630 ce routing

7/23/2019 630 Ce Routing

1/262

Concepts & ExamplesScreenOS Reference Guide

Routing

Release

6.3.0, Rev.02

Published: 2012-12-10

Revision02

Copyright 2012, Juniper Networks, Inc.

7/23/2019 630 Ce Routing

2/262

Juniper Networks, Inc.1194North Mathilda AvenueSunnyvale, California 94089USA408-745-2000www.juniper.net

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc.in the United

States and other countries. JunosE is a trademark of Juniper Networks, Inc.All othertrademarks, service marks, registered trademarks, or

registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,

transfer, or otherwise revise this publication without notice.

Products made or sold byJuniper Networks or components thereof might be covered by oneor more of thefollowingpatents that are

owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440,6,192,051, 6,333,650, 6,359,479, 6,406,312,

6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Copyright 2009, Juniper Networks, Inc.

All rights reserved.

Revision History

December 2012Revision 02

Content subject to change. The informationin this document is currentas of thedatelisted in the revisionhistory.

SOFTWARE LICENSE

The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase

order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks.

By using this software, you indicate that you understand and agree to be bound by those termsand conditions.

Generally speaking,the software license restricts the manner in which you are permitted to use the software and may contain prohibitions

against certain uses.The software license may state conditions under which the license is automatically terminated. You should consult

the license for further details.

For complete product documentation, please see the Juniper Networks Website atwww.juniper.net/techpubs.

END USER LICENSE AGREEMENT

The Juniper Networks product that is thesubject of this technical documentationconsists of (or is intended for usewith)Juniper Networks

software. Useof such software is subject to theterms and conditions of theEnd User License Agreement (EULA) posted at

http://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to theterms and conditions

of that EULA.

Copyright 2012, Juniper Networks, Inc.ii
http://www.juniper.net/techpubshttp://www.juniper.net/support/eula.htmlhttp://www.juniper.net/support/eula.htmlhttp://www.juniper.net/techpubs

7/23/2019 630 Ce Routing

3/262

Abbreviated Table of Contents

About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Part 1 Routing

Chapter 1 Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Chapter 2 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Chapter 3 Open Shortest Path First. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Chapter 4 Routing Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83Chapter 5 Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Chapter 6 Policy-Based Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Chapter 7 Multicast Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

Chapter 8 Internet Group Management Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Chapter 9 Protocol Independent Multicast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193

Chapter 10 ICMP Router Discovery Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Part 2 Index

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233

iiiCopyright 2012, Juniper Networks, Inc.

7/23/2019 630 Ce Routing

4/262

Copyright 2012, Juniper Networks, Inc.iv

Routing

7/23/2019 630 Ce Routing

5/262

Table of Contents


Document Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Document Feedback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv

Requesting Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxiv

Part 1 Routing


Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

How Static Routing Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

When to Configure Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Configuring Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Setting Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Setting a Static Route for a Tunnel Interface. . . . . . . . . . . . . . . . . . . . . . 10

Adding Descriptions to Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Enabling Gateway Tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Forwarding Traffic to the Null Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Preventing Route Lookup in Other Routing Tables. . . . . . . . . . . . . . . . . . . . . . 12

Preventing Tunnel Traffic from Being Sent on Non-Tunnel Interfaces. . . . . . 13

Preventing Loops Created by Summarized Routes. . . . . . . . . . . . . . . . . . . . . 13

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Permanently Active Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Changing Routing Preference with Equal Cost Multipath. . . . . . . . . . . . . . . . . . . . 14

Chapter 2 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Virtual Router Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Destination-Based Routing Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Route-cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Source-Based Routing Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Source Interface-Based Routing Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

vCopyright 2012, Juniper Networks, Inc.

7/23/2019 630 Ce Routing

6/262

Creating and Modifying Virtual Routers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Modifying Virtual Routers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Assigning a Virtual Router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Forwarding Traffic Between Virtual Routers. . . . . . . . . . . . . . . . . . . . . . . . . . 25

Configuring Two Virtual Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Creating and Deleting Virtual Routers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Creating a Custom Virtual Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Deleting a Custom Virtual Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Dedicating a Virtual Router to Management. . . . . . . . . . . . . . . . . . . . . . . . . . 28

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29Virtual Routers and Virtual Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Creating a Virtual Router in a Vsys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Sharing Routes Between Virtual Routers . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Limiting the Number of Routing Table Entries. . . . . . . . . . . . . . . . . . . . . . . . . 31

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Routing Features and Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Route Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Setting a Route Preference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Route Metrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Changing the Default Route Lookup Sequence. . . . . . . . . . . . . . . . . . . . 34

Route Lookup in Multiple Virtual Routers. . . . . . . . . . . . . . . . . . . . . . . . . 36Configuring Equal Cost Multipath Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

Route Redistribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Configuring a Route Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Route Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Configuring an Access List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Redistributing Routes into OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Exporting and Importing Routes Between Virtual Routers. . . . . . . . . . . . . . . 44

Configuring an Export Rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Configuring Automatic Export. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46


Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Router Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Hello Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Network Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Broadcast Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Point-to-Point Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Copyright 2012, Juniper Networks, Inc.vi

Routing

7/23/2019 630 Ce Routing

7/262

Point-to-Multipoint Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Link-State Advertisements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

Basic OSPF Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

Creating and Removing an OSPF Routing Instance. . . . . . . . . . . . . . . . . . . . . 51

Creating an OSPF Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Removing an OSPF Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Creating and Deleting an OSPF Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Creating an OSPF Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Deleting an OSPF Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Assigning Interfaces to an OSPF Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Assigning Interfaces to Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Configuring an Area Range. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Enabling OSPF on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Enabling OSPF on Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Disabling OSPF on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Verifying the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Redistributing Routes into Routing Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . .57WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Summarizing Redistributed Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Summarizing Redistributed Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Global OSPF Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Advertising the Default Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Virtual Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Creating a Virtual Link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Creating an Automatic Virtual Link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Setting OSPF Interface Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Authenticating Neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Configuring a Clear-Text Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Configuring an MD5 Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Configuring an OSPF Neighbor List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Rejecting Default Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Protecting Against Flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Configuring the Hello Threshold. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Configuring the LSA Threshold. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Enabling Reduced Flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

viiCopyright 2012, Juniper Networks, Inc.

Table of Contents

7/23/2019 630 Ce Routing

8/262

Creating an OSPF Demand Circuit on a Tunnel Interface. . . . . . . . . . . . . . . . . . . 69

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Point-to-Multipoint Tunnel Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Setting the OSPF Link-Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

Disabling the Route-Deny Restriction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Creating a Point-to-Multipoint Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

WebUI (Central Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

CLI (Central Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

WebUI (Remote Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

CLI (Remote Office Device) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

OSPFv3 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Multiple OSPFv3 Instances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

OSPFv3 Route Preference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

OSPFv3 Router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

OSPFv3 Area Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

OSPFv3 Interface Paramters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Route Redistribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Configuring OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

To enable OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

To create an OSPFv3 area with area-id 10. . . . . . . . . . . . . . . . . . . . . . . . 79

To Assign Interfaces to OSPFv3 Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . 79

To Configure Area Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80

To redistribute routes from BGP to OSPFv3 . . . . . . . . . . . . . . . . . . . . . . .80To configure OSPFv3 interface parameters. . . . . . . . . . . . . . . . . . . . . . .80

Monitoring OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80

Chapter 4 Routing Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Basic RIP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Creating and Deleting a RIP Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Creating a RIP Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Deleting a RIP Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Enabling and Disabling RIP on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Enabling RIP on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Disabling RIP on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Redistributing Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Copyright 2012, Juniper Networks, Inc.viii

Routing

7/23/2019 630 Ce Routing

9/262

Viewing RIP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Viewing the RIP Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Viewing RIP Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

Viewing RIP Neighbor Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90

Viewing RIP Details for a Specific Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Global RIP Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Advertising the Default Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93Configuring RIP Interface Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Authenticating Neighbors by Setting a Password. . . . . . . . . . . . . . . . . . . . . . 95

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

Configuring Trusted Neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

Rejecting Default Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Protecting Against Flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Configuring an Update Threshold. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97

Enabling RIP on Tunnel Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Optional RIP Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Setting the RIP Version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Enabling and Disabling a Prefix Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Enabling a Prefix Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Disabling a Prefix Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Setting Alternate Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Demand Circuits on Tunnel Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Configuring a Static Neighbor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

ixCopyright 2012, Juniper Networks, Inc.

Table of Contents

7/23/2019 630 Ce Routing

10/262

Configuring a Point-to-Multipoint Tunnel Interface. . . . . . . . . . . . . . . . . . . . . . . 104

WebUI (Central Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

CLI (Central Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

WebUI (Remote Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109

CLI (Remote Office Device). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Chapter 5 Border Gateway Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Multiprotocol BGP for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Types of BGP Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Path Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

External and Internal BGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Basic BGP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Creating and Enabling a BGP Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Creating a BGP Routing Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Removing a BGP Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Enabling and Disabling BGP on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . 116Enabling BGP on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

Disabling BGP on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Configuring BGP Peers and Peer Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Configuring a BGP Peer (IPv4). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Configuring a BGP Peer (IPv6). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Configuring an IBGP Peer Group (IPv4). . . . . . . . . . . . . . . . . . . . . . . . . 120

Configuring an IBGP Peer Group (IPv6). . . . . . . . . . . . . . . . . . . . . . . . . . 121

Verifying the BGP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

Viewing BGP Advertised and Received Routes for Neighbors. . . . . . . . . . . . 123

Enabling BGP Address Families for Neighbors. . . . . . . . . . . . . . . . . . . . . . . .124

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

AdvertisingIPv6 Routes Between IPv4BGP Peersand IPv4Routes Between

IPv6 BGP Peers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Security Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Authenticating BGP Neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Rejecting Default Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Optional BGP Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Redistributing Routes into BGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Maximum Routes for Redistribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Configuring an AS-Path Access List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131

Copyright 2012, Juniper Networks, Inc.x

Routing

7/23/2019 630 Ce Routing

11/262

Adding Routes to BGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Conditional Route Advertisement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Setting the Route Weight. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132

Setting Route Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132

Route-Refresh Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Requesting an Inbound Routing Table Update. . . . . . . . . . . . . . . . . . . . 134

Requesting an Outbound Routing Table Update. . . . . . . . . . . . . . . . . . 134

Configuring Route Reflection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136

Configuring a Confederation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138

BGP Communities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Route Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Aggregating Routes with Different AS Paths. . . . . . . . . . . . . . . . . . . . . 140

Suppressing More-Specific Routes in Updates. . . . . . . . . . . . . . . . . . . . 141Selecting Routes for Path Attribute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Changing Attributes of an Aggregated Route. . . . . . . . . . . . . . . . . . . . . 143


Policy Based Routing Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Extended Access-Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Match Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Action Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Route Lookup with PBR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Configuring PBR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Configuring an Extended Access List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Configuring a Match Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Configuring an Action Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

Configuring a PBR Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

Binding a PBR Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Binding a PBR Policy to an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Binding a PBR Policy to a Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Binding a PBR Policy to a Virtual Router. . . . . . . . . . . . . . . . . . . . . . . . .152

Viewing PBR Output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Viewing an Extended Access List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

CLI 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

xiCopyright 2012, Juniper Networks, Inc.

Table of Contents

7/23/2019 630 Ce Routing

12/262

CLI 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Viewing a Match Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Viewing an Action Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

CLI 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

CLI 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Viewing a PBR Policy Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154

Viewing a Complete PBR Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Advanced PBR Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155

Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156PBR Elements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Extended Access Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Match Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Action Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

PBR Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

Interface Binding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

Advanced PBR with High Availability and Scalability. . . . . . . . . . . . . . . . . . . . . . 159

Resilient PBR Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Scalable PBR Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160


Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

Multicast Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162

Reverse Path Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Multicast Routing on Security Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Multicast Routing Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Configuring a Static Multicast Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Access Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Configuring Generic Routing Encapsulation on Tunnel Interfaces. . . . . . . .164

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Multicast Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Copyright 2012, Juniper Networks, Inc.xii

Routing

7/23/2019 630 Ce Routing

13/262


Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Multicast Routers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

IGMP on Security Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Enabling and Disabling IGMP on Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Enabling IGMP on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Disabling IGMP on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Configuring an Access List for Accepted Groups. . . . . . . . . . . . . . . . . . . . . . 172

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Configuring IGMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Verifying an IGMP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

IGMP Operational Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

IGMP Proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Membership Reports Upstream to the Source. . . . . . . . . . . . . . . . . . . . . . . .177

Configuring IGMP Proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Configuring IGMP Proxy on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Multicast Policies for IGMP and IGMP Proxy Configurations. . . . . . . . . . . . . 180

Creating a Multicast Group Policy for IGMP. . . . . . . . . . . . . . . . . . . . . . 180

Creating an IGMP Proxy Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Setting Up an IGMP Sender Proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

WebUI (NS2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188CLI (NS2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190


Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

Multicast Distribution Trees. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Designated Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196

Mapping Rendezvous Points to Groups. . . . . . . . . . . . . . . . . . . . . . . . . 196

Forwarding Traffic on the Distribution Tree. . . . . . . . . . . . . . . . . . . . . . . 197

PIM-SSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Configuring PIM-SM on Security Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Enabling and Deleting a PIM-SM Instance for a VR. . . . . . . . . . . . . . . . . . . 200

Enabling PIM-SM Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Deleting a PIM-SM Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Enabling and Disabling PIM-SM on Interfaces. . . . . . . . . . . . . . . . . . . . . . .200

Enabling PIM-SM on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Disabling PIM-SM on an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Multicast Group Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Static-RP-BSR Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Join-Prune Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

xiiiCopyright 2012, Juniper Networks, Inc.

Table of Contents

7/23/2019 630 Ce Routing

14/262

Defining a Multicast Group Policy for PIM-SM. . . . . . . . . . . . . . . . . . . . 202

Setting a Basic PIM-SM Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

WebUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Verifying the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Configuring Rendezvous Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Configuring a Static Rendezvous Point. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

Configuring a Candidate Rendezvous Point. . . . . . . . . . . . . . . . . . . . . . . . . . 210

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210

Security Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Restricting Multicast Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211

Restricting Multicast Sources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Restricting Rendezvous Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

PIM-SM Interface Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213

Defining a Neighbor Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Defining a Bootstrap Border. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Configuring a Proxy Rendezvous Point. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

WebUI (NS1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

WebUI (NS2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

CLI (NS1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

CLI (NS2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

PIM-SM and IGMPv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223


Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225

Configuring ICMP Router Discovery Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

Enabling ICMP Router Discovery Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . 226

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226

Configuring ICMP Router Discovery Protocol from the WebUI. . . . . . . . . . . 227

Configuring ICMP Router Discovery Protocol from the CLI. . . . . . . . . . . . . . 227

Advertising an Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Broadcasting the Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228

Setting a Maximum Advertisement Interval. . . . . . . . . . . . . . . . . . . . . . 228

Setting a Minimum Advertisement Interval. . . . . . . . . . . . . . . . . . . . . .228

Setting an Advertisement Lifetime Value. . . . . . . . . . . . . . . . . . . . . . . .228

Copyright 2012, Juniper Networks, Inc.xiv

Routing

7/23/2019 630 Ce Routing

15/262

Setting a Response Delay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229

Setting an Initial Advertisement Interval. . . . . . . . . . . . . . . . . . . . . . . . 229

Setting a Number of Initial Advertisement Packets. . . . . . . . . . . . . . . . 229

Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229

Disabling IRDP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Viewing IRDP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

CLI 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

CLI2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

Part 2 Index

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

xvCopyright 2012, Juniper Networks, Inc.

Table of Contents

7/23/2019 630 Ce Routing

16/262

Copyright 2012, Juniper Networks, Inc.xvi

Routing

7/23/2019 630 Ce Routing

17/262

List of Figures


Figure 1: Images in Illustrations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv

Part 1 Routing


Figure 2: Static Routing Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Figure 3: Static Route Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Figure 4: Static Route for a Tunnel Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Chapter 2 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Figure 5: Route-cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Figure 6: Source-Based Routing Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Figure 7: Source Interface-Based Routing Example. . . . . . . . . . . . . . . . . . . . . . . . 23

Figure 8: Virtual Routers Within a Vsys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Figure 9: Default Route Lookup Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

Figure 10: Route Lookup in Multiple VRs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37


Figure 11: OSPF Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Figure 12: Creating a Virtual Link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Figure 13: Point-to-MultiPoint Network Example. . . . . . . . . . . . . . . . . . . . . . . . . . 72


Figure 14: Tunnel Interface with RIP Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Figure 15: Point-to-MultiPoint with Tunnel Interface Network Example. . . . . . . 106


Figure 16: IPv4 BGP Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Figure 17: Conditional BGP Route Advertisement Example. . . . . . . . . . . . . . . . . .132

Figure 18: BGP Route Reflection Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136

Figure 19: BGP Confederations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Figure 20: BGP Confederation Configuration Example. . . . . . . . . . . . . . . . . . . . . 138

Chapter 6 Policy-Based Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Figure 21: Routing HTTP and HTTPS Traffic with Policy Based Routing. . . . . . . 148

Figure 22: Selective Routing by Traffic Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . .156


Figure 23: Reverse Path Forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Figure 24: GRE on Tunnel Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165


xviiCopyright 2012, Juniper Networks, Inc.

7/23/2019 630 Ce Routing

18/262

Figure 25: IGMP Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Figure 26: IGMP Proxy Host Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178

Figure 27: IGMP Proxy Configuration Between Two Devices. . . . . . . . . . . . . . . . .181

Figure 28: IGMP Sender Proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Figure 29: IGMP Sender Proxy Network Example. . . . . . . . . . . . . . . . . . . . . . . . . 188


Figure 30: IGMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Figure 31: PIM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Figure 32: Source Sending Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Figure 33: Host Joining a Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Figure 34: Basic PIM-SM Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Figure 35: Proxy Rendezvous Point Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Figure 36: Proxy RP Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Copyright 2012, Juniper Networks, Inc.xviii

Routing

7/23/2019 630 Ce Routing

19/262

List of Tables

Part 1 Routing


Table 1: Routing Table Summary for Routers X, Y, and Z. . . . . . . . . . . . . . . . . . . . . 4

Chapter 2 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Table 2: Default Route Preference Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Table 3: Route Map Match Conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Table 4: Route Map Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Chapter 3 Open Shortest Path First. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Table 5: LSA Types and Content Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

Table 6: OSPF Areas Parameters and Default Values. . . . . . . . . . . . . . . . . . . . . .53

Table 7: Global OSPF Parameters and Default Values. . . . . . . . . . . . . . . . . . . . . . 59

Table 8: Optional Parameters for Virtual Links. . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Table 9: Optional OSPF Interface Parameters and Default Values. . . . . . . . . . . . 63

Table 10: OSPFv3 Route Preference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Table 11: OSPFv3 Interface Paramters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Table 12: OSPFv3 get commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81


Table 13: Global RIP Parameters and Default Values. . . . . . . . . . . . . . . . . . . . . . .91Table 14: RIP Interface Parameters and Default Values. . . . . . . . . . . . . . . . . . . . . 93

Table 15: Troubleshooting the Demand Circuit Retransmit Timer . . . . . . . . . . . . 104


Table 16: BGP Peer and Peer Group Parameters and Default Values. . . . . . . . . .118

Table 17: Optional BGP Parameters and Default Values. . . . . . . . . . . . . . . . . . . . 128


Table 18: Interface Configuration for Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157


Table 19: IGMP Host Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Table 20: IGMP Querier Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170

Table 21: IGMP Querier Interface Parameters and Default Values . . . . . . . . . . . . . 175


Table 22: PIM-SIM Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213


Table 23: IRDP WebUI Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

xixCopyright 2012, Juniper Networks, Inc.

7/23/2019 630 Ce Routing

20/262

Copyright 2012, Juniper Networks, Inc.xx

Routing

7/23/2019 630 Ce Routing

21/262

About This Guide

Routing contains the following chapters:

Static Routing on page 3 explains route tables and how to configure static routes

for destination-basedrouting, SourceInterface-BasedRouting (SIBR),or source-based

routing.

Routing on page 15 explains how to configure virtual routers on security devices and

how to redistribute routing table entries between protocols or between virtual routers.

Open Shortest Path First on page 47 describes how to configure the OSPF dynamic

routing protocol on security devices.

Routing Information Protocol on page 83 explains how to configure Routing

Information Protocol l (RIP).

Border Gateway Protocol on page 111 explains how to configure Border Gateway

Protocol (BGP).

Policy-BasedRoutingon page145 describespolicybased routing (PBR).PBR provides

a flexible routingmechanism fordata forwarding overnetworks that rely on Application

Layer support such as for antivirus (AV), deep inspection (DI), or Web filtering.

Multicast Routing on page 161 explains multicast routing basics, including how to

configure static multicast routes.

Internet Group Management Protocolon page 169explains howto configure Internet

Group Management Protocol (IGMP).

Protocol Independent Multicast on page 193 explains how to configure Protocol

Independent Multicast-Sparse Mode (PIM-SM) and Protocol Independent

Multicast-Source Specific Multicast (PIM-SSM).

ICMPRouterDiscoveryProtocol on page225 explains howto setup an InternetControl

Message Protocol (ICMP) exchange between a host and a router.

Document Conventions on page xxi

Document Feedback on page xxiv

Requesting Technical Support on page xxiv

Document Conventions

This document uses the conventions described in the following sections:

xxiCopyright 2012, Juniper Networks, Inc.

7/23/2019 630 Ce Routing

22/262

Web User Interface Conventions on page xxii

Command Line Interface Conventions on page xxii

Naming Conventions and Character Types on page xxiii

Illustration Conventions on page xxiii

Web User Interface

Conventions

TheWeb userinterface(WebUI) containsa navigational path and configuration settings.

To enter configuration settings, begin by clicking a menu item in the navigation tree on

the left side of the screen. As you proceed, your navigation path appears at the top of

the screen, with each page separated by angle brackets.

The following example shows the WebUI path and parameters for defining an address:

Policy > Policy Elements > Addresses > List > New: Enter the following, then click OK:

Address Name: addr_1

IP Address/Domain Name:

IP/Netmask: (select), 10.2.2.5/32

Zone: Untrust

To open Online Help for configuration settings, click the question mark (?) in the upper

right of the screen.

The navigation tree also provides a Help > Config Guide configuration page to help you

configure security policies and Internet Protocol Security (IPSec). Select an option from

the list, and follow the instructions on the page. Click the ? character in the upper right

for Online Help on the Config Guide.

Command Line

Interface Conventions

The following conventions are used to present the syntax of command line interface

(CLI) commands in text and examples.

In text, commands are in boldface type and variables are in italic type.

In examples:

Variables are in italic type.

Anything inside square brackets [ ] is optional.

Anything inside braces { } is required.

If there is more than one choice, each choice is separated by a pipe ( | ). For example,

the following command means set the management options for the ethernet1, the

ethernet2, orthe ethernet3 interface:

set interface { ethernet1 | ethernet2 | ethernet3 } manage

NOTE: When entering a keyword, you only have to type enough letters to

identify the word uniquely. Typing set adm u whee j12fmt54 will enter the

command set admin user wheezer j12fmt54. However, all the commands

documented in this guide are presented in their entirety.

Copyright 2012, Juniper Networks, Inc.xxii

Routing

7/23/2019 630 Ce Routing

23/262

Naming Conventions

and Character Types

ScreenOS employs the following conventions regarding the names of objectssuch as

addresses, admin users, auth servers, IKE gateways, virtual systems, VPN tunnels, and

zonesdefined in ScreenOS configurations:

If a name string includes oneor more spaces, theentire stringmust be enclosed withindouble quotes; for example:

set address trust local LAN 10.1.1.0/24

Any leading spaces or trailing text within a set of double quotes are trimmed; for

example, localLAN becomes local LAN.

Multiple consecutive spaces are treated as a single space.

Name strings are case-sensitive, although many CLI keywords are case-insensitive.

For example, local LAN is different from local lan.

ScreenOS supports the following character types:

Single-byte charactersets (SBCS) and multiple-bytecharactersets(MBCS). Examplesof SBCS are ASCII, European, and Hebrew. Examples of MBCSalso referred to as

double-byte character sets (DBCS)are Chinese, Korean, and Japanese.

ASCII characters from 32 (0x20 in hexadecimals) to 255 (0xff), except double quotes

( ), which have special significanceas an indicator of the beginning or end of a name

string that includes spaces.

NOTE: A console connection only supports SBCS. The WebUI supports

both SBCS and MBCS, depending on the character sets that your browser

supports.

Illustration

Conventions

Figure 1 on page xxiv shows the basic set of images used in illustrations throughout this

guide.

xxiiiCopyright 2012, Juniper Networks, Inc.

About This Guide

7/23/2019 630 Ce Routing

24/262

Figure 1: Images in Illustrations

Document Feedback

If you find any errors or omissions in this document, contact Juniper Networks at

[email protected].

Requesting Technical Support

Technical product supportis availablethrough the JuniperNetworks Technical Assistance

Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,

or are covered under warranty, and need postsales technical support, you can access

our tools and resources online or open a case with JTAC.

JTAC policiesFor a complete understanding of our JTAC procedures and policies,

review theJTAC User Guide located at

http://www.juniper.net/customers/support/downloads/710059.pdf.

Product warrantiesFor product warranty information, visit

http://www.juniper.net/support/warranty/.

JTAC hours of operationThe JTAC centers have resources available 24 hours a day,

7 days a week, 365 days a year.

Copyright 2012, Juniper Networks, Inc.xxiv

Routing
http://www.juniper.net/customers/support/downloads/710059.pdfhttp://www.juniper.net/support/warranty/http://www.juniper.net/support/warranty/http://www.juniper.net/customers/support/downloads/710059.pdf

7/23/2019 630 Ce Routing

25/262

Self-Help Online Tools

and Resources

For quick and easy problem resolution, Juniper Networks has designed an online

self-service portal called the Customer Support Center (CSC) thatprovides you withthe

following features:

Find CSC offerings http://www.juniper.net/customers/support/

Search for known bugsFind product

documentationhttp://www.juniper.net/techpubs/

Find solutions and answer questions usingour KnowledgeBase http://kb.juniper.net/

Download the latest versions of software and review your release notes

http://www.juniper.net/customers/csc/software/

Search technical bulletins for relevant hardware and software

notificationshttp://www.juniper.net/alerts/

Join and participate in the Juniper Networks Community Forum

http://www.juniper.net/company/communities/

Open a case online in the CSC Case Manager

http://www.juniper.net/customers/cm/

To verify service entitlement by product serial number, use our Serial Number

Entitlement (SNE) Tool

https://tools.juniper.net/SerialNumberEntitlementSearch/

Opening a Case with

JTAC

You can open a case with JTAC on the Web or by telephone.

Use the Case Manager tool in the CSC at http://www.juniper.net/customers/cm/.

Call 1-888-314-JTAC (1-888-314-5822toll free in USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, visit us at

http://www.juniper.net/customers/support/requesting-support/.

xxvCopyright 2012, Juniper Networks, Inc.

About This Guide
http://www.juniper.net/customers/support/http://www.juniper.net/techpubs/http://kb.juniper.net/http://www.juniper.net/customers/csc/software/http://www.juniper.net/alerts/http://www.juniper.net/company/communities/http://www.juniper.net/customers/cm/https://tools.juniper.net/SerialNumberEntitlementSearch/http://www.juniper.net/customers/cm/http://www.juniper.net/customers/support/requesting-support/http://www.juniper.net/customers/support/requesting-support/http://www.juniper.net/customers/cm/https://tools.juniper.net/SerialNumberEntitlementSearch/http://www.juniper.net/customers/cm/http://www.juniper.net/company/communities/http://www.juniper.net/alerts/http://www.juniper.net/customers/csc/software/http://kb.juniper.net/http://www.juniper.net/techpubs/http://www.juniper.net/customers/support/

7/23/2019 630 Ce Routing

26/262

Copyright 2012, Juniper Networks, Inc.xxvi

Routing

7/23/2019 630 Ce Routing

27/262

PART 1

Routing

Static Routing on page 3

Routing on page 15

Open Shortest Path First on page 47

Routing Information Protocol on page 83

Border Gateway Protocol on page 111

Policy-Based Routing on page 145

Multicast Routing on page 161

Internet Group Management Protocol on page 169

Protocol Independent Multicast on page 193

ICMP Router Discovery Protocol on page 225

1Copyright 2012, Juniper Networks, Inc.

7/23/2019 630 Ce Routing

28/262

Copyright 2012, Juniper Networks, Inc.2

Routing

7/23/2019 630 Ce Routing

29/262

CHAPTER 1

Static Routing

This chapter discusses static routing and explains when and how to set up static routes.

It contains the following sections:

Overview on page 3

Forwarding Traffic to the Null Interface on page 12

Permanently Active Routes on page 14

Changing Routing Preference with Equal Cost Multipath on page 14

Overview

A static route is a manually configured mapping of an IP network address to a next-hop

destination (another router) that you define on a Layer 3 forwarding device, such as a

router.

For a network that has few connections to other networks, or for networks where

inter-network connections are relatively unchanging, it is usually more efficient to define

static routes rather than dynamicroutes. ScreenOSretains static routes untilyouexplicitly

remove them. However, you can override static routes with dynamic route information

if necessary.

You can view static routes in the ScreenOS routing table. To force load-balancing, you

can configure Equal Cost Multi-Path (ECMP). To only use active gateways, you can set

gateway tracking.

You should set at least a null route as a default route (network address 0.0.0.0/0). A

default route is a catch-all entry for packets that are destined for networks other than

those defined in the routing table.

How Static Routing Works

When a host sends packets to another host that resides on a different network, each

packet header contains the address of the destination host. When a router receives a

packet, it compares the destination address to all addresses contained in its routing

table. The router selects the most specific route in the routing table to the destination

address and, from the selected route entry, determines the next-hop to forward the

packet.


7/23/2019 630 Ce Routing

30/262

NOTE: The most specific route is determined by first performing a bit-wise

logical AND of the destination address and network mask for each entry in

theroutingtable. Forexample, a bit-wise logical ANDof theIP address10.1.1.1

with the subnet mask 255.255.255.0is 10.1.1.0. The route thathas the highest

number of bits set to 1 in the subnet mask is the most specific route (also

called the longest matching route).

Figure 2 onpage 4 represents a network that uses static routing and a sample IP packet.

In this example, host 1 in network A wants toreach host 2 in network C. The packet to be

sent contains the following data in the header:

Source IP address

Destination IP address

Payload (message)

Figure 2: Static Routing Example

Router X

Host 1 Host 2

Network A Network CNetwork B

Router Y

SRCIP

Host 1 Host 2 Payload

DSTIP

Router Z

Table 1 on page 4 summarizes the routing table of each router.

Table 1: Routing Table Summary for Routers X, Y, and Z

Router ZRouter YRouter X

GatewayNetworkGatewayNetworkGatewayNetwork

Router XNet ARouter XNet AConnectedNet A

ConnectedNet BConnectedNet BConnectedNet B

ConnectedNet CConnectedNet CRouter YNet C

In Table1 onpage 4, router X has a staticroute configured for network C with thegateway

(next-hop) as router Y. When router X receives the packet destined for host 2 in network

C, it compares the destination address in the packet with its routing table and finds that

the last route entry in the table is the most specific route to the destination address. The

last route entry specifies to send traffic destined for network C to router Y for delivery.

Router Y receives the packet, and,becauseit knows thatnetwork C is directly connected,

it sends the packet through the interface connected to that network.


Routing

7/23/2019 630 Ce Routing

31/262

If router Y fails, or if the link between router Y and network C is unavailable, the packet

cannot reach host 2. While there is another route for network C through router Z, that

route has not been statically configured on router X, so router X does not detect the

alternate route.

When to Configure Static Routes

You need todefineatleasta few staticroutesevenwhen using dynamicroutingprotocols.

You need to define static routes for conditions such as the following:

You need to define a static route to adda default route (0.0.0.0/0) to therouting table

for a virtual router (VR). For example, if you are using two VRs on the same security

device, the trust-vr routing table could contain a default route that specifies the

untrust-vr as thenext hop.This allows trafficfordestinationsthat arenot in thetrust-vr

routing table to be routed to the untrust-vr. You can also define a default route in the

untrust-vr to route to a specific IP address traffic for destinations not found in the

untrust-vr routing table.

If a network is not directly connected to the security device but is accessible through

a router from an interface within a VR, you need to define a static route for thenetwork

with the IP address of the router. For example, the Untrust zone interface can be on a

subnetwithtwo routers that each connect todifferent Internet service providers(ISPs).

You must define which router to use for forwarding traffic to specific ISPs.

If you are using two VRs on the same security device, and inbound traffic arrives on an

untrust-vr interface that is destined for a network connected to a trust-vr interface,

you need to define a static entry in the untrust-vr routing table for the destination

network with the trust-vr as the next hop. You can avoid setting a static route in this

case by exporting the routes in the trust-vr to the untrust-vr.

When the device is in transparent mode, you must define static routes that direct

management traffic originating from the device itself (as opposed to user traffic

traversing the firewall) to remote destinations. For example, you need to define static

routes directing syslog, SNMP, and WebTrends messages to a remote administrators

address. You mustalsodefine routes that directauthentication requeststo theRADIUS,

SecurID, and LDAP servers, and URL checks to the Websense server.

NOTE: When the security device is in transparent mode, you must define

a static route formanagement trafficfrom thedevice even if the destination

is on the same subnet as the device.

For outbound Virtual Private Network (VPN) traffic where there is more than one

outgoing interfaceto thedestination,you need toseta routefordirecting the outbound

traffic through the desired interface to the external router.

If an interface for a security zone in the trust-vr is NAT, and if you configured a Mapped

IP (MIP) or Virtual IP (VIP) on that interface to receive incoming traffic from a source


Chapter 1: Static Routing

7/23/2019 630 Ce Routing

32/262

in the untrust-vr routing domain, then you must create a route to the MIP or VIP in the

untrust-vr that points to the trust-vr as the gateway.

By default, the security device uses destination IP addresses to find the best route on

which to forward packets. You can also enable source-based or SIBR tables on a VR.Both source-based and SIBR tables contain static routes that you configure on theVR.

Configuring Static Routes

To configure a static route, you need to define the following:

Virtual router (VR) to which the route belongs.

IP address and netmask of the destination network.

Next hop for the route, which can be either another VR on the security device or a

gateway (router) IP address. If you specify another VR, make sure that an entry for the

destination network exists in the routing table of that VR.

The interface through which the routed traffic is forwarded. The interface can be any

ScreenOS-supported interface,such as a physical interface (for example, ethernet1/2)

or a tunnel interface. You can also specify the Null interface for certain applications.

See Forwarding Traffic to the Null Interface on page 12.

Optionally, you can define the following elements:

Route metric is used to select the active route when there are multiple routes to the

same destination network, all with the same preference value. The default metric for

static routes is 1.

Route tag is a value that can be used asa filter when redistributingroutes. Forexample,

you can chooseto importinto a VR only those routes that contain specified tag values.

Preference value for the route. By default, all static routes have the same preference

value, which is set in the VR.

Whether the route is permanent (kept active even if the forwarding interface is down

or the IP address is removed from the interface).

This section contains the following examples:

Setting Static Routes on page 6

Setting a Static Route for a Tunnel Interface on page 10

Setting Static Routes

In Figure3 onpage 8, a security device operating with its Trust zone interface in Network

Address Translation (NAT) mode protects a multilevel network. There is both local and

remote management (via Network and Security Manager). The security device sends

SNMP traps and syslog reports to the local administrator (located on a network in the

Trust zone) and it sends Network and Security Manager (NSM) reports to the remote

administrator (located on a network in the Untrust zone). The device uses a SecurID

server in the Demilitarized Zone (DMZ) to authenticate users and a Websense server in

the Trust zone to perform Web filtering.


Routing

7/23/2019 630 Ce Routing

33/262

NOTE: The following zones must be bound before this example can

630 ce routing

Documents