Juniper MX Series A Comprehensive Guide to Trio Technologies on the MX

by Douglas Richard Hanks Jr., Harry Reynolds

Juniper MX Series A Comprehensive Guide to Trio Technologies on the MX Discover why routers in the Juniper MX Series with their advanced feature sets and record breaking scale are so popular among enterprises and network service providers This authoritative book shows you step by step how to implement high density high speed Layer 2 and Layer 3 Ethernet services using Router Engine DDoS Protection Multi chassis LAG Inline NAT IPFIX J Flow and many other Juniper MX features Written by Juniper Network engineers each chapter covers a specific Juniper MX vert

Publisher :

Author : Douglas Richard Hanks Jr., Harry Reynolds

ISBN : 9781449319717

Year : 2012

Language: en

File Size : 46.38 MB

Category : Computers Technology





Juniper MX Series

Douglas Richard Hanks, Jr. and Harry Reynolds

Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo



Juniper MX Series
by Douglas Richard Hanks, Jr. and Harry Reynolds
Copyright © 2012 Douglas Hanks, Jr., Harry Reynolds. All rights reserved.
Printed in the United States of America.
Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.
O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions
are also available for most titles (http://my.safaribooksonline.com). For more information, contact our
corporate/institutional sales department: 800-998-9938 or [email protected]

Editors: Mike Loukides and Meghan Blanchette
Development Editor: Patrick Ames
Production Editor: Holly Bauer
Copyeditor: Absolute Service, Inc.
Proofreader: Rachel Leach
October 2012:

Indexer: Bob Pfahler
Cover Designer: Karen Montgomery
Interior Designer: David Futato
Illustrator: Rebecca Demarest

First Edition.

Revision History for the First Edition:
2012-09-24
First release
See http://oreilly.com/catalog/errata.csp?isbn=9781449319717 for release details.

Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of
O’Reilly Media, Inc. Juniper MX Series, the image of a tawny-shouldered podargus, and related trade
dress are trademarks of O’Reilly Media, Inc.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as
trademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a
trademark claim, the designations have been printed in caps or initial caps.
While every precaution has been taken in the preparation of this book, the publisher and authors assume
no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

ISBN: 978-1-449-31971-7
[LSI]
1348575579



Dedicated to my wife and my parents. You guys
are the best. Love you.
—Douglas





I would like to acknowledge my wife, Anita, and
our two lovely daughters, Christina and Marissa,
for once again understanding and accommodating
my desire to engage in this project. And thanks to
Doug, that plucky young lad who managed to
goad me into engaging in this project when my day
job was already rather action-packed. A special
thanks to my manager, Andrew Pangelinan at
Juniper Networks, for his understanding and
support in this project.
—Harry





Table of Contents

About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
1. Juniper MX Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Junos
One Junos
Software Releases
Three Release Cadence
Software Architecture
Daemons
Routing Sockets
Juniper MX Chassis
MX80
Midrange
MX240
MX480
MX960
Trio
Trio Architecture
Buffering Block
Lookup Block
Interfaces Block
Dense Queuing Block
Line Cards and Modules
Dense Port Concentrator
Modular Port Concentrator
Packet Walkthrough
Modular Interface Card
Network Services
Switch and Control Board

2
3
3
4
5
6
11
13
14
17
18
20
21
24
25
26
27
28
30
30
31
32
41
44
46
47

vii



Ethernet Switch
Switch Fabric
J-Cell
MX Switch Control Board
Enhanced MX Switch Control Board
MX2020
Architecture
Summary
Chapter Review Questions
Chapter Review Answers

48
52
55
57
60
61
61
67
69
70

2. Bridging, VLAN Mapping, IRB, and Virtual Switches . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Isn’t the MX a Router?
Layer 2 Networking
Ethernet II
IEEE 802.1Q
IEEE 802.1QinQ
Junos Interfaces
Interface Bridge Configuration
Basic Comparison of Service Provider versus Enterprise Style
Service Provider Interface Bridge Configuration
Tagging
Encapsulation
Service Provider Bridge Domain Configuration
Enterprise Interface Bridge Configuration
Interface Mode
VLAN Rewrite
Service Provider VLAN Mapping
Stack Data Structure
Stack Operations
Stack Operations Map
Tag Count
Bridge Domain Requirements
Example: Push and Pop
Example: Swap-Push and Pop-Swap
Bridge Domains
Learning Domain
Bridge Domain Modes
Bridge Domain Options
Show Bridge Domain Commands
Clear MAC Addresses
MAC Accounting
Integrated Routing and Bridging

viii | Table of Contents



71
73
73
74
75
77
80
80
83
84
87
91
94
94
97
99
99
100
103
106
107
107
109
111
112
115
131
135
137
139
141

IRB Attributes
Virtual Switch
Configuration
Summary
Chapter Review Questions
Chapter Review Answers

142
144
145
149
150
151

3. Stateless Filters, Hierarchical Policing, and Tri-Color Marking . . . . . . . . . . . . . . . . 153
Firewall Filter and Policer Overview
Stateless versus Stateful
Stateless Filter Components
Filters versus Routing Policy
Filter Scaling
Filtering Differences for MPC versus DPC
Enhanced Filter Mode
Filter Operation
Stateless Filter Processing
Policing
Rate Limiting: Shaping or Policing?
Junos Policer Operation
Basic Policer Example
Cascaded Policers
Single and Two-Rate Three-Color Policers
Hierarchical Policers
Applying Filters and Policers
Filter Application Points
Applying Policers
Policer Application Restrictions
Bridge Filtering Case Study
Filter Processing in Bridged and Routed Environments
Monitor and Troubleshoot Filters and Policers
Bridge Family Filter and Policing Case Study
Summary
Chapter Review Questions
Chapter Review Answers

153
154
155
161
163
166
166
167
167
173
173
178
180
181
184
192
195
195
200
212
213
213
214
221
230
231
233

4. Routing Engine Protection and DDoS Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
RE Protection Case Study
IPv4 RE Protection Filter
IPv6 RE Protection Filter
DDoS Protection Case Study
The Issue of Control Plane Depletion
DDoS Operational Overview

235
236
260
271
272
273
Table of Contents | ix



Configuration and Operational Verification
Late Breaking DDoS Updates
DDoS Case Study
The Attack Has Begun!
Mitigate DDoS Attacks
BGP Flow-Specification to the Rescue
Summary
BGP Flow-Specification Case Study
Let the Attack Begin!
Summary
Chapter Review Questions
Chapter Review Answers

279
287
287
289
294
295
301
301
306
314
315
316

5. Trio Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
MX CoS Capabilities
Port versus Hierarchical Queuing MPCs
CoS Capabilities and Scale
Trio CoS Flow
Intelligent Oversubscription
The Remaining CoS Packet Flow
CoS Processing: Port- and Queue-Based MPCs
Trio Hashing and Load Balancing
Key Aspects of the Trio CoS Model
Trio CoS Processing Summary
Hierarchical CoS
The H-CoS Reference Model
Level 4: Queues
Level 3: IFL
Level 2: IFL-Sets
Level 1: IFD
Remaining
Interface Modes and Excess Bandwidth Sharing
Priority-Based Shaping
Fabric CoS
Control CoS on Host-Generated Traffic
H-CoS Summary
Trio Scheduling and Queuing
Scheduling Discipline
Scheduler Priority Levels
Scheduler Modes
H-CoS and Aggregated Ethernet Interfaces
Schedulers, Scheduler Maps, and TCPs
Trio Scheduling and Priority Summary

x | Table of Contents



319
320
323
330
331
334
334
339
344
348
349
350
352
355
358
362
362
368
384
386
387
392
393
393
395
403
421
423
430

MX Trio CoS Defaults
Four Forwarding Classes, but Only Two Queues
Default BA and Rewrite Marker Templates
MX Trio CoS Defaults Summary
Predicting Queue Throughput
Where to Start?
Trio CoS Proof-of-Concept Test Lab
Predicting Queue Throughput Summary
CoS Lab
Configure Unidirectional CoS
Verify Unidirectional CoS
Confirm Scheduling Behavior
Add H-CoS for Subscriber Access
Configure H-CoS
Verify H-CoS
Trio CoS Summary
Chapter Review Questions
Chapter Review Answers

430
431
432
434
434
435
437
451
451
453
473
494
508
512
516
529
529
532

6. MX Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
What is Virtual Chassis?
MX-VC Terminology
MX-VC Use Case
MX-VC Requirements
MX-VC Architecture
MX-VC Interface Numbering
MX-VC Packet Walkthrough
Virtual Chassis Topology
Mastership Election
Summary
MX-VC Configuration
Chassis Serial Number
Member ID
R1 VCP Interface
Routing Engine Groups
Virtual Chassis Configuration
R2 VCP Interface
Virtual Chassis Verification
Revert to Standalone
Summary
VCP Interface Class of Service
VCP Traffic Encapsulation
VCP Class of Service Walkthrough

537
539
540
541
543
554
556
558
559
560
561
561
562
563
564
566
567
570
572
573
573
573
574

Table of Contents | xi



Forwarding Classes
Schedulers
Classifiers
Rewrite Rules
Final Configuration
Verification
Summary
Chapter Review Questions
Chapter Review Answers

575
576
578
580
581
583
584
585
586

7. Trio Inline Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589
What are Trio Inline Services?
J-Flow
J-Flow Evolution
Inline IPFIX Performance
Inline IPFIX Configuration
Inline IPFIX Verification
IPFIX Summary
Network Address Translation
Types of NAT
Services Inline Interface
Service Sets
Destination NAT Configuration
Network Address Translation Summary
Tunnel Services
Enabling Tunnel Services
Tunnel Services Case Study
Tunnel Services Summary
Port Mirroring
Port Mirror Case Study
Port Mirror Summary
Summary
Chapter Review Questions
Chapter Review Answers

589
590
591
591
592
599
601
601
601
603
604
618
621
621
622
623
632
632
634
639
640
640
641

8. Multi-Chassis Link Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643
Multi-Chassis Link Aggregation
MC-LAG State Overview
MC-LAG Family Support
Multi-Chassis Link Aggregation versus MX Virtual-Chassis
MC-LAG Summary
Inter-Chassis Control Protocol
ICCP Hierarchy
xii | Table of Contents



643
645
646
647
648
648
649

ICCP Topology Guidelines
How to Configure ICCP
ICCP Configuration Guidelines
ICCP Split Brain
ICCP Summary
MC-LAG Modes
Active-Standby
Active-Active
MC-LAG Modes Summary
Case Study
Logical Interfaces and Loopback Addressing
Layer 2
Layer 3
MC-LAG Configuration
Connectivity Verification
Case Study Summary
Summary
Chapter Review Questions
Chapter Review Answers

652
652
659
664
665
665
666
668
673
673
675
676
689
695
707
716
716
717
718

9. Junos High Availability on MX Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721
Junos High-Availability Feature Overview
Graceful Routing Engine Switchover
The GRES Process
Configure GRES
GRES Summary
Graceful Restart
GR Shortcomings
Graceful Restart Operation: OSPF
Graceful Restart and other Routing Protocols
Configure and Verify OSPF GR
Graceful Restart Summary
Nonstop Routing and Bridging
Replication, the Magic That Keeps Protocols Running
Nonstop Bridging
Current NSR/NSB Support
This NSR Thing Sounds Cool; So What Can Go Wrong?
Configure NSR and NSB
Verify NSR and NSB
NSR Summary
In-Service Software Upgrades
ISSU Operation
ISSU Layer 3 Protocol Support

721
723
723
728
740
740
741
741
747
751
761
761
762
767
769
776
783
785
813
814
814
819

Table of Contents | xiii



© 2018-2019 uberlabel.com. All rights reserved