Techpubs Home
Report an Error
Collapse TOC
List of Figures
List of Tables
Index
Entire manual as PDF
- About This Guide
- GMPLS
-
- Overview
- System Requirements
- Terms and Acronyms
- GMPLS Phase 2 Implementation
- GMPLS Operation
- Configuring GMPLS
- Configuring Link Management Protocol Traffic Engineering Links
- Configuring Link Management Protocol Peers
- Configuring Peer Interfaces in OSPF and RSVP
- Establishing GMPLS LSP Path Information
- Defining GMPLS Label-Switched Paths
- Displaying Local Identifiers and Configuring Remote Identifiers
- Option: Tearing Down GMPLS LSPs Gracefully
- Option: Allowing Nonpacket GMPLS LSPs to Establish a Path Through JUNOS-Based Routers
- Option: Selecting the Peer Model for GMPLS
- Option: Selecting the Overlay Model for GMPLS
- Option: GMPLS Graceful Restart
- Option: Configuring an LMP Control Channel
- Option: Configuring GMPLS Support for Unnumbered Links
- GMPLS Configuration Examples
- Example: GMPLS Configuration
- Example: Configuring TE Link and Interface Identifiers
- Example: LMP Control Channel Configuration
- For More Information
- Revision History
- Connecting IPv6 Islands with IPv4 MPLS
-
- Overview
- System Requirements
- Terms and Acronyms
- Configuring an IPv4 MPLS Tunnel to Carry IPv6 Traffic
- Configuring IPv6 on the Customer and Core-Facing Interfaces
- Configuring MPLS and RSVP from PE Router to PE Router to Create a Tunnel
- Enabling IPv6 Tunneling in MPLS
- Configuring Multiprotocol BGP to Carry IPv6 Traffic
- Example: Connecting IPv6 Islands over an MPLS Tunnel Configuration
- For More Information
- Revision History
- Multiple Instances for Label Distribution Protocol
- MPLS LSP Link Protection and Node-Link Protection
-
- Overview
- Link Protection
- Node-Link Protection
- System Requirements
- Terms and Acronyms
- Configuring MPLS LSP Link Protection or Node-Link Protection
- Configuring Link Protection or Node-Link Protection on the LSP
- Configuring Link Protection on the RSVP Interfaces Traversed by the LSP
- Option: Configuring Multiple Bypass LSPs, Manual Bypass LSPs, and Link Protection Priority
- Option: Adding Class of Service to a Link-Protected LSP or a Bypass LSP
- Verifying MPLS LSP Link Protection and Node Link Protection
- MPLS LSP Link Protection or Node-Link Protection Configuration Examples
- Example: Configuring MPLS LSP Link Protection
- Example: Node-Link Protection Configuration
- For More Information
- Revision History
- RSVP LSP Tunnels
-
- Overview
- System Requirements
- Terms and Acronyms
- RSVP LSP Tunneling Operation
- Configuring an RSVP LSP Tunnel
- Configuring Link Management Protocol Traffic Engineering Links
- Configuring Link Management Protocol Peers
- Configuring Peer Interfaces in OSPF and RSVP
- Establishing FA-LSP Path Information
- Defining Label-Switched Paths for the FA-LSP
- Creating End-to-End LSPs to Traverse the FA-LSP
- Option: Tearing Down RSVP LSPs Gracefully
- Example: RSVP LSP Tunnel Configuration
- For More Information
- Revision History
- Simplified Interinstance Route Sharing
-
- Overview
- System Requirements
- Terms and Acronyms
- Simplified Interinstance Configuration
- Instance Export Using an IGP Export Policy
- Configuring Overlapping VPNs
- Example: Configuring Overlapping VPNs
- Configuring Nonforwarding Instances
- Example: Nonforwarding Instances Configuration
- For More Information
- Revision History
- Logical Systems
-
- Overview
- System Requirements
- Terms and Acronyms
- Configuring Logical Systems
- Configuring Logical System Administrators (Master Administrator)
- Configuring Logical System Interface Properties (Master Administrator)
- Assigning Logical Interfaces to the Logical System (Master or Logical System Administrator)
- Configuring Protocols, Routing, and Policy Statements for the Logical System (Master or Logical System Administrator)
- Configuring Other Logical System Statements
- Example: Configuring Logical Systems
-
- Verifying Your Work
-
- Router CE1 Status
- Router CE2 Status
- Router CE3 Status
- Router PE1 Status: Main Router
- Router PE1 Status: LS1
- Router PE1 Status: LS2
- Router P0 Status: Main Router
- Router P0 Status: LS1
- Router P0 Status: LS2
- Router PE2 Status: Main Router
- Router PE2 Status: LS1
- Router PE2 Status: LS2
- Router CE5 Status
- Router CE6 Status
- Router CE7 Status
- Logical System Administrator Verification Output
- Verifying Routing Instance Connectivity
- For More Information
- Revision History
- OSPF Version 3 for IPv6
- Multitopology Routing
-
- Overview
- System Requirements
- Terms and Acronyms
- Configuring Multitopology Routing
- Configuring Topologies
- Configuring Filter-Based Forwarding
- Configuring BGP for Multitopology Routing
- Option: Configuring OSPF for Multitopology Routing
- Option: Configuring Static Routes for Multitopology Routing
- Option: Configuring Route Resolution Policy
- Example: Multitopology Routing Configuration
- For More Information
- Revision History
- Flow Monitoring
-
- Overview
- Passive Flow Monitoring
- Active Flow Monitoring
- System Requirements
- Passive Flow Monitoring System Requirements
- Active Flow Monitoring System Requirements
- Active Flow Monitoring PIC Specifications
- Terms and Acronyms
- Configuring Passive Flow Monitoring
- Monitoring Traffic with a VRF Instance and a Monitoring Group
- Specifying a Firewall Filter to Select Traffic to Monitor
- Configuring Input Interfaces, Monitoring Services Interfaces, and Export Interfaces
- Establishing a VRF Instance for the Monitored Traffic
- Configuring a Monitoring Group to Send Traffic to the Flow Server
- Configuring Policy Options
- Option: Stripping MPLS Labels on ATM, Ethernet-Based, and SONET/SDH Interfaces
- Copying and Redirecting Traffic with Port Mirroring and Filter-Based Forwarding
- Specifying Port Mirroring Input and Output
- Creating a Firewall Filter to Split the Port-Mirrored Traffic into Different Instances
- Applying the Firewall Filter to a Tunnel PIC Interface
- Using Filter-Based Forwarding to Export Monitored Traffic to Multiple Destinations
- Configuring a Routing Table Group to Add Interface Routes into the Forwarding Instance
- Option: Using an ES PIC to Send Traffic to a Packet Analyzer
- Option: Applying a Firewall Filter to an Output Interface
- Using a Flow Collector Interface to Process and Export Multiple Flow Records
- Using a Dynamic Flow Capture Interface to Monitor Traffic On Demand
- Configuring the Capture Group
- Configuring the Content Destination
- Configuring the Control Source
- Configuring the Dynamic Flow Capture Interface
- Option: Configuring Thresholds
- Option: Configuring System Logging
- Option: Monitoring Dynamic Flow Capture by Using SNMP
- Hardware and Software Considerations
- Passive Flow Monitoring Configuration Examples
- Example: Passive Flow Monitoring Configuration
- Example: Flow Collector Interface Configuration
- Example: Dynamic Flow Capture Configuration
- Configuring Active Flow Monitoring
- Defining a Firewall Filter to Select Traffic for Active Flow Monitoring
- Configuring the Interfaces That Will Be Actively Monitored
- Enabling the Monitoring Services, Adaptive Services, or Multiservices Interfaces and the Export Interface
- Collecting Flow Records
- Collecting Flow Records with a Sampling Group
- Collecting Flow Records with an Accounting Group
- Replicating Routing Engine-Based Sampling to Multiple Flow Servers
- Collecting Flow Records with a Template
- Routing Engine-Based Sampling to Multiple Flow Servers
- Replicating Version 9 Flow Aggregation to Multiple Flow Servers
- Option: Configuring an Aggregate Export Timer
- Option: Configuring Port Mirroring
- Option: Configuring Port Mirroring with Filter-Based Forwarding and a Monitoring Group
- Option: Sending Traffic to Multiple Export Interfaces by Using Next-Hop Groups
- Option: Using the Flow-Tap Application to Send Packets to a Mediation Device
- Flow-Tap Architecture
- Configuring the Flow-Tap Interface
- Configuring Flow-Tap Security Properties
- Flow-Tap Application Restrictions
- Example: Flow-Tap Configuration
- Active Flow Monitoring Configuration Examples
- Example: Sampling Configuration
- Example: Sampling and Discard Accounting Configuration
- Example: Multiple Port Mirroring with Next-Hop Groups Configuration
- Flow Monitoring Output Formats
- Version 5 Formats and Fields
- Version 8 Formats and Fields
- Version 9 Formats and Fields
- For More Information
- Revision History
- IPSec
-
- Overview
- IPSec-Enabled PICs
- Authentication Algorithms
- Encryption Algorithms
- IPSec Protocols
- Security Associations
- IPSec Modes
- Digital Certificates
- Service Sets
- System Requirements
- Terms and Acronyms
- Configuring IPSec
- Considering General IPSec Issues
- Configuring Security Associations
- Configuring Manual SAs
- Configuring IKE Dynamic SAs
- Using a Filter to Select Traffic to Be Secured
- Applying the Filter or Service Set to the Interface Receiving Traffic to Be Secured
- Option: Using Digital Certificates
- Configuring a CA Profile
- Configuring a Certificate Revocation List
- Requesting a CA Digital Certificate
- Generating a Private/Public Key Pair
- Generating and Enrolling a Local Digital Certificate
- Applying the Local Digital Certificate to an IPSec Configuration
- Configuring Automatic Reenrollment of Digital Certificates
- Monitoring Digital Certificates
- Clearing Digital Certificates
- Option: Using Filter-Based Forwarding to Select Traffic to Be Secured
- Option: Using IPSec with a Layer 3 VPN
- Option: Securing BGP Sessions with Transport Mode
- Option: Securing OSPFv3 Networks with Transport Mode
- Option: Securing OSPFv2 Networks with Transport Mode
- Option: Monitoring IPSec by Using SNMP
- Option: Configuring IPSec Dynamic Endpoints
- Dynamic Endpoint Tunnel Architecture
- Authentication Process
- Dynamic Implicit Rules
- Reverse Route Insertion
- Configuring an IKE Access Profile
- Configuring the Service Set
- Configuring the Interface Identifier
- Option: Configuring Multiple Routed Tunnels in a Single Next-Hop Service Set
- IPSec Configuration Examples
- Example: ES PIC Manual SA Configuration
- Example: AS PIC Manual SA Configuration
- Example: ES PIC IKE Dynamic SA Configuration
- Example: AS PIC IKE Dynamic SA Configuration
- Example: IKE Dynamic SA Between an AS PIC and an ES PIC Configuration
- Example: AS PIC IKE Dynamic SA with Digital Certificates Configuration
- Example: Dynamic Endpoint Tunneling Configuration
- For More Information
- Revision History
- Layer 2 Circuits
-
- Overview
- System Requirements
- Terms and Acronyms
- Configuring Layer 2 Circuits
- Configuring CCC Encapsulation on CE-Facing Ethernet Interfaces
- Configuring CCC Encapsulation on CE-Facing SONET/SDH Interfaces
- Configuring a CCC Encapsulation and a Layer 2 Circuit Mode on CE-Facing ATM2 IQ Interfaces
- Configuring the MPLS Family on Core Interfaces
- Configuring the Layer 2 Circuit Neighbor Address and Virtual Circuit Identifier
- Configuring LDP and an IGP to Transport Layer 2 Circuits
- Option: Applying Traffic Engineering to a Layer 2 Circuit
- Option: Mapping Layer 2 Protocol Control Information into a Layer 2 Circuit
- Option: Configuring APS for Layer 2 Circuits
- Option: Configuring Layer 2 Circuit Trunk Mode on ATM2 IQ Interfaces
- Option: Reserving LSP Bandwidth for a Layer 2 Circuit
- Option: Selecting an MTU for a Layer 2 Circuit
- Option: Configuring Local Interface Switching for a Layer 2 Circuit
- Option: Configuring Layer 2 Circuits Simultaneously over RSVP and LDP LSPs
- Layer 2 Circuit Configuration Examples
- Example: Ethernet-Based Layer 2 Circuit Configuration
- Example: SONET/SDH-Based Layer 2 Circuit Configuration
- Example: ATM2 IQ-Based Layer 2 Circuit Configuration
- Example: Layer 2 Circuit Traffic Engineering over Multiple LSPs Configuration
- Example: APS for a Layer 2 Circuit Configuration
- For More Information
- Revision History
- Multicast over Layer 3 VPNs
-
- Multicast over Layer 3 VPNs Overview
- Multiprotocol BGP-Based Multicast VPNs: Next-Generation
- Dual PIM Multicast VPNs: Draft Rosen
- System Requirements for Multiprotocol BGP-Based Multicast VPNs: Next-Generation
- System Requirements for Dual PIM Multicast VPNs: Draft Rosen
- Terms and Acronyms
- Configuring Multiprotocol BGP-Based Multicast VPNs: Next-Generation
- Creating a Unique Logical Loopback Interface for the Routing Instance
- Configuring Interfaces for Layer 3 VPNs
- Configuring BGP, MPLS, RSVP, and an IGP on the PE and Core Routers
- Creating a Routing Instance for Multiprotocol BGP-Based Multicast VPN
- Option: Configuring Sender and Receiver Sites
- Option: Specifying Route Targets
- Configuring Provider Tunnels
- Enabling Multicast VPN in BGP
- Configuring Intra-AS Inclusive Point-to-Multipoint TE LSPs
- Configuring Intra-AS Selective Provider Tunnels
- Configuring the Master PIM Instance on the PE Router for BGP-based Multicast VPNs
- Configuring the Router’s IPv4 Bootstrap Router Priority
- Multiprotocol BGP Multicast VPNs Example
- Example: Configuring MBGP Multicast VPNs
- Dual PIM Draft-Rosen Multicast VPN Operation
- Configuring Draft-Rosen Multicast VPNs
- Configuring BGP, MPLS, RSVP, and an IGP on the PE and Core Routers
- Creating a Unique Logical Loopback Interface for the Routing Instance
- Configuring the Master PIM Instance on the PE Router in the Service Provider Network
- Configuring PIM and the VPN Group Address in a Routing Instance
- Option: Configuring PIM Sparse Mode Graceful Restart for a Layer 3 VPN
- Option: Configuring Multicast Distribution Trees for Data
- Option: Configuring MSDP Within a Layer 3 VPN
- Draft-Rosen Multicast VPNs Examples
- Example: Basic IPv4 Multicast over a Layer 3 VPN Configuration
- Example: IPv4 Multicast with Interprovider VPNs Configuration
- For More Information
- Revision History
- Translational Cross-Connect and Layer 2.5 VPNs
-
- Overview
- System Requirements
- Terms and Acronyms
- Configuring TCC Interface Switching
- Defining the Encapsulation for Layer 2 TCC Switching
- Configuring Ethernet Encapsulation with Remote and Proxy ARP Addresses
- Configuring Extended VLAN Encapsulation with Remote and Proxy ARP Addresses
- Option: Configuring Static ARP on the Ethernet Neighbor Instead of Proxy ARP
- Defining the Connection for Layer 2 TCC Switching
- Configuring MPLS
- TCC Configuration Examples
- Example: PPP to ATM TCC Configuration
- Example: Frame Relay to Fast Ethernet TCC Configuration
- Configuring Layer 2.5 VPNs
- Configuring the Encapsulation on Interfaces Participating in the Layer 2.5 VPN
- Configuring the Layer 2.5 VPN
- Option: Configuring ISO or MPLS Traffic on T-series and M320 Routers
- Example: Layer 2.5 VPN Configuration
- For More Information
- Revision History
- Virtual Private LAN Service
-
- Overview
- System Requirements
- Terms and Acronyms
- Configuring VPLS
- Configuring Routing Protocols on the PE and Core Routers
- Configuring VPLS Encapsulation on CE-Facing Interfaces
- Configuring LDP Signaling for VPLS
- Configuring a VPLS Instance with BGP Signaling
- Configuring Interworking between BGP Signaling and LDP Signaling in VPLS Instances
- Configuring Multihoming on a VPLS Border Router
- Option: Selecting an LSP for the VPLS Routing Instance to Traverse
- Option: Configuring VPLS Multihoming with BGP Signaling
- Option: Configuring VPLS Traffic Flooding over a Point-to-Multipoint LSP
- Option: Configuring Automatic Site Selection
- Option: Configuring VPLS to Use LSI Interfaces
- Option: Configuring Tunnel Services on MX-series Routers
- Configuring Integrated Routing and Bridging in a VPLS Instance (MX-series Routers Only)
- Configuring VLAN IDs in a VPLS Instance (MX-series Routers Only)
- Defining a VPLS Firewall Policer
- Defining a VPLS Firewall Filter
- Restricting Broadcast Packets in VPLS
- Option: Enabling VPLS Class of Service
- Option: Enabling VPLS Graceful Restart
- Configuring the VPLS MAC Address Timeout
- Option: Configuring VPLS Interinstance Bridging and Routing
- Option: Selecting Interfaces to Process VPLS Traffic
- Option: Limiting the Number of MAC Addresses Learned on an Interface
- Option: Optimizing VPLS Traffic Flows
- Option: Aggregated Interfaces for VPLS
- Option: Configuring VPLS Graceful Routing Engine Switchover
- Option: Configuring VPLS Nonstop Active Routing
- Configuring Nonstop Active Routing
- Synchronizing the Routing Engine Configuration
- Verifying VPLS Nonstop Active Routing Operation
- Tracing VPLS Nonstop Active Routing Synchronization Events
- Option: Configuring the Spanning Tree Protocol and VPLS on MX-series Routers
- Filtering Layer 2 Packets in a VPLS Instance (MX-series Routers Only)
- VPLS Configuration Examples
- Example: VPLS Configuration (BGP Signaling)
- Example: VPLS Configuration (BGP and LDP Interworking)
- Example: Configuring Nonstop Active Routing
- Example: Configuring Inter-AS VPLS with MAC Processing at the ASBR
- For More Information
- Revision History
- Index