JUNOS 9.4 Feature Guide
DVD Home
Techpubs Home
Report an Error
Collapse TOC
List of Figures
List of Tables
Index
Entire manual as PDF
-
About This Guide
-
-
Objectives
-
Audience
-
Supported Routing Platforms
-
Using the Indexes
-
Using the Examples in This Manual
-
Documentation Conventions
-
-
List of Technical Publications
-
Documentation Feedback
-
Requesting
Technical Support
-
GMPLS
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
GMPLS Phase 2 Implementation
-
-
GMPLS Operation
-
Configuring GMPLS
-
-
Configuring Link Management Protocol Traffic Engineering Links
-
Configuring Link Management Protocol Peers
-
Configuring Peer Interfaces in OSPF and RSVP
-
Establishing GMPLS LSP Path Information
-
Defining GMPLS Label-Switched Paths
-
Discovering Local Identifiers and Configuring Remote Identifiers
-
Option: Tearing Down GMPLS LSPs Gracefully
-
Option: Allowing Nonpacket GMPLS LSPs to Establish a Path Through
JUNOS-Based Routers
-
Option: Selecting the Peer Model or the Overlay Model for GMPLS
-
Option: GMPLS Graceful Restart
-
Option: Configuring an LMP Control Channel
-
Option: Configuring GMPLS Support for Unnumbered Links
-
GMPLS Configuration Examples
-
-
Example: GMPLS Configuration
-
Verifying Your Work
-
-
Router A Status
-
Router
C Status
-
Example: LMP Control Channel Configuration
-
Verifying Your Work
-
-
Router 1 Status
-
Router
4 Status
-
For More Information
-
Revision History
-
Connecting IPv6 Islands with IPv4 MPLS
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
Configuring an IPv4 MPLS Tunnel to Carry IPv6 Traffic
-
-
Configuring IPv6 on the Customer and Core-Facing Interfaces
-
Configuring MPLS and RSVP from PE Router to PE Router to Create
a Tunnel
-
Enabling IPv6 Tunneling in MPLS
-
Configuring Multiprotocol BGP to Carry IPv6 Traffic
-
IPv6 Traffic on an IPv4 MPLS Tunnel Example
-
-
Example: Connecting IPv6 Islands over an MPLS Tunnel Configuration
-
Verifying Your Work
-
-
Router CE1
Status
-
Router
PE1 Status
-
Router
PE2 Status
-
Router
CE2 Status
-
For More Information
-
Revision History
-
Multiple Instances for Label Distribution Protocol
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
Configuring Multiple-Instance LDP
-
-
Configuring a Master LDP Instance
-
Configuring a VRF-Based LDP Instance
-
Multiple-Instance LDP Configuration Example
-
-
Example: Multiple-Instance LDP Configuration
-
Verifying Your Work
-
-
Router CE3
Status
-
Router
PE3 Status
-
Router
CE1 Status
-
Router
PE1 Status
-
Router
PE2 Status
-
Router
CE2 Status
-
Router
PE4 Status
-
Router
CE4 Status
-
For More Information
-
Revision History
-
MPLS LSP Link Protection and Node-Link Protection
-
-
Overview
-
-
Link Protection
-
Node-Link Protection
-
System Requirements
-
Terms and Acronyms
-
Configuring MPLS LSP Link Protection or Node-Link Protection
-
-
Configuring Link Protection or Node-Link Protection on the
LSP
-
Configuring Link Protection on the RSVP Interfaces Traversed
by the LSP
-
Option: Configuring Multiple Bypass LSPs, Manual Bypass LSPs,
and Link Protection Priority
-
Option: Adding Class of Service to a Link-Protected
LSP or a Bypass LSP
-
Option: Using Enhanced Operational Mode Commands and System
Log Messages
-
MPLS LSP Link Protection or Node-Link Protection Configuration
Examples
-
-
Example: MPLS LSP Link Protection Configuration
-
Verifying Your Work
-
-
Case 1: Normal
Operation
-
Case 2: When the Link from Router 1 to Router 3 Is Disabled
-
Case 3: When the Link from Router 3 to Router 2 Is Disabled
-
Example: Node-Link Protection Configuration
-
Verifying Your Work
-
For More Information
-
Revision History
-
RSVP LSP Tunnels
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
RSVP LSP Tunneling Operation
-
Configuring an RSVP LSP Tunnel
-
-
Configuring Link Management Protocol Traffic Engineering Links
-
Configuring Link Management Protocol Peers
-
Configuring Peer Interfaces in OSPF and RSVP
-
Establishing FA-LSP Path Information
-
Defining Label-Switched Paths for the FA-LSP
-
Creating End-to-End LSPs to Traverse the FA-LSP
-
Option: Tearing Down RSVP LSPs Gracefully
-
RSVP LSP Tunnel Configuration Example
-
-
Example: RSVP LSP Tunnel Configuration
-
Verifying Your Work
-
-
Router
0
-
Router 1
-
For More Information
-
Revision History
-
Simplified Interinstance Route Sharing
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
Simplified Interinstance Configuration
-
Instance Export Using an IGP Export Policy
-
Configuring Overlapping VPNs
-
Example: Overlapping VPNs Configuration
-
Verifying Your Work
-
-
Router PE1 Status
-
Configuring Nonforwarding Instances
-
-
Example: Nonforwarding Instances Configuration
-
Verifying Your Work
-
-
Router PE2
Status
-
Router
CE3 Status
-
For More Information
-
Revision History
-
Logical Systems
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
Configuring Logical Systems
-
-
Configuring Logical System Administrators (Master Administrator)
-
Configuring Interfaces (Master Administrator)
-
Assigning Logical Interfaces to the Logical System (Master
or Logical System Administrator)
-
Configuring Protocols, Routing, and Policy Statements for the
Logical System (Master or Logical System Administrator)
-
Configuring Other Logical System Statements
-
Logical System Configuration Example
-
-
Example: Logical System Configuration
-
Verifying Your Work
-
-
Router CE1
Status
-
Router
CE2 Status
-
Router
CE3 Status
-
Router
PE1 Status: Main Router
-
Router
PE1 Status: LS1
-
Router PE1 Status: LS2
-
Router
P0 Status: Main Router
-
Router
P0 Status: LS1
-
Router
P0 Status: LS2
-
Router
PE2 Status: Main Router
-
Router
PE2 Status: LS1
-
Router PE2 Status: LS2
-
Router
CE5 Status
-
Router
CE6 Status
-
Router
CE7 Status
-
Logical System Administrator Verification
Output
-
Verifying
Routing Instance Connectivity
-
For More Information
-
Revision History
-
OSPF Version 3 for IPv6
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
Configuring OSPFv3 for IPv6
-
-
Configuring OSPFv3 as the Routing Protocol
-
Configuring Interfaces in OSPFv3 Areas
-
OSPFv3 for IPv6 Configuration Example
-
-
Configuring Virtual Links for OSPFv3
-
Example: OSPFv3 for IPv6 Configuration
-
Verifying Your Work
-
-
Router 0 Status
-
Router
1 Status
-
Router
2 Status
-
Router
3 Status
-
Router
4 Status
-
Router
5 Status
-
For More Information
-
Revision History
-
Multitopology Routing
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
Configuring Multitopology Routing
-
-
Configuring Topologies
-
Configuring Filter-Based Forwarding
-
Configuring BGP for Multitopology Routing
-
Configuring an Interior Gateway Protocol
-
-
Option: Configuring OSPF for Multitopology Routing
-
Option: Configuring Static Routes
for Multitopology Routing
-
Option: Configuring Route Resolution Policy
-
Multitopology Routing Configuration Example
-
-
Example: Multitopology Routing Configuration
-
Verifying Your Work
-
For More Information
-
Revision History
-
Flow Monitoring
-
-
Overview
-
-
Passive Flow Monitoring
-
Active Flow Monitoring
-
System Requirements
-
-
Passive Flow Monitoring
-
Active Flow Monitoring
-
Active Flow Monitoring
-
Terms and Acronyms
-
Configuring Passive Flow Monitoring
-
-
Monitoring Traffic with a VRF Instance and a Monitoring Group
-
-
Specifying
a Firewall Filter to Select Traffic to Monitor
-
Configuring Input Interfaces, Monitoring Services Interfaces, and Export Interfaces
-
Establishing a VRF Instance for the Monitored Traffic
-
Configuring a Monitoring Group to Send Traffic to the Flow
Server
-
Configuring Policy Options
-
Option: Stripping MPLS Labels on ATM, Ethernet-Based, and SONET/SDH Interfaces
-
Copying and Redirecting Traffic with Port Mirroring and Filter-Based
Forwarding
-
-
Specifying
Port Mirroring Input and Output
-
Creating
a Firewall Filter to Split the Port-Mirrored Traffic into Different Instances
-
Applying the Firewall Filter to a Tunnel PIC Interface
-
Using Filter-Based Forwarding to Export Monitored Traffic to Multiple Destinations
-
Configuring a Routing Table Group to Add Interface Routes into the Forwarding Instance
-
Option: Using an ES PIC to Send Traffic to a Packet Analyzer
-
Option: Applying a Firewall Filter to an Output Interface
-
Using a Flow Collector Interface to Process and Export Multiple
Flow Records
-
Using a Dynamic Flow Capture Interface to Monitor Traffic On
Demand
-
-
Configuring
the Capture Group
-
Configuring
the Content Destination
-
Configuring the Control Source
-
Configuring the Dynamic Flow Capture Interface
-
Option:
Configuring Thresholds
-
Option:
Configuring System Logging
-
Option: Monitoring Dynamic Flow Capture by Using SNMP
-
Hardware and Software Considerations
-
Passive Flow Monitoring Configuration Examples
-
-
Example: Passive Flow Monitoring Configuration
-
Verifying Your Work
-
Example: Flow Collector Interface Configuration
-
Verifying Your Work
-
Example: Dynamic Flow Capture Configuration
-
-
Router 1
-
Verifying Your Work
-
-
Router 1
-
Configuring Active Flow Monitoring
-
-
Defining a Firewall Filter to Select Traffic for Active Flow
Monitoring
-
Configuring the Interfaces That Will Be Actively Monitored
-
Enabling the Monitoring Services, Adaptive Services, or Multiservices
Interfaces and the Export Interface
-
Collecting Flow Records
-
-
Collecting
Flow Records with a Sampling Group
-
Collecting Flow Records with an Accounting Group
-
Replicating Routing Engine-Based
Sampling to Multiple Flow Servers
-
Collecting Flow Records with a Template
-
Routing Engine-Based Sampling
to Multiple Flow Servers
-
Replicating Version 9 Flow Aggregation
to Multiple Flow Servers
-
Option: Configuring an Aggregate Export Timer
-
Option: Configuring Port Mirroring
-
Option: Configuring Port Mirroring with Filter-Based Forwarding
and a Monitoring Group
-
Option: Sending Traffic to Multiple Export Interfaces by Using
Next-Hop Groups
-
Option: Using the Flow-Tap Application to Send Packets to a
Mediation Device
-
-
Flow-Tap Architecture
-
Configuring
the Flow-Tap Interface
-
Configuring Flow-Tap Security Properties
-
Flow-Tap
Application Restrictions
-
Example: Flow-Tap Configuration
-
Active Flow Monitoring Configuration Examples
-
-
Example: Sampling Configuration
-
Verifying Your Work
-
Example: Sampling and Discard Accounting Configuration
-
Verifying Your Work
-
Example: Multiple Port Mirroring with Next-Hop Groups Configuration
-
Flow Monitoring Output Formats
-
-
Version 5 Formats and Fields
-
Version 8 Formats and Fields
-
Version 9 Formats and Fields
-
For More Information
-
Revision History
-
IPSec
-
-
Overview
-
-
IPSec-Enabled PICs
-
Authentication Algorithms
-
Encryption Algorithms
-
IPSec Protocols
-
Security Associations
-
IPSec Modes
-
Digital Certificates
-
Service Sets
-
System Requirements
-
Terms and Acronyms
-
Configuring IPSec
-
-
Considering General IPSec Issues
-
Configuring Security Associations
-
-
Configuring
Manual SAs
-
Configuring IKE Dynamic SAs
-
Using a Filter to Select Traffic to Be Secured
-
Applying the Filter or Service Set to the Interface Receiving
Traffic to Be Secured
-
Option: Using Digital Certificates
-
-
Configuring
a CA Profile
-
Configuring a Certificate Revocation List
-
Requesting a CA Digital Certificate
-
Generating
a Private/Public Key Pair
-
Generating
and Enrolling a Local Digital Certificate
-
Applying
the Local Digital Certificate to an IPSec Configuration
-
Configuring Automatic Reenrollment
of Digital Certificates
-
Monitoring and Clearing Digital Certificates
-
Option: Using Filter-Based Forwarding to Select Traffic to
Be Secured
-
Option: Using IPSec with a Layer 3 VPN
-
Option: Securing BGP Sessions with Transport Mode
-
Option: Securing OSPFv3 Networks with Transport Mode
-
Option: Securing OSPFv2 Networks with Transport Mode
-
Option: Monitoring IPSec by Using SNMP
-
Option: Configuring IPSec Dynamic Endpoints
-
-
Dynamic Endpoint
Tunnel Architecture
-
-
Authentication
Process
-
Dynamic
Implicit Rules
-
Reverse
Route Insertion
-
Configuring an IKE Access Profile
-
Configuring the Service Set
-
Configuring
the Interface Identifier
-
Option: Configuring Multiple Routed Tunnels in a Single Next-Hop
Service Set
-
IPSec Configuration Examples
-
-
Example: ES PIC Manual SA Configuration
-
Verifying Your Work
-
-
Router 1
-
Router
2
-
Router
3
-
Router
4
-
Example: AS PIC Manual SA Configuration
-
Verifying Your Work
-
-
Router 1
-
Router
2
-
Router
3
-
Example: ES PIC IKE Dynamic SA Configuration
-
Verifying Your Work
-
-
Router 1
-
Router
2
-
Router
3
-
Router
4
-
Example: AS PIC IKE Dynamic SA Configuration
-
Verifying Your Work
-
-
Router 1
-
Router
2
-
Router
3
-
Router
4
-
Example: IKE Dynamic SA Between an AS PIC and an ES PIC Configuration
-
Verifying Your Work
-
-
Router 1
-
Router
2
-
Router
3
-
Router
4
-
Example: AS PIC IKE Dynamic SA with Digital Certificates Configuration
-
Verifying Your Work
-
-
Router 1
-
Router 2
-
Router 3
-
Router 4
-
Example: Dynamic Endpoint Tunneling Configuration
-
Verifying Your Work
-
For More Information
-
Revision History
-
Layer 2 Circuits
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
Configuring Layer 2 Circuits
-
-
Configuring an Interface Encapsulation on CE-Facing Interfaces
-
-
Configuring
CCC Encapsulation on CE-Facing Ethernet Interfaces
-
Configuring CCC Encapsulation on CE-Facing SONET/SDH Interfaces
-
Configuring a CCC Encapsulation and a Layer 2 Circuit Mode on CE-Facing ATM2 IQ Interfaces
-
Configuring the MPLS Family on Core Interfaces
-
Configuring Layer 2 Circuits
-
Configuring LDP and an IGP to Transport Layer 2 Circuits
-
Option: Applying Traffic Engineering to a Layer 2 Circuit
-
Option: Mapping Layer 2 Protocol Control Information into a
Layer 2 Circuit
-
Option: Configuring APS for Layer 2 Circuits
-
Option: Configuring Layer 2 Circuit Trunk Mode on ATM2 IQ Interfaces
-
Option: Reserving LSP Bandwidth for a Layer 2 Circuit
-
Option: Selecting an MTU for a Layer 2 Circuit
-
Option: Configuring Local Interface Switching for a Layer 2
Circuit
-
Option: Configuring Layer 2 Circuits Simultaneously over RSVP
and LDP LSPs
-
Layer 2 Circuit Configuration Examples
-
-
Example: Ethernet-Based Layer 2 Circuit Configuration
-
Verifying Your Work
-
-
Router PE1
Status
-
Router
P0 Status
-
Router
PE2 Status
-
Example: SONET/SDH-Based Layer 2 Circuit Configuration
-
Verifying Your Work
-
Example: ATM2 IQ-Based Layer 2 Circuit Configuration
-
Verifying Your Work
-
Example: Layer 2 Circuit Traffic Engineering over Multiple
LSPs Configuration
-
Verifying Your Work
-
Example: APS for a Layer 2 Circuit Configuration
-
Verifying Your Work
-
For More Information
-
Revision History
-
Multicast over Layer 3 VPNs
-
-
Overview
-
-
Multiprotocol BGP-Based Multicast VPNs: Next-Generation
-
Dual PIM Multicast VPNs: Draft Rosen
-
System Requirements for Multiprotocol BGP-Based Multicast VPNs:
Next-Generation
-
System Requirements for Dual PIM Multicast VPNs: Draft Rosen
-
Terms and Acronyms
-
Configuring Multiprotocol BGP-Based Multicast VPNs: Next-Generation
-
-
Creating a Unique Logical Loopback Interface for the Routing
Instance
-
Configuring Interfaces for Layer 3 VPNs
-
Configuring BGP, MPLS, RSVP, and an IGP on the PE and Core
Routers
-
Creating a Routing Instance for Multiprotocol BGP-Based Multicast
VPN
-
Option: Configuring Sender and Receiver Sites
-
Option: Specifying Route Targets
-
Configuring Provider Tunnels
-
Enabling Multicast VPN in BGP
-
Configuring Traffic Engineering Point-to-Multipoint LSPs in
Provider Tunnels
-
Configuring the Master PIM Instance on the PE Router
-
Configuring the Router’s IPv4 Bootstrap Router Priority
-
Multiprotocol BGP Multicast VPNs Example
-
-
Verifying Your Work
-
-
show mvpn c-multicast
-
show mvpn instance
-
show
mvpn neighbor
-
Example: Configuring MBGP Multicast VPNs
-
Dual PIM Draft-Rosen Multicast VPN Operation
-
Configuring Draft-Rosen Multicast VPNs
-
-
Configuring BGP, MPLS, RSVP, and an IGP on the PE and Core
Routers
-
Creating a Unique Logical Loopback Interface for the Routing
Instance
-
Configuring the Master PIM Instance on the PE Router
-
Configuring PIM and the VPN Group Address in a Routing Instance
-
Option: Configuring PIM Sparse Mode Graceful Restart for a
Layer 3 VPN
-
Option: Configuring Multicast Distribution Trees for Data
-
Option: Configuring MSDP Within a Layer 3 VPN
-
Draft-Rosen Multicast VPNs Examples
-
-
Example: Basic IPv4 Multicast over a Layer 3 VPN Configuration
-
Verifying Your Work
-
-
RP Information
-
PIM
Information Prior to Multicast Transmission
-
Successful PIM Join Verification
-
Example: IPv4 Multicast with Interprovider VPNs Configuration
-
Verifying Your Work
-
-
Router CE0
Status
-
Router
PE0 Status
-
Router
P0 Status
-
Router
P1 Status
-
Router
PE1 Status
-
Router
CE1 Status
-
For More Information
-
Revision History
-
Translational Cross-Connect and Layer 2.5 VPNs
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
Configuring TCC Interface Switching
-
-
Defining the Encapsulation for Layer 2 TCC Switching
-
-
Configuring
Ethernet Encapsulation with Remote and Proxy ARP Addresses
-
Configuring Extended VLAN Encapsulation with
Remote and Proxy ARP Addresses
-
Option:
Configuring Static ARP on the Ethernet Neighbor Instead
of Proxy ARP
-
Defining the Connection for Layer 2 TCC Switching
-
Configuring MPLS
-
TCC Configuration Examples
-
-
Example: PPP to ATM TCC Configuration
-
Verifying Your Work
-
Example: Frame Relay to Fast Ethernet TCC Configuration
-
Verifying Your Work
-
Configuring Layer 2.5 VPNs
-
-
Configuring the Encapsulation on Interfaces Participating in
the Layer 2.5 VPN
-
Configuring the Layer 2.5 VPN
-
Option: Configuring ISO or MPLS Traffic on T-series and M320
Routers
-
Layer 2.5 VPN Configuration Example
-
-
Example: Layer 2.5 VPN Configuration
-
Verifying Your Work
-
-
Router PE1
Status
-
Router
PE2 Status
-
Router
P Status
-
For More Information
-
Revision History
-
Virtual Private LAN Service
-
-
Overview
-
System Requirements
-
Terms and Acronyms
-
Configuring VPLS
-
-
Required Configurations for VPLS
-
-
Configuring Routing Protocols on the PE and Core Routers
-
Configuring
VPLS Encapsulation on CE-Facing Interfaces
-
Configuring a Signaling Protocol
for VPLS
-
-
Configuring LDP Signaling for VPLS
-
Configuring a VPLS Instance with BGP Signaling
-
Configuring Interworking between
BGP Signaling and LDP Signaling in VPLS Instances
-
Configuring Multihoming on a VPLS Border
Router
-
VPLS Options for BGP Signaling
-
-
Option: Selecting
an LSP for the VPLS Routing Instance to Traverse
-
Option: Configuring VPLS Multihoming
with BGP Signaling
-
Option: Configuring VPLS Traffic Flooding over a Point-to-Multipoint
LSP
-
Option: Configuring Automatic
Site Selection
-
VPLS Options for BGP and LDP Signaling
-
-
Option: Configuring
VPLS to Use LSI Interfaces
-
Option:
Configuring Tunnel Services on MX-series Routers
-
Optional:
Configuring Integrated Routing and Bridging in a VPLS Instance (MX-series
Routers Only)
-
Optional: Configuring VLAN IDs
in a VPLS Instance (MX-series Routers Only)
-
Option: Applying VPLS Policers and Filters
-
Option: Enabling VPLS Class of Service
-
Option:
Enabling VPLS Graceful Restart
-
Option:
Clearing MAC Addresses and Modifying the VPLS Table Timeout Interval
-
Option: Configuring VPLS Interinstance Bridging and Routing
-
Option: Selecting Interfaces to Process VPLS Traffic
-
Option: Limiting the Number of MAC Addresses Learned on an
Interface
-
Option: Optimizing VPLS Traffic Flows
-
Option:
Aggregated Interfaces for VPLS
-
Option:
Configuring VPLS Graceful Routing Engine Switchover
-
Option: Configuring VPLS Nonstop
Active Routing
-
-
Enabling Nonstop Active Routing
-
Synchronizing the Routing Engine Configuration
-
Verifying VPLS Nonstop Active Routing Operation
-
Tracing VPLS Nonstop Active Routing Synchronization
Events
-
Example: Configuring Nonstop Active Routing
-
Option: Configuring
the Spanning Tree Protocol and VPLS on MX-series Routers
-
Filtering Layer 2 Packets in a VPLS Instance
(MX-series Routers Only)
-
VPLS Configuration Examples
-
-
Example: VPLS Configuration (BGP Signaling)
-
Verifying Your Work
-
Example: VPLS Configuration (BGP and LDP Interworking)
-
Verifying Your Work
-
Example: Configuring Inter-AS VPLS with MAC Processing at the
ASBR
-
For More Information
-
Revision History
-
Index
-
-
Index