1 config route map defmetric host1 config route map match ip address 1 host1 config route m...

Page 313: ...the default for the medium You must first issue the address area command before issuing the address network command Example host1 config router address 10 12 10 2 network broadcast Use the no version...

Page 314: ...nly within the indicated area mpls traffic eng router id Designates a router as traffic engineering capable and specifies the address of a stable router interface as the router ID of the node for traf...

Page 315: ...c engineering Typically you specify a loopback interface to provide the greatest stability because this is flooded to all nodes The interface acts as the destination node for tunnels originating at ot...

Page 316: ...eroperate on a router running OSPF Example host1 config router mpls traffic eng multicast intact Use the no version to disable interoperability between a multicast protocol and MPLS TE when running on...

Page 317: ...ach other for example the neighbors must be in the same OSPF area and have the same hello interval and dead interval and so on After you have used the remote neighbor command to specify the remote nei...

Page 318: ...emote neighbor before declaring the neighbor to be down Example host1 config router rn dead interval 180 Use the no version to restore the default value 40 seconds See dead interval hello interval Use...

Page 319: ...te neighbor retransmit interval Use to set the time between LSA retransmissions for the OSPF remote neighbor interface when an acknowledgment for the LSA is not received Specify a value in the range 1...

Page 320: ...rt extensions as defined in RFC 3623 Graceful OSPF Restart Graceful restart enables a router to continue forwarding OSPF traffic based on routing information it receives prior to an unplanned restart...

Page 321: ...l restart restart time NOTE We recommend that you always enable stateful SRP switchover on routers that you have configured with OSPF graceful restart not doing so renders OSPF graceful restart config...

Page 322: ...er If the grace period on the helper router expires before the receipt of max aged grace LSAs the helper router stops the restart process and does not respond to the restarting router The helper route...

Page 323: ...tate change on an OSPF virtual interface nbrStateChange To indicate any state change on a nonvirtual OSPF neighbor virtNbrStateChange To indicate any state change on a virtual OSPF neighbor ifConfigEr...

Page 324: ...eld definitions host1 show ip ospf neighbors history Transition log for neighbor 10 10 8 2 Interface Event Cause Time ATM2 0 8 Seen NA WED DEC 14 07 02 27 Transition log for neighbor 10 10 12 2 Interf...

Page 325: ...the messages you want displayed low medium high Example 1 host1 debug ip ospf adj Example 2 host1 debug ipv6 ospf lsa Use the no version to cancel the display of any information about the designated v...

Page 326: ...Interfaces Neighbors Traffic Virtual links Internal statistics MPLS tunnels and opaque LSAs You can use the output filtering feature of the show command to include or exclude lines of output based on...

Page 327: ...th splits Maximum equal cost paths supported Areas Areas configured and their parameters Number of areas Number of areas in the router Example 1 host1 show ip ospf Routing Process OSPF 1 with Router I...

Page 328: ...state acks LSA discard count 0 Supports only single TOS TOS0 routes SPF schedule delay 0 secs Hold time between two SPFs 3 secs Maximum path splits 4 Area BACKBONE 0 0 0 0 SPF algorithm executed 5 tim...

Page 329: ...b 0 NSSA See show ip ospf See show ipv6 ospf show ip ospf border routers show ipv6 ospf border routers Use to display a list of OSPF border routers Field descriptions Destination Destination s router...

Page 330: ...ptions Link ID Link state ID of the LSA for OSPFv2 For router links set to the router s OSPF router ID For network links set to the IP interface address of the network s designated router For type 3 s...

Page 331: ...es supported by this router LS Type LSA type Link State ID Link state ID of the link local LSA Length Length of the LSA in bytes Bit set Bit set used by this LSA type Link connected to Type of network...

Page 332: ...gth Length of the TLV varies according to the TLV Value Value of the TLV varies according to TLV Example 1 OSPFv2 output host1 show ip ospf database OSPF Database Router Link States Area 0 0 0 0 Link...

Page 333: ...er Age Seq Checksum 5 5 0 250 5 5 0 250 496 0x800000001 0x51c0 Example 2 OSPFv3 general output host1 show ipv6 ospf database OSPF Database V3 Router Link States Area 0 0 0 0 Link ID ADV Router Age Seq...

Page 334: ...Checksum 0 0 0 1 1 1 1 1 40 0x80000001 0xe5a0 Example 3 OSPFv3 database summary information host1 v2 show ipv6 ospf database database summary Area Router Network Intra Prefix Inter Prefix Inter Route...

Page 335: ...Router 3 3 3 3 LS age 131 LS Seq Number 0x80000001 Checksum 0x6c69 Length 32 Options V6 bit set ExternalRoutingCapability R bit set Attached Router 3 3 3 3 Attached Router 2 2 2 2 Example 6 OSPFv3 LS...

Page 336: ...e ID 0 0 0 1 Advertising Router 2 2 2 2 LS Seq Number 0x80000003 Checksum 0xa5fd Length 44 Number of Prefixes 1 Referenced LSA Type 0x 2001 Referenced LSA Advertising Router 2 2 2 2 Referenced LSA ID...

Page 337: ...the link local LSA Advertising Router Router ID of the router that originated the LSA LS Seq Number Link state sequence number to identify duplicate or old LSIDs Checksum Checksum of the complete con...

Page 338: ...LS Seq Number Link state sequence number to identify duplicate or old LSIDs Checksum Checksum of the complete contents of the LSA Length Length of the LSA in bytes TE Router ID Traffic engineering rou...

Page 339: ...TOS capable No Type7 LSA ExternalRoutingCapability No Multicast Capability No External Attributes LSA LS Type Opaque Area TE Links Link State ID 1 0 0 1 Instance Advertising Router 100 1 1 1 LS Seq N...

Page 340: ...Hello Dead Wait and Retransmit Neighbor Count Number of neighbors and their state adjacent neighbors LDP is configured through LDP autoconfig Indicates whether LDP is configured on the interface by me...

Page 341: ...signated Router s router ID 1 1 1 1 Backup Designated Router s router ID 2 2 2 2 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Neighbor Count is 1 Adjacent neighbor count is 1 Adjac...

Page 342: ...ernal statistics Routing Process OSPF 1 with Router ID 5 72 3 1 Internal OSPF Statistics bytes allocated free LSA bytes allocated 216 Router LSA bytes allocated 936 Summary bytes allocated 0 Neighbor...

Page 343: ...decimal format You can use the history keyword with the show ip ospf neighbors command to display a history of up to 10 events for all OSPF neighbors or a specific OSPF neighbor This neighbor uptime t...

Page 344: ...for neighbor 10 10 8 2 Interface Event Cause Time ATM2 0 8 Seen NA WED DEC 14 07 02 27 Transition log for neighbor 10 10 12 2 Interface Event Cause Time ATM2 0 12 Seen NA WED DEC 14 07 09 12 ATM2 0 1...

Page 345: ...1 Transmit Delay is 1 sec Interface State POINT TO POINT Priority 1 No designated router on this network No backup designated router on this network Timer intervals configured Hello 10 Dead 40 Wait 4...

Page 346: ...04 38 0 000 12 12 12 2 LSA Add 00 04 34 0 000 23 23 23 3 LSA Update 00 03 55 0 000 23 23 23 3 Protocol Off 00 03 51 0 000 23 23 23 3 LSA Add 00 03 47 0 000 12 12 12 2 LSA Add 00 03 43 0 000 23 23 23...

Page 347: ...dropped hello Total number of hello packets sent database desc Total number of database description packets sent link state req Total number of link state request packets sent link state updates Tota...

Page 348: ...ls Timer intervals in seconds configured for the link Hello Dead and Retransmit Example host1 show ip ospf virtual links Virtual link to router 192 168 1 13 in state POINT TO POINT Transmit Delay is 1...

Page 349: ...w IS IS is a dynamic routing protocol developed by the International Organization for Standardization ISO and commonly referred to as ISO 10589 IS IS was originally developed at Digital Equipment Corp...

Page 350: ...em IS Routing within an area Level 1 routers or intermediate systems track all the individual links routers and end systems within a level 1 area Level 1 routers do not know the identity of routers or...

Page 351: ...possibly user data This chapter uses the term packet interchangeably with PDU protocol data unit PDU A numeric value assigned to the IP addresses on an IS IS route before the route is propagated to ot...

Page 352: ...ter looks at a packet s area address and compares it with a destination address If the area portion of the destination address matches its own area s address the level 1 router uses the ID portion of...

Page 353: ...y that can be entered in encrypted or unencrypted form The receiving router uses this authentication key to verify the packet You can configure the password for simple authentication by using the foll...

Page 354: ...s Using MD5 authentication for domain routers protects against unauthorized routers injecting false routing information into the routing domain portions of your network This command also enables MD5 a...

Page 355: ...nes to achieve appropriate timing between the actions startAcceptTime must be less than startGenTime stopGenTime must be less than stopAcceptTime When a new key replaces an old one the startGenTime ti...

Page 356: ...if you do not specify stopGenTime and stopAcceptTime As noted previously if the last key expires the router continues to generate that key Many system operators choose to change their keys on a regula...

Page 357: ...e extended IP reachability TLV type 135 carries IP prefixes and is similar to the IP reachability TLVs types 128 and 130 The extended IS reachability TLV type 22 contains information about a series of...

Page 358: ...e the IP address from the interface and then add the IP address back to the interface Consequently when you remove and add back the IP address you must also remove the IS IS configuration from the int...

Page 359: ...es by using an associated route map to set the tag Tagging an IS IS summary address For instructions and examples on configuring IS IS route tags see the sections listed in Table 14 on page 335 Table...

Page 360: ...the routes from level 1 into level 2 host1 config route map map1 permit 5 host1 config route map match tag 221 host1 config route map set metric 10 host1 config route map set metric type external hos...

Page 361: ...ributes origin distance preference level route type metric tag metric type The router applies the specified route map to all routes currently and subsequently installed in the routing table If any pre...

Page 362: ...211 in its hello PDUs to signal the other routers that it supports graceful restart and to request help resynchronizing its LSP database Including the restart TLV in hello packets also ensures that ne...

Page 363: ...estart is supported for IS IS IPv6 traffic depending on the availability of IPv6 high availability It does not affect IP traffic Platform Considerations For information about modules that support IS I...

Page 364: ...1990 RFC 2763 Dynamic Hostname Exchange Mechanism for IS IS February 2000 RFC 2966 Domain wide Prefix Distribution with Two Level IS IS October 2000 RFC 2973 IS IS Mesh Groups October 2000 RFC 3277 In...

Page 365: ...presented You must enable IS IS All other tasks are optional 1 Enable IS IS 2 Configure selected IS IS interface specific parameters 3 Configure selected global IS IS parameters 4 Configure selected I...

Page 366: ...n router If you choose not to specify a tag name a null tag is assumed and the process is referenced with a null tag Use the same tag name for ip router isis as you did for the router isis command Exa...

Page 367: ...is assumed and the process is referenced with a null tag Example host1 config router isis floor12 Use the no version to disable IS IS routing See router isis Summary Example host1 config router isis f...

Page 368: ...1 1111 1111 00 8 Create the IS IS IPv6 address family for the interface host1 config router address family ipv6 unicast 9 Configure any of the following desired IS IS options for the address family re...

Page 369: ...se to configure an IS IS routing process on an IPv6 interface Before the IS IS router process is useful you must assign a NET with the net command and enable some interfaces with IS IS Use the tag par...

Page 370: ...value If that parameter has been modified from its default use the no version of the command to restore its default value Configuring Authentication You can set a password to authenticate IS IS hello...

Page 371: ...lt metric is the value assigned when no quality of service QoS routing is performed You can configure the default metric for a specified interface by selecting level 1 or level 2 routing This resets t...

Page 372: ...interval for an IS IS interface isis csnp interval Use to configure the isis csnp interval level for a specified interface The level can be configured independently for level 1 and level 2 For LAN int...

Page 373: ...s are failing unnecessarily The advertised hold time in IS IS hellos is set to the hello multiplier times the hello interval Neighbors declare an adjacency to this router to be down after not having r...

Page 374: ...default no padding See isis hello padding Configuring LSP Parameters You can configure the transmission interval retransmission interval and retransmission throttle interval for LSPs on an interface...

Page 375: ...itted on point to point links The interval is the number of milliseconds between packets You can choose an interval in the range 0 65535 milliseconds The default delay value is 33 milliseconds The isi...

Page 376: ...packets Optionally you can set a route tag for an IS IS passive interface by including the tag keyword and a numeric tag value in the passive interface command Passive interfaces have a metric of zero...

Page 377: ...mand For example suppose you issue the following commands after the previous configuration host1 config router passive interface atm 2 0 1 host1 config router exit host1 config interface loopback 0 ho...

Page 378: ...an IS IS routing process and access Router Configuration mode host1 config router isis engineering host1 config router 2 Configure a NET for the IS IS process host1 config router net 47 0010 0000 000...

Page 379: ...By default IS IS treats the broadcast link as LAN media and tries to bring up the LAN adjacency even when the interface is configured as unnumbered or only a single neighbor exists on that link In con...

Page 380: ...rk management and configuration This configuration enables IP processing on a point to point interface without an explicit IP address The IP unnumbered interface borrows the IP address of another inte...

Page 381: ...authentication for either an area or a domain area authentication key Use to specify a password used by neighboring routers for authentication of IS IS level 1 LSPs CSNPs and PSNPs Issuing this comman...

Page 382: ...ersion to delete the password See domain authentication key domain message digest key Use to configure HMAC MD5 authentication for a domain Generates a secure encrypted message digest of level 2 packe...

Page 383: ...kets When authentication is enabled it uses either the simple text password specified by the domain authentication key command or the HMAC MD5 key specified by the domain message digest key command Yo...

Page 384: ...2 Configure an access list with filters on routes 10 20 20 0 24 and 10 20 21 0 24 host1 config access list boston permit 10 20 0 0 0 0 255 255 3 Configure a route map that matches the previous access...

Page 385: ...no no version See clear ip isis redistribution See clear isis ipv6 redistribution disable dynamic redistribute Use to halt the dynamic redistribution of routes that are initiated by changes to a rout...

Page 386: ...s traffic from a level 1 router to a router in another area passes through the nearest level 1 2 router as its next hop Consider the topology shown in Figure 20 on page 362 Figure 20 Example of Level...

Page 387: ...s family redistribute isis Use to redistribute IS IS IPv6 routes from level 1 to level 2 or from level 2 to level 1 Use the route map keyword to specify the route map to be applied You can use the rou...

Page 388: ...domain A trade off decision must be made between scalability and optimality Issue this command from within the IS IS IPv6 address family to increase the granularity of IPv6 routing information within...

Page 389: ...fic engineering enable the use of bigger metrics You can specify whether your router accepts generates or accepts and generates only old style metrics only new style metrics or both metric style narro...

Page 390: ...provided for in current extensions to IS IS traffic engineering Use the transition option to accept old style and new style metrics only new style metrics are generated Specify whether the command ap...

Page 391: ...uration Guide default information originate Use to generate a default route into an IS IS routing domain When you specify a route map with this command and the router has a route to 0 0 0 0 in the rou...

Page 392: ...f default routes See suppress default Setting Router Type You can specify whether the router behaves as an IS IS station router area router or both is type Use to configure the router to act as either...

Page 393: ...on to restore the default the value of the lowest cost route See summary prefix Avoiding Transient Black Holes When you start or reload a transit router that is running both IS IS and BGP the router i...

Page 394: ...he LSP to inform the other routers in the domain that they can use it as a transit router BGP is assumed to have converged when all of the following conditions have been met 90 percent of BGP peers ha...

Page 395: ...SPF calculations and revert to the original path of A 1 2 4 B Suppression for IS IS Graceful Restart When graceful restart is configured on the transit router the black hole avoidance feature is suppr...

Page 396: ...word you cannot specify a time interval for on startup but can optionally do so for wait for bgp By default the overload bit is not set Example 1 host1 config router set overload bit Example 2 host1 c...

Page 397: ...g category s messages You can also use the system log command to generate the desired log messages Example host1 config router log adjacency changes severity 3 verbosity low Use the no version to disa...

Page 398: ...00 bytes the LSP MTU must be lowered accordingly on each router in the network If this is not done routing may become unpredictable Example host1 config router lsp mtu 1500 Use the no version to resto...

Page 399: ...ut can slow down the rate of convergence Topology changes in a network cause all routers involved in the change to regenerate their LSDB and flood new LSPs throughout the network Therefore a router th...

Page 400: ...hin the IS IS network This calculation results in the IS IS router containing a shortest path tree SPT that maps the shortest path to each node in the IS IS network By default the router uses a partia...

Page 401: ...r IS hello packet to specify the length of time you consider the information in these packets to be valid In most cases leave these parameters at their default value which is 30 seconds Example host1...

Page 402: ...tes IS IS can support You can select a number of routes or paths in the range 1 16 The default number for IS IS is 4 paths Example host1 config router maximum paths 12 Use the no version to restore th...

Page 403: ...mily to apply a specified route map as a policy filter on an IS IS IPv6 route before the route is installed in the routing table IS IS IPv6 supports only a single table map Example The following comma...

Page 404: ...retry times 3 Set the maximum time in seconds that the router waits for the LSP database to synchronize You must configure this parameter separately for each IS IS level at which the router operates...

Page 405: ...ompleting the restart process You can specify a value in the range 5 120 seconds Example host1 config router nsf interface wait 45 Use the no version to restore the default maximum wait time 10 second...

Page 406: ...ore the default T2 wait time 30 seconds See nsf t2 nsf t3 Use to specify the maximum amount of time in seconds that the restarting router waits before setting the overload bit The restarting router se...

Page 407: ...outer nsf t2 level 1 70 host1 config router nsf t2 level 2 50 host1 config router nsf t3 adjacency host1 config router exit host1 config clns configuration time 120 host1 config clns holding time 600...

Page 408: ...d For traffic beyond the endpoint the tunnel is considered equally with any other path Example host1 config router mpls spf use any best path Use the no version to disable the use of IGP best paths Se...

Page 409: ...alue both See ip route type Configuring the BFD Protocol for IS IS The isis bfd liveness detection command configures the Bidirectional Forwarding Detection BFD protocol for IS IS The BFD protocol use...

Page 410: ...inimum interval has the same effect as configuring the minimum receive interval and the minimum transmit interval to the same value The default value is 300 milliseconds You can use the multiplier key...

Page 411: ...toring IS IS The CLI has commands available for monitoring IS IS parameters and CLNS parameters System Event Logs To troubleshoot and monitor IP use the following system event logs isisAdjChange IS IS...

Page 412: ...isplay information about SPF calculations Monitor IS IS summary address information Display debug information Display host Display information about MPLS tunnels Clear adjacencies Display paths to int...

Page 413: ...data spf triggers IS IS SPF triggering events update packets IS IS update related packets Example host1 debug isis adj packets Use the no version to disable debugging display See debug isis show host...

Page 414: ...t specified a summary display is provided l1 Level 1 routing link state database l2 Level 2 routing link state database level 1 Level 1 routing link state database level 2 Level 2 routing link state d...

Page 415: ...terface if configured Example 1 host1 show isis database IS IS Level 1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL 0000 0000 004E 00 00 0x000013F5 0x8BAA 1198 0 0 0 0000 0...

Page 416: ...ess 222 9 1 1 Hostname zion Router ID 222 9 1 1 Metric 0 ES 2220 0900 1001 Metric 10 IS london 00 Administrative group 0 IPv4 Interface Address 221 1 1 1 IPv4 Neighbor Address 221 1 1 2 Maximum link b...

Page 417: ...m LSP Holdtime ATT P OL Getafix v2 00 00 0x00000001 0x456D 1097 0 0 0 Example 5 host1 show isis database Getafix v2 detail IS IS Level 1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime...

Page 418: ...ric 10 IP 30 0 0 0 24 Metric 10 IPv6 Internal Up 1 1 1 102 64 See show isis database show isis mpls adjacency log Use to display a log of the last 20 IS IS adjacency changes Field descriptions When Am...

Page 419: ...bandwidth available for reservation on the link TE default metric Traffic engineering default metric value Affinity Bits Attributes flooded for the link Example host1 show isis mpls advertisements Sys...

Page 420: ...rtisements show isis mpls tunnel Use to display information about tunnels used in the calculation of IS IS next hops Field descriptions System Id Name or system ID of the MPLS tail end destination rou...

Page 421: ...Number of times the restarting router resends unacknowledged restart requests on this interface at the specified interval Adj Wait Time Maximum time in seconds that an IS IS process on the restarting...

Page 422: ...Time 0 Restart Ack Recv Adj Count 0 level 1 0 level 2 LAN If DIS Wait Count 0 Restart CSNP Adj Recv Count 0 level 1 0 level 2 Local LSP Wait Count 0 level 1 0 level 2 See show isis nsf show isis spf...

Page 423: ...00 0000 0101 0101 00 00 PRC LSP Sequence Update RTupdt 0 000 RtLeak 0 000 See show isis spf log show isis summary addresses Use to display the status of IS IS aggregate addresses Field descriptions Ad...

Page 424: ...for a LAN circuit it is the MAC address not meaningful for a point to point circuit Example host1 show isis topology level 1 IS IS paths for level 1 routers System ID Metric Next Hop Intf SNPA barcel...

Page 425: ...e to be shown Example host1 show clns traffic detail IS IS Baseline last set 0 days 0 hours 1 minutes 41 seconds IS IS Corrupted LSPs 0 IS IS L1 LSP Database Overloads 0 IS IS L2 LSP Database Overload...

Page 426: ...ation from source LSP Checksum Checksum of the LSP packet LSP Holdtime Number of seconds that the LSP remains valid ATT Attach bit indicates that the router is a level 2 router and can reach other are...

Page 427: ...ther IS IS is running in this router gives tag information and shows whether it is running level 1 or level 1 2 Routing for Area ISO NSAP address for the network Distribute domain wide enabled Indicat...

Page 428: ...time that the router stops accepting packets created with this password Stop Generate Date and time that the router stops inserting this password into packets Use the es neighbors keyword to display i...

Page 429: ...d Key id 1 Type hmac md5 Start Accept FRI JAN 14 09 57 41 2000 Start Generate FRI JAN 14 09 59 41 2000 Stop Accept 0 Stop Generate 0 Domain Authentication PSNP PDU authentication enabled CSNP PDU auth...

Page 430: ...ing level 2 or local and area routing level 1 2 Interface number Number of the interface local circuit ID Local circuit ID of the interface Authentication Level 1 If area authentication is enabled lis...

Page 431: ...l1 l2 Metric Metric for the interface Example 1 host1 show clns interface FastEthernet4 1 is up line protocol is up Checksums Enabled MTU 1500 Encapsulation SNAP Next ESH ISH is 5 seconds Routing Pro...

Page 432: ...an IS and is waiting for an IS IS hello message IS IS regards the neighbor as not adjacent Up ES or IS is considered reachable Holdtime rem Remaining number of seconds before this adjacency entry time...

Page 433: ...dress es 4 4 4 1 Graceful Restart Capable no Neighbor Restarting no host1 3 0090 1A41 081C F1 1 up 30 27 L1 IS IS Area Address es 49 0001 Ip Address es 4 4 4 3 Graceful Restart Capable no Neighbor Res...

Page 434: ...of overloads in level 1 IS IS L2 LSP Database Overloads Number of overloads in level 2 IS IS Area Addresses Dropped Number of area addresses that the router dropped IS IS Attempts to Exceed Max Seque...

Page 435: ...nvalid 9542s Number of rejected ES hello packets IS IS Malformed PDUs received Number of malformed packets received IS IS Authentication Failures Number of authentication failures on received level 1...

Page 436: ...ast set 5 days 0 hours 3 minutes 31 seconds IS IS Protocol PDUs in out 10421 5862 IS IS Level 1 Hellos in out dropped 610046 610456 0 IS IS Level 2 Hellos in out dropped 610046 610456 0 IS IS Level 1...

Page 437: ...ssions 0 IS IS Level 1 Designated IS Changes 1 IS IS Level 2 Designated IS Changes 1 IS IS Invalid 9542s 0 IS IS Malformed PDU received 0 IS IS Authentication Failures 0 Interface FastEthernet4 1 IS I...

Page 438: ...414 Monitoring IS IS JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Page 439: ...Part 3 Index Index on page 417 Index 415...

Page 440: ...416 Index JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Page 441: ...S IS 366 OSPF 283 RIP 210 aggregate addresses IS IS 368 OSPF routing 257 area border routers See ABRs OSPF area commands area 268 area default cost 267 area nssa 267 area range 256 area stub 267 area...

Page 442: ...classes of IP addresses 7 Classless Interdomain Routing See CIDR clear arp command 21 clear ip commands clear ip interface 41 clear ip isis redistribution 359 clear ip ospf redistribution 283 clear i...

Page 443: ...ion command 359 domain authentication key command 358 domain message digest key command 330 358 domain wide prefix distribution 364 dropped packets troubleshooting 88 DRs designated routers IS IS rout...

Page 444: ...System See IS IS intermediate system See IS Internet addresses 8 Internet Control Message Protocol See ICMP Internet Layer TCP IP 5 interval rate LSP IS IS 373 intra area routes OSPF 247 IP 3 ARP pro...

Page 445: ...14 route maps 14 source address validation 14 tcp adjust mss 14 unnumbered 14 virtual router 14 IP redirects enabling 60 ip rip commands 210 ip rip 210 ip rip authentication key 210 ip rip authenticat...

Page 446: ...ulticast listener discovery 134 mtu maximum transmission unit 134 nd neighbor discovery 134 policy 134 sa validate 134 unnumbered 134 IPv6 routing with IS IS 333 IRDP ICMP Router Discovery Protocol en...

Page 447: ...erval 346 isis tag 355 See also show isis commands ISO 10589 See IS IS ISO address 327 L leakage OSPF route 248 level 1 routing IS IS 326 level 2 routing IS IS 326 levels of IS IS routing 326 346 368...

Page 448: ...sks 9 network service access point See NSAP network OSPF routing 263 next hop verification configuring example 31 steps for 34 overview 31 no area command 268 no ipv6 command 151 nonbroadcast networks...

Page 449: ...F simple password authentication 247 272 PDU protocol data unit 327 physical addresses 7 ping command 62 131 point to point circuits IS IS 355 Point to Point Protocol See PPP point to point over LAN c...

Page 450: ...commands router isis 341 router ospf 254 255 router rip 220 router IDs 29 245 router type IS IS 367 routes summarizing IS IS 368 summarizing RIP 207 using IS IS 385 using OSPF 291 using RIP 224 routi...

Page 451: ...d interface 141 show access list command 82 show arp command 83 show clns commands show clns 403 show clns interface 406 show clns neighbors 408 show clns protocol 409 show clns traffic 410 show forwa...

Page 452: ...incremental 299 spf interval command 374 split horizon mechanism 207 split horizon command 228 SRP modules global IP routing table on 25 starting IS IS MD5 packets 331 static routes 138 180 establishi...

Page 453: ...ansport layer TCP IP 5 traps command 300 traps OSPF 299 triggered update disable command 220 troubleshooting dropped packets 88 IS IS 388 OSPF 300 RIP 229 ttl command 296 type command 66 type length v...

Page 454: ...430 Index JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Reviews:

No comments

Related manuals for IGP - CONFIGURATION GUIDE V11.1.X

Brand: Garmin Pages: 6

Jetstream CPX-1000

Brand: Paradyne Pages: 93

Brand: Yamaha Pages: 43

Brand: Brocade Communications Systems Pages: 47

READIRIS 12 PRO

Brand: IRIS Pages: 6

Traffix Transcend Traffix Manager

Brand: 3Com Pages: 186

Brand: MGI Pages: 19

Brand: VERITAS Pages: 580

BREEZE-FOR MEETING PARTICIPANTS

Brand: MACROMEDIA Pages: 30

Gatekeeper/Border Controller API D14172.01

Brand: TANDBERG Pages: 84

Brand: Echo Audio Pages: 66

Brand: EMC Pages: 106

Brand: Acer Pages: 6

Brand: Epson Pages: 4

IDENTITY PROTECTION

Brand: AVG Pages: 27

Brand: Harrison Pages: 85

COLFUSION MX 7-CFML

Brand: MACROMEDIA Pages: 1108

VIRTUALIZATION AND CLOUD MANAGEMENT

Brand: VMware Pages: 4

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands