Jun 24, 2008

Juniper EX Series Switch Workshop 筆記分享 Part I

上星期參加了Juniper原廠所舉辦的EX Series Switch Workshop,內容很多再加上時間有限,因此我利用打字的方式邊聽邊記錄重點下來,在此分享給各位,不過前提是最好對JUNOS有基本的認識不然可能看不太懂我筆記裏面的各項指令(事實上這也是我的JUNOS初體驗,不過如果有Cisco IOS指令的基礎,只要多花一點點時間很快就可以將JUNOS上手)

如果小弟的筆記有誤,還請各方大德給予指教修正,謝謝!

===============================================================================
Juniper Switch:
Model
3200
4200 (virtual chassis - 128G/redundant power)
8200 Q4
(all layer 3)

48 Port PoE need 930W

10G XFP can be virtual chassis
unsupport EtherChannel now
One Active/One Standby

USB - internal storage / firmware upgrade

Virtual Management Ethernet (VME)

IPv6/MPLS in the future(hardware ready)

NSM(all platform will use this interface)

PFE(Packer Forward Engine)

EX-PFE control 24 port

2 * VCP(Virtual chassis port)/64G(32G TX/32G RX) = 128G VCB(Virtual Chassis Backplane)

EX3200-24x/48x last 4 ports share with SPF

Extract Layer 2 Header then re-write Layer 2 with original packet

================================================================================

aka MAC address table/FDB(Forwarding Database)

"default" VLAN = NULL vlan-id

>family ethernet-switching(layer 2)
>family inet(layer 3)


>show ethernet-switching interface => check trunk and switch port status
>show ethernet-switching table => MAC table
>show vlans


RVI(Routed Virtual Interface) = VLAN interface

LAG(Link Aggregation Group)/aka Aggregated Ethernet(ae)
802.3ad LACP(Dynamic Bundling Protocol)

Up to 8 ports per group
.EX3200 32 groups
.EX4200 64 groups

Does not have to be contiguous ports

SW: Hashing(unconfigured now)


>show interface ae0

===============================================================================

IEEE Reserved MAC Address for BPDU - 01:80:C2:00:00:00

Juniper support CST(Common Spanning Tree)

ESWD(Enterprise Switch Daemon)

PVST+ VLAN 1 always advertises BPDU to IEEE STP multicast addresss(01:80:c2:00:00:00)
- interoperates with IEEE 802.1d

PVST+ advertised BPDUs on other VLANs with Cisco's reserved multicast address(01:00:0c:cc:cc:cd)

IEEE 802.1w(Rapid Spanning Tree Protocol, RSTP)
- BPDU Ver field = 0x02
- Alternet Port
- Backup Port

If a switch does not support RSTP will ignore RSTP BPDU, else it will reverts to 802.1d BPDU.

IEEE 802.1s(Multiple Spanning Tree Protocol, MST)
- map multiple VLANs to one or multiple instances
- Max of 64 instances
- Backward compatible with STP, RSTP via CST(Common Spanning Tree)
- CST across all MST regions
- MSTI(Multiple Spanning Tree Instance)


>edit protocol mstp

===============================================================================
Redundant Trunk Group(RTG)

RTG and STP are mutually exclusive on a given port

Maximum number of RTG per system/virtual chassis are 16

===============================================================================
Virtual Chassis:

Master Route Engine(RE0)
Backup Route Engine(RE1)

Virtual Chassis Control Protocol Daemons(VCCPd)

Master(Highest Priority)
Backup(Lower Priority)
Linecard(Lowest Priority)

Member ID(0~9)

Individual Ethernet management ports(me0)
- on member switches

Single L3 virtual management interface(vme)
- always follows the Master RE

GRES(Graceful Route Engine Switchover)

NSR(Non-stop Routing)(System Default)

Field Research Software (FRS)

Not support GRE tunnel port mirror now

===============================================================================
Power over Ethernet(PoE)
- IEEE 802.3af
- Power Sourcing Equipment(PSE)
- Powered Device(PD)
- class 0(15.4 watts)
- class 1(4 watts)
- class 2(7 watts)
- class 3(15.4 watts)
- class 4(Future Expansion)

If redundant power spec. are mismatch switch will use the lower one spec. output

Voice VLAN
- support CoS(IEEE 802.1p)
- Native VLAN(untagged VLAN) transport Data
- Voice VLAN(tagged VLAN) transport Voice

LLDP(Link Layer Discovery Protocol)
IEEE 802.1AB-2005
The Link Layer Discovery Protocol or LLDP is a vendor-neutral Layer 2 protocol that allows a network device to advertise its identity and capabilities on the local network.

LLDP-MED(Link Layer Discovery Protocol - Media Endpoint Discovery)
LLDP-MED is an enhancement to the Link Layer Discovery Protocol (LLDP) that is designed to allow for things such as:
- Auto-discovery of LAN policies (such as VLAN, Layer 2 Priority and Diffserv settings) leading to "plug and play" networking.
- Device location discovery to allow creation of location databases and, in the case of VoIP, E911 services.
- Extended and automated power management of Power over Ethernet endpoints.
- Inventory management, allowing network administrators to track their network devices, and determine their characteristics (manufacturer, software and hardware versions, serial / asset number).


The LLDP-MED protocol was formally approved and published as the standard ANSI/TIA-1057 by the Telecommunications Industry Association (TIA) in April 2006.

Multicast MAC Address:01-80-C2-00-00-0E
ethertype:88-CC

CDP(Cisco Discovery Protocol)
Multicast MAC Address:0100.0ccc.cccc

===============================================================================
DHCP snooping
- All access ports are untrusted by default
- All trunk ports are trusted by default

DAI(Dynamic ARP Inspection)
- Trunk port will bypass DAI
- DHCP snooping is required
- enabled/disable per VLAN

EAPOL(Extensible Authenticaion Protocol over LAN)

IEEE 802.1x
- Single
- Single-Secure
- Multiple

Guest VLAN
- when 802.1x authentication fail
- wehn client not response for 802.1x

VSA(Vendor Specific Attributes)

Firewall ACLs
- Port-based ACL
- VLAN-based
- Router-based

Firewall Filter(FF)
- nput
Port FF => VLAN FF => Router FF
- Output
Router FF => VLAN FF => Port FF(Port FF not supported now)
===============================================================================
Port Mirror

- Physical ports(ingress/egress)
- VLANs(ingress only)
- Tunnel interface (in the future)

- Local Analyzer(L2 header will not be modified)
- Remote Analyzer(Original VLAN ID tag will be added with the intermediate VLAN used to transport the mirrored packets)

one port-mirroring session per system (so far)
- 1 destionation port
- 1 vlan
- 1 tunnel (in the future)

===============================================================================
QoS(Quality of Service)
- L2 CoS(Class of Service)
- L3 ToS(Tyoe of Service)

FC(Forwarding Class)
LP(Lost Priority)

Support 8 queues per port(Network, CPU & VCP(Virtual chassis port))

16 FCs
Default :
4FC
BE(Best-Effort)(Queue 0),
AF(Assure-Forwarding)(Queue 1),
EF(Expedited-Forwarding)(Queue 5),
NC(Network Control)(Queue 7)

PFEM(Packet Forwarding Engine)

>show cos forwarding-class table
>show halp-cos qos-attribs profile all


BA(Behavior Aggregate)

- L2 Access port: default is "untrust"
- L2 Trunk port: default is "trust 802.1p"
- L3 Physcial interface: default is "trust DSCP"


#set class-of-service classifiers
>show class-of-service classifier name
>show cos classifier


CoS Traffic Policing
- Limits inbound transmission
- ACL-based traffic policing
- 1-rate 2-color policers
. Single token bucket
. CIR(Commit Information Rate) + CBS(Commit Burst Size) "in-profile" are passed through
. CIR + CBS "out-profile" are dropped


# set firewall policer QOS if-exceeding bandwidth-limit 64000 burst-size-limit 128
# set interfaces ge-0/0/16.0 family inet filter ..


PFE(Packet Forwarding Engine)
- Packet memory consists of fixed-length 256 bytes buffers

Egress Queueing and Scheduling
SP(Strict-Priority)
SDWRR(Shaped Deficit Weighted Round Robin)
- SP queue must always be the highest numbered
- Tail-drop


>set class-of-service drop-profiles ..
>set class-of-service shcedulers ..



#run show class-of-service scheduler-map
>show halp-cos scheduler dev 0 port 21


VC Port Remapping/Scheduling
- Not user-configurable - fixed
Post a Comment