Configuring OSPF
Problem
Your want to configure OSPF on a JUNOS router.
Solution
You enable OSPF by defining the interfaces on which it will run and the area to which the interfaces will be attached:
[edit protocols] aviva@RouterG# set ospf area 0.0.0.0 interface fe-0/0/1.0 aviva@RouterG# set ospf area 0.0.0.0 interface fe-1/0/1.0
Discussion
The basic setup for configuring a single OSPF area is straightforward. Enable the protocol on all router interfaces that will participate in the OSPF domain and specify which area the interfaces are in. In this recipe, area 0 has three routers (see Figure 12-1).
In this recipe, we configure OSPF on two interfaces of a router that is in the backbone area, which has an area identifier of 0.0.0.0. In addition, the router must have a router ID to identify the router from which OSPF packets originate. In this recipe, we don set one explicitly because we have configured a unicast IP address on the routers lo0 interface and this address is used as the router ID:
aviva@RouterG> show configuration interfaces lo0
unit 0 {
family inet {
address 192.168.19.1/32;
}
}
Figure 12-1. OSPF single-area topology
You do not need to explicitly configure OSPF to run on lo0, because the JUNOS software automatically configures lo0 as a stub network if the router ID is the same as the address on the lo0 interface (which is what is recommended). Use the following command to set the router ID:
[edit routing-options] aviva@RouterG# set router-id 192.168.19.1
In this recipe, using the lo0 as the router ID is implicit. Having the router ID be the same as the lo0 address provides a way for OSPF packets to get to the Routing Engine. If the router ID is different from the lo0 address, OSPF does not automatically run on the routers lo0 interface. The result is that LSAs will use the router ID as the originator, but the routing table will have a route to the lo0 address but not to the router ID.
However, it is good practice to configure the lo0 interface as a passive interface:
[edit protocols] aviva@RouterG# set ospf area 0.0.0.0 interface lo0.0 passive
Passive interfaces advertise their addresses but do not form adjacencies.
With this simple configuration, the OSPF protocol takes over. You do not have to configure neighbors; OSPF automatically discovers them. (The exception to this is running OSPF on multipoint nonbroadcast, multiaccess [ NBMA] networks, such as ATM and Frame Relay. For these, you must explicitly configure neighbors.) OSPF then establishes adjacencies with its neighbors, first sending OSPF Hello packets to ensure that the two ends of the link can communicate. All point-to-point neighbors become adjacent to each other, and, on LANs, all interfaces become adjacent to the DR and BDR. In the process of establishing adjacencies, the routers synchronize their link-state databases. Once the adjacencies are established, OSPF floods LSAs to establish consistent routing databases.
To check that OSPF is running on the router interfaces, use the show ospf interface command:
aviva@RouterG> show ospf interface Interface State Area DR ID BDR ID Nbrs fe-0/0/1.0 DR 0.0.0.0 192.168.19.1 192.168.18.1 1 fe-1/0/1.0 BDR 0.0.0.0 192.168.17.1 192.168.19.1 1
This output shows the two interfaces we configured, fe-0/0/1 and fe-1/0/1. Both interfaces are in the backbone area, Area 0.0.0.0, and each has one neighbor. The State field indicates that interface fe-/0/0/1 is the DR for this network and interface fe-1/0/1 is the BDR, which is used if the DR becomes unavailable. The DR-ID and BDR-ID fields show the router ID of the DR and BDR. With this configuration, OSPF chooses as the designated router the interface with the highest router ID because all routers are using the default priority (which you see with the show ospf neighbor command, described below). If the router has not yet determined which router is the DR, the state is Waiting:
aviva@RouterJ> show ospf interface Interface State Area DR ID BDR ID Nbrs fe-1/0/0.0 BDR 0.0.0.0 192.168.18.1 192.168.17.1 1 fe-1/0/1.0 Waiting 0.0.0.0 0.0.0.0 0.0.0.0 0
Use the show ospf neighbor command to see who the OSPF neighbors are:
aviva@RouterG> show ospf neighbor Address Interface State ID Pri Dead 10.0.1.1 fe-0/0/1.0 Full 192.168.18.1 128 34 10.0.0.2 fe-1/0/1.0 Full 192.168.17.1 128 34
The Interface column lists the two interfaces we configured. Interface fe-0/0/1 connects to the neighbors interface address 10.0.1.1, and this neighbor has a router ID of 192.168.18.1. The other interface, fe-1/0/1, goes to the neighbors interface at IP address 10.0.0.2, and this neighbor has a router ID of 192.168.17.1. You see from this output that both neighbors have a router priority of 128, which is the default OSPF priority. OSPF uses this value to select the DR, choosing the router with the highest priority to be the DR. In the event of a tie, OSPF chooses the router with the highest router ID.
The State column shows the state of each OSPF neighbor. When OSPF network connectivity has established and the network is up and running, the state is Full. As OSPF connectivity is establishing, you may see Attempt, Init, or 2way in this field. (If either end of an adjacency on a LAN is not a DR or a BDR, the final state is 2Way.) If the state does not show as Full after about 30 seconds, check that the OSPF connectivity between the two neighbors is working correctly. Use the show interfaces command to make sure that the interface is operational. On the neighboring router, use the show configuration protocols ospf command to make sure that OSPF is configured, properly, and use the show ospf neighbor and show ospf interface commands to verify that OSPF is running on the interfaces.
Another common problem in establishing adjacencies is an MTU mismatch between the end points of the adjacency. This causes the adjacency to get stuck in the ExState state. The show interfaces command shows the MTU sizes for the physical and logical interfaces.
The last column of the output shows the OSPF dead interval, which is the amount of time remaining before the router closes the adjacency with its neighbor. OSPF sends Hello packets, which act as adjacency keepalives, every 10 seconds (this is the default). If there are no problems with the connection or the routers, the dead interval never drops below 31 seconds. The default dead time is four times the hello interval, or 40 seconds.
In the show ospf interface output, you can see that OSPF has automatically chosen DRs and a BDR:
aviva@RouterG> show ospf interface Interface State Area DR ID BDR ID Nbrs fe-0/0/1.0 DR 0.0.0.0 192.168.19.1 192.168.18.1 1 fe-1/0/1.0 BDR 0.0.0.0 192.168.17.1 192.168.19.1 1
How does OSPF elect the DR? It chooses the DR based on the priority. However, the default priority value (128) is the same for all OSPF interfaces, and we haven changed it in the configuration:
aviva@RouterG> show ospf neighbor Address Interface State ID Pri Dead 10.0.1.1 fe-0/0/1.0 Full 192.168.18.1 128 34 10.0.0.2 fe-1/0/1.0 Full 192.168.17.1 128 34
When an OSPF interface comes up, one of the things it checks is whether the network already has a DR. If it does, the interface simply accepts that DR regardless of its own router priority. In other words, the assignment of the DR is sticky. This is done by design because its relatively traumatic for the network to switch DRs (except to promote the BDR). So, even if you were to configure a DR priority (the priority can be a value from 1 to 255, with a higher number taking priority), it is effectively ignored once a DR is elected. Typically, there is no reason to care which router is the DR, because all JUNOS routers are powerful enough to handle the LSA load.
Router Configuration and File Management
- Introduction
- Configuring the Router for the First Time
- Configuring the Router from the CLI
- Getting Exclusive Access to Configure the Router
- Displaying the Commands to Recreate a Configuration
- Including Comments in the Configuration
- Checking the Syntax of the Configuration
- Activating the Router Configuration
- Debugging a Failed Commit
- Exiting Configuration Mode
- Keeping a Record of Configuration Changes
- Determining What Changes You Have Made to the Configuration
- Configuring the Router by Copying a File from a Server
- Configuring the Router by Copying Text from a Terminal Window
- Backing Up the Routers Configuration
- Scheduling the Activation of a Configuration
- Provisionally Activating a Configuration
- Loading a Previous Router Configuration
- Creating an Emergency Rescue Configuration
- Backing Up Filesystems on M-Series and T-Series Routers
- Backing Up Filesystems on J-Series Routers
- Restoring a Backed-Up Filesystem
- Installing a Different Software Release on M-Series and T-Series Routers
- Installing a Different Software Release on J-Series Routers
- Creating an Emergency Boot Disk
- Gathering Software Version Information
- Gathering Hardware Inventory Information
- Finding Out How Long the Router Has Been Up
- Gathering Information Before Contacting Support
- Managing Routers with Similar Configurations
- Managing Redundant Routing Engines
- Using the Second Routing Engine to Upgrade to a New Software Version
Basic Router Security and Access Control
- Basic Router Security and Access Control
- Introduction
- Allowing Access to the Router
- Controlling Root Authentication
- Logging In to the Routers Console
- Setting the Login Authentication Methods
- Setting Up Login Accounts on the Router
- Changing the Format of Plain-Text Passwords
- Changing the Plain-Text Password Encryption Method
- Creating a Login Account for Remote Authentication
- Creating a Group Login Account
- Customizing Account Privileges
- Creating a Privilege Class that Hides Encrypted Passwords
- Setting Up RADIUS User Authentication
- Setting Up TACACS+ User Authentication
- Restricting Inbound SSH and Telnet Access
- Setting the Source Address for Telnet Connections
- Creating a Login Banner
- Finding Out Who Is Logged In to the Router
- Logging Out of the Router
- Forcibly Logging a User Out
IPSec
- IPSec
- Introduction
- Configuring IPSec
- Configuring IPSec Dynamic SAs
- Creating IPSec Dynamic SAs on J-Series Routers or Routers with AS PICs
- Using Digital Certificates to Create Dynamic IPSec SAs
SNMP
- SNMP
- Introduction
- Configuring SNMP
- Setting Router Information for the MIB-II System Group
- Setting Up SNMP Traps
- Controlling SNMP Access to the Router
- Using a Firewall Filter to Protect SNMP Access
- Controlling Access to Router MIBs
- Extracting Software Inventory Information with SNMP
- Extracting Hardware Inventory Information with SNMP
- Collecting Router Operational Information with SNMP
- Logging SNMP Access to the Router
- Logging Enterprise-Specific Traps
- Using RMON Traps to Monitor the Routers Temperature
- Configuring SNMPv3
- Tracking Router Configuration Changes
- Setting Up SNMPv3 Traps
Logging
- Logging
- Introduction
- Turning On Logging
- Limiting the Messages Collected
- Including the Facility and Severity in Messages
- Changing the Size of a Logging File
- Clearing the Routers Logfiles
- Sending Log Messages to Your Screen
- Sending Logging Messages to a Log Server
- Saving Logging Messages to the Other Routing Engine
- Turning Off Logging
- Turning On Basic Tracing
- Monitoring Interface Traffic
NTP
- NTP
- Introduction
- Setting the Date and Time on the Router Manually
- Setting the Time Zone
- Synchronizing Time When the Router Boots
- Synchronizing Time Periodically
- Authenticating NTP
- Checking NTP Status
Router Interfaces
- Router Interfaces
- Introduction
- Viewing Interface Status
- Viewing Traffic Statistics on an Interface
- Setting an IP Address for the Router
- Setting the Routers Source Address
- Configuring an IPv4 Address on an Interface
- Configuring an IPv6 Address on an Interface
- Configuring an ISO Address on an Interface
- Creating an MPLS Protocol Family on a Logical Interface
- Configuring an Interface Description
- Choosing Primary and Preferred Interface Addresses
- Using the Management Interface
- Finding Out What IP Addresses Are Used on the Router
- Configuring Ethernet Interfaces
- Using VRRP on Ethernet Interfaces
- Connecting to an Ethernet Switch
- Configuring T1 Interfaces
- Performing a Loopback Test on a T1 Interface
- Setting Up a BERT Test on a T1 Interface
- Configuring Frame Relay on a T1 Interface
- Configuring a SONET Interface
- Using APS to Protect Against SONET Circuit Failures
- Configuring an ATM Interface
- Dealing with Nonconfigurable Interfaces
- Configuring Interfaces Before the PICs Are Installed
IP Routing
- IP Routing
- Introduction
- Viewing the Routes in the Routing Table
- Viewing Routes to a Particular Prefix
- Viewing Routes Learned from a Specific Protocol
- Displaying the Routes in the Forwarding Table
- Creating Static Routes
- Blackholing Routes
- Filtering Traffic Using Unicast Reverse-Path Forwarding
- Aggregating Routes
- Load-Balancing Traffic Flows
- Adding Martian Addresses
- Changing Route Preferences to Migrate to Another IGP
- Configuring Routing Protocols to Restart Without Losing Adjacencies
Routing Policy and Firewall Filters
- Routing Policy and Firewall Filters
- Introduction
- Creating a Simple Routing Policy
- Changing a Routes Routing Information
- Filtering Routes by IP Address
- Filtering Long Prefixes
- Filtering Unallocated Prefix Blocks
- Creating a Chain of Routing Policies
- Making Sure a Routing Policy Is Functioning Properly
- Creating a Simple Firewall Filter that Matches Packet Contents
- Creating a Firewall Filter that Negates a Match
- Reordering Firewall Terms
- Filtering Traffic Transiting the Router
- Using a Firewall Filter to Count Traffic on an Interface
- Logging the Traffic on an Interface
- Limiting Traffic on an Interface
- Protecting the Local Routing Engine
- Rate-Limiting Traffic Flow to the Routing Engine
- Using Counters to Determine Whether a Router Is Under Attack
RIP
- RIP
- Introduction
- Configuring RIP
- Having RIP Advertise Its Routes
- Configuring RIP for IPv6
- Enabling RIP Authentication
- Routing RIP Traffic over Faster Interfaces
- Sending Version 1 Update Messages
- Tracing RIP Protocol Traffic
IS-IS
- IS-IS
- Introduction
- Configuring IS-IS
- Viewing the IS-IS Link-State Database
- Viewing Routes Learned by IS-IS
- Configuring IS-IS for IPv6
- Configuring a Level 1Only Router
- Controlling DIS Election
- Enabling IS-IS Authentication
- Redistributing Static Routes into IS-IS
- Leaking IS-IS Level 2 Routes into Level 1
- Adjusting IS-IS Link Costs
- Improving IS-IS Convergence Times
- Moving IS-IS Traffic off a Router
- Disabling IS-IS on an Interface
- Tracing IS-IS Protocol Traffic
OSPF
- Introduction
- Configuring OSPF
- Viewing Routes Learned by OSPF
- Viewing the OSPF Link-State Database
- Configuring OSPF for IPv6
- Configuring a Multiarea OSPF Network
- Setting Up Stub Areas
- Creating a Not-So-Stubby Area
- Summarizing Routes in OSPF
- Enabling OSPF Authentication
- Redistributing Static Routes into OSPF
- Adjusting OSPF Link Costs
- Improving OSPF Convergence Times
- Moving OSPF Traffic off a Router
- Disabling OSPF on an Interface
- Tracing OSPF Protocol Traffic
BGP
- Introduction
- Configuring a BGP Session Between Routers in Two ASs
- Configuring BGP on Routers Within an AS
- Diagnosing TCP Session Problems
- Adjusting the Next-Hop Attribute
- Adjusting Local Preference Values
- Removing Private AS Numbers from the AS Path
- Prepending AS Numbers to the AS Path
- Filtering BGP Routes Based on AS Paths
- Restricting the Number of Routes Advertised to a BGP Peer
- Authenticating BGP Peers
- Setting Up Route Reflectors
- Mitigating Route Instabilities with Route Flap Damping
- Adding a BGP Community to Routes
- Load-Balancing BGP Traffic
- Tracing BGP Protocol Traffic
MPLS
- Introduction
- Configuring LSPs Using LDP as the Signaling Protocol
- Viewing Information and LDP-Signaled LSPs in the Routing Tables
- Verifying that an LDP-Signaled LSP Is Carrying Traffic
- Enabling LDP Authentication
- Tracing LDP Operations
- Setting Up RSVP-Signaled LSPs
- Viewing Information About RSVP-Signaled LSPs in the Routing Tables
- Verifying Packet Labels
- Verifying that the RSVP-Signaled LSP Is Carrying Traffic
- Configuring RSVP Authentication
- Protecting an LSPs Path
- Using Fast Reroute to Reduce Packet Loss Following a Link Failure
- Automatically Allocating Bandwidth
- Prioritizing LSPs
- Allowing IGP Traffic to Use an LSP
- Installing LSPs into the Unicast Routing Table
- Tracing RSVP Operations
VPNs
- Introduction
- Setting Up a Simple Layer 3 VPN
- Viewing the VPN Routing Tables
- Adding a VPN for a Second Customer
IP Multicast
- Introduction
- Configuring PIM-SM
- Manually Establishing a PIM-SM RP
- Using Auto-RP to Dynamically Map RPs
- Setting Up a PIM-SM Bootstrap Router
- Filtering PIM-SM Bootstrap Messages
- Configuring Multiple RPs in a PIM-SM Domain with Anycast RP
- Configuring Multiple RPs in a PIM-SM Domain Anycast PIM
- Limiting the Group Ranges an RP Services
- Viewing Multicast Routes
- Checking the Groups for Which a PIM-SM Router Maintains Join State
- Manually Configuring IGMP
- Using SSM
- Connecting PIM-SM Domains Using MSDP and MBGP
- Configuring PIM-DM
- Tracing PIM Packets
EAN: 2147483647
Pages: 290
