CFM

Introduction of Juniper Network Routers for CFM Bharti-Airtel:Ashish Bhatnagar ([email protected])

2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

Agenda•Hardware Architecture

•Juniper Portfolio

•JUNOS Overview

•JUNOS CLI Operation Mode

Session 1


Agenda

• Hardware Architecture


•JUNOS Overview



The router architecture consists of two major components:

• Packet Forwarding Engine—Performs Layer 2 and Layer 3

packet switching, route lookups, and packet forwarding.

• Routing Engine—Provides Layer 3 routing services and

network management.

Systems OverviewSystems Overview


Systems Overview - PFESystems Overview - PFE

MEM

MEM

ASICsInternet Processo

rForwarding

table

Buffer Manager 1

Buffer Manager 2

I/OManager

I/OManager

I/OManager

PIC I/OManage

rPIC I/OManage

r

PIC I/OManage

rPIC I/OManage

r

PIC I/OManage

rPIC I/OManage

r

PIC I/OManage

rPIC I/OManage

r

FPC

PICs

MEM

PFE SystemController(SSB, SFM,

etc.)


The Routing Engine is an Intel-based PCI platform running the JUNOS Internet software, which Juniper Networks has developed and optimized to handle large numbers of network interfaces and routes. The software consists of a set of system processes running in protected memory modules on top of an independent operating system. The JUNOS kernel supports JUNOS system processes, which handle system management processes, routing protocols, and control functions.The Routing Engine has a dedicated 100-Mbps internal connection to the Packet Forwarding Engine.

Systems Overview - RESystems Overview - RE


The Routing Engine provides the following functions and features:• Processing of routing protocol packets• Software modularity• In-depth Internet functionality• Scalability• Management interface• Storage and change management• Monitoring efficiency and flexibility

Systems Overview - RESystems Overview - RE


Agenda



•JUNOS Overview


•JUNOS CLI Configuration Mode


JUNIPER PRODUCT PORTFOLIO

J Series

M Series

MX Series

T Series

TX Matrix Plus

IDP

WX

SA & UAC

APP-LAYER S

ERVICES

SWIT

CHES

ROUTERSSECURITY

SRX5000

SRX650

SRX240

SRX210

SRX3000

EX2500

EX3200

EX8208

EX8216

EX2200

EX4200


2.5G

1G

Gbps

PIC slots

Secondary

Uplink

10G

M7i

M10i

4 PIC slots (+1 fixed)

8 PIC slots 32 PIC slots

M40eM20

16 PIC slots

320

40

20

10

7

Primary Sm PoP PE / Lg Enterprise Med PoP PE Large PoP PE

Small Core / Peering / RR Small/Med Core Med Core Collapsed P/PE

M320

120M120

M-series Portfolio


Any service to any customer

Lowest operational cost

Services scaled with proven stability security

• performance• availability

InfranetInfranetLayer 3 VPNsLayer 3 VPNs

Layer 2 VPNsLayer 2 VPNs

Ethernet VPLSEthernet VPLS

Content servicesContent services

Dedicated Internet AccDedicated Internet Acc

Security servicesSecurity services

Bandwidth on demandBandwidth on demand

VoiceVoice

Channelized

FR/ATM

Ethernet

N x T1/E1, DS3/E3

SONET/SDH

Multiservice Edge• Single entry point to IP/MPLS• 1000’s services, 1000’s customers

M-series Delivers at the Multiservice Edge


M-Series Routers

M7i M10i M20 M40e M320

Network Location

Small PoP PE, campus border

router, enterprise

Med PoP PE, campus border

router

Med PoP PE Med/Large PoPs Large PoPs

System Bandwidth 7+ Gbps 10+Gbps 20+Gbps 40+ Gbps 320 Gbps

Maximum Speed

DS-0 to OC-12c/STM-4 and

GE

DS-0 to OC-48c/STM-16

DS0 to OC-48c/STM-16

DS0 to OC-48c/STM-16

DS0 to OC-192/10GE

Density Sweet Spot

48 DS-3 16 OC-3

96 DS-332 OC-3

192 DS-3, 64 OC-3, 16 OC-12

384 DS-3128 OC-3, 32 OC-12,

8 OC-48

384 DS-3128 OC-3,

128 OC-12, 64 OC-48

PICs Per Chassis

4 (+2FE or 1 GE

fixed)

8 16 32 32

Chassis Per Rack

24 9 5 2 2

Redundancy Power & Cooling Yes Yes Yes Yes


Agenda•Introduction to Juniper Networks



•JUNOS Overview




JUNOS Architecture


Operating SystemOperating System

Pro

tocols

Inte

rface M

gm

t

Ch

assis

Mg

mt

SN

MP

Secu

rity

Single JUNOS Binary Image Across All M/T Platforms

Consistent Services to all Serving Areas Lowest Operational Cost

M7i

M10i

M320

M40e

M20

320

40

20

10

5

M160Consistent s

ervices

160T640

640


JUNOS Software Components

The Junos software is actually made up of multiple pieces working together to control the routers functions. Each software is referred to as package and contains files specific to its particular function.

Jkernel: The jkernel package contains the basic components of the JUNOS software operating

system.

JBase: The jbase package contains additions to the JUNOS software since the last revision of the jkernel package

Jroute: The jroute package contains software that operates on the Routing Engine. This controls the unicast routing protocols, the multicast routing protocols, and Multiprotocol Label Switching signaling protocols. The package also contains the software for some deamons such as mgd.

Jpfe: The jfpe package contains the Embedded OS software that controls the components of the Packet Forwarding Engine.

Jdocs: The jdocs package contains the complete JUNOS software documentation set.

Jcrypto: The jcrypto package contains software that controls various security functions, such as IPSEC, and SSH

Jbundle: The jbundle package is a single file that contains all the other packages.


jinstall-m.nZo.p-domestic.tgz or jinstall-m.nZo.p-export.tgz

jbundle-m.nZo.p-domestic.tgz or jbundle-m.nZo.p-export.tgz

E.g. jinstall-7.4R1.7-domestic.tgz

m.n is the major version

o.p is the minor version

Z is a single uppercase letter A - Alpha B - Beta R - Release I - Internal Test or Experimental

Domestic version supports SSH; Export does not.

JUNOS Software Naming Convention


•Introduction to Juniper Networks



•JUNOS Overview



Agenda


Out of Band DB9 DTE Console and Auxiliary Ports (e.g. via Reverse Telnet to

Terminal Server) 10/100 Management Ethernet Port (called fxp0)

In-Band Telnet ssh

Authentication using TACACS+, RADIUS, or Local Database

Methods of Accessing the router


CLI Operational Mode Indicated by the ">" prompt Preceded by string containing user and Router Name Default Mode after logging on e.g. user@router>

CLI Configuration Mode Indicated by the "#" prompt Access Configuration Mode from Operational Mode using the CLI

command “configure”/”configure private” e.g. [edit] user@router#

Two Command Line Interface (CLI) modes: Operational and Configuration


AA: Interface Type “at-”: atm, “ge-”: GigE, “t3-”:DS3, “so-”:Sonet, “fe-”: FE

B: FPC Slot (numbered from 0, left to right)

C: PIC Slot (numbered from 0, top to bottom)

D: Port (numbered from 0, labelled on PIC)

E.g.

t3-0/1/2 (DS3 Port: FPC0, PIC1, Port2)

at-3/2/1 (ATM Port: FPC3, PIC2,Port1)

Reserved Ports: fxp0 (Mgt Ethernet), fxp1 (RE<-->Pfe)

Interface Naming Convention AA-B/C/D


Context Sensitive Help using “?”

user@router> ? Possible completions: clear Clear information in the system configure Manipulate software configuration information file Perform file operations help Provide help information monitor Show real-time debugging information ping Ping remote target..

user@router> c? Possible completions: clear Clear information in the system configure Manipulate software configuration information

CLI Help (Operational/Config Modes)


Command and Keyword automatically completed using <SPACE> or <TAB> if partial string uniquely identifies it

user@router> sh<SPACE>ve<RETURN>

Expanded to: user@router> show version Hostname: routerModel: m320JUNOS Base OS boot [7.4R1.7]JUNOS Base OS Software Suite [7.4R1.7]JUNOS Kernel Software Suite [7.4R1.7]JUNOS Packet Forwarding Engine Support (M320) [7.4R1.7]JUNOS Routing Software Suite [7.4R1.7]JUNOS Online Documentation [7.4R1.7]JUNOS Crypto Software Suite [7.4R1.7]

Auto-Completion of Commands/Keywords


Use “|” to Filter output

Use regex (Unix Regular Expression) to specify pattern

user@router> show configuration | ? Possible completions: compare Compare configuration changes with prior version count Count occurrences display Show additional kinds of information except Show only text that does not match a pattern find Search for first occurrence of pattern hold Hold text without exiting the --More-- prompt last Display end of output only match Show only text that matches a pattern no-more Don't paginate output request Make system-level requests resolve Resolve IP addresses save Save output text to file trim Trim specified number of columns from start of line

CLI Command Output Post Processing(“Pipe”)


. Any character* Zero or more occurrence of previous character.* Zero of more occurrence of any characters+ One or more occurrence of previous character.+ at least one of any character^ Beginning of line$ End of line[ ] Any Characters specified within the brackets| Or() Grouping

\ Treat the next character literally, e.g. “\*” means the “*” character

CLI Command Output Filtering usingREGEX


user@router> show configuration | no-more .. (display output without pagination or “more” prompt)

user@router> show configuration | count Count: 2884 lines

user@router> show interfaces terse | match "ge.*up +inet" ge-0/2/0.400 up up inet 40.10.2.1/24 ge-0/2/0.422 up up inet 221.0.0.25/29 ge-0/2/0.425 up up inet 192.85.4.1/24 ge-1/1/0.0 up up inet 144.133.144.172/27

user@router> show log messages | last .. (display last page of messages file)

CLI Command Output Filtering Examples


Agenda•Interface Configuration

•System Management

•AAA Configurations

•Syslog

•USER Configuration

•Misc System Management Features

•Troubleshooting

•Session 2


For the interfaces on a router to function, you must:

• configure them

• specifying properties:

• the interface location

• which slot the FPC is installed

• in and which location on the FPC the PIC is installed in

• the interface type (such as SONET or ATM)

• encapsulation

• interface-specific properties.

You can configure the interfaces that are currently present in the router, and you

can also configure interfaces that are not currently present but that you

might be adding in the future. When a configured interface appears, the JUNOS

software detects its presence and applies the appropriate configuration to it.

OverviewOverview


Each router has two permanent interfaces:

• Management Ethernet interface—Provides an out-of-band method for connecting to

the router. You can connect to the management interface over the network using utilities

such as ssh and Telnet. SNMP can use the management interface to gather statistics from

the router.

• Internal Ethernet interface—Connects the Routing Engine (the portion of the router

running the JUNOS Internet software) to the System Control Board (SCB), the System and

Switch Board (SSB), the Forwarding Engine Board (FEB), or the System and Forwarding

Module (SFM), depending on router model, which is part of the Packet Forwarding Engine.

The router uses this interface as the main communications link between the JUNOS

software and the components of the Packet Forwarding Engine and runs the embedded

microkernel.

Permanent InterfacePermanent Interface


The router contains slots for installing FPC boards, and each FPC can

accommodate up to four PICs. These physical interfaces are the router’s

transient interfaces. They are referred to as transient because you can hot-

swap an FPC and its PICs at any time.

You can insert any FPC into any of the router’s slots, and you can generally place any combination

of PICs in any location on an FPC. (You are limited by the total FPC bandwidth (OC-48) and by the

fact that some PICs physically require two or four of the PIC locations on the FPC).

You must configure each of the transient interfaces based on the slot in which the FPC is installed,

the location in which the PIC is installed, and for some PICs, the port to which you are connecting.

You can configure the interfaces on PICs that are already installed in the router as well as

interfaces on PICs that you plan to install later.

Transient InterfaceTransient Interface


! Aggregated Ethernet

! Aggregated SONET/SDH

! ATM

! Channelized DS-3 to DS-0

! Channelized DS-3 to DS-1

! Channelized E1

! Channelized OC-3 to T1

! Channelized OC-12 to DS-3

! Channelized STM-1 to E1

! DS-3

! E1

! E3

! Encryption interfaces

! Ethernet (internal router interfaces only)

! Fast Ethernet

! Gigabit Ethernet

! GRE tunnel

! IP-IP tunnel

! Loopback (internal router interface)

! Multicast tunnel (internal router interface

for VPNs)

! Multilink Frame Relay

! Multilink PPP

! SONET/SDH

! T1

! T3

! VPN tunnel

Supported Interface TypesSupported Interface Types


When you configure an interface, you are effectively specifying the

properties for a physical interface descriptor. In most cases, the physical

interface descriptor corresponds to a single physical device and consists

of the following parts:

! The interface name, which defines the media type

! The slot in which the FPC is located

! The location on the FPC in which the PIC is installed

! The PIC port

! The interface’s channel and logical unit numbers (optional)

Configuring Interface – Physical DescriptorConfiguring Interface – Physical Descriptor


Each interface has an interface name, which specifies the media type,

the slot the FPC is located in, the location on the FPC that the PIC is

installed in, and the PIC port. The interface name uniquely identifies an

individual network connector in the system. You use the interface name

when configuring interfaces and when enabling various functions and

properties, such as routing protocols, on individual interfaces. The

system uses the interface name when displaying information about the

interface, for example, in the show interfaces command.

The interface name is represented by a physical part, a logical part, and

a channel part in the following format:

physical<:channel>.logical

Configuring Interface – NameConfiguring Interface – Name


The physical part of an interface name identifies the physical device,

which corresponds to a single physical network connector. Format:

type-fpc/pic/port

Refer next slides for different types of interfaces.

The logical unit part of the interface name corresponds to the logical unit

number, which can be a number in the range 0 through 16384.

Configuring Interface – Physical/ Logical partConfiguring Interface – Physical/ Logical part


! ae— Aggregated Ethernet interface.

! as— Aggregated SONET/SDH interface.

! at— ATM interface.

! ds— DS-0 interface (configured on either Channelized DS-3 to DS-0 PIC or Channelized E1

PIC).

! e1— E1 interface (including Channelized STM-1 to E1 interfaces).

! e3— E3 interface.

! es— Encryption interface.

! fe— Fast Ethernet interface.

! fxp— Management and internal Ethernet interfaces.

! ge— Gigabit Ethernet interface.

! gr— Generic Route Encapsulation tunnel interface.

! ip— IP-over-IP encapsulation tunnel interface.

! lo— Loopback interface.

! ml— Multilink interface.

! mt— Multicast tunnel interface.

! so— SONET/SDH interface.

! t1— T1 interface (including Channelized DS-3 and Channelized OC-3 to T1 interfaces).

! t3— T3 interface (including Channelized OC-12 interfaces).

! vt— VPN interface (used for one type of VPN tunnel).

Configuring Interface – Types of InterfacesConfiguring Interface – Types of Interfaces


Physical Interface have standard names:

• Type

• FPC Slot

• PIC Slot

• Port Number

S0-5/1/3

Configuring Interface – Naming exampleConfiguring Interface – Naming example


The channel identifier part of the interface name is required only on

channelized interfaces. Channel 0 identifies the first channelized interface.

A nonconcatenated (that is, channelized) SONET/SDH OC-48 interface

has four OC-12 channels, numbered 0 through 3. A Channelized OC-12

interface has twelve DS-3 channels, numbered 0 through 11.

For an FPC in slot 1 with two OC-3 SONET PICs in PIC positions 0 and 1,

each PIC with two ports uses the following names:

so-1/0/0.0

so-1/0/1.0

so-1/1/0.0

so-1/1/1.0

Configuring Interface – Naming exampleConfiguring Interface – Naming example


Interface Type Default Media Maximum Default IP Protocol

MTU (Bytes) MTU (Bytes) MTU (Bytes)

ATM 4482 9192 4470

E1/T1 1504 9192 1500

E3/T3 4474 9192 4470

Fast Ethernet 1514 9192 1500 (IPv4), 1497 (ISO)

Gigabit Ethernet 1514 9192 1500 (IPv4), 1497 (ISO)

SONET/SDH 4474 9192 4470

Configuring Interface – MTU’s Configuring Interface – MTU’s


By default, the JUNOS software uses the physical interface’s speed for

the MIB-II object, ifSpeed. You can configure the logical unit to populate

the ifSpeed variable by configuring a bandwidth value for the logical

interface.

The bandwidth statement sets an informational-only parameter; you

cannot adjust the actual bandwidth of an interface with this statement.

To configure the bandwidth value for a logical interface, include the

bandwidth statement at the [edit interfaces interface-name unit logical-

unit-number] hierarchy level:

[edit interfaces interface-name unit logical-unit-number]

bandwidth rate;

rate is the peak rate, in bps or cps.

Configuring Interface – Interface Speed Configuring Interface – Interface Speed




•Syslog


•USER Configurations


•Troubleshooting


Many statements in the JUNOS software configuration include an option to

specify an IP address or route prefix. In this manual, this option is

represented in one of the following ways:

• network/prefix-length—Network portion of the IP address, followed by a

slash and the destination prefix length (previously called the subnet mask).

For example, 10.0.0.1/8.

• network—IP address. An example is 10.0.0.2.

• destination-prefix/prefix-length—Route prefix, followed by a slash and the

destination prefix length. For example, 192.168.1.10/32.

You enter all IP addresses in classless mode.

System Management: IP addressSystem Management: IP address





•Syslog



•Policy and Firewall Filter

•Basic Troubleshooting

•Class of Service


Radius Server Configurations

To use RADIUS authentication on the router, configure information about one or more RADIUS servers on the network.

[edit system]– radius-server server-address{

- accounting-port number;

- port number;

- secret seconds;

Server-address is the address of the Radius Server.

You can specify a port on which to contact the RADIUS server. By default port number 1812 is used (RFC 2865)

The secret used by the local router must match that used by server.

To configure multiple Radius servers, include multiple radius-server statements.


Authentication Order and Source AddressAuthentication Order and Source Address

If you configure the router to use both the Radius and local database for authentication you prioritize the order in which the software tries the different authentication methods when verifying that a user can access the router.

[edit system]– authentication-order [authentication-methods]

In authentication-methods, specify one or more of the following in the preferred order, radius – verify the user using Radius authentication methods

tacplus – Verify the user using TACACS+ authentication services

Password- Verify the user the password configured for the user with the authentication statement at the [edit system login user] hierarchy level

You can specify which source address the JUNOS software uses when accessing your network to contact an external RADIUS server for authentication.

[edit system radius-server server-address]– source-address source-address





•Syslog




•Basic Troubleshooting

•Class of Service



Syslog ConfigurationsSyslog Configurations

JUNOS Software generates system log messages to record events that occur on the routing platform, including the following;

Routing operations, such as creation of an OSPF protocol adjacency or a user login into the configuration database

Failure and error conditions, such as failure to access a configuration file ot unexpected closure of a connection to a child or peer process.

Emergency or critical conditions such as routing platform power-down due to excessive temperature.

When you configure system logging, you can direct messages to one or more destinations by including the appropriate statement at the [edit system syslog]

To a named file in local file system, by including file statement To a terminal session of one or more specific users when they are logged in the routing

platform, by including the user statement. To the routing platform console, by including the console statement. To a remote machine that is running the syslogd facility or to the other Routing Engine

on the routing platform, by including the host statement.


Syslog ConfigurationsSyslog Configurations

[edit system] syslog{

– archive{

- file number;

- size size;

- (World-readable | no-world-readable)

- }

– file filename{

- facility severity;

- explicit-priority;

- match “regular-expression”

- }

– host hostname{

- facility severity;

- explicit-priority;

- facility-override;

- match “regular-expression”

- }





•Syslog




•Class Of Service


User ConfigurationUser Configuration

User accounts provide one way for users to access the router. For each account you define the login name for the user name and optionally information that identifies the user.

After you have created an user account, the software creates a home directory for the user.

To create the user accounts

[edit system login] user username{

– full-name complete-name;

– uid uid-value;

– class class-name;

– authentication{

- (encrypted-password “password” | plain-text password);

- ssh-rsa “public-key”

- ssh-dsa “public-key”

- }

– }


Login Class ConfigurationLogin Class Configuration

Default system login class Login Permission Bits set

Operator Clear, network, reset, trace,view

Read-only View

Super-user All

Unauthorized None

Denying or Allowing individual commands: Users can execute only those commands and view only those statements for which they have access privileges. For

each login class, you can explicitly deny or allow the use of operational and configuration mode commands that would otherwise be permitted or not allowed by privilege level specified in the permissions statement.

You can use regular expressions with the allow-commands and deny-commands statements to define user’s access privileges to individual operational commands.

Operator Match….

| One of the two terms on either side of the pipe

^ At the beginning of an expression, used to denote where the command begins

$Character at the end of a command. Used to denote a command that must be matched

upto that point

[ ] Range of letters or digits

( )A group of commands, indicating an expression to be evaluated; the result is the

evaluated part of the overall expression





•Syslog



•Troubleshooting


NTP ConfigurationNTP Configuration

Network Time Protocol (NTP) provides the mechanisms to synchronize time and coordinate time distribution in a large, diverse network.

NTP should be configured to provide accurate time stamps in the syslog messages.

Configuration statement for NTP: [edit system]

ntp {– server address;

– boot-server address;

– authentication-key number type type value password;

– trusted-key [key-numbers];

– }

NTP Boot server: When the router boots, it issues an ntpdate request, which polls the network server to determine the local date and time. You need to configure a server that the router uses to determine the time when the router boots.


DNS Name serverDNS Name server

To have the router resolve the hostname into addresses, you must configure one or more Domain Name System (DNS) name servers as below:

[edit system] name-server {

– address;

– }

Root AuthenticationRoot Authentication

JUNOS software is preinstalled on the router. When the routers is powered on, it is ready to be configured. Initially, you log in to the router as the user “root” with no password. After you log in, you should configure the root (super-user) password as shown:

[edit system] root-authentication {

– (encrypted-password “password” | plain-text password);

– ssh-rsa “public-key”;

– ssh-dsa “public-key”;

– }


Service ConfigurationsService Configurations

For security reasons, the remote access to the router is disabled by default. You must configure the router explicitly so that user on remote systems can access it.

The router can be access from a remote system by means of DHCP, finger, FTP, JUNOScript clear-text, JUNOScript secure sockets layer (SSL), rlogin, SSH and telnet services.

[edit system services] ftp {

– <connection-limit limit>;

– <rate-limit limit>;

– }

telnet {– <connection-limit limit>;


– }

ssh {– root-login (allow | deny | deny-password)

– protocol-version [v1 | v2]

– <connection-limit limit>;


– }





•Syslog



•Troubleshooting


Agenda•Interface Configuration•System Management•AAA Configurations•Syslog•USER Configurations•Misc System Management Features•Troubleshooting


Basic Router Component Monitoring Basic Router Component Monitoring

SNMP

The Simple Network management (SNMP) network manager running on a NMS in NOC discovers, polls and exchanges network management information.

The SNMP network manager software collects information about router connectivity, operation and events.

The SNMP agent responds to requests for information and controls access to its Management Information Bases (MIBs). The MIBs define all the objects that can be managed on the router via SNMP.

Router Craft Interface

The craft interface provides status and troubleshooting information at a glance and lets you perform many system control functions.


Basic Router Component MonitoringBasic Router Component Monitoring

System Log File

The messages system log file records the messages generated by component operational events, including error messages generated by component failures. To view the messages use the following CLI command

show system log messages

The chassis daemon (chassisd) log file keeps track of the state of each chassis environment. To view the chassisd log file, use the following CLI command

show log chassisd


Routing Engine Troubleshooting CommandsRouting Engine Troubleshooting Commands

Routing Engine StatusShow chassis routing-engine

Show chassis environment routing-engine

Redundant Routing Engine status

Show chassis craft-interface

Routing Engine rebootsShow log messages

file list /var/crash

Routing Engine fails to boot

Show system storage

Show system boot-messages

Show log messages

Check router file system and boot disk

Show system storage

Display current routing engine alarms

Show chassis alarms


FPC Troubleshooting CommandsFPC Troubleshooting Commands

FPC Status and Utilization Show chassis FPC

FPC Status and Uptime Show chassis fpc detail fpc-slot

Current FPC alarms Show chassis alarms

FPC error in system log Show log messages | match “fpc | kernel | tnp”

FPC error in chassis daemon log file

Show log chassisd | match fpc

FPC hardware information Show chassis hardware


PIC Troubleshooting CommandsPIC Troubleshooting Commands

PIC Media type and FPC status

Show chassis fpc pic-status

Show chassis pic pic-slot # fpc-flot#

PIC Interface Status show interface terse

Current Chassis AlarmShow chassis alarms

Show chassis craft-interface

Display error messages in the system log

Show log messages | match pic

Display PIC hardware information

Show chassis hardware


Useful Commands for TroubleshootingUseful Commands for Troubleshooting

> show bgp summary

> show isis neighbor

> show bgp summary instance <VRF instance>

> show ospf neighbor instance <VRF instance>

> show route table inet.3

> show route table <VRF instance>

> show ldp neighbor

> show route protocol ospf | match <matching-critieria>

> show route protocol bgp | match <matching-critieria>

> show route receiving-protocol bgp <neighbor peer>

> show route advertising-protocol bgp <neighbor-peer>

> ping <IP address>, traceroute <IP address>

> show interface terse | match inet


Layer 1 Monitoring and Troubleshooting ps@dunkel-re0> show interfaces so-2/0/0 extensive

Physical interface: so-2/0/0, Enabled, Physical link is Up

Interface index: 162, SNMP ifIndex: 154, Generation: 163

Link-level type: PPP, MTU: 4474, Clocking: Internal, SONET mode, Speed: OC12,

Loopback: None, FCS: 16, Payload scrambler: Enabled

Device flags : Present Running

Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000

Link flags : Keepalives

Hold-times : Up 0 ms, Down 0 ms

Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3

Keepalive statistics:

Input : 0 (last seen: never)

Output: 0 (last sent: never)

LCP state: Opened

NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls:

Not-configured

CHAP state: Closed

PAP state: Closed

CoS queues : 8 supported, 8 maximum usable queues


Details of OutputsDetails of Outputs

FCS

The FCS, or frame checksum, is used for packet validation. Juniper’s default behavior is to use a 16-bit frame checksum, but can also be configured with a 32-bit checksum that improves reliability, but might not be supported on all network elements.

The quickest way to identify a checksum error is to monitor for framing errors by repeatedly running the show interface [interface name] extensive command or using the monitor interface [interface name] command. Rapidly increasing framing errors are generally indicative of a checksum error.

Payload Scrambling

Payload scrambling, bolded in the show command output, is a common culprit in a malfunctioning a SONET connection. Like many SONET parameters, payload-scrambling must agree between the two ends of a circuit, and a conflict between the two sides causes SONET errors.

the side with payload-scrambling enabled logs input errors which a Juniper Networks router presents as input giants. The side of the connection without payload-scrambling configured will display framing errors.

Input Errors

Many different SONET errors can trigger input errors and while their causes vary, they are indicative of a problem and their cause should be examined and corrected. Framing errors, runts, and giants are typically due to misconfiguration. Framing errors can be caused by an FCS mismatch (16 on one side and 32 on the other, for example) or payload-scrambling mismatches.


Details of OutputsDetails of OutputsPoliced discards Displays the frames discarded due to an unrecognized format. This fieldnormally reports received protocol packets that the JUNOS software does not understand. Forexample, if the family iso command were not used, then received IS-IS packets would incrementthis counter. In addition, protocols such as the Cisco Discovery Protocol (CDP) are notrecognized and thus increment this counter.

L3 incompletes Displays the number of times a received packet fails a Layer 3 header check.For example, a frame with fewer than 20 bytes of available IP header is discarded and the counteris incremented.

L2 channel errors Displays the number of received packets with an unknown Layer 2address. For example, a packet with DLCI100 as an address is discarded when that DLCI valueis not configured on the interface.

L2 mismatch timeouts Displays the number of malformed packets that cause the incominginterface to discard the frame as unreadable.

SRAM errors Displays hardware errors in the static random access memory (SRAM) on thePIC itself. This should always be a value of 0. If not, the PIC is malfunctioning.HS link CRC errors Displays the errors on the


Monitor Commands The monitor interface interface-name command displays per-second real-time statistics for a physical interface. The output of this command shows how often each field has changed since the command was executed. You can also view common interface failures, such as alarms, errors,or loopback settings.user@Cabernet> monitor interface so-2/0/0Cabernet Seconds: 11 Time: 12:41:55Delay: 2/0/2Interface: so-2/0/0, Enabled, Link is UpEncapsulation: PPP, Keepalives, Speed: OC3Traffic statistics: Current deltaInput bytes: 1103360 (40 bps) [36]Output bytes: 1190328 (48 bps) [26]Input packets: 13839 (0 pps) [3]Output packets: 15246 (0 pps) [2]Encapsulation statistics:Input keepalives: 410 [1]Output keepalives: 407 [1]LCP state: OpenedError statistics:Input errors: 0 [0]Input drops: 0 [0]Input framing errors: 0 [0]Input runts: 0 [0]Input giants: 0 [0]Policed discards: 235 [0]L3 incompletes: 0 [0]L2 channel errors: 0 [0]


monitor trafficThe monitor traffic command prints packet headers to your terminal screen for information sent or received by the RE user@Cabernet> monitor traffic interface so-2/0/0Listening on so-2/0/015:09:05.467601 Out LCP echo request (type 0x09 id 0x76 len 0x0008)15:09:05.468244 In LCP echo reply (type 0x0a id 0x76 len 0x0008)15:09:08.017283 In LCP echo request (type 0x09 id 0x1a len 0x0008)15:09:08.017301 Out LCP echo reply (type 0x0a id 0x1a len 0x0008)15:09:15.667708 Out LCP echo request (type 0x09 id 0x77 len 0x0008)15:09:15.668403 In LCP echo reply (type 0x0a id 0x77 len 0x0008)

user@Cabernet> show arpMAC Address Address Name Interface00:a0:a5:28:15:f5 172.16.0.1 172.16.0.1 fxp0.000:a0:a5:12:29:bd 172.16.5.1 172.16.5.1 fxp0.000:a0:a5:12:2a:4b 172.16.8.1 172.16.8.1 fxp0.0

user@Cabernet> ping 10.0.1.1PING 10.0.1.1 (10.0.1.1): 56 data bytes64 bytes from 10.0.1.1: icmp_seq=0 ttl=255 time=1.086 ms64 bytes from 10.0.1.1: icmp_seq=1 ttl=255 time=0.934 ms64 bytes from 10.0.1.1: icmp_seq=2 ttl=255 time=0.912 ms

user@Cabernet> traceroute 192.168.5.1traceroute to 192.168.5.1 (192.168.5.1), 30 hops max, 40 byte packets1 10.0.2.2 (10.0.2.2) 0.432 ms 0.347 ms 0.320 ms2 192.168.5.1 (192.168.5.1) 1.210 ms 1.005 ms 0.919 ms


SONET Alarms and Defects Loss of Signal (LOS)

A loss of signal (LOS) alarm indicates that there is a physical link problem with the connection to the

router receive port from the neighboring SONET equipment transmit port.

- Loss of Frame (LOF) SONET uses the A1 and A2 bytes in the section overhead to align frames using specific bit patterns. If an

element detects errors in this pattern for three consecutive milliseconds, an LOF error is issued. If you receive an LOF error, check the connection between the router and the first SONET network element and ensure that there is no framing mismatch (for example, SONET or SDH) between network elements.

- Alarm Indication Signal (AIS)

An AIS signal is sent downstream to signal an error condition.

- Remote Defect Indication (RDI)

The RDI is the complement to the AIS and is sent upstream when an error is detected

- Bit Error Rate (BER) Bit error rate alarms are declared when the number of BIP-B2 errors hits a certain threshold. there are

two types of BER alarms. In both cases, the interface is taken down.


Layer 2 Monitoring and Troubleshooting ps@dunkel-re0> show interfaces so-1/2/3

Physical interface: so-1/2/3, Enabled, Physical link is Up

Interface index: 148, SNMP ifIndex: 133

Description: Connection to kenny so-1/2/3

Link-level type: PPP, MTU: 4474, Clocking: Internal, SONET mode, Speed: OC3,

Loopback: None, FCS: 16, Payload scrambler: Enabled

Device flags : Present Running

Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000

Link flags : Keepalives

Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3

Keepalive: Input: 275076 (02:44:12 ago), Output: 275032 (02:44:09 ago)

LCP state: Opened

NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls:

Not-configured

CHAP state: Closed

PAP state: Closed

CoS queues : 4 supported, 4 maximum usable queues

Last flapped : 2010-04-09 14:38:52 PDT (2d 23:50 ago)

Input rate : 656 bps (0 pps)

Output rate : 696 bps (0 pps)

SONET alarms : None

SONET defects : None

Logical interface so-1/2/3.0 (Index 69) (SNMP ifIndex 142)

Flags: Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPP

Protocol inet, MTU: 4470

Flags: None

Addresses, Flags: Is-Preferred Is-Primary

Destination: 10.33.18.4/30, Local: 10.33.18.6, Broadcast: 10.33.18.7


ps@dunkel-re0> ping 10.33.18.5 count 5 PING 10.33.18.5 (10.33.18.5): 56 data bytes --- 10.33.18.5 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss ps@dunkel-re0> show interfaces so-1/2/3 Physical interface: so-1/2/3, Enabled, Physical link is Up Interface index: 148, SNMP ifIndex: 133 Description: Connection to maibock Link-level type: PPP, MTU: 4474, Clocking: Internal, SONET mode, Speed: OC3, Loopback: None, FCS: 16, Payload scrambler: Enabled Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000 Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 Keepalive: Input: 0 (never), Output: 0 (never) LCP state: Down NCP state: inet: Not-configured, inet6: Not-configured, iso: Not-configured, mpls:

Not-configured


ps@dunkel-re0> show ppp interface so-1/2/3 extensive Sessions for interface so-1/2/3 Session so-1/2/3.0, Type: PPP, Phase: Establish LCP State: Creq-sent Last started: 2010-04-12 16:16:16 PDT Last completed: 2010-04-12 16:16:14 PDT Negotiated options: Authentication protocol: CHAP, Authentication algorithm: MD5, Magic number: 2543706641, MRU: 4470 Authentication: CHAP State: Closed Last started: 2010-04-12 16:16:14 PDT Last completed: 2010-04-12 16:13:26 PDT IPCP State: Closed Last started: 2010-04-12 16:13:26 PDT Last completed: 2010-04-12 16:13:26 PDT Negotiated options: Local address: 10.33.18.6, Remote address: 10.33.18.4, Primary DNS: 0.0.0.0,

Secondary DNS: 0.0.0.0


Layer 3 Monitoring (ISIS and BGP)

Various show commands exist to provide detailed information on the operation of IS-IS

show isis interface

show isis adjacency

show isis spf log

show isis statistics

show isis route

show isis database


ps@dunkel-re0> show isis adjacency Interface System L State Hold (secs) SNPA so-2/0/0.0 pilsener-re0 2 New 23 ps@dunkel-re0> show isis adjacency Interface System L State Hold (secs) SNPA so-2/0/0.0 pilsener-re0 2 Initializing 26 ps@dunkel-re0> show isis adjacency Interface System L State Hold (secs) SNPA

so-2/0/0.0 pilsener-re0 2 Up 26

ps@dunkel-re0> show isis database detail IS-IS level 1 link-state database: IS-IS level 2 link-state database: pilsener-re0.00-00 Sequence: 0x7, Checksum: 0xd28e, Lifetime: 1155 secs IS neighbor: dunkel-re0.00 Metric: 10 IP prefix: 10.200.7.2/32 Metric: 0 Internal Up IP prefix: 18.32.74.0/30 Metric: 10 Internal Up dunkel-re0.00-00 Sequence: 0x1e5, Checksum: 0x75f2, Lifetime: 1163 secs IS neighbor: pilsener-re0.00 Metric: 10 IP prefix: 10.200.7.1/32 Metric: 0 Internal Up

IP prefix: 18.32.74.0/30 Metric: 10 Internal Up

ps@dunkel-re0> show route protocol isis inet.0: 8 destinations, 9 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.200.7.2/32 *[IS-IS/18] 00:00:41, metric 10

> to 18.32.74.2 via so-2/0/0.0


The show bgp summary provides you with a good snapshot of the protocol on your router.user@M20> show bgp summaryGroups: 2 Peers: 4 Down peers: 0Table Tot Paths Act Paths Suppressed History Damp State Pendinginet.0 12 12 0 0 0 0Peer AS I nPkt OutPkt OutQ Flaps Last Up/Dwn State172.16.1.1 10 428 430 0 0 3:33:00 4/4/0172.16.2.1 30 428 430 0 0 3:32:56 4/4/0192.168.6.6 20 392 392 0 0 3:14:30 2/2/0192.168.7.7 20 390 391 0 0 3:14:02 2/2/0

To view the configured groups on your router, use show bgp group command

user@M20> show bgp groupGroup Type: External Local AS: 20Name: ebgp-peersTotal peers: 2 Established: 2172.16.1.1+179172.16.2.1+179Route Queue Timer: unset Route Queue: empty


To receive most detailed information about your BGP neighbor use show bgo neighbor command

user@Shiraz> show bgp neighbor 172.16.1.1Peer: 172.16.1.1+179 AS 10 Local: 172.16.1.2+1028 AS 20Type: External State: Established Flags: <>Last State: OpenConfirm Last Event: RecvKeepAliveLast Error: NoneOptions: <Preference HoldTime PeerAS Refresh>Holdtime: 90 Preference: 170Number of flaps: 0Peer ID: 192.168.2.2 Local ID: 192.168.5.5 Active Holdtime: 90Keepalive Interval: 30Local Interface: so-0/0/1.0NLRI advertised by peer: inet-unicastNLRI for this session: inet-unicastPeer supports Refresh capability (2)Table inet.0 Bit: 10000Send state: in syncActive prefixes: 4Received prefixes: 4Suppressed due to damping: 0Last traffic (seconds): Received 13 Sent 13 Checked 13Input messages: Total 438 Updates 4 Refreshes 0 Octets 8473Output messages: Total 440 Updates 4 Refreshes 0 Octets 8526Output Queue[0]: 0


show route receive-protocol bgp addressDisplays routes received by a peer before policy is applied

user@M20> show route receive-protocol bgp 192.168.7.7inet.0: 26 destinations, 27 routes (26 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both10.20.3.0/24192.168.7.7 0 100 I10.20.4.0/24192.168.7.7 0 100 I

Show route advertising-protocol bgp addressDisplays routes advertised to specific peer

user@Chablis> show route advertising-protocol bgp 192.168.5.5inet.0: 21 destinations, 22 routes (13 active, 0 holddown, 8 hidden)+ = Active Route, - = Last Active, * = Both10.20.3.0/24Self 0 100 I10.20.4.0/24Self 0 100 I


Class of Service troubleshootingClass of Service troubleshootingashjun@NDL-MPL-PE-RTR-37-93> show interfaces queue ge-2/0/1Physical interface: ge-2/0/1, Enabled, Physical link is Up Interface index: 302, SNMP ifIndex: 192 Description: Connected to NDL-MPL-GSR-RTR-37-199 Port: Gi10/0/2Forwarding classes: 16 supported, 7 in useIngress queues: 8 supported, 7 in useQueue: 0, Forwarding classes: STANDARD Queued: Packets : 412421291968 35363 pps Bytes : 217459184260522 161272672 bps Transmitted: Packets : 412421291968 35363 pps Bytes : 217459184260522 161272672 bps Tail-dropped packets : Not Available RED-dropped packets : 0 0 pps Low, non-TCP : 0 0 pps Low, TCP : 0 0 pps High, non-TCP : 0 0 pps High, TCP : 0 0 pps RED-dropped bytes : 0 0 bps Low, non-TCP : 0 0 bps Low, TCP : 0 0 bps High, non-TCP : 0 0 bps High, TCP : 0 0 bpsQueue: 1, Forwarding classes: BUSINESS Queued: Packets : 20523685161 1048 pps Bytes : 5425232937778 3077432 bps Transmitted: Packets : 20523685161 1048 pps Bytes : 5425232937778 3077432 bps Tail-dropped packets : Not Available RED-dropped packets : 0 0 pps Low, non-TCP : 0 0 pps Low, TCP : 0 0 pps High, non-TCP : 0 0 pps High, TCP : 0 0 pps RED-dropped bytes : 0 0 bps Low, non-TCP : 0 0 bps Low, TCP : 0 0 bps High, non-TCP : 0 0 bps High, TCP : 0 0 bps


VPN TroubleshootingVPN Troubleshootingashjun@NDL-MPL-PE-RTR-37-93> show interfaces terse routing-instance alle1-2/1/2:1:2.0 up up inet 172.34.134.149/30 ADIGEAR-MNG-3-He1-2/1/2:1:3.0 up up inet 172.34.136.53/30 COMPTROLLER-AUDITOR-3-Me1-2/1/2:1:4.0 up up inet 10.101.10.161/30 HDFC-M

ashjun@NDL-MPL-PE-RTR-37-93> show route table HDFC-MHDFC-M.inet.0: 781 destinations, 3173 routes (781 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[BGP/170] 00:20:41, MED 0, localpref 100, from 202.123.37.4 AS path: 65001 I > to 202.92.226.61 via ge-2/0/0.0, Push 5555, Push 1159(top) to 202.92.229.197 via ge-2/0/1.0, Push 5555, Push 391(top) to 202.92.226.113 via xe-1/0/0.0, Push 5555, Push 391(top) [BGP/170] 00:20:41, MED 0, localpref 100, from 202.123.37.9 AS path: 65001 I > to 202.92.226.61 via ge-2/0/0.0, Push 5555, Push 1159(top) to 202.92.229.197 via ge-2/0/1.0, Push 5555, Push 391(top) to 202.92.226.113 via xe-1/0/0.0, Push 5555, Push 391(top) [BGP/170] 00:20:41, MED 0, localpref 100, from 202.123.37.12 AS path: 65001 I> to 202.92.226.61 via ge-2/0/0.0, Push 5555, Push 1159(top) to 202.92.229.197 via ge-2/0/1.0, Push 5555, Push 391(top) to 202.92.226.113 via xe-1/0/0.0, Push 5555, Push 391(top) [BGP/170] 00:20:41, MED 0, localpref 100, from 202.123.37.224 AS path: 65001 I > to 202.92.226.61 via ge-2/0/0.0, Push 5555, Push 1159(top) to 202.92.229.197 via ge-2/0/1.0, Push 5555, Push 391(top) to 202.92.226.113 via xe-1/0/0.0, Push 5555, Push 391(top)10.1.5.120/32 *[BGP/170] 00:20:41, MED 0, localpref 100, from 202.123.37.4 AS path: 65001 I to 202.92.226.61 via ge-2/0/0.0, Push 8536, Push 1159(top) > to 202.92.229.197 via ge-2/0/1.0, Push 8536, Push 391(top) to 202.92.226.113 via xe-1/0/0.0, Push 8536, Push 391(top) [BGP/170] 00:20:41, MED 0, localpref 100, from 202.123.37.9 AS path: 65001 I to 202.92.226.61 via ge-2/0/0.0, Push 8536, Push 1159(top) > to 202.92.229.197 via ge-2/0/1.0, Push 8536, Push 391(top) to 202.92.226.113 via xe-1/0/0.0, Push 8536, Push 391(top) [BGP/170] 00:20:41, MED 0, localpref 100, from 202.123.37.12 AS path: 65001 I to 202.92.226.61 via ge-2/0/0.0, Push 8536, Push 1159(top)


Different Route Tables in JunosDifferent Route Tables in Junosashjun@NDL-MPL-PE-RTR-37-93> show route table inet.0

inet.0: 1500 destinations, 1500 routes (1500 active, 0 holddown, 0 hidden)Restart Complete+ = Active Route, - = Last Active, * = Both

1.1.1.0/30 *[IS-IS/18] 13w5d 15:09:11, metric 3 > to 202.92.226.61 via ge-2/0/0.01.1.3.0/30 *[IS-IS/18] 13w5d 15:09:11, metric 3 > to 202.92.226.61 via ge-2/0/0.01.1.4.0/30 *[IS-IS/18] 13w5d 15:09:11, metric 3

ashjun@NDL-MPL-PE-RTR-37-93> show route table inet.3

inet.3: 300 destinations, 300 routes (300 active, 0 holddown, 0 hidden)Restart Complete+ = Active Route, - = Last Active, * = Both

59.145.4.245/32 *[LDP/9] 4d 11:17:35, metric 1 > to 125.62.148.118 via ae1.500, Push 1763.218.164.7/32 *[LDP/9] 00:55:38, metric 1 > to 202.92.226.61 via ge-2/0/0.0, Push 1059125.62.129.148/30 *[LDP/9] 4d 11:17:35, metric 1 > to 125.62.148.118 via ae1.500ashjun@NDL-MPL-PE-RTR-37-93> show route table mpls.0

mpls.0: 571 destinations, 571 routes (571 active, 0 holddown, 0 hidden)Restart Complete+ = Active Route, - = Last Active, * = Both

0 *[MPLS/0] 26w1d 02:01:54, metric 1 Receive1 *[MPLS/0] 26w1d 02:01:54, metric 1 Receive2 *[MPLS/0] 26w1d 02:01:54, metric 1 Receiveashjun@NDL-MPL-PE-RTR-37-93> show route table inet6.0

inet6.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)Restart Complete+ = Active Route, - = Last Active, * = Both

fe80::2a0:a5ff:fe63:9f5c/128 *[Direct/0] 26w1d 02:02:53 > via lo0.0

CFM

Documents

Transcript of CFM