IP Routing
The Internet is a large collection of hosts that communicate with each other and use routers as intermediate packet switches.
Routers forward a packet through the interconnected system of networks and routers until the packet reaches a router that is attached to the same network as the destination host. The router delivers the packet to the specified host on its local network.
Routing Information Tables
A router makes forwarding decisions based on the information that is contained in its routing table. Routers announce and receive route information to and from other routers. They build tables of routes based on the collected information about all the best paths to all the destinations they know how to reach.
Each configured protocol has one or more local routing tables, sometimes referred to as a routing information base (RIB). This table is a database local to the protocol that contains all the routes known by that protocol to the prefixes in the table. For example, OSPF might have four different routes to 10.23.40.5.32. Only one of these routes is the best route to that prefix known to OSPF, but all four routes are in the OSPF local routing table.
The global routing table is a database maintained by IP on the SRP module. It contains at most one route per protocol to each prefix in the table. Each of these routes is the best route known by a given protocol to get to that prefix. The IP routing table does not, for example, have two OSPF routes to 10.5.11.0/24; it will have only one (if any) OSPF route to that prefix. It might also have a BGP route to the prefix, and a RIP route to the prefix, but no more than one route to a prefix per protocol.
IP compares the administrative distances for the routes to each prefix and selects the overall best route regardless of protocol. The best route to 10.5.11.0/24 might be via IS-IS. The best route to 192.168.0.0/16 might be via EBGP, and so on. These selected overall best routes to each prefix are used to create the forwarding table. The forwarding table is pushed to each line module. The line modules use their local instance of the forwarding table to forward the packets that they receive. When the global IP routing table is updated, so are the forwarding tables on the line modules.
Figure 17 illustrates a very simple network composed of three networks and two routers. The hosts that are attached to each network are not shown, because each router makes its forwarding decisions based on the network number and not on the address of each individual host. The router uses ARP to find the physical address that corresponds to the Internet address for any host or router on networks directly connected to it.
Table 10 and Table 11 represent information from the routing tables for routers NY and LA. Each routing table contains one entry for each route for each protocol or route type. Each routing table entry includes the following information:
- The destination IP network address.
- The IP address of the next-hop router.
- The type of network, such as static, directly connected, or the particular protocol.
- An administrative distance that is used to select the least-cost route among multiple routes to the same destination network. The least-cost (best) route is placed in the forwarding table. The administrative distance is not included in the forwarding table.
- A metric that is used by protocols to which the route is redistributed to select the least-cost route among multiple routes to the same destination network. The metric is not used to determine the best route to be placed in the forwarding table. The metric is also not listed in the forwarding table.
Setting the Administrative Distance for a Route
The administrative distance is an integer that is associated with each route known to a router. The distance represents how reliable the source of the route is considered to be. A lower value is preferred over a higher value. An administrative distance of 255 indicates no confidence in the source; routes with this distance are not installed in the routing table.
Table 12 shows the default distance for each type of source from which a route can be learned.
If the IP routing table contains several routes to the same prefix—for example, an OSPF route and a RIP route—the route with the lowest administrative distance is used for forwarding.
To set the administrative distance for BGP routes, see Setting the Administrative Distance for a Route in JUNOSe Routing Protocols Configuration Guide, Vol. 2, Chapter 1, Configuring BGP Routing.
To set the administrative distance for RIP, IS-IS, and OSPF, use the following distance commands in Router Configuration mode.
distance
- Use to set an administrative distance for RIP or OSPF routes in the range 0-255.
- For RIP routes, the default value is 120.
- For OSPF routes, the default value is 110.
- Example
host1(config)#router rip
host1(config-router)#distance 100
distance ip
host1(config)#router isis
host1(config-router)#distance 80 ip
Setting the Metric for a Route
For information about how to set a metric for a route, see JUNOSe Routing Protocols Configuration Guide, Vol. 1, Chapter 1, Configuring Routing Policy as well as the individual routing protocol chapters in JUNOSe Routing Protocols Configuration Guide, Vol. 1 and JUNOSe Routing Protocols Configuration Guide, Vol. 2.
Routing Operations
Routers keep track of next-hop information that enables a data packet to reach its destination through the network. A router that does not have a direct physical connection to the destination checks its routing table and forwards packets to another next-hop router that is closer to that destination. This process continues until the packet reaches its final destination.
Identifying a Router Within an Autonomous System
The router ID is commonly one of the router's defined IP addresses. Although the router ID is, by convention, formatted as an IP address, it is not required to be a configured address of the router. If you do not use the ip router-id command to assign a router ID, the router uses one of its configured IP addresses as the router ID.
ip router-id
- Use to assign a router ID—a unique identifier that IP routing protocols use to identify the router within an autonomous system.
- Example
host1(config)#ip router-id 192.32.15.23
Establishing a Static Route
You can set a destination to receive and send traffic by a specific route through the network.
ip route
host1(config)#ip route 192.56.15.23 255.255.255.0 192.66.0.1
Configuring Static Routes with Indirect Next Hops
You can configure static routes where next hops are not on directly connected interfaces. Such a route is usable, and appears in the route table, only if another route in the route table can resolve the next hop.
The resolving route can be either statically created or dynamically learned by a routing protocol (like RIP, BGP, OSPF, and so on).
On the Boston router in the network shown in Figure 18:
- Configure a static route to 10.2.0.0/16 with a next hop of 10.5.0.2 (which is not directly connected) and an administrative distance of 254 (which is worse [higher] than the default administrative distance for static routes [1]).
- Configure another static route that resolves 10.5.0.2 and uses the default administrative distance.
host1(config)#ip route 10.2.0.0 255.255.0.0 10.5.0.2 254
host1(config)#ip route 10.5.0.0 255.255.255.252 10.1.0.2[1]
A static route to 10.2.0.0 is added to the route table with a next hop of 10.1.0.2 (on the directly connected Ethernet interface).
Verifying Next Hops for Static Routes
You can use the next-hop verification feature to further control when a static route is installed in the routing table. With this feature, static route installation is based on two factors: whether the next hop to the specified destination is resolved, and whether an IP service running above the static route application is currently available.
Next-hop verification is useful for static route configurations in which the layer 2 and layer 3 interfaces are up and the next hop to the specified destination is available, but the IP services that run above the static route are currently unavailable. When the upper-layer IP services are unavailable, the router does not install the static route in its routing table.
How Next-Hop Verification Works
Static routes on E-series routers use Response Time Reporter (RTR) probes configured as echo (ping) types to verify the availability of the next hop and obtain the state of the IP service. For more information about using RTR, see Response Time Reporter, later in this chapter.
If you specify the verify rtr keywords with an RTR operation number when you issue the ip route command to establish a static route, the router verifies the next-hop status and installs the static route in the routing table only if both of the following conditions are met:
- The next hop to the specified IP destination address is resolved.
- The specified RTR operation is currently reachable.
You can further control the installation of static routes by specifying the last-resort keyword, which is valid only when you use the verify rtr keywords in the ip route command. The last-resort keyword instructs the router to install the static route in the routing table even if the specified RTR operation is unreachable, provided that no other static route to the same network prefix is available.
Although the configuration example in the next section uses Fast Ethernet interfaces, E-series routers support next-hop verification on any type of lower-layer interface.
Configuration Example
Figure 19 shows a sample configuration that illustrates the next-hop verification feature. In this example, two Fast Ethernet interfaces are configured between a remote system and an E-series router: Fast Ethernet interface 4/0 and Fast Ethernet interface 4/1. At any given time, only one of these interfaces forwards IP traffic, even though the associated layer 2 interfaces may be up concurrently.
On the E-series router, Fast Ethernet interfaces 4/0 and 4/1 are configured as unnumbered IP interfaces. In addition, each interface has an RTR probe configured as an echo type that sends requests over the interface to determine its availability. RTR 10 sends requests over Fast Ethernet interface 4/0, and RTR 11 sends requests over Fast Ethernet interface 4/1.
In this example, both RTR 10 and RTR 11 use the IP address of the remote system (10.1.1.2) as the target address. When you configure multiple RTR entries to use the same target address, you must set the receive-interface attribute to specify the interface on which the probe expects to receive responses. (See Step 4c in the next section, Configuring Next-Hop Verification.) This action enables the router to map incoming responses to the proper RTR entry, even when multiple RTR entries have the same target address.
The ip route command is issued for each interface with the verify rtr and last-resort keywords to establish the necessary static routes. (See Steps 6 and 7 in the next section, Configuring Next-Hop Verification.) This command causes the results described in Table 13, based on the status of the associated RTR operations.
The next section, Configuring Next-Hop Verification, provides instructions for configuring the example shown in Figure 19.
Configuring Next-Hop Verification
To configure the next-hop verification example shown in Figure 19:
- Configure a loopback interface, and assign an IP address and mask to the interface.
- Configure Fast Ethernet port 4/0 with an unnumbered primary IP interface associated with the loopback interface configured in Step 1.
- Repeat Step 2 for Fast Ethernet port 4/1.
- Define probe RTR 10 for Fast Ethernet interface 4/0.
host1(config)#interface loopback 0
host1(config-if)#ip address 10.1.1.1 255.255.255.0
host1(config-if)#exit
host1(config)#interface fastEthernet 4/0
host1(config-if)#ip unnumbered loopback 0
host1(config-if)#exit
host1(config)#interface fastEthernet 4/1
host1(config-if)#ip unnumbered loopback 0
host1(config-if)#exit
- Assign an operation number to the RTR probe, and access RTR Configuration mode. For information, see Configuring the Probe Type, later in this chapter.
- Configure the RTR probe as an echo type, and set the IP destination address and source interface.
host1(config)#rtr 10
host1(config-rtr)#
You must configure the RTR probe as an echo type to use next-hop verification. For information, see Configuring the Probe Type, later in this chapter.
host1(config-rtr)#type echo protocol ipIcmpEcho 10.1.1.2
source fastEthernet 4/0
You must set the receive-interface attribute when multiple RTR operations use the same target address. For information, see Setting the Receiving Interface, later in this chapter.
host1(config-rtr)#receive-interface fastEthernet 4/0
- (Optional) Configure optional probe characteristics, such as the frequency and samples-of-history kept. For information, see Configuring Optional Characteristics, later in this chapter.
- Exit RTR Configuration mode.
- Enable the probe to react to the test-failure event and the test-completion event.
host1(config-rtr)#frequency 1
host1(config-rtr)#samples-of-history-kept 0
host1(config-rtr)#exit
You must configure both the test-failure and test-completion reaction conditions to use next-hop verification. For information, see Setting Reaction Conditions, later in this chapter.
host1(config)#rtr reaction-configuration 10 test-failure 3
host1(config)#rtr reaction-configuration 10 test-completion
- Schedule the probe operation. For information, see Scheduling the Probe, later in this chapter.
host1(config)#rtr schedule 10 life 3
host1(config)#rtr schedule 10 restart-time 1
host1(config)#rtr schedule 10 start now
- Repeat Step 4 to define RTR 11 for Fast Ethernet interface 4/1.
- Establish a static route associated with RTR 10.
host1(config)#rtr 11
host1(config-rtr)#type echo protocol ipIcmpEcho 10.1.1.2
source fastEthernet 4/1
host1(config-rtr)#receive-interface fastEthernet 4/1
host1(config-rtr)#frequency 1
host1(config-rtr)#samples-of-history-kept 0
host1(config-rtr)#exit
host1(config)#rtr reaction-configuration 11 test-failure 3
host1(config)#rtr reaction-configuration 11 test-completion
host1(config)#rtr schedule 11 life 3
host1(config)#rtr schedule 11 restart-time 1
host1(config)#rtr schedule 11 start now
This command creates a static route and installs it in the routing table only if RTR 10 is currently reachable or if no other static route to IP destination address 10.1.1.2 is usable.
host1(config)#ip route 10.1.1.2 255.255.255.255 10.1.1.2 fastEthernet 4/0
verify rtr 10 last-resort
This command creates a static route and installs it in the routing table only if RTR 11 is currently reachable or if no other static route to IP destination address 10.1.1.2 is usable.
host1(config)#ip route 10.1.1.2 255.255.255.255 10.1.1.2 fastEthernet 4/1
verify rtr 11 last-resort
When both RTR 10 and RTR 11 are unreachable, you can control which static route is installed in the routing table by including the last-resort keyword in the ip route verify rtr command only for the route that you want to install.
 |
NOTE: For detailed information about the commands for configuring RTR probes, see Response Time Reporter, later in this chapter. |
interface fastEthernet
host1(config)#interface fastEthernet 1/0
|
NOTE: For more details on use of this command, see the syntax description in the JUNOSe Command Reference Guide A to M. |
interface loopback
- Use to access and configure a loopback interface.
- You can use a loopback interface to provide a stable IP address that can minimize the impact if a physical interface goes down.
- Example
host1(config)#interface loopback 10
host1(config-if)#ip address 100.20.32.1 255.255.255.0
ip address
- Use to set an IP address for an interface or a subinterface.
- Specify the layer 2 encapsulation before you set the IP address.
- Example
host1(config-subif)#ip address 192.0.2.50 255.255.255.0
ip route verify rtr
- Use to establish a static route and associate it with a configured RTR operation.
- Use the verify rtr keywords to instruct the router to install the static route in the routing table only if the next hop to the specified destination address is resolved and if the specified RTR operation is currently reachable. When you use the verify rtr keywords, you must also specify the number of the associated RTR operation.
- Optionally, you can include the last-resort keyword when you use the verify rtr keywords to instruct the router to install the static route in the routing table even if the specified RTR operation is currently unreachable, provided that no other static route to the same network prefix is available.
- Example
host1(config)#ip route 10.1.1.5 255.255.255.0 10.1.1.5 fastEthernet 1/0 verify
rtr 5 last-resort
ip unnumbered
- Use to configure an unnumbered IP interface.
- This command enables IP processing on an interface without assigning an explicit IP address to the interface.
- You must specify an interface location, which is the identifier of another interface on which the router has an assigned IP address. This interface cannot be another unnumbered interface.
- Examples
host1(config-if)#ip unnumbered fastEthernet 3/0
host1(config-if)#ip unnumbered loopback 10
Setting Up Default Routes
A router examines its routing table to find a path for each packet. If the router cannot locate a route, it must discard the packet. You can set up a default route using the special address: 0.0.0.0. If the router cannot locate a path to a destination network and a default route is defined, the router forwards the packet to the default router. For example:
host1(config)#ip route 0.0.0.0 0.0.0.0 192.56.21.3
Default routes are typically used to reduce the size of the routing table. Routing is simplified because the router can test for a few local networks or use the default route. However, a disadvantage of default routes is the possible creation of multiple paths and routing loops.
Setting Up an Unnumbered Interface
An unnumbered interface does not have an IP address assigned to it. Unnumbered interfaces are often used in point-to-point connections where an IP address is not required.
ip unnumbered
- Use to set up an unnumbered interface.
- This command enables IP processing on an interface without assigning an explicit IP address to the interface.
- You supply an interface location, which is the type and number of another interface on which the router has an assigned IP address. This interface cannot be another unnumbered interface.
- Example
host1(config-if)#ip unnumbered fastEthernet 0/0
Adding a Host Route to a Peer on a PPP Interface
You can enable the ability to create host access routes on a PPP interface. This feature is useful in B-RAS applications.
ip access-routes
host1(config-if)#ip access-routes
Enabling Source Address Validation
Source address validation verifies that a packet has been sent from a valid source address. When a packet arrives on an interface, the router performs a routing table lookup using the source address. The result from the routing table lookup is an interface to which packets destined for that address are routed. This interface must match the interface on which the packet arrived. If it does not match, the router drops the packet.
ip sa-validate
host1(config-if)#ip sa-validate
Defining TCP Maximum Segment Size
The ip tcp adjust-mss command allows you to modify the TCP maximum segment size (MSS) for TCP sessions.
When defined, the router modifies the maximum segment size (MSS) for TCP SYN packets traveling through the interface. The modification occurs only for packets that contain values smaller than the adjusted MSS value. When the packet does not contain an MSS field value, the router assumes an MSS value of 536 and makes any modifications accordingly.
|
NOTE: Implementation of the MSS value is identical for both ingress and egress interface traffic. That is, the router uses the same MSS value when adjusting inbound or outbound TCP traffic. |
ip tcp adjust-mss
- Use to modify the maximum segment size (MSS) for TCP SYN packets traveling through the interface. The router compares the MSS value of incoming or outgoing packets against the adjusted MSS setting and replaces smaller values that it detects in any packets with the larger setting. If the packet does not contain an MSS value, the router assumes a value of 536 for the packet MSS on which to base the comparison.
- Use the no version to remove the MSS assignment from the profile.
Shutting Down an IP Interface
The router lets you disable an interface at the IP level without removing it.
ip shutdown
host1(config-if)#ip shutdown
Removing the IP Configuration
You can remove the IP configuration from an interface or subinterface.
no ip interface
- Use to remove the IP configuration from an interface or subinterface and disable IP processing on the interface.
- Example
host1(config-if)#no ip interface
Clearing IP Routes
The router enables you to clear the specified routing entries from the routing table. You must specify the IP address prefix and the mask of the IP address prefix to clear specific routes. You can later reinstall the routes you have cleared.
clear ip routes
- Use to clear specified IP routes according to an IP prefix or a VPN routing and forwarding (VRF) table.
- Use an asterisk (*) to clear all dynamic routes from the routing table.
- Example
host1#clear ip routes *
ip refresh-route
- Use to enable the owning protocols (BGP, IS-IS, OSPF) to reinstall routes removed from the IP routing table by the clear ip routes command.
- Example
host1#ip refresh-route
Clearing IP Interfaces
The router enables you to clear the counters on the specified IP interface(s).
clear ip interface
host1#clear ip interface pos 2/0
Setting a Baseline
The router enables you to set a baseline for statistics on an IP interface.
baseline ip interface
host1#baseline ip interface pos 2/0
Disabling Forwarding of Packets
The router allows you to disable forwarding of packets on an SRP Ethernet interface.
ip disable-forwarding
- Use to disable forwarding of packets on the SRP Ethernet interface.
- The purpose of this command is to maintain router performance by maximizing the CPU time available for routing protocols. Although you can allow data forwarding on the SRP Ethernet interface, router performance will be affected.
- You see an error message if you try to set this command for interfaces other than the SRP Ethernet interface.
- Example
host1(config-if)#ip disable-forwarding
Enabling Forwarding of Source-Routed Packets
IP packets are normally routed according to the destination address they contain based on the routing table at each hop through a path. The originator or source of the source-routed packets specifies the path (the series of hops) that the packets must traverse; the source makes the routing decisions. The source can specify either of the following types of source routing:
- Strict-source routing specifies every hop that the packet must traverse. The specified path consists of adjacent hops. The source generates an ICMP error if the exact path cannot be followed. For example, for a path going from source router A to router B to router C to router D, router A would specify a strict-source route as B, C, D.
- Loose-source routing specifies a set of hops that the packet must traverse, but not necessarily every hop in the path. That is, the specified hops do not have to be adjacent. For example, for a path going from source router A to router B to router C to router D, router A would specify a loose-source route as B, D or C, D, or B, C, D.
ip source-route
- Use to enable forwarding of source-routed packets in a VR or VRF.
- Forwarding is disabled by default in all VRs.
- Example
host1(config)#ip source-route
Forcing an Interface to Appear Up
The router enables you to force an IP interface to appear as if it is up, regardless of the state of the lower layers.
ip alwaysup
- Use to force an IP interface to appear as up regardless of the state of lower layers.
- This command reduces route topology changes when the network attached to this link is single-homed.
- Example
host1(config-if)#ip alwaysup
Specifying a Debounce Time
You can set a debounce time that requires an IP interface to be in a given state—for example, up or down—for the specified time before the state is reported. This feature prevents a link that briefly goes up or down from causing an unnecessary topology change, for example by causing an interface down condition. However, note that increasing the debounce time increases the latency of updating the routing table to reflect an up or down change, and the latency of routing protocols propagating the state change.
ip debounce-time
- Use to set the interval in milliseconds for which an interface must maintain a given state before the state change is reported.
- Example
host1(config)#ip debounce-time 5000
Adding a Description
The router enables you to add a text description or an alias to a static IP interface or subinterface. Adding a description helps you identify the interface and keep track of interface connections. If no IP interface currently exists, then a static IP interface is automatically created on the current layer 2 interface and the description is applied to that static IP interface. You cannot assign a profile to a layer 2 interface that has a static interface configured above it.
ip description
- Use to assign a text description or an alias to an IP interface or subinterface.
- The description or alias can be a maximum of 256 characters.
- Use the show ip interface command to display the text description.
- Examples
host1(config-if)#ip description canada01 ip interface
host1(config-subif)#ip description montreal011 ip subinterface
Enabling Link Status Traps
The router allows you to enable link status traps on an interface.
snmp trap ip link-status
host1(config-if)#snmp trap ip link-status
Configuring the Speed
The router enables you to set the speed of an IP interface.
ip speed
- Use to set the speed of the interface in bits per second.
- By default, the speed is determined from a lower-layer interface.
- Example
host1(config-if)#ip speed 1000
Configuring Equal-Cost Multipath Load Sharing
Equal-cost multipath (ECMP) sets are formed when the router finds routing table entries for the same destination with equal cost. You can add routing table entries manually (as static routes), or they are formed as routers discover their neighbors and exchange routing tables (via OSPF, BGP, and other routing protocols). The router then balances traffic across these sets of equal-cost paths by using one of the following ECMP modes:
- Hashed—Uses hashing of source and destination addresses to determine which of the available paths in the ECMP set to use
- Round-robin—Distributes packets equally among the available paths in the ECMP set
ip multipath round-robin
- Use to specify round-robin as the mode for ECMP load sharing on an interface.
- ECMP uses the round-robin mode when you have configured all interfaces in the set to round-robin. Otherwise, ECMP defaults to hashed mode because round-robin mode could cause reordering of packets. You must explicitly ensure that the possible reordering is acceptable on all the member interfaces by setting them to round-robin mode.
- Use the no version to set the ECMP mode to the default, hashed.
- Example
host1(config)#virtual-router router_0
host1:router_0(config)#interface serial 4/0:1/22.22
host1:router_0(config-subif)#ip multipath round-robin
host1:router_0(config-subif)#exit
host1:router_0(config)#exit
host1:router_0#show ip interface serial 4/0:1/22.22
serial4/0:1/22.22 is up, line protocol is up
Network Protocols: IP
Internet address is 190.121.1.1/255.255.0.0
Broadcast address is 255.255.255.255
Operational MTU = 1600 Administrative MTU = 0
Operational speed = 64000 Administrative speed = 0
Router advertisement = disabled
Administrative debounce-time = disabled
Operational debounce-time = disabled
Access routing = disabled
Multipath mode = round-robin
In Received Packets 0, Bytes 0
In Policed Packets 0, Bytes 0
In Error Packets 0
In Invalid Source Address Packets 0
Out Forwarded Packets 0, Bytes 0
Out Scheduler Drops Packets 0, Bytes 0
maximum-paths
- Use to control the maximum number of parallel routes that the routing protocol (BGP, IS-IS, OSPF, or RIP) can support.
- The maximum number of routes can range from 1-6 for BGP and from 1-16 for IS-IS, OSPF, or RIP.
- Example
host1(config-router)#maximum-paths 2
Setting a TTL Value
You can use the ip ttl command to set the TTL (time-to-live) field in the IP header for all IP operations. The TTL specifies a hop count. This configured TTL value can be overridden by other commands that specify a TTL.
ip ttl
host1(config)#ip ttl 255
Protecting Against TCP RST or SYN DoS Attacks
You can use the ip tcp ack-rst-and-syn command to help protect the router from denial of service (DoS) attacks.
Normally, when TCP receives an RST or SYN message, it tires to tear down the TCP connection. This action is expected, under normal conditions, but someone maliciously generating valid RST or SYN messages can cause problems for TCP and the network as a whole.
When you enable the ip tcp ack-rst-and-syn command, the router challenges any RST or SYN messages that it receives by sending an ACK message back to the expected source of the message. The source reacts in one of the following ways:
- If the source did send the RST or SYN message, it would recognize the ACK message to be spurious and resend another RST or SYN message. The second RST or SYN message would result in the router tearing down the connection.
- If the source did not send the RST or SYN message, the source would view the ACK message as part of an existing connection. As a result, the source would not send another RST or SYN message and the router would not tear down the connection.
NOTE: Enabling this command slightly modifies the way TCP processes RST or SYN messages to ensure that they are genuine.
ip tcp ack-rst-and-syn
host1(config)#ip tcp ack-rst-and-syn