Home

RSVP MTU-Signaling ? How does it do ? Refresher

Leave a comment

Hi,

Below is a topology for RSVP LSP. As you can see MTU is varied across the path.

 

1

Drawbacks

-> Possible Black-hole when we receive high traffic Egress on R7 towards R1 with higher MTU on what link supports.

 

How do we avoid it, if it is RSVP Setup LSP

To understand better,  first we need to understand what RSVP uses to communicate MTU value then decide upon what is the lowest MTU value.

Two main objects would be

ADSPEC  – Relate to advertisement – Hence associate with PATH message

FLOWSPEC – Relate to Confirmation – Hence associate with RESV message

 

Digging Deeper , let see a screen shot on how it looks like, one simple thing, even the smallest value has to be advertised nothing is Magical per se 🙂

2

Lets see the flow-spec return

3

Let have a look at the command line at each and every hop, Its interesting to see how Ingress/Transit/Egress routers interpret the Spec

 

At Ingress

We have sent Adspec requesting 1015, we have received Path MTU 1015 – so far so good

4

At transit – Received 1015 / sent back 1015

5

At Egress – Adspec Received is 1015

6

 

I am changing mtu to 1001 in between the path, D1 should have this recognized , this is the last step. Fantastic we see that we have received path MTU to be 1001 , which is the lowest through out the path.

7

 

Regards

Rakesh M

 

 

 

 

 

 

 

 

 

 

BFD – High Level Working – Discriminator ?

1 Comment

Hi,

When testing in lab network for one of the customer environment reproduction, I Wanted to see what exactly BFD packet looked like to understand more about its behavior.

R1(9.9.12.1)—————–bfd(50ms, multipler 3)————-(9.9.12.2)R2

so to start with, I was working on a Juniper device block and here are the bfd session which are established. I have put it down simply to logical-systems but Idea is still the same.

I wanted first to monitor traffic, but no luck

1

At this point, we might start to be wondering why we don’t see BFD packets on the interface capture at all, the reason is simple, Juniper implements this much lower than the RE which is at line-card level, hence any capture on this would not work.

So, In order to capture the packets, I will go ahead and disable inline and delegation, these two are out of topic for this blog entry and lets keep it simple just by saying that disabling these two will help us in capturing packets at control plane level. Needless to say, dont do anything of this sort in production. we have to clear the session for these to take effect.

2

Lets now see if our interface can  capture BFD Packets and we see it , fantastic

3

Digging deep into the packet, I have done a packet-capture and have written it for a pcap. Also i have flapped the BFD session by writing a firewall filter and applying it to an interface

4

BFD, exchanges Hello, Discriminators for the session and also various timers, first let us see what are these in the command line then we will have seen in the packet capture, discriminators converted to hex, just keep this noted.

5

Let see the packet captures, control plane packet is destined for 3784 port, single-hop BFD and Discriminators are in HEX which are exchanged to keep the track of session.

6

Seeing, How the session down is advertised after firewall filter is applied

7

Bfd detected this by Session-state 0x1 Down  / Discriminator of neighbor set to 0x0 and from the message its clear that it detected that Control timer expired.

Bfd may  be a simple protocol but it can be very tough to troubleshoot for the same reason of being light weight ;), so next time if BFD goes down look out for these parameters and how they effect your session capture.

Regards

Rakesh M

 

 

 

 

OSPF – Juniper not honoring RFC 2328 Section 10.5 – p2p Subnet Mask ? It Does

Leave a comment

Hi,

During a casual slide browsing Juniper JIR, its mentioned that,on Point to Point links ospf should not honor Subnet Mask, meaning you can have un-equal subnet masks and still form a neighbor on a point-to-point link.

Lets look this behavior in a Juniper Router

R1(ge-1/1/0.12)10.10.12.1 ———————-10.10.12.2(ge-1/1/1.12)R2

1

We can clearly see, there arent any neighbors.  Before going into trace-options, lets see how a packet capture looks like, does the Hello-Packet

2

Subnet mask appears to be advertised, which is still fine as long as protocol knows to ignore it.

Lets see the what trace-options has to say , clearly its a mismatch which is causing this behavior ?

3

So,  is Juniper JUNOS not in accordance with RFC, well no, Junos in itself is a world-class operating system and how Juniper Interprets the RFC is quite correct? How is it ?

As per RFC its should not be honored on P2P links, when you configure interface-type p2p on an Ethernet interface, Juniper will ignore the interface-type parameter and will only consider True P2P links such Frame-Relay for this to work.

Lets see this configuration

4

and let see if OSPF is up

5

Below KB will explain the same

http://kb.juniper.net/InfoCenter/index?page=content&id=KB23533

 

Regards

Rakesh M

 

 

Ldp LoopFree Alternate

Leave a comment

Hi,

One of the customer is to implement LFA feature for LDP based distribution. First of all LFA is loopfree alternate which helps in faster convergence when there is a disruption in the physical links.

The Juniper Way

A Nice detailed explanation is given below in the KB

http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/8010056-001-EN.pdf

How does this Happen  ?

Juniper as most of you know has a forwarding Table Built in and also a Control Plane Table Sepearately. Typically if a link goes down, IGP has to calculate back its way to find an alternate path (if there is no ECMP), which might prove costly for VOIP/VIDEO based application streaming

Implemeting LFA in Juniper Networks Router will simply install alternate path in the forwarding table provisioning for a quickly turn-around in case of a flap.

 

lfa_topology

Lets first check if the protocols are up and vpn site is reachable

1

Implementing LFA on R1 first, as you can clearly see R1 has only one-link to go forward and there should be no LFA eligible path for R1. Lets verify

2.png

Lets implement the same on R2, this time we will also write a load balancing policy to export the Entry into forwarding table, as we know juniper will not install secondary path into forwarding table by default

R2 has another link to reach R4 and there by the End-Destination through R3 in the even R2-R4 link breaks

3

Lets Examine the LFA possible options

4.png

As we can clearly see there is a path-listed in the computatin, let see them via protocols (mpls/forwarding plane). The reference is from Router-R2 to Router-R5 with primary and backup paths

5

Understanding the results with and without LFA implementation

6

 

I hope this helps anyone who is starting with LFA and wanted to understand how it mixes with IGP and installs the best path for rapid convergence.

 

Regards

Rakesh M

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Pyez – First Impressions – Installation

2 Comments

Hi,

While exploring about Pyez and its possible deployment options, the initial installation took me a while to figure out installation dependencies. Went through different sites and options but had no luck. Finally, on a ubuntu Vm I was able to make it work. Here are the steps

The link has a list of dependencies for each OS

http://www.juniper.net/techpubs/en_US/junos-pyez1.0/topics/task/installation/junos-pyez-server-installing.html

 

pyez_1

Let us make sure we have all the files within the system, for this am assuming fresh install of Ubuntu system

 

Installing Dependencies

pyez_2

pyez_3

pyez_4

Now, once done with dependencies, you have to install the PYEZ Package, make sure this install goes clean without any errors

I have already installed Eznc and its libraries previously, i tried to uninstall and re-install , while process and end-output remains the same “installed successfully” the intermediary output may vary accordingly

pyez_5.png

First check on library installation

open python and try to import Device Module from jnpr.junos package, if it does not throw any error then the installation is a Success

pyez_6

 

Connecting to the Device – Hello_World_Pyez

pyez_7

 

Will continue this series on more ways of using PyEz

Regards

Rakesh M

 

 

 

Quick Series 30 – Advertising specific OSPF address when intf has multiple secondaries – Juniper

Leave a comment

Hi,

Here is the below configuration that I have an interface , how would you make sure that 9.9.12.2/24 is only advertised.

————————

labroot@R# show interfaces lt-7/0/0.21
encapsulation ethernet;
peer-unit 12;
family inet {
address 9.9.12.2/24;
address 9.9.112.2/24;
address 9.9.212.2/24;
}

————————–

we can call individual address after ‘interface’ knob in ospf just like IOS. see the below reference

Normal Definition

labroot@R:r2# show protocols ospf
area 0.0.0.0 {
interface lt-7/0/0.21;
}

————————–

This is how an address can be defined

area 0.0.0.0 {
interface 9.9.12.2; ————————> INSTEAD OF INTERFACE NAME ADDRESS
}

[edit]
labroot@R:r2# run show ospf neighbor
Address          Interface              State     ID               Pri  Dead
9.9.12.1         lt-7/0/0.21            Full      9.9.1.1          128    37

 

——————————

 

Regards

Rakesh M

 

Passed JNCDA-Associate and Course Update

14 Comments

Hi,

I have passed JNCDA Design Exam recently and I have to say the exam covered all standard aspects of generic design start. I have to say its not tough for anyone who dealt with basic Technical solutions document or anyone who deployed greenfield enterprise networks. The course did help, but on the whole most of it Very Generic in Nature

Coming to the course update, the course is done along with the workbook. The lab has been setup and is available for public use , am just setting up for one final review.

basic_lab_build

Thank You

Rakesh M

 

Older Entries Newer Entries