Network Configuration Example

Deploying Secure Multicast Market Data Servicesfor Financial Services Environments

Modified: 2016-07-29

Copyright © 2016, Juniper Networks, Inc.

Juniper Networks, Inc.1133 InnovationWaySunnyvale, California 94089USA408-745-2000www.juniper.net

Copyright © 2016, Juniper Networks, Inc. All rights reserved.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.

Network Configuration Example Deploying Secure Multicast Market Data Services for Financial Services EnvironmentsCopyright © 2016, Juniper Networks, Inc.All rights reserved.

The information in this document is current as of the date on the title page.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.

ENDUSER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttp://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions ofthat EULA.

Copyright © 2016, Juniper Networks, Inc.ii

Table of Contents

Chapter 1 Deploying Secure Multicast Market Data Services for Financial ServicesEnvironments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

About This Network Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Use Case Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Optimizing Multicast Delivery: An Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Technical Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Example: Configuring Multicast in a Financial Services Environment . . . . . . . . . . . 9

iiiCopyright © 2016, Juniper Networks, Inc.

Copyright © 2016, Juniper Networks, Inc.iv

Deploying Secure Multicast Market Data Services for Financial Services Environments

CHAPTER 1

Deploying Secure Multicast Market DataServices for Financial ServicesEnvironments

• About This Network Configuration Example on page 5

• Use Case Overview on page 5

• Technical Overview on page 7

• Example: Configuring Multicast in a Financial Services Environment on page 9

About This Network Configuration Example

This network configuration example (NCE) provides an overview and a step-by-step

example for configuring anddeployingmulticast in a financial services environment. This

NCE definesmulticast deployment for market data delivery and illustrates howmultiple

feeds flow through an active/active SRX Series Services Gateway cluster.

The instructions in this example cover configuring protocols such as PIM sparse mode

(PIM-SM),MulticastSourceDiscoveryProtocol (MSDP), andBGPonQFXandSRXSeries

devices. The instructions also cover configuring two SRX Series devices in active/active

cluster mode to provide high-availability for multicast traffic. This document is intended

for security and IT engineers, as well as network architects.

RelatedDocumentation

Technical Overview on page 7•

• Use Case Overview on page 5

• Example: Configuring Multicast in a Financial Services Environment on page 9

Use Case Overview

Financial trading enterprises such as stock exchanges, futures exchanges, brokerage

houses, and software integrators typically deploy multicast for market data delivery.

5Copyright © 2016, Juniper Networks, Inc.

OptimizingMulticast Delivery: An Overview

Multicast is the most effective and efficient carrier of market data feeds from a network

standpoint. Financial organizationsdeploy large-scalemulticast infrastructures toenable

trading and e-commerce.

In thecurrentworld,multicast is used formarketdatadelivery as it is proven thatmulticast

can scale. Due to the inherently unreliable nature of multicast, packets might be lost in

the transmission network. Hence, two feeds (primary and backup) are used to ensure

that no data is lost. All market data provided from the exchange is supported in various

market data formats. If data is missing on the primary feed, it can be recovered from the

backup feed.

In financial enterprises deployingmulticast formarket data delivery, devices such asQFX

Series devices are used to connect multicast sources (servers) and receivers (clients),

and SRX Series devices are used to connect QFX devices securely. The requirements of

optimizing multicast delivery include:

• Quick convergence

• Secure forwarding

• Efficient forwarding

• Efficient debugging

• High availability

Platforms

JuniperNetworksQFXSeries switchesaredesigned tobehigh-performance, high-density

platforms that satisfy the needs of today’s most demanding financial enterprise

environments. QFX5100 switches are low-latency, high-performance 10GbE/40GbE

switches that act as a flexible building block for fabric architectures and are designed

for top-of-rack, end-of-row, and spine-and-leaf aggregation deployments.

Juniper Networks SRX Series Services Gateways are high-performance, highly scalable,

carrier-class security devices with multiprocessor architecture. SRX5600 devices are

ideal for securing financial trading enterprises and aggregating security services through

the use of security policies.

Benefits

In thisnetworkconfigurationexample,wedescribe thescenariowhereQFX5100switches,

togetherwithanSRX5600chassis cluster and firewall security policies, provide thebasis

for the deployment of the market data delivery environment. This deployment enables

the quick failover of traffic during link failures and provides network security, redundancy,

and network efficiency. A clustered SRX firewall point of delivery supports IP multicast

to bring market data feeds into a corporate network from external sources. The primary

and backupmarket data feeds are routed through separate SRX Series devices in the

cluster.

Copyright © 2016, Juniper Networks, Inc.6

Deploying Secure Multicast Market Data Services for Financial Services Environments

RelatedDocumentation

Multicast Feature Guide for Security Devices•

• Multicast Protocols Feature Guide for the QFX Series

Technical Overview

Multicast delivers application source market data feeds to multiple receivers without

burdening the source or the receivers, while using aminimum of network bandwidth.

In this configuration example for multicast deployment, the QFX5100 devices serve as

the last-hop router (LHR) and first-hop router (FHR).

Figure 1: Multicast Architecture Used in This NCE

QFX5100-3Switch

QFX5100-4Switch

OSPF, BFD, IBGP, PIM

OSPF, BFD, IBGP, PIM

FHR/RP/MSDP FHR

LHR LHR/RP/MSDPEBGP, BFD,

PIM

EBGP, BFD,PIM

QFX5100-1Switch

QFX5100-2Switch

SRX5600-1Security ChassisCluster - Active

SRX5600-2Security ChassisCluster - Active

MulticastSource

MulticastSource

MulticastReceiver

MulticastReceiver

Fabric Link

Control Link

MSDP

Last Hop RouterLHR

Fast Hop RouterFHR

Primary BackupFeed-A Feed-B

g043033

• Multicastsource: Eachmulticast sourcesendsadata feed toamulticast groupaddress.

• FHR: TheQFX5100 device towhich themulticast sources connect is the FHR. The FHR

forwards the multicast group ID and source to the next-hopmulticast router toward

the predefined rendezvous point (RP).

• LHR: The QFX5100 device to which the multicast receivers connect serves as an LHR.

The LHR forwards data feeds to the multicast receiver.

• Rendezvous point (RP): The RP serves as the information exchange point for the other

routers. All routers in a PIM domainmust providemapping to an RP. Only the RPmust

be aware of the active multicast sources.

• Multicast receiver: Themulticast receiver requestsdata feeds fromthemulticast source

by sending an IGMP join message to the LHR. IGMP snooping is enabled on QFX5100

devices to monitor the Internet Group Management Protocol (IGMP)messages from

the hosts andmulticast source. This helps in conserving bandwidth by enabling the

7Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

switch to sendmulticast data feeds only to the interfaces connected to devices that

need to receive the multicast traffic.

• Marketdata feed:Marketdata feedsare typically applicationswherein severalmulticast

sources send data to groups. Market data is delivered through dual multicast streams

(primary and backup feeds). In most cases, even if a single data packet is lost on one

feed, it can be recovered from the other feed.

Multicast data feeds are replicated by routers enabled with Protocol Independent

Multicast (PIM) and other supporting multicast protocols, The replication occurs in

the network at the point of primary and backup divergence. This results in the most

efficient delivery of market data to multiple receivers.

• High availability cluster: Chassis clustering provides network node redundancy by

grouping a pair of the same type of supported SRX Series devices into a cluster. The

SRX5600 Services Gateway serves as a cluster. Themulticast feeds go through the

SRX chassis cluster configured to work in active/active mode for redundancy and

efficiency purposes. A chassis cluster in active/active mode has transit data feeds

passing through both nodes of the cluster all the time. Even if one of the nodes goes

down, impacting the corresponding feed, the other node or feed will be still active.

The configuration uses four redundant Ethernet (reth) interfaces. Each reth has ports

frombothnodes, andevery rethconnects toaQFX5100.All rethsareassignedaunique

subnet, which helps to avoid PIM asserts.

• Security: Firewall security policies enable authentication of the PIM neighbors. QFX

devices also support distributed denial of service (DDoS) for policing the control plane

feeds. For more information on DDoS, see Understanding Distributed Denial-of-Service

ProtectiononQFXSeriesSwitches. SRXSeriesdevicesarealsoused for creating security

policies to allow traffic between zones. Statically configured anycast RP provides the

greatest level of protection against malicious or misconfigured devices.

Table 1 on page 8 describes the network type, platforms, technologies, and the protocols

used in this configuration.

Table 1: Network Elements Used in Multicast Configuration

ProtocolsTechnologiesPlatformsNetwork Type

PIM-SM, MSDP, OSPF, IBGP,EBGP, BFD, RTG

1G, 10G,40G(Gigabit Ethernet Interfaces),SRX Chassis Cluster

QFX5100Multicast source andreceiver LANs

PIM-SM, EBGP, BFD1G, 10G,40G,SRXChassisCluster, FirewallSecurity Policies

SRX5600Chassis cluster

Themulticast deployment configured with the protocols inTable 2 on page 8 provides

the financial trading environment with an edge to optimize its market data delivery.

Table 2: Supported Protocols

DescriptionProtocols

Copyright © 2016, Juniper Networks, Inc.8

Deploying Secure Multicast Market Data Services for Financial Services Environments

Table 2: Supported Protocols (continued)

PIM-SMas themulticastdeliveryprotocolworkswell forbothone-to-manyandmany-to-manydistribution of data over a LAN, WAN, or the Internet. Also, the PIM-SM protocol is very welldeployed and understood. For more information on PIM-SM, see PIM-SM.

• PIM sparse mode(PIM-SM)

Anycast RP and MSDP enable sharing the load on the RP, as well as for redundancy purposes.You can configure anycast RP for the purpose of load balancing and redundancy. When an RPfails, sources and receivers are taken to a new RP bymeans of unicast routing. When youconfigure anycast RP, you bypass the restriction of having one active RP per multicast group,and instead deploy multiple RPs for the same group range. The RP routers share one unicastIPaddress. Sources fromoneRPare known tootherRPs that use theMulticastSourceDiscoveryProtocol (MSDP). Sources and receivers use the closest RP, as determined by the interiorgateway protocol (IGP). MSDP interconnects multiple IPv4 PIM-SM domains, which enablesPIM-SM to have RP redundancy and inter-domain multicasting. For more information, seeAnycast RPwith or without MSDP.

• Anycast RP and MSDP

OSPF detects changes in the topology, such as link failures, and converges on a new loop-freerouting structure within seconds. OSPF computes the shortest path tree for each route usingamethodbasedonashortest-path-first algorithm.OSPF isusedwithinanautonomoussystem(AS). For more information, seeOSPF.

• Open Shortest Path First(OSPF)

BGP is an exterior gateway protocol (EGP) that is used to exchange routing information amongdevices in different ASs. For more information, see BGP.

• Border Gateway Protocol(BGP)

BFD is used to detect link failures and reroute traffic quickly. For more information, see BFD.• Bidirectional ForwardingDetection (BFD)

RTG is enabled on LHR and FHR devices to enable quick failover of traffic during link failures.For more information, see RTG.

• Redundant Trunk Group(RTG)

Design Considerations

• PIM-SM is knownnot toworkwell for intermittentmulticast sources. If there are known

intermittent multicast sources, use PIM SSM to avoid initial multicast loss.

• Complicated behaviors in PIM are encountered in multiaccess topologies rather than

simpler point-point topologies.

RelatedDocumentation

About This Network Configuration Example on page 5•

• Use Case Overview on page 5

• Example: Configuring Multicast in a Financial Services Environment on page 9

Example: ConfiguringMulticast in a Financial Services Environment

Thisexample illustrateshowtoconfigureQFXSeries switchesandSRXServicesGateways

to deploy secure multicast market data services for financial services environments.

• Requirements on page 10

• Overview and Topology on page 10

9Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

• Configuration on page 12

• Verification on page 38

Requirements

This example uses the following hardware and software components:

• Two SRX5600 Services Gateways running Junos OS Release 12.1X47-D10 or later

• Four QFX5100 switches running Junos OS Release 14.1X53-D30 or later

Before you begin:

• Confirm that the two SRX5600 Services Gateways have identical hardware

configurations.

• Physically connect the twoSRXdevices (back-to-back for the fabric andcontrol ports)

and ensure that they are the samemodels.

• Confirm that the software on both standalone SRX devices is the same Junos OS

version.

• Confirm that the license keys on both SRX devices are the same.

• Before the SRX cluster is formed, youmust configure control ports for each device, as

well as assign a cluster ID and node ID to each device, and then reboot. When the

system boots, both nodes come up as a cluster. For more information, see Chassis

Cluster Feature Guide for security Devices.

• If virtual chassis or virtual chassis fabric (VC/VCF) is required, ensure thatall thedevices

are running the same JunosOSversion. Formore information, seeVirtualChassis Fabric

Feature Guide.

Overview and Topology

This network configuration example provides an overview and a step-by-step example

for deploying multicast in a financial services environment and illustrates howmultiple

feeds flowthroughanactive/activeSRXcluster. Thisexample illustrateshowtoconfigure

PIM sparse mode (PIM-SM), Multicast Source Discovery Protocol (MSDP), BGP, and

other related technologies onQFX and SRXSeries devices. In this configuration example

for multicast deployment, the QFX5100 devices serve as the last-hop router (LHR) and

first-hop router (FHR).TheSRX5600ServicesGatewaysserveasacluster. Themulticast

feeds go through the SRX chassis cluster configured to work in active/active mode for

redundancy and efficiency purposes.

The topology for this example is shown in Figure 2 on page 11.

Copyright © 2016, Juniper Networks, Inc.10

Deploying Secure Multicast Market Data Services for Financial Services Environments

Figure 2: Deploying Secure Multicast Market Data Services for FinancialServices Environments

AS-64514

AS-65535

AS-64512

QFX5100-3Switch

QFX5100-4Switch

OSPF, IBGP, BFD

ae1

ae1

ae1

ae1

ae2 ae2

ae2

ae100

ae100

reth0 reth1

reth2 reth3

ae2

OSPF, IBGP, BFD

Fabric Link

Control Link

QFX5100-1Switch

QFX5100-2Switch

SRX5600-1Firewall Cluster

SRX5600-2Firewall Cluster

MulticastSource

Primary BackupFeed-A Feed-B

MulticastSource

MulticastReceiver

MulticastReceiver

g043032

Table 3 on page 11 shows the details on devices and IP addresses used in this

configuration.

Table 3: Devices and IP Addresses

HostnameIP AddressesInterfacesDevices

QFX-10.5.5.1172.16.2.1/24172.16.21.2/24192.168.100.1/2410.5.5.1

irb.2irb.21irb.100lo0.0

QFX5100-1 (10.5.5.1)

QFX-10.5.5.2172.16.2.2/24172.16.31.2/24192.168.101.1/2410.5.5.2

irb.2irb.31irb.101lo0.0

QFX5100-2 (10.5.5.2)

QFX-10.5.5.3172.17.2.1/24172.17.21.2/24192.168.102.1/2410.5.5.3

irb.2irb.21irb.102lo0.0

QFX5100-3 (10.5.5.3)

QFX-10.5.5.4172.17.2.2/24172.17.31.2/24192.168.103.1/2410.5.5.4

irb.2irb.31irb.103lo0.0

QFX5100-4 (10.5.5.4)

SRX5600-mcast-a

SRX5600-mcast-b

192.168.100.2/24192.168.101.2/24192.168.102.2/24192.168.102.3/2410.5.5.5

reth0.0reth1.0reth2.0reth3.0lo0.0

SRX Series Devices:SRX5600-1 andSRX5600-2

11Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Configuration

This section provides step-by-step instructions for:

• Configuring SRX5600 (SRX5600-mcast-a and SRX5600-mcast-b) on page 12

• Configuring the Security Policies, Zones, Virtual Routers, and Protocols on page 16

• Configuring QFX5100—QFX_10.5.5.1 on page 20

• Configuring QFX5100—QFX_10.5.5.2 on page 25

• Configuring QFX5100—QFX_10.5.5.3 on page 29

• Configuring QFX5100—QFX_10.5.5.4 on page 33

Configuring SRX5600 (SRX5600-mcast-a and SRX5600-mcast-b)

CLI QuickConfiguration

Apply this configuration to both SRX Series devices. SRX5600-mcast-a configuration

is shown here:

To quickly configure this example, copy the following commands, paste them into a text

file, remove any line breaks, change any details necessary to match your network

configuration, copy and paste the commands into the CLI at the [edit] hierarchy level,

and then enter commit from configuration mode.

[edit]set groups node0 system host-name srx5600-mcast-aset groups node0 system backup-router 10.204.191.254set groups node0 system backup-router destination 10.0.0.0/8set groups node0 interfaces fxp0 unit 0 family inet address 10.219.29.157/26set groups node1 system host-name srx5600-mcast-bset groups node1 system backup-router 10.204.191.254set groups node1 system backup-router destination 10.0.0.0/8set groups node1 interfaces fxp0 unit 0 family inet address 10.219.29.159/26set groups flow-type security forwarding-options family inet6mode flow-basedset apply-groups ${node} flow-type security forwarding-process application-servicessession-distribution-mode hash-basedset system name-server 172.17.28.100set system ntp server 172.17.28.5set system ntp server 10.204.37.156set chassis cluster reth-count 8set chassis cluster redundancy-group 1 node 0 priority 250set chassis cluster redundancy-group 1 node 1 priority 100set chassis cluster redundancy-group 1 preemptset chassis cluster redundancy-group 1 interface-monitor xe-4/0/0weight 255set chassis cluster redundancy-group 1 interface-monitor xe-10/0/1 weight 255set chassis cluster redundancy-group 1 interface-monitor xe-10/0/2weight 255set chassis cluster redundancy-group 1 interface-monitor xe-4/0/3weight 255set chassis cluster redundancy-group 2 node 0 priority 100set chassis cluster redundancy-group 2 node 1 priority 250set chassis cluster redundancy-group 2 preemptset chassis cluster redundancy-group 2 interface-monitor xe-10/0/0weight 255set chassis cluster redundancy-group 2 interface-monitor xe-4/0/1 weight 255set chassis cluster redundancy-group 2 interface-monitor xe-4/0/2weight 255set chassis cluster redundancy-group 2 interface-monitor xe-10/0/3weight 255set interfaces xe-4/0/3 gigether-options redundant-parent reth2set interfaces xe-10/0/2 gigether-options redundant-parent reth2set interfaces xe-4/0/2 gigether-options redundant-parent reth3set interfaces xe-10/0/3 gigether-options redundant-parent reth3

Copyright © 2016, Juniper Networks, Inc.12

Deploying Secure Multicast Market Data Services for Financial Services Environments

set interfaces lo0 unit 0 family inet address 10.5.5.5/32 primaryset interfaces xe-4/0/0 gigether-options redundant-parent reth0set interfaces xe-10/0/0 gigether-options redundant-parent reth1set interfaces xe-4/0/1 gigether-options redundant-parent reth1set interfaces xe-10/0/1 gigether-options redundant-parent reth0set interfaces reth2 vlan-taggingset interfaces reth2mtu 9192set interfaces reth2 redundant-ether-options redundancy-group 1set interfaces reth2 redundant-ether-options lacp activeset interfaces reth2 redundant-ether-options lacp periodic fastset interfaces reth2 unit 0 vlan-id 102set interfaces reth2 unit 0 family inetmtu 9120set interfaces reth2 unit 0 family inet address 192.168.102.2/24set interfaces reth3 vlan-taggingset interfaces reth3mtu 9192set interfaces reth3 redundant-ether-options redundancy-group 2set interfaces reth3 redundant-ether-options lacp activeset interfaces reth3 redundant-ether-options lacp periodic fastset interfaces reth3 unit 0 vlan-id 103set interfaces reth3 unit 0 family inetmtu 9120set interfaces reth3 unit 0 family inet address 192.168.103.2/24set interfaces reth0 vlan-taggingset interfaces reth0mtu 9192set interfaces reth0 redundant-ether-options redundancy-group 1set interfaces reth0 redundant-ether-options lacp activeset interfaces reth0 redundant-ether-options lacp periodic fastset interfaces reth0 unit 0 vlan-id 100set interfaces reth0 unit 0 family inetmtu 9120set interfaces reth0 unit 0 family inet address 192.168.100.2/24set interfaces reth1 vlan-taggingset interfaces reth1 mtu 9192set interfaces reth1 redundant-ether-options redundancy-group 2set interfaces reth1 redundant-ether-options lacp activeset interfaces reth1 redundant-ether-options lacp periodic fastset interfaces reth1 unit 0 vlan-id 101set interfaces reth1 unit 0 family inetmtu 9120set interfaces reth1 unit 0 family inet address 192.168.101.2/24

13Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Step-by-StepProcedure

Toconfigure thehostnames,NTPserver, reth interfaces, loopback interfaces, redundancy

groups andmanagement IP addresses to the specific nodes:

1. Configure the name of node 0 and node 1 and assign management IP addresses.

Because the SRX5600ServicesGateway chassis cluster configuration is contained

withinasingle commonconfiguration, toassignsomeelementsof theconfiguration

to a specific member only, youmust use the Junos OS node-specific configuration

method called groups. The set apply-groups ${node} command uses the node

variable to define how the groups are applied to the nodes; each node recognizes

its number and accepts the configuration accordingly. Youmust also configure

out-of-bandmanagementon the fxp0 interfaceof theSRX5600ServicesGateway

using separate IP addresses for the individual control planes of the cluster.

{primary:node0}[edit]user@host# set apply-groups ${node}user@host# set groups node0 system host-name srx5600-mcast-auser@host# set groups node0 system backup-router 10.204.191.254user@host# set groups node0 system backup-router destination 10.0.0.0/8user@host# set groups node0 interfaces fxp0 unit 0 family inet address 10.219.29.157/26user@host# set groups node1 system host-name srx5600-mcast-buser@host# set groups node1 system backup-router 10.204.191.254user@host# set groups node1 system backup-router destination 10.0.0.0/8user@host# set groups node1 interfaces fxp0 unit 0 family inet address 10.219.29.159/26

2. Configure flow-type.

{primary:node0}[edit]user@host# setgroupsflow-typesecurity forwarding-optionsfamily inet6modeflow-baseduser@host# set apply-groups ${node} flow-type security forwarding-processapplication-services session-distribution-mode hash-based

3. Configure the NTP server address for node 0 and node 1.

{primary:node0}[edit]user@host# set system name-server 172.17.28.100user@host# set system ntp server 172.17.28.5user@host# set system ntp server 10.204.37.156

4. Specify the number of redundant Ethernet interfaces.

{primary:node0}[edit]user@host# set chassis cluster reth-count 8

5. To create a reth interface, configure the physical interfaces independently. Because

reth interfaces are pseudointerfaces, youmust define the number of reth interfaces

in a cluster by configuring reth-count. The reth interfaces are assigned into

redundancy groups.

{primary:node0}[edit]user@host# set interfaces xe-4/0/3 gigether-options redundant-parent reth2user@host# set interfaces xe-10/0/2 gigether-options redundant-parent reth2user@host# set interfaces xe-4/0/2 gigether-options redundant-parent reth3user@host# set interfaces xe-10/0/3 gigether-options redundant-parent reth3user@host# set interfaces xe-4/0/0 gigether-options redundant-parent reth0user@host# set interfaces xe-10/0/0 gigether-options redundant-parent reth1user@host# set interfaces xe-4/0/1 gigether-options redundant-parent reth1user@host# set interfaces xe-10/0/1 gigether-options redundant-parent reth0

6. Configure chassis cluster redundancy groups by specifying a redundancy group's

priority forprimacyoneachnodeof thecluster. Thehighernumber takesprecedence.

Also specify whether a node with a higher priority can initiate a failover to become

primary for the redundancy group.

Copyright © 2016, Juniper Networks, Inc.14

Deploying Secure Multicast Market Data Services for Financial Services Environments

{primary:node0}[edit]user@host# set chassis cluster redundancy-group 1 node 0 priority 250user@host# set chassis cluster redundancy-group 1 node 1 priority 100user@host# set chassis cluster redundancy-group 1 preemptuser@host# set chassis cluster redundancy-group 1 interface-monitor xe-4/0/0weight255user@host# set chassis cluster redundancy-group 1 interface-monitor xe-10/0/1 weight255user@host# set chassis cluster redundancy-group 1 interface-monitor xe-10/0/2weight255user@host# set chassis cluster redundancy-group 1 interface-monitor xe-4/0/3weight255user@host# set chassis cluster redundancy-group 2 node 0 priority 100user@host# set chassis cluster redundancy-group 2 node 1 priority 250user@host# set chassis cluster redundancy-group 2 preemptuser@host# set chassis cluster redundancy-group 2 interface-monitor xe-10/0/0weight255user@host# set chassis cluster redundancy-group 2 interface-monitor xe-4/0/1 weight255user@host# set chassis cluster redundancy-group 2 interface-monitor xe-4/0/2weight255user@host# set chassis cluster redundancy-group 2 interface-monitor xe-10/0/3weight255

7. Configure the loopback interfaces.

user@host#set interfaces lo0 unit 0 family inet address 10.5.5.5/32 primary

8. Configure the reth interfaces and include the Link Aggregation Control Protocol

(LACP).

{primary:node0}[edit]user@host# set interfaces reth2 vlan-tagginguser@host# set interfaces reth2mtu 9192user@host# set interfaces reth2 redundant-ether-options redundancy-group 1user@host# set interfaces reth2 redundant-ether-options lacp activeuser@host# set interfaces reth2 redundant-ether-options lacp periodic fastuser@host# set interfaces reth2 unit 0 vlan-id 102user@host# set interfaces reth2 unit 0 family inetmtu 9120user@host# set interfaces reth2 unit 0 family inet address 192.168.102.2/24user@host# set interfaces reth3 vlan-tagginguser@host# set interfaces reth3mtu 9192user@host# set interfaces reth3 redundant-ether-options redundancy-group 2user@host# set interfaces reth3 redundant-ether-options lacp activeuser@host# set interfaces reth3 redundant-ether-options lacp periodic fastuser@host# set interfaces reth3 unit 0 vlan-id 103user@host# set interfaces reth3 unit 0 family inetmtu 9120user@host# set interfaces reth3 unit 0 family inet address 192.168.103.2/24user@host# set interfaces reth0 vlan-tagginguser@host# set interfaces reth0mtu 9192user@host# set interfaces reth0 redundant-ether-options redundancy-group 1user@host# set interfaces reth0 redundant-ether-options lacp activeuser@host# set interfaces reth0 redundant-ether-options lacp periodic fastuser@host# set interfaces reth0 unit 0 vlan-id 100user@host# set interfaces reth0 unit 0 family inetmtu 9120user@host# set interfaces reth0 unit 0 family inet address 192.168.100.2/24user@host# set interfaces reth1 vlan-tagginguser@host# set interfaces reth1 mtu 9192user@host# set interfaces reth1 redundant-ether-options redundancy-group 2user@host# set interfaces reth1 redundant-ether-options lacp activeuser@host# set interfaces reth1 redundant-ether-options lacp periodic fastuser@host# set interfaces reth1 unit 0 vlan-id 101

15Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

user@host# set interfaces reth1 unit 0 family inetmtu 9120user@host# set interfaces reth1 unit 0 family inet address 192.168.101.2/24

9. When you are done configuring the device, commit the configuration.

{primary:node0}[edit]user@host# commit

Configuring the Security Policies, Zones, Virtual Routers, and Protocols

CLI QuickConfiguration

Apply this configuration to both SRX Series devices. SRX5600-mcast-a configuration

is shown here:

To quickly configure this example, copy the following commands, paste them into a text

file, remove any line breaks, change any details necessary to match your network

configuration, copy and paste the commands into the CLI at the [edit] hierarchy level,

and then enter commit from configuration mode.

setsecuritypolicies from-zoneTRUSTto-zoneTRUSTpolicydefault-permitmatchsource-addressanyset security policies from-zone TRUST to-zone TRUST policy default-permit matchdestination-address anyset security policies from-zone TRUST to-zone TRUST policy default-permit match applicationjunos-bgpset security policies from-zone TRUST to-zone TRUST policy default-permit match applicationPIMset security policies from-zone TRUST to-zone TRUST policy default-permit then permitset security policies from-zone TRUST to-zone TRUST policy P1match source-address MULTIset security policies from-zone TRUST to-zone TRUST policy P1match destination-addressNETWORK5set security policies from-zone TRUST to-zone TRUST policy P1match application anyset security policies from-zone TRUST to-zone TRUST policy P1 then permitset security policies from-zone TRUST to-zone TRUST policy P2match source-address MULTI1set security policies from-zone TRUST to-zone TRUST policy P2match destination-addressNETWORK5set security policies from-zone TRUST to-zone TRUST policy P2match application anyset security policies from-zone TRUST to-zone TRUST policy P2 then permitsetsecuritypoliciesfrom-zoneTRUSTto-zoneTRUSTpolicyP3matchsource-addressNETWORK1setsecuritypoliciesfrom-zoneTRUSTto-zoneTRUSTpolicyP3matchsource-addressNETWORK2setsecuritypoliciesfrom-zoneTRUSTto-zoneTRUSTpolicyP3matchsource-addressNETWORK3setsecuritypoliciesfrom-zoneTRUSTto-zoneTRUSTpolicyP3matchsource-addressNETWORK4setsecuritypoliciesfrom-zoneTRUSTto-zoneTRUSTpolicyP3matchsource-addressNETWORK7setsecuritypoliciesfrom-zoneTRUSTto-zoneTRUSTpolicyP3matchsource-addressNETWORK8set security policies from-zone TRUST to-zone TRUST policy P3match source-addressNETWORK10setsecuritypoliciesfrom-zoneTRUSTto-zoneTRUSTpolicyP3matchsource-addressNETWORK11set security policies from-zone TRUST to-zone TRUST policy P3match destination-addressNETWORK1set security policies from-zone TRUST to-zone TRUST policy P1match destination-addressNETWORK5set security policies from-zone TRUST to-zone TRUST policy P3match destination-addressNETWORK2set security policies from-zone TRUST to-zone TRUST policy P3match destination-addressNETWORK3set security policies from-zone TRUST to-zone TRUST policy P3match destination-addressNETWORK4set security policies from-zone TRUST to-zone TRUST policy P3match destination-addressNETWORK5set security policies from-zone TRUST to-zone TRUST policy P3match destination-addressNETWORK7

Copyright © 2016, Juniper Networks, Inc.16

Deploying Secure Multicast Market Data Services for Financial Services Environments

set security policies from-zone TRUST to-zone TRUST policy P3match destination-addressNETWORK8set security policies from-zone TRUST to-zone TRUST policy P3match destination-addressNETWORK10set security policies from-zone TRUST to-zone TRUST policy P3match application anyset security policies from-zone TRUST to-zone TRUST policy P3 then permitset security zones security-zone TRUST address-book address NETWORK1 192.168.0.0/24set security zones security-zone TRUST address-book address NETWORK2 10.5.5.0/24set security zones security-zone TRUST address-book address MULTI 172.16.21.0/24set security zones security-zone TRUST address-book address MULTI1 172.16.31.0/24set security zones security-zone TRUST address-book address NETWORK3 172.16.2.0/24set security zones security-zone TRUST address-book address NETWORK7 172.16.21.0/24set security zones security-zone TRUST address-book address NETWORK8 172.16.31.0/24set security zones security-zone TRUST address-book address NETWORK4 172.17.2.0/24set security zones security-zone TRUST address-book address NETWORK10 172.17.21.0/24set security zones security-zone TRUST address-book address NETWORK11 172.17.31.0/24set security zones security-zone TRUST address-book address NETWORK5 224.0.0.0/4set security zones security-zone TRUST interfaces reth0.0 host-inbound-traffic system-servicesallset security zones security-zone TRUST interfaces reth0.0 host-inbound-traffic protocols allset security zones security-zone TRUST interfaces reth1.0 host-inbound-traffic system-servicesallset security zones security-zone TRUST interfaces reth1.0 host-inbound-traffic protocols allset security zones security-zone TRUST interfaces reth2.0 host-inbound-traffic system-servicesallset security zones security-zone TRUST interfaces reth2.0 host-inbound-traffic protocols allset security zones security-zone TRUST interfaces reth3.0 host-inbound-traffic system-servicesallset security zones security-zone TRUST interfaces reth3.0 host-inbound-traffic protocols allset protocols bgp group fsi_FeedA export BGPset protocols bgp group fsi_FeedA local-as 65535set protocols bgp group fsi_FeedA bfd-liveness-detectionminimum-interval 300set protocols bgp group fsi_FeedA bfd-liveness-detectionmultiplier 3set protocols bgp group fsi_FeedA neighbor 192.168.100.1 local-address 192.168.100.2set protocols bgp group fsi_FeedA neighbor 192.168.100.1 peer-as 64512set protocols bgp group fsi_FeedA neighbor 192.168.102.1 local-address 192.168.102.2set protocols bgp group fsi_FeedA neighbor 192.168.102.1 peer-as 64514set protocols bgp group fsi_FeedB export BGPset protocols bgp group fsi_FeedB local-as 65535set protocols bgp group fsi_FeedB bfd-liveness-detectionminimum-interval 300set protocols bgp group fsi_FeedB bfd-liveness-detectionmultiplier 3set protocols bgp group fsi_FeedB neighbor 192.168.101.1 local-address 192.168.101.2set protocols bgp group fsi_FeedB neighbor 192.168.101.1 peer-as 64512set protocols bgp group fsi_FeedB neighbor 192.168.103.1 local-address 192.168.103.2set protocols bgp group fsi_FeedB neighbor 192.168.103.1 peer-as 64514set protocols pim rp bootstrap family inet priority 0set protocols pim rp static address 10.5.5.254set protocols pim interface lo0.0set protocols pim interface reth0.0 hello-interval 1set protocols pim interface reth0.0 neighbor-policy Neighbor_Policy_reth0set protocols pim interface reth1.0 hello-interval 1set protocols pim interface reth1.0 neighbor-policy Neighbor_Policy_reth1set protocols pim interface reth2.0 hello-interval 1set protocols pim interface reth2.0 neighbor-policy Neighbor_Policy_reth2set protocols pim interface reth3.0 hello-interval 1set protocols pim interface reth3.0 neighbor-policy Neighbor_Policy_reth3set policy-options prefix-list Neighbor_Grp_reth0 192.168.100.1/32set policy-options prefix-list Neighbor_Grp_reth1 192.168.101.1/32set policy-options prefix-list Neighbor_Grp_reth2 192.168.102.1/32

17Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

set policy-options prefix-list Neighbor_Grp_reth3 192.168.103.1/32set policy-options policy-statement BGP termMgmt from interface fxp0.0set policy-options policy-statement BGP termMgmt then rejectset policy-options policy-statement BGP term direct from protocol directset policy-options policy-statement BGP term direct then acceptset policy-options policy-statement BGP term BGP from protocol bgpset policy-options policy-statement BGP term BGP then acceptset policy-options policy-statement Neighbor_Policy_reth0 from prefix-list Neighbor_Grp_reth0set policy-options policy-statement Neighbor_Policy_reth0 then acceptset policy-options policy-statement Neighbor_Policy_reth1 from prefix-list Neighbor_Grp_reth1set policy-options policy-statement Neighbor_Policy_reth1 then acceptset policy-options policy-statement Neighbor_Policy_reth2 from prefix-list Neighbor_Grp_reth2set policy-options policy-statement Neighbor_Policy_reth2 then acceptset policy-options policy-statement Neighbor_Policy_reth3 from prefix-list Neighbor_Grp_reth3set policy-options policy-statement Neighbor_Policy_reth3 then accept

Step-by-StepProcedure

To configure a security policy to permit all traffic:

1. Create a policy and specify the match criteria for that policy. Thematch criteria

specifies that the device can allow traffic from any source, to any destination, and

on any application.

[edit security policies from-zone TRUST to-zone TRUST]user@host# set policy default-permit match source-address anyuser@host# set policy default-permit match destination-address anyuser@host# set policy default-permit match application junos-bgpuser@host# set policy default-permit match application PIMuser@host# set policy default-permit then permituser@host# set policy P1match source-address MULTIuser@host# set policy P1match destination-address NETWORK5user@host# set policy P1match application anyuser@host# set policy P1 then permituser@host# set policy P2match source-address MULTIuser@host# set policy P2match destination-address NETWORK5user@host# set policy P2match application anyuser@host# set policy P2 then permituser@host# set policy P3match source-address NETWORK1user@host# set policy P3match source-address NETWORK2user@host# set policy P3match source-address NETWORK3user@host# set policy P3match source-address NETWORK4user@host# set policy P3match source-address NETWORK7user@host# set policy P3match source-address NETWORK8user@host# set policy P3match source-address NETWORK10user@host# set policy P3match source-address NETWORK11user@host# set policy P3match destination-address NETWORK1user@host# set policy P3match destination-address NETWORK5user@host# set policy P3match destination-address NETWORK7user@host# set policy P3match destination-address NETWORK8user@host# set policy P3match destination-address NETWORK10user@host# set policy P3match application anyuser@host# set policy P3 then permit

2. Configure a security zone and specify the types of traffic and protocols that are

allowed on the reth interface.

[edit security zones]user@host# set security zones security-zone TRUST address-book address NETWORK1192.168.0.0/24user@host# set security zones security-zone TRUST address-book address NETWORK210.5.5.0/24

Copyright © 2016, Juniper Networks, Inc.18

Deploying Secure Multicast Market Data Services for Financial Services Environments

user@host# set security zones security-zone TRUST address-book address MULTI172.16.21.0/24user@host# set security zones security-zone TRUST address-book address MULTI1172.16.31.0/24user@host# set security zones security-zone TRUST address-book address NETWORK3172.16.2.0/24user@host# set security zones security-zone TRUST address-book address NETWORK7172.16.21.0/24user@host# set security zones security-zone TRUST address-book address NETWORK8172.16.31.0/24user@host# set security zones security-zone TRUST address-book address NETWORK4172.17.2.0/24user@host# set security zones security-zone TRUST address-book address NETWORK10172.17.21.0/24user@host# set security zones security-zone TRUST address-book address NETWORK11172.17.31.0/24user@host# set security zones security-zone TRUST address-book address NETWORK5224.0.0.0/4user@host# setsecurityzonessecurity-zoneTRUST interfaces reth0.0host-inbound-trafficsystem-services alluser@host# setsecurityzonessecurity-zoneTRUST interfaces reth0.0host-inbound-trafficprotocols alluser@host# setsecurity zonessecurity-zoneTRUST interfaces reth1.0host-inbound-trafficsystem-services alluser@host# setsecurity zonessecurity-zoneTRUST interfaces reth1.0host-inbound-trafficprotocols alluser@host# setsecurityzonessecurity-zoneTRUST interfaces reth2.0host-inbound-trafficsystem-services alluser@host# setsecurityzonessecurity-zoneTRUST interfaces reth2.0host-inbound-trafficprotocols alluser@host# setsecurityzonessecurity-zoneTRUST interfaces reth3.0host-inbound-trafficsystem-services alluser@host# setsecurityzonessecurity-zoneTRUST interfaces reth3.0host-inbound-trafficprotocols all

3. Configure BGP.

[edit]user@host# set protocols bgp group fsi_FeedA export BGPuser@host# set protocols bgp group fsi_FeedA local-as 65535user@host# set protocols bgp group fsi_FeedA bfd-liveness-detectionminimum-interval300user@host# set protocols bgp group fsi_FeedA bfd-liveness-detectionmultiplier 3user@host# set protocols bgp group fsi_FeedA neighbor 192.168.100.1 local-address192.168.100.2user@host# set protocols bgp group fsi_FeedA neighbor 192.168.100.1 peer-as 64512user@host# set protocols bgp group fsi_FeedA neighbor 192.168.102.1 local-address192.168.102.2user@host# set protocols bgp group fsi_FeedA neighbor 192.168.102.1 peer-as 64514user@host# set protocols bgp group fsi_FeedB export BGPuser@host# set protocols bgp group fsi_FeedB local-as 65535user@host# set protocols bgp group fsi_FeedB bfd-liveness-detectionminimum-interval300user@host# set protocols bgp group fsi_FeedB bfd-liveness-detectionmultiplier 3user@host# set protocols bgp group fsi_FeedB neighbor 192.168.101.1 local-address192.168.101.2user@host# set protocols bgp group fsi_FeedB neighbor 192.168.101.1 peer-as 64512user@host# set protocols bgp group fsi_FeedB neighbor 192.168.103.1 local-address192.168.103.2user@host# set protocols bgp group fsi_FeedB neighbor 192.168.103.1 peer-as 64514

4. Configure routing policy.

19Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

[edit]user@host# set policy-options prefix-list Neighbor_Grp_reth0 192.168.100.1/32user@host# set policy-options prefix-list Neighbor_Grp_reth1 192.168.101.1/32user@host# set policy-options prefix-list Neighbor_Grp_reth2 192.168.102.1/32user@host# set policy-options prefix-list Neighbor_Grp_reth3 192.168.103.1/32user@host# set policy-options policy-statement BGP termMgmt from interface fxp0.0user@host# set policy-options policy-statement BGP termMgmt then rejectuser@host# set policy-options policy-statement BGP term direct from protocol directuser@host# set policy-options policy-statement BGP term direct then acceptuser@host# set policy-options policy-statement BGP term BGP from protocol bgpuser@host# set policy-options policy-statement BGP term BGP then acceptuser@host# set policy-options policy-statement Neighbor_Policy_reth0 from prefix-listNeighbor_Grp_reth0user@host# set policy-options policy-statement Neighbor_Policy_reth0 then acceptuser@host# set policy-options policy-statement Neighbor_Policy_reth1 from prefix-listNeighbor_Grp_reth1user@host# set policy-options policy-statement Neighbor_Policy_reth1 then acceptuser@host# set policy-options policy-statement Neighbor_Policy_reth2 from prefix-listNeighbor_Grp_reth2user@host# set policy-options policy-statement Neighbor_Policy_reth2 then acceptuser@host# set policy-options policy-statement Neighbor_Policy_reth3 from prefix-listNeighbor_Grp_reth3user@host# set policy-options policy-statement Neighbor_Policy_reth3 then acceptuser@host# set policy-options policy-statement BGP termMgmt then reject

5. Configure the static rendezvous point and PIM.

[edit]user@host# set protocols pim rp bootstrap family inet priority 0user@host# set protocols pim rp static address 10.5.5.254user@host# set protocols pim interface lo0.0user@host# set protocols pim interface reth0.0 hello-interval 1user@host# set protocols pim interface reth0.0 neighbor-policy Neighbor_Policy_reth0user@host# set protocols pim interface reth1.0 hello-interval 1user@host# set protocols pim interface reth1.0 neighbor-policy Neighbor_Policy_reth1user@host# set protocols pim interface reth2.0 hello-interval 1user@host# set protocols pim interface reth2.0 neighbor-policy Neighbor_Policy_reth2user@host# set protocols pim interface reth3.0 hello-interval 1user@host# set protocols pim interface reth3.0 neighbor-policy Neighbor_Policy_reth3

Configuring QFX5100—QFX_10.5.5.1

CLI QuickConfiguration

To quickly configure this example, copy the following commands, paste them into a text

file, remove any line breaks, change any details necessary to match your network

configuration, copy and paste the commands into the CLI at the [edit] hierarchy level,

and then enter commit from configuration mode.

[edit]set system host-nameQFX_10.5.5.1set system name-server 172.17.28.100set system ntp server 172.17.28.5set system ntp server 10.204.37.156set chassis aggregated-devices ethernet device-count 4set security authentication-key-chains key-chain fsi key 0 secret "$9$xCvdVsUDkfQn4aQF"setsecurityauthentication-key-chainskey-chain fsi key0start-time"2016-1-1.00:00:00+0000"set security authentication-key-chains key-chain fsi key 1 secret "$9$1tWhcrx7V2oGvWaZ"set security authentication-key-chains key-chain fsi key 1 start-time "2016-1-1.00:01:00 +0000"set interfaces xe-0/0/0 ether-options 802.3ad ae1set interfaces xe-0/0/1 ether-options 802.3ad ae2set interfaces ae2mtu 9192

Copyright © 2016, Juniper Networks, Inc.20

Deploying Secure Multicast Market Data Services for Financial Services Environments

set interfaces ae2 aggregated-ether-options lacp activeset interfaces ae2 aggregated-ether-options lacp periodic fastset interfaces ae2 unit 0 family ethernet-switching interface-mode trunkset interfaces ae2 unit 0 family ethernet-switching vlanmembers 100set interfaces ae1mtu 9192set interfaces ae1 aggregated-ether-options lacp activeset interfaces ae1 aggregated-ether-options lacp periodic fastset interfaces ae1 unit 0 family ethernet-switching interface-mode trunkset interfaces ae1 unit 0 family ethernet-switching vlanmembers 100set interfaces irbmtu 9192set interfaces irb unit 100 family inetmtu 9120set interfaces irb unit 100 family inet address 192.168.100.1/24set interfaces irb unit 2 family inet address 172.16.2.1/24 vrrp-group0 virtual-address 172.16.2.254set interfaces irb unit 2 family inet address 172.16.2.1/24 vrrp-group 0 accept-dataset interfaces irbunit21 family inetaddress 172.16.21.2/24vrrp-group0virtual-address 172.16.21.254set interfaces irb unit 21 family inet address 172.16.21.2/24 vrrp-group 0 accept-dataset interfaces lo0 unit 0 family inet address 10.5.5.1/32 primaryset interfaces lo0 unit 0 family inet address 10.5.5.254/32set interfaces em0 unit 0 family inet address 10.219.29.188/26set interfaces ge-0/0/13 ether-options 802.3ad ae100set interfaces ae100 aggregated-ether-options lacp activeset interfaces ae100 aggregated-ether-options lacp periodic fastset interfaces ae100 unit 0 family ethernet-switching interface-mode trunkset interfaces ae100 unit 0 family ethernet-switching vlanmembers 2set interfaces ge-0/0/23 unit 0 family ethernet-switching vlanmembers 21set protocols bgp group fsi export BGPset protocols bgp group fsi bfd-liveness-detectionminimum-interval 300set protocols bgp group fsi bfd-liveness-detectionmultiplier 3set protocols bgp group fsi neighbor 192.168.100.2 local-address 192.168.100.1set protocols bgp group fsi neighbor 192.168.100.2 peer-as 65535set protocols bgp group fsi neighbor 192.168.100.2 local-as 64512set protocols bgp group fsi_IBGP type internalset protocols bgp group fsi_IBGP local-address 10.5.5.1set protocols bgp group fsi_IBGP export BGPset protocols bgp group fsi_IBGP local-as 64512set protocols bgp group fsi_IBGP bfd-liveness-detectionminimum-interval 300set protocols bgp group fsi_IBGP bfd-liveness-detectionmultiplier 3set protocols bgp group fsi_IBGP neighbor 10.5.5.2set protocolsmsdp peer 10.5.5.4 local-address 10.5.5.1set protocols ospf area 0.0.0.0 interface lo0.0set protocols ospf area 0.0.0.0 interface irb.2set protocols ospf area 0.0.0.0 interface irb.21 passiveset protocols pim rp local family inet address 10.5.5.254set protocols pim interface irb.100 hello-interval 1set protocols pim interface irb.100 neighbor-policy Neighbor_Policyset protocols pim interface irb.2set protocols pim interface irb.21set protocols pim interface lo0.0set protocols igmp-snooping vlan V_21set policy-options prefix-list Neighbor_Grp 192.168.100.2/32set policy-options policy-statement BGP termMgmt from interface em0.0set policy-options policy-statement BGP termMgmt then rejectset policy-options policy-statement BGP term direct from protocol directset policy-options policy-statement BGP term direct then acceptset policy-options policy-statement BGP term BGP from protocol bgpset policy-options policy-statement BGP term BGP then acceptset policy-options policy-statement BGP term Last then rejectset policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grpset policy-options policy-statement Neighbor_Policy then accept

21Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

set vlans V_100 vlan-id 100set vlans V_100 l3-interface irb.100set vlans V_2_Routing_MC_AE vlan-id 2set vlans V_2_Routing_MC_AE l3-interface irb.2set vlans V_21 vlan-id 21set vlans V_21 l3-interface irb.21set switch-options redundant-trunk-group group rtg1 interface ae1.0set switch-options redundant-trunk-group group rtg1 interface ae2.0 primaryset routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Step-by-StepProcedure

To configure QFX_10.5.5.1:

1. Configure the hostname and the DNS.

{primary:node0}[edit]user@QFX_10.5.5.1# set system host-nameQFX_10.5.5.1user@QFX_10.5.5.1# set system name-server 172.17.28.100

2. Configure the NTP server.

{primary:node0}[edit]user@QFX_10.5.5.1# set system ntp server 172.17.28.5user@QFX_10.5.5.1# set system ntp server 10.204.37.156

3. Configure authentication with multiple keys.

{primary:node0}[edit]user@QFX_10.5.5.1# set security authentication-key-chains key-chain fsi key 0 secret"$9$xCvdVsUDkfQn4aQF"user@QFX_10.5.5.1# set securityauthentication-key-chainskey-chain fsi key0start-time"2016–1.00:00:00 +0000"user@QFX_10.5.5.1# set security authentication-key-chains key-chain fsi key 1 secret"$9$1tWhcrx7V2oGvWaZ"user@QFX_10.5.5.1# set security authentication-key-chains key-chain fsi key 1 start-time"2016-1-1.00:01:00 +0000"

4. Specify the number of aggregated Ethernet interfaces to be created.

{primary:node0}[edit]user@QFX_10.5.5.1# set chassis aggregated-devices ethernet device-count 4

5. Configure the member links of the ae2 aggregated Ethernet bundle, and MTU.

{primary:node0}[edit]user@QFX_10.5.5.1# set interfaces xe-0/0/1 ether-options 802.3ad ae2user@QFX_10.5.5.1# set interfaces ae2mtu 9192

NOTE: In this configuration example, a single interface is configuredonly for labpurposes.However, anAE interface isusedasabestpractice.In a typical financial services environment scenario, an AE bundle ismore appropriate than a single interface because it helps tomeet thefuture requirements without much change.

6. Configure LACP on the ae2 aggregated Ethernet bundle and its VLAN association.

{primary:node0}[edit]user@QFX_10.5.5.1# set interfaces ae2 aggregated-ether-options lacp activeuser@QFX_10.5.5.1# set interfaces ae2 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.1# set interfaces ae2 unit 0 family ethernet-switching interface-modetrunk

Copyright © 2016, Juniper Networks, Inc.22

Deploying Secure Multicast Market Data Services for Financial Services Environments

user@QFX_10.5.5.1# set interfaces ae2 unit 0 family ethernet-switching vlanmembers100

7. Configure the member links of the ae1 aggregated Ethernet bundle, and MTU.

{primary:node0}[edit]user@QFX_10.5.5.1# set interfaces xe-0/0/0 ether-options 802.3ad ae1user@QFX_10.5.5.1# set interfaces ae1mtu 9192

8. Configure LACP on the ae1 aggregated Ethernet bundle and its VLAN association.

{primary:node0}[edit]user@QFX_10.5.5.1# set interfaces ae1 aggregated-ether-options lacp activeuser@QFX_10.5.5.1# set interfaces ae1 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.1# set interfaces ae1 unit 0 family ethernet-switching interface-modetrunkuser@QFX_10.5.5.1# set interfaces ae1 unit 0 family ethernet-switching vlanmembers100

9. Configure the member links of the ae100 aggregated Ethernet bundle, and MTU.

{primary:node0}[edit]user@QFX_10.5.5.1# set interfaces ge-0/0/13 ether-options 802.3ad ae100user@QFX_10.5.5.1# set interfaces ae100mtu 9192

10. ConfigureLACPontheae100aggregatedEthernetbundleand itsVLANassociation.

{primary:node0}[edit]user@QFX_10.5.5.1# set interfaces ae100 aggregated-ether-options lacp activeuser@QFX_10.5.5.1# set interfaces ae100 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.1# set interfacesae100unit0familyethernet-switching interface-modetrunkuser@QFX_10.5.5.1# set interfaces ae100unit 0 family ethernet-switching vlanmembers2

11. Configure the interface toward themulticast source.

{primary:node0}[edit]user@QFX_10.5.5.1# set interfaces ge-0/0/23 unit 0 family ethernet-switching vlanmembers 21

12. Configure IRB interfaces and VRRP.

{primary:node0}[edit]user@QFX_10.5.5.1# set interfaces irbmtu 9192user@QFX_10.5.5.1# set interfaces irb unit 100 family inetmtu 9120user@QFX_10.5.5.1# set interfaces irb unit 100 family inet address 192.168.100.1/24user@QFX_10.5.5.1# set interfaces irb unit 2 family inet address 172.16.2.1/24 vrrp-group0 virtual-address 172.16.2.254user@QFX_10.5.5.1# set interfaces irb unit 2 family inet address 172.16.2.1/24 vrrp-group0 accept-datauser@QFX_10.5.5.1# set interfaces irbunit 21 family inetaddress 172.16.21.2/24vrrp-group0 virtual-address 172.16.21.254user@QFX_10.5.5.1# set interfaces irbunit 21 family inetaddress 172.16.21.2/24vrrp-group0 accept-data

13. Configure the loopback andmanagement interfaces.

{primary:node0}[edit]user@QFX_10.5.5.1# set interfaces lo0 unit 0 family inet address 10.5.5.1/32 primaryuser@QFX_10.5.5.1# set interfaces lo0 unit 0 family inet address 10.5.5.254/32user@QFX_10.5.5.1# set interfaces em0 unit 0 family inet address 10.219.29.188/26

14. Configure external and internal BGP connections.

[edit]user@QFX_10.5.5.1# set protocols bgp group fsi export BGPuser@QFX_10.5.5.1# setprotocolsbgpgroupfsibfd-liveness-detectionminimum-interval300

23Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

user@QFX_10.5.5.1# set protocols bgp group fsi bfd-liveness-detectionmultiplier 3user@QFX_10.5.5.1# set protocols bgp group fsi neighbor 192.168.100.2 local-address192.168.100.1user@QFX_10.5.5.1# set protocols bgp group fsi neighbor 192.168.100.2 peer-as 65535user@QFX_10.5.5.1# set protocols bgp group fsi neighbor 192.168.100.2 local-as 64512user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP type internaluser@QFX_10.5.5.1# set protocols bgp group fsi_IBGP local-address 10.5.5.1user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP export BGPuser@QFX_10.5.5.1# set protocols bgp group fsi_IBGP local-as 64512user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP bfd-liveness-detectionminimum-interval 300user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP bfd-liveness-detectionmultiplier3user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP neighbor 10.5.5.2

15. Configure MSDP.

[edit]user@QFX_10.5.5.1# set protocolsmsdp peer 10.5.5.4 local-address 10.5.5.1

16. Configure OSPF.

[edit]user@QFX_10.5.5.1# set protocols ospf area 0.0.0.0 interface lo0.0user@QFX_10.5.5.1# set protocols ospf area 0.0.0.0 interface irb.2user@QFX_10.5.5.1# set protocols ospf area 0.0.0.0 interface irb.21 passive

17. Configure PIM.

NOTE: This device will serve as the RP.

[edit]user@QFX_10.5.5.1# set protocols pim rp local family inet address 10.5.5.254user@QFX_10.5.5.1# set protocols pim interface irb.100 hello-interval 1user@QFX_10.5.5.1# set protocols pim interface irb.100 neighbor-policy Neighbor_Policyuser@QFX_10.5.5.1# set protocols pim interface irb.2user@QFX_10.5.5.1# set protocols pim interface irb.21user@QFX_10.5.5.1# set protocols pim interface lo0.0

18. Configure IGMP snooping on vlan21.

[edit]user@QFX_10.5.5.1# set protocols igmp-snooping vlan V_21

19. Configure routing policies to advertise and receive the required routes.

[edit ]user@QFX_10.5.5.1# set policy-options prefix-list Neighbor_Grp 192.168.100.2/32user@QFX_10.5.5.1# set policy-options policy-statement BGP term ICCP_Net then rejectuser@QFX_10.5.5.1# set policy-options policy-statement BGP termMgmt from interfaceem0.0user@QFX_10.5.5.1# set policy-options policy-statement BGP termMgmt then rejectuser@QFX_10.5.5.1# set policy-options policy-statement BGP term direct from protocoldirectuser@QFX_10.5.5.1# set policy-options policy-statement BGP term direct then acceptuser@QFX_10.5.5.1# set policy-options policy-statement BGP term BGP from protocolbgpuser@QFX_10.5.5.1# set policy-options policy-statement BGP term BGP then acceptuser@QFX_10.5.5.1# set policy-options policy-statement BGP term Last then rejectuser@QFX_10.5.5.1# setpolicy-optionspolicy-statementNeighbor_Policy fromprefix-listNeighbor_Grpuser@QFX_10.5.5.1# set policy-options policy-statement Neighbor_Policy then accept

Copyright © 2016, Juniper Networks, Inc.24

Deploying Secure Multicast Market Data Services for Financial Services Environments

20. Configure VLANs and associate the IRB interfaces.

[edit]user@QFX_10.5.5.1# set vlans V_100 vlan-id 100user@QFX_10.5.5.1# set vlans V_100 l3-interface irb.100user@QFX_10.5.5.1# set vlans V_2_Routing_MC_AE vlan-id 2user@QFX_10.5.5.1# set vlans V_2_Routing_MC_AE l3-interface irb.2user@QFX_10.5.5.1# set vlans V_21 vlan-id 21

21. Configure an RTG, and a default route.

[edit]user@QFX_10.5.5.1# set switch-options redundant-trunk-groupgroup rtg1 interfaceae1.0user@QFX_10.5.5.1# setswitch-options redundant-trunk-groupgroup rtg1 interfaceae2.0primaryuser@QFX_10.5.5.1# set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Configuring QFX5100—QFX_10.5.5.2

CLI QuickConfiguration

To quickly configure this example, copy the following commands, paste them into a text

file, remove any line breaks, change any details necessary to match your network

configuration, copy and paste the commands into the CLI at the [edit] hierarchy level,

and then enter commit from configuration mode.

[edit]set system host-nameQFX_10.5.5.2set system name-server 172.17.28.100set system ntp server 172.17.28.5set system ntp server 10.204.37.156set chassis aggregated-devices ethernet device-count 4set interfaces xe-0/0/0 ether-options 802.3ad ae2set interfaces xe-0/0/1 ether-options 802.3ad ae1set interfaces ae1mtu 9192set interfaces ae1 aggregated-ether-options lacp activeset interfaces ae1 aggregated-ether-options lacp periodic fastset interfaces ae1 unit 0 family ethernet-switching interface-mode trunkset interfaces ae1 unit 0 family ethernet-switching vlanmembers 101set interfaces irbmtu 9192set interfaces irb unit 101 family inetmtu 9120set interfaces irb unit 101 family inet address 192.168.101.1/24set interfaces irb unit 2 family inet address 172.16.2.2/24vrrp-group0virtual-address 172.16.2.254set interfaces irb unit 2 family inet address 172.16.2.2/24 vrrp-group 0 accept-dataset interfaces irbunit31 family inetaddress 172.16.31.2/24vrrp-group0virtual-address 172.16.31.254set interfaces irb unit 31 family inet address 172.16.31.2/24 vrrp-group 0 accept-dataset interfaces lo0 unit 0 family inet address 10.5.5.2/32 primaryset interfaces ge-0/0/13 ether-options 802.3ad ae100set interfaces ae100 aggregated-ether-options lacp activeset interfaces ae100 aggregated-ether-options lacp periodic fastset interfaces ae100 unit 0 family ethernet-switching interface-mode trunkset interfaces ae100 unit 0 family ethernet-switching vlanmembers 2set interfaces ae2mtu 9192set interfaces ae2 aggregated-ether-options lacp activeset interfaces ae2 aggregated-ether-options lacp periodic fastset interfaces ae2 unit 0 family ethernet-switching interface-mode trunkset interfaces ae2 unit 0 family ethernet-switching vlanmembers 101set interfaces ge-0/0/23 unit 0 family ethernet-switching vlanmembers 31set protocols bgp export BGPset protocols bgp group fsi local-as 64512set protocols bgp group fsi bfd-liveness-detectionminimum-interval 300set protocols bgp group fsi bfd-liveness-detectionmultiplier 3

25Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

set protocols bgp group fsi neighbor 192.168.101.2 local-address 192.168.101.1set protocols bgp group fsi neighbor 192.168.101.2 peer-as 65535set protocols bgp group fsi_IBGP type internalset protocols bgp group fsi_IBGP local-address 10.5.5.2set protocols bgp group fsi_IBGP local-as 64512set protocols bgp group fsi_IBGP bfd-liveness-detectionminimum-interval 300set protocols bgp group fsi_IBGP bfd-liveness-detectionmultiplier 3set protocols bgp group fsi_IBGP neighbor 10.5.5.1set protocols ospf area 0.0.0.0 interface lo0.0set protocols ospf area 0.0.0.0 interface irb.2set protocols ospf area 0.0.0.0 interface irb.31 passiveset protocols pim rp static address 10.5.5.254set protocols pim interface irb.101 hello-interval 1set protocols pim interface irb.101 neighbor-policy Neighbor_Policyset protocols pim interface lo0.0set protocols pim interface irb.2set protocols pim interface irb.31set protocols igmp-snooping vlan V_31set policy-options prefix-list Neighbor_Grp 192.168.101.2/32set policy-options policy-statement BGP termMgmt from interface em0.0set policy-options policy-statement BGP termMgmt then rejectset policy-options policy-statement BGP term direct from protocol directset policy-options policy-statement BGP term direct then acceptset policy-options policy-statement BGP term BGP from protocol bgpset policy-options policy-statement BGP term BGP then acceptset policy-options policy-statement BGP term Last then rejectset policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grpset policy-options policy-statement Neighbor_Policy then acceptset vlans V_101 vlan-id 101set vlans V_101 l3-interface irb.101set vlans V_2_Routing_MC_AE vlan-id 2set vlans V_2_Routing_MC_AE l3-interface irb.2set vlans V_31 vlan-id 31set vlans V_31 l3-interface irb.31set switch-options redundant-trunk-group group rtg1 interface ae1.0set switch-options redundant-trunk-group group rtg1 interface ae2.0 primaryset interfaces em0 unit 0 family inet address 10.219.29.189/26set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Step-by-StepProcedure

To configure QFX_10.5.5.2:

1. Configure the hostname and the DNS.

{primary:node0}[edit]user@QFX_10.5.5.2# set system host-nameQFX_10.5.5.2user@QFX_10.5.5.2# set system name-server 172.17.28.100

2. Configure the NTP server.

{primary:node0}[edit]user@QFX_10.5.5.2# set system ntp server 172.17.28.5user@QFX_10.5.5.2# set system ntp server 10.204.37.156

3. Specify the number of aggregated Ethernet interfaces to be created.

{primary:node0}[edit]user@QFX_10.5.5.2# set chassis aggregated-devices ethernet device-count 4

4. Configure the member links of the ae2 and ae1 aggregated Ethernet bundles.

{primary:node0}[edit]user@QFX_10.5.5.2# set interfaces xe-0/0/0 ether-options 802.3ad ae2user@QFX_10.5.5.2# set interfaces xe-0/0/1 ether-options 802.3ad ae1

Copyright © 2016, Juniper Networks, Inc.26

Deploying Secure Multicast Market Data Services for Financial Services Environments

NOTE: In this configuration example, a single interface is configuredonly for labpurposes.However, anAE interface isusedasabestpractice.In a typical financial services environment scenario, an AE bundle ismore appropriate than a single interface because it helps tomeet thefuture requirements without much change.

5. Configure LACP on the ae2 aggregated Ethernet bundle and its VLAN association.

[edit]user@QFX_10.5.5.2# set interfaces ae2mtu 9192user@QFX_10.5.5.2# set interfaces ae2 aggregated-ether-options lacp activeuser@QFX_10.5.5.2# set interfaces ae2 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.2# set interfaces ae2 unit 0 family ethernet-switching interface-modetrunkuser@QFX_10.5.5.2# set interfaces ae2 unit 0 family ethernet-switching vlanmembers101

6. Configure LACP on the ae1 aggregated Ethernet bundle and its VLAN association.

{primary:node0}[edit]user@QFX_10.5.5.2# set interfaces ae1mtu 9192user@QFX_10.5.5.2# set interfaces ae1 aggregated-ether-options lacp activeuser@QFX_10.5.5.2# set interfaces ae1 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.2# set interfaces ae1 unit 0 family ethernet-switching interface-modetrunkuser@QFX_10.5.5.2# set interfaces ae1 unit 0 family ethernet-switching vlanmembers101

7. Configure the member links of the ae100 aggregated Ethernet bundle, and MTU.

[edit]user@QFX_10.5.5.2# set interfaces ge-0/0/13 ether-options 802.3ad ae100

8. ConfigureLACPontheae100aggregatedEthernetbundleand itsVLANassociation.

[edit]user@QFX_10.5.5.2# set interfaces ae100 aggregated-ether-options lacp activeuser@QFX_10.5.5.2# set interfaces ae100 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.2# set interfacesae100unit0familyethernet-switching interface-modetrunkuser@QFX_10.5.5.2# set interfaces ae100unit 0 family ethernet-switching vlanmembers2

9. Configure IRB interfaces and VRRP.

[edit]user@QFX_10.5.5.2# set interfaces irbmtu 9192user@QFX_10.5.5.2# set interfaces irb unit 101 family inetmtu 9120user@QFX_10.5.5.2# set interfaces irb unit 101 family inet address 192.168.101.1/24user@QFX_10.5.5.2# set interfaces irb unit 2 family inet address 172.16.2.2/24 vrrp-group0 virtual-address 172.16.2.254user@QFX_10.5.5.2# set interfaces irb unit 2 family inet address 172.16.2.2/24 vrrp-group0 accept-datauser@QFX_10.5.5.2# set interfaces irbunit 21 family inetaddress 172.16.31.2/24vrrp-group0 virtual-address 172.16.31.254user@QFX_10.5.5.2# set interfaces irbunit21 family inetaddress 172.16.31.2/24vrrp-group0 accept-data

10. Configure the loopback andmanagement interfaces.

[edit]user@QFX_10.5.5.2# set interfaces lo0 unit 0 family inet address 10.5.5.2/32 primary

27Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

user@QFX_10.5.5.2# set interfaces em0 unit 0 family inet address 10.219.29.189/26

11. Configure the interface toward themulticast source.

[edit]user@QFX_10.5.5.2# set interfaces ge-0/0/23 unit 0 family ethernet-switching vlanmembers 31

12. Configure external and internal BGP connections.

[edit]user@QFX_10.5.5.2# set protocols bgp export BGPuser@QFX_10.5.5.2# set protocols bgp group fsi local-as 64512user@QFX_10.5.5.2# setprotocolsbgpgroupfsibfd-liveness-detectionminimum-interval300user@QFX_10.5.5.2# set protocols bgp group fsi bfd-liveness-detectionmultiplier 3user@QFX_10.5.5.2# set protocols bgp group fsi neighbor 192.168.101.2 local-address192.168.101.1user@QFX_10.5.5.2# set protocols bgp group fsi neighbor 192.168.101.2 peer-as 65535user@QFX_10.5.5.2# set protocols bgp group fsi export BGPuser@QFX_10.5.5.2# set protocols bgp group fsi_IBGP type internaluser@QFX_10.5.5.2# set protocols bgp group fsi_IBGP local-address 10.5.5.2user@QFX_10.5.5.2# set protocols bgp group fsi_IBGP local-as 64512user@QFX_10.5.5.2# set protocols bgp group fsi_IBGP bfd-liveness-detectionminimum-interval 300user@QFX_10.5.5.2# set protocols bgp group fsi_IBGP bfd-liveness-detectionmultiplier3user@QFX_10.5.5.2# set protocols bgp group fsi_IBGP neighbor 10.5.5.1

13. Configure OSPF.

[edit]user@QFX_10.5.5.2# set protocols ospf area 0.0.0.0 interface lo0.0user@QFX_10.5.5.2# set protocols ospf area 0.0.0.0 interface irb.2user@QFX_10.5.5.2# set protocols ospf area 0.0.0.0 interface irb.31 passive

14. Configure PIM.

[edit]user@QFX_10.5.5.2# set protocols pim rp static address 10.5.5.254user@QFX_10.5.5.2# set protocols pim interface irb.101 hello-interval 1user@QFX_10.5.5.2# set protocols pim interface irb.101 neighbor-policy Neighbor_Policyuser@QFX_10.5.5.2# set protocols pim interface irb.100 hello-interval 1user@QFX_10.5.5.2# set protocols pim interface irb.2user@QFX_10.5.5.2# set protocols pim interface irb.31user@QFX_10.5.5.2# set protocols pim interface lo0.0

15. Configure IGMP snooping on vlan31.

[edit protocols]user@QFX_10.5.5.2# set protocols igmp-snooping vlan V_31

16. Configure routing policies to advertise and receive the required routes.

[edit ]user@QFX_10.5.5.2# set policy-options prefix-list Neighbor_Grp 192.168.101.2/32user@QFX_10.5.5.2# set policy-options policy-statement BGP term ICCP_Net then rejectuser@QFX_10.5.5.2# set policy-options policy-statement BGP termMgmt from interfaceem0.0user@QFX_10.5.5.2# set policy-options policy-statement BGP termMgmt then rejectuser@QFX_10.5.5.2# set policy-options policy-statement BGP term direct from protocoldirectuser@QFX_10.5.5.2# set policy-options policy-statement BGP term direct then acceptuser@QFX_10.5.5.2# set policy-options policy-statement BGP term BGP from protocolbgpuser@QFX_10.5.5.2# set policy-options policy-statement BGP term BGP then acceptuser@QFX_10.5.5.2# set policy-options policy-statement BGP term Last then reject

Copyright © 2016, Juniper Networks, Inc.28

Deploying Secure Multicast Market Data Services for Financial Services Environments

user@QFX_10.5.5.2# setpolicy-optionspolicy-statementNeighbor_Policy fromprefix-listNeighbor_Grpuser@QFX_10.5.5.2# set policy-options policy-statement Neighbor_Policy then accept

17. Configure VLANs and associate the IRB interfaces.

[edit]user@QFX_10.5.5.2# set vlans V_101 vlan-id 101user@QFX_10.5.5.2# set vlans V_101 l3-interface irb.101user@QFX_10.5.5.2# set vlans V_2_Routing_MC_AE vlan-id 2user@QFX_10.5.5.2# set vlans V_2_Routing_MC_AE l3-interface irb.2user@QFX_10.5.5.2# set vlans V_31 vlan-id 31

18. Configure an RTG, and a default route.

[edit]user@QFX_10.5.5.2# set switch-options redundant-trunk-groupgroup rtg1 interfaceae1.0user@QFX_10.5.5.2# setswitch-options redundant-trunk-groupgroup rtg1 interfaceae2.0primaryuser@QFX_10.5.5.2# set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Configuring QFX5100—QFX_10.5.5.3

CLI QuickConfiguration

To quickly configure this example, copy the following commands, paste them into a text

file, remove any line breaks, change any details necessary to match your network

configuration, copy and paste the commands into the CLI at the [edit] hierarchy level,

and then enter commit from configuration mode.

[edit]set system host-nameQFX_10.5.5.3set system name-server 172.17.28.100set system ntp server 172.17.28.5set system ntp server 10.204.37.156set chassis aggregated-devices ethernet device-count 4set security authentication-key-chains key-chain fsi key 0 secret "$9$xCvdVsUDkfQn4aQF"setsecurityauthentication-key-chainskey-chain fsi key0start-time"2016-1-1.00:00:00+0000"set security authentication-key-chains key-chain fsi key 1 secret "$9$1tWhcrx7V2oGvWaZ"set security authentication-key-chains key-chain fsi key 1 start-time "2016-1-1.00:01:00 +0000"set interfaces xe-0/0/3 ether-options 802.3ad ae2set interfaces xe-0/0/4 ether-options 802.3ad ae1set interfaces ae2mtu 9192set interfaces ae2 aggregated-ether-options lacp activeset interfaces ae2 aggregated-ether-options lacp periodic fastset interfaces ae2 unit 0 family ethernet-switching interface-mode trunkset interfaces ae2 unit 0 family ethernet-switching vlanmembers 102set interfaces ae1mtu 9192set interfaces ae1 aggregated-ether-options lacp activeset interfaces ae1 aggregated-ether-options lacp periodic fastset interfaces ae1 unit 0 family ethernet-switching interface-mode trunkset interfaces ae1 unit 0 family ethernet-switching vlanmembers 102set interfaces irbmtu 9192set interfaces irb unit 102 family inetmtu 9120set interfaces irb unit 102 family inet address 192.168.102.1/24set interfaces irb unit 2 family inet address 172.17.2.1/24 vrrp-group 0 virtual-address 172.17.2.254set interfaces irb unit 2 family inet address 172.17.2.1/24 vrrp-group 0 accept-dataset interfaces irbunit21 family inetaddress 172.17.21.2/24vrrp-group0virtual-address 172.16.21.254set interfaces irb unit 21 family inet address 172.17.21.2/24 vrrp-group 0 accept-dataset interfaces lo0 unit 0 family inet address 10.5.5.3/32 primaryset interfaces em0 unit 0 family inet address 10.219.29.186/26set interfaces ge-0/0/13 ether-options 802.3ad ae100set interfaces ae100 aggregated-ether-options lacp active

29Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

set interfaces ae100 aggregated-ether-options lacp periodic fastset interfaces ae100 unit 0 family ethernet-switching interface-mode trunkset interfaces ae100 unit 0 family ethernet-switching vlanmembers 2set interfaces ge-0/0/23 unit 0 family ethernet-switching vlanmembers 21set protocols bgp group fsi export BGPset protocols bgp group fsi bfd-liveness-detectionminimum-interval 300set protocols bgp group fsi bfd-liveness-detectionmultiplier 3set protocols bgp group fsi neighbor 192.168.102.2 local-address 192.168.102.1set protocols bgp group fsi neighbor 192.168.102.2 peer-as 65535set protocols bgp group fsi neighbor 192.168.102.2 local-as 64514set protocols bgp group fsi_IBGP type internalset protocols bgp group fsi_IBGP local-address 10.5.5.3set protocols bgp group fsi_IBGP export BGPset protocols bgp group fsi_IBGP local-as 64514set protocols bgp group fsi_IBGP bfd-liveness-detectionminimum-interval 300set protocols bgp group fsi_IBGP bfd-liveness-detectionmultiplier 3set protocols bgp group fsi_IBGP neighbor 10.5.5.4set protocols ospf area 0.0.0.0 interface lo0.0set protocols ospf area 0.0.0.0 interface irb.2set protocols ospf area 0.0.0.0 interface irb.21 passiveset protocols pim rp static address 10.5.5.254set protocols pim interface irb.102 hello-interval 1set protocols pim interface irb.102 neighbor-policy Neighbor_Policyset protocols pim interface irb.100 hello-interval 1set protocols pim interface irb.100 neighbor-policy Neighbor_Policyset protocols pim interface irb.2set protocols pim interface irb.21set protocols pim interface lo0.0set protocols igmp-snooping vlan V_21set policy-options prefix-list Neighbor_Grp 192.168.102.2/32set policy-options policy-statement BGP termMgmt from interface em0.0set policy-options policy-statement BGP termMgmt then rejectset policy-options policy-statement BGP term direct from protocol directset policy-options policy-statement BGP term direct then acceptset policy-options policy-statement BGP term BGP from protocol bgpset policy-options policy-statement BGP term BGP then acceptset policy-options policy-statement BGP term Last then rejectset policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grpset policy-options policy-statement Neighbor_Policy then acceptset vlans V_102 vlan-id 102set vlans V_102 l3-interface irb.102set vlans V_2_Routing_MC_AE vlan-id 2set vlans V_2_Routing_MC_AE l3-interface irb.2set vlans V_21 vlan-id 21set vlans V_21 l3-interface irb.21set switch-options redundant-trunk-group group rtg1 interface ae1.0set switch-options redundant-trunk-group group rtg1 interface ae2.0 primaryset routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Step-by-StepProcedure

To configure QFX_10.5.5.3:

1. Configure the hostname and the DNS.

{primary:node0}[edit]user@QFX_10.5.5.3# set system host-nameQFX_10.5.5.3user@QFX_10.5.5.3# set system name-server 172.17.28.100

2. Configure the NTP server.

{primary:node0}[edit]user@QFX_10.5.5.3# set system ntp server 172.17.28.5

Copyright © 2016, Juniper Networks, Inc.30

Deploying Secure Multicast Market Data Services for Financial Services Environments

user@QFX_10.5.5.3# set system ntp server 10.204.37.156

3. Configure authentication with multiple keys.

[edit]user@QFX_10.5.5.3# set security authentication-key-chains key-chain fsi key 0 secret"$9$xCvdVsUDkfQn4aQF"user@QFX_10.5.5.3# set securityauthentication-key-chainskey-chain fsi key0start-time"2016–1.00:00:00 +0000"user@QFX_10.5.5.3# set security authentication-key-chains key-chain fsi key 1 secret"$9$1tWhcrx7V2oGvWaZ"user@QFX_10.5.5.3# set security authentication-key-chains key-chain fsi key 1 start-time"2016-1-1.00:01:00 +0000"

4. Specify the number of aggregated Ethernet interfaces to be created.

[edit]user@QFX_10.5.5.3# set chassis aggregated-devices ethernet device-count 4

5. Configure the member links of the ae2 and ae1 aggregated Ethernet bundles.

[edit]user@QFX_10.5.5.3# set interfaces xe-0/0/3 ether-options 802.3ad ae2user@QFX_10.5.5.3# set interfaces xe-0/0/4 ether-options 802.3ad ae1

NOTE: In this configuration example, a single interface is configuredonly for labpurposes.However, anAE interface isusedasabestpractice.In a typical financial services environment scenario, an AE bundle ismore appropriate than a single interface because it helps tomeet thefuture requirements without much change.

6. Configure LACP on the ae2 aggregated Ethernet bundle and its VLAN association.

[edit]user@QFX_10.5.5.3# set interfaces ae2mtu 9192user@QFX_10.5.5.3# set interfaces ae2 aggregated-ether-options lacp activeuser@QFX_10.5.5.3# set interfaces ae2 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.3# set interfaces ae2 unit 0 family ethernet-switching interface-modetrunkuser@QFX_10.5.5.3# set interfaces ae2 unit 0 family ethernet-switching vlanmembers102

7. Configure LACP on the ae1 aggregated Ethernet bundle and its VLAN association.

[edit]user@QFX_10.5.5.3# set interfaces ae1mtu 9192user@QFX_10.5.5.3# set interfaces ae1 aggregated-ether-options lacp activeuser@QFX_10.5.5.3# set interfaces ae1 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.3# set interfaces ae1 unit 0 family ethernet-switching interface-modetrunkuser@QFX_10.5.5.3# set interfaces ae1 unit 0 family ethernet-switching vlanmembers102

8. Configure IRB interfaces and VRRP.

[edit]user@QFX_10.5.5.3# set interfaces irbmtu 9192user@QFX_10.5.5.3# set interfaces irb unit 102 family inetmtu 9120user@QFX_10.5.5.3# set interfaces irb unit 102 family inet address 192.168.102.1/24user@QFX_10.5.5.3# set interfaces irb unit 2 family inet address 172.17.2.1/24 vrrp-group0 virtual-address 172.17.2.254

31Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

user@QFX_10.5.5.3# set interfaces irb unit 2 family inet address 172.17.2.1/24 vrrp-group0 accept-datauser@QFX_10.5.5.3# set interfaces irb unit 21 family inet address 172.17.21.2/24 vrrp-group0 virtual-address 172.16.21.254user@QFX_10.5.5.3# set interfaces irbunit 21 family inet address 172.17.21.2/24vrrp-group0 accept-data

9. Configure the loopback andmanagement interfaces.

[edit]user@QFX_10.5.5.3# set interfaces lo0 unit 0 family inet address 10.5.5.3/32 primaryuser@QFX_10.5.5.3# set interfaces em0 unit 0 family inet address 10.219.29.186/26

10. Configure the member links of the ae100 aggregated Ethernet bundle, and MTU.

[edit]user@QFX_10.5.5.3# set interfaces ge-0/0/13 ether-options 802.3ad ae100

11. ConfigureLACPontheae100aggregatedEthernetbundleand itsVLANassociation.

[edit]user@QFX_10.5.5.3# set interfaces ae100 aggregated-ether-options lacp activeuser@QFX_10.5.5.3# set interfaces ae100 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.3# set interfacesae100unit0familyethernet-switching interface-modetrunkuser@QFX_10.5.5.3# set interfaces ae100unit 0 family ethernet-switching vlanmembers2

12. Configure the interface toward themulticast source.

user@QFX_10.5.5.3# set interfaces ge-0/0/23 unit 0 family ethernet-switching vlanmembers 21

13. Configure external and internal BGP connections.

[edit]user@QFX_10.5.5.3# set protocols bgp export BGPuser@QFX_10.5.5.3# set protocols bgp group fsi export BGPuser@QFX_10.5.5.3# setprotocolsbgpgroupfsibfd-liveness-detectionminimum-interval300user@QFX_10.5.5.3# set protocols bgp group fsi bfd-liveness-detectionmultiplier 3user@QFX_10.5.5.3# set protocols bgp group fsi neighbor 192.168.102.2 local-address192.168.102.1user@QFX_10.5.5.3# set protocols bgp group fsi neighbor 192.168.102.2 peer-as 65535user@QFX_10.5.5.3# set protocols bgp group fsi_BGP local-as 64514user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP type internaluser@QFX_10.5.5.3# set protocols bgp group fsi_IBGP local-address 10.5.5.3user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP export BGPuser@QFX_10.5.5.3# set protocols bgp group fsi_IBGP local-as 64514user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP bfd-liveness-detectionminimum-interval 300user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP bfd-liveness-detectionmultiplier3user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP neighbor 10.5.5.4

14. Configure OSPF.

[edit]user@QFX_10.5.5.3# set protocols ospf area 0.0.0.0 interface lo0.0user@QFX_10.5.5.3# set protocols ospf area 0.0.0.0 interface irb.2user@QFX_10.5.5.3# set protocols ospf area 0.0.0.0 interface irb.21 passive

15. Configure PIM.

[edit]user@QFX_10.5.5.3# set protocols pim rp static address 10.5.5.254user@QFX_10.5.5.3# set protocols pim interface irb.102 hello-interval 1user@QFX_10.5.5.3# set protocols pim interface irb.102 neighbor-policy Neighbor_Policy

Copyright © 2016, Juniper Networks, Inc.32

Deploying Secure Multicast Market Data Services for Financial Services Environments

user@QFX_10.5.5.3# set protocols pim interface irb.100 hello-interval 1user@QFX_10.5.5.3# set protocols pim interface irb.100 neighbor-policy Neighbor_Policyuser@QFX_10.5.5.3# set protocols pim interface irb.2user@QFX_10.5.5.3# set protocols pim interface irb.21user@QFX_10.5.5.3# set protocols pim interface lo0.0

16. Configure IGMP snooping on vlan21.

[edit]user@QFX_10.5.5.3# set protocols igmp-snooping vlan V_21

17. Configure routing policies to advertise and receive the required routes.

[edit]user@QFX_10.5.5.3# set policy-options prefix-list Neighbor_Grp 192.168.102.2/32user@QFX_10.5.5.3# set policy-options policy-statement BGP term ICCP_Net then rejectuser@QFX_10.5.5.3# set policy-options policy-statement BGP termMgmt from interfaceem0.0user@QFX_10.5.5.3# set policy-options policy-statement BGP termMgmt then rejectuser@QFX_10.5.5.3# set policy-options policy-statement BGP term direct from protocoldirectuser@QFX_10.5.5.3# set policy-options policy-statement BGP term direct then acceptuser@QFX_10.5.5.3# set policy-options policy-statement BGP term BGP from protocolbgpuser@QFX_10.5.5.3# set policy-options policy-statement BGP term BGP then acceptuser@QFX_10.5.5.3# set policy-options policy-statement BGP term Last then rejectuser@QFX_10.5.5.3# setpolicy-optionspolicy-statementNeighbor_Policy fromprefix-listNeighbor_Grpuser@QFX_10.5.5.3# set policy-options policy-statement Neighbor_Policy then accept

18. Configure VLANs and associate the IRB interfaces.

[edit]user@QFX_10.5.5.3# set vlans V_102 vlan-id 102user@QFX_10.5.5.3# set vlans V_102 l3-interface irb.102user@QFX_10.5.5.3# set vlans V_2_Routing_MC_AE vlan-id 2user@QFX_10.5.5.3# set vlans V_2_Routing_MC_AE l3-interface irb.2user@QFX_10.5.5.3# set vlans V_21 vlan-id 21

19. Configure an RTG, and a default route.

[edit]user@QFX_10.5.5.3# set switch-options redundant-trunk-groupgroup rtg1 interfaceae1.0primaryuser@QFX_10.5.5.3# setswitch-options redundant-trunk-groupgroup rtg1 interfaceae2.0user@QFX_10.5.5.3# set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Configuring QFX5100—QFX_10.5.5.4

CLI QuickConfiguration

To quickly configure this example, copy the following commands, paste them into a text

file, remove any line breaks, change any details necessary to match your network

configuration, copy and paste the commands into the CLI at the [edit] hierarchy level,

and then enter commit from configuration mode.

[edit]set system host-nameQFX_10.5.5.4set system name-server 172.17.28.100set system ntp server 172.17.28.5set system ntp server 10.204.37.156set chassis aggregated-devices ethernet device-count 4set interfaces xe-0/0/3 ether-options 802.3ad ae1set interfaces ae1mtu 9192set interfaces ae1 aggregated-ether-options lacp activeset interfaces ae1 aggregated-ether-options lacp periodic fast

33Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

set interfaces ae1 unit 0 family ethernet-switching interface-mode trunkset interfaces ae1 unit 0 family ethernet-switching vlanmembers 103set interfaces irbmtu 9192set interfaces irb unit 103 family inetmtu 9120set interfaces irb unit 103 family inet address 192.168.103.1/24set interfaces irb unit 2 family inet address 172.17.2.2/24 vrrp-group 0 virtual-address 172.17.2.254set interfaces irb unit 2 family inet address 172.17.2.2/24 vrrp-group 0 accept-dataset interfaces irbunit31 family inetaddress 172.17.31.2/24vrrp-group0virtual-address 172.17.31.254set interfaces irb unit 31 family inet address 172.17.31.2/24 vrrp-group 0 accept-dataset interfaces lo0 unit 0 family inet address 10.5.5.4/32 primaryset interfaces lo0 unit 0 family inet address 10.5.5.254/32set interfaces em0 unit 0 family inet address 10.219.29.187/26set interfaces ge-0/0/13 ether-options 802.3ad ae100set interfaces ae100 aggregated-ether-options lacp activeset interfaces ae100 aggregated-ether-options lacp periodic fastset interfaces ae100 unit 0 family ethernet-switching interface-mode trunkset interfaces ae100 unit 0 family ethernet-switching vlanmembers 2set interfaces xe-0/0/4 ether-options 802.3ad ae2set interfaces ae2mtu 9192set interfaces ae2 aggregated-ether-options lacp activeset interfaces ae2 aggregated-ether-options lacp periodic fastset interfaces ae2 unit 0 family ethernet-switching interface-mode trunkset interfaces ae2 unit 0 family ethernet-switching vlanmembers 103set interfaces ge-0/0/23 unit 0 family ethernet-switching vlanmembers 31set protocols bgp group fsi export BGPset protocols bgp group fsi bfd-liveness-detectionminimum-interval 300set protocols bgp group fsi bfd-liveness-detectionmultiplier 3set protocols bgp group fsi neighbor 192.168.103.2 local-address 192.168.103.1set protocols bgp group fsi neighbor 192.168.103.2 peer-as 65535set protocols bgp group fsi neighbor 192.168.103.2 local-as 64514set protocols bgp group fsi_IBGP type internalset protocols bgp group fsi_IBGP local-address 10.5.5.4set protocols bgp group fsi_IBGP export BGPset protocols bgp group fsi_IBGP local-as 64514set protocols bgp group fsi_IBGP bfd-liveness-detectionminimum-interval 300set protocols bgp group fsi_IBGP bfd-liveness-detectionmultiplier 3set protocols bgp group fsi_IBGP neighbor 10.5.5.3set protocolsmsdp peer 10.5.5.1 local-address 10.5.5.4set protocols ospf area 0.0.0.0 interface lo0.0set protocols ospf area 0.0.0.0 interface irb.2set protocols ospf area 0.0.0.0 interface irb.31set protocols pim rp local family inet address 10.5.5.254set protocols pim interface irb.103 neighbor-policy Neighbor_Policyset protocols pim interface irb.2set protocols pim interface irb.31set protocols pim interface lo0.0set protocols igmp-snooping vlan V_31set policy-options prefix-list Neighbor_Grp 192.168.103.2/32set policy-options policy-statement BGP termMgmt from interface em0.0set policy-options policy-statement BGP termMgmt then rejectset policy-options policy-statement BGP term direct from protocol directset policy-options policy-statement BGP term direct then acceptset policy-options policy-statement BGP term BGP from protocol bgpset policy-options policy-statement BGP term BGP then acceptset policy-options policy-statement BGP term Last then rejectset policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grpset policy-options policy-statement Neighbor_Policy then acceptset vlans V_103 vlan-id 103set vlans V_103 l3-interface irb.103

Copyright © 2016, Juniper Networks, Inc.34

Deploying Secure Multicast Market Data Services for Financial Services Environments

set vlans V_2_Routing_MC_AE vlan-id 2set vlans V_2_Routing_MC_AE l3-interface irb.2set vlans V_31 vlan-id 31set vlans V_31 l3-interface irb.31set switch-options redundant-trunk-group group rtg1 interface ae1.0set switch-options redundant-trunk-group group rtg1 interface ae2.0 primaryset routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Step-by-StepProcedure

To configure QFX_10.5.5.4:

1. Configure the hostname and the DNS.

{primary:node0}[edit]user@QFX_10.5.5.4# set system host-nameQFX_10.5.5.4user@QFX_10.5.5.4# set system name-server 172.17.28.100

2. Configure the NTP server.

{primary:node0}[edit]user@QFX_10.5.5.4# set system ntp server 172.17.28.5user@QFX_10.5.5.4# set system ntp server 10.204.37.156

3. Specify the number of aggregated Ethernet interfaces to be created.

{primary:node0}[edit]user@QFX_10.5.5.4# set chassis aggregated-devices ethernet device-count 4

4. Configure the member links of the ae1 and ae2 aggregated Ethernet bundles.

[edit]user@QFX_10.5.5.4# set interfaces xe-0/0/3 ether-options 802.3ad ae1user@QFX_10.5.5.4# set interfaces xe-0/0/4 ether-options 802.3ad ae2

NOTE: In this configuration example, a single interface is configuredonly for labpurposes.However, anAE interface isusedasabestpractice.In a typical financial services environment scenario, an AE bundle ismore appropriate than a single interface because it helps tomeet thefuture requirements without much change.

5. Configure LACP on the ae1 aggregated Ethernet bundle and its VLAN association.

[edit]user@QFX_10.5.5.4# set interfaces ae1mtu 9192user@QFX_10.5.5.4# set interfaces ae1 aggregated-ether-options lacp activeuser@QFX_10.5.5.4# set interfaces ae1 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.4# set interfaces ae1 unit 0 family ethernet-switching interface-modetrunkuser@QFX_10.5.5.4# set interfaces ae1 unit 0 family ethernet-switching vlanmembers103

6. Configure LACP on the ae2 aggregated Ethernet bundle and its VLAN association.

[edit]user@QFX_10.5.5.4# set interfaces ae2mtu 9192user@QFX_10.5.5.4# set interfaces ae2 aggregated-ether-options lacp activeuser@QFX_10.5.5.4# set interfaces ae2 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.4# set interfaces ae2 unit 0 family ethernet-switching interface-modetrunkuser@QFX_10.5.5.4# set interfaces ae2 unit 0 family ethernet-switching vlanmembers103

7. Configure the member links of the ae100 aggregated Ethernet bundle, and MTU.

35Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

[edit]user@QFX_10.5.5.4# set interfaces ge-0/0/13 ether-options 802.3ad ae100

8. ConfigureLACPontheae100aggregatedEthernetbundleand itsVLANassociation.

[edit]user@QFX_10.5.5.4# set interfaces ae100 aggregated-ether-options lacp activeuser@QFX_10.5.5.4# set interfaces ae100 aggregated-ether-options lacp periodic fastuser@QFX_10.5.5.4# set interfacesae100unit0familyethernet-switching interface-modetrunkuser@QFX_10.5.5.4# set interfaces ae100unit 0 family ethernet-switching vlanmembers2

9. Configure IRB interfaces and VRRP.

[edit]user@QFX_10.5.5.4# set interfaces irbmtu 9192user@QFX_10.5.5.4# set interfaces irb unit 103 family inetmtu 9120user@QFX_10.5.5.4# set interfaces irb unit 103 family inet address 192.168.103.1/24user@QFX_10.5.5.4# set interfaces irb unit 2 family inet address 172.17.2.2/24 vrrp-group0 virtual-address 172.17.2.254user@QFX_10.5.5.4# set interfaces irb unit 2 family inet address 172.17.2.2/24 vrrp-group0 accept-datauser@QFX_10.5.5.4# set interfaces irb unit 31 family inet address 172.17.31.2/24 vrrp-group0 virtual-address 172.17.31.254user@QFX_10.5.5.4# set interfaces irbunit 31 family inet address 172.17.31.2/24vrrp-group0 accept-data

10. Configure the loopback andmanagement interfaces.

[edit]user@QFX_10.5.5.4# set interfaces lo0 unit 0 family inet address 10.5.5.4/32 primaryuser@QFX_10.5.5.4# set interfaces lo0 unit 0 family inet address 10.5.5.254/32user@QFX_10.5.5.4# set interfaces em0 unit 0 family inet address 10.219.29.187/26

11. Configure the interface toward themulticast source.

[edit]user@QFX_10.5.5.4# set interfaces ge-0/0/23 unit 0 family ethernet-switching vlanmembers 31

12. Configure external and internal BGP connections.

[edit]user@QFX_10.5.5.4# set protocols bgp export BGPuser@QFX_10.5.5.4# setprotocolsbgpgroupfsibfd-liveness-detectionminimum-interval300user@QFX_10.5.5.4# set protocols bgp group fsi bfd-liveness-detectionmultiplier 3user@QFX_10.5.5.4# set protocols bgp group fsi neighbor 192.168.103.2 local-address192.168.103.1user@QFX_10.5.5.4# set protocols bgp group fsi neighbor 192.168.103.2 peer-as 65535user@QFX_10.5.5.4# set protocols bgp group fsi neighbor 192.168.103.2 local-as 64514user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP type internaluser@QFX_10.5.5.4# set protocols bgp group fsi_IBGP local-address 10.5.5.4user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP export BGPuser@QFX_10.5.5.4# set protocols bgp group fsi_IBGP local-as 64514user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP bfd-liveness-detectionminimum-interval 300user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP bfd-liveness-detectionmultiplier3user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP neighbor 10.5.5.3

13. Configure MSDP.

[edit]user@QFX_10.5.5.4# set protocolsmsdp peer 10.5.5.1 local-address 10.5.5.4

14. Configure OSPF.

Copyright © 2016, Juniper Networks, Inc.36

Deploying Secure Multicast Market Data Services for Financial Services Environments

[edit]user@QFX_10.5.5.4# set protocols ospf area 0.0.0.0 interface lo0.0user@QFX_10.5.5.4# set protocols ospf area 0.0.0.0 interface irb.2user@QFX_10.5.5.4# set protocols ospf area 0.0.0.0 interface irb.31 passive

15. Configure PIM.

NOTE: This device will serve as the RP.

[edit]user@QFX_10.5.5.4# set protocols pim rp local family inet address 10.5.5.254user@QFX_10.5.5.4# set protocols pim interface irb.103 neighbor-policy Neighbor_Policyuser@QFX_10.5.5.4# set protocols pim interface lo0.0user@QFX_10.5.5.4# set protocols pim interface irb.2user@QFX_10.5.5.4# set protocols pim interface irb.31

16. Configure IGMP snooping on vlan31.

[edit protocols]user@QFX_10.5.5.4# set protocols igmp-snooping vlan V_31

17. Configure routing policies to advertise and receive the required routes.

[edit]user@QFX_10.5.5.4# set policy-options prefix-list Neighbor_Grp 192.168.103.2/32user@QFX_10.5.5.4# set policy-options policy-statement BGP term ICCP_Net then rejectuser@QFX_10.5.5.4# set policy-options policy-statement BGP termMgmt from interfaceem0.0user@QFX_10.5.5.4# set policy-options policy-statement BGP termMgmt then rejectuser@QFX_10.5.5.4# set policy-options policy-statement BGP term direct from protocoldirectuser@QFX_10.5.5.4# set policy-options policy-statement BGP term direct then acceptuser@QFX_10.5.5.4# set policy-options policy-statement BGP term BGP from protocolbgpuser@QFX_10.5.5.4# set policy-options policy-statement BGP term BGP then acceptuser@QFX_10.5.5.4# set policy-options policy-statement BGP term Last then rejectuser@QFX_10.5.5.4# setpolicy-optionspolicy-statementNeighbor_Policy fromprefix-listNeighbor_Grpuser@QFX_10.5.5.4# set policy-options policy-statement Neighbor_Policy then accept

18. Configure VLANs and associate the IRB interfaces.

[edit]user@QFX_10.5.5.4# set vlans V_103 vlan-id 103user@QFX_10.5.5.4# set vlans V_103 l3-interface irb.103user@QFX_10.5.5.4# set vlans V_2_Routing_MC_AE vlan-id 2user@QFX_10.5.5.4# set vlans V_2_Routing_MC_AE l3-interface irb.2user@QFX_10.5.5.4# set vlans V_31 vlan-id 31user@QFX_10.5.5.4# set vlans V_31 l3-interface irb.31

19. Configure an RTG, and a default route.

[edit]user@QFX_10.5.5.4# set switch-options redundant-trunk-groupgroup rtg1 interfaceae1.0user@QFX_10.5.5.4# setswitch-options redundant-trunk-groupgroup rtg1 interfaceae2.0primaryuser@QFX_10.5.5.4# set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

37Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Verification

Verify that the configuration is working properly:

• Verifying the SRX Configured Interfaces on page 38

• Verifying Chassis Cluster Status on page 40

• Verifying Chassis Cluster Statistics on page 41

• Verifying Chassis Cluster Interfaces on page 43

• Verifying Chassis Cluster Control-Plane Statistics on page 44

• Verifying Chassis Cluster Data-Plane Statistics on page 45

• Verifying Security Policy Configuration on page 47

• Verifying the Configured Interfaces on page 48

• Verifying LACP Status on page 52

• Verifying Redundant Trunk Groups on page 55

• Verifying the BGP Status on page 56

• Verifying the OSPF Status on page 65

• Verifying Unicast Routes on page 66

• Verifying VLAN Configurations on page 79

• Verifying PIM Status on page 82

• Verifying PIM RP Status on page 91

• Verifying MSDP Status on page 93

• Verifying Multicast Routes and Their State on page 94

• Verifying the Forwarding Table on page 97

Verifying the SRX Configured Interfaces

Purpose Verify the interfaces are configured properly.

Action From operational mode, enter the show interfaces terse| no-more command.

{primary:node0}user@host> show interfaces terse| no-moreInterface Admin Link Proto Local Remotegr-0/0/0 up upip-0/0/0 up uplt-0/0/0 up upxe-4/0/0 up upxe-4/0/0.0 up up aenet --> reth0.0xe-4/0/0.32767 up up aenet --> reth0.32767xe-4/0/1 up upxe-4/0/1.0 up up aenet --> reth1.0xe-4/0/1.32767 up up aenet --> reth1.32767xe-4/0/2 up upxe-4/0/2.0 up up aenet --> reth3.0xe-4/0/2.32767 up up aenet --> reth3.32767xe-4/0/3 up upxe-4/0/3.0 up up aenet --> reth2.0xe-4/0/3.32767 up up aenet --> reth2.32767

Copyright © 2016, Juniper Networks, Inc.38

Deploying Secure Multicast Market Data Services for Financial Services Environments

xe-4/0/4 up upxe-4/0/4.0 up up aenet --> fab0.0xe-4/0/5 up downxe-4/0/6 up downxe-4/0/7 up downxe-4/0/8 up downxe-4/0/9 up downxe-10/0/0 up upxe-10/0/0.0 up up aenet --> reth1.0xe-10/0/0.32767 up up aenet --> reth1.32767xe-10/0/1 up upxe-10/0/1.0 up up aenet --> reth0.0xe-10/0/1.32767 up up aenet --> reth0.32767xe-10/0/2 up upxe-10/0/2.0 up up aenet --> reth2.0xe-10/0/2.32767 up up aenet --> reth2.32767xe-10/0/3 up upxe-10/0/3.0 up up aenet --> reth3.0xe-10/0/3.32767 up up aenet --> reth3.32767xe-10/0/4 up upxe-10/0/4.0 up up aenet --> fab1.0xe-10/0/5 up downxe-10/0/6 up downxe-10/0/7 up downxe-10/0/8 up downxe-10/0/9 up downet-10/2/0 up downet-10/2/1 up downavs0 up upavs1 up upavs1.0 up up inet 254.0.0.254 --> 0/0 inet6 fe80::199 dsc up upem0 up upem0.0 up up inet 10.0.0.1/8 128.0.0.1/2 129.16.0.1/2 143.16.0.1/2 tnp 0x1100004 em1 up upem1.0 up up inet 10.0.0.1/8 128.0.0.1/2 129.16.0.1/2 143.16.0.1/2 tnp 0x1100004 fab0 up upfab0.0 up up inet 30.17.0.200/24 fab1 up upfab1.0 up up inet 30.18.0.200/24 fxp0 up upfxp0.0 up up inet 10.219.29.157/26gre up upipip up upirb up uplo0 up uplo0.0 up up inet 10.5.5.5 --> 0/0 10.255.29.157 --> 0/0 127.0.0.1 --> 0/0 iso 47.0005.80ff.f800.0000.0108.0001.0102.5502.9157 inet6 abcd::10:255:29:157

39Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

fe80::2a0:a50f:fc90:2b8lo0.16384 up up inet 127.0.0.1 --> 0/0lo0.16385 up up inet lsi up upmtun up uppimd up uppime up upppd0 up upppe0 up upppe0.32769 up up inet reth0 up upreth0.0 up up inet 192.168.100.2/24 multiservicereth0.32767 up up multiservicereth1 up upreth1.0 up up inet 192.168.101.2/24 multiservicereth1.32767 up up multiservicereth2 up upreth2.0 up up inet 192.168.102.2/24 multiservicereth2.32767 up up multiservicereth3 up upreth3.0 up up inet 192.168.103.2/24 multiservicereth3.32767 up up multiservicereth4 up downreth5 up downreth6 up downreth7 up down

Meaning The sample output displays summary information about interfaces.

Verifying Chassis Cluster Status

Purpose Verify the status of a chassis cluster.

Action From operational mode, enter the show chassis cluster status command.

{primary:node0}user@host> show chassis cluster status

Monitor Failure codes:

CS Cold Sync monitoring FL Fabric Connection monitoring

GR GRES monitoring HW Hardware monitoring

IF Interface monitoring IP IP monitoring

LB Loopback monitoring MB Mbuf monitoring

NH Nexthop monitoring NP NPC monitoring

SP SPU monitoring SM Schedule monitoring

CF Config Sync monitoring

Copyright © 2016, Juniper Networks, Inc.40

Deploying Secure Multicast Market Data Services for Financial Services Environments

Cluster ID: 1

Node Priority Status Preempt Manual Monitor-failures

Redundancy group: 0 , Failover count: 1

node0 250 primary no no None

node1 100 secondary no no None

Redundancy group: 1 , Failover count: 9

node0 250 primary yes no None

node1 100 secondary yes no None

Redundancy group: 2 , Failover count: 14

node0 100 secondary yes no None

node1 250 primary yes no None

Meaning The sample output displays the failover status of a chassis cluster.

Verifying Chassis Cluster Statistics

Purpose Verify the chassis cluster statistics.

Action From operational mode, enter the show chassis cluster statistics command.

{primary:node0}user@host> show chassis cluster statistics

Control link statistics: Control link 0: Heartbeat packets sent: 4807687 Heartbeat packets received: 4807526 Heartbeat packet errors: 0 Control link 1: Heartbeat packets sent: 0 Heartbeat packets received: 0 Heartbeat packet errors: 0 Fabric link statistics: Child link 0 Probes sent: 9623205 Probes received: 9623051 Child link 1 Probes sent: 0 Probes received: 0Services Synchronized: Service name RTOs sent RTOs received Translation context 0 0 Incoming NAT 0 0

Resource manager 0 0 DS-LITE create 0 0 Session create 81150821 80538088 IPv6 session create 0 0 Session close 8117582 8056404

41Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

IPv6 session close 0 0 Session change 21 40 IPv6 session change 0 0 ALG Support Library 0 0 Gate create 0 0 Session ageout refresh requests 9972 10361 IPv6 session ageout refresh requests 0 0 Session ageout refresh replies 10355 9962 IPv6 session ageout refresh replies 0 0 IPSec VPN 0 0 Firewall user authentication 0 0 MGCP ALG 0 0

H323 ALG 0 0 SIP ALG 0 0 SCCP ALG 0 0 PPTP ALG 0 0

JSF PPTP ALG 0 0

RPC ALG 0 0

RTSP ALG 0 0

RAS ALG 0 0

MAC address learning 0 0

GPRS GTP 0 0

GPRS SCTP 0 0

GPRS FRAMEWORK 0 0

JSF RTSP ALG 0 0

JSF SUNRPC MAP 0 0

JSF MSRPC MAP 0 0

DS-LITE delete 0 0

JSF SLB 0 0

APPID 0 0

JSF MGCP MAP 0 0

JSF H323 ALG 0 0

JSF RAS ALG 0 0

JSF SCCP MAP 0 0

JSF SIP MAP 0 0

PST_NAT_CREATE 0 0 PST_NAT_CLOSE 0 0 PST_NAT_UPDATE 0 0 JSF TCP STACK 0 0 JSF IKE ALG 0 0

Copyright © 2016, Juniper Networks, Inc.42

Deploying Secure Multicast Market Data Services for Financial Services Environments

Meaning The sample output shows information about chassis cluster services and interfaces.

Verifying Chassis Cluster Interfaces

Purpose Verify the chassis cluster interfaces.

Action From operational mode, enter the show chassis cluster interfaces command.

{primary:node0}user@host> show chassis cluster interfaces

Control link status: UpControl interfaces: Index Interface Monitored-Status Internal-SA

0 em0 Up Disabled

1 em1 Down Disabled

Fabric link status: Up

Fabric interfaces:

Name Child-interface Status

(Physical/Monitored)

fab0 xe-4/0/4 Up / Up

fab0

fab1 xe-10/0/4 Up / Up

fab1

Redundant-ethernet Information:

Name Status Redundancy-group

reth0 Up 1

reth1 Up 2

reth2 Up 1

reth3 Up 2

reth4 Down Not configured

reth5 Down Not configured

reth6 Down Not configured

reth7 Down Not configured

Redundant-pseudo-interface Information:

43Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Name Status Redundancy-group

lo0 Up 0

Interface Monitoring:

Interface Weight Status Redundancy-group

xe-4/0/3 255 Up 1

xe-10/0/2 255 Up 1

xe-10/0/1 255 Up 1

xe-4/0/0 255 Up 1

xe-10/0/3 255 Up 2

xe-4/0/2 255 Up 2

xe-4/0/1 255 Up 2

xe-10/0/0 255 Up 2

Meaning The sample output displays the status of the control interface in a chassis cluster

configuration.

Verifying Chassis Cluster Control-Plane Statistics

Purpose Verify the chassis cluster control-plane statistics.

Action Fromoperationalmode, enter the showchassisclustercontrol-planestatisticscommand.

{primary:node0}user@host> show chassis cluster control-plane statistics

Control link statistics: Control link 0: Heartbeat packets sent: 4807719

Heartbeat packets received: 4807559

Heartbeat packet errors: 0

Control link 1:

Heartbeat packets sent: 0

Heartbeat packets received: 0

Heartbeat packet errors: 0

Fabric link statistics:

Child link 0

Copyright © 2016, Juniper Networks, Inc.44

Deploying Secure Multicast Market Data Services for Financial Services Environments

Probes sent: 9623269

Probes received: 9623115

Child link 1

Probes sent: 0

Probes received: 0

Meaning The sample output displays information about chassis cluster control-plane statistics.

Verifying Chassis Cluster Data-Plane Statistics

Purpose Verify the chassis cluster data-plane statistics.

Action From operational mode, enter the show chassis cluster data-plane statistics command.

{primary:node0}user@host> show chassis cluster data-plane statistics

Services Synchronized:

Service name RTOs sent RTOs received

Translation context 0 0

Incoming NAT 0 0

Resource manager 0 0

DS-LITE create 0 0

Session create 81150821 80538088

IPv6 session create 0 0

Session close 8117582 8056404

IPv6 session close 0 0

Session change 21 40

IPv6 session change 0 0

ALG Support Library 0 0

Gate create 0 0

Session ageout refresh requests 9972 10361

IPv6 session ageout refresh requests 0 0

Session ageout refresh replies 10355 9962

IPv6 session ageout refresh replies 0 0

45Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

IPSec VPN 0 0

Firewall user authentication 0 0

MGCP ALG 0 0

H323 ALG 0 0

SIP ALG 0 0

SCCP ALG 0 0

PPTP ALG 0 0

JSF PPTP ALG 0 0

RPC ALG 0 0

RTSP ALG 0 0

RAS ALG 0 0

MAC address learning 0 0

GPRS GTP 0 0

GPRS SCTP 0 0

GPRS FRAMEWORK 0 0

JSF RTSP ALG 0 0

JSF SUNRPC MAP 0 0

JSF MSRPC MAP 0 0

DS-LITE delete 0 0

JSF SLB 0 0

APPID 0 0

JSF MGCP MAP 0 0

JSF H323 ALG 0 0

JSF RAS ALG 0 0

JSF SCCP MAP 0 0

JSF SIP MAP 0 0

PST_NAT_CREATE 0 0

PST_NAT_CLOSE 0 0

PST_NAT_UPDATE 0 0

JSF TCP STACK 0 0

JSF IKE ALG 0 0

Copyright © 2016, Juniper Networks, Inc.46

Deploying Secure Multicast Market Data Services for Financial Services Environments

Meaning The sample output displays information about chassis cluster data-plane statistics.

Verifying Security Policy Configuration

Purpose Verify information about security policies.

Action From operational mode, enter the run show security policies detail command to display

a summary of all security policies configured on the device.

{primary:node0}user@host> run show security policies detailshow Default policy: deny-allPolicy: default-permit, action-type: permit, State: enabled, Index: 4, Scope Policy: 0 Policy Type: Configured Sequence number: 1 From zone: TRUST, To zone: TRUST Source addresses: any-ipv4: 0.0.0.0/0 any-ipv6: ::/0 Destination addresses: any-ipv4: 0.0.0.0/0 any-ipv6: ::/0 Application: junos-bgp IP protocol: tcp, ALG: 0, Inactivity timeout: 1800 Source port range: [0-0] Destination port range: [179-179] Application: PIM IP protocol: pim, ALG: 0, Inactivity timeout: 0 Source port range: [0-0] Destination port range: [0-0] Per policy TCP Options: SYN check: No, SEQ check: NoPolicy: P1, action-type: permit, State: enabled, Index: 5, Scope Policy: 0 Policy Type: Configured Sequence number: 2 From zone: TRUST, To zone: TRUST Source addresses: MULTI: 172.16.21.0/24 Destination addresses: NETWORK5: 224.0.0.0/4 Application: any IP protocol: 0, ALG: 0, Inactivity timeout: 0 Source port range: [0-0] Destination port range: [0-0] Per policy TCP Options: SYN check: No, SEQ check: NoPolicy: P2, action-type: permit, State: enabled, Index: 6, Scope Policy: 0 Policy Type: Configured Sequence number: 3 From zone: TRUST, To zone: TRUST Source addresses: MULTI1: 172.16.31.0/24 Destination addresses: NETWORK5: 224.0.0.0/4 Application: any IP protocol: 0, ALG: 0, Inactivity timeout: 0 Source port range: [0-0] Destination port range: [0-0] Per policy TCP Options: SYN check: No, SEQ check: NoPolicy: P3, action-type: permit, State: enabled, Index: 7, Scope Policy: 0

47Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Policy Type: Configured Sequence number: 4 From zone: TRUST, To zone: TRUST Source addresses: NETWORK11: 172.17.31.0/24 NETWORK10: 172.17.21.0/24 NETWORK8: 172.16.31.0/24 NETWORK7: 172.16.21.0/24 NETWORK4: 172.17.2.0/24 NETWORK3: 172.16.2.0/24 NETWORK2: 10.5.5.0/24 NETWORK1: 192.168.0.0/24 Destination addresses: NETWORK11: 172.17.31.0/24 NETWORK10: 172.17.21.0/24 NETWORK8: 172.16.31.0/24 NETWORK7: 172.16.21.0/24 NETWORK4: 172.17.2.0/24 NETWORK3: 172.16.2.0/24 NETWORK2: 10.5.5.0/24 NETWORK1: 192.168.0.0/24 Application: any IP protocol: 0, ALG: 0, Inactivity timeout: 0 Source port range: [0-0] Destination port range: [0-0] Per policy TCP Options: SYN check: No, SEQ check: No

Meaning The output displays information about security policies configured on the system.

Verifying the Configured Interfaces

Purpose Verify the interfaces are configured properly.

Action From operational mode, enter the show interfaces terse | no-more command.

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> show interfaces terse | no-more

Interface Admin Link Proto Local Remotegr-0/0/0 up uppfe-0/0/0 up uppfe-0/0/0.16383 up up inet inet6 pfh-0/0/0 up uppfh-0/0/0.16383 up up inet xe-0/0/0 up upxe-0/0/0.0 up up aenet --> ae1.0xe-0/0/1 up upxe-0/0/1.0 up up aenet --> ae2.0ge-0/0/10 up upge-0/0/13 up upge-0/0/13.0 up up aenet --> ae100.0ge-0/0/23 up upge-0/0/23.0 up up eth-switchae0 up downae1 up upae1.0 up up eth-switchae2 up up

Copyright © 2016, Juniper Networks, Inc.48

Deploying Secure Multicast Market Data Services for Financial Services Environments

ae2.0 up up eth-switchae3 up downbme0 up upbme0.0 up up inet 128.0.0.1/2 128.0.0.4/2 128.0.0.16/2 128.0.0.32/2 bme1 up updsc up upem0 up upem0.0 up up inet 10.219.29.188/26em1 up downem2 up upem2.32768 up up inet 192.168.1.2/24 esi up upgre up upipip up upirb up upirb.2 up up inet 172.16.2.1/24 irb.21 up up inet 172.16.21.2/24 172.16.21.254/24 irb.100 up up inet 192.168.100.1/24 jsrv up upjsrv.1 up up inet 128.0.0.127/2 lo0 up uplo0.0 up up inet 10.5.5.1 --> 0/0 10.5.5.254 --> 0/0lo0.16385 up up inet lsi up upmtun up uppimd up uppimd.32769 up up inet pime up uptap up upvme up downvtep up up

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2> show interfaces terse | no-more

Interface Admin Link Proto Local Remotegr-0/0/0 up uppfe-0/0/0 up uppfe-0/0/0.16383 up up inet inet6 pfh-0/0/0 up uppfh-0/0/0.16383 up up inet xe-0/0/0 up upxe-0/0/0.0 up up aenet --> ae2.0xe-0/0/1 up upxe-0/0/1.0 up up aenet --> ae1.0ge-0/0/8 up upge-0/0/13 up upge-0/0/13.0 up up aenet --> ae100.0ge-0/0/23 up upge-0/0/23.0 up up eth-switchae0 up downae1 up upae1.0 up up eth-switch

49Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

ae2 up upae2.0 up up eth-switchae3 up downbme0 up upbme0.0 up up inet 128.0.0.1/2 128.0.0.4/2 128.0.0.16/2 128.0.0.32/2 bme1 up updsc up upem0 up upem0.0 up up inet 10.219.29.189/26em1 up downem2 up upem2.32768 up up inet 192.168.1.2/24 esi up upgre up upipip up upirb up upirb.2 up up inet 172.16.2.2/24 172.16.2.254/24 irb.31 up up inet 172.16.31.2/24 172.16.31.254/24 irb.101 up up inet 192.168.101.1/24 jsrv up upjsrv.1 up up inet 128.0.0.127/2 lo0 up uplo0.0 up up inet 10.5.5.2 --> 0/0lo0.16385 up up inet lsi up upmtun up uppimd up uppime up uppime.32769 up up inet tap up upvme up downvtep up up

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3> show interfaces terse | no-more

Interface Admin Link Proto Local Remotegr-0/0/0 up uppfe-0/0/0 up uppfe-0/0/0.16383 up up inet inet6 pfh-0/0/0 up uppfh-0/0/0.16383 up up inet xe-0/0/3 up upxe-0/0/3.0 up up aenet --> ae2.0xe-0/0/4 up upxe-0/0/4.0 up up aenet --> ae1.0ge-0/0/10 up upge-0/0/13 up upge-0/0/13.0 up up aenet --> ae100.0xe-0/0/14 up downxe-0/0/14.16386 up downxe-0/0/15 up downxe-0/0/15.16386 up down

Copyright © 2016, Juniper Networks, Inc.50

Deploying Secure Multicast Market Data Services for Financial Services Environments

ge-0/0/23 up upge-0/0/23.0 up up eth-switchae0 up downae1 up upae1.0 up up eth-switchae2 up upae2.0 up up eth-switchae3 up downbme0 up upbme0.0 up up inet 128.0.0.1/2 128.0.0.4/2 128.0.0.16/2 128.0.0.32/2 bme1 up updsc up upem0 up upem0.0 up up inet 10.219.29.186/26em1 up downem2 up upem2.32768 up up inet 192.168.1.2/24 esi up upgre up upipip up upirb up upirb.2 up up inet 172.17.2.1/24 irb.21 up up inet 172.17.21.2/24 172.17.21.254/24 irb.102 up up inet 192.168.102.1/24 jsrv up upjsrv.1 up up inet 128.0.0.127/2 lo0 up uplo0.0 up up inet 10.5.5.3 --> 0/0lo0.16385 up up inet lsi up upmtun up uppimd up uppime up uppime.32769 up up inet tap up upvme up downvtep up up

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> show interfaces terse | no-more

Interface Admin Link Proto Local Remotegr-0/0/0 up uppfe-0/0/0 up uppfe-0/0/0.16383 up up inet inet6 pfh-0/0/0 up uppfh-0/0/0.16383 up up inet xe-0/0/3 up upxe-0/0/3.0 up up aenet --> ae1.0xe-0/0/4 up upxe-0/0/4.0 up up aenet --> ae2.0ge-0/0/10 up upge-0/0/13 up upge-0/0/13.0 up up aenet --> ae100.0

51Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

ge-0/0/23 up upge-0/0/23.0 up up eth-switchae0 up downae1 up upae1.0 up up eth-switchae2 up upae2.0 up up eth-switchae3 up downbme0 up upbme0.0 up up inet 128.0.0.1/2 128.0.0.4/2 128.0.0.16/2 128.0.0.32/2 bme1 up updsc up upem0 up upem0.0 up up inet 10.219.29.187/26em1 up downem2 up upem2.32768 up up inet 192.168.1.2/24 esi up upgre up upipip up upirb up upirb.2 up up inet 172.17.2.2/24 172.17.2.254/24 irb.31 up up inet 172.17.31.2/24 172.17.31.254/24 irb.103 up up inet 192.168.103.1/24 jsrv up upjsrv.1 up up inet 128.0.0.127/2 lo0 up uplo0.0 up up inet 10.5.5.4 --> 0/0 10.5.5.254 --> 0/0lo0.16385 up up inet lsi up upmtun up uppimd up uppimd.32769 up up inet pime up uptap up upvme up downvtep up up

Meaning Thesampleoutputdisplays summary informationabout interfaces. Interfacesarealways

displayed in numerical order, from the lowest to the highest FPC slot number. On an

individual PIC, the lowest port number is always first.

Verifying LACP Status

Purpose Verify that the LACP configuration is working properly.

Action From operational mode, enter the show lacp interfaces| no-more command.

srx5600-mcast-a

{primary:node0}user@srx5600-mcast-a> show lacp interfaces| no-more

Copyright © 2016, Juniper Networks, Inc.52

Deploying Secure Multicast Market Data Services for Financial Services Environments

Aggregated interface: reth0 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-4/0/0 Actor No No Yes Yes Yes Yes Fast Active xe-4/0/0 Partner No No Yes Yes Yes Yes Fast Active xe-10/0/1 Actor No No Yes Yes Yes Yes Fast Active xe-10/0/1 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-4/0/0 Current Fast periodic Collecting distributing xe-10/0/1 Current Fast periodic Collecting distributing

Aggregated interface: reth1 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-4/0/1 Actor No No Yes Yes Yes Yes Fast Active xe-4/0/1 Partner No No Yes Yes Yes Yes Fast Active xe-10/0/0 Actor No No Yes Yes Yes Yes Fast Active xe-10/0/0 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-4/0/1 Current Fast periodic Collecting distributing xe-10/0/0 Current Fast periodic Collecting distributing

Aggregated interface: reth2 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-4/0/3 Actor No No Yes Yes Yes Yes Fast Active xe-4/0/3 Partner No No Yes Yes Yes Yes Fast Active xe-10/0/2 Actor No No Yes Yes Yes Yes Fast Active xe-10/0/2 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-4/0/3 Current Fast periodic Collecting distributing xe-10/0/2 Current Fast periodic Collecting distributing

Aggregated interface: reth3 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-4/0/2 Actor No No Yes Yes Yes Yes Fast Active xe-4/0/2 Partner No No Yes Yes Yes Yes Fast Active xe-10/0/3 Actor No No Yes Yes Yes Yes Fast Active xe-10/0/3 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-4/0/2 Current Fast periodic Collecting distributing xe-10/0/3 Current Fast periodic Collecting distributing

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> show lacp interfaces| no-more

Aggregated interface: ae1 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-0/0/0 Actor No No Yes Yes Yes Yes Fast Active xe-0/0/0 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-0/0/0 Current Fast periodic Collecting distributing

Aggregated interface: ae2 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-0/0/1 Actor No No Yes Yes Yes Yes Fast Active xe-0/0/1 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-0/0/1 Current Fast periodic Collecting distributing

Aggregated interface: ae100 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity

53Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

ge-0/0/13 Actor No No Yes Yes Yes Yes Fast Active ge-0/0/13 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State ge-0/0/13 Current Fast periodic Collecting distributing

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2> show lacp interfaces| no-more

Aggregated interface: ae1 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-0/0/1 Actor No No Yes Yes Yes Yes Fast Active xe-0/0/1 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-0/0/1 Current Fast periodic Collecting distributing

Aggregated interface: ae2 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-0/0/0 Actor No No Yes Yes Yes Yes Fast Active xe-0/0/0 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-0/0/0 Current Fast periodic Collecting distributing

Aggregated interface: ae100 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity ge-0/0/13 Actor No No Yes Yes Yes Yes Fast Active ge-0/0/13 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State ge-0/0/13 Current Fast periodic Collecting distributing

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3> show lacp interfaces| no-moreAggregated interface: ae1 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-0/0/4 Actor No No Yes Yes Yes Yes Fast Active xe-0/0/4 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-0/0/4 Current Fast periodic Collecting distributing

Aggregated interface: ae2 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-0/0/3 Actor No No Yes Yes Yes Yes Fast Active xe-0/0/3 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-0/0/3 Current Fast periodic Collecting distributing

Aggregated interface: ae100 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity ge-0/0/13 Actor No No Yes Yes Yes Yes Fast Active ge-0/0/13 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State ge-0/0/13 Current Fast periodic Collecting distributing

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> show lacp interfaces| no-more

Copyright © 2016, Juniper Networks, Inc.54

Deploying Secure Multicast Market Data Services for Financial Services Environments

Aggregated interface: ae1 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-0/0/3 Actor No No Yes Yes Yes Yes Fast Active xe-0/0/3 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-0/0/3 Current Fast periodic Collecting distributing

Aggregated interface: ae2 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-0/0/4 Actor No No Yes Yes Yes Yes Fast Active xe-0/0/4 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-0/0/4 Current Fast periodic Collecting distributing

Aggregated interface: ae100 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity ge-0/0/13 Actor No No Yes Yes Yes Yes Fast Active ge-0/0/13 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State ge-0/0/13 Current Fast periodic Collecting distributing

Meaning ThesampleoutputdisplaysLinkAggregationControlProtocol (LACP) informationabout

the specified aggregated Ethernet, Fast Ethernet, or Gigabit Ethernet interface.

Verifying Redundant Trunk Groups

Purpose Verify that the redundant trunk group configuration is working properly.

Action From operational mode, enter the show redundant-trunk-group | no-more command.

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1# show redundant-trunk-group | no-more

Group Interface State Time of last flap Flap name count

rtg1 ae1.0 Up/Pri/Act Never 0 ae2.0 Up Never 0

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2# show redundant-trunk-group | no-more

Group Interface State Time of last flap Flap name count

rtg1 ae2.0 Up/Pri/Act Never 0 ae1.0 Up Never 0

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3# show redundant-trunk-group | no-more

Group Interface State Time of last flap Flap name count

55Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

rtg1 ae1.0 Up/Pri/Act Never 0 ae2.0 Up Never 0

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4# show redundant-trunk-group | no-more

Group Interface State Time of last flap Flap name count

rtg1 ae2.0 Up/Pri/Act Never 0 ae1.0 Up Never 0

Meaning The sample output displays information about redundant trunk groups.

Verifying the BGP Status

Purpose Verify that BGP is running on configured interfaces and that the BGP session is active for

each neighbor address.

Action From operational mode, enter the show bgp summary | no-more and show bgp neighbor

| no-more commands.

srx5600-mcast-a

{primary:node0}user@srx5600-mcast-a> show bgp summary | no-moreGroups: 2 Peers: 4 Down peers: 0Table Tot Paths Act Paths Suppressed History Damp State Pendinginet.0 22 11 0 0 0 0Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...192.168.100.1 64512 37321 37134 0 7 2:32:43 4/6/6/0 0/0/0/0192.168.101.1 64512 58147 57875 0 8 2:31:18 2/5/5/0 0/0/0/0192.168.102.1 64514 340 339 0 7 2:31:30 3/5/5/0 0/0/0/0192.168.103.1 64514 58169 57853 0 5 2:31:28 2/6/6/0 0/0/0/0

user@srx5600-mcast-a> show bgp neighbor | no-morePeer: 192.168.100.1+179 AS 64512 Local: 192.168.100.2+60446 AS 65535 Type: External State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Hold Timer Expired Error Export: BGP Options: Preference LocalAddress PeerAS LocalAS Refresh Options: BfdEnabled Local Address: 192.168.100.2 Holdtime: 90 Preference: 170 Local AS: 65535 Local System AS: 0 Number of flaps: 7 Last flap event: BfdDown Error: 'Hold Timer Expired Error' Sent: 1 Recv: 0 Peer ID: 10.5.5.1 Local ID: 10.255.29.157 Active Holdtime: 90 Keepalive Interval: 30 Group index: 0 Peer index: 1 BFD: enabled, up

Copyright © 2016, Juniper Networks, Inc.56

Deploying Secure Multicast Market Data Services for Financial Services Environments

Local Interface: reth0.0 NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability 2 Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension peer-as 64512 Peer does not support Addpath Table inet.0 Bit: 10001 RIB State: BGP restart is complete Send state: in sync Active prefixes: 4 Received prefixes: 6 Accepted prefixes: 6 Suppressed due to damping: 0 Advertised prefixes: 11 Last traffic seconds: Received 18 Sent 20 Checked 7 Input messages: Total 37317 Updates 28 Refreshes 0 Octets 709727 Output messages: Total 37131 Updates 49 Refreshes 0 Octets 707612 Output Queue 0: 0

Peer: 192.168.101.1+179 AS 64512 Local: 192.168.101.2+61477 AS 65535 Type: External State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Hold Timer Expired Error Export: BGP Options: Preference LocalAddress PeerAS LocalAS Refresh Options: BfdEnabled Local Address: 192.168.101.2 Holdtime: 90 Preference: 170 Local AS: 65535 Local System AS: 0 Number of flaps: 8 Last flap event: HoldTime Error: 'Hold Timer Expired Error' Sent: 3 Recv: 0 Error: 'Cease' Sent: 1 Recv: 1 Peer ID: 10.5.5.2 Local ID: 10.255.29.157 Active Holdtime: 90 Keepalive Interval: 30 Group index: 1 Peer index: 1 BFD: enabled, up Local Interface: reth1.0 NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension peer-as 64512 Peer does not support Addpath Table inet.0 Bit: 10000 RIB State: BGP restart is complete Send state: in sync Active prefixes: 2 Received prefixes: 5 Accepted prefixes: 5 Suppressed due to damping: 0 Advertised prefixes: 16

57Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Last traffic seconds: Received 7 Sent 20 Checked 26 Input messages: Total 58144 Updates 38 Refreshes 0 Octets 1105583 Output messages: Total 57871 Updates 68 Refreshes 0 Octets 1102324 Output Queue 0: 0

Peer: 192.168.102.1+62450 AS 64514 Local: 192.168.102.2+179 AS 65535 Type: External State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Hold Timer Expired Error Export: BGP Options: Preference LocalAddress PeerAS LocalAS Refresh Options: BfdEnabled Local Address: 192.168.102.2 Holdtime: 90 Preference: 170 Local AS: 65535 Local System AS: 0 Number of flaps: 7 Last flap event: HoldTime Error: 'Hold Timer Expired Error' Sent: 5 Recv: 0 Error: 'Cease' Sent: 0 Recv: 1 Peer ID: 10.5.5.3 Local ID: 10.255.29.157 Active Holdtime: 90 Keepalive Interval: 30 Group index: 0 Peer index: 0 BFD: enabled, up Local Interface: reth2.0 NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability 2 Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension (peer-as 64514) Peer does not support Addpath Table inet.0 Bit: 10001 RIB State: BGP restart is complete Send state: in sync Active prefixes: 3 Received prefixes: 5 Accepted prefixes: 5 Suppressed due to damping: 0 Advertised prefixes: 12 Last traffic seconds: Received 14 Sent 20 Checked 56 Input messages: Total 337 Updates 3 Refreshes 0 Octets 6504 Output messages: Total 336 Updates 4 Refreshes 0 Octets 6592 Output Queue 0: 0

Peer: 192.168.103.1+179 AS 64514 Local: 192.168.103.2+50825 AS 65535 Type: External State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Hold Timer Expired Error Export: BGP Options: Preference LocalAddress PeerAS LocalAS Refresh Options: BfdEnabled Local Address: 192.168.103.2 Holdtime: 90 Preference: 170 Local AS: 65535 Local System AS: 0 Number of flaps: 5 Last flap event: HoldTime Error: 'Hold Timer Expired Error' Sent: 2 Recv: 0 Error: 'Cease' Sent: 1 Recv: 0 Peer ID: 10.5.5.4 Local ID: 10.255.29.157 Active Holdtime: 90 Keepalive Interval: 30 Group index: 1 Peer index: 0

Copyright © 2016, Juniper Networks, Inc.58

Deploying Secure Multicast Market Data Services for Financial Services Environments

BFD: enabled, up Local Interface: reth3.0 NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension peer-as 64514 Peer does not support Addpath Table inet.0 Bit: 10000 RIB State: BGP restart is complete Send state: in sync Active prefixes: 2 Received prefixes: 6 Accepted prefixes: 6 Suppressed due to damping: 0 Advertised prefixes: 12 Last traffic seconds: Received 5 Sent 20 Checked 83 Input messages: Total 58166 Updates 29 Refreshes 0 Octets 1105824 Output messages: Total 57850 Updates 69 Refreshes 0 Octets 1101476 Output Queue 0: 0

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> show bgp summary | no-more

Groups: 2 Peers: 2 Down peers: 0Table Tot Paths Act Paths Suppressed History Damp State Pendinginet.0 24 10 0 0 0 0Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...10.5.5.2 64512 58097 58139 0 1 2w4d 5:15:33 1/13/13/0 0/0/0/0192.168.100.2 65535 353 348 0 10 2:35:35 9/11/11/0 0/0/0/0

user@QFX_10.5.5.1> show bgp neighbor | no-morePeer: 10.5.5.2+179 AS 64512 Local: 10.5.5.1+55395 AS 64512 Type: Internal State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Export: [ BGP ] Options: Preference LocalAddress LocalAS Refresh Options: BfdEnabled Local Address: 10.5.5.1 Holdtime: 90 Preference: 170 Local AS: 64512 Local System AS: 0 Number of flaps: 1 Last flap event: RecvNotify Error: 'Cease' Sent: 0 Recv: 1 Peer ID: 10.5.5.2 Local ID: 10.5.5.1 Active Holdtime: 90 Keepalive Interval: 30 Group index: 2 Peer index: 0 BFD: enabled, up NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast

59Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension (peer-as 64512) Peer does not support Addpath Table inet.0 Bit: 10001 RIB State: BGP restart is complete Send state: in sync Active prefixes: 1 Received prefixes: 13 Accepted prefixes: 13 Suppressed due to damping: 0 Advertised prefixes: 14 Last traffic (seconds): Received 3 Sent 6 Checked 47 Input messages: Total 58097 Updates 53 Refreshes 0 Octets 1105387 Output messages: Total 58139 Updates 68 Refreshes 0 Octets 1106991 Output Queue[0]: 0

Peer: 192.168.100.2+60446 AS 65535 Local: 192.168.100.1+179 AS 64512 Type: External State: Established Flags:Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Hold Timer Expired Error Export: [ BGP ] Options: Preference LocalAddress PeerAS LocalAS Refresh Options: BfdEnabled Local Address: 192.168.100.1 Holdtime: 90 Preference: 170 Local AS: 64512 Local System AS: 0 Number of flaps: 10 Last flap event: Restart Error: 'Hold Timer Expired Error' Sent: 1 Recv: 0 Peer ID: 10.255.29.157 Local ID: 10.5.5.1 Active Holdtime: 90 Keepalive Interval: 30 Group index: 0 Peer index: 0 BFD: enabled, up Local Interface: irb.100 NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension (peer-as 65535) Peer does not support Addpath Table inet.0 Bit: 10000 RIB State: BGP restart is complete Send state: in sync Active prefixes: 9 Received prefixes: 11 Accepted prefixes: 11 Suppressed due to damping: 0 Advertised prefixes: 6 Last traffic (seconds): Received 24 Sent 6 Checked 16 Input messages: Total 353 Updates 10 Refreshes 0 Octets 7053 Output messages: Total 348 Updates 2 Refreshes 0 Octets 6737 Output Queue[0]: 0

Copyright © 2016, Juniper Networks, Inc.60

Deploying Secure Multicast Market Data Services for Financial Services Environments

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2> show bgp summary | no-more

Groups: 2 Peers: 2 Down peers: 0Table Tot Paths Act Paths Suppressed History Damp State Pendinginet.0 25 10 0 0 0 0Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...10.5.5.1 64512 58142 58101 0 1 2w4d 5:17:15 1/14/14/0 0/0/0/0192.168.101.2 65535 349 352 0 11 2:35:52 9/11/11/0 0/0/0/0

user@QFX_10.5.5.2> show bgp neighbor | no-morePeer: 10.5.5.1+55395 AS 64512 Local: 10.5.5.2+179 AS 64512 Type: Internal State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Cease Export: [ BGP ] Options: Preference LocalAddress LocalAS Refresh> Options: BfdEnabled Local Address: 10.5.5.2 Holdtime: 90 Preference: 170 Local AS: 64512 Local System AS: 0 Number of flaps: 1 Last flap event: Stop Error: 'Cease' Sent: 1 Recv: 0 Peer ID: 10.5.5.1 Local ID: 10.5.5.2 Active Holdtime: 90 Keepalive Interval: 30 Group index: 2 Peer index: 0 BFD: enabled, up NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension (peer-as 64512) Peer does not support Addpath Table inet.0 Bit: 10001 RIB State: BGP restart is complete Send state: in sync Active prefixes: 1 Received prefixes: 14 Accepted prefixes: 14 Suppressed due to damping: 0 Advertised prefixes: 13 Last traffic (seconds): Received 27 Sent 24 Checked 18 Input messages: Total 58142 Updates 69 Refreshes 0 Octets 1107029 Output messages: Total 58101 Updates 52 Refreshes 0 Octets 1105522 Output Queue[0]: 0

Peer: 192.168.101.2+61477 AS 65535 Local: 192.168.101.1+179 AS 64512 Type: External State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Hold Timer Expired Error

61Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Export: [ BGP ] Options: Preference LocalAddress PeerAS LocalAS Refresh> Options: BfdEnabled Local Address: 192.168.101.1 Holdtime: 90 Preference: 170 Local AS: 64512 Local System AS: 0 Number of flaps: 11 Last flap event: HoldTime Error: 'Hold Timer Expired Error' Sent: 3 Recv: 0 Error: 'Cease' Sent: 3 Recv: 0 Peer ID: 10.255.29.157 Local ID: 10.5.5.2 Active Holdtime: 90 Keepalive Interval: 30 Group index: 1 Peer index: 0 BFD: enabled, up Local Interface: irb.101 NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension (peer-as 65535) Peer does not support Addpath Table inet.0 Bit: 10000 RIB State: BGP restart is complete Send state: in sync Active prefixes: 9 Received prefixes: 11 Accepted prefixes: 11 Suppressed due to damping: 0 Advertised prefixes: 5 Last traffic (seconds): Received 13 Sent 24 Checked 30 Input messages: Total 349 Updates 5 Refreshes 0 Octets 6815 Output messages: Total 352 Updates 2 Refreshes 0 Octets 6808 Output Queue[0]: 0

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3> show bgp summary | no-moreGroups: 2 Peers: 2 Down peers: 0Table Tot Paths Act Paths Suppressed History Damp State Pendinginet.0 26 10 0 0 0 0Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...10.5.5.4 64514 13384 13387 0 1 4d 4:33:20 1/14/14/0 0/0/0/0192.168.102.2 65535 351 353 0 9 2:37:19 9/12/12/0 0/0/0/0

user@QFX_10.5.5.3> show bgp neighbor | no-morePeer: 10.5.5.4+56333 AS 64514 Local: 10.5.5.3+179 AS 64514 Type: Internal State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Cease Export: [ BGP ] Options: Preference LocalAddress LocalAS Refresh> Options: BfdEnabled Local Address: 10.5.5.3 Holdtime: 90 Preference: 170 Local AS: 64514 Local System AS: 0

Copyright © 2016, Juniper Networks, Inc.62

Deploying Secure Multicast Market Data Services for Financial Services Environments

Number of flaps: 1 Last flap event: Stop Error: 'Open Message Error' Sent: 6 Recv: 0 Error: 'Cease' Sent: 1 Recv: 0 Peer ID: 10.5.5.4 Local ID: 10.5.5.3 Active Holdtime: 90 Keepalive Interval: 30 Group index: 1 Peer index: 0 BFD: enabled, up NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension (peer-as 64514) Peer does not support Addpath Table inet.0 Bit: 10001 RIB State: BGP restart is complete Send state: in sync Active prefixes: 1 Received prefixes: 14 Accepted prefixes: 14 Suppressed due to damping: 0 Advertised prefixes: 13 Last traffic (seconds): Received 6 Sent 1 Checked 27 Input messages: Total 13384 Updates 31 Refreshes 0 Octets 255221 Output messages: Total 13387 Updates 28 Refreshes 0 Octets 255235 Output Queue[0]: 0

Peer: 192.168.102.2+179 AS 65535 Local: 192.168.102.1+62450 AS 64514 Type: External State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Hold Timer Expired Error Export: [ BGP ] Options: Preference LocalAddress PeerAS LocalAS Refresh> Options: BfdEnabled Local Address: 192.168.102.1 Holdtime: 90 Preference: 170 Local AS: 64514 Local System AS: 0 Number of flaps: 9 Last flap event: HoldTime Error: 'Hold Timer Expired Error' Sent: 6 Recv: 0 Error: 'Cease' Sent: 2 Recv: 0 Peer ID: 10.255.29.157 Local ID: 10.5.5.3 Active Holdtime: 90 Keepalive Interval: 30 Group index: 0 Peer index: 0 BFD: enabled, up Local Interface: irb.102 NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension (peer-as 65535) Peer does not support Addpath Table inet.0 Bit: 10000 RIB State: BGP restart is complete

63Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Send state: in sync Active prefixes: 9 Received prefixes: 12 Accepted prefixes: 12 Suppressed due to damping: 0 Advertised prefixes: 5 Last traffic (seconds): Received 15 Sent 18 Checked 38 Input messages: Total 351 Updates 5 Refreshes 0 Octets 6818 Output messages: Total 353 Updates 2 Refreshes 0 Octets 6827 Output Queue[0]: 0

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> show bgp summary | no-moreGroups: 2 Peers: 2 Down peers: 0Table Tot Paths Act Paths Suppressed History Damp State Pendinginet.0 25 10 0 0 0 0Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...10.5.5.3 64514 13388 13386 0 1 4d 4:34:34 1/13/13/0 0/0/0/0192.168.103.2 65535 356 354 0 9 2:38:31 9/12/12/0 0/0/0/0

user@QFX_10.5.5.4> show bgp neighbor | no-morePeer: 10.5.5.3+179 AS 64514 Local: 10.5.5.4+56333 AS 64514 Type: Internal State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Export: [ BGP ] Options: Preference LocalAddress LocalAS Refresh> Options: BfdEnabled Local Address: 10.5.5.4 Holdtime: 90 Preference: 170 Local AS: 64514 Local System AS: 0 Number of flaps: 1 Last flap event: RecvNotify Error: 'Cease' Sent: 0 Recv: 1 Peer ID: 10.5.5.3 Local ID: 10.5.5.4 Active Holdtime: 90 Keepalive Interval: 30 Group index: 3 Peer index: 0 BFD: enabled, up NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension (peer-as 64514) Peer does not support Addpath Table inet.0 Bit: 10001 RIB State: BGP restart is complete Send state: in sync Active prefixes: 1 Received prefixes: 13 Accepted prefixes: 13 Suppressed due to damping: 0 Advertised prefixes: 14 Last traffic (seconds): Received 20 Sent 22 Checked 68

Copyright © 2016, Juniper Networks, Inc.64

Deploying Secure Multicast Market Data Services for Financial Services Environments

Input messages: Total 13388 Updates 29 Refreshes 0 Octets 255195 Output messages: Total 13386 Updates 30 Refreshes 0 Octets 255278 Output Queue[0]: 0

Peer: 192.168.103.2+50825 AS 65535 Local: 192.168.103.1+179 AS 64514 Type: External State: Established Flags: Sync Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Hold Timer Expired Error Export: [ BGP ] Options: Preference LocalAddress PeerAS LocalAS Refresh> Options: BfdEnabled Local Address: 192.168.103.1 Holdtime: 90 Preference: 170 Local AS: 64514 Local System AS: 0 Number of flaps: 9 Last flap event: HoldTime Error: 'Hold Timer Expired Error' Sent: 2 Recv: 0 Error: 'Cease' Sent: 2 Recv: 0 Peer ID: 10.255.29.157 Local ID: 10.5.5.4 Active Holdtime: 90 Keepalive Interval: 30 Group index: 2 Peer index: 0 BFD: enabled, up Local Interface: irb.103 NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension (peer-as 65535) Peer does not support Addpath Table inet.0 Bit: 10000 RIB State: BGP restart is complete Send state: in sync Active prefixes: 9 Received prefixes: 12 Accepted prefixes: 12 Suppressed due to damping: 0 Advertised prefixes: 6 Last traffic (seconds): Received 7 Sent 4 Checked 25 Input messages: Total 356 Updates 5 Refreshes 0 Octets 6953 Output messages: Total 354 Updates 2 Refreshes 0 Octets 6851 Output Queue[0]: 0

Meaning The sample output displays BGP summary information.

Verifying the OSPF Status

Purpose Verify that the configuration is working properly.

Action From operational mode, enter the show ospf neighbor | no-more command.

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> show ospf neighbor | no-more

Address Interface State ID Pri Dead172.16.2.2 irb.2 Full 10.5.5.2 128 32

65Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2> show ospf neighbor | no-more

Address Interface State ID Pri Dead172.16.2.1 irb.2 Full 10.5.5.1 128 35

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3> show ospf neighbor | no-more

Address Interface State ID Pri Dead172.17.2.2 irb.2 Full 10.5.5.4 128 39

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> show ospf neighbor | no-more

Address Interface State ID Pri Dead172.17.2.1 irb.2 Full 10.5.5.3 128 31

Meaning The sample output displays OSPF summary information.

Verifying Unicast Routes

Purpose Verify that all the networks are reachable from all the devices.

Action From operational mode, enter the show route | no-more command.

srx5600-mcast-a

{primary:node0}user@srx5600-mcast-a> show route | no-moreinet.0: 28 destinations, 39 routes 27 active, 0 holddown, 1 hidden+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *Static/5 2w4d 05:52:04 > to 10.219.29.129 via fxp0.0172.16.2.0/24 *BGP/170 02:32:43, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.100.1 via reth0.0 BGP/170 02:31:18, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.101.1 via reth1.0172.16.21.0/24 *BGP/170 02:32:43, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.100.1 via reth0.0172.16.31.0/24 *BGP/170 02:31:18, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.101.1 via reth1.0172.17.2.0/24 *BGP/170 02:31:30, localpref 100 AS path: 64514 I, validation-state: unverified > to 192.168.102.1 via reth2.0 BGP/170 02:31:28, localpref 100 AS path: 64514 I, validation-state: unverified > to 192.168.103.1 via reth3.0172.17.21.0/24 *BGP/170 02:31:30, localpref 100

Copyright © 2016, Juniper Networks, Inc.66

Deploying Secure Multicast Market Data Services for Financial Services Environments

AS path: 64514 I, validation-state: unverified > to 192.168.102.1 via reth2.0172.17.31.0/24 *BGP/170 02:31:28, localpref 100 AS path: 64514 I, validation-state: unverified > to 192.168.103.1 via reth3.010.5.5.1/32 *BGP/170 02:32:43, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.100.1 via reth0.010.5.5.2/32 *BGP/170 02:31:18, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.101.1 via reth1.010.5.5.3/32 *BGP/170 02:31:30, localpref 100 AS path: 64514 I, validation-state: unverified > to 192.168.102.1 via reth2.010.5.5.4/32 *BGP/170 02:31:28, localpref 100 AS path: 64514 I, validation-state: unverified > to 192.168.103.1 via reth3.010.5.5.5/32 *Direct/0 2w4d 05:52:04 > via lo0.010.5.5.254/32 *BGP/170 02:32:43, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.100.1 via reth0.0 BGP/170 02:31:28, localpref 100 AS path: 64514 I, validation-state: unverified > to 192.168.103.1 via reth3.010.219.29.128/26 *Direct/0 2w4d 05:52:04 > via fxp0.010.219.29.157/32 *Local/0 2w4d 05:52:04 Local via fxp0.010.255.29.157/32 *Direct/0 2w4d 05:52:04 > via lo0.0192.168.100.0/24 *Direct/0 2w4d 05:52:04 > via reth0.0 BGP/170 02:32:43, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.100.1 via reth0.0 BGP/170 02:31:18, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.101.1 via reth1.0192.168.100.2/32 *Local/0 2w4d 05:52:04 Local via reth0.0192.168.101.0/24 *Direct/0 2w4d 05:13:43 > via reth1.0 BGP/170 02:32:43, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.100.1 via reth0.0 BGP/170 02:31:18, localpref 100 AS path: 64512 I, validation-state: unverified > to 192.168.101.1 via reth1.0192.168.101.2/32 *Local/0 2w4d 05:52:04 Local via reth1.0192.168.102.0/24 *Direct/0 2w4d 05:52:04 > via reth2.0 BGP/170 02:31:30, localpref 100 AS path: 64514 I, validation-state: unverified > to 192.168.102.1 via reth2.0 BGP/170 02:31:28, localpref 100 AS path: 64514 I, validation-state: unverified > to 192.168.103.1 via reth3.0192.168.102.2/32 *Local/0 2w4d 05:52:04 Local via reth2.0

67Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

192.168.103.0/24 *Direct/0 2w4d 05:10:21 > via reth3.0 BGP/170 02:31:30, localpref 100 AS path: 64514 I, validation-state: unverified > to 192.168.102.1 via reth2.0 BGP/170 02:31:28, localpref 100 AS path: 64514 I, validation-state: unverified > to 192.168.103.1 via reth3.0192.168.103.2/32 *Local/0 2w4d 05:52:04 Local via reth3.0224.0.0.2/32 *PIM/0 2w4d 05:52:05 MultiRecv224.0.0.13/32 *PIM/0 2w4d 05:52:05 MultiRecv224.0.0.22/32 *IGMP/0 2w4d 05:52:04 MultiRecv

inet.1: 5 destinations, 5 routes 5 active, 0 holddown, 0 hidden+ = Active Route, - = Last Active, * = Both

224.0.0.0/4 *Multicast/180 2w4d 05:52:04 MultiResolve224.0.0.0/24 *Multicast/180 2w4d 05:52:04 MultiDiscard225.0.0.8,172.16.21.3/32*PIM/105 00:57:05 Multicast IPv4 Composite225.0.0.16,172.16.31.4/32*PIM/105 00:55:55 Multicast IPv4 Composite232.0.0.0/8 *Multicast/180 2w4d 05:52:05 MultiResolve

iso.0: 1 destinations, 1 routes 1 active, 0 holddown, 0 hidden+ = Active Route, - = Last Active, * = Both

47.0005.80ff.f800.0000.0108.0001.0102.5502.9157/152 Direct/0 2w4d 05:52:04 via lo0.0

inet6.0: 5 destinations, 5 routes 5 active, 0 holddown, 0 hidden+ = Active Route, - = Last Active, * = Both

abcd::10:255:29:157/128 Direct/0 2w4d 05:52:04 via lo0.0fe80::2a0:a50f:fc90:2b8/128 Direct/0 2w4d 05:52:04 via lo0.0ff02::2/128 PIM/0 2w4d 05:52:05 MultiRecvff02::d/128 *PIM/0 2w4d 05:52:05 MultiRecvff02::16/128 *MLD/0 2w4d 05:52:04 MultiRecv

inet6.1: 3 destinations, 3 routes 3 active, 0 holddown, 0 hidden+ = Active Route, - = Last Active, * = Both

ff00::/8 *Multicast/180 2w4d 05:52:04 MultiResolveff02::/16 *Multicast/180 2w4d 05:52:04 MultiDiscard

Copyright © 2016, Juniper Networks, Inc.68

Deploying Secure Multicast Market Data Services for Financial Services Environments

ff30::/32 *Multicast/180 2w4d 05:52:05 MultiResolve

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> show route | no-more

inet.0: 28 destinations, 42 routes (28 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 2w5d 18:32:57 > to 10.219.29.129 via em0.0172.16.2.0/24 *[Direct/0] 2w5d 03:04:03 > via irb.2 [BGP/170] 2w4d 05:15:33, localpref 100, from 10.5.5.2 AS path: I, validation-state: unverified > to 172.16.2.2 via irb.2172.16.2.1/32 *[Local/0] 2w5d 03:04:03 Local via irb.2172.16.21.0/24 *[Direct/0] 02:52:13 > via irb.21172.16.21.2/32 *[Local/0] 1w6d 04:20:34 Local via irb.21172.16.21.254/32 *[Local/0] 02:52:04 Local via irb.21172.16.31.0/24 *[OSPF/10] 02:52:13, metric 2 > to 172.16.2.2 via irb.2 [BGP/170] 02:52:13, localpref 100, from 10.5.5.2 AS path: I, validation-state: unverified > to 172.16.2.2 via irb.2172.17.2.0/24 *[BGP/170] 02:34:22, localpref 100 AS path: 65535 64514 I, validation-state: unverified > to 192.168.100.2 via irb.100 [BGP/170] 02:34:10, localpref 100, from 10.5.5.2 AS path: 65535 64514 I, validation-state: unverified > to 172.16.2.2 via irb.2172.17.21.0/24 *[BGP/170] 02:34:22, localpref 100 AS path: 65535 64514 I, validation-state: unverified > to 192.168.100.2 via irb.100 [BGP/170] 02:34:10, localpref 100, from 10.5.5.2 AS path: 65535 64514 I, validation-state: unverified > to 172.16.2.2 via irb.2172.17.31.0/24 *[BGP/170] 02:34:20, localpref 100 AS path: 65535 64514 I, validation-state: unverified > to 192.168.100.2 via irb.100 [BGP/170] 02:34:10, localpref 100, from 10.5.5.2 AS path: 65535 64514 I, validation-state: unverified > to 172.16.2.2 via irb.210.5.5.1/32 *[Direct/0] 2w5d 18:32:59 > via lo0.010.5.5.2/32 *[OSPF/10] 2w5d 03:03:19, metric 1 > to 172.16.2.2 via irb.2 [BGP/170] 2w4d 05:15:33, localpref 100, from 10.5.5.2 AS path: I, validation-state: unverified > to 172.16.2.2 via irb.210.5.5.3/32 *[BGP/170] 02:34:22, localpref 100 AS path: 65535 64514 I, validation-state: unverified > to 192.168.100.2 via irb.100 [BGP/170] 02:34:10, localpref 100, from 10.5.5.2

69Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

AS path: 65535 64514 I, validation-state: unverified > to 172.16.2.2 via irb.210.5.5.4/32 *[BGP/170] 02:34:20, localpref 100 AS path: 65535 64514 I, validation-state: unverified > to 192.168.100.2 via irb.100 [BGP/170] 02:34:10, localpref 100, from 10.5.5.2 AS path: 65535 64514 I, validation-state: unverified > to 172.16.2.2 via irb.210.5.5.5/32 *[BGP/170] 02:35:35, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.100.2 via irb.100 [BGP/170] 02:34:10, localpref 100, from 10.5.5.2 AS path: 65535 I, validation-state: unverified > to 172.16.2.2 via irb.210.5.5.254/32 *[Direct/0] 2w5d 18:32:59 > via lo0.010.219.29.128/26 *[Direct/0] 2w5d 18:32:57 > via em0.010.219.29.188/32 *[Local/0] 2w5d 18:33:00 Local via em0.010.255.29.157/32 *[BGP/170] 02:35:35, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.100.2 via irb.100 [BGP/170] 02:34:10, localpref 100, from 10.5.5.2 AS path: 65535 I, validation-state: unverified > to 172.16.2.2 via irb.2192.168.100.0/24 *[Direct/0] 2w5d 18:31:50 > via irb.100 [BGP/170] 02:35:35, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.100.2 via irb.100192.168.100.1/32 *[Local/0] 2w5d 18:32:59 Local via irb.100192.168.101.0/24 *[BGP/170] 2w4d 05:15:33, localpref 100, from 10.5.5.2 AS path: I, validation-state: unverified > to 172.16.2.2 via irb.2 [BGP/170] 02:35:35, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.100.2 via irb.100192.168.102.0/24 *[BGP/170] 02:35:35, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.100.2 via irb.100 [BGP/170] 02:34:10, localpref 100, from 10.5.5.2 AS path: 65535 I, validation-state: unverified > to 172.16.2.2 via irb.2192.168.103.0/24 *[BGP/170] 02:35:35, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.100.2 via irb.100 [BGP/170] 02:34:10, localpref 100, from 10.5.5.2 AS path: 65535 I, validation-state: unverified > to 172.16.2.2 via irb.2224.0.0.2/32 *[PIM/0] 2w5d 18:33:06 MultiRecv224.0.0.5/32 *[OSPF/10] 2w5d 03:15:23, metric 1 MultiRecv224.0.0.13/32 *[PIM/0] 2w5d 18:33:06 MultiRecv224.0.0.22/32 *[IGMP/0] 2w5d 18:33:06 MultiRecv

inet.1: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

Copyright © 2016, Juniper Networks, Inc.70

Deploying Secure Multicast Market Data Services for Financial Services Environments

+ = Active Route, - = Last Active, * = Both

224.0.0.0/4 *[Multicast/180] 2w5d 18:33:06 MultiResolve224.0.0.0/24 *[Multicast/180] 2w5d 18:33:06 MultiDiscard225.0.0.8,172.16.21.3/64*[PIM/105] 01:10:01 Multicast (IPv4) Composite232.0.0.0/8 *[Multicast/180] 2w5d 18:33:06 MultiResolve

inet.4: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

225.0.0.8,172.16.21.3/64*[MSDP/175/2] 00:00:46, from 10.5.5.254 Local225.0.0.16,172.16.31.4/64*[MSDP/175/2] 00:00:23, from 10.5.5.254 Local

inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

ff02::2/128 *[PIM/0] 2w5d 18:33:06 MultiRecvff02::d/128 *[PIM/0] 2w5d 18:33:06 MultiRecv

inet6.1: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

ff30::/32 *[Multicast/180] 2w5d 18:33:06 MultiResolve

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2> show route | no-moreinet.0: 29 destinations, 44 routes (29 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 2w5d 18:33:24 > to 10.219.29.129 via em0.0172.16.2.0/24 *[Direct/0] 2w5d 03:05:51 > via irb.2 [BGP/170] 2w4d 05:17:15, localpref 100, from 10.5.5.1 AS path: I, validation-state: unverified > to 172.16.2.1 via irb.2172.16.2.2/32 *[Local/0] 2w5d 03:05:51 Local via irb.2172.16.2.254/32 *[Local/0] 2w5d 03:05:43 Local via irb.2172.16.21.0/24 *[OSPF/10] 02:53:50, metric 2 > to 172.16.2.1 via irb.2 [BGP/170] 02:53:55, localpref 100, from 10.5.5.1 AS path: I, validation-state: unverified > to 172.16.2.1 via irb.2172.16.31.0/24 *[Direct/0] 02:53:55 > via irb.31172.16.31.2/32 *[Local/0] 1w6d 04:23:43 Local via irb.31172.16.31.254/32 *[Local/0] 02:53:47

71Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Local via irb.31172.17.2.0/24 *[BGP/170] 02:35:53, localpref 100 AS path: 65535 64514 I, validation-state: unverified > to 192.168.101.2 via irb.101 [BGP/170] 02:36:05, localpref 100, from 10.5.5.1 AS path: 65535 64514 I, validation-state: unverified > to 172.16.2.1 via irb.2172.17.21.0/24 *[BGP/170] 02:35:53, localpref 100 AS path: 65535 64514 I, validation-state: unverified > to 192.168.101.2 via irb.101 [BGP/170] 02:36:05, localpref 100, from 10.5.5.1 AS path: 65535 64514 I, validation-state: unverified > to 172.16.2.1 via irb.2172.17.31.0/24 *[BGP/170] 02:35:53, localpref 100 AS path: 65535 64514 I, validation-state: unverified > to 192.168.101.2 via irb.101 [BGP/170] 02:36:03, localpref 100, from 10.5.5.1 AS path: 65535 64514 I, validation-state: unverified > to 172.16.2.1 via irb.210.5.5.1/32 *[OSPF/10] 2w5d 03:05:02, metric 1 > to 172.16.2.1 via irb.2 [BGP/170] 2w4d 05:17:15, localpref 100, from 10.5.5.1 AS path: I, validation-state: unverified > to 172.16.2.1 via irb.210.5.5.2/32 *[Direct/0] 2w5d 18:33:26 > via lo0.010.5.5.3/32 *[BGP/170] 02:35:53, localpref 100 AS path: 65535 64514 I, validation-state: unverified > to 192.168.101.2 via irb.101 [BGP/170] 02:36:05, localpref 100, from 10.5.5.1 AS path: 65535 64514 I, validation-state: unverified > to 172.16.2.1 via irb.210.5.5.4/32 *[BGP/170] 02:35:53, localpref 100 AS path: 65535 64514 I, validation-state: unverified > to 192.168.101.2 via irb.101 [BGP/170] 02:36:03, localpref 100, from 10.5.5.1 AS path: 65535 64514 I, validation-state: unverified > to 172.16.2.1 via irb.210.5.5.5/32 *[BGP/170] 02:35:53, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.101.2 via irb.101 [BGP/170] 02:37:17, localpref 100, from 10.5.5.1 AS path: 65535 I, validation-state: unverified > to 172.16.2.1 via irb.210.5.5.254/32 *[OSPF/10] 2w5d 03:05:02, metric 1 > to 172.16.2.1 via irb.2 [BGP/170] 2w4d 05:17:15, localpref 100, from 10.5.5.1 AS path: I, validation-state: unverified > to 172.16.2.1 via irb.210.219.29.128/26 *[Direct/0] 2w5d 18:33:24 > via em0.010.219.29.189/32 *[Local/0] 2w5d 18:33:27 Local via em0.010.255.29.157/32 *[BGP/170] 02:35:53, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.101.2 via irb.101 [BGP/170] 02:37:17, localpref 100, from 10.5.5.1 AS path: 65535 I, validation-state: unverified

> to 172.16.2.1 via irb.2192.168.100.0/24 *[BGP/170] 2w4d 05:17:15, localpref 100, from 10.5.5.1

Copyright © 2016, Juniper Networks, Inc.72

Deploying Secure Multicast Market Data Services for Financial Services Environments

AS path: I, validation-state: unverified > to 172.16.2.1 via irb.2 [BGP/170] 02:35:53, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.101.2 via irb.101192.168.101.0/24 *[Direct/0] 2w4d 05:20:08 > via irb.101 [BGP/170] 02:35:53, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.101.2 via irb.101192.168.101.1/32 *[Local/0] 2w5d 18:33:26 Local via irb.101192.168.102.0/24 *[BGP/170] 02:35:53, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.101.2 via irb.101 [BGP/170] 02:37:17, localpref 100, from 10.5.5.1 AS path: 65535 I, validation-state: unverified > to 172.16.2.1 via irb.2192.168.103.0/24 *[BGP/170] 02:35:53, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.101.2 via irb.101 [BGP/170] 02:37:17, localpref 100, from 10.5.5.1 AS path: 65535 I, validation-state: unverified > to 172.16.2.1 via irb.2224.0.0.2/32 *[PIM/0] 2w5d 18:33:33 MultiRecv224.0.0.5/32 *[OSPF/10] 2w5d 03:16:45, metric 1 MultiRecv224.0.0.13/32 *[PIM/0] 2w5d 18:33:33 MultiRecv224.0.0.22/32 *[IGMP/0] 2w5d 18:33:26 MultiRecv

inet.1: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

224.0.0.0/4 *[Multicast/180] 2w5d 18:33:26 MultiResolve224.0.0.0/24 *[Multicast/180] 2w5d 18:33:26 MultiDiscard225.0.0.16,172.16.31.4/64*[PIM/105] 01:00:29 Multicast (IPv4) Composite232.0.0.0/8 *[Multicast/180] 2w5d 18:33:33 MultiResolve

inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

ff02::2/128 *[PIM/0] 2w5d 18:33:33 MultiRecvff02::d/128 *[PIM/0] 2w5d 18:33:33 MultiRecv

inet6.1: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

ff30::/32 *[Multicast/180] 2w5d 18:33:33 MultiResolve

73Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3> show route | no-moreinet.0: 28 destinations, 44 routes (28 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 2w5d 18:36:40 > to 10.219.29.129 via em0.0172.16.2.0/24 *[BGP/170] 02:37:19, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.102.2 via irb.102 [BGP/170] 02:37:17, localpref 100, from 10.5.5.4 AS path: 65535 64512 I, validation-state: unverified > to 172.17.2.2 via irb.2172.16.21.0/24 *[BGP/170] 02:37:19, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.102.2 via irb.102 [BGP/170] 02:37:17, localpref 100, from 10.5.5.4 AS path: 65535 64512 I, validation-state: unverified > to 172.17.2.2 via irb.2172.16.31.0/24 *[BGP/170] 02:37:07, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.102.2 via irb.102 [BGP/170] 02:37:07, localpref 100, from 10.5.5.4 AS path: 65535 64512 I, validation-state: unverified > to 172.17.2.2 via irb.2172.17.2.0/24 *[Direct/0] 2w5d 03:03:37 > via irb.2 [BGP/170] 4d 04:33:21, localpref 100, from 10.5.5.4 AS path: I, validation-state: unverified > to 172.17.2.2 via irb.2172.17.2.1/32 *[Local/0] 2w5d 03:04:47 Local via irb.2172.17.21.0/24 *[Direct/0] 02:55:10 > via irb.21172.17.21.2/32 *[Local/0] 1w6d 04:14:52 Local via irb.21172.17.21.254/32 *[Local/0] 02:55:02 Local via irb.21172.17.31.0/24 *[OSPF/10] 02:55:05, metric 2 > to 172.17.2.2 via irb.2 [BGP/170] 02:55:10, localpref 100, from 10.5.5.4 AS path: I, validation-state: unverified > to 172.17.2.2 via irb.210.5.5.1/32 *[BGP/170] 02:37:19, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.102.2 via irb.102 [BGP/170] 02:37:17, localpref 100, from 10.5.5.4 AS path: 65535 64512 I, validation-state: unverified > to 172.17.2.2 via irb.210.5.5.2/32 *[BGP/170] 02:37:07, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.102.2 via irb.102 [BGP/170] 02:37:07, localpref 100, from 10.5.5.4 AS path: 65535 64512 I, validation-state: unverified > to 172.17.2.2 via irb.210.5.5.3/32 *[Direct/0] 2w5d 18:36:41 > via lo0.010.5.5.4/32 *[OSPF/10] 2w5d 03:02:30, metric 1 > to 172.17.2.2 via irb.2

Copyright © 2016, Juniper Networks, Inc.74

Deploying Secure Multicast Market Data Services for Financial Services Environments

[BGP/170] 4d 04:33:21, localpref 100, from 10.5.5.4 AS path: I, validation-state: unverified > to 172.17.2.2 via irb.210.5.5.5/32 *[BGP/170] 02:37:19, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.102.2 via irb.102 [BGP/170] 02:37:17, localpref 100, from 10.5.5.4 AS path: 65535 I, validation-state: unverified > to 172.17.2.2 via irb.210.5.5.254/32 *[OSPF/10] 2w5d 03:02:30, metric 1 > to 172.17.2.2 via irb.2 [BGP/170] 4d 04:33:21, localpref 100, from 10.5.5.4 AS path: I, validation-state: unverified > to 172.17.2.2 via irb.2 [BGP/170] 02:37:19, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.102.2 via irb.10210.219.29.128/26 *[Direct/0] 2w5d 18:36:40 > via em0.010.219.29.186/32 *[Local/0] 2w5d 18:36:42 Local via em0.010.255.29.157/32 *[BGP/170] 02:37:19, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.102.2 via irb.102 [BGP/170] 02:37:17, localpref 100, from 10.5.5.4 AS path: 65535 I, validation-state: unverified > to 172.17.2.2 via irb.2192.168.100.0/24 *[BGP/170] 02:37:19, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.102.2 via irb.102 [BGP/170] 02:37:17, localpref 100, from 10.5.5.4 AS path: 65535 I, validation-state: unverified > to 172.17.2.2 via irb.2192.168.101.0/24 *[BGP/170] 02:37:19, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.102.2 via irb.102 [BGP/170] 02:37:17, localpref 100, from 10.5.5.4 AS path: 65535 I, validation-state: unverified > to 172.17.2.2 via irb.2192.168.102.0/24 *[Direct/0] 2w5d 18:35:29 > via irb.102 [BGP/170] 02:37:19, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.102.2 via irb.102192.168.102.1/32 *[Local/0] 2w5d 18:36:41 Local via irb.102192.168.103.0/24 *[BGP/170] 4d 04:33:21, localpref 100, from 10.5.5.4 AS path: I, validation-state: unverified > to 172.17.2.2 via irb.2 [BGP/170] 02:37:19, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.102.2 via irb.102224.0.0.2/32 *[PIM/0] 2w5d 18:36:49 MultiRecv224.0.0.5/32 *[OSPF/10] 2w5d 03:04:15, metric 1 MultiRecv224.0.0.13/32 *[PIM/0] 2w5d 18:36:49 MultiRecv224.0.0.22/32 *[IGMP/0] 2w5d 18:36:41 MultiRecv

75Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

inet.1: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

224.0.0.0/4 *[Multicast/180] 2w5d 18:36:41 MultiResolve224.0.0.0/24 *[Multicast/180] 2w5d 18:36:41 MultiDiscard225.0.0.8,172.16.21.3/64*[PIM/105] 01:02:20 Multicast (IPv4) Composite232.0.0.0/8 *[Multicast/180] 2w5d 18:36:49 MultiResolve

inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

ff02::2/128 *[PIM/0] 2w5d 18:36:49 MultiRecvff02::d/128 *[PIM/0] 2w5d 18:36:49 MultiRecv

inet6.1: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

ff30::/32 *[Multicast/180] 2w5d 18:36:49 MultiResolve

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> show route | no-moreinet.0: 29 destinations, 44 routes (29 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 2w5d 18:36:01 > to 10.219.29.129 via em0.0172.16.2.0/24 *[BGP/170] 02:38:31, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.103.2 via irb.103 [BGP/170] 02:38:33, localpref 100, from 10.5.5.3 AS path: 65535 64512 I, validation-state: unverified > to 172.17.2.1 via irb.2172.16.21.0/24 *[BGP/170] 02:38:31, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.103.2 via irb.103 [BGP/170] 02:38:33, localpref 100, from 10.5.5.3 AS path: 65535 64512 I, validation-state: unverified > to 172.17.2.1 via irb.2172.16.31.0/24 *[BGP/170] 02:38:21, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.103.2 via irb.103 [BGP/170] 02:38:21, localpref 100, from 10.5.5.3 AS path: 65535 64512 I, validation-state: unverified > to 172.17.2.1 via irb.2172.17.2.0/24 *[Direct/0] 2w5d 03:04:34 > via irb.2 [BGP/170] 4d 04:34:35, localpref 100, from 10.5.5.3 AS path: I, validation-state: unverified > to 172.17.2.1 via irb.2172.17.2.2/32 *[Local/0] 2w5d 03:05:50 Local via irb.2172.17.2.254/32 *[Local/0] 2w5d 03:04:30

Copyright © 2016, Juniper Networks, Inc.76

Deploying Secure Multicast Market Data Services for Financial Services Environments

Local via irb.2172.17.21.0/24 *[OSPF/10] 02:56:24, metric 2 > to 172.17.2.1 via irb.2 [BGP/170] 02:56:24, localpref 100, from 10.5.5.3 AS path: I, validation-state: unverified > to 172.17.2.1 via irb.2172.17.31.0/24 *[Direct/0] 02:56:24 > via irb.31172.17.31.2/32 *[Local/0] 1w4d 18:40:07 Local via irb.31172.17.31.254/32 *[Local/0] 02:56:15 Local via irb.3110.5.5.1/32 *[BGP/170] 02:38:31, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.103.2 via irb.103 [BGP/170] 02:38:33, localpref 100, from 10.5.5.3 AS path: 65535 64512 I, validation-state: unverified > to 172.17.2.1 via irb.210.5.5.2/32 *[BGP/170] 02:38:21, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.103.2 via irb.103 [BGP/170] 02:38:21, localpref 100, from 10.5.5.3 AS path: 65535 64512 I, validation-state: unverified > to 172.17.2.1 via irb.210.5.5.3/32 *[OSPF/10] 2w5d 03:03:44, metric 1 > to 172.17.2.1 via irb.2 [BGP/170] 4d 04:34:35, localpref 100, from 10.5.5.3 AS path: I, validation-state: unverified > to 172.17.2.1 via irb.210.5.5.4/32 *[Direct/0] 2w5d 18:36:03 > via lo0.010.5.5.5/32 *[BGP/170] 02:38:31, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.103.2 via irb.103 [BGP/170] 02:38:33, localpref 100, from 10.5.5.3 AS path: 65535 I, validation-state: unverified > to 172.17.2.1 via irb.210.5.5.254/32 *[Direct/0] 2w5d 18:36:03 > via lo0.0 [BGP/170] 02:38:31, localpref 100 AS path: 65535 64512 I, validation-state: unverified > to 192.168.103.2 via irb.10310.219.29.128/26 *[Direct/0] 2w5d 18:36:01 > via em0.010.219.29.187/32 *[Local/0] 2w5d 18:36:04 Local via em0.010.255.29.157/32 *[BGP/170] 02:38:31, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.103.2 via irb.103 [BGP/170] 02:38:33, localpref 100, from 10.5.5.3 AS path: 65535 I, validation-state: unverified > to 172.17.2.1 via irb.2192.168.100.0/24 *[BGP/170] 02:38:31, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.103.2 via irb.103 [BGP/170] 02:38:33, localpref 100, from 10.5.5.3 AS path: 65535 I, validation-state: unverified > to 172.17.2.1 via irb.2192.168.101.0/24 *[BGP/170] 02:38:31, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.103.2 via irb.103

77Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

[BGP/170] 02:38:33, localpref 100, from 10.5.5.3 AS path: 65535 I, validation-state: unverified > to 172.17.2.1 via irb.2192.168.102.0/24 *[BGP/170] 4d 04:34:35, localpref 100, from 10.5.5.3 AS path: I, validation-state: unverified > to 172.17.2.1 via irb.2 [BGP/170] 02:38:31, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.103.2 via irb.103192.168.103.0/24 *[Direct/0] 2w4d 05:59:58 > via irb.103 [BGP/170] 02:38:31, localpref 100 AS path: 65535 I, validation-state: unverified > to 192.168.103.2 via irb.103192.168.103.1/32 *[Local/0] 2w5d 18:36:03 Local via irb.103224.0.0.2/32 *[PIM/0] 2w5d 18:36:10 MultiRecv224.0.0.5/32 *[OSPF/10] 2w5d 03:05:13, metric 1 MultiRecv224.0.0.13/32 *[PIM/0] 2w5d 18:36:10 MultiRecv224.0.0.22/32 *[IGMP/0] 2w5d 18:36:03 MultiRecv

inet.1: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

224.0.0.0/4 *[Multicast/180] 2w5d 18:36:03 MultiResolve224.0.0.0/24 *[Multicast/180] 2w5d 18:36:03 MultiDiscard225.0.0.16,172.16.31.4/64*[PIM/105] 01:02:58 Multicast (IPv4) Composite232.0.0.0/8 *[Multicast/180] 2w5d 18:36:10 MultiResolve

inet.4: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

225.0.0.8,172.16.21.3/64*[MSDP/175/1] 00:00:00 > to 10.5.5.1 via irb.103225.0.0.16,172.16.31.4/64*[MSDP/175/1] 00:00:36 > to 10.5.5.1 via irb.103

inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

ff02::2/128 *[PIM/0] 2w5d 18:36:10 MultiRecvff02::d/128 *[PIM/0] 2w5d 18:36:10 MultiRecv

inet6.1: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

ff30::/32 *[Multicast/180] 2w5d 18:36:10 MultiResolve

Meaning The sample output displays the active entries in the routing tables.

Copyright © 2016, Juniper Networks, Inc.78

Deploying Secure Multicast Market Data Services for Financial Services Environments

Verifying VLAN Configurations

Purpose Verify that the VLAN configuration is working properly.

Action From operational mode, enter the show vlans detail | no-more command.

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> show vlans detail | no-more

Routing instance: default-switch VLAN Name: V_100 State: ActiveTag: 100 Internal index: 2, Generation Index: 2, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.100Interfaces: ae1.0*,tagged,trunk ae2.0*,tagged,trunkNumber of interfaces: Tagged 2 , Untagged 0 Total MAC count: 1

Routing instance: default-switch VLAN Name: V_21 State: ActiveTag: 21 Internal index: 8, Generation Index: 9, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.21Interfaces: ge-0/0/23.0*,untagged,accessNumber of interfaces: Tagged 0 , Untagged 1 Total MAC count: 1

Routing instance: default-switch VLAN Name: V_2_Routing_MC_AE State: ActiveTag: 2 Internal index: 5, Generation Index: 6, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.2Interfaces: ae100.0*,tagged,trunkNumber of interfaces: Tagged 1 , Untagged 0 Total MAC count: 2

Routing instance: default-switch VLAN Name: default State: ActiveTag: 1 Internal index: 9, Generation Index: 10, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.1Number of interfaces: Tagged 0 , Untagged 0 Total MAC count: 0

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2> show vlans detail | no-more

Routing instance: default-switch

79Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

VLAN Name: V_101 State: ActiveTag: 101 Internal index: 2, Generation Index: 2, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.101Interfaces: ae1.0*,tagged,trunk ae2.0*,tagged,trunkNumber of interfaces: Tagged 2 , Untagged 0 Total MAC count: 1

Routing instance: default-switch VLAN Name: V_2_Routing_MC_AE State: ActiveTag: 2 Internal index: 5, Generation Index: 5, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.2Interfaces: ae100.0*,tagged,trunkNumber of interfaces: Tagged 1 , Untagged 0 Total MAC count: 1

Routing instance: default-switch VLAN Name: V_31 State: ActiveTag: 31 Internal index: 8, Generation Index: 8, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.31Interfaces: ge-0/0/23.0*,untagged,accessNumber of interfaces: Tagged 0 , Untagged 1 Total MAC count: 1

Routing instance: default-switch VLAN Name: default State: ActiveTag: 1 Internal index: 9, Generation Index: 9, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.1Number of interfaces: Tagged 0 , Untagged 0 Total MAC count: 0

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3> show vlans detail | no-more

Routing instance: default-switch VLAN Name: V_102 State: ActiveTag: 102 Internal index: 2, Generation Index: 2, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.102Interfaces: ae1.0*,tagged,trunk ae2.0*,tagged,trunkNumber of interfaces: Tagged 2 , Untagged 0 Total MAC count: 1

Routing instance: default-switch VLAN Name: V_21 State: Active

Copyright © 2016, Juniper Networks, Inc.80

Deploying Secure Multicast Market Data Services for Financial Services Environments

Tag: 21 Internal index: 8, Generation Index: 8, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.21Interfaces: ge-0/0/23.0*,untagged,accessNumber of interfaces: Tagged 0 , Untagged 1 Total MAC count: 1

Routing instance: default-switch VLAN Name: V_2_Routing_MC_AE State: ActiveTag: 2 Internal index: 5, Generation Index: 5, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.2Interfaces: ae100.0*,tagged,trunkNumber of interfaces: Tagged 1 , Untagged 0 Total MAC count: 2

Routing instance: default-switch VLAN Name: default State: ActiveTag: 1 Internal index: 9, Generation Index: 9, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.1Number of interfaces: Tagged 0 , Untagged 0 Total MAC count: 0

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> show vlans detail | no-more

Routing instance: default-switch VLAN Name: V_103 State: ActiveTag: 103 Internal index: 2, Generation Index: 2, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.103Interfaces: ae1.0*,tagged,trunk ae2.0*,tagged,trunkNumber of interfaces: Tagged 2 , Untagged 0 Total MAC count: 1

Routing instance: default-switch VLAN Name: V_2_Routing_MC_AE State: ActiveTag: 2 Internal index: 5, Generation Index: 5, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.2Interfaces: ae100.0*,tagged,trunkNumber of interfaces: Tagged 1 , Untagged 0 Total MAC count: 1

Routing instance: default-switch VLAN Name: V_31 State: ActiveTag: 31

81Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Internal index: 8, Generation Index: 8, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.31Interfaces: ge-0/0/23.0*,untagged,accessNumber of interfaces: Tagged 0 , Untagged 1 Total MAC count: 1

Routing instance: default-switch VLAN Name: default State: ActiveTag: 1 Internal index: 9, Generation Index: 9, Origin: StaticMAC aging time: 300 secondsLayer 3 interface: irb.1Number of interfaces: Tagged 0 , Untagged 0 Total MAC count: 0

Meaning The sample output displays information about the configured VLANs .

Verifying PIM Status

Purpose Verify that the PIM configuration is working properly.

Action Fromoperationalmode, enter the showpimneighbors | no-more and showpimneighbors

detail | no-more commands.

srx5600-mcast-a

{primary:node0}user@srx5600-mcast-a> show pim neighbors | no-more

Instance: PIM.masterInterface IP V Mode Option Uptime Neighbor addrreth0.0 4 2 HPLGT 2w4d5h 192.168.100.1 reth1.0 4 2 HPLGT 2w4d5h 192.168.101.1 reth2.0 4 2 HPLGT 1w4d16h 192.168.102.1 reth3.0 4 2 HPLGT 2w4d5h 192.168.103.1

user@srx5600-mcast-a> show pim neighbors detail | no-moreInstance: PIM.master

Interface: lo0.0

Address: 10.5.5.5, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 1290905605 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: ppe0.32769

Address: 0.0.0.0, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 0 Hello Option Generation ID: 1326166226 Hello Option LAN Prune Delay: delay 0 ms override 0 ms

Copyright © 2016, Juniper Networks, Inc.82

Deploying Secure Multicast Market Data Services for Financial Services Environments

Interface: reth0.0

Address: 192.168.100.1, IPv4, PIM v2, sg Join Count: 1, tsg Join Count: 0 BFD: Disabled Hello Option Holdtime: 3 seconds 2 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 1953135888 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Address: 192.168.100.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 1256927291 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: reth1.0

Address: 192.168.101.1, IPv4, PIM v2, sg Join Count: 1, tsg Join Count: 0 BFD: Disabled Hello Option Holdtime: 3 seconds 2 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 924445057 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Address: 192.168.101.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 1030293109 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: reth2.0

Address: 192.168.102.1, IPv4, PIM v2, sg Join Count: 0, tsg Join Count: 0 BFD: Disabled Hello Option Holdtime: 3 seconds 2 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 322514859 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported Rx Join: Group Source Timeout 225.0.0.8 172.16.21.3 179

Address: 192.168.102.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 966618111 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported Asserts: Group Source State Neighbor Timeout 225.0.0.8 172.16.21.3 Elected 192.168.102.2 153

Interface: reth3.0

Address: 192.168.103.1, IPv4, PIM v2, sg Join Count: 0, tsg Join Count: 0

83Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

BFD: Disabled Hello Option Holdtime: 105 seconds 97 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 740838321 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported Rx Join: Group Source Timeout 225.0.0.16 172.16.31.4 201

Address: 192.168.103.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 542104876 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported Asserts: Group Source State Neighbor Timeout 225.0.0.16 172.16.31.4 Elected 192.168.103.2 147

Interface: lo0.0

Address: fe80::2a0:a50f:fc90:2b8, IPv6, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 204005235 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms oin Suppression supported

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> show pim neighbors | no-more

B = Bidirectional Capable, G = Generation IdentifierH = Hello Option Holdtime, L = Hello Option LAN Prune Delay,P = Hello Option DR Priority, T = Tracking Bit

Instance: PIM.masterInterface IP V Mode Option Uptime Neighbor addrirb.100 4 2 HPLGT 2w4d 05:54:56 192.168.100.2 irb.2 4 2 HPLGT 2w5d 00:51:49 172.16.2.2

user@QFX_10.5.5.1> show pim neighbors detail | no-moreInstance: PIM.master

Interface: irb.100

Address: 192.168.100.1, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 1953135888 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Address: 192.168.100.2, IPv4, PIM v2, sg Join Count: 0, tsg Join Count: 0 BFD: Disabled Hello Option Holdtime: 3 seconds 2 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 1256927291 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms

Copyright © 2016, Juniper Networks, Inc.84

Deploying Secure Multicast Market Data Services for Financial Services Environments

Join Suppression supported Rx Join: Group Source Timeout 225.0.0.8 172.16.21.3 208

Interface: irb.2

Address: 172.16.2.1, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 1635606041 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Address: 172.16.2.2, IPv4, PIM v2, sg Join Count: 0, tsg Join Count: 0 BFD: Disabled Hello Option Holdtime: 105 seconds 104 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 730542187 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: irb.21

Address: 172.16.21.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 2, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 921333841 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: lo0.0

Address: 10.5.5.1, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 1032712446 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: pimd.32769

Address: 0.0.0.0, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 0 Hello Option Generation ID: 218829080 Hello Option LAN Prune Delay: delay 0 ms override 0 ms

Stat = Status, V = Version, NbrCnt = Neighbor Count,S = Sparse, D = Dense, B = Bidirectional,DR = Designated Router, P2P = Point-to-point link,Active = Bidirectional is active, NotCap = Not Bidirectional Capable

Name Stat Mode IP V State NbrCnt JoinCnt(sg/*g) DR addressirb.100 Up S 4 2 NotDR,NotCap 1 0/0 192.168.100.2irb.2 Up S 4 2 NotDR,NotCap 1 0/0 172.16.2.2irb.21 Up S 4 2 DR,NotCap 0 1/0 172.16.21.2

85Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

lo0.0 Up S 4 2 DR,NotCap 0 0/0 10.5.5.1pimd.32769 Up S 4 2 P2P,NotCap 0 0/0

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2> show pim neighbors | no-more

B = Bidirectional Capable, G = Generation IdentifierH = Hello Option Holdtime, L = Hello Option LAN Prune Delay,P = Hello Option DR Priority, T = Tracking Bit

Instance: PIM.masterInterface IP V Mode Option Uptime Neighbor addrirb.101 4 2 HPLGT 2w4d 05:20:08 192.168.101.2 irb.2 4 2 HPLGT 2w5d 00:53:32 172.16.2.1

user@QFX_10.5.5.2> show pim neighbors detail | no-moreInstance: PIM.master

Interface: irb.101

Address: 192.168.101.1, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 924445057 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Address: 192.168.101.2, IPv4, PIM v2, sg Join Count: 0, tsg Join Count: 0 BFD: Disabled Hello Option Holdtime: 3 seconds 2 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 1030293109 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported Rx Join: Group Source Timeout 225.0.0.16 172.16.31.4 166

Interface: irb.2

Address: 172.16.2.1, IPv4, PIM v2, sg Join Count: 0, tsg Join Count: 0 BFD: Disabled Hello Option Holdtime: 105 seconds 91 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 1635606041 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Address: 172.16.2.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 730542187 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: irb.31

Copyright © 2016, Juniper Networks, Inc.86

Deploying Secure Multicast Market Data Services for Financial Services Environments

Address: 172.16.31.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 2, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 957645391 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: lo0.0

Address: 10.5.5.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 1019818681 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: pime.32769

Address: 0.0.0.0, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 0 Hello Option Generation ID: 615721512 Hello Option LAN Prune Delay: delay 0 ms override 0 msStat = Status, V = Version, NbrCnt = Neighbor Count,S = Sparse, D = Dense, B = Bidirectional,DR = Designated Router, P2P = Point-to-point link,Active = Bidirectional is active, NotCap = Not Bidirectional Capable

Name Stat Mode IP V State NbrCnt JoinCnt(sg/*g) DR addressirb.101 Up S 4 2 NotDR,NotCap 1 0/0 192.168.101.2irb.2 Up S 4 2 DR,NotCap 1 0/0 172.16.2.2irb.31 Up S 4 2 DR,NotCap 0 1/0 172.16.31.2lo0.0 Up S 4 2 DR,NotCap 0 0/0 10.5.5.2pime.32769 Up S 4 2 P2P,NotCap 0 0/0

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3> show pim neighbors | no-more

B = Bidirectional Capable, G = Generation IdentifierH = Hello Option Holdtime, L = Hello Option LAN Prune Delay,P = Hello Option DR Priority, T = Tracking Bit

Instance: PIM.masterInterface IP V Mode Option Uptime Neighbor addrirb.102 4 2 HPLGT 1w4d 16:52:02 192.168.102.2 irb.2 4 2 HPLGT 2w5d 00:54:34 172.17.2.2

user@QFX_10.5.5.3> show pim neighbors detail | no-moreInstance: PIM.master

Interface: irb.102

Address: 192.168.102.1, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds

87Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Hello Option DR Priority: 1 Hello Option Generation ID: 322514859 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Address: 192.168.102.2, IPv4, PIM v2, sg Join Count: 1, tsg Join Count: 0 BFD: Disabled Hello Option Holdtime: 3 seconds 2 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 966618111 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported Asserts: Group Source State Neighbor Timeout 225.0.0.8 172.16.21.3 Pruned 192.168.102.2 176

Interface: irb.2

Address: 172.17.2.1, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 2040696488 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Address: 172.17.2.2, IPv4, PIM v2, sg Join Count: 0, tsg Join Count: 1 BFD: Disabled Hello Option Holdtime: 105 seconds 99 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 646693575 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: irb.21

Address: 172.17.21.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 100320924 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported Rx Join: Group Source Timeout 225.0.0.8 0 225.0.0.8 172.16.21.3 0

Interface: lo0.0

Address: 10.5.5.3, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 884926792 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: pime.32769

Address: 0.0.0.0, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds

Copyright © 2016, Juniper Networks, Inc.88

Deploying Secure Multicast Market Data Services for Financial Services Environments

Hello Option DR Priority: 0 Hello Option Generation ID: 975164468 Hello Option LAN Prune Delay: delay 0 ms override 0 msStat = Status, V = Version, NbrCnt = Neighbor Count,S = Sparse, D = Dense, B = Bidirectional,DR = Designated Router, P2P = Point-to-point link,Active = Bidirectional is active, NotCap = Not Bidirectional Capable

Name Stat Mode IP V State NbrCnt JoinCnt(sg/*g) DR addressirb.102 Up S 4 2 NotDR,NotCap 1 1/0 192.168.102.2irb.2 Up S 4 2 NotDR,NotCap 1 0/1 172.17.2.2irb.21 Up S 4 2 DR,NotCap 0 0/0 172.17.21.2lo0.0 Up S 4 2 DR,NotCap 0 0/0 10.5.5.3pime.32769 Up S 4 2 P2P,NotCap 0 0/0

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> show pim neighbors | no-more

B = Bidirectional Capable, G = Generation IdentifierH = Hello Option Holdtime, L = Hello Option LAN Prune Delay,P = Hello Option DR Priority, T = Tracking Bit

Instance: PIM.masterInterface IP V Mode Option Uptime Neighbor addrirb.103 4 2 HPLGT 2w4d 05:22:35 192.168.103.2 irb.2 4 2 HPLGT 2w5d 00:55:48 172.17.2.1

user@QFX_10.5.5.4> show pim neighbors detail | no-moreInstance: PIM.master

Interface: irb.103

Address: 192.168.103.1, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 740838321 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Address: 192.168.103.2, IPv4, PIM v2, sg Join Count: 2, tsg Join Count: 0 BFD: Disabled Hello Option Holdtime: 3 seconds 2 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 542104876 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported Asserts: Group Source State Neighbor Timeout 225.0.0.16 172.16.31.4 Pruned 192.168.103.2 156

Interface: irb.2

Address: 172.17.2.1, IPv4, PIM v2, sg Join Count: 0, tsg Join Count: 0 BFD: Disabled Hello Option Holdtime: 105 seconds 88 remaining Hello Option DR Priority: 1 Hello Option Generation ID: 2040696488 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms

89Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Join Suppression supported Rx Join: Group Source Timeout 225.0.0.8 177 225.0.0.8 172.16.21.3 177

Address: 172.17.2.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 646693575 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: irb.31

Address: 172.17.31.2, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 1606910522 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported Rx Join: Group Source Timeout 225.0.0.16 0 225.0.0.16 172.16.31.4 0

Interface: lo0.0

Address: 10.5.5.4, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 1 Hello Option Generation ID: 1158301696 Hello Option LAN Prune Delay: delay 500 ms override 2000 ms Join Suppression supported

Interface: pimd.32769

Address: 0.0.0.0, IPv4, PIM v2, Mode: Sparse, sg Join Count: 0, tsg Join Count: 0 Hello Option Holdtime: 65535 seconds Hello Option DR Priority: 0 Hello Option Generation ID: 1460745125 Hello Option LAN Prune Delay: delay 0 ms override 0 ms Stat = Status, V = Version, NbrCnt = Neighbor Count,S = Sparse, D = Dense, B = Bidirectional,DR = Designated Router, P2P = Point-to-point link,Active = Bidirectional is active, NotCap = Not Bidirectional Capable

Name Stat Mode IP V State NbrCnt JoinCnt(sg/*g) DR addressirb.103 Up S 4 2 NotDR,NotCap 1 2/0 192.168.103.2irb.2 Up S 4 2 DR,NotCap 1 0/0 172.17.2.2irb.31 Up S 4 2 DR,NotCap 0 0/0 172.17.31.2lo0.0 Up S 4 2 DR,NotCap 0 0/0 10.5.5.4pimd.32769 Up S 4 2 P2P,NotCap 0 0/0

Meaning The sample output specifies the PIM configuration details.

Copyright © 2016, Juniper Networks, Inc.90

Deploying Secure Multicast Market Data Services for Financial Services Environments

Verifying PIM RP Status

Purpose Verify that the PIM RP configuration is working properly.

Action Fromoperationalmode, enter the showpimrps |no-moreand showpimrpsdetail |no-more

commands.

srx5600-mcast-a

{primary:node0}user@srx5600-mcast-a> show pim rps | no-more

Instance: PIM.masteraddress-family INET

RP address Type Mode Holdtime Timeout Groups Group prefixes10.5.5.254 static sparse 0 None 0 224.0.0.0/4

address-family INET6

user@srx5600-mcast-a> show pim rps detail | no-more

Instance: PIM.masteraddress-family INETRP: 10.5.5.254Learned via: static configurationMode: SparseTime Active: 19:58:01Holdtime: 0Group Ranges: 224.0.0.0/4

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> show pim rps | no-more

Instance: PIM.masteraddress-family INETRP address Type Mode Holdtime Timeout Groups Group prefixes10.5.5.254 static sparse 150 None 0 224.0.0.0/4

address-family INET6

user@QFX_10.5.5.1> show pim rps detail | no-more

Instance: PIM.masteraddress-family INETRP: 10.5.5.254Learned via: static configurationMode: SparseTime Active: 2w5d 18:33:06Holdtime: 150Group Ranges: 224.0.0.0/4

address-family INET6

91Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2> show pim rps | no-more

Instance: PIM.master

address-family INETRP address Type Mode Holdtime Timeout Groups Group prefixes10.5.5.254 static sparse 0 None 0 224.0.0.0/4

address-family INET6

user@QFX_10.5.5.2> show pim rps detail | no-moreInstance: PIM.master

address-family INET

RP: 10.5.5.254Learned via: static configurationMode: SparseTime Active: 19:58:07Holdtime: 0Group Ranges: 224.0.0.0/4

address-family INET6

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3> show pim rps | no-more

Instance: PIM.master

address-family INETRP address Type Mode Holdtime Timeout Groups Group prefixes10.5.5.254 static sparse 0 None 1 224.0.0.0/4

address-family INET6

user@QFX_10.5.5.3> show pim rps detail | no-more

Instance: PIM.masteraddress-family INETRP: 10.5.5.254Learned via: static configurationMode: SparseTime Active: 19:58:17Holdtime: 0Group Ranges: 224.0.0.0/4Active groups using RP: 225.0.0.8

total 1 groups active

address-family INET6

Copyright © 2016, Juniper Networks, Inc.92

Deploying Secure Multicast Market Data Services for Financial Services Environments

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> show pim rps | no-more

Instance: PIM.master

address-family INETRP address Type Mode Holdtime Timeout Groups Group prefixes10.5.5.254 static sparse 150 None 2 224.0.0.0/4

address-family INET6

user@QFX_10.5.5.4> show pim rps detail | no-more

Instance: PIM.master

address-family INET

RP: 10.5.5.254Learned via: static configurationMode: SparseTime Active: 2w4d 16:50:58Holdtime: 150Group Ranges: 224.0.0.0/4

address-family INET6

Meaning The sample output displays information about Protocol Independent Multicast (PIM)

rendezvous points (RPs).

VerifyingMSDP Status

Purpose Verify that the MSDP configuration is working properly.

Action From operational mode, enter the showmsdp detail | no-more command.

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> showmsdp detail | no-more

Peer: 10.5.5.4Local address: 10.5.5.1State: EstablishedPeer Connect Retries: 65State timer expires: 36Peer Times out: 38SA accepted: 0SA received: 0MSDP SA limit maximum 25000MSDP SA limit threshold 24000MSDP SA limit log-warning 100 Global active source limit exceeded: 0Global active source limit maximum: 25000Global active source limit threshold: 24000Global active source limit log-warning: 100Global active source limit log interval: 0

93Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Group address Source address Peer address Originator Flags225.0.0.8 172.16.21.3 local 10.5.5.1 Accept225.0.0.16 172.16.31.4 local 10.5.5.1 Accept

BSR Pri Local address Pri State Timeout10.5.5.5 0 10.5.5.1 0 InEligible 85None 0 zero-len 0 InEligible Infinity

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> showmsdp detail | no-morePeer: 10.5.5.1Local address: 10.5.5.4State: EstablishedPeer Connect Retries: 0State timer expires: 5Peer Times out: 74SA accepted: 2SA received: 2MSDP SA limit maximum 25000MSDP SA limit threshold 24000MSDP SA limit log-warning 100Global active source limit exceeded: 0Global active source limit maximum: 25000Global active source limit threshold: 24000Global active source limit log-warning: 100Global active source limit log interval: 0

Group address Source address Peer address Originator Flags225.0.0.8 172.16.21.3 10.5.5.1 10.5.5.1 Accept225.0.0.16 172.16.31.4 10.5.5.1 10.5.5.1 Accept

Meaning The sample output displays Multicast Source Discovery Protocol (MSDP) information.

NOTE: MSDP is used to distribute the load and is configured on QFX5100-1and QFX5100-4 devices.

VerifyingMulticast Routes and Their State

Purpose Verify that the multicast route configuration is working properly.

Action From operational mode, enter the showmulticast route extensive | no-more command.

srx5600-mcast-a

{primary:node0}user@srx5600-mcast-a> showmulticast route extensive | no-moreInstance: master Family: INET

Group: 225.0.0.8 Source: 172.16.21.3/32 Upstream interface: reth0.0 Downstream interface list:

Copyright © 2016, Juniper Networks, Inc.94

Deploying Secure Multicast Market Data Services for Financial Services Environments

reth2.0 Number of outgoing interfaces: 1 Session description: Unknown Statistics: 110 kBps, 1000 pps, 3301940 packets Next-hop ID: 1048578 Upstream protocol: PIM Route state: Active Forwarding state: Forwarding Cache lifetime/timeout: 360 seconds Wrong incoming interface notifications: 19950 Uptime: 00:55:37

Group: 225.0.0.16 Source: 172.16.31.4/32 Upstream interface: reth1.0 Downstream interface list: reth3.0 Number of outgoing interfaces: 1 Session description: Unknown Statistics: 110 kBps, 1000 pps, 3266146 packets Next-hop ID: 1048575 Upstream protocol: PIM Route state: Active Forwarding state: Forwarding Cache lifetime/timeout: 360 seconds Wrong incoming interface notifications: 20500 Uptime: 00:54:27

Instance: master Family: INET6

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> showmulticast route extensive | no-more

Instance: master Family: INET

Group: 225.0.0.8 Source: 172.16.21.3/32 Upstream interface: irb.21 Downstream interface list: irb.100 Number of outgoing interfaces: 1 Session description: Unknown Statistics: 0 kBps, 0 pps, 140 packets Next-hop ID: 131078 Upstream protocol: PIM Route state: Active Forwarding state: Forwarding Cache lifetime/timeout: 360 seconds Wrong incoming interface notifications: 0 Uptime: 01:10:01

Instance: master Family: INET6

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2> showmulticast route extensive | no-more

Instance: master Family: INET

95Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Group: 225.0.0.16 Source: 172.16.31.4/32 Upstream interface: irb.31 Downstream interface list: irb.101 Number of outgoing interfaces: 1 Session description: Unknown Statistics: 0 kBps, 0 pps, 126 packets Next-hop ID: 131078 Upstream protocol: PIM Route state: Active Forwarding state: Forwarding Cache lifetime/timeout: 356 seconds Wrong incoming interface notifications: 0 Uptime: 01:00:29

Instance: master Family: INET6

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3> showmulticast route extensive | no-more

Instance: master Family: INET

Group: 225.0.0.8 Source: 172.16.21.3/32 Upstream interface: irb.102 Downstream interface list: irb.21 Number of outgoing interfaces: 1 Session description: Unknown Statistics: 0 kBps, 0 pps, 124 packets Next-hop ID: 131074 Upstream protocol: PIM Route state: Active Forwarding state: Forwarding Cache lifetime/timeout: 356 seconds Wrong incoming interface notifications: 1 Uptime: 01:02:20

Instance: master Family: INET6

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> showmulticast route extensive | no-more

Instance: master Family: INET

Group: 225.0.0.16 Source: 172.16.31.4/32 Upstream interface: irb.103 Downstream interface list: irb.31 Number of outgoing interfaces: 1 Session description: Unknown Statistics: 0 kBps, 0 pps, 126 packets Next-hop ID: 131075 Upstream protocol: PIM

Copyright © 2016, Juniper Networks, Inc.96

Deploying Secure Multicast Market Data Services for Financial Services Environments

Route state: Active Forwarding state: Forwarding Cache lifetime/timeout: 356 seconds Wrong incoming interface notifications: 0 Uptime: 01:02:58

Instance: master Family: INET6

Meaning The sample output specifies multicast routes and their state.

Verifying the Forwarding Table

Purpose Verify that the forwarding table in the hardware has the appropriate routes installed.

Action From operational mode, enter the show route forwarding-table | no-more command.

srx5600-mcast-a

{primary:node0}user@srx5600-mcast-a> show route forwarding-table | no-moreRouting table: default.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault user 1 0:0:5e:0:1:10 ucst 359 4 fxp0.0default perm 0 rjct 36 10.0.0.0/32 perm 0 dscd 34 1172.16.2.0/24 user 0 192.168.100.1 ucst 591 8 reth0.0172.16.21.0/24 user 0 192.168.100.1 ucst 591 8 reth0.0172.16.31.0/24 user 0 192.168.101.1 ucst 563 5 reth1.0172.17.2.0/24 user 0 192.168.102.1 ucst 574 6 reth2.0172.17.21.0/24 user 0 192.168.102.1 ucst 574 6 reth2.0172.17.31.0/24 user 0 192.168.103.1 ucst 566 5 reth3.010.5.5.1/32 user 0 192.168.100.1 ucst 591 8 reth0.010.5.5.2/32 user 0 192.168.101.1 ucst 563 5 reth1.010.5.5.3/32 user 0 192.168.102.1 ucst 574 6 reth2.010.5.5.4/32 user 0 192.168.103.1 ucst 566 5 reth3.010.5.5.5/32 intf 0 10.5.5.5 locl 585 110.5.5.254/32 user 1 192.168.100.1 ucst 591 8 reth0.010.219.29.128/26 intf 0 rslv 333 1 fxp0.010.219.29.128/32 dest 0 10.219.29.128 recv 331 1 fxp0.010.219.29.129/32 dest 0 0:0:5e:0:1:10 ucst 359 4 fxp0.010.219.29.130/32 dest 0 c:86:10:99:d5:2c ucst 353 1 fxp0.010.219.29.157/32 intf 0 10.219.29.157 locl 332 210.219.29.157/32 dest 0 10.219.29.157 locl 332 210.219.29.191/32 dest 0 10.219.29.191 bcst 330 1 fxp0.010.255.29.157/32 intf 0 10.255.29.157 locl 513 1127.0.0.1/32 intf 0 127.0.0.1 locl 514 1192.168.100.0/24 intf 0 rslv 590 1 reth0.0192.168.100.0/32 dest 0 192.168.100.0 recv 562 1 reth0.0192.168.100.1/32 dest 1 0:31:46:5e:4a:80 ucst 591 8 reth0.0192.168.100.2/32 intf 0 192.168.100.2 locl 589 2192.168.100.2/32 dest 0 192.168.100.2 locl 589 2192.168.100.255/32 dest 0 192.168.100.255 bcst 560 1 reth0.0192.168.101.0/24 intf 0 rslv 599 1 reth1.0192.168.101.0/32 dest 0 192.168.101.0 recv 597 1 reth1.0192.168.101.1/32 dest 1 0:31:46:5d:8c:80 ucst 563 5 reth1.0192.168.101.2/32 intf 0 192.168.101.2 locl 598 2192.168.101.2/32 dest 0 192.168.101.2 locl 598 2192.168.101.255/32 dest 0 192.168.101.255 bcst 596 1 reth1.0192.168.102.0/24 intf 0 rslv 607 1 reth2.0

97Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

192.168.102.0/32 dest 0 192.168.102.0 recv 601 1 reth2.0192.168.102.1/32 dest 1 0:31:46:5d:eb:80 ucst 574 6 reth2.0192.168.102.2/32 intf 0 192.168.102.2 locl 602 2192.168.102.2/32 dest 0 192.168.102.2 locl 602 2192.168.102.255/32 dest 0 192.168.102.255 bcst 600 1 reth2.0192.168.103.0/24 intf 0 rslv 611 1 reth3.0192.168.103.0/32 dest 0 192.168.103.0 recv 609 1 reth3.0192.168.103.1/32 dest 1 0:31:46:5e:e5:80 ucst 566 5 reth3.0192.168.103.2/32 intf 0 192.168.103.2 locl 610 2192.168.103.2/32 dest 0 192.168.103.2 locl 610 2192.168.103.255/32 dest 0 192.168.103.255 bcst 608 1 reth3.0224.0.0.0/4 user 0 rslv 593 1224.0.0.0/4 perm 0 mdsc 35 2224.0.0.0/24 user 0 mdsc 35 2224.0.0.1/32 perm 0 224.0.0.1 mcst 31 7224.0.0.2/32 user 1 224.0.0.2 mcst 31 7224.0.0.13/32 user 1 224.0.0.13 mcst 31 7224.0.0.22/32 user 1 224.0.0.22 mcst 31 7225.0.0.8.172.16.21.3/64 user 0 r 1048578 comp 592 1225.0.0.16.172.16.31.4/64 user 0 indr 1048575 2 comp 588 1232.0.0.0/8 user 0 rslv 587 1255.255.255.255/32 perm 0 bcst 32 1

Routing table: __master.anon__.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 527 10.0.0.0/32 perm 0 dscd 525 1224.0.0.0/4 perm 0 mdsc 526 1224.0.0.1/32 perm 0 224.0.0.1 mcst 522 1255.255.255.255/32 perm 0 bcst 523 1

Routing table: default.isoISO:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 60 147.0005.80ff.f800.0000.0108.0001.0102.5502.9157/152 intf 0 locl 515 1

Routing table: __master.anon__.isoISO:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 533 1

Routing table: default.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 44 1::/128 perm 0 dscd 42 1abcd::10:255:29:157/128 intf 0 abcd::10:255:29:157 locl 516 1fe80::2a0:a50f:fc90:2b8/128 intf 0 fe80::2a0:a50f:fc90:2b8 locl 517 1ff00::/8 user 0 rslv 586 1ff00::/8 perm 0 mdsc 43 2ff02::/16 user 0 mdsc 43 2

Copyright © 2016, Juniper Networks, Inc.98

Deploying Secure Multicast Market Data Services for Financial Services Environments

ff02::1/128 perm 0 ff02::1 mcst 39 6ff02::2/128 user 1 ff02::2 mcst 39 6ff02::d/128 user 1 ff02::d mcst 39 6ff02::16/128 user 0 ff02::16 mcst 39 6ff30::/32 user 0 rslv 576 1

Routing table: __master.anon__.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 542 1::/128 perm 0 dscd 540 1ff00::/8 perm 0 mdsc 541 1ff02::1/128 perm 0 ff02::1 mcst 538 1

Routing table: default.mplsMPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 50 1

Routing table: __mpls-oam__.mplsMPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 535 1

Routing table: default-switch.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 518 1

QFX_10.5.5.1

{primary:node0}user@QFX_10.5.5.1> show route forwarding-table | no-more

exitRouting table: default.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault user 1 0:0:5e:0:1:10 ucst 336 4 em0.0default perm 0 rjct 51 10.0.0.0/32 perm 0 dscd 49 2172.16.2.0/24 intf 0 rslv 1762 1 irb.2172.16.2.0/32 dest 0 172.16.2.0 recv 1760 1 irb.2172.16.2.1/32 intf 0 172.16.2.1 locl 1761 2172.16.2.1/32 dest 0 172.16.2.1 locl 1761 2172.16.2.2/32 dest 0 0:31:46:5d:8c:80 ucst 1770 7 ae100.0172.16.2.255/32 dest 0 172.16.2.255 bcst 1758 1 irb.2172.16.21.0/24 intf 0 rslv 1782 1 irb.21172.16.21.0/32 dest 0 172.16.21.0 recv 1780 1 irb.21172.16.21.2/32 intf 0 172.16.21.2 locl 1781 2172.16.21.2/32 dest 0 172.16.21.2 locl 1781 2172.16.21.254/32 intf 0 172.16.21.254 locl 1784 2172.16.21.254/32 dest 0 172.16.21.254 locl 1784 2172.16.21.255/32 dest 0 172.16.21.255 bcst 1779 1 irb.21172.16.31.0/24 user 0 172.16.2.2 ucst 1770 7 ae100.0172.17.2.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0172.17.21.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0172.17.31.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.010.5.5.1/32 intf 0 10.5.5.1 locl 1740 110.5.5.2/32 user 1 172.16.2.2 ucst 1770 7 ae100.010.5.5.3/32 user 0 192.168.100.2 ucst 1750 13 ae1.0

99Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

10.5.5.4/32 user 1 192.168.100.2 ucst 1750 13 ae1.010.5.5.5/32 user 0 192.168.100.2 ucst 1750 13 ae1.010.5.5.254/32 intf 0 10.5.5.254 locl 1741 110.219.29.128/26 intf 0 rslv 335 1 em0.010.219.29.128/32 dest 0 10.219.29.128 recv 333 1 em0.010.219.29.129/32 dest 0 0:0:5e:0:1:10 ucst 336 4 em0.010.219.29.130/32 dest 0 c:86:10:99:d5:2c ucst 337 1 em0.010.219.29.188/32 intf 0 10.219.29.188 locl 334 210.219.29.188/32 dest 0 10.219.29.188 locl 334 210.219.29.189/32 dest 0 0:31:46:5d:91:78 ucst 338 1 em0.010.219.29.191/32 dest 0 10.219.29.191 bcst 332 1 em0.010.255.29.157/32 user 0 192.168.100.2 ucst 1750 13 ae1.0192.168.100.0/24 intf 0 rslv 1739 1 irb.100192.168.100.0/32 dest 0 192.168.100.0 recv 1737 1 irb.100192.168.100.1/32 intf 0 192.168.100.1 locl 1738 2192.168.100.1/32 dest 0 192.168.100.1 locl 1738 2192.168.100.2/32 dest 1 0:10:db:ff:10:0 ucst 1750 13 ae1.0192.168.100.255/32 dest 0 192.168.100.255 bcst 1736 1 irb.100192.168.101.0/24 user 0 indr 131072 2 172.16.2.2 ucst 1770 7 ae100.0192.168.102.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0192.168.103.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0224.0.0.0/4 user 0 rslv 1726 1224.0.0.0/4 perm 0 mdsc 50 2224.0.0.0/24 user 2 mdsc 50 2224.0.0.1/32 perm 0 224.0.0.1 mcst 46 9224.0.0.2/32 user 1 224.0.0.2 mcst 46 9224.0.0.5/32 user 1 224.0.0.5 mcst 46 9224.0.0.13/32 user 1 224.0.0.13 mcst 46 9224.0.0.22/32 user 1 224.0.0.22 mcst 46 9225.0.0.8.172.16.21.3/64 user 0 indr 131078 2 comp 1789 1232.0.0.0/8 user 0 rslv 1701 1255.255.255.255/32 perm 0 bcst 47 1Routing table: __master.anon__.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1669 10.0.0.0/32 perm 0 dscd 1667 1224.0.0.0/4 perm 0 mdsc 1668 1224.0.0.1/32 perm 0 224.0.0.1 mcst 1664 1255.255.255.255/32 perm 0 bcst 1665 1

Routing table: __juniper_services__.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1691 20.0.0.0/32 perm 0 dscd 1691 2128.0.0.0/2 intf 0 rslv 1700 1 jsrv.1128.0.0.0/32 dest 0 128.0.0.0 recv 1698 1 jsrv.1128.0.0.127/32 intf 0 128.0.0.127 locl 1699 2128.0.0.127/32 dest 0 128.0.0.127 locl 1699 2191.255.255.255/32 dest 0 191.255.255.255 bcst 1697 1 jsrv.1224.0.0.0/4 perm 0 mdsc 1692 1224.0.0.1/32 perm 0 224.0.0.1 mcst 1688 1255.255.255.255/32 perm 0 bcst 1689 1

Routing table: default-switch.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1712 1

Copyright © 2016, Juniper Networks, Inc.100

Deploying Secure Multicast Market Data Services for Financial Services Environments

0.0.0.0/32 perm 0 dscd 1710 10.8.0.1.0.0.224/52 user 0 mdsc 1711 40.8.0.1.0.0.225.0.0.8.172.16.21.3/112 user 0 mdsc 1711 4224.0.0.0/4 perm 0 mdsc 1711 4224.0.0.1/32 perm 0 224.0.0.1 mcst 1707 1255.255.255.255/32 perm 0 bcst 1708 1

Routing table: default.isoISO:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 75 1

Routing table: __master.anon__.isoISO:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1675 1

Routing table: default.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 59 1::/128 perm 0 dscd 57 1ff00::/8 perm 0 mdsc 58 1ff02::1/128 perm 0 ff02::1 mcst 54 3ff02::2/128 user 0 ff02::2 mcst 54 3ff02::d/128 user 0 ff02::d mcst 54 3ff30::/32 user 0 rslv 1702 1

Routing table: __master.anon__.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1684 1::/128 perm 0 dscd 1682 1ff00::/8 perm 0 mdsc 1683 1ff02::1/128 perm 0 ff02::1 mcst 1680 1

Routing table: default-switch.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1720 1::/128 perm 0 dscd 1718 1ff00::/8 perm 0 mdsc 1719 1ff02::1/128 perm 0 ff02::1 mcst 1716 1

Routing table: default.mplsMPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 65 1

Routing table: __mpls-oam__.mplsMPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1677 1

Routing table: __juniper_private1__.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 241 1

Routing table: default-switch.bridge

101Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

VPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1703 1ae1.0 intf 0 ucst 1727 4 ae1.0ae100.0 intf 0 ucst 1729 5 ae100.0ae2.0 intf 0 ucst 1731 3 ae2.0ge-0/0/23.0 intf 0 ucst 1775 4 ge-0/0/23.0

Routing table: default-switch.bridgeBridging domain: V_100.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:10:db:ff:10:00/48 user 0 ucst 1727 4 ae1.00x30003/51 user 0 comp 1749 20x30000/51 user 0 comp 1748 2

Routing table: default-switch.bridgeBridging domain: V_21.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:00:8e:02:f3:ab/48 user 0 ucst 1775 4 ge-0/0/23.00x30009/51 user 0 comp 1783 20x30009/56 user 0 rtbl 1715 20x30008/51 user 0 comp 1778 2

Routing table: default-switch.bridgeBridging domain: V_2_Routing_MC_AE.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:00:5e:00:01:00/48 user 0 ucst 1729 5 ae100.000:31:46:5d:8c:80/48 user 0 ucst 1729 5 ae100.00x30007/51 user 0 comp 1767 20x30006/51 user 0 comp 1766 2

Routing table: default.device-routeDevice Route:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 105 3LId: 0, RId: 0 user 0 dscd 105 3LId: 0, RId: 255 user 0 dscd 105 3

Routing table: default.dhcp-snoopingDHCP Snooping:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 113 1

Routing table: default.fibre-channelFibre Channel:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 129 1

Routing table: default.fc-fmembersFC Fabric Members:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 137 1

QFX_10.5.5.2

{primary:node0}user@QFX_10.5.5.2> show route forwarding-table | no-more

Copyright © 2016, Juniper Networks, Inc.102

Deploying Secure Multicast Market Data Services for Financial Services Environments

exitRouting table: default.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault user 1 0:0:5e:0:1:10 ucst 336 4 em0.0default perm 0 rjct 51 10.0.0.0/32 perm 0 dscd 49 2172.16.2.0/24 intf 0 rslv 1762 1 irb.2172.16.2.0/32 dest 0 172.16.2.0 recv 1760 1 irb.2172.16.2.1/32 intf 0 172.16.2.1 locl 1761 2172.16.2.1/32 dest 0 172.16.2.1 locl 1761 2172.16.2.2/32 dest 0 0:31:46:5d:8c:80 ucst 1770 7 ae100.0172.16.2.255/32 dest 0 172.16.2.255 bcst 1758 1 irb.2172.16.21.0/24 intf 0 rslv 1782 1 irb.21172.16.21.0/32 dest 0 172.16.21.0 recv 1780 1 irb.21172.16.21.2/32 intf 0 172.16.21.2 locl 1781 2172.16.21.2/32 dest 0 172.16.21.2 locl 1781 2172.16.21.254/32 intf 0 172.16.21.254 locl 1784 2172.16.21.254/32 dest 0 172.16.21.254 locl 1784 2172.16.21.255/32 dest 0 172.16.21.255 bcst 1779 1 irb.21172.16.31.0/24 user 0 172.16.2.2 ucst 1770 7 ae100.0172.17.2.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0172.17.21.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0172.17.31.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.010.5.5.1/32 intf 0 10.5.5.1 ocl 1740 110.5.5.2/32 user 1 172.16.2.2 ucst 1770 7 ae100.010.5.5.3/32 user 0 192.168.100.2 ucst 1750 13 ae1.010.5.5.4/32 user 1 192.168.100.2 ucst 1750 13 ae1.010.5.5.5/32 user 0 192.168.100.2 ucst 1750 13 ae1.010.5.5.254/32 intf 0 10.5.5.254 locl 1741 110.219.29.128/26 intf 0 rslv 335 1 em0.010.219.29.128/32 dest 0 10.219.29.128 recv 333 1 em0.010.219.29.129/32 dest 0 0:0:5e:0:1:10 ucst 336 4 em0.010.219.29.130/32 dest 0 c:86:10:99:d5:2c ucst 337 1 em0.010.219.29.188/32 intf 0 10.219.29.188 locl 334 210.219.29.188/32 dest 0 10.219.29.188 locl 334 210.219.29.189/32 dest 0 0:31:46:5d:91:78 ucst 338 1 em0.010.219.29.191/32 dest 0 10.219.29.191 bcst 332 1 em0.010.255.29.157/32 user 0 192.168.100.2 ucst 1750 13 ae1.0192.168.100.0/24 intf 0 rslv 1739 1 irb.100192.168.100.0/32 dest 0 192.168.100.0 recv 1737 1 irb.100192.168.100.1/32 intf 0 192.168.100.1 locl 1738 2192.168.100.1/32 dest 0 192.168.100.1 locl 1738 2192.168.100.2/32 dest 1 0:10:db:ff:10:0 ucst 1750 13 ae1.0192.168.100.255/32 dest 0 192.168.100.255 bcst 1736 1 irb.100192.168.101.0/24 user 0 indr 131072 2 172.16.2.2 ucst 1770 7 ae100.0192.168.102.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0192.168.103.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0224.0.0.0/4 user 0 rslv 1726 1224.0.0.0/4 perm 0 mdsc 50 2224.0.0.0/24 user 2 mdsc 50 2224.0.0.1/32 perm 0 224.0.0.1 mcst 46 9224.0.0.2/32 user 1 224.0.0.2 mcst 46 9224.0.0.5/32 user 1 224.0.0.5 mcst 46 9224.0.0.13/32 user 1 224.0.0.13 mcst 46 9224.0.0.22/32 user 1 224.0.0.22 mcst 46 9225.0.0.8.172.16.21.3/64 user 0 indr 131078 2 comp 1789 1232.0.0.0/8 user 0 rslv 1701 1

103Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

255.255.255.255/32 perm 0 bcst 47 1Routing table: __master.anon__.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1669 10.0.0.0/32 perm 0 dscd 1667 1224.0.0.0/4 perm 0 mdsc 1668 1224.0.0.1/32 perm 0 224.0.0.1 mcst 1664 1255.255.255.255/32 perm 0 bcst 1665 1

Routing table: __juniper_services__.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1691 20.0.0.0/32 perm 0 dscd 1691 2128.0.0.0/2 intf 0 rslv 1700 1 jsrv.1128.0.0.0/32 dest 0 128.0.0.0 recv 1698 1 jsrv.1128.0.0.127/32 intf 0 128.0.0.127 locl 1699 2128.0.0.127/32 dest 0 128.0.0.127 locl 1699 2191.255.255.255/32 dest 0 191.255.255.255 bcst 1697 1 jsrv.1224.0.0.0/4 perm 0 mdsc 1692 1224.0.0.1/32 perm 0 224.0.0.1 mcst 1688 1255.255.255.255/32 perm 0 bcst 1689 1

Routing table: default-switch.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1712 10.0.0.0/32 perm 0 dscd 1710 10.8.0.1.0.0.224/52 user 0 mdsc 1711 40.8.0.1.0.0.225.0.0.8.172.16.21.3/112 user 0 mdsc 1711 4224.0.0.0/4 perm 0 mdsc 1711 4224.0.0.1/32 perm 0 224.0.0.1 mcst 1707 1255.255.255.255/32 perm 0 bcst 1708 1

Routing table: default.isoISO:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 75 1

Routing table: __master.anon__.isoISO:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1675 1

Routing table: default.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 59 1::/128 perm 0 dscd 57 1ff00::/8 perm 0 mdsc 58 1ff02::1/128 perm 0 ff02::1 mcst 54 3ff02::2/128 user 0 ff02::2 mcst 54 3ff02::d/128 user 0 ff02::d mcst 54 3ff30::/32 user 0 rslv 1702 1

Routing table: __master.anon__.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1684 1

Copyright © 2016, Juniper Networks, Inc.104

Deploying Secure Multicast Market Data Services for Financial Services Environments

::/128 perm 0 dscd 1682 1ff00::/8 perm 0 mdsc 1683 1ff02::1/128 perm 0 ff02::1 mcst 1680 1

Routing table: default-switch.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1720 1::/128 perm 0 dscd 1718 1ff00::/8 perm 0 mdsc 1719 1ff02::1/128 perm 0 ff02::1 mcst 1716 1

Routing table: default.mplsMPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 65 1

Routing table: __mpls-oam__.mplsMPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1677 1

Routing table: __juniper_private1__.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 241 1

Routing table: default-switch.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1703 1ae1.0 intf 0 ucst 1727 4 ae1.0ae100.0 intf 0 ucst 1729 5 ae100.0ae2.0 intf 0 ucst 1731 3 ae2.0ge-0/0/23.0 intf 0 ucst 1775 4 ge-0/0/23.0

Routing table: default-switch.bridgeBridging domain: V_100.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:10:db:ff:10:00/48 user 0 ucst 1727 4 ae1.00x30003/51 user 0 comp 1749 20x30000/51 user 0 comp 1748 2

Routing table: default-switch.bridgeBridging domain: V_21.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:00:8e:02:f3:ab/48 user 0 ucst 1775 4 ge-0/0/23.00x30009/51 user 0 comp 1783 20x30009/56 user 0 rtbl 1715 20x30008/51 user 0 comp 1778 2

Routing table: default-switch.bridgeBridging domain: V_2_Routing_MC_AE.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:00:5e:00:01:00/48 user 0 ucst 1729 5 ae100.000:31:46:5d:8c:80/48 user 0 ucst 1729 5 ae100.00x30007/51 user 0 comp 1767 20x30006/51 user 0 comp 1766 2

105Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Routing table: default.device-routeDevice Route:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 105 3LId: 0, RId: 0 user 0 dscd 105 3LId: 0, RId: 255 user 0 dscd 105 3

Routing table: default.dhcp-snoopingDHCP Snooping:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 113 1

Routing table: default.fibre-channelFibre Channel:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 129 1

Routing table: default.fc-fmembersFC Fabric Members:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 137 1

QFX_10.5.5.3

{primary:node0}user@QFX_10.5.5.3> show route forwarding-table | no-more

exitRouting table: default.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault user 1 0:0:5e:0:1:10 ucst 336 4 em0.0default perm 0 rjct 51 10.0.0.0/32 perm 0 dscd 49 2172.16.2.0/24 intf 0 rslv 1762 1 irb.2172.16.2.0/32 dest 0 172.16.2.0 recv 1760 1 irb.2172.16.2.1/32 intf 0 172.16.2.1 locl 1761 2172.16.2.1/32 dest 0 172.16.2.1 locl 1761 2172.16.2.2/32 dest 0 0:31:46:5d:8c:80 ucst 1770 7 ae100.0172.16.2.255/32 dest 0 172.16.2.255 bcst 1758 1 irb.2172.16.21.0/24 intf 0 rslv 1782 1 irb.21172.16.21.0/32 dest 0 172.16.21.0 recv 1780 1 irb.21172.16.21.2/32 intf 0 172.16.21.2 locl 1781 2172.16.21.2/32 dest 0 172.16.21.2 locl 1781 2172.16.21.254/32 intf 0 172.16.21.254 locl 1784 2172.16.21.254/32 dest 0 172.16.21.254 locl 1784 2172.16.21.255/32 dest 0 172.16.21.255 bcst 1779 1 irb.21172.16.31.0/24 user 0 172.16.2.2 ucst 1770 7 ae100.0172.17.2.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0172.17.21.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0172.17.31.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.010.5.5.1/32 intf 0 10.5.5.1 locl 1740 110.5.5.2/32 user 1 172.16.2.2 ucst 1770 7 ae100.010.5.5.3/32 user 0 192.168.100.2 ucst 1750 13 ae1.010.5.5.4/32 user 1 192.168.100.2 ucst 1750 13 ae1.010.5.5.5/32 user 0 192.168.100.2 ucst 1750 13 ae1.010.5.5.254/32 intf 0 10.5.5.254 locl 1741 110.219.29.128/26 intf 0 rslv 335 1 em0.010.219.29.128/32 dest 0 10.219.29.128 recv 333 1 em0.010.219.29.129/32 dest 0 0:0:5e:0:1:10 ucst 336 4 em0.0

Copyright © 2016, Juniper Networks, Inc.106

Deploying Secure Multicast Market Data Services for Financial Services Environments

10.219.29.130/32 dest 0 c:86:10:99:d5:2c ucst 337 1 em0.010.219.29.188/32 intf 0 10.219.29.188 locl 334 210.219.29.188/32 dest 0 10.219.29.188 locl 334 210.219.29.189/32 dest 0 0:31:46:5d:91:78 ucst 338 1 em0.010.219.29.191/32 dest 0 10.219.29.191 bcst 332 1 em0.010.255.29.157/32 user 0 192.168.100.2 ucst 1750 13 ae1.0192.168.100.0/24 intf 0 rslv 1739 1 irb.100192.168.100.0/32 dest 0 192.168.100.0 recv 1737 1 irb.100192.168.100.1/32 intf 0 192.168.100.1 locl 1738 2192.168.100.1/32 dest 0 192.168.100.1 locl 1738 2192.168.100.2/32 dest 1 0:10:db:ff:10:0 ucst 1750 13 ae1.0192.168.100.255/32 dest 0 192.168.100.255 bcst 1736 1 irb.100192.168.101.0/24 user 0 indr 131072 2 172.16.2.2 ucst 1770 7 ae100.0192.168.102.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0192.168.103.0/24 user 0 192.168.100.2 ucst 1750 13 ae1.0224.0.0.0/4 user 0 rslv 1726 1224.0.0.0/4 perm 0 mdsc 50 2224.0.0.0/24 user 2 mdsc 50 2224.0.0.1/32 perm 0 224.0.0.1 mcst 46 9224.0.0.2/32 user 1 224.0.0.2 mcst 46 9224.0.0.5/32 user 1 224.0.0.5 mcst 46 9224.0.0.13/32 user 1 224.0.0.13 mcst 46 9224.0.0.22/32 user 1 224.0.0.22 mcst 46 9225.0.0.8.172.16.21.3/64 user 0 indr 131078 2 comp 1789 1232.0.0.0/8 user 0 rslv 1701 1255.255.255.255/32 perm 0 bcst 47 1Routing table: __master.anon__.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1669 10.0.0.0/32 perm 0 dscd 1667 1224.0.0.0/4 perm 0 mdsc 1668 1224.0.0.1/32 perm 0 224.0.0.1 mcst 1664 1255.255.255.255/32 perm 0 bcst 1665 1

Routing table: __juniper_services__.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1691 20.0.0.0/32 perm 0 dscd 1691 2128.0.0.0/2 intf 0 rslv 1700 1 jsrv.1128.0.0.0/32 dest 0 128.0.0.0 recv 1698 1 jsrv.1128.0.0.127/32 intf 0 128.0.0.127 locl 1699 2128.0.0.127/32 dest 0 128.0.0.127 locl 1699 2191.255.255.255/32 dest 0 191.255.255.255 bcst 1697 1 jsrv.1224.0.0.0/4 perm 0 mdsc 1692 1224.0.0.1/32 perm 0 224.0.0.1 mcst 1688 1255.255.255.255/32 perm 0 bcst 1689 1

Routing table: default-switch.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1712 10.0.0.0/32 perm 0 dscd 1710 10.8.0.1.0.0.224/52 user 0 mdsc 1711 40.8.0.1.0.0.225.0.0.8.172.16.21.3/112 user 0 mdsc 1711 4224.0.0.0/4 perm 0 mdsc 1711 4224.0.0.1/32 perm 0 224.0.0.1 mcst 1707 1

107Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

255.255.255.255/32 perm 0 bcst 1708 1

Routing table: default.isoISO:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 75 1

Routing table: __master.anon__.isoISO:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1675 1

Routing table: default.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 59 1::/128 perm 0 dscd 57 1ff00::/8 perm 0 mdsc 58 1ff02::1/128 perm 0 ff02::1 mcst 54 3ff02::2/128 user 0 ff02::2 mcst 54 3ff02::d/128 user 0 ff02::d mcst 54 3ff30::/32 user 0 rslv 1702 1

Routing table: __master.anon__.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1684 1::/128 perm 0 dscd 1682 1ff00::/8 perm 0 mdsc 1683 1ff02::1/128 perm 0 ff02::1 mcst 1680 1

Routing table: default-switch.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1720 1::/128 perm 0 dscd 1718 1ff00::/8 perm 0 mdsc 1719 1ff02::1/128 perm 0 ff02::1 mcst 1716 1

Routing table: default.mplsMPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 65 1

Routing table: __mpls-oam__.mplsMPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1677 1

Routing table: __juniper_private1__.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 241 1

Routing table: default-switch.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1703 1ae1.0 intf 0 ucst 1727 4 ae1.0ae100.0 intf 0 ucst 1729 5 ae100.0ae2.0 intf 0 ucst 1731 3 ae2.0

Copyright © 2016, Juniper Networks, Inc.108

Deploying Secure Multicast Market Data Services for Financial Services Environments

ge-0/0/23.0 intf 0 ucst 1775 4 ge-0/0/23.0

Routing table: default-switch.bridgeBridging domain: V_100.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:10:db:ff:10:00/48 user 0 ucst 1727 4 ae1.00x30003/51 user 0 comp 1749 20x30000/51 user 0 comp 1748 2

Routing table: default-switch.bridgeBridging domain: V_21.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:00:8e:02:f3:ab/48 user 0 ucst 1775 4 ge-0/0/23.00x30009/51 user 0 comp 1783 20x30009/56 user 0 rtbl 1715 20x30008/51 user 0 comp 1778 2

Routing table: default-switch.bridgeBridging domain: V_2_Routing_MC_AE.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:00:5e:00:01:00/48 user 0 ucst 1729 5 ae100.000:31:46:5d:8c:80/48 user 0 ucst 1729 5 ae100.00x30007/51 user 0 comp 1767 20x30006/51 user 0 comp 1766 2

Routing table: default.device-routeDevice Route:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 105 3LId: 0, RId: 0 user 0 dscd 105 3LId: 0, RId: 255 user 0 dscd 105 3

Routing table: default.dhcp-snoopingDHCP Snooping:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 113 1

Routing table: default.fibre-channelFibre Channel:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 129 1

Routing table: default.fc-fmembersFC Fabric Members:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 137 1

QFX_10.5.5.4

{primary:node0}user@QFX_10.5.5.4> show route forwarding-table | no-moreexitRouting table: default.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault user 1 0:0:5e:0:1:10 ucst 336 4 em0.0default perm 0 rjct 51 10.0.0.0/32 perm 0 dscd 49 2

109Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

172.16.2.0/24 user 0 192.168.103.2 ucst 1753 13 ae2.0172.16.21.0/24 user 0 192.168.103.2 ucst 753 13 ae2.0172.16.31.0/24 user 0 192.168.103.2 ucst 1753 13 ae2.0172.17.2.0/24 intf 0 rslv 1762 1 irb.2172.17.2.0/32 dest 0 172.17.2.0 recv 1760 1 irb.2172.17.2.1/32 dest 0 0:31:46:5d:eb:80 cst 1770 7 ae100.0172.17.2.2/32 intf 0 172.17.2.2 locl 1761 2172.17.2.2/32 dest 0 172.17.2.2 locl 1761 2172.17.2.254/32 intf 0 172.17.2.254 locl 1769 2172.17.2.254/32 dest 0 172.17.2.254 locl 1769 2172.17.2.255/32 dest 0 172.17.2.255 bcst 1759 1 irb.2172.17.21.0/24 user 0 172.17.2.1 ucst 1770 7 ae100.0172.17.31.0/24 intf 0 rslv 1781 1 irb.31172.17.31.0/32 dest 0 172.17.31.0 recv 1758 1 irb.31172.17.31.2/32 intf 0 172.17.31.2 locl 1780 2172.17.31.2/32 dest 0 172.17.31.2 locl 1780 2172.17.31.254/32 intf 0 172.17.31.254 locl 1785 2172.17.31.254/32 dest 0 172.17.31.254 locl 1785 2172.17.31.255/32 dest 0 172.17.31.255 bcst 1754 1 irb.3110.5.5.1/32 user 1 192.168.103.2 ucst 1753 13 ae2.010.5.5.2/32 user 0 192.168.103.2 ucst 1753 13 ae2.010.5.5.3/32 user 1 172.17.2.1 ucst 1770 7 ae100.010.5.5.4/32 intf 0 10.5.5.4 locl 1739 110.5.5.5/32 user 0 192.168.103.2 ucst 1753 13 ae2.010.5.5.254/32 intf 0 10.5.5.254 locl 1740 110.219.29.128/26 intf 0 rslv 335 1 em0.010.219.29.128/32 dest 0 10.219.29.128 recv 333 1 em0.010.219.29.129/32 dest 0 0:0:5e:0:1:10 ucst 336 4 em0.010.219.29.130/32 dest 0 c:86:10:99:d5:2c ucst 337 1 em0.010.219.29.186/32 dest 0 0:31:46:5d:f0:78 ucst 338 1 em0.010.219.29.187/32 intf 0 10.219.29.187 locl 334 210.219.29.187/32 dest 0 10.219.29.187 locl 334 210.219.29.191/32 dest 0 10.219.29.191 bcst 332 1 em0.010.255.29.157/32 user 0 192.168.103.2 ucst 1753 13 ae2.0192.168.100.0/24 user 0 192.168.103.2 ucst 1753 13 ae2.0192.168.101.0/24 user 0 192.168.103.2 ucst 1753 13 ae2.0192.168.102.0/24 user 0 indr 131072 2 172.17.2.1 ucst 1770 7 ae100.0192.168.103.0/24 intf 0 rslv 1736 1 irb.103192.168.103.0/32 dest 0 192.168.103.0 recv 1734 1 irb.103192.168.103.1/32 intf 0 192.168.103.1 locl 1735 2192.168.103.1/32 dest 0 192.168.103.1 locl 1735 2192.168.103.2/32 dest 1 0:10:db:ff:10:3 ucst 1753 13 ae2.0192.168.103.255/32 dest 0 192.168.103.255 bcst 1733 1 irb.103224.0.0.0/4 user 0 rslv 1738 1224.0.0.0/4 perm 0 mdsc 50 2224.0.0.0/24 user 2 mdsc 50 2224.0.0.1/32 perm 0 224.0.0.1 mcst 46 9224.0.0.2/32 user 1 224.0.0.2 mcst 46 9224.0.0.5/32 user 1 224.0.0.5 mcst 46 9224.0.0.13/32 user 1 224.0.0.13 mcst 46 9224.0.0.22/32 user 1 224.0.0.22 mcst 46 9225.0.0.16.172.16.31.4/64 user 0 indr 131075 2 comp 1788 1232.0.0.0/8 user 0 rslv 1722 1255.255.255.255/32 perm 0 bcst 47 1

Routing table: __juniper_services__.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netif

Copyright © 2016, Juniper Networks, Inc.110

Deploying Secure Multicast Market Data Services for Financial Services Environments

default perm 0 dscd 1667 20.0.0.0/32 perm 0 dscd 1667 2128.0.0.0/2 intf 0 rslv 1676 1 jsrv.1128.0.0.0/32 dest 0 128.0.0.0 recv 1674 1 jsrv.1128.0.0.127/32 intf 0 128.0.0.127 locl 1675 2128.0.0.127/32 dest 0 128.0.0.127 locl 1675 2191.255.255.255/32 dest 0 191.255.255.255 bcst 1673 1 jsrv.1224.0.0.0/4 perm 0 mdsc 1668 1224.0.0.1/32 perm 0 224.0.0.1 mcst 1664 1255.255.255.255/32 perm 0 bcst 1665 1

Routing table: __master.anon__.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1682 10.0.0.0/32 perm 0 dscd 1680 1224.0.0.0/4 perm 0 mdsc 1681 1224.0.0.1/32 perm 0 224.0.0.1 mcst 1677 1255.255.255.255/32 perm 0 bcst 1678 1

Routing table: default-switch.inetInternet:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1706 10.0.0.0/32 perm 0 dscd 1704 10.8.0.1.0.0.224/52 user 0 mdsc 1705 20.8.0.1.0.0.225.0.0.16/80 user 0 indr 131077 4 comp 1786 10.8.0.1.0.0.225.0.0.16.172.16.31.4/112 user 0 indr 131077 4 comp 1786 1224.0.0.0/4 perm 0 mdsc 1705 2224.0.0.1/32 perm 0 224.0.0.1 mcst 1701 1255.255.255.255/32 perm 0 bcst 1702 1

Routing table: default.isoISO:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 75 1

Routing table: __master.anon__.isoISO:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1688 1

Routing table: default.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 59 1::/128 perm 0 dscd 57 1ff00::/8 perm 0 mdsc 58 1ff02::1/128 perm 0 ff02::1 mcst 54 3ff02::2/128 user 0 ff02::2 mcst 54 3ff02::d/128 user 0 ff02::d mcst 54 3ff30::/32 user 0 rslv 1723 1

Routing table: __master.anon__.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1697 1

111Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

::/128 perm 0 dscd 1695 1ff00::/8 perm 0 mdsc 1696 1ff02::1/128 perm 0 ff02::1 mcst 1693 1

Routing table: default-switch.inet6Internet6:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 rjct 1714 1::/128 perm 0 dscd 1712 1ff00::/8 perm 0 mdsc 1713 1ff02::1/128 perm 0 ff02::1 mcst 1710 1

Routing table: default.mplsMPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 65 1

Routing table: __mpls-oam__.mplsMPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1690 1

Routing table: __juniper_private1__.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 241 1

Routing table: default-switch.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 1718 1ae1.0 intf 0 ucst 1728 3 ae1.0ae100.0 intf 0 ucst 1726 4 ae100.0ae2.0 intf 0 ucst 1751 4 ae2.0ge-0/0/23.0 intf 0 ucst 1778 5 ge-0/0/23.0

Routing table: default-switch.bridgeBridging domain: V_103.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:10:db:ff:10:03/48 user 0 ucst 1751 4 ae2.00x30003/51 user 0 comp 1777 20x30000/51 user 0 comp 1752 2

Routing table: default-switch.bridgeBridging domain: V_2_Routing_MC_AE.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:31:46:5d:eb:80/48 user 0 ucst 1726 4 ae100.00x30007/51 user 0 comp 1768 20x30006/51 user 0 comp 1767 2

Routing table: default-switch.bridgeBridging domain: V_31.bridgeVPLS:Destination Type RtRef Next hop Type Index NhRef Netif00:00:95:42:85:17/48 user 0 ucst 1778 5 ge-0/0/23.00x30009/51 user 0 comp 1784 20x30009/56 user 0 rtbl 1709 20x30008/51 user 0 comp 1783 2

Copyright © 2016, Juniper Networks, Inc.112

Deploying Secure Multicast Market Data Services for Financial Services Environments

Routing table: default.device-routeDevice Route:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 105 3LId: 0, RId: 0 user 0 dscd 105 3LId: 0, RId: 255 user 0 dscd 105 3

Routing table: default.dhcp-snoopingDHCP Snooping:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 113 1

Routing table: default.fibre-channelFibre Channel:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 129 1

Routing table: default.fc-fmembersFC Fabric Members:Destination Type RtRef Next hop Type Index NhRef Netifdefault perm 0 dscd 137 1

Meaning The sample output displays the Routing Engine's forwarding table, including the

network-layer prefixes and their next hops. This command is used to help verify that the

routing protocol process has relayed the correction information to the forwarding table.

TheRoutingEngineconstructsandmaintainsoneormore routing tables. Fromthe routing

tables, the Routing Engine derives a table of active routes, called the forwarding table.

RelatedDocumentation

• About This Network Configuration Example on page 5

• Use Case Overview on page 5

• Technical Overview on page 7

113Copyright © 2016, Juniper Networks, Inc.

Chapter 1: Deploying Secure Multicast Market Data Services for Financial Services Environments

Copyright © 2016, Juniper Networks, Inc.114

Deploying Secure Multicast Market Data Services for Financial Services Environments