Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configure Settings on cRPD

This chapter provides information about how to tune the settings on cRPD to enable advanced features.

Configure OSPF

To configure OSPF on a network:
  1. Configure crpd01 to set up OSPF protocol.

    root@ubuntu-vm18:~# set policy-options policy-statement adv term 1 from route-filter 10.10.10.0/24 exact

    root@ubuntu-vm18:~# set policy-options policy-statement adv term 1 then accept

    root@ubuntu-vm18:~# set routing-options router-id 10.255.255.1

    root@ubuntu-vm18:~# set routing-options static route 10.10.10.0/24 reject

    root@ubuntu-vm18:~# set protocols ospf export adv

    root@ubuntu-vm18:~# set protocols ospf area 0.0.0.0 interface eth1

    root@ubuntu-vm18:~# set protocols ospf area 0.0.0.0 interface lo.0

  2. Configure crpd02 to set up OSPF protocol.

    root@ubuntu-vm18:~# set policy-options policy-statement adv term 1 from route-filter 10.20.20.0/24 exact

    root@ubuntu-vm18:~# set policy-options policy-statement adv term 1 then accept

    root@ubuntu-vm18:~# set routing-options router-id 10.255.255.2

    root@ubuntu-vm18:~# set routing-options static route 10.20.20.0/24 reject

    root@ubuntu-vm18:~# set protocols ospf export adv

    root@ubuntu-vm18:~# set protocols ospf area 0.0.0.0 interface eth1

    root@ubuntu-vm18:~# set protocols ospf area 0.0.0.0 interface lo.0

  3. Log in to crpd01.
    docker exec -it crpd01 bash
  4. Verify OSPF route details.

    root@crpd01:/# cli

    root@crpd01> show ospf neighbor

    root@crpd01> show ospf route

    root@crpd01> show route

  5. Verify the routes.

    root@crpd01> exit

    root@crpd01:/# ip route

    root@crpd01:/# ping 10.255.255.2 -c 2

Configure Bridged Interfaces

You can configure a logical interface as a trunk port at the [edit interfaces interface-name unit logical-unit-number family bridge interface-mode trunk] hierarchy level.

To configure all the VLAN identifiers to associate with a Layer 2 trunk port, include the vlan-id-list [vlan-id-numbers ] statement at the [edit interfaces interface-name unit logical-unit-number family bridge] hierarchy level.

  1. Configure each bridged physical interface with the family type bridge.

    [edit interfaces]

    user@host# set interface interface-name unit logical-unit-number family bridge interface-mode access
  2. Configure each logical interface with a VLAN ID. This helps to determine the interface to which a bridge belongs.
    user@host# set interface interface-name unit logical-unit-number family bridge vlan-id vlan-id
  3. Create a virtual switch instance with a bridge domain and configure logical interfaces.

    [edit routing-instances]

    user@host# set routing-instance-name instance-type virtual-switch
    user@host# set routing-instance-name interface interface-name unit logical-unit-number
    user@host# set routing-instance-name bridge-domains bridge-domain-name
  4. Configure a virtual switch with IRB support and associate a routing interface with a bridge domain.

Configure Routed VLAN Interfaces

You can configure a routed VLAN interface (RVI) for a private VLAN (P-VLAN).

  1. Configure an RVI for a P-VLAN.
    [edit interfaces]
    user@host# set vlan unit logical-unit-number family inet address inet-address
  2. View RVI interfaces and their current state.
    user@host> show interfaces vlan terse

Configure ISO Interfaces

Configure the ISO family on loopback interfaces that are supporting the IS-IS protocol by including the family iso statement on the interface.

  1. Configure a loopback interface using the host IP address and enable the ISO family on the interface.
    user@host# set interfaces lo0 unit 0 family iso address 192.168.0.1
  2. Advertise the device interfaces into IS-IS by including the interface interface-name statement in the protocol configuration.
    user@host# set protocols isis interface lo0.0

Configure IPv6 Interfaces

To configure an IPv6 address on routers and switches, use the interface interface-name unit number family inet6 address aaaa:bbbb:...:zzzz/nn statement at the [edit interfaces] hierarchy level.

You can also assign multiple IPv6 addresses on the same interface.

To specify an IP address for the logical unit using IPv6:
user@host# set interfaces interface-name unit logical-unit-number family inet6 address ip-address

Configure IPv4 Interfaces

To configure an IPv4 address on routers and switches, use the interface interface-name unit number family inet address a.b.c.d/nn statement at the [edit interfaces] hierarchy level.

You can also assign multiple IPv4 addresses on the same interface.

To specify an IP address for the logical unit using IPv4:
user@host# set interfaces interface-name unit logical-unit-number family inet address ip-address

View Interfaces

The following example shows the CLI command to view the configured interfaces:
  1. From configuration mode, confirm your configuration by entering the show interfaces command.
    user@host# show interfaces
  2. From the operational mode, enter the show interfaces terse command.
    user@host> show interfaces terse
    user@host> show interfaces routing lo0.0
    user@host> show interfaces routing irb
    user@host> show interfaces extensive lo0.0

Configure MTU

To configure the media maximum transmission unit (MTU):
  1. Configure maximum transmit packet size.
    user@host# set interfaces interface-name mtu packet size
  2. Configure MTU packet size.
    user@host# set interfaces interface-name unit logical-unit-number mtu packet size

Configure MAC

To configure the MAC address:
Include the mac statement at the [edit interfaces interface-name] hierarchy level.
user@host# set interfaces interface-name mac mac-address

Specify the MAC address as six hexadecimal bytes in one of the following formats: nnnn.nnnn.nnnn (for example, 0011.2233.4455) or nn:nn:nn:nn:nn:nn (for example, 00:11:22:33:44:55).

Configure gRPC Services

To configure your network device for gRPC services and specify the local certificate used for server authentication, see Enable gRPC Services.

  1. Navigate to the SSL-based API connection settings for gRPC services.
  2. Configure the port to use for gRPC services.
  3. Specify a local certificate.
  4. Enable the device to reload certificates without terminating the gRPC session.
  5. (Optional) Specify an IP address to listen to incoming connections.
  6. (Optional) Configure tracing for extension services to debug any issues.
  7. Commit the configuration.

Configure TACACS+ Server

To configure the TACACS+ servers.

  1. Enable TACACS+ accounting.
  2. Configure the address for one or more TACACS+ accounting servers.

    For example:

  3. (Optional) Configure the source address for TACACS+ accounting requests.

    For example:

    The source address is a valid IPv4 address or IPv6 address configured on one of the router interfaces or switch interfaces.

  4. Configure the shared secret password that the network device uses to authenticate the TACACS+ accounting server.

    The configured password must match the password that is configured on the TACACS+ server. If the password contains spaces, enclose it in quotation marks. The device stores the password as an encrypted value in the configuration database.

    For example:

  5. (Optional) Specify the TACACS+ accounting server port for accounting packets if it differs from the default (49).
  6. (Optional) Set the time the device waits for a response from the TACACS+ accounting server.

    By default, the device waits for three seconds. You can configure the timeout value from 1 through 90 seconds.

    For example, to wait 15 seconds for a response from the server:

  7. (Optional) Configure the device to use one open TCP connection for multiple requests. Avoid opening a new connection for each attempt.
  8. (Optional) To route TACACS+ accounting packets through a specific routing instance, configure the routing-instance statement and specify the instance.
    For example:

Configure Static LSPs for MPLS

MPLS is a protocol that uses labels instead of the forwarding table to route packets instead of using IP addresses. To configure MPLS, you must create one or more named paths on the ingress and egress routers. For more information to configure static LSPs on the ingress and an egress router, see Configure Static LSPs and static-label-switched-path

To configure a static LSP on the ingress, the label properties next-hop, push, and to are required; the other statements are optional.

To configure the transit statement, the label properties next-hop and pop | swap are required. The remaining statements are optional.

To configure a bypass static LSP, the label properties next-hop, push, and to are required; the other statements are optional.

  1. Configure static LSPs on the ingress.
    [edit protocols mpls static-label-switched-path static-lsp-name]
    user@host# show protocols
  2. View the state of the MPLS interface.

    root@host:~# docker exec -it crpd01 cli

    root@host> show mpls interface

  3. Run the following command to view the MPLS LSPs on the router.

    root@host> show mpls lsp

Configure Instance Type

To create a virtual routing and forwarding (VRF) device and link it to a VRF table, assign logical interfaces to the VRF. Include the interface name at the [edit routing-instances routing-instance-name] hierarchy level. The connected and local routes are automatically moved to the table associated with the VRF device:

You can configure the following instance type:

  • Layer 3 VPNs require that each PE router has a VPN routing and forwarding (VRF) table for distributing routes within the VPN. To create the VRF table on the router, include the instance-type statement and specify the value vrf. See Configure Routing Instances.

  • To enable the virtual-router routing instance, include the instance-type statement and specify the value of virtual-router. See Configure Virtual-Router.

  • To provide support for Layer 2 bridging with a protocol configuration, include the instance-type statement and specify the value virtual-switch. See Configure a Layer 2 Virtual Switch.

  • To configure multiple customer-specific EVPN instances (EVIs) of type, each of which can support a different EVPN service type, include the instance-type statement and specify the value mac-vrf.

  • Enable an Ethernet VPN (EVPN) Virtual Private Wire Service (VPWS) on the routing instance, include the instance-type statement and specify the value evpn-vpws.

  1. Create an instance type and configure the routing instances on the interface.

    [edit routing-instances vpn1]

    root@host# set instance-type vrf

    root@host# set interface ge-2/0/0.0

  2. Configure the Layer 3 VPN routing instances.

    [edit routing-instances vpn1]

    root@host# set vrf-target target:203:100

    root@host# set routing-options static route 203.0.113.1/24 discard

  3. Run the following command to view the list of VRFs in the host OS.

    root@host:~# show routing-instances

    A VRF instance consists of one or more routing tables, a derived forwarding table, the interfaces that use the forwarding table, and the policies and routing protocols that determine what goes into the forwarding table. Because each instance is configured for a particular VPN, each VPN has separate tables, rules, and policies that control its operation. A separate VRF table is created for each VPN that has a connection to a router. The VRF table is populated with routes received from directly connected sites associated with the VRF instance, and with routes received from other routers in the same VPN.

    The VRF table distinguishes the routes for different customers as well as customer routes from provider routes on the device. For information about configuring policies, see Configure Policies for the VRF Table.

Assign an IP Address to the Routing Instance

To associate IP address with each VRF or virtual-router routing instance at [edit interfaces lo0 unit unit-number family inet] hierarchy level, see Configure a Logical Unit.

View Routes for a VRF

To view routes for a VRF:

Run the following command to view the IPv6 routes table associated with the VRF device:

root@host> show route