JunOS Routing Essentials

Notes from my JunOS class taught 2-21-13 by Steven Elliott.

Route Preference

Routing Info Source Default Preference
Direct 0
Local 0
Static 5
OSPF Internal 10
IS-IS Level 1 Internal 15
IS-IS Level 2 Internal 18
RIP 100
OSPF AS External 150
IS-IS Level 1 External 160
IS-IS Level 2 External 165
BGP 170

Lower numbers are preferred.

Equal-cost load balancing is done by randomly choosing among the equal paths.

Routing Instances

Composed of: inet or inet6, interfaces, default route, and routing protocol such as OSPF.

master routing instance is primary

An interface can only belong to one routing instance.

OSPF

area 0.0.0.0 is backbone area

Static Routes

reject sends an ICMP unreachable back

discard is silent

Routing Policies

There are two types: import and export.

Import accepts routing updates, export sends out routing updates.

edit policy-options

Every protocol has a default policy

inet.0 Table

ProtocolImport PolicyExport Policy
BGPaccept bgpaccept active bgp
OSPFaccept ospfreject -- floods by default *
IS-ISaccept is-isreject -- floods by default *
RIPaccept rip from explicitly configured neighborsreject everything

* Link-State Updates are sent and allowed by default; this only prevents routes from other protocols from being exported

Routing Policy

Zero or more terms
Executed in order list until decision made

Export policy is used to export static route into OSPF.

Two steps: Define policy and apply policy.

Define policy under the edit policy-options hierarchy.

Apply routing policies as import or export policies at different levels (protocol dependent). For OSPF, only protocol-level import and export policies are allowed.

Policy example: 


[edit policy-options]
user@router# show
policy-statement policy-1 {
    term reject-rfc1918-prefixes {
        from {
            route-filter 172.16.0.0/12 orlonger;
            route-filter 192.168.0.0/16 orlonger;
            route-filter 10.0.0.0/8 orlonger;
        }
        then reject;
    }
}

Routing Commands

show route

show route protocol static

show route protocol ospf

show route forwarding-table

show route instance

set instance-type virtual-router

edit routing-options
To configure a static route

Extras--Not on Test

An SRX contains Routing instances

Each Routing instances has interfaces, a Zone, with a Routing Policy

Policy contains conditions.

Each condition has match criteria, THEN clause, and either ACCEPT or REJECT

Policy has a "Next Policy" pointer to then go to the next policy.

A policy's internal structure is the same as a firewall filter.

Both policies and firewall filters can have non-terminating actions, such as logging or changing class of service. Those actions can act as an IDS or an IPS.

Packet comes in.

First thing it hits is the POLICER.

Next it hits the FIREWALL FILTER.

Then it hits a DECISION POINT: Is there an EXISTING SESSION?

If not, it's the first packet in a session, and it goes through the FIRST PATH: SCREEN OS, SOURCE NAT, RT LOOKUP, POLICY, EGRESS PORT POLICY, DESTINATION NAT, APPLICATION LAYER GATEWAY, SESSION LOG CACHE.

If the first packet is dropped, all future packets in this session are denied.

All further packets in that session use the SESSION LOG CACHE to go down the FAST PATH.

Posted by Sam Bowne 2-21-13