Juniper IGP - CONFIGURATION GUIDE V11.1.X Скачать руководство пользователя страница 171 | Manualshive

Страница: 171 / 454

background image

■

Use to help protect the router from TCP RST and SYN denial of service attacks.

■

Example

host1(config)#

tcp ack-rst-and-syn

■

Use the

no

version to disable this protection (the default mode).

■

See tcp ack-rst-and-syn

Preventing TCP PAWS Timestamp DoS Attacks

The TCP Protect Against Wrapped Sequence (PAWS) number option works by
including the TCP timestamp option in all TCP headers to help validate the packet
sequence number.

Normally, in PAWS packets that have the timestamps option enabled, hosts use an
internal timer to compare the value of the timestamp associated with incoming
segments against the last valid timestamp the host recorded. If the segment timestamp
is larger than the value of the last valid timestamp, and the sequence number is less
than the last acknowledgement sent, the host updates its internal timer with the new
timestamp and passes the segment on for further processing.

If the host detects a segment timestamp that is smaller than the value of the last
valid timestamp or the sequence number is greater than the last acknowledgement
sent, the host rejects the segment.

A remote attacker can potentially determine the source and destination ports and
IP addresses of both hosts that are engaged in an active connection. With this
information, the attacker might be able to inject a specially crafted segment into the
connection that contains a fabricated timestamp value. When the host receives this
fabricated timestamp, it changes its internal timer value to match. If this timestamp
value is larger than subsequent timestamp values from valid incoming segments,
the host determines the incoming segments as being too old and discards them. The
flow of data between hosts eventually stops, resulting in a denial of service condition.

Use the

tcp paws-disable

command to disable PAWS processing.

NOTE:

Disabling PAWS does not disable other processing related to the TCP

timestamp option. This means that even though you disable PAWS, a fabricated
timestamp that already exists in the network can still pollute the database and result
in a successful DoS attack. Enabling PAWS resets the saved timestamp state for all
connections in the virtual router and stops any existing attack.

tcp paws-disable

■

Use to disable the Protect Against Wrapped Sequence (PAWS) number option
in TCP segments.

■

You can specify a VRF context for which you want PAWS disabled.

■

Example

IPv6 TCP Configuration

■

147

Chapter 2: Configuring IPv6

«
...
169
170
171
172
173
...
»

Содержание IGP - CONFIGURATION GUIDE V11.1.X

Страница 1: ...r E Series Broadband Services Routers IP IPv6 and IGP Configuration Guide Release 11 1 x Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale California 94089 USA 408 745 2000 www juniper net Pub...

Страница 2: ...3 599 5 905 725 5 909 440 6 192 051 6 333 650 6 359 479 6 406 312 6 429 706 6 459 579 6 493 347 6 538 518 6 538 899 6 552 918 6 567 902 6 578 186 and 6 590 785 JUNOSe Software for E Series Broadband S...

Страница 3: ...alms devices links ports or transactions or require the purchase of separate licenses to use particular features functionalities services applications operations or capabilities or provide throughput...

Страница 4: ...n connection with such withholding taxes by promptly providing Juniper with valid tax receipts and other required documentation showing Customer s payment of any withholding taxes completing appropria...

Страница 5: ...nted to in writing by the party to be charged If any portion of this Agreement is held invalid the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement T...

Страница 6: ...vi...

Страница 7: ...hapter 1 Configuring IP 3 Chapter 2 Configuring IPv6 125 Chapter 3 Configuring Neighbor Discovery 193 Part 2 Internet Protocol Routing Chapter 4 Configuring RIP 205 Chapter 5 Configuring OSPF 241 Chap...

Страница 8: ...viii JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Страница 9: ...IP Functions 4 Moving Data Between Layers 4 Routing Datagrams to Remote Hosts 4 Fragmenting and Reassembling Datagrams 4 IP Layering 5 Network Interface Layer 5 Internet Layer 5 Transport Layer 5 Appl...

Страница 10: ...ng RTR Next Hop Verification 34 Setting Up Default Routes 39 Setting Up an Unnumbered Interface 39 Adding a Host Route to a Peer on a PPP Interface 39 Enabling Source Address Validation 40 Enabling So...

Страница 11: ...rce Address for ICMP Messages 61 Reachability Commands 62 Response Time Reporter 65 Configuration Tasks 65 Configuring the Probe Type 66 Configuring Optional Characteristics 67 Capturing Statistics 69...

Страница 12: ...ks 148 Limiting Buffers per Router 148 Limiting Buffers per Virtual Router 149 Limiting Buffers per Connection 149 Configuring Equal Cost Multipath Load Sharing 150 Hashed Mode 150 Defining Maximum Pa...

Страница 13: ...0 Configuration Tasks 210 Relationship Between address and network Commands 213 Enabling RIP on Dynamic IP Interfaces 223 Clearing Dynamic RIP Interfaces 223 Using RIP Routes for Multicast RPF Checks...

Страница 14: ...entication 272 Authentication Requirements 272 Configuring the BFD Protocol for OSPF 276 Configuring Additional Parameters 278 Methods for Calculating OSPF Interface Cost 287 Default Metrics 288 Confi...

Страница 15: ...on Tasks 341 Enabling IS IS for IP Routing 341 Summary Example 343 Enabling and Configuring IS IS for IPv6 Routing 343 Summary Example 345 Configuring IS IS Interface Specific Parameters 346 Configuri...

Страница 16: ...Configuring LSP Parameters 373 Specifying the SPF Interval 375 Defining the SPF Route Calculation Level 376 Setting CLNS Parameters 377 Setting the Maximum Parallel Routes 378 Configuring a Virtual Mu...

Страница 17: ...es with Indirect Next Hops 30 Figure 12 Sample Configuration for Next Hop Verification 34 Chapter 2 Configuring IPv6 125 Figure 13 IPv4 and IPv6 Header Comparison 127 Figure 14 Direct Next Hops 132 Fi...

Страница 18: ...xviii List of Figures JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Страница 19: ...ample Configuration 34 Table 7 Probe Characteristics 67 Chapter 2 Configuring IPv6 125 Table 8 Compressed IPv6 Formats 128 Part 2 Internet Protocol Routing Chapter 5 Configuring OSPF 241 Table 9 OSPF...

Страница 20: ...xx List of Tables JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Страница 21: ...tion in the latest release notes differs from the information in the documentation follow the JUNOSe Release Notes To obtain the most current version of all Juniper Networks technical documentation se...

Страница 22: ...2 Routing Process OSPF 2 with Router ID 5 5 0 250 Router is an Area Border Router ABR Represents information as displayed on your terminal s screen Fixed width text like this There are two levels of...

Страница 23: ...from the Juniper Networks Web site athttp www juniper net Documentation Feedback We encourage you to provide feedback comments and suggestions so that we can improve the documentation to better meet...

Страница 24: ...e notes http www juniper net customers csc software Search technical bulletins for relevant hardware and software notifications https www juniper net alerts Join and participate in the Juniper Network...

Страница 25: ...Part 1 Internet Protocol Configuring IP on page 3 Configuring IPv6 on page 125 Configuring Neighbor Discovery on page 193 Internet Protocol 1...

Страница 26: ...2 Internet Protocol JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Страница 27: ...rnet Control Message Protocol on page 59 Reachability Commands on page 62 Response Time Reporter on page 65 Monitoring IP on page 79 Overview TCP IP is a suite of data communications protocols Two of...

Страница 28: ...number in the datagram header to select the transport layer protocol Each host to host transport layer protocol has a unique protocol number that identifies it to IP Routing Datagrams to Remote Hosts...

Страница 29: ...hms are run and the datagram is passed to the network interface layer for transmission on the attached network Transport Layer The transport layer is the third level of the TCP IP protocol stack It is...

Страница 30: ...e following resources RFC 768 User Datagram Protocol August 1980 RFC 791 Internet Protocol DARPA Internet Program Protocol Specification September 1981 RFC 792 Internet Control Message Protocol Septem...

Страница 31: ...ternet timestamp Broadcast addressing both limited broadcast and directed broadcast Support for 32 000 discrete simultaneous IP interfaces per router to support thousands of logical connections Capabi...

Страница 32: ...s Hosts attached to the same network must share a common prefix designating their network number Four types of IP classes lend themselves to different network configurations depending on the desired r...

Страница 33: ...contiguous bits equal to 1 in the subnetwork mask This format appears immediately following the dotted decimal IP address using a N format NOTE You can issue the network prefix with or without a space...

Страница 34: ...osts on it Figure 4 on page 10 shows how the mask 255 255 0 0 is applied to network 10 0 0 0 The mask divides the IP address 10 0 0 1 into a network portion of 10 a subnet portion of 0 and a host port...

Страница 35: ...R can reduce the number of entries globally in Internet routing tables A service provider has a group of customers with class C addresses that begin with 192 56 Despite this relationship the service p...

Страница 36: ...the primary address ip address Command Use the following command to add addresses to or delete addresses from an interface ip address Use to add a primary address or to add secondary addresses to an i...

Страница 37: ...routing table changes required when a change in the network topology occurs Direct next hops point routes in the routing table toward individual direct next hop connections See Figure 6 on page 13 Fig...

Страница 38: ...a profile A profile is a set of characteristics that acts as a pattern that can be dynamically assigned to an IP interface You can manage a large number of IP interfaces efficiently by creating a prof...

Страница 39: ...Configuration mode to create or edit a profile See JUNOSe Link Layer Configuration Guide for information about creating profiles and on other characteristics that can be applied to the profile host1 c...

Страница 40: ...tcp adjust mss Use to modify the maximum segment size MSS for TCP SYN packets traveling through the interface The router compares the MSS value of incoming or outgoing packets against the MSS adjustm...

Страница 41: ...o a profile You can configure a virtual router using RADIUS instead of adding one to the profile by using the ip virtual router command Example host1 config profile ip virtual router VR1 Use the no ve...

Страница 42: ...is removed if it is not used within a certain period of time Before sending a packet the host searches its cache for Internet to Ethernet address mapping If the mapping is not found the host sends an...

Страница 43: ...ddress of the ARP request So if host 1 sends another IP packet to host 2 host 1 searches its ARP table for the router 1 MAC address If the default router gateway becomes unavailable then all the routi...

Страница 44: ...line access multiplexers DSLAMs even if you configure the router to check for spoofed ARP packets DSLAMs perform this task instead of the router If you disable checking for spoofed ARP packets on the...

Страница 45: ...rticular entry specify all of the following ipAddress IP address in four part dotted decimal format corresponding to the local data link address interfaceType Interface type see Interface Types and Sp...

Страница 46: ...rface If the validation is added statically via the CLI the IP address MAC address pairs are stored in NVS The entries are used for MAC validation only if MAC validation is enabled on the interface vi...

Страница 47: ...adcast A packet is sent to a specific network or series of networks A limited broadcast address includes the network or subnet fields In a limited broadcast packet destined for a local network the net...

Страница 48: ...oadcast Use to enable translation of directed broadcasts to physical broadcasts Example host1 config if ip directed broadcast Use the no version to disable the function See ip directed broadcast Fragm...

Страница 49: ...uters as intermediate packet switches Routers forward a packet through the interconnected system of networks and routers until the packet reaches a router that is attached to the same network as the d...

Страница 50: ...hat are attached to each network are not shown because each router makes its forwarding decisions based on the network number and not on the address of each individual host The router uses ARP to find...

Страница 51: ...ed 10 2 0 1 10 2 0 0 16 0 0 connected 10 5 0 3 10 5 0 0 30 Setting the Administrative Distance for a Route The administrative distance is an integer that is associated with each route known to a route...

Страница 52: ...PLS Configuration Guide To set the administrative distance for RIP IS IS and OSPF use the following distance commands in Router Configuration mode distance Use to set an administrative distance for RI...

Страница 53: ...Identifying a Router Within an Autonomous System The router ID is commonly one of the router s defined IP addresses Although the router ID is by convention formatted as an IP address it is not requir...

Страница 54: ...t Hops On the Boston router in the network shown in Figure 11 on page 30 1 Configure a static route to 10 2 0 0 16 with a next hop of 10 5 0 2 which is not directly connected and an administrative dis...

Страница 55: ...the state of the IP service For additional information about BFD see JUNOSe IP Services Configuration Guide If you specify the bfd liveness detection keywords with a minimum receive interval minimum t...

Страница 56: ...in the range 100 65535 milliseconds Use the multiplier keyword to specify a multiplier number in the range 1 255 Optionally you can include the last resort keyword when you use the verify bfd liveness...

Страница 57: ...ion uses Fast Ethernet interfaces E Series routers support next hop verification on any type of lower layer interface RTR Configuration Example Figure 12 on page 34 shows a sample configuration that i...

Страница 58: ...et interface 4 0 as the next hop Down Up The router installs a route to 10 1 1 2 using Fast Ethernet interface 4 1 as the next hop Up Down Although both RTR operations are down the last resort keyword...

Страница 59: ...config rtr 10 host1 config rtr b Configure the RTR probe as an echo type and set the IP destination address and source interface You must configure the RTR probe as an echo type to use next hop verifi...

Страница 60: ...3 host1 config rtr reaction configuration 11 test completion host1 config rtr schedule 11 life 3 host1 config rtr schedule 11 restart time 1 host1 config rtr schedule 11 start now 6 Establish a static...

Страница 61: ...255 You cannot shutdown a loopback interface BEST PRACTICE We recommend that you configure a 32 bit subnet mask for the loopback interface For example if you configure a loopback interface with the I...

Страница 62: ...sociated RTR operation Optionally you can include the last resort keyword when you use the verify rtr keywords to instruct the router to install the static route in the routing table even if the speci...

Страница 63: ...the possible creation of multiple paths and routing loops Setting Up an Unnumbered Interface An unnumbered interface does not have an IP address assigned to it Unnumbered interfaces are often used in...

Страница 64: ...alidate Use to enable source address validation Example host1 config if ip sa validate Use the no version to disable source address validation See ip sa validate Enabling Source Address Validation Tra...

Страница 65: ...m segment size MSS for TCP SYN packets traveling through the interface The router compares the MSS value of incoming or outgoing packets against the adjusted MSS setting and replaces smaller values th...

Страница 66: ...as large as possible without requiring fragmentation anywhere along the path from the source to the destination This datagram size is referred to as the path MTU PMTU and it is equal to the smallest...

Страница 67: ...cifying PMTU limits keep the following in mind If a PMTU discovery value is lower than the configured minimum MTU setting PMTU discovery is disabled for that connection If a PMTU discovery value is la...

Страница 68: ...This behavior is often referred to as a black hole tcp path mtu discovery black hole detect threshold Use to specify the minimum MTU value used for the path MTU If the discovered PMTU value is less th...

Страница 69: ...according to an IP prefix or a VPN routing and forwarding VRF table Use an asterisk to clear all dynamic routes from the routing table Example host1 clear ip routes There is no no version See clear ip...

Страница 70: ...an error message if you try to set this command for interfaces other than the SRP Ethernet interface Example host1 config if ip disable forwarding Use the no version to enable forwarding of packets on...

Страница 71: ...ear as if it is up regardless of the state of the lower layers ip alwaysup Use to force an IP interface to appear as up regardless of the state of lower layers This command reduces route topology chan...

Страница 72: ...interface that has a static interface configured above it NOTE The ip description command is replacing the description command to assign a description to a static IP interface ip description Use to as...

Страница 73: ...ation addresses to determine which of the available paths in the ECMP set to use Hashed mode is the default ECMP mode of operation Defining Maximum Paths You can add routing table entries manually as...

Страница 74: ...ECMP mode to the default hashed See ip multipath round robin maximum paths Use to control the maximum number of parallel routes that the routing protocol supports The maximum number of routes can be...

Страница 75: ...TTL value can be overridden by other commands that specify a TTL ip ttl Use to set a default value for the IP header TTL field for all IP operations Example host1 config ip ttl 255 Use the no version...

Страница 76: ...mp is larger than the value of the last valid timestamp and the sequence number is less than the last acknowledgement sent the host updates its internal timer with the new timestamp and passes the seg...

Страница 77: ...d delivery can occur To prevent buffers from consuming too many resources TCP limits the amount of data it accepts to the number of data bytes that the receiver is willing to receive and buffer TCP do...

Страница 78: ...m Use to specify the default buffer limit assigned to all virtual routers when the virtual router is established Specify a value of zero 0 to turn off the limit assignment Example host1 config tcp res...

Страница 79: ...connection is established Specify a value of zero 0 buffers to turn off the default limit Example host1 config tcp resequence buffers default connection maximum 100 Use the no version to revert the co...

Страница 80: ...P interface to negotiate certain IP parameters for example IPCP for PPP ARP for Ethernet and Inverse ARP for Frame Relay If you do not configure a primary IP interface in such cases the layer 2 interf...

Страница 81: ...Optional Create a primary IP interface host1 config if ip address 10 1 1 1 255 255 255 255 host1 config if exit 3 Create the shared IP interface host1 config interface ip si0 4 Associate the shared IP...

Страница 82: ...ently See ip share interface ip share nexthop Use to specify that the shared IP interface dynamically tracks a next hop If the next hop changes the shared IP interface moves to the new layer 2 interfa...

Страница 83: ...shared interface has its own statistics Packets transmitted on a shared IP interface are always counted only in the shared IP interface Subscriber Interfaces A subscriber interface is an extension of...

Страница 84: ...on mode you can enable or disable ICMP redirects This attribute is enabled by default If it is enabled on the IP interface and if the internal ICMP redirect queue is not full the router sends an ICMP...

Страница 85: ...can use the ip icmp update source command to instruct ICMP to use an already configured interface or a specified IP address as the source address of the ICMP message For example you can specify that...

Страница 86: ...an specify the following options packetCount Number of packets to send to the destination IP address If you specify a zero 0 echo requests packets are sent indefinitely data pattern Sets the type of b...

Страница 87: ...to 1000 bytes in increments equal to the sweep interval By default the router increments packets by one byte for example it sends 100 101 102 103 1000 If the sweep interval is 5 the router sends 100...

Страница 88: ...that router packets follow when traveling to their destination You can specify A VRF context Destination IP or IPv6 address Source interface for each of the transmitted packets Source address for each...

Страница 89: ...a specific virtual router distinct from any other virtual router Configuration Tasks To configure RTR 1 Configure the probe type an echo probe or a path echo probe 2 Optional Configure probe character...

Страница 90: ...u change the type for an existing RTR entry all values are reset including the administrative status There is no default value More than one RTR entry can become active provided each entry s target ad...

Страница 91: ...be expects to receive responses receive interface Request s payload size request data size Maximum number of history samples samples of history kept User defined tag tag Probe timeout in milliseconds...

Страница 92: ...return to the default value 1 byte See request data size tag Use to set an identifier for the probe Example host1 config rtr tag westford Use the no version to return to the default no tag See tag ti...

Страница 93: ...fied number that is size no additional statistical information about the path is stored This option applies only to pathEcho entries To turn off this feature set the value to 0 Example host1 config rt...

Страница 94: ...iving Interface When you configure multiple RTR entries to use the same target address you must issue the receive interface command to set the interface on which the probe expects to receive responses...

Страница 95: ...umber of consecutive probe operations are not received or when they are received after a timeout Example host1 config rtr reaction configuration 1 operation failure 3 There is no no version See rtr re...

Страница 96: ...en the test ends and no responses are received from the destination At most there can be one such event per test Example host1 config rtr reaction configuration 1 test failure There is no no version S...

Страница 97: ...restart time Use to specify a restart time in seconds after which a test is restarted Example host1 config rtr schedule 5 restart time 15 Use the no version to stop the test The no version stops the p...

Страница 98: ...OfEntries Number of RTR entries according to type entriesEnabled RTR entries with administrative status enabled entriesActive RTR entries with operational status enabled Example host1 show rtr applica...

Страница 99: ...onsSent operationsRcvd lastGoodResponse 1 5208 5187 08 30 2000 05 09 rtrIndex operStatus minRtt maxRtt avgRtt rttSumSqr 1 enabled 0 1785 3 7109208 PathEcho Entries rtrIndex testAttempts testSuccesses...

Страница 100: ...event is triggered when this number of probe operations is not received or when the operations are received after a timeout timeout Time in milliseconds that the probe waits for a response tag Identi...

Страница 101: ...rget Interface used to reach target is not operational invalidHostAddress Target address is not supported noRouteToTarget Target address is not reachable responseReceived Probe operation replied by ta...

Страница 102: ...40 10 5 0 11 2 165 3 3 08 30 2000 20 40 10 5 0 11 2 165 3 4 08 30 2000 20 40 10 5 0 11 See show rtr history show rtr hops Use to display RTR hops information Field descriptions rtrIndex Index number...

Страница 103: ...if the option is now the status is enabled if the option is pending the status is disabled operStatus Enabled only if entryStatus and adminStatus are enabled and the test is running operStatus remains...

Страница 104: ...to set a statistics baseline for IP statistics Baselining is not supported for IP socket statistics The router implements the baseline by reading and storing the statistics at the time the baseline is...

Страница 105: ...be shown Example 1 host1 baseline tcp Example 2 host1 baseline ip tcp There is no no version See baseline tcp IP show Commands You can monitor the following aspects of IP using show ip commands Comma...

Страница 106: ...the delta keyword with IP show commands to specify that baselined statistics are to be shown You can use the output filtering feature of the show command to include or exclude lines of output based on...

Страница 107: ...Ethernet6 0 12 40 0 2 24320 0020 6393 4233 atm5 0 1 172 18 2 1 21600 0020 bed2 8738 atm5 1 1 172 18 2 2 21600 0020 5b91 60f2 atm5 1 1 172 31 192 206 21600 00d0 43b5 1032 atm5 1 1 See show arp show for...

Страница 108: ...ary information about the interface Use the detail keyword to display detailed information about the interface Field descriptions Network Protocols Network protocols configured on this interface Inter...

Страница 109: ...cast routed are counted as multicast packets In Policed Packets Bytes Packets and bytes that were received and dropped for any of the following reasons exceeding the token bucket limit exceeding the r...

Страница 110: ...nistrative debounce time 10 mSecs Operational debounce time disabled Access routing disabled Multipath mode hashed In Received Packets 2849 Bytes 759428 Unicast Packets 2849 Bytes 759428 Multicast Pac...

Страница 111: ...ed routing table distribution attempt as an error Attempts can fail for many reasons during normal operation a failed attempt does not necessarily indicate a problem It is normal to see many Load Erro...

Страница 112: ...session is redirected line protocol Status of the line protocol Description Text description or alias if configured for the interface Link up down trap Status of SNMP link up down traps on the interfa...

Страница 113: ...packets received redirect Receive packet redirects echo req Echo request ping packets echo rpy Echo replies received timestamp req Requests for a timestamp timestamp rpy Replies of timestamp requests...

Страница 114: ...MAC validation packets a destination address lookup failure or when the destination address is an IP interface that has a route configured to the null 0 interface In Invalid Source Address Packets Pac...

Страница 115: ...led Internet address is 1 1 1 2 255 255 255 0 IP statistics Rcvd 0 local destination 0 hdr errors 0 addr errors 0 unkn proto 0 discards Frags 0 reasm ok 0 reasm req 0 reasm fails 0 frag ok 0 frag crea...

Страница 116: ...ast Packets 0 Bytes 0 Multicast Routed Packets 0 Bytes 0 Out Scheduler Dropped Packets 0 Bytes 0 Out Policed Packets 0 Bytes 0 Out Discarded Packets 0 queue 0 traffic class best effort bound to ip Gig...

Страница 117: ...he sum of all drop reasons other than fabric drops fabric drops are reported as 0 but might actually be nonzero If you halt traffic the In Total Dropped Packets and Out Total Dropped Packets values ar...

Страница 118: ...er Drops Conformed Packets 0 Bytes 0 Out Scheduler Drops Exceeded Packets 0 Bytes 0 Out Policed Packets 0 Bytes 0 ip si0 is up line protocol is up Network Protocols IP Virtual Router vr a Layer 2 inte...

Страница 119: ...Bytes 0 Multicast Packets 0 Bytes 0 In Policed Packets 0 Bytes 0 In Error Packets 0 In Invalid Source Address Packets 0 Out Forwarded Packets 101 Bytes 5252 Unicast Packets 101 Bytes 5252 Multicast R...

Страница 120: ...red interface none Router Directed Broadcast Enabled ICMP Redirects Disabled Access Route Addition Enabled Network Address Translation Enabled domain inside Source Address Validation Enabled Ignore DF...

Страница 121: ...e groups of addresses at a given level or routes learned from other routing protocols Routing for Networks Network for which IS IS is currently injecting routes For OSPF Router ID OSPF process ID for...

Страница 122: ...ocol is running Redistributing Protocol to which RIP is redistributing routes Routing for Networks Network for which RIP is currently injecting routes Example host1 show ip protocols Routing Protocol...

Страница 123: ...igured route redistribution policy Field descriptions To Protocol that routes are distributed into From Protocol that routes are distributed from status Redistribution status route map number Number o...

Страница 124: ...VR VRF indirect next hop Prefix Length Type Next Hop Dist Met Intf 172 16 2 0 24 Bgp 192 168 1 102 20 1 fastEthernet0 0 10 10 0 112 32 Static 192 168 1 1 1 1 fastEthernet0 0 10 1 1 0 24 Connect 10 1 1...

Страница 125: ...oute type inter E route type external i metric type internal e metric type external O OSPF E1 external type 1 E2 external type2 N1 NSSA external type1 N2 NSSA external type2 L MPLS label V VR VRF indi...

Страница 126: ...2 2 2 2 32 O I 30 30 30 2 110 3 ATM2 0 30 31 31 31 2 110 3 ATM2 0 31 10 10 10 0 24 Connect 10 10 10 1 0 0 ATM2 0 10 20 20 20 0 24 Connect 20 20 20 1 0 0 ATM2 0 21 4 4 4 4 32 Bgp 2 2 2 2 200 2 3 3 3 3...

Страница 127: ...0 10 10 0 231 Example 2 host1 show ip route slot 9 90 248 1 2 IP address Interface Next Hop 90 248 1 2 serial9 23 2 Example 3 host1 show ip route slot 9 90 249 255 255 IP address Interface Next Hop 9...

Страница 128: ...SEPORT Allow reuse of local port so_state State of each socket knowledge of BSD Sockets API is useful to understand this information SS_NOFDREF No file table reference any more SS_ISCONNECTED Socket i...

Страница 129: ...the free pool Call to rsSocket Call to create the socket using rsSocket as opposed to socket Call to socket 8 bit value indicating how the call went Call to connect 8 bit value indicating how the call...

Страница 130: ...5 10 13 5 70 23 10 10 132 71 2000 type 1 SOCK_STREAM opts 13 SO_DEBUG SO_REUSEADDR SO_KEEPALIVE so_state 177 SS_NOFDREF SS_CANTSENDMORE SS_CANTRCVMORE SS_PRIV 18 0 0 0 0 23 0 0 0 0 0 type 1 SOCK_STRE...

Страница 131: ...ify BFD or verify rtr RTR keywords were not specified as part of the ip route command The display can include the following BFD up down Current status of the associated BFD operation operation number...

Страница 132: ...be on the reordering queues of all connections in all virtual routers Default Per VR Maximum Default maximum number of buffers for all connections in a single VR Default Connection Maximum Default ma...

Страница 133: ...s Discarded Because Global Limit Exceeded 25 Buffers Discarded Because VR Limit Exceeded 15 See show tcp resequence buffers show tcp path mtu discovery Use to display PMTU information Field descriptio...

Страница 134: ...cs Use the brief keyword to display summary information or the detailed keyword to display extensive information Use the diagnostic keyword to display diagnostic information collected on the TCP stati...

Страница 135: ...local port for the connection attempt and the number of identical attempts that have been received on that port in a row The reason for rejection is not given This information may be useful in trackin...

Страница 136: ...nection out of order pkts Number of packets received out of order on the TCP connection Diagnostics PRU_ Operations counters Number of calls for each of the indicated PRU_operations within the TCP ser...

Страница 137: ...ction statistic keep T O pre estab Number of times the keepalive timer expired before the connection reached the established state This is a per connection statistic tcpkeeptimeo_idle Number of times...

Страница 138: ...value indicates the count of packets that would have been acknowledged if the protections were enabled Providing this information can help determine whether attacks are occurring Bogus RSTs Number of...

Страница 139: ...r does not increase ICMP TooBigs for unk connection Number of ICMP Too Big messages that the router has received for TCP connections that do not exist When PMTU is disabled this counter does not incre...

Страница 140: ...tion reordering queue High Water Most buffers that have ever been on the connection reordering queue Buffers discarded Number of buffers that were discarded because keeping them would have exceeded th...

Страница 141: ...ddr 192 168 1 139 Remote port 1038 State ESTABLISHED Authentication None Rcvd 295 total pkts 159 in sequence pkts 299 bytes 0 chksum err pkts 0 bad offset pkts 0 short pkts 0 duplicate pkts 0 out of o...

Страница 142: ...tion is ENABLED RSTs acked 0 Bogus RSTs 0 SYNs acked 0 Bogus SYNs 0 Data Insertions rejected 0 PMTUD Information PMTUD ENABLED Administrative Minimum MTU 512 Administrative Maximum MTU none Timer 1 10...

Страница 143: ...ets containing header errors addr errors Number of packets containing addressing errors unkn proto Number of packets received containing unknown protocols discards Number of discarded packets IP Stati...

Страница 144: ...rpy Number of echo replies received timestamp req Number of requests for a timestamp timestamp rpy Number of replies to timestamp requests addr mask req Number of mask requests received addr mask rpy...

Страница 145: ...opped Number of TCP connections dropped closed Number of TCP connections closed currently established Number of TCP connections currently established TCP Global Statistics Rcvd total pkts Total number...

Страница 146: ...param probs 0 src quench 0 redirects 0 echo req 0 echo rpy 0 timestamp req 0 timestamp rpy 0 addr mask req 0 addr mask rpy Sent 463866 total 0 errors 163676 dest unreach 0 time excd 0 param prob 0 sr...

Страница 147: ...tatistics show profile brief Use to list all profile names Field descriptions Profile Profile names Example host1 show profile brief Profile foo trill profile4 See show profile brief show route map Us...

Страница 148: ...Set clauses set local pref 400 See show route map 124 Monitoring IP JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Страница 149: ...anaging IPv6 Interfaces on page 139 Configuring Shared IPv6 Interfaces on page 141 Adding a Description on page 143 IPv6 TCP Configuration on page 143 Configuring Equal Cost Multipath Load Sharing on...

Страница 150: ...n to establish an end to end connection before transmitting data Instead just like its IPv4 predecessor IPv6 continues to rely on protocols in other layers to establish the connection if connection or...

Страница 151: ...iring a specific class of service CoS routers can identify these packets and handle them in a similar fashion Payload length Previously the total length field in IPv4 the payload length field specifie...

Страница 152: ...ress Representation IPv6 addresses consist of eight hexadecimal groups Each hexadecimal group separated by a colon consists of a 16 bit hexadecimal value The following is an example of the IPv6 format...

Страница 153: ...link Site local Used as private addresses to restrict communication to a domain portion NOTE IPv6 routers must not forward packets that have site local source or destination addresses outside the site...

Страница 154: ...tside the site Multicast addresses support 16 different types of scope including node link site organization and global scope A four bit field in the prefix identifies the scope Address Structure Unic...

Страница 155: ...ple the trace destination address is 1 1 the maximum number of hops of the trace is 20 and the timeout value is 10 seconds host1 traceroute ipv6 1 1 hop limit 20 timeout 10 IPv6 Tunnel Routing Table T...

Страница 156: ...decreasing the number of state changes required to achieve convergence Platform Considerations For information about modules that support IPv6 and Neighbor Discovery on the ERX7xx models ERX14xx mode...

Страница 157: ...ion Base for IP Version 6 Textual Conventions and General Group December 1998 RFC 2466 Management Information Base for IP Version 6 ICMPv6 Group December 1998 You can access these and other Internet R...

Страница 158: ...profile A profile is a set of characteristics that acts as a pattern that can be dynamically assigned to an IPv6 interface You can manage a large number of IPv6 interfaces efficiently by creating a p...

Страница 159: ...command to remove an IPv6 address See ipv6 address ipv6 nd Use to enable the IPv6 Neighbor Discovery process on an interface You can include the following commands in IPv6 profiles to configure Neigh...

Страница 160: ...re the default MTU size See ipv6 mtu ipv6 unnumbered Use to set up an unnumbered interface An unnumbered interface does not have an IPv6 address assigned to it Unnumbered interfaces are often used in...

Страница 161: ...arrives on an interface the router performs a routing table lookup using the source address The result from the routing table lookup is an interface to which packets destined for that address are rou...

Страница 162: ...se a specific route through the network Example host1 config ipv6 route 7fff 0 16 1 1 Use the no version of this command to remove a static route from the routing table See ipv6 route Specifying an IP...

Страница 163: ...o version See clear ipv6 interface ipv6 enable Use to enable or disable an IPv6 interface at any time NOTE By default an IPv6 interface is enabled when you first create it Example host1 config if ipv6...

Страница 164: ...eping across a range of sizes For example you can configure the sweep interval to sweep across the range of packets from 100 bytes to 1000 bytes in increments equal to the sweep interval By default th...

Страница 165: ...size might help locate any MTU problems that exist between your router and a particular device Hop count in the range 1 255 the default is 32 You can also force transmission of the packets on a speci...

Страница 166: ...2 interface to refer to them because the shared interface can be moved Example host1 config interface ipv6 si1 Use the no version to delete the IPv6 interface See interface ipv6 ipv6 share interface...

Страница 167: ...onfig if ipv6 description boston01 ipv6 interface Example 2 host1 config subif ipv6 description dallas05 ipv6 subinterface Use the no version to remove the text description or alias See ipv6 descripti...

Страница 168: ...he smallest MTU for each hop in the path Path MTU discovery is the process of discovering the PMTU value and using that value when transmitting IP datagrams Enabling PMTU Discovery Use the tcp path mt...

Страница 169: ...d for that connection If a PMTU discovery value is larger than the configured maximum MTU setting the configured maximum MTU setting is used The maximum MTU setting must be greater than the minimum MT...

Страница 170: ...outer from denial of service DoS attacks Normally when it receives an RST or SYN message for an existing connection TCP attempts to shut down the TCP connection This action is expected under normal co...

Страница 171: ...potentially determine the source and destination ports and IP addresses of both hosts that are engaged in an active connection With this information the attacker might be able to inject a specially cr...

Страница 172: ...byte of TCP space Under these conditions an attacker can send a large number of 1 byte packets to an E Series router in which each packet is buffered consuming an entire packet buffer and eventually c...

Страница 173: ...current or specified virtual router can use Specify a value of zero 0 to turn off the limit assignment Example host1 config tcp resequence buffers vr maximum Use the no version to revert the virtual r...

Страница 174: ...er then balances traffic across these sets of equal cost paths by using hashed mode Hashed Mode Hashed mode uses hashing of source and destination addresses to determine which of the available paths i...

Страница 175: ...FEC pointed to by the indirect next hop is either an interface or a direct next hop An indirect next hop member is not resolved to an interface if it points to another indirect next hop or to an equa...

Страница 176: ...nd ipv6 neighbor Use to create static IPv6 neighbors Example host1 config ipv6 neighbor 1 10 fastEthernet 1 0 0002 7dfa 0034 Use the no version of this command to delete the neighbor See ipv6 neighbor...

Страница 177: ...ent logs see the JUNOSe System Event Logging Reference Guide Establishing a Baseline IPv6 statistics are stored in system counters The only way to reset the system counters is to reboot the system You...

Страница 178: ...ool There is no no version See baseline ipv6 local pool baseline tcp Use to set a statistics baseline for all both IPv4 and IPv6 TCP statistics or for only IPv4 or IPv6 statistics The router implement...

Страница 179: ...r advertisements received show ipv6 static IPv6 static routes show ipv6 traffic IPv6 statistics traffic show ipv6 udp statistics IPv6 UDP information show license ipv6 IPv6 license string show tcp sta...

Страница 180: ...r destination hdr errors Number of packets containing header errors addr errors Number of packets containing addressing errors unkn proto Number of packets received containing unknown protocols discar...

Страница 181: ...eceived with destination unreachable admin unreach Packets sent because the destination was administratively unreachable for example due to a firewall filter parameter problem Packets received with pa...

Страница 182: ...whether the RA includes the link layer ND RA interval Interval in seconds of the neighbor discovery router advertisement ND RA lifetime Lifetime in seconds of the neighbor discovery router advertisem...

Страница 183: ...ace Out Total Dropped Packets Total number of outbound packets and bytes dropped by this interface Out Scheduler Dropped Packets Bytes Number of outbound packets and bytes dropped by the scheduler Out...

Страница 184: ...disabled other config flag is disabled ND RA advertising prefixes configured on interface In Received Packets 12 Bytes 1260 Unicast Packets 5 Bytes 588 Multicast Packets 7 Bytes 672 In Total Dropped P...

Страница 185: ...r config flag is disabled ND RA advertising prefixes configured on interface ICMPv6 statistics Rcvd 12 total 0 errors 0 rtr solicits 7 rtr advertisements 1 neighbor solicits 1 neighbor advertisements...

Страница 186: ...ytes 0 Out Total Dropped Packets 0 Bytes 0 Out Scheduler Dropped Packets 0 Bytes 0 Out Policed Packets 0 Out Discarded Packets 0 FastEthernet9 1 5 line protocol VlanSub is up ipv6 is up Description IP...

Страница 187: ...s advertised ND RA interval is 200 seconds lifetime is 1800 seconds ND RA managed flag is disabled other config flag is disabled ND RA advertising prefixes configured on interface In Received Packets...

Страница 188: ...ded 0 packets 0 bytes IPv6 policy output ipv6PolOut2 rate limit profile RlpOutA classifier group clgB entry 1 Committed 0 packets 0 bytes Conformed 0 packets 0 bytes Exceeded 0 packets 0 bytes rate li...

Страница 189: ...Packets 8 Bytes 768 Multicast Routed Packets 0 Bytes 0 Out Total Dropped Packets 5 Bytes 0 Out Scheduler Dropped Packets 0 Bytes 0 Out Policed Packets 0 Out Discarded Packets 5 queue 0 traffic class...

Страница 190: ...no routes 0 discards ICMPv6 statistics Rcvd 0 destination unreach 0 admin unreach 0 parameter problem 0 time exceeded 0 pkt too big 0 echo requests 0 echo replies Sent 0 destination unreach 0 admin u...

Страница 191: ...ed 0 pkt too big 5 echo requests 0 echo replies Operational MTU 1500 Administrative MTU 0 Operational speed 100000000 Administrative speed 0 Creation type Static ND reachable time is 3600000 milliseco...

Страница 192: ...cards Sent 0 generated 0 no routes 0 discards ICMPv6 statistics Rcvd 0 destination unreach 0 admin unreach 0 parameter problem 0 time exceeded 0 pkt too big 0 echo requests 0 echo replies Sent 0 desti...

Страница 193: ...ped conformed packets 0 bytes 0 Dropped exceeded packets 0 bytes 0 loopback5 line protocol IpLoopback is up ipv6 is up Network Protocols IPv6 Link local address fe80 90 1a00 740 1d44 Internet address...

Страница 194: ...gA entry 1 Committed 0 packets 0 bytes Conformed 0 packets 0 bytes Exceeded 0 packets 0 bytes rate limit profile Rlp8Mb Committed 0 packets 0 bytes Conformed 0 packets 0 bytes Exceeded 0 packets 0 byt...

Страница 195: ...uring normal operation a failed attempt does not necessarily indicate a problem It is normal to see many Load Errors per day If the Status field does not indicate Valid then the routing table distribu...

Страница 196: ...ed in a particular pool Total Number of prefixes available for allocation to clients from a particular pool In Use Number of prefixes in a pool that are currently used by DHCPv6 clients Pool Name of t...

Страница 197: ...xample 1 Displaying information on IPv6 local address pools host1 show ipv6 local pool IPv6 Local Address Pools Pool Start End example 2002 2002 48 2002 2002 ffff 48 example 3003 3003 56 3003 3003 0 1...

Страница 198: ...es or both Use the static keyword to display only static entries Use the dynamic keyword to display only dynamic entries Use the summary keyword to display summary information Field descriptions Inter...

Страница 199: ...terface Specifier for the unnumbered interface or none if the interface is numbered Router Router name Access Route Addition Enabled or disabled Source Address Validation Enabled or disabled Administr...

Страница 200: ...MED as worst Status of Missing MED as worst Route flap dampening Status of route dampening Log neighbor changes Status of Log neighbor changes Fast External Fallover Status of Fast External Fallover...

Страница 201: ...re 20 ext 200 int and 200 local Client to client reflection is enabled Cluster ID is 1 1 1 1 Route target filter is enabled Default IPv4 unicast is enabled Local RIB version 8 FIB version 8 Neighbor s...

Страница 202: ...ndex An autogenerated value for the next hop interface Example 1 host1 show ipv6 route Prefix Length Type Dst Met Intf 1 16 Connect 0 0 loopback1 5 64 Connect 0 0 ATM4 0 15 6 64 Static 1 0 ATM4 0 15 2...

Страница 203: ...keyword to display router advertisements that differ from the advertisements configured Field descriptions Route Router for which this information applies Hops Number of hops that the router uses in...

Страница 204: ...etransmit time 0 msec Example 2 host1 show ipv6 routers conflicts Router FE80 203 FDFF FE34 7039 on FastEthernet1 0 last update 1 min CONFLICT Hops 64 Lifetime 1800 sec AddrFlag 0 OtherFlag 0 Reachabl...

Страница 205: ...ets that could not be routed that were discarded IPv6 statistics Mcast received Number of multicast packets received forwarded Number of multicast packets forwarded IPv6 statistics Routes Number of ro...

Страница 206: ...ble for example due to a firewall filter parameter problem Packets received with parameter errors time exceeded Packets received with time to live exceeded pkt too big Number of packet too big message...

Страница 207: ...bor advertisements Group membership 0 queries 0 responses 0 reductions Sent 3 total 0 errors 0 destination unreach 0 admin unreach 0 parameter problem 0 time exceeded 0 pkt too big 0 redirects 0 echo...

Страница 208: ...TCP Global Statistics Connections attempted Number of outgoing TCP connections attempted accepted Number of incoming TCP connections accepted established Number of TCP connections established TCP Glo...

Страница 209: ...ed This statistic often indicates that either a socket connection limit has been reached or that there was no memory to hold the socket data structures TCP Session Statistics Local addr Local address...

Страница 210: ...ed and before the data structure gets removed This is a per connection statistic Connect request rejected Number of times an incoming connection request was not approved This is a per connection stati...

Страница 211: ...ents can be recorded Did a PRU_CONNECT Fast Timeout Did a PRU_CONNECT2 2MSL Timeout Did a PRU_DISCONNECT Retransmit Timeout Did a PRU_ACCEPT Persist Timeout Did a PRU_SHUTDOWN Received FIN packet Did...

Страница 212: ...pired and therefore ignored Data Insertions rejected Number of packets received and dropped because they are believed to have been inserted by an attacker NOTE This count is maintained even when the p...

Страница 213: ...router to increase or decrease its estimate of the MSS Calculated MSS to peer MSS that path MTU discovery has calculated if PMTUD is enabled to the peer MSS received from peer MSS that the peer recei...

Страница 214: ...kts 0 in sequence pkts 0 bytes 0 chksum err pkts 0 bad offset pkts 0 short pkts 0 duplicate pkts 0 out of order pkts Sent 0 total pkts 0 data pkts 0 bytes 0 retransmitted pkts 0 retransmitted bytes Lo...

Страница 215: ...ONTROL 0 PRU_SENSE 0 PRU_RCVOOB 0 PRU_SENDOOB 0 PRU_SOCKADDR 0 PRU_PEERADDR 0 PRU_CONNECT2 0 PRU_FASTTIMO 0 PRU_SLOWTIMO 0 PRU_PROTORCV 0 PRU_PROTOSEND 0 Wildcard Matches 2 Rcv d Packets after connect...

Страница 216: ...nsmissions MTU MSS Information ENABLED on this connection MSS in effect 536 Calculated MSS to peer 536 MSS received from peer 0 Application set MSS 0 Xmit Interface MSS 0 MSS Sent to Peer 0 ICMP DestU...

Страница 217: ...s use ND to actively track the ability to reach neighbors When a router or the path to a router fails nodes actively search for alternatives to reach the destination IPv6 Neighbor Discovery correspond...

Страница 218: ...support Neighbor Discovery For information about modules that support Neighbor Discovery on the E120 and E320 Broadband Services Routers See E120 and E320 Module Guide Table 1 Modules and IOAs for det...

Страница 219: ...ns using a specified interval host1 config if ipv6 nd ns interval 500 4 Optional Configure the interface to assume that a neighbor is reachable for a specified time after a reachable confirmation even...

Страница 220: ...files to configure Neighbor Discovery route advertisements for dynamically configured interfaces In addition you can use RADIUS to configure the prefix in Neighbor Discovery route advertisements for d...

Страница 221: ...bility confirmation event occurs ipv6 nd reachable time Disables router advertisement transmissions ipv6 nd suppress ra For additional information about using IPv6 profiles to configure dynamic interf...

Страница 222: ...managed address configuration flag in IPv6 router advertisements Example host1 config if ipv6 nd managed config flag Use the no version of this command to clear the flag from IPv6 router advertisemen...

Страница 223: ...6 nd ra interval 500 Use the no version of this command to restore the default interval 200 seconds See ipv6 nd ra interval ipv6 nd ra lifetime Use to specify the router lifetime value in seconds in I...

Страница 224: ...et interface See ipv6 nd suppress ra ipv6 nd suppress ra source link layer Use to suppress IPv6 router advertisement transmissions on a local area network Ethernet interface Example host1 config if ip...

Страница 225: ...messages However the router relies on the receiving device to understand the address duplication and does not prompt a conflict if the address already exists The CLI allows you to specify the number...

Страница 226: ...pecific output appears in the output of various IPv6 show commands For detailed information about IPv6 show commands and their output see Configuring IPv6 on page 125 202 Monitoring Neighbor Discovery...

Страница 227: ...Part 2 Internet Protocol Routing Configuring RIP on page 205 Configuring OSPF on page 241 Configuring IS IS on page 325 Internet Protocol Routing 203...

Страница 228: ...204 Internet Protocol Routing JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Страница 229: ...rks RIP uses distance vector routing to route information through IP networks Distance vector routing requires that each router simply inform its neighbors of its routing table For each network path t...

Страница 230: ...he RIP request and response messages also contain a list of route entries Each route entry contains the following Address Entry Identifier The type of address Destination IP address The destination ad...

Страница 231: ...e RIP routing domain from external RIP routes which may have been imported from an EGP exterior gateway protocol or another IGP interior gateway protocol Routers supporting protocols other than RIP sh...

Страница 232: ...host1 config interface fastEthernet 0 0 host1 config if ip rip send version 2 host1 config if ip rip authentication mode text host1 config if ip rip authentication key ke6G72mV Example 2 The followin...

Страница 233: ...ort for routes matching a route map Alternatively you can explicitly specify routes for RIP to summarize Prefix Tree Example The following example shows how to configure a 16 bit route summary 1 Speci...

Страница 234: ...Multipath RIP supports equal cost multipath ECMP and installs into the routing table multiple entries for paths to the same destination Each of these multiple paths to a given destination must have th...

Страница 235: ...onal Specify a RIP send version for an interface By default RIP interfaces on your router send only RIPv1 Optional Specify an authentication mode and authentication password or key This step is permit...

Страница 236: ...route map 4 host1 config router redistribute bgp 100 route map 4 12 Optional Enable unicast communication with RIP neighbors host1 config router neighbor 10 10 21 100 host1 config router passive inte...

Страница 237: ...alues Send version is RIPv1 receive version is RIPv1 and RIPv2 authentication is not enabled Example host1 config router address 10 2 1 1 Use the no version to delete the RIP interface See address add...

Страница 238: ...ss receive version address send version Use to restrict the RIP version that the router can send on an interface The default is to send only RIPv1 Example host1 config router address 10 2 1 1 send ver...

Страница 239: ...t route See default information originate default metric Use to configure RIP to apply this metric for redistributed routes on all subsequently created interfaces Configuring a default metric lowers t...

Страница 240: ...of the distribute list See distribute list interface event disable Use to configure RIP to purge the routing table for interfaces that were brought down by some event Example host1 config router inte...

Страница 241: ...assword requests and updates from this router are rejected Specify md5 keyID to send an MD5 hash to neighbors Neighbors must share the MD5 key to decrypt the message and encrypt the response Example h...

Страница 242: ...cify a metric associated with the summary address The default metric is 1 Example host1 config router ip summary address 4 4 0 0 255 255 0 0 5 host1 config router ip summary address 4 3 0 0 255 255 0...

Страница 243: ...work mask to the new address so that RIP runs on that specific network If you do not specify an interface s network the network is not advertised in any RIP updates You can specify either the standard...

Страница 244: ...om the source routing protocol to the current routing protocol If you do not specify the route map option all routes are redistributed If you specify the route map option but no route map tags are lis...

Страница 245: ...d to the IP routing table The new route map is applied to all routes currently in and those subsequently placed in the forwarding table Previously redistributed routes are redistributed with the chang...

Страница 246: ...s invalid 60 host1 config router timers holddown 60 host1 config router timers flush 90 Use the no version to restore the default values 30 180 120 300 See timers triggered update disable Use to preve...

Страница 247: ...terfaces command CAUTION Issuing the ip rip copy to dynamic command enables RIP on all dynamic unnumbered interfaces that reference the interface and become active after issuing the command This may u...

Страница 248: ...ing table whereas routes available for multicast RPF checks appear in the multicast view of the routing table ip route type Use to specify whether RIP routes are available only for unicast forwarding...

Страница 249: ...a peer does not receive a BFD packet within the detection interval it declares the BFD session to be down and purges all routes learned from the remote peer NOTE Before the router can use the address...

Страница 250: ...ote Neighbors You can create RIP remote neighbors to enable the router to establish neighbor adjacencies through unidirectional interfaces such as MPLS tunnels rather than the standard practice of usi...

Страница 251: ...ghbors Remote neighbors must share the MD5 key to decrypt the message and encrypt the response This command is supported only in RIPv2 Authentication is disabled by default Example host1 config router...

Страница 252: ...25 100 14 Use the no version to remove the remote neighbor and any attributes configured for the remote neighbor See remote neighbor send version Use to restrict the RIP version that the router can s...

Страница 253: ...en the RIP router must have two unique local source IP addresses one for each of its remote neighbors Example host1 config router rn update source atm 2 0 17 Use the no version to delete the source ad...

Страница 254: ...0 7 You can set the verbosity of the messages you want displayed low medium high Example host1 debug ip rip events Use the no version to cancel the display of any information about the designated vari...

Страница 255: ...Name to limit the display to a specific VRF Use the ifconfig keyword to display address and interface configuration information instead of the default operational data Field descriptions Router Inform...

Страница 256: ...te 0 0 0 0 0 if the default route exists in the IP routing table Triggered Updates Ability enabled or disabled of RIP to send triggered updates Purge Routes on Interface Down Event Ability enabled or...

Страница 257: ...r BFD session failure The default is 300 milliseconds BFD minimum transmit interval msec Configured minimum interval between BFD control packets sent by the local RIP peer used with RIP peers to negot...

Страница 258: ...rk netmask Neighbor No Configured Neighbors Address Operational Data Unnumbered Rip is up ATM2 1 18 Dynamic creation and inherits configuration from loopback1 Received bad packet 0 Received bad routes...

Страница 259: ...tric default Passive Interface No Access list applied to outgoing route none Access list applied to incoming route none Route map applied to outgoing route none Copy configuration to dynamic interface...

Страница 260: ...nfiguration Rx Receive version of RIP on this interface Auth Type of authentication password text or MD5 Met Current value is the same as the router one the default metric Based on MIB 2 for RIP the i...

Страница 261: ...cates that the next address the packet should be sent to is the router that originally sent the RIP message Intf Interface that the route has learned Example host1 show ip rip database Prefix Length t...

Страница 262: ...1 Bad packet received 0 Bad routes received 0 BFD Down 192 168 1 250 Time since last update received 7 Peer version 2 Bad packet received 0 Bad routes received 0 BFD Up See show ip rip peer show ip ri...

Страница 263: ...Number of route changes 901 Number of route queries 0 fastEthernet 0 0 10 2 1 32 Received bad packet 0 Received bad routes 0 Triggered updates sent 2 Received updates 41 See show ip rip statistics sho...

Страница 264: ...240 Monitoring RIP JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Страница 265: ...OSPF Areas on page 266 Optimizing the Cost to Reach a Range of OSPF Routers Within an Area on page 270 Configuring Authentication on page 272 Configuring the BFD Protocol for OSPF on page 276 Configu...

Страница 266: ...an AS and after a short convergence period calculate new loop free routes This protocol has been designed expressly for the TCP IP Internet environment including explicit support for classless interdo...

Страница 267: ...ing CIDR A designated device OSPF router with which other routers form adjacencies reducing the number of adjacencies required on a broadcast or NBMA network designated router A collection of routers...

Страница 268: ...only to NSSAs Type 8 Not supported Type 9 Opaque LSA with a link local scope Type 9 LSAs are not flooded beyond the local network local link Type 10 Opaque LSA with an area local scope Type 10 LSAs ar...

Страница 269: ...g into the area however type 3 LSAs carrying default route information alone are injected into the area Totally stubby area A logical link between two backbone routers for which the link tunnels throu...

Страница 270: ...pf ospfv3 graceful restart 04 txt November 2006 expiration RFC 2328 OSPF Version 2 April 1998 RFC 2370 The OSPF Opaque LSA Option July 1998 RFC 2740 OSPF for IPv6 RFC 3623 Graceful OSPF Restart Novemb...

Страница 271: ...SPF as type 2 external Type 2 metric is much larger than the cost of any intra AS path the cost is equal to the external cost This is the OSPF default External 4 lowest If you use the redistribute com...

Страница 272: ...ath ECMP When building the shortest path tree OSPF calculates all paths of equal cost to a given destination If equal cost paths exist OSPF inserts into the routing table the next hops for all equal c...

Страница 273: ...rs New LSAs have been added to distribute IPv6 address information and data required for next hop resolution In addition to the obvious address and processing modifications to handle IPv6 addressing c...

Страница 274: ...options bits in the Network LSA to be originated for the link Intra area prefix LSA new for OSPFv3 Associates a list of IPv6 address prefixes with a transit network link by referencing a network LSA...

Страница 275: ...these tasks Starting OSPF You enable OSPFv2 and OSPFv3 differently When you enable OSPFv2 on your router you can create either a range of OSPFv2 interfaces or a single OSPFv2 interface When enabling...

Страница 276: ...PFv3 provides IPv6 support in the OSPF protocol To enable OSPFv3 1 Issue the ipv6 router ospf command and specify a process ID 2 Use the router id command to specify a router ID for OSPFv3 See Specify...

Страница 277: ...if ip address 2 2 2 1 255 255 255 0 host1 config if ip address 2 2 1 1 255 255 255 0 secondary host1 config router ospf 2 host1 config router network 2 2 2 0 0 0 0 255 area 0 host1 config router netwo...

Страница 278: ...from the OSPFv2 router context Example 1 host1 config router ospf 5 Example 2 host1 config ipv6 router ospf 5 Use the no version to end the designated OSPF routing process See router ospf See ipv6 ro...

Страница 279: ...o version of this command is deprecated and might be removed in a future release Use the ospf shutdown command to disable OSPF on the router See ospf enable router ospf Use to set an OSPF process ID T...

Страница 280: ...command area range Use to aggregate OSPF routes at an OSPF area border Use only for ABRs You can configure multiple instances of the area range command for a single OSPF area By default the range of c...

Страница 281: ...the address For OSPF these commands summarize only routes from other routing protocols that are being redistributed into OSPF With these commands you can reduce the load of advertising many OSPF exter...

Страница 282: ...etwork The ip ospf commands configure OSPF attributes for all OSPF networks in the given interface context for example in a multinet environment where multiple IP networks sit on top of an Ethernet in...

Страница 283: ...ddress or it can be unnumbered Example host1 config router address 192 168 10 32 area 6 host1 config router address 192 168 10 32 dead interval 60 Use the no version to reset the dead interval to the...

Страница 284: ...ress retransmit interval Use to specify the time between LSA retransmissions for the interface when an acknowledgment for the LSA is not received Specify an interval in the range 0 3600 seconds the de...

Страница 285: ...the value previously specified by the address command NOTE The ip ospf commands configure OSPF attributes for all OSPF networks in the given interface context for example in a multinet environment wh...

Страница 286: ...e no version to reset the path cost to the default value 1 See ip ospf cost See ipv6 ospf cost ip ospf dead interval ipv6 ospf dead interval Use to configure the interval since the last hello packet w...

Страница 287: ...6 ospf mtu ignore Use to specify that the interface disregard the MTU size contained in the data description packet When enabled the interface accepts data description packets from its neighbor even i...

Страница 288: ...xample 2 host1 config if ipv6 ospf priority 2 Use the no version to restore the default value 1 See ip ospf priority See ipv6 ospf priority ip ospf retransmit interval ipv6 ospf retransmit interval Us...

Страница 289: ...rk area command host1 config interface fastEthernet 0 0 host1 config if ip address 1 1 1 1 255 255 255 0 host1 config if ip address 2 2 2 2 255 255 255 0 secondary host1 config if exit host1 config ro...

Страница 290: ...host1 config int fastEthernet 0 0 host1 config if ip ospf cost 23 The cost of OSPF interface 10 10 1 1 does not change The previously issued address cost command is more specific for the interface an...

Страница 291: ...stub area An NSSA is like a stub area but it can also import external AS routes in a limited way To cause NSSA border routers to generate a type 7 default LSA in the OSPF database if there is a defaul...

Страница 292: ...can continue to flow into the area Example host1 config router area 47 0 0 0 stub Use the no version to disable this function See area stub area virtual link Use to configure an OSPF virtual link A v...

Страница 293: ...version to remove the virtual link s hello interval See area virtual link hello interval area virtual link retransmit interval Use to configure the retransmission interval on an OSPF virtual link The...

Страница 294: ...o area Use to remove the specified area only if no OSPF interfaces are configured in the area Example host1 config router no area 47 0 0 0 There is no affirmative version of this command there is only...

Страница 295: ...ABR 1 Router 4 Router 5 ABR 2 Router 6 A cost of 3 to reach Router 5 ABR 1 Router 4 Router 5 A cost of 2 to reach Router 4 ABR 1 Router 4 The highest individual cost is 5 ABR 1 subsequently advertises...

Страница 296: ...print or message digest of the input MD5 is used to create digital signatures It is a one way hash function meaning that it takes a message and converts it into a fixed string of digits called a messa...

Страница 297: ...rsion of that configuration command can delete the MD5 key ID and password Example host1 config router address 10 12 10 2 authentication message digest Use the no version to set authentication for the...

Страница 298: ...e digest Use to specify that MD5 authentication is used for the particular virtual link You must configure the MD5 key ID and password with the area virtual link message digest key md5 command Switchi...

Страница 299: ...me password on all neighboring routers on the same network Use this password only when you enable authentication for the interface You can specify whether the key is entered in unencrypted or encrypte...

Страница 300: ...eys The MD5 key is a character string up to 16 characters long You must also specify a key identifier and whether the key is entered in unencrypted or encrypted format If you do not specify which the...

Страница 301: ...Services Configuration Guide ip ospf bfd liveness detection ipv6 ospf bfd liveness detection Use to enable BFD bidirectional forwarding detection and define BFD values to more quickly detect OSPFv2 o...

Страница 302: ...F You can use these commands to perform the tasks listed in Table 11 on page 278 Table 11 Additional Configuration Tasks Set the maximum paths Filter and apply policy to routes Enable automatic cost c...

Страница 303: ...show ip ospf database OSPF Database Router Link States Area 0 0 0 0 Link ID ADV Router Age Seq Checksum 192 168 1 250 192 168 1 250 3 0x80000006 0x39a1 192 168 254 7 192 168 254 7 220 0x80000169 0xd2b...

Страница 304: ...nly on the interface type See auto cost reference bandwidth See ospf auto cost reference bandwidth baseline ip ospf baseline ipv6 ospf Use to set a baseline for OSPF statistics and counters The follow...

Страница 305: ...k state updates 0 link state acks Sent 0 total 0 pkts dropped 0 hello 0 database desc 0 link state req 0 link state updates 0 link state acks Supports only single TOS TOS0 routes SPF schedule delay 0...

Страница 306: ...neighbor command simultaneously on both ends of the OSPF link Doing so brings the OSPF link down completely In this event you must do one of the following on both sides of the link to bring the link b...

Страница 307: ...ault generate a default route into the OSPF routing domain The software must have a default route before it generates one except when you have specified the always keyword You can specify a metric for...

Страница 308: ...to enable OSPF on the interface See ip ospf shutdown See ipv6 ospf shutdown log adjacency changes ospf log adjacency changes Use to configure the router to send a log message when the state of an OSP...

Страница 309: ...n OSPF interface as part of its calculation of the OSPF interface cost The router uses various methods and precedence rules for the commands to calculate the OSPF interface cost For information on the...

Страница 310: ...f you specify route map but do not list any route map tags no routes are imported Use to redistribute routes from OSPF into other non OSPF routing domains Example 1 host1 config router ospf 5 host1 co...

Страница 311: ...ace Cost The router uses the methods and precedence listed in Table 12 on page 287 to calculate the OSPF interface cost Table 12 Methods and Precedence for Calculating OSPF Interface Cost Precedence C...

Страница 312: ...the metric and apply them selectively to redistributed routes host1 config access list 1 permit any any host1 config route map defmetric host1 config route map match ip address 1 host1 config route m...

Страница 313: ...the default for the medium You must first issue the address area command before issuing the address network command Example host1 config router address 10 12 10 2 network broadcast Use the no version...

Страница 314: ...nly within the indicated area mpls traffic eng router id Designates a router as traffic engineering capable and specifies the address of a stable router interface as the router ID of the node for traf...

Страница 315: ...c engineering Typically you specify a loopback interface to provide the greatest stability because this is flooded to all nodes The interface acts as the destination node for tunnels originating at ot...

Страница 316: ...eroperate on a router running OSPF Example host1 config router mpls traffic eng multicast intact Use the no version to disable interoperability between a multicast protocol and MPLS TE when running on...

Страница 317: ...ach other for example the neighbors must be in the same OSPF area and have the same hello interval and dead interval and so on After you have used the remote neighbor command to specify the remote nei...

Страница 318: ...emote neighbor before declaring the neighbor to be down Example host1 config router rn dead interval 180 Use the no version to restore the default value 40 seconds See dead interval hello interval Use...

Страница 319: ...te neighbor retransmit interval Use to set the time between LSA retransmissions for the OSPF remote neighbor interface when an acknowledgment for the LSA is not received Specify a value in the range 1...

Страница 320: ...rt extensions as defined in RFC 3623 Graceful OSPF Restart Graceful restart enables a router to continue forwarding OSPF traffic based on routing information it receives prior to an unplanned restart...

Страница 321: ...l restart restart time NOTE We recommend that you always enable stateful SRP switchover on routers that you have configured with OSPF graceful restart not doing so renders OSPF graceful restart config...

Страница 322: ...er If the grace period on the helper router expires before the receipt of max aged grace LSAs the helper router stops the restart process and does not respond to the restarting router The helper route...

Страница 323: ...tate change on an OSPF virtual interface nbrStateChange To indicate any state change on a nonvirtual OSPF neighbor virtNbrStateChange To indicate any state change on a virtual OSPF neighbor ifConfigEr...

Страница 324: ...eld definitions host1 show ip ospf neighbors history Transition log for neighbor 10 10 8 2 Interface Event Cause Time ATM2 0 8 Seen NA WED DEC 14 07 02 27 Transition log for neighbor 10 10 12 2 Interf...

Страница 325: ...the messages you want displayed low medium high Example 1 host1 debug ip ospf adj Example 2 host1 debug ipv6 ospf lsa Use the no version to cancel the display of any information about the designated v...

Страница 326: ...Interfaces Neighbors Traffic Virtual links Internal statistics MPLS tunnels and opaque LSAs You can use the output filtering feature of the show command to include or exclude lines of output based on...

Страница 327: ...th splits Maximum equal cost paths supported Areas Areas configured and their parameters Number of areas Number of areas in the router Example 1 host1 show ip ospf Routing Process OSPF 1 with Router I...

Страница 328: ...state acks LSA discard count 0 Supports only single TOS TOS0 routes SPF schedule delay 0 secs Hold time between two SPFs 3 secs Maximum path splits 4 Area BACKBONE 0 0 0 0 SPF algorithm executed 5 tim...

Страница 329: ...b 0 NSSA See show ip ospf See show ipv6 ospf show ip ospf border routers show ipv6 ospf border routers Use to display a list of OSPF border routers Field descriptions Destination Destination s router...

Страница 330: ...ptions Link ID Link state ID of the LSA for OSPFv2 For router links set to the router s OSPF router ID For network links set to the IP interface address of the network s designated router For type 3 s...

Страница 331: ...es supported by this router LS Type LSA type Link State ID Link state ID of the link local LSA Length Length of the LSA in bytes Bit set Bit set used by this LSA type Link connected to Type of network...

Страница 332: ...gth Length of the TLV varies according to the TLV Value Value of the TLV varies according to TLV Example 1 OSPFv2 output host1 show ip ospf database OSPF Database Router Link States Area 0 0 0 0 Link...

Страница 333: ...er Age Seq Checksum 5 5 0 250 5 5 0 250 496 0x800000001 0x51c0 Example 2 OSPFv3 general output host1 show ipv6 ospf database OSPF Database V3 Router Link States Area 0 0 0 0 Link ID ADV Router Age Seq...

Страница 334: ...Checksum 0 0 0 1 1 1 1 1 40 0x80000001 0xe5a0 Example 3 OSPFv3 database summary information host1 v2 show ipv6 ospf database database summary Area Router Network Intra Prefix Inter Prefix Inter Route...

Страница 335: ...Router 3 3 3 3 LS age 131 LS Seq Number 0x80000001 Checksum 0x6c69 Length 32 Options V6 bit set ExternalRoutingCapability R bit set Attached Router 3 3 3 3 Attached Router 2 2 2 2 Example 6 OSPFv3 LS...

Страница 336: ...e ID 0 0 0 1 Advertising Router 2 2 2 2 LS Seq Number 0x80000003 Checksum 0xa5fd Length 44 Number of Prefixes 1 Referenced LSA Type 0x 2001 Referenced LSA Advertising Router 2 2 2 2 Referenced LSA ID...

Страница 337: ...the link local LSA Advertising Router Router ID of the router that originated the LSA LS Seq Number Link state sequence number to identify duplicate or old LSIDs Checksum Checksum of the complete con...

Страница 338: ...LS Seq Number Link state sequence number to identify duplicate or old LSIDs Checksum Checksum of the complete contents of the LSA Length Length of the LSA in bytes TE Router ID Traffic engineering rou...

Страница 339: ...TOS capable No Type7 LSA ExternalRoutingCapability No Multicast Capability No External Attributes LSA LS Type Opaque Area TE Links Link State ID 1 0 0 1 Instance Advertising Router 100 1 1 1 LS Seq N...

Страница 340: ...Hello Dead Wait and Retransmit Neighbor Count Number of neighbors and their state adjacent neighbors LDP is configured through LDP autoconfig Indicates whether LDP is configured on the interface by me...

Страница 341: ...signated Router s router ID 1 1 1 1 Backup Designated Router s router ID 2 2 2 2 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Neighbor Count is 1 Adjacent neighbor count is 1 Adjac...

Страница 342: ...ernal statistics Routing Process OSPF 1 with Router ID 5 72 3 1 Internal OSPF Statistics bytes allocated free LSA bytes allocated 216 Router LSA bytes allocated 936 Summary bytes allocated 0 Neighbor...

Страница 343: ...decimal format You can use the history keyword with the show ip ospf neighbors command to display a history of up to 10 events for all OSPF neighbors or a specific OSPF neighbor This neighbor uptime t...

Страница 344: ...for neighbor 10 10 8 2 Interface Event Cause Time ATM2 0 8 Seen NA WED DEC 14 07 02 27 Transition log for neighbor 10 10 12 2 Interface Event Cause Time ATM2 0 12 Seen NA WED DEC 14 07 09 12 ATM2 0 1...

Страница 345: ...1 Transmit Delay is 1 sec Interface State POINT TO POINT Priority 1 No designated router on this network No backup designated router on this network Timer intervals configured Hello 10 Dead 40 Wait 4...

Страница 346: ...04 38 0 000 12 12 12 2 LSA Add 00 04 34 0 000 23 23 23 3 LSA Update 00 03 55 0 000 23 23 23 3 Protocol Off 00 03 51 0 000 23 23 23 3 LSA Add 00 03 47 0 000 12 12 12 2 LSA Add 00 03 43 0 000 23 23 23...

Страница 347: ...dropped hello Total number of hello packets sent database desc Total number of database description packets sent link state req Total number of link state request packets sent link state updates Tota...

Страница 348: ...ls Timer intervals in seconds configured for the link Hello Dead and Retransmit Example host1 show ip ospf virtual links Virtual link to router 192 168 1 13 in state POINT TO POINT Transmit Delay is 1...

Страница 349: ...w IS IS is a dynamic routing protocol developed by the International Organization for Standardization ISO and commonly referred to as ISO 10589 IS IS was originally developed at Digital Equipment Corp...

Страница 350: ...em IS Routing within an area Level 1 routers or intermediate systems track all the individual links routers and end systems within a level 1 area Level 1 routers do not know the identity of routers or...

Страница 351: ...possibly user data This chapter uses the term packet interchangeably with PDU protocol data unit PDU A numeric value assigned to the IP addresses on an IS IS route before the route is propagated to ot...

Страница 352: ...ter looks at a packet s area address and compares it with a destination address If the area portion of the destination address matches its own area s address the level 1 router uses the ID portion of...

Страница 353: ...y that can be entered in encrypted or unencrypted form The receiving router uses this authentication key to verify the packet You can configure the password for simple authentication by using the foll...

Страница 354: ...s Using MD5 authentication for domain routers protects against unauthorized routers injecting false routing information into the routing domain portions of your network This command also enables MD5 a...

Страница 355: ...nes to achieve appropriate timing between the actions startAcceptTime must be less than startGenTime stopGenTime must be less than stopAcceptTime When a new key replaces an old one the startGenTime ti...

Страница 356: ...if you do not specify stopGenTime and stopAcceptTime As noted previously if the last key expires the router continues to generate that key Many system operators choose to change their keys on a regula...

Страница 357: ...e extended IP reachability TLV type 135 carries IP prefixes and is similar to the IP reachability TLVs types 128 and 130 The extended IS reachability TLV type 22 contains information about a series of...

Страница 358: ...e the IP address from the interface and then add the IP address back to the interface Consequently when you remove and add back the IP address you must also remove the IS IS configuration from the int...

Страница 359: ...es by using an associated route map to set the tag Tagging an IS IS summary address For instructions and examples on configuring IS IS route tags see the sections listed in Table 14 on page 335 Table...

Страница 360: ...the routes from level 1 into level 2 host1 config route map map1 permit 5 host1 config route map match tag 221 host1 config route map set metric 10 host1 config route map set metric type external hos...

Страница 361: ...ributes origin distance preference level route type metric tag metric type The router applies the specified route map to all routes currently and subsequently installed in the routing table If any pre...

Страница 362: ...211 in its hello PDUs to signal the other routers that it supports graceful restart and to request help resynchronizing its LSP database Including the restart TLV in hello packets also ensures that ne...

Страница 363: ...estart is supported for IS IS IPv6 traffic depending on the availability of IPv6 high availability It does not affect IP traffic Platform Considerations For information about modules that support IS I...

Страница 364: ...1990 RFC 2763 Dynamic Hostname Exchange Mechanism for IS IS February 2000 RFC 2966 Domain wide Prefix Distribution with Two Level IS IS October 2000 RFC 2973 IS IS Mesh Groups October 2000 RFC 3277 In...

Страница 365: ...presented You must enable IS IS All other tasks are optional 1 Enable IS IS 2 Configure selected IS IS interface specific parameters 3 Configure selected global IS IS parameters 4 Configure selected I...

Страница 366: ...n router If you choose not to specify a tag name a null tag is assumed and the process is referenced with a null tag Use the same tag name for ip router isis as you did for the router isis command Exa...

Страница 367: ...is assumed and the process is referenced with a null tag Example host1 config router isis floor12 Use the no version to disable IS IS routing See router isis Summary Example host1 config router isis f...

Страница 368: ...1 1111 1111 00 8 Create the IS IS IPv6 address family for the interface host1 config router address family ipv6 unicast 9 Configure any of the following desired IS IS options for the address family re...

Страница 369: ...se to configure an IS IS routing process on an IPv6 interface Before the IS IS router process is useful you must assign a NET with the net command and enable some interfaces with IS IS Use the tag par...

Страница 370: ...value If that parameter has been modified from its default use the no version of the command to restore its default value Configuring Authentication You can set a password to authenticate IS IS hello...

Страница 371: ...lt metric is the value assigned when no quality of service QoS routing is performed You can configure the default metric for a specified interface by selecting level 1 or level 2 routing This resets t...

Страница 372: ...interval for an IS IS interface isis csnp interval Use to configure the isis csnp interval level for a specified interface The level can be configured independently for level 1 and level 2 For LAN int...

Страница 373: ...s are failing unnecessarily The advertised hold time in IS IS hellos is set to the hello multiplier times the hello interval Neighbors declare an adjacency to this router to be down after not having r...

Страница 374: ...default no padding See isis hello padding Configuring LSP Parameters You can configure the transmission interval retransmission interval and retransmission throttle interval for LSPs on an interface...

Страница 375: ...itted on point to point links The interval is the number of milliseconds between packets You can choose an interval in the range 0 65535 milliseconds The default delay value is 33 milliseconds The isi...

Страница 376: ...packets Optionally you can set a route tag for an IS IS passive interface by including the tag keyword and a numeric tag value in the passive interface command Passive interfaces have a metric of zero...

Страница 377: ...mand For example suppose you issue the following commands after the previous configuration host1 config router passive interface atm 2 0 1 host1 config router exit host1 config interface loopback 0 ho...

Страница 378: ...an IS IS routing process and access Router Configuration mode host1 config router isis engineering host1 config router 2 Configure a NET for the IS IS process host1 config router net 47 0010 0000 000...

Страница 379: ...By default IS IS treats the broadcast link as LAN media and tries to bring up the LAN adjacency even when the interface is configured as unnumbered or only a single neighbor exists on that link In con...

Страница 380: ...rk management and configuration This configuration enables IP processing on a point to point interface without an explicit IP address The IP unnumbered interface borrows the IP address of another inte...

Страница 381: ...authentication for either an area or a domain area authentication key Use to specify a password used by neighboring routers for authentication of IS IS level 1 LSPs CSNPs and PSNPs Issuing this comman...

Страница 382: ...ersion to delete the password See domain authentication key domain message digest key Use to configure HMAC MD5 authentication for a domain Generates a secure encrypted message digest of level 2 packe...

Страница 383: ...kets When authentication is enabled it uses either the simple text password specified by the domain authentication key command or the HMAC MD5 key specified by the domain message digest key command Yo...

Страница 384: ...2 Configure an access list with filters on routes 10 20 20 0 24 and 10 20 21 0 24 host1 config access list boston permit 10 20 0 0 0 0 255 255 3 Configure a route map that matches the previous access...

Страница 385: ...no no version See clear ip isis redistribution See clear isis ipv6 redistribution disable dynamic redistribute Use to halt the dynamic redistribution of routes that are initiated by changes to a rout...

Страница 386: ...s traffic from a level 1 router to a router in another area passes through the nearest level 1 2 router as its next hop Consider the topology shown in Figure 20 on page 362 Figure 20 Example of Level...

Страница 387: ...s family redistribute isis Use to redistribute IS IS IPv6 routes from level 1 to level 2 or from level 2 to level 1 Use the route map keyword to specify the route map to be applied You can use the rou...

Страница 388: ...domain A trade off decision must be made between scalability and optimality Issue this command from within the IS IS IPv6 address family to increase the granularity of IPv6 routing information within...

Страница 389: ...fic engineering enable the use of bigger metrics You can specify whether your router accepts generates or accepts and generates only old style metrics only new style metrics or both metric style narro...

Страница 390: ...provided for in current extensions to IS IS traffic engineering Use the transition option to accept old style and new style metrics only new style metrics are generated Specify whether the command ap...

Страница 391: ...uration Guide default information originate Use to generate a default route into an IS IS routing domain When you specify a route map with this command and the router has a route to 0 0 0 0 in the rou...

Страница 392: ...f default routes See suppress default Setting Router Type You can specify whether the router behaves as an IS IS station router area router or both is type Use to configure the router to act as either...

Страница 393: ...on to restore the default the value of the lowest cost route See summary prefix Avoiding Transient Black Holes When you start or reload a transit router that is running both IS IS and BGP the router i...

Страница 394: ...he LSP to inform the other routers in the domain that they can use it as a transit router BGP is assumed to have converged when all of the following conditions have been met 90 percent of BGP peers ha...

Страница 395: ...SPF calculations and revert to the original path of A 1 2 4 B Suppression for IS IS Graceful Restart When graceful restart is configured on the transit router the black hole avoidance feature is suppr...

Страница 396: ...word you cannot specify a time interval for on startup but can optionally do so for wait for bgp By default the overload bit is not set Example 1 host1 config router set overload bit Example 2 host1 c...

Страница 397: ...g category s messages You can also use the system log command to generate the desired log messages Example host1 config router log adjacency changes severity 3 verbosity low Use the no version to disa...

Страница 398: ...00 bytes the LSP MTU must be lowered accordingly on each router in the network If this is not done routing may become unpredictable Example host1 config router lsp mtu 1500 Use the no version to resto...

Страница 399: ...ut can slow down the rate of convergence Topology changes in a network cause all routers involved in the change to regenerate their LSDB and flood new LSPs throughout the network Therefore a router th...

Страница 400: ...hin the IS IS network This calculation results in the IS IS router containing a shortest path tree SPT that maps the shortest path to each node in the IS IS network By default the router uses a partia...

Страница 401: ...r IS hello packet to specify the length of time you consider the information in these packets to be valid In most cases leave these parameters at their default value which is 30 seconds Example host1...

Страница 402: ...tes IS IS can support You can select a number of routes or paths in the range 1 16 The default number for IS IS is 4 paths Example host1 config router maximum paths 12 Use the no version to restore th...

Страница 403: ...mily to apply a specified route map as a policy filter on an IS IS IPv6 route before the route is installed in the routing table IS IS IPv6 supports only a single table map Example The following comma...

Страница 404: ...retry times 3 Set the maximum time in seconds that the router waits for the LSP database to synchronize You must configure this parameter separately for each IS IS level at which the router operates...

Страница 405: ...ompleting the restart process You can specify a value in the range 5 120 seconds Example host1 config router nsf interface wait 45 Use the no version to restore the default maximum wait time 10 second...

Страница 406: ...ore the default T2 wait time 30 seconds See nsf t2 nsf t3 Use to specify the maximum amount of time in seconds that the restarting router waits before setting the overload bit The restarting router se...

Страница 407: ...outer nsf t2 level 1 70 host1 config router nsf t2 level 2 50 host1 config router nsf t3 adjacency host1 config router exit host1 config clns configuration time 120 host1 config clns holding time 600...

Страница 408: ...d For traffic beyond the endpoint the tunnel is considered equally with any other path Example host1 config router mpls spf use any best path Use the no version to disable the use of IGP best paths Se...

Страница 409: ...alue both See ip route type Configuring the BFD Protocol for IS IS The isis bfd liveness detection command configures the Bidirectional Forwarding Detection BFD protocol for IS IS The BFD protocol use...

Страница 410: ...inimum interval has the same effect as configuring the minimum receive interval and the minimum transmit interval to the same value The default value is 300 milliseconds You can use the multiplier key...

Страница 411: ...toring IS IS The CLI has commands available for monitoring IS IS parameters and CLNS parameters System Event Logs To troubleshoot and monitor IP use the following system event logs isisAdjChange IS IS...

Страница 412: ...isplay information about SPF calculations Monitor IS IS summary address information Display debug information Display host Display information about MPLS tunnels Clear adjacencies Display paths to int...

Страница 413: ...data spf triggers IS IS SPF triggering events update packets IS IS update related packets Example host1 debug isis adj packets Use the no version to disable debugging display See debug isis show host...

Страница 414: ...t specified a summary display is provided l1 Level 1 routing link state database l2 Level 2 routing link state database level 1 Level 1 routing link state database level 2 Level 2 routing link state d...

Страница 415: ...terface if configured Example 1 host1 show isis database IS IS Level 1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL 0000 0000 004E 00 00 0x000013F5 0x8BAA 1198 0 0 0 0000 0...

Страница 416: ...ess 222 9 1 1 Hostname zion Router ID 222 9 1 1 Metric 0 ES 2220 0900 1001 Metric 10 IS london 00 Administrative group 0 IPv4 Interface Address 221 1 1 1 IPv4 Neighbor Address 221 1 1 2 Maximum link b...

Страница 417: ...m LSP Holdtime ATT P OL Getafix v2 00 00 0x00000001 0x456D 1097 0 0 0 Example 5 host1 show isis database Getafix v2 detail IS IS Level 1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime...

Страница 418: ...ric 10 IP 30 0 0 0 24 Metric 10 IPv6 Internal Up 1 1 1 102 64 See show isis database show isis mpls adjacency log Use to display a log of the last 20 IS IS adjacency changes Field descriptions When Am...

Страница 419: ...bandwidth available for reservation on the link TE default metric Traffic engineering default metric value Affinity Bits Attributes flooded for the link Example host1 show isis mpls advertisements Sys...

Страница 420: ...rtisements show isis mpls tunnel Use to display information about tunnels used in the calculation of IS IS next hops Field descriptions System Id Name or system ID of the MPLS tail end destination rou...

Страница 421: ...Number of times the restarting router resends unacknowledged restart requests on this interface at the specified interval Adj Wait Time Maximum time in seconds that an IS IS process on the restarting...

Страница 422: ...Time 0 Restart Ack Recv Adj Count 0 level 1 0 level 2 LAN If DIS Wait Count 0 Restart CSNP Adj Recv Count 0 level 1 0 level 2 Local LSP Wait Count 0 level 1 0 level 2 See show isis nsf show isis spf...

Страница 423: ...00 0000 0101 0101 00 00 PRC LSP Sequence Update RTupdt 0 000 RtLeak 0 000 See show isis spf log show isis summary addresses Use to display the status of IS IS aggregate addresses Field descriptions Ad...

Страница 424: ...for a LAN circuit it is the MAC address not meaningful for a point to point circuit Example host1 show isis topology level 1 IS IS paths for level 1 routers System ID Metric Next Hop Intf SNPA barcel...

Страница 425: ...e to be shown Example host1 show clns traffic detail IS IS Baseline last set 0 days 0 hours 1 minutes 41 seconds IS IS Corrupted LSPs 0 IS IS L1 LSP Database Overloads 0 IS IS L2 LSP Database Overload...

Страница 426: ...ation from source LSP Checksum Checksum of the LSP packet LSP Holdtime Number of seconds that the LSP remains valid ATT Attach bit indicates that the router is a level 2 router and can reach other are...

Страница 427: ...ther IS IS is running in this router gives tag information and shows whether it is running level 1 or level 1 2 Routing for Area ISO NSAP address for the network Distribute domain wide enabled Indicat...

Страница 428: ...time that the router stops accepting packets created with this password Stop Generate Date and time that the router stops inserting this password into packets Use the es neighbors keyword to display i...

Страница 429: ...d Key id 1 Type hmac md5 Start Accept FRI JAN 14 09 57 41 2000 Start Generate FRI JAN 14 09 59 41 2000 Stop Accept 0 Stop Generate 0 Domain Authentication PSNP PDU authentication enabled CSNP PDU auth...

Страница 430: ...ing level 2 or local and area routing level 1 2 Interface number Number of the interface local circuit ID Local circuit ID of the interface Authentication Level 1 If area authentication is enabled lis...

Страница 431: ...l1 l2 Metric Metric for the interface Example 1 host1 show clns interface FastEthernet4 1 is up line protocol is up Checksums Enabled MTU 1500 Encapsulation SNAP Next ESH ISH is 5 seconds Routing Pro...

Страница 432: ...an IS and is waiting for an IS IS hello message IS IS regards the neighbor as not adjacent Up ES or IS is considered reachable Holdtime rem Remaining number of seconds before this adjacency entry time...

Страница 433: ...dress es 4 4 4 1 Graceful Restart Capable no Neighbor Restarting no host1 3 0090 1A41 081C F1 1 up 30 27 L1 IS IS Area Address es 49 0001 Ip Address es 4 4 4 3 Graceful Restart Capable no Neighbor Res...

Страница 434: ...of overloads in level 1 IS IS L2 LSP Database Overloads Number of overloads in level 2 IS IS Area Addresses Dropped Number of area addresses that the router dropped IS IS Attempts to Exceed Max Seque...

Страница 435: ...nvalid 9542s Number of rejected ES hello packets IS IS Malformed PDUs received Number of malformed packets received IS IS Authentication Failures Number of authentication failures on received level 1...

Страница 436: ...ast set 5 days 0 hours 3 minutes 31 seconds IS IS Protocol PDUs in out 10421 5862 IS IS Level 1 Hellos in out dropped 610046 610456 0 IS IS Level 2 Hellos in out dropped 610046 610456 0 IS IS Level 1...

Страница 437: ...ssions 0 IS IS Level 1 Designated IS Changes 1 IS IS Level 2 Designated IS Changes 1 IS IS Invalid 9542s 0 IS IS Malformed PDU received 0 IS IS Authentication Failures 0 Interface FastEthernet4 1 IS I...

Страница 438: ...414 Monitoring IS IS JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Страница 439: ...Part 3 Index Index on page 417 Index 415...

Страница 440: ...416 Index JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Страница 441: ...S IS 366 OSPF 283 RIP 210 aggregate addresses IS IS 368 OSPF routing 257 area border routers See ABRs OSPF area commands area 268 area default cost 267 area nssa 267 area range 256 area stub 267 area...

Страница 442: ...classes of IP addresses 7 Classless Interdomain Routing See CIDR clear arp command 21 clear ip commands clear ip interface 41 clear ip isis redistribution 359 clear ip ospf redistribution 283 clear i...

Страница 443: ...ion command 359 domain authentication key command 358 domain message digest key command 330 358 domain wide prefix distribution 364 dropped packets troubleshooting 88 DRs designated routers IS IS rout...

Страница 444: ...System See IS IS intermediate system See IS Internet addresses 8 Internet Control Message Protocol See ICMP Internet Layer TCP IP 5 interval rate LSP IS IS 373 intra area routes OSPF 247 IP 3 ARP pro...

Страница 445: ...14 route maps 14 source address validation 14 tcp adjust mss 14 unnumbered 14 virtual router 14 IP redirects enabling 60 ip rip commands 210 ip rip 210 ip rip authentication key 210 ip rip authenticat...

Страница 446: ...ulticast listener discovery 134 mtu maximum transmission unit 134 nd neighbor discovery 134 policy 134 sa validate 134 unnumbered 134 IPv6 routing with IS IS 333 IRDP ICMP Router Discovery Protocol en...

Страница 447: ...erval 346 isis tag 355 See also show isis commands ISO 10589 See IS IS ISO address 327 L leakage OSPF route 248 level 1 routing IS IS 326 level 2 routing IS IS 326 levels of IS IS routing 326 346 368...

Страница 448: ...sks 9 network service access point See NSAP network OSPF routing 263 next hop verification configuring example 31 steps for 34 overview 31 no area command 268 no ipv6 command 151 nonbroadcast networks...

Страница 449: ...F simple password authentication 247 272 PDU protocol data unit 327 physical addresses 7 ping command 62 131 point to point circuits IS IS 355 Point to Point Protocol See PPP point to point over LAN c...

Страница 450: ...commands router isis 341 router ospf 254 255 router rip 220 router IDs 29 245 router type IS IS 367 routes summarizing IS IS 368 summarizing RIP 207 using IS IS 385 using OSPF 291 using RIP 224 routi...

Страница 451: ...d interface 141 show access list command 82 show arp command 83 show clns commands show clns 403 show clns interface 406 show clns neighbors 408 show clns protocol 409 show clns traffic 410 show forwa...

Страница 452: ...incremental 299 spf interval command 374 split horizon mechanism 207 split horizon command 228 SRP modules global IP routing table on 25 starting IS IS MD5 packets 331 static routes 138 180 establishi...

Страница 453: ...ansport layer TCP IP 5 traps command 300 traps OSPF 299 triggered update disable command 220 troubleshooting dropped packets 88 IS IS 388 OSPF 300 RIP 229 ttl command 296 type command 66 type length v...

Страница 454: ...430 Index JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...

Отзывы:

Нет отзывов

Похожие инструкции для IGP - CONFIGURATION GUIDE V11.1.X

PowerShot SD10 Digital ELPH

Бренд: Canon Страницы: 124

Бренд: M-Audio Страницы: 4

Бренд: M-Audio Страницы: 4

DRUM AND BASS RIG

Бренд: M-Audio Страницы: 3

GROUPWISE 7 - WEB ACCESS

Бренд: Novell Страницы: 110

Бренд: SanDisk Страницы: 11

Бренд: ARTEX Страницы: 33

Бренд: UNIBLUE Страницы: 3

Бренд: Oracle Страницы: 130

Бренд: ICP Страницы: 60

Бренд: Xerox Страницы: 32

Бренд: Garmin Страницы: 4

Бренд: Asus Страницы: 9

Бренд: Sony Страницы: 119

Бренд: Sony Страницы: 4

Бренд: Sony Страницы: 1

Бренд: Paradyne Страницы: 1

FLASH 8-INTRODUCTION TO FLASH LITE 2.X...

Бренд: MACROMEDIA Страницы: 34

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды