Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring Multicast in a Financial Services Environment

 

This example illustrates how to configure QFX Series switches and SRX Services Gateways to deploy secure multicast market data services for financial services environments.

Requirements

This example uses the following hardware and software components:

  • Two SRX5600 Services Gateways running Junos OS Release 12.1X47-D10 or later

  • Four QFX5100 switches running Junos OS Release 14.1X53-D30 or later

Before you begin:

  • Confirm that the two SRX5600 Services Gateways have identical hardware configurations.

  • Physically connect the two SRX devices (back-to-back for the fabric and control ports) and ensure that they are the same models.

  • Confirm that the software on both standalone SRX devices is the same Junos OS version.

  • Confirm that the license keys on both SRX devices are the same.

  • Before the SRX cluster is formed, you must configure control ports for each device, as well as assign a cluster ID and node ID to each device, and then reboot. When the system boots, both nodes come up as a cluster. For more information, see Chassis Cluster Feature Guide for security Devices.

  • If virtual chassis or virtual chassis fabric (VC/VCF) is required, ensure that all the devices are running the same Junos OS version. For more information, see Virtual Chassis Fabric Feature Guide.

Overview and Topology

This network configuration example provides an overview and a step-by-step example for deploying multicast in a financial services environment and illustrates how multiple feeds flow through an active/active SRX cluster. This example illustrates how to configure PIM sparse mode (PIM-SM), Multicast Source Discovery Protocol (MSDP), BGP, and other related technologies on QFX and SRX Series devices. In this configuration example for multicast deployment, the QFX5100 devices serve as the last-hop router (LHR) and first-hop router (FHR). The SRX5600 Services Gateways serve as a cluster. The multicast feeds go through the SRX chassis cluster configured to work in active/active mode for redundancy and efficiency purposes.

The topology for this example is shown in Figure 1.

Figure 1: Deploying Secure Multicast Market Data Services for Financial Services Environments
Deploying
Secure Multicast Market Data Services for Financial Services Environments

Table 1 shows the details on devices and IP addresses used in this configuration.

Table 1: Devices and IP Addresses

Devices

Interfaces

IP Addresses

Hostname

QFX5100-1 (10.5.5.1)

irb.2

irb.21

irb.100

lo0.0

172.16.2.1/24

172.16.21.2/24

192.168.100.1/24

10.5.5.1

QFX-10.5.5.1

QFX5100-2 (10.5.5.2)

irb.2

irb.31

irb.101

lo0.0

172.16.2.2/24

172.16.31.2/24

192.168.101.1/24

10.5.5.2

QFX-10.5.5.2

QFX5100-3 (10.5.5.3)

irb.2

irb.21

irb.102

lo0.0

172.17.2.1/24

172.17.21.2/24

192.168.102.1/24

10.5.5.3

QFX-10.5.5.3

QFX5100-4 (10.5.5.4)

irb.2

irb.31

irb.103

lo0.0

172.17.2.2/24

172.17.31.2/24

192.168.103.1/24

10.5.5.4

QFX-10.5.5.4

SRX Series Devices: SRX5600-1 and SRX5600-2

reth0.0

reth1.0

reth2.0

reth3.0

lo0.0

192.168.100.2/24

192.168.101.2/24

192.168.102.2/24

192.168.102.3/24

10.5.5.5

SRX5600-mcast-a

SRX5600-mcast-b

Configuration

This section provides step-by-step instructions for:

Configuring SRX5600 (SRX5600-mcast-a and SRX5600-mcast-b)

CLI Quick Configuration

Apply this configuration to both SRX Series devices. SRX5600-mcast-a configuration is shown here:

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

[edit]
set groups node0 system host-name srx5600-mcast-a
set groups node0 system backup-router 10.204.191.254
set groups node0 system backup-router destination 10.0.0.0/8
set groups node0 interfaces fxp0 unit 0 family inet address 10.219.29.157/26
set groups node1 system host-name srx5600-mcast-b
set groups node1 system backup-router 10.204.191.254
set groups node1 system backup-router destination 10.0.0.0/8
set groups node1 interfaces fxp0 unit 0 family inet address 10.219.29.159/26
set groups flow-type security forwarding-options family inet6 mode flow-based
set apply-groups ${node} flow-type security forwarding-process application-services session-distribution-mode hash-based
set system name-server 172.17.28.100
set system ntp server 172.17.28.5
set system ntp server 10.204.37.156
set chassis cluster reth-count 8
set chassis cluster redundancy-group 1 node 0 priority 250
set chassis cluster redundancy-group 1 node 1 priority 100
set chassis cluster redundancy-group 1 preempt
set chassis cluster redundancy-group 1 interface-monitor xe-4/0/0 weight 255
set chassis cluster redundancy-group 1 interface-monitor xe-10/0/1 weight 255
set chassis cluster redundancy-group 1 interface-monitor xe-10/0/2 weight 255
set chassis cluster redundancy-group 1 interface-monitor xe-4/0/3 weight 255
set chassis cluster redundancy-group 2 node 0 priority 100
set chassis cluster redundancy-group 2 node 1 priority 250
set chassis cluster redundancy-group 2 preempt
set chassis cluster redundancy-group 2 interface-monitor xe-10/0/0 weight 255
set chassis cluster redundancy-group 2 interface-monitor xe-4/0/1 weight 255
set chassis cluster redundancy-group 2 interface-monitor xe-4/0/2 weight 255
set chassis cluster redundancy-group 2 interface-monitor xe-10/0/3 weight 255
set interfaces xe-4/0/3 gigether-options redundant-parent reth2
set interfaces xe-10/0/2 gigether-options redundant-parent reth2
set interfaces xe-4/0/2 gigether-options redundant-parent reth3
set interfaces xe-10/0/3 gigether-options redundant-parent reth3
set interfaces lo0 unit 0 family inet address 10.5.5.5/32 primary
set interfaces xe-4/0/0 gigether-options redundant-parent reth0
set interfaces xe-10/0/0 gigether-options redundant-parent reth1
set interfaces xe-4/0/1 gigether-options redundant-parent reth1
set interfaces xe-10/0/1 gigether-options redundant-parent reth0
set interfaces reth2 vlan-tagging
set interfaces reth2 mtu 9192
set interfaces reth2 redundant-ether-options redundancy-group 1
set interfaces reth2 redundant-ether-options lacp active
set interfaces reth2 redundant-ether-options lacp periodic fast
set interfaces reth2 unit 0 vlan-id 102
set interfaces reth2 unit 0 family inet mtu 9120
set interfaces reth2 unit 0 family inet address 192.168.102.2/24
set interfaces reth3 vlan-tagging
set interfaces reth3 mtu 9192
set interfaces reth3 redundant-ether-options redundancy-group 2
set interfaces reth3 redundant-ether-options lacp active
set interfaces reth3 redundant-ether-options lacp periodic fast
set interfaces reth3 unit 0 vlan-id 103
set interfaces reth3 unit 0 family inet mtu 9120
set interfaces reth3 unit 0 family inet address 192.168.103.2/24
set interfaces reth0 vlan-tagging
set interfaces reth0 mtu 9192
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 redundant-ether-options lacp active
set interfaces reth0 redundant-ether-options lacp periodic fast
set interfaces reth0 unit 0 vlan-id 100
set interfaces reth0 unit 0 family inet mtu 9120
set interfaces reth0 unit 0 family inet address 192.168.100.2/24
set interfaces reth1 vlan-tagging
set interfaces reth1 mtu 9192
set interfaces reth1 redundant-ether-options redundancy-group 2
set interfaces reth1 redundant-ether-options lacp active
set interfaces reth1 redundant-ether-options lacp periodic fast
set interfaces reth1 unit 0 vlan-id 101
set interfaces reth1 unit 0 family inet mtu 9120
set interfaces reth1 unit 0 family inet address 192.168.101.2/24

Step-by-Step Procedure

To configure the hostnames, NTP server, reth interfaces, loopback interfaces, redundancy groups and management IP addresses to the specific nodes:

  1. Configure the name of node 0 and node 1 and assign management IP addresses.

    Because the SRX5600 Services Gateway chassis cluster configuration is contained within a single common configuration, to assign some elements of the configuration to a specific member only, you must use the Junos OS node-specific configuration method called groups. The set apply-groups ${node} command uses the node variable to define how the groups are applied to the nodes; each node recognizes its number and accepts the configuration accordingly. You must also configure out-of-band management on the fxp0 interface of the SRX5600 Services Gateway using separate IP addresses for the individual control planes of the cluster.

    {primary:node0}[edit]
    user@host# set apply-groups ${node}
    user@host# set groups node0 system host-name srx5600-mcast-a
    user@host# set groups node0 system backup-router 10.204.191.254
    user@host# set groups node0 system backup-router destination 10.0.0.0/8
    user@host# set groups node0 interfaces fxp0 unit 0 family inet address 10.219.29.157/26
    user@host# set groups node1 system host-name srx5600-mcast-b
    user@host# set groups node1 system backup-router 10.204.191.254
    user@host# set groups node1 system backup-router destination 10.0.0.0/8
    user@host# set groups node1 interfaces fxp0 unit 0 family inet address 10.219.29.159/26
  2. Configure flow-type.
    {primary:node0}[edit]
    user@host# set groups flow-type security forwarding-options family inet6 mode flow-based
    user@host# set apply-groups ${node} flow-type security forwarding-process application-services session-distribution-mode hash-based
  3. Configure the NTP server address for node 0 and node 1.
    {primary:node0}[edit]
    user@host# set system name-server 172.17.28.100
    user@host# set system ntp server 172.17.28.5
    user@host# set system ntp server 10.204.37.156
  4. Specify the number of redundant Ethernet interfaces.
    {primary:node0}[edit]
    user@host# set chassis cluster reth-count 8
  5. To create a reth interface, configure the physical interfaces independently. Because reth interfaces are pseudointerfaces, you must define the number of reth interfaces in a cluster by configuring reth-count. The reth interfaces are assigned into redundancy groups.
    {primary:node0}[edit]
    user@host# set interfaces xe-4/0/3 gigether-options redundant-parent reth2
    user@host# set interfaces xe-10/0/2 gigether-options redundant-parent reth2
    user@host# set interfaces xe-4/0/2 gigether-options redundant-parent reth3
    user@host# set interfaces xe-10/0/3 gigether-options redundant-parent reth3
    user@host# set interfaces xe-4/0/0 gigether-options redundant-parent reth0
    user@host# set interfaces xe-10/0/0 gigether-options redundant-parent reth1
    user@host# set interfaces xe-4/0/1 gigether-options redundant-parent reth1
    user@host# set interfaces xe-10/0/1 gigether-options redundant-parent reth0
  6. Configure chassis cluster redundancy groups by specifying a redundancy group's priority for primacy on each node of the cluster. The higher number takes precedence. Also specify whether a node with a higher priority can initiate a failover to become primary for the redundancy group.
    {primary:node0}[edit]
    user@host# set chassis cluster redundancy-group 1 node 0 priority 250
    user@host# set chassis cluster redundancy-group 1 node 1 priority 100
    user@host# set chassis cluster redundancy-group 1 preempt
    user@host# set chassis cluster redundancy-group 1 interface-monitor xe-4/0/0 weight 255
    user@host# set chassis cluster redundancy-group 1 interface-monitor xe-10/0/1 weight 255
    user@host# set chassis cluster redundancy-group 1 interface-monitor xe-10/0/2 weight 255
    user@host# set chassis cluster redundancy-group 1 interface-monitor xe-4/0/3 weight 255
    user@host# set chassis cluster redundancy-group 2 node 0 priority 100
    user@host# set chassis cluster redundancy-group 2 node 1 priority 250
    user@host# set chassis cluster redundancy-group 2 preempt
    user@host# set chassis cluster redundancy-group 2 interface-monitor xe-10/0/0 weight 255
    user@host# set chassis cluster redundancy-group 2 interface-monitor xe-4/0/1 weight 255
    user@host# set chassis cluster redundancy-group 2 interface-monitor xe-4/0/2 weight 255
    user@host# set chassis cluster redundancy-group 2 interface-monitor xe-10/0/3 weight 255
  7. Configure the loopback interfaces.
    user@host#set interfaces lo0 unit 0 family inet address 10.5.5.5/32 primary
  8. Configure the reth interfaces and include the Link Aggregation Control Protocol (LACP).
    {primary:node0}[edit]
    user@host# set interfaces reth2 vlan-tagging
    user@host# set interfaces reth2 mtu 9192
    user@host# set interfaces reth2 redundant-ether-options redundancy-group 1
    user@host# set interfaces reth2 redundant-ether-options lacp active
    user@host# set interfaces reth2 redundant-ether-options lacp periodic fast
    user@host# set interfaces reth2 unit 0 vlan-id 102
    user@host# set interfaces reth2 unit 0 family inet mtu 9120
    user@host# set interfaces reth2 unit 0 family inet address 192.168.102.2/24
    user@host# set interfaces reth3 vlan-tagging
    user@host# set interfaces reth3 mtu 9192
    user@host# set interfaces reth3 redundant-ether-options redundancy-group 2
    user@host# set interfaces reth3 redundant-ether-options lacp active
    user@host# set interfaces reth3 redundant-ether-options lacp periodic fast
    user@host# set interfaces reth3 unit 0 vlan-id 103
    user@host# set interfaces reth3 unit 0 family inet mtu 9120
    user@host# set interfaces reth3 unit 0 family inet address 192.168.103.2/24
    user@host# set interfaces reth0 vlan-tagging
    user@host# set interfaces reth0 mtu 9192
    user@host# set interfaces reth0 redundant-ether-options redundancy-group 1
    user@host# set interfaces reth0 redundant-ether-options lacp active
    user@host# set interfaces reth0 redundant-ether-options lacp periodic fast
    user@host# set interfaces reth0 unit 0 vlan-id 100
    user@host# set interfaces reth0 unit 0 family inet mtu 9120
    user@host# set interfaces reth0 unit 0 family inet address 192.168.100.2/24
    user@host# set interfaces reth1 vlan-tagging
    user@host# set interfaces reth1 mtu 9192
    user@host# set interfaces reth1 redundant-ether-options redundancy-group 2
    user@host# set interfaces reth1 redundant-ether-options lacp active
    user@host# set interfaces reth1 redundant-ether-options lacp periodic fast
    user@host# set interfaces reth1 unit 0 vlan-id 101
    user@host# set interfaces reth1 unit 0 family inet mtu 9120
    user@host# set interfaces reth1 unit 0 family inet address 192.168.101.2/24
  9. When you are done configuring the device, commit the configuration.
    {primary:node0}[edit]
    user@host# commit

Configuring the Security Policies, Zones, Virtual Routers, and Protocols

CLI Quick Configuration

Apply this configuration to both SRX Series devices. SRX5600-mcast-a configuration is shown here:

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

set security policies from-zone TRUST to-zone TRUST policy default-permit match source-address any
set security policies from-zone TRUST to-zone TRUST policy default-permit match destination-address any
set security policies from-zone TRUST to-zone TRUST policy default-permit match application junos-bgp
set security policies from-zone TRUST to-zone TRUST policy default-permit match application PIM
set security policies from-zone TRUST to-zone TRUST policy default-permit then permit
set security policies from-zone TRUST to-zone TRUST policy P1 match source-address MULTI
set security policies from-zone TRUST to-zone TRUST policy P1 match destination-address NETWORK5
set security policies from-zone TRUST to-zone TRUST policy P1 match application any
set security policies from-zone TRUST to-zone TRUST policy P1 then permit
set security policies from-zone TRUST to-zone TRUST policy P2 match source-address MULTI1
set security policies from-zone TRUST to-zone TRUST policy P2 match destination-address NETWORK5
set security policies from-zone TRUST to-zone TRUST policy P2 match application any
set security policies from-zone TRUST to-zone TRUST policy P2 then permit
set security policies from-zone TRUST to-zone TRUST policy P3 match source-address NETWORK1
set security policies from-zone TRUST to-zone TRUST policy P3 match source-address NETWORK2
set security policies from-zone TRUST to-zone TRUST policy P3 match source-address NETWORK3
set security policies from-zone TRUST to-zone TRUST policy P3 match source-address NETWORK4
set security policies from-zone TRUST to-zone TRUST policy P3 match source-address NETWORK7
set security policies from-zone TRUST to-zone TRUST policy P3 match source-address NETWORK8
set security policies from-zone TRUST to-zone TRUST policy P3 match source-address NETWORK10
set security policies from-zone TRUST to-zone TRUST policy P3 match source-address NETWORK11
set security policies from-zone TRUST to-zone TRUST policy P3 match destination-address NETWORK1
set security policies from-zone TRUST to-zone TRUST policy P1 match destination-address NETWORK5
set security policies from-zone TRUST to-zone TRUST policy P3 match destination-address NETWORK2
set security policies from-zone TRUST to-zone TRUST policy P3 match destination-address NETWORK3
set security policies from-zone TRUST to-zone TRUST policy P3 match destination-address NETWORK4
set security policies from-zone TRUST to-zone TRUST policy P3 match destination-address NETWORK5
set security policies from-zone TRUST to-zone TRUST policy P3 match destination-address NETWORK7
set security policies from-zone TRUST to-zone TRUST policy P3 match destination-address NETWORK8
set security policies from-zone TRUST to-zone TRUST policy P3 match destination-address NETWORK10
set security policies from-zone TRUST to-zone TRUST policy P3 match application any
set security policies from-zone TRUST to-zone TRUST policy P3 then permit
set security zones security-zone TRUST address-book address NETWORK1 192.168.0.0/24
set security zones security-zone TRUST address-book address NETWORK2 10.5.5.0/24
set security zones security-zone TRUST address-book address MULTI 172.16.21.0/24
set security zones security-zone TRUST address-book address MULTI1 172.16.31.0/24
set security zones security-zone TRUST address-book address NETWORK3 172.16.2.0/24
set security zones security-zone TRUST address-book address NETWORK7 172.16.21.0/24
set security zones security-zone TRUST address-book address NETWORK8 172.16.31.0/24
set security zones security-zone TRUST address-book address NETWORK4 172.17.2.0/24
set security zones security-zone TRUST address-book address NETWORK10 172.17.21.0/24
set security zones security-zone TRUST address-book address NETWORK11 172.17.31.0/24
set security zones security-zone TRUST address-book address NETWORK5 224.0.0.0/4
set security zones security-zone TRUST interfaces reth0.0 host-inbound-traffic system-services all
set security zones security-zone TRUST interfaces reth0.0 host-inbound-traffic protocols all
set security zones security-zone TRUST interfaces reth1.0 host-inbound-traffic system-services all
set security zones security-zone TRUST interfaces reth1.0 host-inbound-traffic protocols all
set security zones security-zone TRUST interfaces reth2.0 host-inbound-traffic system-services all
set security zones security-zone TRUST interfaces reth2.0 host-inbound-traffic protocols all
set security zones security-zone TRUST interfaces reth3.0 host-inbound-traffic system-services all
set security zones security-zone TRUST interfaces reth3.0 host-inbound-traffic protocols all
set protocols bgp group fsi_FeedA export BGP
set protocols bgp group fsi_FeedA local-as 65535
set protocols bgp group fsi_FeedA bfd-liveness-detection minimum-interval 300
set protocols bgp group fsi_FeedA bfd-liveness-detection multiplier 3
set protocols bgp group fsi_FeedA neighbor 192.168.100.1 local-address 192.168.100.2
set protocols bgp group fsi_FeedA neighbor 192.168.100.1 peer-as 64512
set protocols bgp group fsi_FeedA neighbor 192.168.102.1 local-address 192.168.102.2
set protocols bgp group fsi_FeedA neighbor 192.168.102.1 peer-as 64514
set protocols bgp group fsi_FeedB export BGP
set protocols bgp group fsi_FeedB local-as 65535
set protocols bgp group fsi_FeedB bfd-liveness-detection minimum-interval 300
set protocols bgp group fsi_FeedB bfd-liveness-detection multiplier 3
set protocols bgp group fsi_FeedB neighbor 192.168.101.1 local-address 192.168.101.2
set protocols bgp group fsi_FeedB neighbor 192.168.101.1 peer-as 64512
set protocols bgp group fsi_FeedB neighbor 192.168.103.1 local-address 192.168.103.2
set protocols bgp group fsi_FeedB neighbor 192.168.103.1 peer-as 64514
set protocols pim rp bootstrap family inet priority 0
set protocols pim rp static address 10.5.5.254
set protocols pim interface lo0.0
set protocols pim interface reth0.0 hello-interval 1
set protocols pim interface reth0.0 neighbor-policy Neighbor_Policy_reth0
set protocols pim interface reth1.0 hello-interval 1
set protocols pim interface reth1.0 neighbor-policy Neighbor_Policy_reth1
set protocols pim interface reth2.0 hello-interval 1
set protocols pim interface reth2.0 neighbor-policy Neighbor_Policy_reth2
set protocols pim interface reth3.0 hello-interval 1
set protocols pim interface reth3.0 neighbor-policy Neighbor_Policy_reth3
set policy-options prefix-list Neighbor_Grp_reth0 192.168.100.1/32
set policy-options prefix-list Neighbor_Grp_reth1 192.168.101.1/32
set policy-options prefix-list Neighbor_Grp_reth2 192.168.102.1/32
set policy-options prefix-list Neighbor_Grp_reth3 192.168.103.1/32
set policy-options policy-statement BGP term Mgmt from interface fxp0.0
set policy-options policy-statement BGP term Mgmt then reject
set policy-options policy-statement BGP term direct from protocol direct
set policy-options policy-statement BGP term direct then accept
set policy-options policy-statement BGP term BGP from protocol bgp
set policy-options policy-statement BGP term BGP then accept
set policy-options policy-statement Neighbor_Policy_reth0 from prefix-list Neighbor_Grp_reth0
set policy-options policy-statement Neighbor_Policy_reth0 then accept
set policy-options policy-statement Neighbor_Policy_reth1 from prefix-list Neighbor_Grp_reth1
set policy-options policy-statement Neighbor_Policy_reth1 then accept
set policy-options policy-statement Neighbor_Policy_reth2 from prefix-list Neighbor_Grp_reth2
set policy-options policy-statement Neighbor_Policy_reth2 then accept
set policy-options policy-statement Neighbor_Policy_reth3 from prefix-list Neighbor_Grp_reth3
set policy-options policy-statement Neighbor_Policy_reth3 then accept

Step-by-Step Procedure

To configure a security policy to permit all traffic:

  1. Create a policy and specify the match criteria for that policy. The match criteria specifies that the device can allow traffic from any source, to any destination, and on any application.
    [edit security policies from-zone TRUST to-zone TRUST]
    user@host# set policy default-permit match source-address any
    user@host# set policy default-permit match destination-address any
    user@host# set policy default-permit match application junos-bgp
    user@host# set policy default-permit match application PIM
    user@host# set policy default-permit then permit
    user@host# set policy P1 match source-address MULTI
    user@host# set policy P1 match destination-address NETWORK5
    user@host# set policy P1 match application any
    user@host# set policy P1 then permit
    user@host# set policy P2 match source-address MULTI
    user@host# set policy P2 match destination-address NETWORK5
    user@host# set policy P2 match application any
    user@host# set policy P2 then permit
    user@host# set policy P3 match source-address NETWORK1
    user@host# set policy P3 match source-address NETWORK2
    user@host# set policy P3 match source-address NETWORK3
    user@host# set policy P3 match source-address NETWORK4
    user@host# set policy P3 match source-address NETWORK7
    user@host# set policy P3 match source-address NETWORK8
    user@host# set policy P3 match source-address NETWORK10
    user@host# set policy P3 match source-address NETWORK11
    user@host# set policy P3 match destination-address NETWORK1
    user@host# set policy P3 match destination-address NETWORK5
    user@host# set policy P3 match destination-address NETWORK7
    user@host# set policy P3 match destination-address NETWORK8
    user@host# set policy P3 match destination-address NETWORK10
    user@host# set policy P3 match application any
    user@host# set policy P3 then permit
  2. Configure a security zone and specify the types of traffic and protocols that are allowed on the reth interface.
    [edit security zones]
    user@host# set security zones security-zone TRUST address-book address NETWORK1 192.168.0.0/24
    user@host# set security zones security-zone TRUST address-book address NETWORK2 10.5.5.0/24
    user@host# set security zones security-zone TRUST address-book address MULTI 172.16.21.0/24
    user@host# set security zones security-zone TRUST address-book address MULTI1 172.16.31.0/24
    user@host# set security zones security-zone TRUST address-book address NETWORK3 172.16.2.0/24
    user@host# set security zones security-zone TRUST address-book address NETWORK7 172.16.21.0/24
    user@host# set security zones security-zone TRUST address-book address NETWORK8 172.16.31.0/24
    user@host# set security zones security-zone TRUST address-book address NETWORK4 172.17.2.0/24
    user@host# set security zones security-zone TRUST address-book address NETWORK10 172.17.21.0/24
    user@host# set security zones security-zone TRUST address-book address NETWORK11 172.17.31.0/24
    user@host# set security zones security-zone TRUST address-book address NETWORK5 224.0.0.0/4
    user@host# set security zones security-zone TRUST interfaces reth0.0 host-inbound-traffic system-services all
    user@host# set security zones security-zone TRUST interfaces reth0.0 host-inbound-traffic protocols all
    user@host# set security zones security-zone TRUST interfaces reth1.0 host-inbound-traffic system-services all
    user@host# set security zones security-zone TRUST interfaces reth1.0 host-inbound-traffic protocols all
    user@host# set security zones security-zone TRUST interfaces reth2.0 host-inbound-traffic system-services all
    user@host# set security zones security-zone TRUST interfaces reth2.0 host-inbound-traffic protocols all
    user@host# set security zones security-zone TRUST interfaces reth3.0 host-inbound-traffic system-services all
    user@host# set security zones security-zone TRUST interfaces reth3.0 host-inbound-traffic protocols all
  3. Configure BGP.
    [edit]
    user@host# set protocols bgp group fsi_FeedA export BGP
    user@host# set protocols bgp group fsi_FeedA local-as 65535
    user@host# set protocols bgp group fsi_FeedA bfd-liveness-detection minimum-interval 300
    user@host# set protocols bgp group fsi_FeedA bfd-liveness-detection multiplier 3
    user@host# set protocols bgp group fsi_FeedA neighbor 192.168.100.1 local-address 192.168.100.2
    user@host# set protocols bgp group fsi_FeedA neighbor 192.168.100.1 peer-as 64512
    user@host# set protocols bgp group fsi_FeedA neighbor 192.168.102.1 local-address 192.168.102.2
    user@host# set protocols bgp group fsi_FeedA neighbor 192.168.102.1 peer-as 64514
    user@host# set protocols bgp group fsi_FeedB export BGP
    user@host# set protocols bgp group fsi_FeedB local-as 65535
    user@host# set protocols bgp group fsi_FeedB bfd-liveness-detection minimum-interval 300
    user@host# set protocols bgp group fsi_FeedB bfd-liveness-detection multiplier 3
    user@host# set protocols bgp group fsi_FeedB neighbor 192.168.101.1 local-address 192.168.101.2
    user@host# set protocols bgp group fsi_FeedB neighbor 192.168.101.1 peer-as 64512
    user@host# set protocols bgp group fsi_FeedB neighbor 192.168.103.1 local-address 192.168.103.2
    user@host# set protocols bgp group fsi_FeedB neighbor 192.168.103.1 peer-as 64514
  4. Configure routing policy.
    [edit]
    user@host# set policy-options prefix-list Neighbor_Grp_reth0 192.168.100.1/32
    user@host# set policy-options prefix-list Neighbor_Grp_reth1 192.168.101.1/32
    user@host# set policy-options prefix-list Neighbor_Grp_reth2 192.168.102.1/32
    user@host# set policy-options prefix-list Neighbor_Grp_reth3 192.168.103.1/32
    user@host# set policy-options policy-statement BGP term Mgmt from interface fxp0.0
    user@host# set policy-options policy-statement BGP term Mgmt then reject
    user@host# set policy-options policy-statement BGP term direct from protocol direct
    user@host# set policy-options policy-statement BGP term direct then accept
    user@host# set policy-options policy-statement BGP term BGP from protocol bgp
    user@host# set policy-options policy-statement BGP term BGP then accept
    user@host# set policy-options policy-statement Neighbor_Policy_reth0 from prefix-list Neighbor_Grp_reth0
    user@host# set policy-options policy-statement Neighbor_Policy_reth0 then accept
    user@host# set policy-options policy-statement Neighbor_Policy_reth1 from prefix-list Neighbor_Grp_reth1
    user@host# set policy-options policy-statement Neighbor_Policy_reth1 then accept
    user@host# set policy-options policy-statement Neighbor_Policy_reth2 from prefix-list Neighbor_Grp_reth2
    user@host# set policy-options policy-statement Neighbor_Policy_reth2 then accept
    user@host# set policy-options policy-statement Neighbor_Policy_reth3 from prefix-list Neighbor_Grp_reth3
    user@host# set policy-options policy-statement Neighbor_Policy_reth3 then accept
    user@host# set policy-options policy-statement BGP term Mgmt then reject
  5. Configure the static rendezvous point and PIM.
    [edit]
    user@host# set protocols pim rp bootstrap family inet priority 0
    user@host# set protocols pim rp static address 10.5.5.254
    user@host# set protocols pim interface lo0.0
    user@host# set protocols pim interface reth0.0 hello-interval 1
    user@host# set protocols pim interface reth0.0 neighbor-policy Neighbor_Policy_reth0
    user@host# set protocols pim interface reth1.0 hello-interval 1
    user@host# set protocols pim interface reth1.0 neighbor-policy Neighbor_Policy_reth1
    user@host# set protocols pim interface reth2.0 hello-interval 1
    user@host# set protocols pim interface reth2.0 neighbor-policy Neighbor_Policy_reth2
    user@host# set protocols pim interface reth3.0 hello-interval 1
    user@host# set protocols pim interface reth3.0 neighbor-policy Neighbor_Policy_reth3

Configuring QFX5100 — QFX_10.5.5.1

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

[edit]
set system host-name QFX_10.5.5.1
set system name-server 172.17.28.100
set system ntp server 172.17.28.5
set system ntp server 10.204.37.156
set chassis aggregated-devices ethernet device-count 4
set security authentication-key-chains key-chain fsi key 0 secret "$9$xCvdVsUDkfQn4aQF"
set security authentication-key-chains key-chain fsi key 0 start-time "2016-1-1.00:00:00 +0000"
set security authentication-key-chains key-chain fsi key 1 secret "$9$1tWhcrx7V2oGvWaZ"
set security authentication-key-chains key-chain fsi key 1 start-time "2016-1-1.00:01:00 +0000"
set interfaces xe-0/0/0 ether-options 802.3ad ae1
set interfaces xe-0/0/1 ether-options 802.3ad ae2
set interfaces ae2 mtu 9192
set interfaces ae2 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp periodic fast
set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae2 unit 0 family ethernet-switching vlan members 100
set interfaces ae1 mtu 9192
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast
set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members 100
set interfaces irb mtu 9192
set interfaces irb unit 100 family inet mtu 9120
set interfaces irb unit 100 family inet address 192.168.100.1/24
set interfaces irb unit 2 family inet address 172.16.2.1/24 vrrp-group 0 virtual-address 172.16.2.254
set interfaces irb unit 2 family inet address 172.16.2.1/24 vrrp-group 0 accept-data
set interfaces irb unit 21 family inet address 172.16.21.2/24 vrrp-group 0 virtual-address 172.16.21.254
set interfaces irb unit 21 family inet address 172.16.21.2/24 vrrp-group 0 accept-data
set interfaces lo0 unit 0 family inet address 10.5.5.1/32 primary
set interfaces lo0 unit 0 family inet address 10.5.5.254/32
set interfaces em0 unit 0 family inet address 10.219.29.188/26
set interfaces ge-0/0/13 ether-options 802.3ad ae100
set interfaces ae100 aggregated-ether-options lacp active
set interfaces ae100 aggregated-ether-options lacp periodic fast
set interfaces ae100 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae100 unit 0 family ethernet-switching vlan members 2
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members 21
set protocols bgp group fsi export BGP
set protocols bgp group fsi bfd-liveness-detection minimum-interval 300
set protocols bgp group fsi bfd-liveness-detection multiplier 3
set protocols bgp group fsi neighbor 192.168.100.2 local-address 192.168.100.1
set protocols bgp group fsi neighbor 192.168.100.2 peer-as 65535
set protocols bgp group fsi neighbor 192.168.100.2 local-as 64512
set protocols bgp group fsi_IBGP type internal
set protocols bgp group fsi_IBGP local-address 10.5.5.1
set protocols bgp group fsi_IBGP export BGP
set protocols bgp group fsi_IBGP local-as 64512
set protocols bgp group fsi_IBGP bfd-liveness-detection minimum-interval 300
set protocols bgp group fsi_IBGP bfd-liveness-detection multiplier 3
set protocols bgp group fsi_IBGP neighbor 10.5.5.2
set protocols msdp peer 10.5.5.4 local-address 10.5.5.1
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface irb.2
set protocols ospf area 0.0.0.0 interface irb.21 passive
set protocols pim rp local family inet address 10.5.5.254
set protocols pim interface irb.100 hello-interval 1
set protocols pim interface irb.100 neighbor-policy Neighbor_Policy
set protocols pim interface irb.2
set protocols pim interface irb.21
set protocols pim interface lo0.0
set protocols igmp-snooping vlan V_21
set policy-options prefix-list Neighbor_Grp 192.168.100.2/32
set policy-options policy-statement BGP term Mgmt from interface em0.0
set policy-options policy-statement BGP term Mgmt then reject
set policy-options policy-statement BGP term direct from protocol direct
set policy-options policy-statement BGP term direct then accept
set policy-options policy-statement BGP term BGP from protocol bgp
set policy-options policy-statement BGP term BGP then accept
set policy-options policy-statement BGP term Last then reject
set policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grp
set policy-options policy-statement Neighbor_Policy then accept
set vlans V_100 vlan-id 100
set vlans V_100 l3-interface irb.100
set vlans V_2_Routing_MC_AE vlan-id 2
set vlans V_2_Routing_MC_AE l3-interface irb.2
set vlans V_21 vlan-id 21
set vlans V_21 l3-interface irb.21
set switch-options redundant-trunk-group group rtg1 interface ae1.0
set switch-options redundant-trunk-group group rtg1 interface ae2.0 primary
set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Step-by-Step Procedure

To configure QFX_10.5.5.1:

  1. Configure the hostname and the DNS.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set system host-name QFX_10.5.5.1
    user@QFX_10.5.5.1# set system name-server 172.17.28.100
  2. Configure the NTP server.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set system ntp server 172.17.28.5
    user@QFX_10.5.5.1# set system ntp server 10.204.37.156
  3. Configure authentication with multiple keys.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set security authentication-key-chains key-chain fsi key 0 secret "$9$xCvdVsUDkfQn4aQF"
    user@QFX_10.5.5.1# set security authentication-key-chains key-chain fsi key 0 start-time "2016–1.00:00:00 +0000"
    user@QFX_10.5.5.1# set security authentication-key-chains key-chain fsi key 1 secret "$9$1tWhcrx7V2oGvWaZ"
    user@QFX_10.5.5.1# set security authentication-key-chains key-chain fsi key 1 start-time "2016-1-1.00:01:00 +0000"
  4. Specify the number of aggregated Ethernet interfaces to be created.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set chassis aggregated-devices ethernet device-count 4
  5. Configure the member links of the ae2 aggregated Ethernet bundle, and MTU.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set interfaces xe-0/0/1 ether-options 802.3ad ae2
    user@QFX_10.5.5.1# set interfaces ae2 mtu 9192
    Note

    In this configuration example, a single interface is configured only for lab purposes. However, an AE interface is used as a best practice. In a typical financial services environment scenario, an AE bundle is more appropriate than a single interface because it helps to meet the future requirements without much change.

  6. Configure LACP on the ae2 aggregated Ethernet bundle and its VLAN association.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set interfaces ae2 aggregated-ether-options lacp active
    user@QFX_10.5.5.1# set interfaces ae2 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.1# set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.1# set interfaces ae2 unit 0 family ethernet-switching vlan members 100
  7. Configure the member links of the ae1 aggregated Ethernet bundle, and MTU.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set interfaces xe-0/0/0 ether-options 802.3ad ae1
    user@QFX_10.5.5.1# set interfaces ae1 mtu 9192
  8. Configure LACP on the ae1 aggregated Ethernet bundle and its VLAN association.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set interfaces ae1 aggregated-ether-options lacp active
    user@QFX_10.5.5.1# set interfaces ae1 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.1# set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.1# set interfaces ae1 unit 0 family ethernet-switching vlan members 100
  9. Configure the member links of the ae100 aggregated Ethernet bundle, and MTU.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set interfaces ge-0/0/13 ether-options 802.3ad ae100
    user@QFX_10.5.5.1# set interfaces ae100 mtu 9192
  10. Configure LACP on the ae100 aggregated Ethernet bundle and its VLAN association.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set interfaces ae100 aggregated-ether-options lacp active
    user@QFX_10.5.5.1# set interfaces ae100 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.1# set interfaces ae100 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.1# set interfaces ae100 unit 0 family ethernet-switching vlan members 2
  11. Configure the interface toward the multicast source.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members 21
  12. Configure IRB interfaces and VRRP.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set interfaces irb mtu 9192
    user@QFX_10.5.5.1# set interfaces irb unit 100 family inet mtu 9120
    user@QFX_10.5.5.1# set interfaces irb unit 100 family inet address 192.168.100.1/24
    user@QFX_10.5.5.1# set interfaces irb unit 2 family inet address 172.16.2.1/24 vrrp-group 0 virtual-address 172.16.2.254
    user@QFX_10.5.5.1# set interfaces irb unit 2 family inet address 172.16.2.1/24 vrrp-group 0 accept-data
    user@QFX_10.5.5.1# set interfaces irb unit 21 family inet address 172.16.21.2/24 vrrp-group 0 virtual-address 172.16.21.254
    user@QFX_10.5.5.1# set interfaces irb unit 21 family inet address 172.16.21.2/24 vrrp-group 0 accept-data
  13. Configure the loopback and management interfaces.
    {primary:node0}[edit]
    user@QFX_10.5.5.1# set interfaces lo0 unit 0 family inet address 10.5.5.1/32 primary
    user@QFX_10.5.5.1# set interfaces lo0 unit 0 family inet address 10.5.5.254/32
    user@QFX_10.5.5.1# set interfaces em0 unit 0 family inet address 10.219.29.188/26
  14. Configure external and internal BGP connections.
    [edit]
    user@QFX_10.5.5.1# set protocols bgp group fsi export BGP
    user@QFX_10.5.5.1# set protocols bgp group fsi bfd-liveness-detection minimum-interval 300
    user@QFX_10.5.5.1# set protocols bgp group fsi bfd-liveness-detection multiplier 3
    user@QFX_10.5.5.1# set protocols bgp group fsi neighbor 192.168.100.2 local-address 192.168.100.1
    user@QFX_10.5.5.1# set protocols bgp group fsi neighbor 192.168.100.2 peer-as 65535
    user@QFX_10.5.5.1# set protocols bgp group fsi neighbor 192.168.100.2 local-as 64512
    user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP type internal
    user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP local-address 10.5.5.1
    user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP export BGP
    user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP local-as 64512
    user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP bfd-liveness-detection minimum-interval 300
    user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP bfd-liveness-detection multiplier 3
    user@QFX_10.5.5.1# set protocols bgp group fsi_IBGP neighbor 10.5.5.2
  15. Configure MSDP.
    [edit]
    user@QFX_10.5.5.1# set protocols msdp peer 10.5.5.4 local-address 10.5.5.1
  16. Configure OSPF.
    [edit]
    user@QFX_10.5.5.1# set protocols ospf area 0.0.0.0 interface lo0.0
    user@QFX_10.5.5.1# set protocols ospf area 0.0.0.0 interface irb.2
    user@QFX_10.5.5.1# set protocols ospf area 0.0.0.0 interface irb.21 passive
  17. Configure PIM. Note

    This device will serve as the RP.

    [edit]
    user@QFX_10.5.5.1# set protocols pim rp local family inet address 10.5.5.254
    user@QFX_10.5.5.1# set protocols pim interface irb.100 hello-interval 1
    user@QFX_10.5.5.1# set protocols pim interface irb.100 neighbor-policy Neighbor_Policy
    user@QFX_10.5.5.1# set protocols pim interface irb.2
    user@QFX_10.5.5.1# set protocols pim interface irb.21
    user@QFX_10.5.5.1# set protocols pim interface lo0.0
  18. Configure IGMP snooping on vlan21.
    [edit]
    user@QFX_10.5.5.1# set protocols igmp-snooping vlan V_21
  19. Configure routing policies to advertise and receive the required routes.
    [edit ]
    user@QFX_10.5.5.1# set policy-options prefix-list Neighbor_Grp 192.168.100.2/32
    user@QFX_10.5.5.1# set policy-options policy-statement BGP term ICCP_Net then reject
    user@QFX_10.5.5.1# set policy-options policy-statement BGP term Mgmt from interface em0.0
    user@QFX_10.5.5.1# set policy-options policy-statement BGP term Mgmt then reject
    user@QFX_10.5.5.1# set policy-options policy-statement BGP term direct from protocol direct
    user@QFX_10.5.5.1# set policy-options policy-statement BGP term direct then accept
    user@QFX_10.5.5.1# set policy-options policy-statement BGP term BGP from protocol bgp
    user@QFX_10.5.5.1# set policy-options policy-statement BGP term BGP then accept
    user@QFX_10.5.5.1# set policy-options policy-statement BGP term Last then reject
    user@QFX_10.5.5.1# set policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grp
    user@QFX_10.5.5.1# set policy-options policy-statement Neighbor_Policy then accept
  20. Configure VLANs and associate the IRB interfaces.
    [edit]
    user@QFX_10.5.5.1# set vlans V_100 vlan-id 100
    user@QFX_10.5.5.1# set vlans V_100 l3-interface irb.100
    user@QFX_10.5.5.1# set vlans V_2_Routing_MC_AE vlan-id 2
    user@QFX_10.5.5.1# set vlans V_2_Routing_MC_AE l3-interface irb.2
    user@QFX_10.5.5.1# set vlans V_21 vlan-id 21
  21. Configure an RTG, and a default route.
    [edit]
    user@QFX_10.5.5.1# set switch-options redundant-trunk-group group rtg1 interface ae1.0
    user@QFX_10.5.5.1# set switch-options redundant-trunk-group group rtg1 interface ae2.0 primary
    user@QFX_10.5.5.1# set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Configuring QFX5100 — QFX_10.5.5.2

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

[edit]
set system host-name QFX_10.5.5.2
set system name-server 172.17.28.100
set system ntp server 172.17.28.5
set system ntp server 10.204.37.156
set chassis aggregated-devices ethernet device-count 4
set interfaces xe-0/0/0 ether-options 802.3ad ae2
set interfaces xe-0/0/1 ether-options 802.3ad ae1
set interfaces ae1 mtu 9192
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast
set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members 101
set interfaces irb mtu 9192
set interfaces irb unit 101 family inet mtu 9120
set interfaces irb unit 101 family inet address 192.168.101.1/24
set interfaces irb unit 2 family inet address 172.16.2.2/24 vrrp-group 0 virtual-address 172.16.2.254
set interfaces irb unit 2 family inet address 172.16.2.2/24 vrrp-group 0 accept-data
set interfaces irb unit 31 family inet address 172.16.31.2/24 vrrp-group 0 virtual-address 172.16.31.254
set interfaces irb unit 31 family inet address 172.16.31.2/24 vrrp-group 0 accept-data
set interfaces lo0 unit 0 family inet address 10.5.5.2/32 primary
set interfaces ge-0/0/13 ether-options 802.3ad ae100
set interfaces ae100 aggregated-ether-options lacp active
set interfaces ae100 aggregated-ether-options lacp periodic fast
set interfaces ae100 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae100 unit 0 family ethernet-switching vlan members 2
set interfaces ae2 mtu 9192
set interfaces ae2 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp periodic fast
set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae2 unit 0 family ethernet-switching vlan members 101
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members 31
set protocols bgp export BGP
set protocols bgp group fsi local-as 64512
set protocols bgp group fsi bfd-liveness-detection minimum-interval 300
set protocols bgp group fsi bfd-liveness-detection multiplier 3
set protocols bgp group fsi neighbor 192.168.101.2 local-address 192.168.101.1
set protocols bgp group fsi neighbor 192.168.101.2 peer-as 65535
set protocols bgp group fsi_IBGP type internal
set protocols bgp group fsi_IBGP local-address 10.5.5.2
set protocols bgp group fsi_IBGP local-as 64512
set protocols bgp group fsi_IBGP bfd-liveness-detection minimum-interval 300
set protocols bgp group fsi_IBGP bfd-liveness-detection multiplier 3
set protocols bgp group fsi_IBGP neighbor 10.5.5.1
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface irb.2
set protocols ospf area 0.0.0.0 interface irb.31 passive
set protocols pim rp static address 10.5.5.254
set protocols pim interface irb.101 hello-interval 1
set protocols pim interface irb.101 neighbor-policy Neighbor_Policy
set protocols pim interface lo0.0
set protocols pim interface irb.2
set protocols pim interface irb.31
set protocols igmp-snooping vlan V_31
set policy-options prefix-list Neighbor_Grp 192.168.101.2/32
set policy-options policy-statement BGP term Mgmt from interface em0.0
set policy-options policy-statement BGP term Mgmt then reject
set policy-options policy-statement BGP term direct from protocol direct
set policy-options policy-statement BGP term direct then accept
set policy-options policy-statement BGP term BGP from protocol bgp
set policy-options policy-statement BGP term BGP then accept
set policy-options policy-statement BGP term Last then reject
set policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grp
set policy-options policy-statement Neighbor_Policy then accept
set vlans V_101 vlan-id 101
set vlans V_101 l3-interface irb.101
set vlans V_2_Routing_MC_AE vlan-id 2
set vlans V_2_Routing_MC_AE l3-interface irb.2
set vlans V_31 vlan-id 31
set vlans V_31 l3-interface irb.31
set switch-options redundant-trunk-group group rtg1 interface ae1.0
set switch-options redundant-trunk-group group rtg1 interface ae2.0 primary
set interfaces em0 unit 0 family inet address 10.219.29.189/26
set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Step-by-Step Procedure

To configure QFX_10.5.5.2:

  1. Configure the hostname and the DNS.
    {primary:node0}[edit]
    user@QFX_10.5.5.2# set system host-name QFX_10.5.5.2
    user@QFX_10.5.5.2# set system name-server 172.17.28.100
  2. Configure the NTP server.
    {primary:node0}[edit]
    user@QFX_10.5.5.2# set system ntp server 172.17.28.5
    user@QFX_10.5.5.2# set system ntp server 10.204.37.156
  3. Specify the number of aggregated Ethernet interfaces to be created.
    {primary:node0}[edit]
    user@QFX_10.5.5.2# set chassis aggregated-devices ethernet device-count 4
  4. Configure the member links of the ae2 and ae1 aggregated Ethernet bundles.
    {primary:node0}[edit]
    user@QFX_10.5.5.2# set interfaces xe-0/0/0 ether-options 802.3ad ae2
    user@QFX_10.5.5.2# set interfaces xe-0/0/1 ether-options 802.3ad ae1
    Note

    In this configuration example, a single interface is configured only for lab purposes. However, an AE interface is used as a best practice. In a typical financial services environment scenario, an AE bundle is more appropriate than a single interface because it helps to meet the future requirements without much change.

  5. Configure LACP on the ae2 aggregated Ethernet bundle and its VLAN association.
    [edit]
    user@QFX_10.5.5.2# set interfaces ae2 mtu 9192
    user@QFX_10.5.5.2# set interfaces ae2 aggregated-ether-options lacp active
    user@QFX_10.5.5.2# set interfaces ae2 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.2# set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.2# set interfaces ae2 unit 0 family ethernet-switching vlan members 101
  6. Configure LACP on the ae1 aggregated Ethernet bundle and its VLAN association.
    {primary:node0}[edit]
    user@QFX_10.5.5.2# set interfaces ae1 mtu 9192
    user@QFX_10.5.5.2# set interfaces ae1 aggregated-ether-options lacp active
    user@QFX_10.5.5.2# set interfaces ae1 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.2# set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.2# set interfaces ae1 unit 0 family ethernet-switching vlan members 101
  7. Configure the member links of the ae100 aggregated Ethernet bundle, and MTU.
    [edit]
    user@QFX_10.5.5.2# set interfaces ge-0/0/13 ether-options 802.3ad ae100
  8. Configure LACP on the ae100 aggregated Ethernet bundle and its VLAN association.
    [edit]
    user@QFX_10.5.5.2# set interfaces ae100 aggregated-ether-options lacp active
    user@QFX_10.5.5.2# set interfaces ae100 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.2# set interfaces ae100 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.2# set interfaces ae100 unit 0 family ethernet-switching vlan members 2
  9. Configure IRB interfaces and VRRP.
    [edit]
    user@QFX_10.5.5.2# set interfaces irb mtu 9192
    user@QFX_10.5.5.2# set interfaces irb unit 101 family inet mtu 9120
    user@QFX_10.5.5.2# set interfaces irb unit 101 family inet address 192.168.101.1/24
    user@QFX_10.5.5.2# set interfaces irb unit 2 family inet address 172.16.2.2/24 vrrp-group 0 virtual-address 172.16.2.254
    user@QFX_10.5.5.2# set interfaces irb unit 2 family inet address 172.16.2.2/24 vrrp-group 0 accept-data
    user@QFX_10.5.5.2# set interfaces irb unit 21 family inet address 172.16.31.2/24 vrrp-group 0 virtual-address 172.16.31.254
    user@QFX_10.5.5.2# set interfaces irb unit 21 family inet address 172.16.31.2/24 vrrp-group 0 accept-data
  10. Configure the loopback and management interfaces.
    [edit]
    user@QFX_10.5.5.2# set interfaces lo0 unit 0 family inet address 10.5.5.2/32 primary
    user@QFX_10.5.5.2# set interfaces em0 unit 0 family inet address 10.219.29.189/26
  11. Configure the interface toward the multicast source.
    [edit]
    user@QFX_10.5.5.2# set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members 31
  12. Configure external and internal BGP connections.
    [edit]
    user@QFX_10.5.5.2# set protocols bgp export BGP
    user@QFX_10.5.5.2# set protocols bgp group fsi local-as 64512
    user@QFX_10.5.5.2# set protocols bgp group fsi bfd-liveness-detection minimum-interval 300
    user@QFX_10.5.5.2# set protocols bgp group fsi bfd-liveness-detection multiplier 3
    user@QFX_10.5.5.2# set protocols bgp group fsi neighbor 192.168.101.2 local-address 192.168.101.1
    user@QFX_10.5.5.2# set protocols bgp group fsi neighbor 192.168.101.2 peer-as 65535
    user@QFX_10.5.5.2# set protocols bgp group fsi export BGP
    user@QFX_10.5.5.2# set protocols bgp group fsi_IBGP type internal
    user@QFX_10.5.5.2# set protocols bgp group fsi_IBGP local-address 10.5.5.2
    user@QFX_10.5.5.2# set protocols bgp group fsi_IBGP local-as 64512
    user@QFX_10.5.5.2# set protocols bgp group fsi_IBGP bfd-liveness-detection minimum-interval 300
    user@QFX_10.5.5.2# set protocols bgp group fsi_IBGP bfd-liveness-detection multiplier 3
    user@QFX_10.5.5.2# set protocols bgp group fsi_IBGP neighbor 10.5.5.1
  13. Configure OSPF.
    [edit]
    user@QFX_10.5.5.2# set protocols ospf area 0.0.0.0 interface lo0.0
    user@QFX_10.5.5.2# set protocols ospf area 0.0.0.0 interface irb.2
    user@QFX_10.5.5.2# set protocols ospf area 0.0.0.0 interface irb.31 passive
  14. Configure PIM.
    [edit]
    user@QFX_10.5.5.2# set protocols pim rp static address 10.5.5.254
    user@QFX_10.5.5.2# set protocols pim interface irb.101 hello-interval 1
    user@QFX_10.5.5.2# set protocols pim interface irb.101 neighbor-policy Neighbor_Policy
    user@QFX_10.5.5.2# set protocols pim interface irb.100 hello-interval 1
    user@QFX_10.5.5.2# set protocols pim interface irb.2
    user@QFX_10.5.5.2# set protocols pim interface irb.31
    user@QFX_10.5.5.2# set protocols pim interface lo0.0
  15. Configure IGMP snooping on vlan31.
    [edit protocols]
    user@QFX_10.5.5.2# set protocols igmp-snooping vlan V_31
  16. Configure routing policies to advertise and receive the required routes.
    [edit ]
    user@QFX_10.5.5.2# set policy-options prefix-list Neighbor_Grp 192.168.101.2/32
    user@QFX_10.5.5.2# set policy-options policy-statement BGP term ICCP_Net then reject
    user@QFX_10.5.5.2# set policy-options policy-statement BGP term Mgmt from interface em0.0
    user@QFX_10.5.5.2# set policy-options policy-statement BGP term Mgmt then reject
    user@QFX_10.5.5.2# set policy-options policy-statement BGP term direct from protocol direct
    user@QFX_10.5.5.2# set policy-options policy-statement BGP term direct then accept
    user@QFX_10.5.5.2# set policy-options policy-statement BGP term BGP from protocol bgp
    user@QFX_10.5.5.2# set policy-options policy-statement BGP term BGP then accept
    user@QFX_10.5.5.2# set policy-options policy-statement BGP term Last then reject
    user@QFX_10.5.5.2# set policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grp
    user@QFX_10.5.5.2# set policy-options policy-statement Neighbor_Policy then accept
  17. Configure VLANs and associate the IRB interfaces.
    [edit]
    user@QFX_10.5.5.2# set vlans V_101 vlan-id 101
    user@QFX_10.5.5.2# set vlans V_101 l3-interface irb.101
    user@QFX_10.5.5.2# set vlans V_2_Routing_MC_AE vlan-id 2
    user@QFX_10.5.5.2# set vlans V_2_Routing_MC_AE l3-interface irb.2
    user@QFX_10.5.5.2# set vlans V_31 vlan-id 31
  18. Configure an RTG, and a default route.
    [edit]
    user@QFX_10.5.5.2# set switch-options redundant-trunk-group group rtg1 interface ae1.0
    user@QFX_10.5.5.2# set switch-options redundant-trunk-group group rtg1 interface ae2.0 primary
    user@QFX_10.5.5.2# set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Configuring QFX5100 — QFX_10.5.5.3

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

[edit]
set system host-name QFX_10.5.5.3
set system name-server 172.17.28.100
set system ntp server 172.17.28.5
set system ntp server 10.204.37.156
set chassis aggregated-devices ethernet device-count 4
set security authentication-key-chains key-chain fsi key 0 secret "$9$xCvdVsUDkfQn4aQF"
set security authentication-key-chains key-chain fsi key 0 start-time "2016-1-1.00:00:00 +0000"
set security authentication-key-chains key-chain fsi key 1 secret "$9$1tWhcrx7V2oGvWaZ"
set security authentication-key-chains key-chain fsi key 1 start-time "2016-1-1.00:01:00 +0000"
set interfaces xe-0/0/3 ether-options 802.3ad ae2
set interfaces xe-0/0/4 ether-options 802.3ad ae1
set interfaces ae2 mtu 9192
set interfaces ae2 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp periodic fast
set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae2 unit 0 family ethernet-switching vlan members 102
set interfaces ae1 mtu 9192
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast
set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members 102
set interfaces irb mtu 9192
set interfaces irb unit 102 family inet mtu 9120
set interfaces irb unit 102 family inet address 192.168.102.1/24
set interfaces irb unit 2 family inet address 172.17.2.1/24 vrrp-group 0 virtual-address 172.17.2.254
set interfaces irb unit 2 family inet address 172.17.2.1/24 vrrp-group 0 accept-data
set interfaces irb unit 21 family inet address 172.17.21.2/24 vrrp-group 0 virtual-address 172.16.21.254
set interfaces irb unit 21 family inet address 172.17.21.2/24 vrrp-group 0 accept-data
set interfaces lo0 unit 0 family inet address 10.5.5.3/32 primary
set interfaces em0 unit 0 family inet address 10.219.29.186/26
set interfaces ge-0/0/13 ether-options 802.3ad ae100
set interfaces ae100 aggregated-ether-options lacp active
set interfaces ae100 aggregated-ether-options lacp periodic fast
set interfaces ae100 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae100 unit 0 family ethernet-switching vlan members 2
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members 21
set protocols bgp group fsi export BGP
set protocols bgp group fsi bfd-liveness-detection minimum-interval 300
set protocols bgp group fsi bfd-liveness-detection multiplier 3
set protocols bgp group fsi neighbor 192.168.102.2 local-address 192.168.102.1
set protocols bgp group fsi neighbor 192.168.102.2 peer-as 65535
set protocols bgp group fsi neighbor 192.168.102.2 local-as 64514
set protocols bgp group fsi_IBGP type internal
set protocols bgp group fsi_IBGP local-address 10.5.5.3
set protocols bgp group fsi_IBGP export BGP
set protocols bgp group fsi_IBGP local-as 64514
set protocols bgp group fsi_IBGP bfd-liveness-detection minimum-interval 300
set protocols bgp group fsi_IBGP bfd-liveness-detection multiplier 3
set protocols bgp group fsi_IBGP neighbor 10.5.5.4
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface irb.2
set protocols ospf area 0.0.0.0 interface irb.21 passive
set protocols pim rp static address 10.5.5.254
set protocols pim interface irb.102 hello-interval 1
set protocols pim interface irb.102 neighbor-policy Neighbor_Policy
set protocols pim interface irb.100 hello-interval 1
set protocols pim interface irb.100 neighbor-policy Neighbor_Policy
set protocols pim interface irb.2
set protocols pim interface irb.21
set protocols pim interface lo0.0
set protocols igmp-snooping vlan V_21
set policy-options prefix-list Neighbor_Grp 192.168.102.2/32
set policy-options policy-statement BGP term Mgmt from interface em0.0
set policy-options policy-statement BGP term Mgmt then reject
set policy-options policy-statement BGP term direct from protocol direct
set policy-options policy-statement BGP term direct then accept
set policy-options policy-statement BGP term BGP from protocol bgp
set policy-options policy-statement BGP term BGP then accept
set policy-options policy-statement BGP term Last then reject
set policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grp
set policy-options policy-statement Neighbor_Policy then accept
set vlans V_102 vlan-id 102
set vlans V_102 l3-interface irb.102
set vlans V_2_Routing_MC_AE vlan-id 2
set vlans V_2_Routing_MC_AE l3-interface irb.2
set vlans V_21 vlan-id 21
set vlans V_21 l3-interface irb.21
set switch-options redundant-trunk-group group rtg1 interface ae1.0
set switch-options redundant-trunk-group group rtg1 interface ae2.0 primary
set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Step-by-Step Procedure

To configure QFX_10.5.5.3:

  1. Configure the hostname and the DNS.
    {primary:node0}[edit]
    user@QFX_10.5.5.3# set system host-name QFX_10.5.5.3
    user@QFX_10.5.5.3# set system name-server 172.17.28.100
  2. Configure the NTP server.
    {primary:node0}[edit]
    user@QFX_10.5.5.3# set system ntp server 172.17.28.5
    user@QFX_10.5.5.3# set system ntp server 10.204.37.156
  3. Configure authentication with multiple keys.
    [edit]
    user@QFX_10.5.5.3# set security authentication-key-chains key-chain fsi key 0 secret "$9$xCvdVsUDkfQn4aQF"
    user@QFX_10.5.5.3# set security authentication-key-chains key-chain fsi key 0 start-time "2016–1.00:00:00 +0000"
    user@QFX_10.5.5.3# set security authentication-key-chains key-chain fsi key 1 secret "$9$1tWhcrx7V2oGvWaZ"
    user@QFX_10.5.5.3# set security authentication-key-chains key-chain fsi key 1 start-time "2016-1-1.00:01:00 +0000"
  4. Specify the number of aggregated Ethernet interfaces to be created.
    [edit]
    user@QFX_10.5.5.3# set chassis aggregated-devices ethernet device-count 4
  5. Configure the member links of the ae2 and ae1 aggregated Ethernet bundles.
    [edit]
    user@QFX_10.5.5.3# set interfaces xe-0/0/3 ether-options 802.3ad ae2
    user@QFX_10.5.5.3# set interfaces xe-0/0/4 ether-options 802.3ad ae1
    Note

    In this configuration example, a single interface is configured only for lab purposes. However, an AE interface is used as a best practice. In a typical financial services environment scenario, an AE bundle is more appropriate than a single interface because it helps to meet the future requirements without much change.

  6. Configure LACP on the ae2 aggregated Ethernet bundle and its VLAN association.
    [edit]
    user@QFX_10.5.5.3# set interfaces ae2 mtu 9192
    user@QFX_10.5.5.3# set interfaces ae2 aggregated-ether-options lacp active
    user@QFX_10.5.5.3# set interfaces ae2 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.3# set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.3# set interfaces ae2 unit 0 family ethernet-switching vlan members 102
  7. Configure LACP on the ae1 aggregated Ethernet bundle and its VLAN association.
    [edit]
    user@QFX_10.5.5.3# set interfaces ae1 mtu 9192
    user@QFX_10.5.5.3# set interfaces ae1 aggregated-ether-options lacp active
    user@QFX_10.5.5.3# set interfaces ae1 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.3# set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.3# set interfaces ae1 unit 0 family ethernet-switching vlan members 102
  8. Configure IRB interfaces and VRRP.
    [edit]
    user@QFX_10.5.5.3# set interfaces irb mtu 9192
    user@QFX_10.5.5.3# set interfaces irb unit 102 family inet mtu 9120
    user@QFX_10.5.5.3# set interfaces irb unit 102 family inet address 192.168.102.1/24
    user@QFX_10.5.5.3# set interfaces irb unit 2 family inet address 172.17.2.1/24 vrrp-group 0 virtual-address 172.17.2.254
    user@QFX_10.5.5.3# set interfaces irb unit 2 family inet address 172.17.2.1/24 vrrp-group 0 accept-data
    user@QFX_10.5.5.3# set interfaces irb unit 21 family inet address 172.17.21.2/24 vrrp-group 0 virtual-address 172.16.21.254
    user@QFX_10.5.5.3# set interfaces irb unit 21 family inet address 172.17.21.2/24 vrrp-group 0 accept-data
  9. Configure the loopback and management interfaces.
    [edit]
    user@QFX_10.5.5.3# set interfaces lo0 unit 0 family inet address 10.5.5.3/32 primary
    user@QFX_10.5.5.3# set interfaces em0 unit 0 family inet address 10.219.29.186/26
  10. Configure the member links of the ae100 aggregated Ethernet bundle, and MTU.
    [edit]
    user@QFX_10.5.5.3# set interfaces ge-0/0/13 ether-options 802.3ad ae100
  11. Configure LACP on the ae100 aggregated Ethernet bundle and its VLAN association.
    [edit]
    user@QFX_10.5.5.3# set interfaces ae100 aggregated-ether-options lacp active
    user@QFX_10.5.5.3# set interfaces ae100 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.3# set interfaces ae100 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.3# set interfaces ae100 unit 0 family ethernet-switching vlan members 2
  12. Configure the interface toward the multicast source.
    user@QFX_10.5.5.3# set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members 21
  13. Configure external and internal BGP connections.
    [edit]
    user@QFX_10.5.5.3# set protocols bgp export BGP
    user@QFX_10.5.5.3# set protocols bgp group fsi export BGP
    user@QFX_10.5.5.3# set protocols bgp group fsi bfd-liveness-detection minimum-interval 300
    user@QFX_10.5.5.3# set protocols bgp group fsi bfd-liveness-detection multiplier 3
    user@QFX_10.5.5.3# set protocols bgp group fsi neighbor 192.168.102.2 local-address 192.168.102.1
    user@QFX_10.5.5.3# set protocols bgp group fsi neighbor 192.168.102.2 peer-as 65535
    user@QFX_10.5.5.3# set protocols bgp group fsi_BGP local-as 64514
    user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP type internal
    user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP local-address 10.5.5.3
    user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP export BGP
    user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP local-as 64514
    user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP bfd-liveness-detection minimum-interval 300
    user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP bfd-liveness-detection multiplier 3
    user@QFX_10.5.5.3# set protocols bgp group fsi_IBGP neighbor 10.5.5.4
  14. Configure OSPF.
    [edit]
    user@QFX_10.5.5.3# set protocols ospf area 0.0.0.0 interface lo0.0
    user@QFX_10.5.5.3# set protocols ospf area 0.0.0.0 interface irb.2
    user@QFX_10.5.5.3# set protocols ospf area 0.0.0.0 interface irb.21 passive
  15. Configure PIM.
    [edit]
    user@QFX_10.5.5.3# set protocols pim rp static address 10.5.5.254
    user@QFX_10.5.5.3# set protocols pim interface irb.102 hello-interval 1
    user@QFX_10.5.5.3# set protocols pim interface irb.102 neighbor-policy Neighbor_Policy
    user@QFX_10.5.5.3# set protocols pim interface irb.100 hello-interval 1
    user@QFX_10.5.5.3# set protocols pim interface irb.100 neighbor-policy Neighbor_Policy
    user@QFX_10.5.5.3# set protocols pim interface irb.2
    user@QFX_10.5.5.3# set protocols pim interface irb.21
    user@QFX_10.5.5.3# set protocols pim interface lo0.0
  16. Configure IGMP snooping on vlan21.
    [edit]
    user@QFX_10.5.5.3# set protocols igmp-snooping vlan V_21
  17. Configure routing policies to advertise and receive the required routes.
    [edit]
    user@QFX_10.5.5.3# set policy-options prefix-list Neighbor_Grp 192.168.102.2/32
    user@QFX_10.5.5.3# set policy-options policy-statement BGP term ICCP_Net then reject
    user@QFX_10.5.5.3# set policy-options policy-statement BGP term Mgmt from interface em0.0
    user@QFX_10.5.5.3# set policy-options policy-statement BGP term Mgmt then reject
    user@QFX_10.5.5.3# set policy-options policy-statement BGP term direct from protocol direct
    user@QFX_10.5.5.3# set policy-options policy-statement BGP term direct then accept
    user@QFX_10.5.5.3# set policy-options policy-statement BGP term BGP from protocol bgp
    user@QFX_10.5.5.3# set policy-options policy-statement BGP term BGP then accept
    user@QFX_10.5.5.3# set policy-options policy-statement BGP term Last then reject
    user@QFX_10.5.5.3# set policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grp
    user@QFX_10.5.5.3# set policy-options policy-statement Neighbor_Policy then accept
  18. Configure VLANs and associate the IRB interfaces.
    [edit]
    user@QFX_10.5.5.3# set vlans V_102 vlan-id 102
    user@QFX_10.5.5.3# set vlans V_102 l3-interface irb.102
    user@QFX_10.5.5.3# set vlans V_2_Routing_MC_AE vlan-id 2
    user@QFX_10.5.5.3# set vlans V_2_Routing_MC_AE l3-interface irb.2
    user@QFX_10.5.5.3# set vlans V_21 vlan-id 21
  19. Configure an RTG, and a default route.
    [edit]
    user@QFX_10.5.5.3# set switch-options redundant-trunk-group group rtg1 interface ae1.0 primary
    user@QFX_10.5.5.3# set switch-options redundant-trunk-group group rtg1 interface ae2.0
    user@QFX_10.5.5.3# set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Configuring QFX5100 — QFX_10.5.5.4

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

[edit]
set system host-name QFX_10.5.5.4
set system name-server 172.17.28.100
set system ntp server 172.17.28.5
set system ntp server 10.204.37.156
set chassis aggregated-devices ethernet device-count 4
set interfaces xe-0/0/3 ether-options 802.3ad ae1
set interfaces ae1 mtu 9192
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast
set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members 103
set interfaces irb mtu 9192
set interfaces irb unit 103 family inet mtu 9120
set interfaces irb unit 103 family inet address 192.168.103.1/24
set interfaces irb unit 2 family inet address 172.17.2.2/24 vrrp-group 0 virtual-address 172.17.2.254
set interfaces irb unit 2 family inet address 172.17.2.2/24 vrrp-group 0 accept-data
set interfaces irb unit 31 family inet address 172.17.31.2/24 vrrp-group 0 virtual-address 172.17.31.254
set interfaces irb unit 31 family inet address 172.17.31.2/24 vrrp-group 0 accept-data
set interfaces lo0 unit 0 family inet address 10.5.5.4/32 primary
set interfaces lo0 unit 0 family inet address 10.5.5.254/32
set interfaces em0 unit 0 family inet address 10.219.29.187/26
set interfaces ge-0/0/13 ether-options 802.3ad ae100
set interfaces ae100 aggregated-ether-options lacp active
set interfaces ae100 aggregated-ether-options lacp periodic fast
set interfaces ae100 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae100 unit 0 family ethernet-switching vlan members 2
set interfaces xe-0/0/4 ether-options 802.3ad ae2
set interfaces ae2 mtu 9192
set interfaces ae2 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp periodic fast
set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae2 unit 0 family ethernet-switching vlan members 103
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members 31
set protocols bgp group fsi export BGP
set protocols bgp group fsi bfd-liveness-detection minimum-interval 300
set protocols bgp group fsi bfd-liveness-detection multiplier 3
set protocols bgp group fsi neighbor 192.168.103.2 local-address 192.168.103.1
set protocols bgp group fsi neighbor 192.168.103.2 peer-as 65535
set protocols bgp group fsi neighbor 192.168.103.2 local-as 64514
set protocols bgp group fsi_IBGP type internal
set protocols bgp group fsi_IBGP local-address 10.5.5.4
set protocols bgp group fsi_IBGP export BGP
set protocols bgp group fsi_IBGP local-as 64514
set protocols bgp group fsi_IBGP bfd-liveness-detection minimum-interval 300
set protocols bgp group fsi_IBGP bfd-liveness-detection multiplier 3
set protocols bgp group fsi_IBGP neighbor 10.5.5.3
set protocols msdp peer 10.5.5.1 local-address 10.5.5.4
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface irb.2
set protocols ospf area 0.0.0.0 interface irb.31
set protocols pim rp local family inet address 10.5.5.254
set protocols pim interface irb.103 neighbor-policy Neighbor_Policy
set protocols pim interface irb.2
set protocols pim interface irb.31
set protocols pim interface lo0.0
set protocols igmp-snooping vlan V_31
set policy-options prefix-list Neighbor_Grp 192.168.103.2/32
set policy-options policy-statement BGP term Mgmt from interface em0.0
set policy-options policy-statement BGP term Mgmt then reject
set policy-options policy-statement BGP term direct from protocol direct
set policy-options policy-statement BGP term direct then accept
set policy-options policy-statement BGP term BGP from protocol bgp
set policy-options policy-statement BGP term BGP then accept
set policy-options policy-statement BGP term Last then reject
set policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grp
set policy-options policy-statement Neighbor_Policy then accept
set vlans V_103 vlan-id 103
set vlans V_103 l3-interface irb.103
set vlans V_2_Routing_MC_AE vlan-id 2
set vlans V_2_Routing_MC_AE l3-interface irb.2
set vlans V_31 vlan-id 31
set vlans V_31 l3-interface irb.31
set switch-options redundant-trunk-group group rtg1 interface ae1.0
set switch-options redundant-trunk-group group rtg1 interface ae2.0 primary
set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Step-by-Step Procedure

To configure QFX_10.5.5.4:

  1. Configure the hostname and the DNS.
    {primary:node0}[edit]
    user@QFX_10.5.5.4# set system host-name QFX_10.5.5.4
    user@QFX_10.5.5.4# set system name-server 172.17.28.100
  2. Configure the NTP server.
    {primary:node0}[edit]
    user@QFX_10.5.5.4# set system ntp server 172.17.28.5
    user@QFX_10.5.5.4# set system ntp server 10.204.37.156
  3. Specify the number of aggregated Ethernet interfaces to be created.
    {primary:node0}[edit]
    user@QFX_10.5.5.4# set chassis aggregated-devices ethernet device-count 4
  4. Configure the member links of the ae1 and ae2 aggregated Ethernet bundles.
    [edit]
    user@QFX_10.5.5.4# set interfaces xe-0/0/3 ether-options 802.3ad ae1
    user@QFX_10.5.5.4# set interfaces xe-0/0/4 ether-options 802.3ad ae2
    Note

    In this configuration example, a single interface is configured only for lab purposes. However, an AE interface is used as a best practice. In a typical financial services environment scenario, an AE bundle is more appropriate than a single interface because it helps to meet the future requirements without much change.

  5. Configure LACP on the ae1 aggregated Ethernet bundle and its VLAN association.
    [edit]
    user@QFX_10.5.5.4# set interfaces ae1 mtu 9192
    user@QFX_10.5.5.4# set interfaces ae1 aggregated-ether-options lacp active
    user@QFX_10.5.5.4# set interfaces ae1 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.4# set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.4# set interfaces ae1 unit 0 family ethernet-switching vlan members 103
  6. Configure LACP on the ae2 aggregated Ethernet bundle and its VLAN association.
    [edit]
    user@QFX_10.5.5.4# set interfaces ae2 mtu 9192
    user@QFX_10.5.5.4# set interfaces ae2 aggregated-ether-options lacp active
    user@QFX_10.5.5.4# set interfaces ae2 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.4# set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.4# set interfaces ae2 unit 0 family ethernet-switching vlan members 103
  7. Configure the member links of the ae100 aggregated Ethernet bundle, and MTU.
    [edit]
    user@QFX_10.5.5.4# set interfaces ge-0/0/13 ether-options 802.3ad ae100
  8. Configure LACP on the ae100 aggregated Ethernet bundle and its VLAN association.
    [edit]
    user@QFX_10.5.5.4# set interfaces ae100 aggregated-ether-options lacp active
    user@QFX_10.5.5.4# set interfaces ae100 aggregated-ether-options lacp periodic fast
    user@QFX_10.5.5.4# set interfaces ae100 unit 0 family ethernet-switching interface-mode trunk
    user@QFX_10.5.5.4# set interfaces ae100 unit 0 family ethernet-switching vlan members 2
  9. Configure IRB interfaces and VRRP.
    [edit]
    user@QFX_10.5.5.4# set interfaces irb mtu 9192
    user@QFX_10.5.5.4# set interfaces irb unit 103 family inet mtu 9120
    user@QFX_10.5.5.4# set interfaces irb unit 103 family inet address 192.168.103.1/24
    user@QFX_10.5.5.4# set interfaces irb unit 2 family inet address 172.17.2.2/24 vrrp-group 0 virtual-address 172.17.2.254
    user@QFX_10.5.5.4# set interfaces irb unit 2 family inet address 172.17.2.2/24 vrrp-group 0 accept-data
    user@QFX_10.5.5.4# set interfaces irb unit 31 family inet address 172.17.31.2/24 vrrp-group 0 virtual-address 172.17.31.254
    user@QFX_10.5.5.4# set interfaces irb unit 31 family inet address 172.17.31.2/24 vrrp-group 0 accept-data
  10. Configure the loopback and management interfaces.
    [edit]
    user@QFX_10.5.5.4# set interfaces lo0 unit 0 family inet address 10.5.5.4/32 primary
    user@QFX_10.5.5.4# set interfaces lo0 unit 0 family inet address 10.5.5.254/32
    user@QFX_10.5.5.4# set interfaces em0 unit 0 family inet address 10.219.29.187/26
  11. Configure the interface toward the multicast source.
    [edit]
    user@QFX_10.5.5.4# set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members 31
  12. Configure external and internal BGP connections.
    [edit]
    user@QFX_10.5.5.4# set protocols bgp export BGP
    user@QFX_10.5.5.4# set protocols bgp group fsi bfd-liveness-detection minimum-interval 300
    user@QFX_10.5.5.4# set protocols bgp group fsi bfd-liveness-detection multiplier 3
    user@QFX_10.5.5.4# set protocols bgp group fsi neighbor 192.168.103.2 local-address 192.168.103.1
    user@QFX_10.5.5.4# set protocols bgp group fsi neighbor 192.168.103.2 peer-as 65535
    user@QFX_10.5.5.4# set protocols bgp group fsi neighbor 192.168.103.2 local-as 64514
    user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP type internal
    user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP local-address 10.5.5.4
    user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP export BGP
    user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP local-as 64514
    user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP bfd-liveness-detection minimum-interval 300
    user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP bfd-liveness-detection multiplier 3
    user@QFX_10.5.5.4# set protocols bgp group fsi_IBGP neighbor 10.5.5.3
  13. Configure MSDP.
    [edit]
    user@QFX_10.5.5.4# set protocols msdp peer 10.5.5.1 local-address 10.5.5.4
  14. Configure OSPF.
    [edit]
    user@QFX_10.5.5.4# set protocols ospf area 0.0.0.0 interface lo0.0
    user@QFX_10.5.5.4# set protocols ospf area 0.0.0.0 interface irb.2
    user@QFX_10.5.5.4# set protocols ospf area 0.0.0.0 interface irb.31 passive
  15. Configure PIM.Note

    This device will serve as the RP.

    [edit]
    user@QFX_10.5.5.4# set protocols pim rp local family inet address 10.5.5.254
    user@QFX_10.5.5.4# set protocols pim interface irb.103 neighbor-policy Neighbor_Policy
    user@QFX_10.5.5.4# set protocols pim interface lo0.0
    user@QFX_10.5.5.4# set protocols pim interface irb.2
    user@QFX_10.5.5.4# set protocols pim interface irb.31
  16. Configure IGMP snooping on vlan31.
    [edit protocols]
    user@QFX_10.5.5.4# set protocols igmp-snooping vlan V_31
  17. Configure routing policies to advertise and receive the required routes.
    [edit]
    user@QFX_10.5.5.4# set policy-options prefix-list Neighbor_Grp 192.168.103.2/32
    user@QFX_10.5.5.4# set policy-options policy-statement BGP term ICCP_Net then reject
    user@QFX_10.5.5.4# set policy-options policy-statement BGP term Mgmt from interface em0.0
    user@QFX_10.5.5.4# set policy-options policy-statement BGP term Mgmt then reject
    user@QFX_10.5.5.4# set policy-options policy-statement BGP term direct from protocol direct
    user@QFX_10.5.5.4# set policy-options policy-statement BGP term direct then accept
    user@QFX_10.5.5.4# set policy-options policy-statement BGP term BGP from protocol bgp
    user@QFX_10.5.5.4# set policy-options policy-statement BGP term BGP then accept
    user@QFX_10.5.5.4# set policy-options policy-statement BGP term Last then reject
    user@QFX_10.5.5.4# set policy-options policy-statement Neighbor_Policy from prefix-list Neighbor_Grp
    user@QFX_10.5.5.4# set policy-options policy-statement Neighbor_Policy then accept
  18. Configure VLANs and associate the IRB interfaces.
    [edit]
    user@QFX_10.5.5.4# set vlans V_103 vlan-id 103
    user@QFX_10.5.5.4# set vlans V_103 l3-interface irb.103
    user@QFX_10.5.5.4# set vlans V_2_Routing_MC_AE vlan-id 2
    user@QFX_10.5.5.4# set vlans V_2_Routing_MC_AE l3-interface irb.2
    user@QFX_10.5.5.4# set vlans V_31 vlan-id 31
    user@QFX_10.5.5.4# set vlans V_31 l3-interface irb.31
  19. Configure an RTG, and a default route.
    [edit]
    user@QFX_10.5.5.4# set switch-options redundant-trunk-group group rtg1 interface ae1.0
    user@QFX_10.5.5.4# set switch-options redundant-trunk-group group rtg1 interface ae2.0 primary
    user@QFX_10.5.5.4# set routing-options static route 0.0.0.0/0 next-hop 10.219.29.129

Verification

Verify that the configuration is working properly:

Verifying the SRX Configured Interfaces

Purpose

Verify the interfaces are configured properly.

Action

From operational mode, enter the show interfaces terse| no-more command.

{primary:node0}
user@host> show interfaces terse| no-more

Meaning

The sample output displays summary information about interfaces.

Verifying Chassis Cluster Status

Purpose

Verify the status of a chassis cluster.

Action

From operational mode, enter the show chassis cluster status command.

{primary:node0}
user@host> show chassis cluster status

Meaning

The sample output displays the failover status of a chassis cluster.

Verifying Chassis Cluster Statistics

Purpose

Verify the chassis cluster statistics.

Action

From operational mode, enter the show chassis cluster statistics command.

{primary:node0}
user@host> show chassis cluster statistics

Meaning

The sample output shows information about chassis cluster services and interfaces.

Verifying Chassis Cluster Interfaces

Purpose

Verify the chassis cluster interfaces.

Action

From operational mode, enter the show chassis cluster interfaces command.

{primary:node0}
user@host> show chassis cluster interfaces

Meaning

The sample output displays the status of the control interface in a chassis cluster configuration.

Verifying Chassis Cluster Control-Plane Statistics

Purpose

Verify the chassis cluster control-plane statistics.

Action

From operational mode, enter the show chassis cluster control-plane statistics command.

{primary:node0}
user@host> show chassis cluster control-plane statistics

Meaning

The sample output displays information about chassis cluster control-plane statistics.

Verifying Chassis Cluster Data-Plane Statistics

Purpose

Verify the chassis cluster data-plane statistics.

Action

From operational mode, enter the show chassis cluster data-plane statistics command.

{primary:node0}
user@host> show chassis cluster data-plane statistics

Meaning

The sample output displays information about chassis cluster data-plane statistics.

Verifying Security Policy Configuration

Purpose

Verify information about security policies.

Action

From operational mode, enter the run show security policies detail command to display a summary of all security policies configured on the device.

{primary:node0}
user@host> run show security policies detail

Meaning

The output displays information about security policies configured on the system.

Verifying the Configured Interfaces

Purpose

Verify the interfaces are configured properly.

Action

From operational mode, enter the show interfaces terse | no-more command.

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show interfaces terse | no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2> show interfaces terse | no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3> show interfaces terse | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show interfaces terse | no-more

Meaning

The sample output displays summary information about interfaces. Interfaces are always displayed in numerical order, from the lowest to the highest FPC slot number. On an individual PIC, the lowest port number is always first.

Verifying LACP Status

Purpose

Verify that the LACP configuration is working properly.

Action

From operational mode, enter the show lacp interfaces| no-more command.

srx5600-mcast-a

{primary:node0}
user@srx5600-mcast-a> show lacp interfaces| no-more

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show lacp interfaces| no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2> show lacp interfaces| no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3> show lacp interfaces| no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show lacp interfaces| no-more

Meaning

The sample output displays Link Aggregation Control Protocol (LACP) information about the specified aggregated Ethernet, Fast Ethernet, or Gigabit Ethernet interface.

Verifying Redundant Trunk Groups

Purpose

Verify that the redundant trunk group configuration is working properly.

Action

From operational mode, enter the show redundant-trunk-group | no-more command.

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1# show redundant-trunk-group | no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2# show redundant-trunk-group | no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3# show redundant-trunk-group | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4# show redundant-trunk-group | no-more

Meaning

The sample output displays information about redundant trunk groups.

Verifying the BGP Status

Purpose

Verify that BGP is running on configured interfaces and that the BGP session is active for each neighbor address.

Action

From operational mode, enter the show bgp summary | no-more and show bgp neighbor | no-more commands.

srx5600-mcast-a

{primary:node0}
user@srx5600-mcast-a> show bgp summary | no-more
user@srx5600-mcast-a> show bgp neighbor | no-more

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show bgp summary | no-more
user@QFX_10.5.5.1> show bgp neighbor | no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2> show bgp summary | no-more
user@QFX_10.5.5.2> show bgp neighbor | no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3> show bgp summary | no-more
user@QFX_10.5.5.3> show bgp neighbor | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show bgp summary | no-more
user@QFX_10.5.5.4> show bgp neighbor | no-more

Meaning

The sample output displays BGP summary information.

Verifying the OSPF Status

Purpose

Verify that the configuration is working properly.

Action

From operational mode, enter the show ospf neighbor | no-more command.

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show ospf neighbor | no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2> show ospf neighbor | no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3> show ospf neighbor | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show ospf neighbor | no-more

Meaning

The sample output displays OSPF summary information.

Verifying Unicast Routes

Purpose

Verify that all the networks are reachable from all the devices.

Action

From operational mode, enter the show route | no-more command.

srx5600-mcast-a

{primary:node0}
user@srx5600-mcast-a> show route | no-more

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show route | no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2> show route | no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3> show route | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show route | no-more

Meaning

The sample output displays the active entries in the routing tables.

Verifying VLAN Configurations

Purpose

Verify that the VLAN configuration is working properly.

Action

From operational mode, enter the show vlans detail | no-more command.

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show vlans detail | no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2> show vlans detail | no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3> show vlans detail | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show vlans detail | no-more

Meaning

The sample output displays information about the configured VLANs .

Verifying PIM Status

Purpose

Verify that the PIM configuration is working properly.

Action

From operational mode, enter the show pim neighbors | no-more and show pim neighbors detail | no-more commands.

srx5600-mcast-a

{primary:node0}
user@srx5600-mcast-a> show pim neighbors | no-more
user@srx5600-mcast-a> show pim neighbors detail | no-more

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show pim neighbors | no-more
user@QFX_10.5.5.1> show pim neighbors detail | no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2> show pim neighbors | no-more
user@QFX_10.5.5.2> show pim neighbors detail | no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3> show pim neighbors | no-more
user@QFX_10.5.5.3> show pim neighbors detail | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show pim neighbors | no-more
user@QFX_10.5.5.4> show pim neighbors detail | no-more

Meaning

The sample output specifies the PIM configuration details.

Verifying PIM RP Status

Purpose

Verify that the PIM RP configuration is working properly.

Action

From operational mode, enter the show pim rps | no-more and show pim rps detail | no-more commands.

srx5600-mcast-a

{primary:node0}
user@srx5600-mcast-a> show pim rps | no-more
user@srx5600-mcast-a> show pim rps detail | no-more

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show pim rps | no-more
user@QFX_10.5.5.1> show pim rps detail | no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2> show pim rps | no-more
user@QFX_10.5.5.2> show pim rps detail | no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3> show pim rps | no-more
user@QFX_10.5.5.3> show pim rps detail | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show pim rps | no-more
user@QFX_10.5.5.4> show pim rps detail | no-more

Meaning

The sample output displays information about Protocol Independent Multicast (PIM) rendezvous points (RPs).

Verifying MSDP Status

Purpose

Verify that the MSDP configuration is working properly.

Action

From operational mode, enter the show msdp detail | no-more command.

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show msdp detail | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show msdp detail | no-more

Meaning

The sample output displays Multicast Source Discovery Protocol (MSDP) information.

Note

MSDP is used to distribute the load and is configured on QFX5100-1 and QFX5100-4 devices.

Verifying Multicast Routes and Their State

Purpose

Verify that the multicast route configuration is working properly.

Action

From operational mode, enter the show multicast route extensive | no-more command.

srx5600-mcast-a

{primary:node0}
user@srx5600-mcast-a> show multicast route extensive | no-more

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show multicast route extensive | no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2> show multicast route extensive | no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3> show multicast route extensive | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show multicast route extensive | no-more

Meaning

The sample output specifies multicast routes and their state.

Verifying the Forwarding Table

Purpose

Verify that the forwarding table in the hardware has the appropriate routes installed.

Action

From operational mode, enter the show route forwarding-table | no-more command.

srx5600-mcast-a

{primary:node0}
user@srx5600-mcast-a> show route forwarding-table | no-more

QFX_10.5.5.1

{primary:node0}
user@QFX_10.5.5.1> show route forwarding-table | no-more

QFX_10.5.5.2

{primary:node0}
user@QFX_10.5.5.2> show route forwarding-table | no-more

QFX_10.5.5.3

{primary:node0}
user@QFX_10.5.5.3> show route forwarding-table | no-more

QFX_10.5.5.4

{primary:node0}
user@QFX_10.5.5.4> show route forwarding-table | no-more

Meaning

The sample output displays the Routing Engine's forwarding table, including the network-layer prefixes and their next hops. This command is used to help verify that the routing protocol process has relayed the correction information to the forwarding table. The Routing Engine constructs and maintains one or more routing tables. From the routing tables, the Routing Engine derives a table of active routes, called the forwarding table.